[Soot-list] Virtual and InterfaceInvoke
Marc-André
Marc-André
Thu Jul 10 06:22:41 EDT 2014
Hello,
That sounds *exactly* what points-to analysis is for. You can query Spark's PAG
and fall back on CHA if Spark doesn't know.
I have seen improvements to the context-sensitive variant (with geometric
encoding) that might be useful for you to gain in precision.
That being said, aren't getting the call targets in the call graph sufficient
for your need?
Regards,
--
Marc-André Laverdière-Papineau
Doctorant - PhD Candidate
Quoting Martin Schäf <martinschaef at gmail.com>:
> Hi guys,
> we're doing a Java to Boogie translation. One of the issues is to have a
> "nice" translation of virtual- and interface invokes. What we do right now
> is roughly: given a call
> c.f();
> we collect the set of whatever class "c" might be at this point and do s.th.
> like:
> if (c instance of C1) ((C1)c).f();
> if (c instance of C2) ((C2)c).f();
> ...
>
> So here is my question: what is currently the "best" way to get the set
> types that "c" may have at this point. For soundness, it has to be an
> over-approximation. However, we need it to be pretty narrow, otherwise the
> Boogie program becomes too big ...
>
> Cheers,
> Martin
>
More information about the Soot-list
mailing list