[Soot-list] How to track a String variable backward in Jimple?

Steven Lee Elderry at outlook.com
Mon Apr 21 03:16:24 EDT 2014 

Is Soot based on the Java String Analyzer you mentioned? I do want to do something on top of RD Analysis, but as long as I still track on the wrong line, I can't locate those calls precisely, that is what I'm worrying now.

Thanks anyway,
Steven

-----Original Message-----
From: Dacong Yan [mailto:tonywinslow1986 at gmail.com] 
Sent: Monday, April 21, 2014 12:09
To: Steven Lee
Cc: Soot list
Subject: Re: [Soot-list] How to track a String variable backward in Jimple?

Hi Steven Lee,

For a complete, full-blown solution, you may want to look at the Java String Analyzer <http://www.brics.dk/JSA/>. If you need an easy hack to track a few simple cases, you can, on top of the Reaching-Definition Analysis, record calls like StringBuilder.append(), StringBuffer.append(), etc and see if you can figure out what the result strings should be.

Thanks,
Tony

On Sun, Apr 20, 2014 at 10:01 PM, Steven Lee <Elderry at outlook.com> wrote:
> Hello everyone,
>
>
>
> I’m trying to estimate a variable’s value in Java, here are my Java 
> code and corresponding Jimple code:
>
>
>
> Java:
>
>     public static void main(String[] args) {
>
>         String x, y;
>
>         x = "hello, ";
>
>         y = x + "world";
>
>         x = y;
>
> }
>
>
>
> Jimple:
>
> 01> public static void main(java.lang.String[]){
>
> 02>     java.lang.String[] args;
>
> 03>     java.lang.String x, y, $r1;
>
> 04>     java.lang.StringBuilder $r0;
>
> 05>     args := @parameter0: java.lang.String[];
>
> 06>     x = "hello, ";
>
> 07>     $r0 = new java.lang.StringBuilder;
>
> 08>     $r1 = staticinvoke <java.lang.String: java.lang.String
> valueOf(java.lang.Object)>(x);
>
> 09>     specialinvoke $r0.<java.lang.StringBuilder: void
> <init>(java.lang.String)>($r1);
>
> 10>     $r0 = virtualinvoke $r0.<java.lang.StringBuilder:
> java.lang.StringBuilder append(java.lang.String)>("world");
>
> 11>     y = virtualinvoke $r0.<java.lang.StringBuilder: 
> 11> java.lang.String
> toString()>();
>
> 12>     x = y;
>
> 13>     return;
>
> 14> }
>
>
>
> I want to use static analysis to find what is the value of variable 
> “y”  at line 12, so I used SimpleLocalDefs.getDefsOfAt() to find where 
> “y” was assigned, then I came to line 11 and found that I need to know 
> the value of $r0. The same way I arrived at line 10, however this time 
> I called SimpleLocalDefs.getDefsOfAt(), it returns line 07, where $r0 
> was initialized, instead of line 09, where I thought the nearest place 
> where $r0 was defined or changed.
>
>
>
> I know this is because of Reaching-Definition Analysis’s scheme. Then 
> what can I do to continue my work? I’m considering re-implement my own 
> Reaching-Definition Analysis with my demand, is that an acceptable approach?
> And I want to know more about Jimple’s String manipulation but failed 
> to find some complete and systematic document, do they exist?
>
>
>
> Thanks in advance.
>
>
>
> Steven Lee
>
>
> _______________________________________________
> Soot-list mailing list
> Soot-list at CS.McGill.CA
> https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
>



--
Dacong (Tony) Yan
Ph.D. Student
Computer Science and Engineering
The Ohio State University, Columbus
http://www.cse.ohio-state.edu/~yan

More information about the Soot-list mailing list