
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">

<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>

</head>

<body dir="ltr">

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Jun,</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<br>

</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Try looking into "Options.v().set_dynamic_class()".  In my limited experience spark needs a list of the dynamically loaded classes in order to identify the reflective method invokes. </div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<br>

</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

-David</div>

<div id="appendonsend"></div>

<hr style="display:inline-block;width:98%" tabindex="-1">

<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Soot-list <soot-list-bounces@CS.McGill.CA> on behalf of Jun GAO <jun.gao@uni.lu><br>

<b>Sent:</b> Monday, December 9, 2019 4:31 AM<br>

<b>To:</b> soot-list@cs.mcgill.ca <soot-list@CS.McGill.CA><br>

<b>Subject:</b> [Soot-list] Pointsto analysis for reflection methods</font>

<div> </div>

</div>

<div class="" style="word-wrap:break-word; line-break:after-white-space">Hi there,

<div class=""><br class="">

</div>

<div class="">I’m trying to tracking the usage of certain object returned from Java reflection methods by using SPARK PointsTo analysis.</div>

<div class="">Hereafter is the code of a simple test case:</div>

<div class=""><br class="">

</div>

<div class="">

<div class="">import java.lang.reflect.Method;</div>

<div class="">import java.lang.reflect.Constructor;</div>

<div class="">import java.lang.Class;</div>

<div class="">import java.lang.reflect.InvocationTargetException;</div>

<div class=""><br class="">

</div>

<div class="">public class Testcase {</div>

<div class=""><br class="">

</div>

<div class="">    public static void main(String[] args) {</div>

<div class="">        try{</div>

<div class="">            Class cdog = Class.forName("Dog");</div>

<div class="">            Method mbark = cdog.getMethod("bark");</div>

<div class="">            mbark.invoke(null);</div>

<div class="">        } catch(ClassNotFoundException e) {</div>

<div class="">            e.printStackTrace();</div>

<div class="">        } catch(NoSuchMethodException e) {</div>

<div class="">            e.printStackTrace();</div>

<div class="">        } catch(InvocationTargetException e) {</div>

<div class="">            e.printStackTrace();</div>

<div class="">        } catch(IllegalAccessException e) {</div>

<div class="">            e.printStackTrace();</div>

<div class="">        }</div>

<div class="">    }</div>

<div class=""><br class="">

</div>

<div class="">}</div>

<div class=""><br class="">

</div>

<div class=""><br class="">

</div>

<div class="">By using the points-to analysis, I want to know that the “cdog” in statement "Class cdog = Class.forName("Dog”);” is the one in statement "Method mbark = cdog.getMethod("bark”);”.</div>

<div class="">Also, the “mbark” in statement "mbark.invoke(null);” is the one got before.</div>

<div class="">However, the points-to set from the points-to analysis for all these local variables are “EmptyPointsToSet”.</div>

<div class=""><br class="">

</div>

<div class="">Following is the code for analysis by using Soot:</div>

<div class=""><br class="">

</div>

<div class="">public class Tester {</div>

<div class=""><span class="x_Apple-tab-span" style="white-space:pre"></span>public static void main(String[] args) {</div>

<div class=""><span class="x_Apple-tab-span" style="white-space:pre"></span>String[] opts = {</div>

        <span class="x_Apple-tab-span" style="white-space:pre"> </span>"-process-dir", "../pointsto_test_case/",<br class="">

        <span class="x_Apple-tab-span" style="white-space:pre"> </span>"-ire",<br class="">

        <span class="x_Apple-tab-span" style="white-space:pre"> </span>"-allow-phantom-refs",<br class="">

        <span class="x_Apple-tab-span" style="white-space:pre"> </span>"-src-prec", "c",<br class="">

        <span class="x_Apple-tab-span" style="white-space:pre"> </span>"-w",<br class="">

        <span class="x_Apple-tab-span" style="white-space:pre"> </span>"-p", "cg", "enabled:true",<br class="">

        <span class="x_Apple-tab-span" style="white-space:pre"> </span>"-p", "cg", "all-reachable:true",<br class="">

        <span class="x_Apple-tab-span" style="white-space:pre"> </span>"-p", "cg", "trim-clinit:false",<br class="">

        <span class="x_Apple-tab-span" style="white-space:pre"> </span>"-p", "cg.spark", "on",<br class="">

        <span class="x_Apple-tab-span" style="white-space:pre"> </span>"-p", "cg.spark", "verbose:true",<br class="">

        <span class="x_Apple-tab-span" style="white-space:pre"> </span>"-p", "cg.spark", "propagator:worklist",<br class="">

        <span class="x_Apple-tab-span" style="white-space:pre"> </span>"-p", "cg.spark", "simple-edges-bidirectional:false",<br class="">

        <span class="x_Apple-tab-span" style="white-space:pre"> </span>"-p", "cg.spark", "on-fly-cg:true",<br class="">

        <span class="x_Apple-tab-span" style="white-space:pre"> </span>"-p", "cg.spark", "set-impl:double",<br class="">

        <span class="x_Apple-tab-span" style="white-space:pre"> </span>"-p", "cg.spark", "double-set-old:hybrid",<br class="">

        <span class="x_Apple-tab-span" style="white-space:pre"> </span>"-p", "cg.spark", "double-set-new:hybrid",<br class="">

        <span class="x_Apple-tab-span" style="white-space:pre"> </span>"-p", "jop.cpf", "enabled:true",<br class="">

        <span class="x_Apple-tab-span" style="white-space:pre"> </span>"-output-format", "n"<br class="">

    <span class="x_Apple-tab-span" style="white-space:pre"> </span>};<br class="">

    <span class="x_Apple-tab-span" style="white-space:pre"> </span>G.reset();</div>

<div class=""><span class="x_Apple-tab-span" style="white-space:pre"></span>PackManager.v().getPack("wjtp").add(new Transform("wjtp.test", new SceneTransformer() {<br class="">

      <span class="x_Apple-tab-span" style="white-space:pre"> </span>@Override<br class="">

      <span class="x_Apple-tab-span" style="white-space:pre"> </span>protected void internalTransform(String phaseName, Map<String, String> options) {</div>

<div class=""><span class="x_Apple-tab-span" style="white-space:pre"></span>PointsToAnalysis pa = Scene.v().getPointsToAnalysis();<br class="">

        <span class="x_Apple-tab-span" style="white-space:pre"> </span>ReachableMethods reachableMethods = Scene.v().getReachableMethods();<br class="">

        <span class="x_Apple-tab-span" style="white-space:pre"> </span>QueueReader<MethodOrMethodContext> listener = reachableMethods.listener();<br class="">

        <span class="x_Apple-tab-span" style="white-space:pre"> </span>while (listener.hasNext()) {<br class="">

        <span class="x_Apple-tab-span" style="white-space:pre"></span> <span class="x_Apple-tab-span" style="white-space:pre">

</span> SootMethod m = listener.next().method();<br class="">

<br class="">

         <span class="x_Apple-tab-span" style="white-space:pre"> </span> if (!m.getDeclaringClass().getName().equals("Testcase")) continue;<br class="">

<br class="">

         <span class="x_Apple-tab-span" style="white-space:pre"> </span> if (m.hasActiveBody()) {<br class="">

           <span class="x_Apple-tab-span" style="white-space:pre"> </span>Local cls = null, method = null;<br class="">

            <span class="x_Apple-tab-span" style="white-space:pre"> </span>Stmt clsStmt = null, methodStmt = null;<br class="">

            <span class="x_Apple-tab-span" style="white-space:pre"> </span>Body body = m.getActiveBody();<br class="">

            <span class="x_Apple-tab-span" style="white-space:pre"> </span>for (Unit u : body.getUnits()) {<br class="">

              <span class="x_Apple-tab-span" style="white-space:pre"> </span>Stmt stmt = (Stmt) u;<br class="">

              <span class="x_Apple-tab-span" style="white-space:pre"> </span>if (stmt.containsInvokeExpr()) {<br class="">

                <span class="x_Apple-tab-span" style="white-space:pre"> </span>InvokeExpr ie = stmt.getInvokeExpr();<br class="">

                <span class="x_Apple-tab-span" style="white-space:pre"> </span>if (ie.getMethod().getName().equals("forName")) {<br class="">

                  <span class="x_Apple-tab-span" style="white-space:pre"> </span>

cls = (Local) ((AssignStmt) stmt).getLeftOp();<br class="">

                  <span class="x_Apple-tab-span" style="white-space:pre"> </span>

clsStmt = stmt;<br class="">

                <span class="x_Apple-tab-span" style="white-space:pre"> </span>} else if (ie.getMethod().getName().equals("getMethod")) {<br class="">

                 <span class="x_Apple-tab-span" style="white-space:pre"> </span> <span class="x_Apple-tab-span" style="white-space:pre">

</span>AssignStmt astmt = (AssignStmt) stmt;<br class="">

                 <span class="x_Apple-tab-span" style="white-space:pre"> </span>method = (Local) astmt.getLeftOp();<br class="">

                 <span class="x_Apple-tab-span" style="white-space:pre"> </span>methodStmt = stmt;<br class="">

                  <span class="x_Apple-tab-span" style="white-space:pre"> </span>

Local invoker = (Local) ((InstanceInvokeExpr) ie).getBase();<br class="">

                  <span class="x_Apple-tab-span" style="white-space:pre"> </span>

PointsToSet clsPs = pa.reachingObjects(cls);<br class="">

                  <span class="x_Apple-tab-span" style="white-space:pre"> </span>

System.out.println(clsPs.getClass());<br class="">

                  <span class="x_Apple-tab-span" style="white-space:pre"> </span>

PointsToSet invokerPs = pa.reachingObjects(invoker);<br class="">

                  <span class="x_Apple-tab-span" style="white-space:pre"> </span>

System.out.println(invokerPs.getClass());<br class="">

                  <span class="x_Apple-tab-span" style="white-space:pre"> </span>

if (clsPs.hasNonEmptyIntersection(invokerPs)) {<br class="">

                   <span class="x_Apple-tab-span" style="white-space:pre"> </span>

System.out.println(clsStmt);<br class="">

                    <span class="x_Apple-tab-span" style="white-space:pre"> </span>

System.out.println(methodStmt);<br class="">

                  <span class="x_Apple-tab-span" style="white-space:pre"> </span>

}<br class="">

                <span class="x_Apple-tab-span" style="white-space:pre"> </span>} else if (ie.getMethod().getName().equals("invoke")) {<br class="">

                  <span class="x_Apple-tab-span" style="white-space:pre"> </span>

Local invoker = (Local) ((InstanceInvokeExpr) ie).getBase();<br class="">

                  <span class="x_Apple-tab-span" style="white-space:pre"> </span>

PointsToSet methodPs = pa.reachingObjects(method);<br class="">

                  <span class="x_Apple-tab-span" style="white-space:pre"> </span>

System.out.println(methodPs.getClass());<br class="">

                  <span class="x_Apple-tab-span" style="white-space:pre"> </span>

PointsToSet invokerPs = pa.reachingObjects(invoker);<br class="">

                  <span class="x_Apple-tab-span" style="white-space:pre"> </span>

System.out.println(invokerPs.getClass());<br class="">

                  <span class="x_Apple-tab-span" style="white-space:pre"> </span>

if (methodPs.hasNonEmptyIntersection(invokerPs)) {<br class="">

                    <span class="x_Apple-tab-span" style="white-space:pre"> </span>

System.out.println(methodStmt);<br class="">

                    <span class="x_Apple-tab-span" style="white-space:pre"> </span>

System.out.println(stmt);<br class="">

                  <span class="x_Apple-tab-span" style="white-space:pre"> </span>

}<br class="">

                <span class="x_Apple-tab-span" style="white-space:pre"> </span>}<br class="">

              <span class="x_Apple-tab-span" style="white-space:pre"> </span>}<br class="">

            <span class="x_Apple-tab-span" style="white-space:pre"> </span>}<br class="">

<div class=""><span class="x_Apple-tab-span" style="white-space:pre"></span>}</div>

<div class=""><span class="x_Apple-tab-span" style="white-space:pre"></span>}</div>

<div class=""><span class="x_Apple-tab-span" style="white-space:pre"></span>}</div>

<div class=""><span class="x_Apple-tab-span" style="white-space:pre"></span>}</div>

<div class="">}</div>

<div class=""><br class="">

</div>

<div class="">I tried the points-to analysis with object instantiated with new statement which works very well.</div>

<div class="">And I also noticed that these reflection methods were somehow related to native code.</div>

<div class="">So I’m wandering are there some other parameters required for the points-to analysis to work properly for this situation?</div>

<div class="">Or it cannot work with it?</div>

<div class=""><br class="">

</div>

<div class="">

<div class="" style="color:rgb(0,0,0); letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; word-wrap:break-word; line-break:after-white-space">

<div class="" style="word-wrap:break-word; line-break:after-white-space">

<div style="color:rgb(0,0,0); font-family:Helvetica; font-size:12px; font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px">

<br class="">

Best Regard</div>

<div style="color:rgb(0,0,0); font-family:Helvetica; font-size:12px; font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px">

——————————————————</div>

<div style="color:rgb(0,0,0); font-family:Helvetica; font-size:12px; font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px">

Jun Gao</div>

<div style="color:rgb(0,0,0); font-family:Helvetica; font-size:12px; font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px">

<br class="">

</div>

<div style="color:rgb(0,0,0); font-family:Helvetica; font-size:12px; font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px">

University of Luxembourg, SnT</div>

<div style="color:rgb(0,0,0); font-family:Helvetica; font-size:12px; font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px">

6 Rue Richard Coudenhove-Kalergi<br class="">

L-1359 Luxembourg<br class="">

Office: Bloc E 107<br class="">

Tele: (+352) 46 66 44 6019<br class="">

Fax: (+352) 46 66 44 36019</div>

<div class="" style="color:rgb(0,0,0); font-family:Helvetica; font-size:12px; font-style:normal; font-variant-caps:normal; font-weight:normal; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px">

<br class="">

</div>

<br class="x_Apple-interchange-newline">

</div>

</div>

<br class="x_Apple-interchange-newline">

<br class="x_Apple-interchange-newline">

</div>

<br class="">

</div>

</div>

</body>

</html>