[Soot-list] How to track a String variable backward in Jimple?

Dacong Yan tonywinslow1986 at gmail.com
Mon Apr 21 00:08:55 EDT 2014 

Hi Steven Lee,

For a complete, full-blown solution, you may want to look at the Java
String Analyzer <http://www.brics.dk/JSA/>. If you need an easy hack
to track a few simple cases, you can, on top of the
Reaching-Definition Analysis, record calls like
StringBuilder.append(), StringBuffer.append(), etc and see if you can
figure out what the result strings should be.

Thanks,
Tony

On Sun, Apr 20, 2014 at 10:01 PM, Steven Lee <Elderry at outlook.com> wrote:
> Hello everyone,
>
>
>
> I’m trying to estimate a variable’s value in Java, here are my Java code and
> corresponding Jimple code:
>
>
>
> Java:
>
>     public static void main(String[] args) {
>
>         String x, y;
>
>         x = "hello, ";
>
>         y = x + "world";
>
>         x = y;
>
> }
>
>
>
> Jimple:
>
> 01> public static void main(java.lang.String[]){
>
> 02>     java.lang.String[] args;
>
> 03>     java.lang.String x, y, $r1;
>
> 04>     java.lang.StringBuilder $r0;
>
> 05>     args := @parameter0: java.lang.String[];
>
> 06>     x = "hello, ";
>
> 07>     $r0 = new java.lang.StringBuilder;
>
> 08>     $r1 = staticinvoke <java.lang.String: java.lang.String
> valueOf(java.lang.Object)>(x);
>
> 09>     specialinvoke $r0.<java.lang.StringBuilder: void
> <init>(java.lang.String)>($r1);
>
> 10>     $r0 = virtualinvoke $r0.<java.lang.StringBuilder:
> java.lang.StringBuilder append(java.lang.String)>("world");
>
> 11>     y = virtualinvoke $r0.<java.lang.StringBuilder: java.lang.String
> toString()>();
>
> 12>     x = y;
>
> 13>     return;
>
> 14> }
>
>
>
> I want to use static analysis to find what is the value of variable “y”  at
> line 12, so I used SimpleLocalDefs.getDefsOfAt() to find where “y” was
> assigned, then I came to line 11 and found that I need to know the value of
> $r0. The same way I arrived at line 10, however this time I called
> SimpleLocalDefs.getDefsOfAt(), it returns line 07, where $r0 was
> initialized, instead of line 09, where I thought the nearest place where $r0
> was defined or changed.
>
>
>
> I know this is because of Reaching-Definition Analysis’s scheme. Then what
> can I do to continue my work? I’m considering re-implement my own
> Reaching-Definition Analysis with my demand, is that an acceptable approach?
> And I want to know more about Jimple’s String manipulation but failed to
> find some complete and systematic document, do they exist?
>
>
>
> Thanks in advance.
>
>
>
> Steven Lee
>
>
> _______________________________________________
> Soot-list mailing list
> Soot-list at CS.McGill.CA
> https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
>



-- 
Dacong (Tony) Yan
Ph.D. Student
Computer Science and Engineering
The Ohio State University, Columbus
http://www.cse.ohio-state.edu/~yan

More information about the Soot-list mailing list