soot.jimple.toolkits.infoflow.LocalObjectsAnalysis Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of robovm-soot Show documentation
Show all versions of robovm-soot Show documentation
RoboVM fork of Soot - A Java optimization framework
The newest version!
package soot.jimple.toolkits.infoflow;
import soot.*;
import java.util.*;
import soot.toolkits.graph.*;
import soot.toolkits.scalar.*;
import soot.jimple.toolkits.callgraph.*;
import soot.jimple.*;
// LocalObjectsAnalysis written by Richard L. Halpert, 2007-02-24
// Constructs data flow tables for each method of every application class. Ignores indirect flow.
// These tables conservatively approximate how data flows from parameters,
// fields, and globals to parameters, fields, globals, and the return value.
// Note that a ref-type parameter (or field or global) might allow access to a
// large data structure, but that entire structure will be represented only by
// the parameter's one node in the data flow graph.
// Provides a high level interface to access the data flow information.
public class LocalObjectsAnalysis
public InfoFlowAnalysis dfa;
UseFinder uf;
CallGraph cg;
Map classToClassLocalObjectsAnalysis;
Map mergedContextsCache;
Map mloaCache;
public LocalObjectsAnalysis(InfoFlowAnalysis dfa)
this.dfa = dfa;
this.uf = new UseFinder();
this.cg = Scene.v().getCallGraph();
classToClassLocalObjectsAnalysis = new HashMap();
mergedContextsCache = new HashMap();
mloaCache = new HashMap();
public ClassLocalObjectsAnalysis getClassLocalObjectsAnalysis(SootClass sc)
ClassLocalObjectsAnalysis cloa = newClassLocalObjectsAnalysis(this, dfa, uf, sc);
classToClassLocalObjectsAnalysis.put(sc, cloa);
return classToClassLocalObjectsAnalysis.get(sc);
// meant to be overridden by specialty local objects analyses
protected ClassLocalObjectsAnalysis newClassLocalObjectsAnalysis(LocalObjectsAnalysis loa, InfoFlowAnalysis dfa, UseFinder uf, SootClass sc)
return new ClassLocalObjectsAnalysis(loa, dfa, uf, sc);
public boolean isObjectLocalToParent(Value localOrRef, SootMethod sm)
// Handle obvious case
if( localOrRef instanceof StaticFieldRef )
return false;
ClassLocalObjectsAnalysis cloa = getClassLocalObjectsAnalysis(sm.getDeclaringClass());
return cloa.isObjectLocal(localOrRef, sm);
public boolean isFieldLocalToParent(SootField sf) // To parent class!
// Handle obvious case
if( sf.isStatic() )
return false;
ClassLocalObjectsAnalysis cloa = getClassLocalObjectsAnalysis(sf.getDeclaringClass());
return cloa.isFieldLocal(sf);
public boolean isObjectLocalToContext(Value localOrRef, SootMethod sm, SootMethod context)
// Handle special case
if(sm == context)
// G.v().out.println(" Directly Reachable: ");
boolean isLocal = isObjectLocalToParent(localOrRef, sm);
G.v().out.println(" " + (isLocal ?
"LOCAL (Directly Reachable from " + context.getDeclaringClass().getShortName() + "." + context.getName() + ")" :
"SHARED (Directly Reachable from " + context.getDeclaringClass().getShortName() + "." + context.getName() + ")"));
return isLocal;
// Handle obvious case
if( localOrRef instanceof StaticFieldRef )
G.v().out.println(" SHARED (Static from " + context.getDeclaringClass().getShortName() + "." + context.getName() + ")");
return false;
// Handle uncheckable case
// no way to tell... and how do we have access to a Local anyways???
throw new RuntimeException("Attempted to check if a local variable in a non-concrete method is shared/local.");
// For Resulting Merged Context, check if localOrRef is local
Body b = sm.retrieveActiveBody(); // sm is guaranteed concrete (see above)
// Check if localOrRef is Local in smContext
/* SmartMethodLocalObjectsAnalysis mloa = null;
// Pair mloaKey = new Pair(sm, mergedContext);
if( mloaCache.containsKey(sm) )
mloa = (SmartMethodLocalObjectsAnalysis) mloaCache.get(sm);
// G.v().out.println(" Retrieved mloa From Cache: ");
UnitGraph g = new ExceptionalUnitGraph(b);
mloa = new SmartMethodLocalObjectsAnalysis(g, dfa);
// G.v().out.println(" Caching mloa (smdfa " + SmartMethodInfoFlowAnalysis.counter +
// " smloa " + SmartMethodLocalObjectsAnalysis.counter + ") for " + sm.getName() + " on goal:");
mloaCache.put(sm, mloa);
CallLocalityContext mergedContext = getClassLocalObjectsAnalysis(context.getDeclaringClass()).getMergedContext(sm);
if(mergedContext == null)
G.v().out.println(" ------ (Unreachable from " + context.getDeclaringClass().getShortName() + "." + context.getName() + ")");
return true; // it's not non-local...
// with the completed mergedContext...
// localOrRef can actually be a field ref
if( localOrRef instanceof InstanceFieldRef )
InstanceFieldRef ifr = (InstanceFieldRef) localOrRef;
Local thisLocal = null;
try{ thisLocal = b.getThisLocal(); }
catch(RuntimeException re) { /* Couldn't get thisLocal */ }
if(ifr.getBase() == thisLocal)
boolean isLocal = mergedContext.isFieldLocal(InfoFlowAnalysis.getNodeForFieldRef(sm, ifr.getField()));
G.v().out.println(" LOCAL (this .localField from " + context.getDeclaringClass().getShortName() + "."
+ context.getName() + ")");
G.v().out.println(" SHARED (this .sharedField from " + context.getDeclaringClass().getShortName() + "."
+ context.getName() + ")");
return isLocal;
boolean isLocal = SmartMethodLocalObjectsAnalysis.isObjectLocal(dfa, sm, mergedContext, ifr.getBase());
ClassLocalObjectsAnalysis cloa = getClassLocalObjectsAnalysis(context.getDeclaringClass());
isLocal = !cloa.getInnerSharedFields().contains(ifr.getField());
G.v().out.println(" LOCAL (local .localField from " + context.getDeclaringClass().getShortName() + "."
+ context.getName() + ")");
G.v().out.println(" SHARED (local .sharedField from " + context.getDeclaringClass().getShortName() + "."
+ context.getName() + ")");
return isLocal;
G.v().out.println(" SHARED (shared.someField from " + context.getDeclaringClass().getShortName() + "."
+ context.getName() + ")");
return isLocal;
boolean isLocal = SmartMethodLocalObjectsAnalysis.isObjectLocal(dfa, sm, mergedContext, localOrRef);
G.v().out.println(" LOCAL ( local from " + context.getDeclaringClass().getShortName() + "."
+ context.getName() + ")");
G.v().out.println(" SHARED (shared from " + context.getDeclaringClass().getShortName() + "."
+ context.getName() + ")");
return isLocal;
public boolean isFieldLocalToContext(SootField sf, SootMethod sm, SootClass context)
G.v().out.println(" Checking if " + sf + " in " + sm + " is local to " + context + ":");
if(sm.getDeclaringClass() == context) // special case
boolean isLocal = isFieldLocalToParent(sf);
G.v().out.println(" Directly Reachable: " + (isLocal ? "LOCAL" : "SHARED"));
return isLocal;
// The rest of the time, we must find all call chains from context to sm
// if it's local on all of them, then return true.
// Find Call Chains (separate chains for separate possible virtual call targets)
// TODO right now we discard reentrant call chains... but this is UNSAFE
// TODO right now we are stupid about virtual calls... but this is UNSAFE
// for each method in the context class (OR JUST FROM THE RUN METHOD IF IT'S A THREAD?)
List classMethods = getAllMethodsForClass(context); // gets methods in context class and superclasses
List callChains = new ArrayList();
List startingMethods = new ArrayList();
Iterator classMethodsIt = classMethods.iterator();
SootMethod classMethod = (SootMethod) classMethodsIt.next();
List methodCallChains = getCallChainsBetween(classMethod, sm);
Iterator methodCallChainsIt = methodCallChains.iterator();
startingMethods.add(classMethod); // need to add this once for each method call chain being added
if(callChains.size() == 0)
G.v().out.println(" Unreachable: treat as local.");
return true; // it's not non-local...
G.v().out.println(" Found " + callChains.size() + " Call Chains...");
// for(int i = 0; i < callChains.size(); i++)
// G.v().out.println(" " + callChains.get(i));
// Check Call Chains
for(int i = 0; i < callChains.size(); i++)
List callChain = (List) callChains.get(i);
if(!isFieldLocalToContextViaCallChain(sf, sm, context, (SootMethod) startingMethods.get(i), callChain))
G.v().out.println(" SHARED");
return false;
G.v().out.println(" LOCAL");
return true;
Map rmCache = new HashMap();
public CallChain getNextCallChainBetween(SootMethod start, SootMethod goal, List previouslyFound)
// callChains.add(new LinkedList()); // Represents the one way to get from goal to goal (which is to already be there)
// Is this worthwhile? Fast? Slow? Broken? Applicable inside the recursive method?
// If method is unreachable, don't bother trying to make chains
ReachableMethods rm = null;
rm = rmCache.get(start);
List entryPoints = new ArrayList();
rm = new ReachableMethods(cg, entryPoints);
rmCache.put(start, rm);
// Set methodsInAnyChain = new HashSet();
// methodsInAnyChain.add(goal);
return getNextCallChainBetween(rm, start, goal, null, null, previouslyFound);
return null; // new ArrayList();
Map callChainsCache = new HashMap();
public CallChain getNextCallChainBetween(ReachableMethods rm, SootMethod start, SootMethod end, Edge endToPath, CallChain path, List previouslyFound)
Pair cacheKey = new Pair(start, end);
// G.v().out.print("C");
return null;
// return (CallChain) callChainsCache.get(cacheKey);
path = new CallChain(endToPath, path); // initially, path and endToPath can be null
if(start == end)
// if(previouslyFound.contains(path)) // don't return a call chain that was already returned in a previous run
// {
// G.v().out.print("P");
// return null;
// }
// G.v().out.print("F");
return path;
// List ret = new ArrayList();
// ret.add(path);
// G.v().out.print("F");
// return ret;
// G.v().out.print("U");
return null; // new ArrayList(); // no paths
// List paths = new ArrayList(); // no paths
Iterator edgeIt = cg.edgesInto(end);
Edge e = (Edge) edgeIt.next();
SootMethod node = e.src();
if(!path.containsMethod(node) && e.isExplicit() && e.srcStmt().containsInvokeExpr())
// G.v().out.print("R");
CallChain newpath = getNextCallChainBetween(rm, start, node, e, path, previouslyFound); // node is supposed to be a method
if(newpath != null)
// G.v().out.print("|");
return newpath;
// Iterator newpathsIt = newpaths.iterator();
// while(newpathsIt.hasNext())
// {
// paths.addAll(newpaths);
// }
// G.v().out.print("S");
// G.v().out.print("(" + paths.size() + ")");
// if(paths.size() < 100)
if(previouslyFound.size() == 0)
callChainsCache.put(cacheKey, null);
// G.v().out.print("|");
return null;
// callChains go from current to goal
public void getCallChainsBetween(SootMethod start, SootMethod current, SootMethod goal, ReachableMethods rm, List callChains, Set methodsInAnyChain)
List oldCallChains = new ArrayList();
Pair cacheKey = new Pair(start, current);
List cachedChains = (List) callChainsCache.get(cacheKey);
Iterator cachedChainsIt = cachedChains.iterator();
CallChain cachedChain = (CallChain) cachedChainsIt.next();
Iterator oldCallChainsIt = oldCallChains.iterator();
CallChain oldChain = (CallChain) oldCallChainsIt.next();
// We now have chains from start to goal
// For each edge into goal, clone the existing call chains and add that edge to the beginning, then call self with new goal
Iterator edgeIt = cg.edgesInto(current);
Edge e = (Edge) edgeIt.next();
// Stmt currentCallerStmt = e.srcStmt();
SootMethod currentCaller = e.src();
// If the source of this edge is unreachable, ignore it
if( !rm.contains(currentCaller) )
// If this would introduce an SCC, skip it (TODO: Deal with it, instead)
boolean currentCallerIsAlreadyInAChain = false;
Iterator oldCallChainsIt = oldCallChains.iterator();
CallChain oldCallChain = (CallChain) oldCallChainsIt.next();
currentCallerIsAlreadyInAChain = true;
if( ( currentCaller == goal ) || currentCallerIsAlreadyInAChain) // methodsInAnyChain.contains(goalCaller) )
continue; // if this goalCaller would be an SCC, ignore it
// If this is the type of edge that we'd like to include in our call chains
if(e.isExplicit())// && goalCallerStmt.containsInvokeExpr())
// Make a copy of all call chains
// List newCallChains = cloneCallChains(oldCallChains);
List newCallChains = new ArrayList();
if(oldCallChains.size() == 0)
newCallChains.add(new CallChain(e, null));
// Add this edge to each call chain
oldCallChainsIt = oldCallChains.iterator();
CallChain oldCallChain = (CallChain) oldCallChainsIt.next();
newCallChains.add(new CallChain(e, oldCallChain));
// methodsInAnyChain.add(goalCaller);
// If the call chains don't now start from start, then get ones that do (recursively)
if(currentCaller != start)
// Call self to extend these new call chains all the way to start
getCallChainsBetween(start, currentCaller, goal, rm, newCallChains, methodsInAnyChain);
// Add all the new call chains to our set
G.v().out.print("(" + callChains.size() + ")");
if(callChains.size() > 0)
callChainsCache.put(new Pair(start, goal), callChains);
// returns a 1-deep clone of a List of Lists
private List cloneCallChains(List callChains)
List ret = new ArrayList();
Iterator callChainsIt = callChains.iterator();
ret.add( ((LinkedList) callChainsIt.next()).clone() ); // add a clone of each call chain
return ret;
public List getCallChainsBetween(SootMethod start, SootMethod goal)
List callChains = new ArrayList();
Iterator edgeIt = cg.edgesInto(goal);
Edge e = (Edge) edgeIt.next();
Stmt goalCallerStmt = e.srcStmt();
SootMethod goalCaller = e.src();
if(e.isExplicit() && goalCallerStmt.containsInvokeExpr()) // if not, we're not interested
List edgeCallChains = null;
if(goalCaller == start)
edgeCallChains = new ArrayList();
edgeCallChains.add(new LinkedList());
edgeCallChains = getCallChainsBetween(start, goalCaller);
Pair pair = new Pair(new EquivalentValue(goalCallerStmt.getInvokeExpr()), goal);
Iterator edgeCallChainsIt = edgeCallChains.iterator();
List edgeCallChain = (List) edgeCallChainsIt.next();
if( !edgeCallChain.contains(pair) ) // SCC, we must ignore, sadly... TODO FIX THIS
return callChains;
// returns a list of all methods that can be invoked on an object of type sc
public List getAllMethodsForClass(SootClass sootClass)
// Determine which methods are reachable in this program
ReachableMethods rm = Scene.v().getReachableMethods();
// Get list of reachable methods declared in this class
// Also get list of fields declared in this class
List scopeMethods = new ArrayList();
Iterator scopeMethodsIt = sootClass.methodIterator();
SootMethod scopeMethod = (SootMethod) scopeMethodsIt.next();
// Add reachable methods and fields declared in superclasses
SootClass superclass = sootClass;
superclass = sootClass.getSuperclass();
while(superclass.hasSuperclass()) // we don't want to process Object
Iterator scMethodsIt = superclass.methodIterator();
SootMethod scMethod = (SootMethod) scMethodsIt.next();
superclass = superclass.getSuperclass();
return scopeMethods;
public boolean hasNonLocalEffects(SootMethod containingMethod, InvokeExpr ie, SootMethod context)
SootMethod target = ie.getMethodRef().resolve();
MutableDirectedGraph dataFlowGraph = dfa.getMethodInfoFlowSummary(target); // TODO actually we want a graph that is sensitive to scalar data, too
// For a static invoke, check if any fields or any shared params are read/written
if(ie instanceof StaticInvokeExpr)
Iterator graphIt = dataFlowGraph.iterator();
EquivalentValue nodeEqVal = (EquivalentValue) graphIt.next();
Ref node = (Ref) nodeEqVal.getValue();
if(node instanceof FieldRef)
if( dataFlowGraph.getPredsOf(nodeEqVal).size() > 0 ||
dataFlowGraph.getSuccsOf(nodeEqVal).size() > 0 )
return true;
else if(node instanceof ParameterRef)
if( dataFlowGraph.getPredsOf(nodeEqVal).size() > 0 ||
dataFlowGraph.getSuccsOf(nodeEqVal).size() > 0 )
ParameterRef pr = (ParameterRef) node;
if(pr.getIndex() != -1)
if( !isObjectLocalToContext(ie.getArg(pr.getIndex()), containingMethod, context) )
return true;
else if(ie instanceof InstanceInvokeExpr)
// For a instance invoke on local object, check if any static fields or any shared params are read/written
InstanceInvokeExpr iie = (InstanceInvokeExpr) ie;
if( isObjectLocalToContext(iie.getBase(), containingMethod, context) )
Iterator graphIt = dataFlowGraph.iterator();
EquivalentValue nodeEqVal = (EquivalentValue) graphIt.next();
Ref node = (Ref) nodeEqVal.getValue();
if(node instanceof StaticFieldRef)
if( dataFlowGraph.getPredsOf(nodeEqVal).size() > 0 ||
dataFlowGraph.getSuccsOf(nodeEqVal).size() > 0 )
return true;
else if(node instanceof ParameterRef)
if( dataFlowGraph.getPredsOf(nodeEqVal).size() > 0 ||
dataFlowGraph.getSuccsOf(nodeEqVal).size() > 0 )
ParameterRef pr = (ParameterRef) node;
if(pr.getIndex() != -1)
if( !isObjectLocalToContext(ie.getArg(pr.getIndex()), containingMethod, context) )
return true;
// For a instance invoke on shared object, check if any fields or any shared params are read/written
Iterator graphIt = dataFlowGraph.iterator();
EquivalentValue nodeEqVal = (EquivalentValue) graphIt.next();
Ref node = (Ref) nodeEqVal.getValue();
if(node instanceof FieldRef)
if( dataFlowGraph.getPredsOf(nodeEqVal).size() > 0 ||
dataFlowGraph.getSuccsOf(nodeEqVal).size() > 0 )
return true;
else if(node instanceof ParameterRef)
if( dataFlowGraph.getPredsOf(nodeEqVal).size() > 0 ||
dataFlowGraph.getSuccsOf(nodeEqVal).size() > 0 )
ParameterRef pr = (ParameterRef) node;
if(pr.getIndex() != -1)
if( !isObjectLocalToContext(ie.getArg(pr.getIndex()), containingMethod, context) )
return true;
return false;
© 2015 - 2025 Weber Informatics LLC | Privacy Policy