[Soot-list] String propagation in points-to analyses
Ben Holland
benjholla at gmail.com
Sun Sep 6 14:08:26 EDT 2015
You might want to check out the Java String Analysis (JSA) work. It's been used to some cases if reflective invocation.
http://www.brics.dk/JSA/
~Benjamin Holland
> On Sep 5, 2015, at 5:35 PM, Andrew Bedford <andrew.bedford.1 at ulaval.ca> wrote:
>
> Hi!
>
> I am trying to use the points-to analysis of Soot (spark) to statically resolve reflection calls in Android applications. I have a question regarding the string propagation. Let’s suppose that we have the following code:
>
> String a = “hello”
> String b = “world”
> String c = a
> c = b
> String d = a + c
>
> The points-to analysis (with the “string-constants” and “simulate-natives” options turned on) returns something like this:
> PointsTo(a) = {“hello”}
> PointsTo(b) = {“world”)
> PointsTo(c) = {“hello”, “world”}
> PointsTo(d) = {new Alloc of String}
>
> Is there a way to set it up so that the PointsTo(d) returns instead {“hellohello”, “helloworld”}? Or is another type of analysis required?
>
> Thanks!
>
> _______________________________________________
> Soot-list mailing list
> Soot-list at CS.McGill.CA
> https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20150906/3d08dac2/attachment.html
More information about the Soot-list
mailing list