[Soot-list] Heros visualize exploded graph
Marc-Andre Laverdiere-Papineau
marc-andre.laverdiere-papineau at polymtl.ca
Wed Jan 23 14:44:30 EST 2013
Hello Eric,
I see that you are looking for something in XCode - that is a bit sad,
as many people wouldn't be able to use that - but maybe a lot of
back-end work can be done to enable other visualizations.
I'll throw an idea around... Some time back, I played with Neo4J and I
saw some nice graph visualization tools.
http://www.neo4j.org/develop/visualize
At the time, I ran into memory problems when querying the CFG, which is
why I decided not to invest too much on that technology for my PhD. But
they have been progressing very very fast, and it could be much more
suitable now.
One of the important things I need is being able to report the taint
flow from source to sink to my users - which the current way the results
are reported make very hard :(
If the visualization method allows to generate that kind of feedback, it
would be very appreciated.
Thanks for your trick about populating a data structure - I tried it and
it works satisfactorily!
Marc-André Laverdière-Papineau
Doctorant - PhD Candidate
On 13-01-21 02:32 AM, Eric Bodden wrote:
> Hi Marc-Andre.
>
>> I would like to visualize my exploded graph - just to make sure my data
>> flow functions are good.
>>
>> I don't see any options for that right now. Did anyone implement anything?
>>
>> I am guessing that we are running close to Graphviz' limits, so an
>> export to .dot format may not be ideal.
>
> I have started a project to that end. It allows you to run Heros
> directly through an Eclipse run configuration. When executing, it will
> then draw arrows directly as overlays over the code. I have actually
> announced this as a thesis topic (see here:
> http://www.ec-spride.tu-darmstadt.de/lehre_1/abschlussarbeitdetails_2176.en.jsp)
> but I have not found a student yet. I was thinking of proposing this
> as a GSOC project. But if you would like to help out, you are most
> welcome to make contributions in this space. I think finding a *good*
> visualization will be challenging.
>
>> Also, I don't see any easy way to traverse the exploded graph with the
>> results given by IFDSSolver. It seems to me that, if I want to find
>> everywhere a given fact is true, I need to manually pick the seeds and
>> traverse the interprocedural cfg, Unit afer Unit. It sounds like
>> duplicating the work IFDSSolver already did :) Is there some debug APIs
>> that would help anywhere?
>
> Here's a trick I play in our taint analysis: Whenever the abstract
> domain hits a certain value I want to report an error. For that
> purpose I just extended the flow function to fill an auxiliary data
> structure with those code locations. If they are few enough then this
> is quite efficient.
>
> Eric
>
More information about the Soot-list
mailing list