search

soot-oss / soot

Soot - A Java optimization framework
GNU Lesser General Public License v2.1
2.89k stars 708 forks source link

Some problems about flowThrough() #1682

Closed fynch3r closed 3 years ago

fynch3r commented 3 years ago

Hi,there! I have recently been implementing my own pointer analysis framework, Maybe I found a bug in soot. Here's a simple example of my experiments with the to-be-analyzed method:

public static void main(String[] args) {
        A a = new A();
        A b = new A();
        A c = new A();
        a=b;
        c=a;
        c.i = 6;
}

jimple file is:

args := @parameter0: java.lang.String[]
$stack4 = new demo.A
specialinvoke $stack4.<demo.A: void <init>()>()
a = $stack4
$stack5 = new demo.A
specialinvoke $stack5.<demo.A: void <init>()>()
b = $stack5
$stack6 = new demo.A
specialinvoke $stack6.<demo.A: void <init>()>()
c = $stack6
a = b
c = a
c.<demo.A: int i> = 6
return

That's quite simple, right? So I have now written a PTAanalysis that inherits the ForwardFlowAnalysis<>, and I have rewritten flowThrough() to iterate over each unit and determine their stmt type, e.g. InvokeStmt or something else, etc. But I found that instead of executing the rewritten flowThrough() method each time, It executed super.flowThrough().

So I did the debugging:

private boolean flowThrough(FlowAnalysis.Entry<N, A> d) {
        if (d.inFlow == d.outFlow) {
            assert !d.isRealStronglyConnected || d.in.length == 1;

            return true;
        } else if (d.isRealStronglyConnected) {
            A out = this.newInitialFlow();
            this.flowThrough(d.inFlow, d.data, out);
            if (out.equals(d.outFlow)) {
                return false;
            } else {
                this.copy(out, d.outFlow);
                return true;
            }
        } else {
            this.flowThrough(d.inFlow, d.data, d.outFlow);
            return true;
        }
    }

I went above to find that each time d is my jimple stmt and it's inFlow and outFlow are NULL ??? So it won't go into my own rewritten flowThrough() method? I don't know what's going on, but if anyone knows why, please let me know immediately. Thanks in advance.

patricklam commented 3 years ago

I'm a bit confused by why you show code from the private boolean flowThrough() implementation. Is your flowThrough overriding protected abstract void flowThrough(A in, N d, A out);?

On Mon, Jun 28, 2021 at 7:09 PM 0range228 @.***> wrote:

Hi,there! I have recently been implementing my own pointer analysis framework, Maybe I found a bug in soot. Here's a simple example of my experiments with the to-be-analyzed method:

public static void main(String[] args) { A a = new A(); A b = new A(); A c = new A(); a=b; c=a; c.i = 6; }

jimple file is:

args := @parameter0: java.lang.String[] $stack4 = new demo.A specialinvoke $stack4.<demo.A: void ()>() a = $stack4 $stack5 = new demo.A specialinvoke $stack5.<demo.A: void ()>() b = $stack5 $stack6 = new demo.A specialinvoke $stack6.<demo.A: void ()>() c = $stack6 a = b c = a c. = 6return

That's quite simple, right? So I have now written a PTAanalysis that inherits the ForwardFlowAnalysis<>, and I have rewritten flowThrough() to iterate over each unit and determine their stmt type, e.g. InvokeStmt or something else, etc. But I found that instead of executing the rewritten flowThrough() method each time, It executed super.flowThrough().

So I did the debugging:

private boolean flowThrough(FlowAnalysis.Entry<N, A> d) { if (d.inFlow == d.outFlow) { assert !d.isRealStronglyConnected || d.in.length == 1;

        return true;
    } else if (d.isRealStronglyConnected) {
        A out = this.newInitialFlow();
        this.flowThrough(d.inFlow, d.data, out);
        if (out.equals(d.outFlow)) {
            return false;
        } else {
            this.copy(out, d.outFlow);
            return true;
        }
    } else {
        this.flowThrough(d.inFlow, d.data, d.outFlow);
        return true;
    }
}

I went above to find that each time d is my jimple stmt and it's inFlow and outFlow are NULL ??? So it won't go into my own rewritten flowThrough() method? I don't know what's going on, but if anyone knows why, please let me know immediately. Thanks in advance.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/soot-oss/soot/issues/1682, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAOKE5V4BOJ44D32EGQDPSTTVAN4PANCNFSM47NLDOPQ .

fynch3r commented 3 years ago

Yeah, I kill my bug which is associated with my own FlowSet. Thanks a lot.