[Soot-list] Call Graph with non-static entry points?
Marc-Andre Laverdiere-Papineau
marc-andre.laverdiere-papineau at polymtl.ca
Fri Jan 11 00:09:24 EST 2013
Hello Laurie,
In general, JEE sort of breaks all the rules, as the container (the JEE
application server) is in charge of all this stuff for you. What that
means is that the programmer codes against a spec (the javaee-api jar is
all interfaces and stubs). So, the creation of the object that serves as
entry point (e.g. a Servlet) is done by a piece of code outside the
analysis scope. Don't get me started on dependency injection :)
The brutal solution is to put the whole container in the scope - but
that's near to 100 mb of jars - that's way too impractical.
The other solution is like what you suggested, a synthetic main. A
problem is that it complicates the API - we need two entry point
accessors now - one for the 'real' entry points, and another for
starting the call graph construction algorithm - I can foresee people
mixing the two and complaining about bugs in soot in this mailing list
;) And this synthetic main needs to find the possible types - the target
class and its subclasses.
I envision something that would work in a single run - that is why I
coded entry point detectors. I am not sure that this synthetic main
stuff would work in a single run (if so, I want to know how!)
From what I had in the exchange with Bernhard, the problem is that we
are not always sure what is the type of <this>. And that also means that
we aren't sure what the calls are going to be like - to this class or a
subclass' override?
So, in some cases, this lack of information is not a problem - we may
not have subclasses. Or, if there are subclasses, we may go for a
conservative estimate and have the call graph possibly call the same
class or the subclasses' overrides.
P.S.
This could be a nice, self-contained and interesting summer project for
interns - any takers? :)
Regards,
Marc-André Laverdière-Papineau
Doctorant - PhD Candidate
On 13-01-11 09:15 AM, Laurie Hendren wrote:
> Hi Marc-Andre,
>
> I would have to look to see why that would be a problem, but it may
> have to do with needing a concrete object for the receiver. In fact,
> if your entry points are not static, doesn't some method need to create
> an object on which it calls your entry point ..
>
> If so, then wouldn't you just have to create a dummy static method that
> creates an object and makes the call, and then start the call graph
> algorithm at the dummy static method?
>
> Or ... am I misunderstanding your question?
>
> Laurie
>
>
>
> +--------------------------------------------------------------
> | Laurie Hendren --- http://www.sable.mcgill.ca/~hendren
> | Associate Dean (Academic), Faculty of Science
> | Professor, School of Computer Science, McGill University
> | New McLAB project: http://www.sable.mcgill.ca/mclab/
> | Also: www.sable.mcgill.ca/soot www.sable.mcgill.ca/abc
> +--------------------------------------------------------------
>
> On 10/01/2013 10:30 PM, Marc-Andre Laverdiere-Papineau wrote:
>> Hello,
>>
>> Chatting with Bernhard yesterday, he was telling me that there are
>> problems with Spark when the entry points are not static.
>>
>> Since my entry point detection framework is very good at detecting
>> non-static things, I am wondering if that is making the framework moot.
>>
>> Can anyone confirm whether Spark, or call graph constructions algorithms
>> in general, have an assumption concerning the type of entry points it is
>> dealing with? Or should that be considered as a bug that we'll fix along
>> the way?
>>
>> Regards,
>>
>
> _______________________________________________
> Soot-list mailing list
> Soot-list at sable.mcgill.ca
> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
>
More information about the Soot-list
mailing list