<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Eric, I know you're far more expert on this, but isn't precise-newinstance for paddle, and not spark?</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Jun, As Eric suggested, you need to provide the dynamically loaded class - "Dog" to set_dynamic_class(), for example:<br>
<code style="font-style: inherit; font-variant-ligatures: inherit; font-variant-caps: inherit; font-weight: inherit; font-size: 14px; word-break: break-word; background: none !important; box-sizing: content-box !important; padding: 0px !important; border-radius: 0px !important; border: 0px !important; bottom: auto !important; float: none !important; height: auto !important; left: auto !important; margin: 0px !important; outline: 0px !important; overflow: visible !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important; font-variant-numeric: normal !important; font-variant-east-asian: normal !important; font-stretch: normal !important; line-height: normal !important; direction: ltr !important; box-shadow: none !important; display: inline !important;">
Options.v().set_dynamic_class( Arrays.asList( </code><code style="font-style: inherit; font-variant-ligatures: inherit; font-variant-caps: inherit; font-weight: inherit; font-size: 14px; word-break: break-word; background: none !important; box-sizing: content-box !important; color: blue !important; padding: 0px !important; border-radius: 0px !important; border: 0px !important; bottom: auto !important; float: none !important; height: auto !important; left: auto !important; margin: 0px !important; outline: 0px !important; overflow: visible !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important; font-variant-numeric: normal !important; font-variant-east-asian: normal !important; font-stretch: normal !important; line-height: normal !important; direction: ltr !important; box-shadow: none !important; display: inline !important;">"Dog" </code><code style="font-style: inherit; font-variant-ligatures: inherit; font-variant-caps: inherit; font-weight: inherit; font-size: 14px; word-break: break-word; background: none !important; box-sizing: content-box !important; padding: 0px !important; border-radius: 0px !important; border: 0px !important; bottom: auto !important; float: none !important; height: auto !important; left: auto !important; margin: 0px !important; outline: 0px !important; overflow: visible !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important; font-variant-numeric: normal !important; font-variant-east-asian: normal !important; font-stretch: normal !important; line-height: normal !important; direction: ltr !important; box-shadow: none !important; display: inline !important;">)
);</code><br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<code style="box-sizing: content-box !important; font-family: monospace !important; font-size: 14px; word-break: break-word; background: none !important; color: black !important; padding: 0px !important; border-radius: 0px !important; border: 0px !important; bottom: auto !important; float: none !important; height: auto !important; left: auto !important; margin: 0px !important; outline: 0px !important; overflow: visible !important; right: auto !important; text-align: left; top: auto !important; vertical-align: baseline !important; width: auto !important; font-variant-numeric: normal !important; font-variant-east-asian: normal !important; font-stretch: normal !important; line-height: normal !important; direction: ltr !important; box-shadow: none !important; display: inline !important"><br>
</code></div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<code style="box-sizing: content-box !important; font-family: monospace !important; font-size: 14px; word-break: break-word; background: none !important; color: black !important; padding: 0px !important; border-radius: 0px !important; border: 0px !important; bottom: auto !important; float: none !important; height: auto !important; left: auto !important; margin: 0px !important; outline: 0px !important; overflow: visible !important; right: auto !important; text-align: left; top: auto !important; vertical-align: baseline !important; width: auto !important; font-variant-numeric: normal !important; font-variant-east-asian: normal !important; font-stretch: normal !important; line-height: normal !important; direction: ltr !important; box-shadow: none !important; display: inline !important"><span style="font-family: calibri, arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgba(0, 0, 0, 0);">Best,</span></code></div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<code style="box-sizing: content-box !important; font-family: monospace !important; font-size: 14px; word-break: break-word; background: none !important; color: black !important; padding: 0px !important; border-radius: 0px !important; border: 0px !important; bottom: auto !important; float: none !important; height: auto !important; left: auto !important; margin: 0px !important; outline: 0px !important; overflow: visible !important; right: auto !important; text-align: left; top: auto !important; vertical-align: baseline !important; width: auto !important; font-variant-numeric: normal !important; font-variant-east-asian: normal !important; font-stretch: normal !important; line-height: normal !important; direction: ltr !important; box-shadow: none !important; display: inline !important"><span style="font-family: calibri, arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgba(0, 0, 0, 0);">David
Diepenbrock</span></code></div>
<div id="appendonsend"></div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Eric Bodden <eric.bodden@uni-paderborn.de><br>
<b>Sent:</b> Wednesday, December 11, 2019 4:44 AM<br>
<b>To:</b> Jun GAO <jun.gao@uni.lu><br>
<b>Cc:</b> soot-list@cs.mcgill.ca <soot-list@CS.McGill.CA>; David Diepenbrock <ddiepenbrock@pjrcorp.com><br>
<b>Subject:</b> Re: [Soot-list] Pointsto analysis for reflection methods</font>
<div> </div>
</div>
<div class="BodyFragment"><font size="2"><span style="font-size:11pt;">
<div class="PlainText">I think David is right. Please have a look also at the documentation of the option "precise-newinstance” here:<br>
<a href="https://soot-build.cs.uni-paderborn.de/public/origin/master/soot/soot-master/3.3.0/options/soot_options.htm#phase_3_1">https://soot-build.cs.uni-paderborn.de/public/origin/master/soot/soot-master/3.3.0/options/soot_options.htm#phase_3_1</a><br>
<br>
If you provide “Dog” as a dynamic class then Soot should be able to pick that up.<br>
<br>
Let us know in case that does not solve your problem.<br>
<br>
Cheers<br>
Eric<br>
<br>
> On 10. Dec 2019, at 21:12, David Diepenbrock <ddiepenbrock@pjrcorp.com> wrote:<br>
> <br>
> Jun,<br>
> <br>
> Try looking into "Options.v().set_dynamic_class()". In my limited experience spark needs a list of the dynamically loaded classes in order to identify the reflective method invokes.
<br>
> <br>
> -David<br>
> From: Soot-list <soot-list-bounces@CS.McGill.CA> on behalf of Jun GAO <jun.gao@uni.lu><br>
> Sent: Monday, December 9, 2019 4:31 AM<br>
> To: soot-list@cs.mcgill.ca <soot-list@CS.McGill.CA><br>
> Subject: [Soot-list] Pointsto analysis for reflection methods<br>
> <br>
> Hi there,<br>
> <br>
> I’m trying to tracking the usage of certain object returned from Java reflection methods by using SPARK PointsTo analysis.<br>
> Hereafter is the code of a simple test case:<br>
> <br>
> import java.lang.reflect.Method;<br>
> import java.lang.reflect.Constructor;<br>
> import java.lang.Class;<br>
> import java.lang.reflect.InvocationTargetException;<br>
> <br>
> public class Testcase {<br>
> <br>
> public static void main(String[] args) {<br>
> try{<br>
> Class cdog = Class.forName("Dog");<br>
> Method mbark = cdog.getMethod("bark");<br>
> mbark.invoke(null);<br>
> } catch(ClassNotFoundException e) {<br>
> e.printStackTrace();<br>
> } catch(NoSuchMethodException e) {<br>
> e.printStackTrace();<br>
> } catch(InvocationTargetException e) {<br>
> e.printStackTrace();<br>
> } catch(IllegalAccessException e) {<br>
> e.printStackTrace();<br>
> }<br>
> }<br>
> <br>
> }<br>
> <br>
> <br>
> By using the points-to analysis, I want to know that the “cdog” in statement "Class cdog = Class.forName("Dog”);” is the one in statement "Method mbark = cdog.getMethod("bark”);”.<br>
> Also, the “mbark” in statement "mbark.invoke(null);” is the one got before.<br>
> However, the points-to set from the points-to analysis for all these local variables are “EmptyPointsToSet”.<br>
> <br>
> Following is the code for analysis by using Soot:<br>
> <br>
> public class Tester {<br>
> public static void main(String[] args) {<br>
> String[] opts = {<br>
> "-process-dir", "../pointsto_test_case/",<br>
> "-ire",<br>
> "-allow-phantom-refs",<br>
> "-src-prec", "c",<br>
> "-w",<br>
> "-p", "cg", "enabled:true",<br>
> "-p", "cg", "all-reachable:true",<br>
> "-p", "cg", "trim-clinit:false",<br>
> "-p", "cg.spark", "on",<br>
> "-p", "cg.spark", "verbose:true",<br>
> "-p", "cg.spark", "propagator:worklist",<br>
> "-p", "cg.spark", "simple-edges-bidirectional:false",<br>
> "-p", "cg.spark", "on-fly-cg:true",<br>
> "-p", "cg.spark", "set-impl:double",<br>
> "-p", "cg.spark", "double-set-old:hybrid",<br>
> "-p", "cg.spark", "double-set-new:hybrid",<br>
> "-p", "jop.cpf", "enabled:true",<br>
> "-output-format", "n"<br>
> };<br>
> G.reset();<br>
> PackManager.v().getPack("wjtp").add(new Transform("wjtp.test", new SceneTransformer() {<br>
> @Override<br>
> protected void internalTransform(String phaseName, Map<String, String> options) {<br>
> PointsToAnalysis pa = Scene.v().getPointsToAnalysis();<br>
> ReachableMethods reachableMethods = Scene.v().getReachableMethods();<br>
> QueueReader<MethodOrMethodContext> listener = reachableMethods.listener();<br>
> while (listener.hasNext()) {<br>
> <br>
> SootMethod m = listener.next().method();<br>
> <br>
> if (!m.getDeclaringClass().getName().equals("Testcase")) continue;<br>
> <br>
> if (m.hasActiveBody()) {<br>
> Local cls = null, method = null;<br>
> Stmt clsStmt = null, methodStmt = null;<br>
> Body body = m.getActiveBody();<br>
> for (Unit u : body.getUnits()) {<br>
> Stmt stmt = (Stmt) u;<br>
> if (stmt.containsInvokeExpr()) {<br>
> InvokeExpr ie = stmt.getInvokeExpr();<br>
> if (ie.getMethod().getName().equals("forName")) {<br>
> cls = (Local) ((AssignStmt) stmt).getLeftOp();<br>
> clsStmt = stmt;<br>
> } else if (ie.getMethod().getName().equals("getMethod")) {<br>
> <br>
> AssignStmt astmt = (AssignStmt) stmt;<br>
> method = (Local) astmt.getLeftOp();<br>
> methodStmt = stmt;<br>
> Local invoker = (Local) ((InstanceInvokeExpr) ie).getBase();<br>
> PointsToSet clsPs = pa.reachingObjects(cls);<br>
> System.out.println(clsPs.getClass());<br>
> PointsToSet invokerPs = pa.reachingObjects(invoker);<br>
> System.out.println(invokerPs.getClass());<br>
> if (clsPs.hasNonEmptyIntersection(invokerPs)) {<br>
> System.out.println(clsStmt);<br>
> System.out.println(methodStmt);<br>
> }<br>
> } else if (ie.getMethod().getName().equals("invoke")) {<br>
> Local invoker = (Local) ((InstanceInvokeExpr) ie).getBase();<br>
> PointsToSet methodPs = pa.reachingObjects(method);<br>
> System.out.println(methodPs.getClass());<br>
> PointsToSet invokerPs = pa.reachingObjects(invoker);<br>
> System.out.println(invokerPs.getClass());<br>
> if (methodPs.hasNonEmptyIntersection(invokerPs)) {<br>
> System.out.println(methodStmt);<br>
> System.out.println(stmt);<br>
> }<br>
> }<br>
> }<br>
> }<br>
> }<br>
> }<br>
> }<br>
> }<br>
> }<br>
> <br>
> I tried the points-to analysis with object instantiated with new statement which works very well.<br>
> And I also noticed that these reflection methods were somehow related to native code.<br>
> So I’m wandering are there some other parameters required for the points-to analysis to work properly for this situation?<br>
> Or it cannot work with it?<br>
> <br>
> <br>
> Best Regard<br>
> ——————————————————<br>
> Jun Gao<br>
> <br>
> University of Luxembourg, SnT<br>
> 6 Rue Richard Coudenhove-Kalergi<br>
> L-1359 Luxembourg<br>
> Office: Bloc E 107<br>
> Tele: (+352) 46 66 44 6019<br>
> Fax: (+352) 46 66 44 36019<br>
> <br>
> <br>
> <br>
> <br>
> <br>
> _______________________________________________<br>
> Soot-list mailing list<br>
> Soot-list@CS.McGill.CA<br>
> <a href="https://mailman.CS.McGill.CA/mailman/listinfo/soot-list">https://mailman.CS.McGill.CA/mailman/listinfo/soot-list</a><br>
<br>
</div>
</span></font></div>
</body>
</html>