[Soot-list] Pointsto analysis for reflection methods
Jun GAO
jun.gao at uni.lu
Mon Dec 16 03:48:41 EST 2019
Hi Eric and David,
Thanks for your replies.
Since I’m using SPARK, it looks like “set_dynamic_class” has not effect on the result.
But anyway, for my analysis, I don’t really care if it is a “Dog” class object.
The main purpose of my analysis it to construct the invocation chain based on these objects.
Take the example, what I want to know is that the method object “mbark” which is from class object “cdog” is invoked.
I’m using points-to analysis to confirm that the method object “mbark” invoked in statement “mbark.invoke(null);” is the one obtained in statement "Method mbark = cdog.getMethod("bark”);” which is belong to the Class object “cdog” which is further obtained in the statement "Class cdog = Class.forName("Dog”);”.
For me, points-to analysis is needed, is because same object could be aliased both intra- and inter- procedure.
I’m not sure if I misunderstood points-to analysis or this situation cannot be fit for points-to analysis.
Best Regard
——————————————————
Jun Gao
University of Luxembourg, SnT
6 Rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Office: Bloc E 107
Tele: (+352) 46 66 44 6019
Fax: (+352) 46 66 44 36019
On 13 Dec 2019, at 14:54, Eric Bodden <eric.bodden at uni-paderborn.de<mailto:eric.bodden at uni-paderborn.de>> wrote:
Hi again
Eric, I know you're far more expert on this, but isn't precise-newinstance for paddle, and not spark?
My apologies, you are right!
Jun, As Eric suggested, you need to provide the dynamically loaded class - "Dog" to set_dynamic_class(), for example:
Options.v().set_dynamic_class( Arrays.asList( "Dog" ) );
Chers
Eric
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20191216/f8aa8931/attachment.html>
More information about the Soot-list
mailing list