[Soot-list] Inquiry on nullable variable tracking and potential null pointer analysis
flanker017
flankerhqd017 at gmail.com
Mon Jul 14 13:24:27 EDT 2014
Hi everyone:
Thanks for your time
and hope I can get a little help. I want to conduct a nullable variable /
potential null pointer statement analysis on program partially similar to
following code snippet:
> class A
> {
> B getB(); // may return null
> void test1();
> void test2();
> }
>
> class C
> {
> void test()
> {
> A a = A();
> B b = a.getB(); // track b
> b.test1(); //may trigger NPE - line X
> if (b != null )
> {
> b.test2(); //won’t trigger NPE - line Y
> }
> b.test2(); //may trigger NPE - line Z
> }
> }
My problem is as follows: method getB in class A may return null, so I want
find out statements that use b and may throw NPE, like line X and line Z.
Because line Y has a null check as if-clause, line Y won’t throw NPE.
This is just a simple demonstration, real world example will have
interprocedure data flow on b.
So I wonder which analysis or toolkit in soot I can employ? If not, how can
I implement such an analysis? I've thought of def-use or taint but neither
is feasible on this problem I think.
Thanks for your time again.
________________________________
Sincerely
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20140715/8d380e80/attachment.html
More information about the Soot-list
mailing list