search

themaplelab / averroes

Java bytecode generator for sound and precise partial program analysis
Eclipse Public License 2.0
23 stars 7 forks source link

Placeholder libraries generated by averroes don't capture all the dependencies #2

Closed gunjanaggarwal closed 9 years ago

gunjanaggarwal commented 9 years ago

Hi, I use WALA to generate forward and backward slices. I have been trying to use averroes to reduce the size of call-graph. So I started with a very simple-example:

1 package loop;
2 
3 import java.io.BufferedReader;
4 import java.io.IOException;
5 import java.io.InputStreamReader;
6
7 public class LoopGuardExample2 {
8
9     public static void main(String args[]) throws IOException{
10        System.out.println("Enter a number ...");
11         BufferedReader br = new BufferedReader(new InputStreamReader(
12                System.in));
13         String s1 = br.readLine();
14         int x = Integer.parseInt(s1);
15         int y =0;
16         if(x % 2 == 0){
17             y = 20;
18         }
19         for (int i =0; i< y; i++){ // loop guard depends on tainted variable.
20             // do something. -- sleep for 1 second
21             try {
22                 Thread.sleep(1000);
23             } catch (InterruptedException e) {
24                // TODO Auto-generated catch block
25                 e.printStackTrace();
26             }
         }
     }
 }

In the above example, I set line 13 String s1 = br.readLine(); as Source and uses WALA to generate forward slice. When I don't use averroes generated placeholder files I get following lines in forward slice: 13, 14, 16, 19, 22 and 25 . But when I use averroes generated library files I get lines 13 and 14 in forward slice, which is not correct.

So to understand this behavior a bit more I looked at the averroes placeholder libraries mainly java.io.BufferedReader and java.lang.Integer

In java.lang.integer, following is the content of parseInt method : 

public static int parseInt(String paramString)
  {
    AbstractLibrary localAbstractLibrary = AbstractLibrary.instance;
    localAbstractLibrary.libraryPointsTo = paramString;
    localAbstractLibrary.doItAll();
    return 1;
  }

So it seems like the return value of parseInt method doesn't depend on method argument paramString, which is probably why forward slice ends at line 14. Is this the correct behavior?

In java.io.BufferedReader, it seems like method readLine doesn't return a constant value:

  public String readLine()
    throws IOException
  {
    Object localObject = AbstractLibrary.instance;
    ((AbstractLibrary)localObject).libraryPointsTo = this;
    ((AbstractLibrary)localObject).doItAll();
    localObject = ((AbstractLibrary)localObject).libraryPointsTo;
    localObject = (String)localObject;
    return (String)localObject;
  }

Can we somehow get the same behavior as readLine() for other methods like parseInt method, so that return value is not a constant? Or is there a WALA flag, that we can set so that the value returned by parseInt method gets include in forward slice?

Following is the link to Zip file, which contains application jar and some of the libraries generated by averroes: https://www.dropbox.com/s/lo7mc03rzttm4qx/Example.zip?dl=0

karimhamdanali commented 9 years ago

Hi,

There's currently some on-going research that we're doing that should let you do that. Please stay tuned.

I'll post back a reply to this post once it's ready to ship.

cheers, Karim

gunjanaggarwal commented 9 years ago

Hi Karim,

Have you recently added the above functionality? If not, have you dropped the idea of adding this functionality?

Thanks, Gunjan

karimhamdanali commented 9 years ago

Hi Gunjan,

We haven't dropped that idea. It's still part of on-going work right now. I'll post back here on this thread once the work is ready to be released (sometime later this year).

gunjanaggarwal commented 9 years ago

Ok. Thanks for your reply.