Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Jan 18 05:32

    msridhar on master

    Handle returned values from Fun… (compare)

  • Jan 18 05:32
    msridhar closed #855
  • Jan 18 05:32
    msridhar commented #855
  • Jan 18 03:58
    msridhar synchronize #855
  • Jan 18 02:54
    msridhar opened #855
  • Jan 06 08:10
    wendaojidian opened #854
  • Jan 03 19:54

    msridhar on master

    Revert "Dummy change to test ja… (compare)

  • Jan 03 18:49

    msridhar on master

    Dummy change to test javadoc up… (compare)

  • Jan 03 05:23

    msridhar on master

    Remove Travis badge (compare)

  • Jan 03 03:32

    msridhar on master

    Disable Travis CI (#853) (compare)

  • Jan 03 03:32
    msridhar closed #853
  • Jan 03 02:33
    msridhar opened #853
  • Jan 03 02:31
    msridhar closed #811
  • Jan 03 02:31
    msridhar commented #811
  • Jan 03 02:30
    msridhar edited #811
  • Jan 03 02:30
    msridhar edited #811
  • Jan 03 02:30
    msridhar assigned #852
  • Jan 03 02:30
    msridhar opened #852
  • Jan 03 02:16

    msridhar on gh-actions-snapshot-builds

    (compare)

  • Jan 03 02:16

    msridhar on master

    Upload snapshot builds from Git… (compare)

Manu Sridharan
@msridhar

Hi, y'all. I am wondering if there are some code examples using WALA CAst for Java source code? In particular generating Call Graphs using it. Thanks!

@dtomassi this is the best example we have: https://github.com/wala/WALA/blob/master/com.ibm.wala.cast.java.ecj/src/main/java/com/ibm/wala/cast/java/ecj/util/SourceDirCallGraph.java Sorry, we need to make it more prominent in the documentation

Hopefully that will get you started
@sImttuba_gitlab you need to build a call graph first. what language are you trying to analyze? if it's Java bytecode, you can take a look here for an example of what needs to be done: https://github.com/wala/WALA-start/blob/master/src/main/java/com/ibm/wala/examples/drivers/ScopeFileCallGraph.java I also recommend looking at the main tutorial slides: http://wala.sourceforge.net/files/PLDI_WALA_Tutorial.pdf
22 replies
Imran Settuba
@sImttuba_gitlab

Hi all,
I am struggeling to traverse the controllflowgraph of an CGNode, in a way so that I can introspect each invocation/ instruction and get their node.
I imagine something like:

public static void main(String[] args) {
  int x = 2;
        x++;

        if (true && 4 + 4 == 3)
            throw new NullPointerException();
}

In other words, how would I search through the graph and find the exception throwing, plus the expression in the if clause that is responsible for it?
Any help is welcome.

Manu Sridharan
@msridhar
Can you use CGNode.iterateNewSites() and find the ones allocating an exception type?
malionet-sarka
@malionet-sarka

Hi all.
Thank you for your help in Issues the other day.
I have a question about the backward slice, so I ask it here.
I did some backward slicing on the following code, but I didn't get the results I expected.

The configuration is as follows.

  • Slicer.DataDependenceOptions.FULL
  • Slicer.ControlDependenceOptions.NO_EXCEPTIONAL_EDGES
  • CallGraphBuilder: makeZeroOneContainerCFABuilder
  • slice seed: Iterator.hasNest();
  • java version: 1.8.0_211
  • WALA version: 1.5.5
public class ArraySample {
    public static void main(String[] args) {
        List<Integer> list = new ArrayList<>();
        list.add(1);
        for (Integer str : list) {
            System.out.println(str);
        }
    }
}

Slice result:

0 = {NormalReturnCaller@2194} "NORMAL_RET_CALLER:Node: < Application, LArraySample, main([Ljava/lang/String;)V > Context: Everywhere[13]13 = invokeinterface < Application, Ljava/util/Iterator, hasNext()Z > 11 @27 exception:12"
1 = {NormalStatement@2195} "NORMAL hasNext:return 9 Node: < Primordial, Ljava/util/ArrayList$Itr, hasNext()Z > Context: DelegatingContext [A=ReceiverInstanceContext<SITE_IN_NODE{< Primordial, Ljava/util/ArrayList, iterator()Ljava/util/Iterator; >:NEW <Primordial,Ljava/util/ArrayList$Itr>@0 in DelegatingContext [A=ReceiverInstanceContext<SITE_IN_NODE{< Application, LArraySample, main([Ljava/lang/String;)V >:NEW <Application,Ljava/util/ArrayList>@0 in Everywhere}>, B=Everywhere]}>, B=Everywhere]"
2 = {PhiStatement@2196} "PHI Node: < Primordial, Ljava/util/ArrayList$Itr, hasNext()Z > Context: DelegatingContext [A=ReceiverInstanceContext<SITE_IN_NODE{< Primordial, Ljava/util/ArrayList, iterator()Ljava/util/Iterator; >:NEW <Primordial,Ljava/util/ArrayList$Itr>@0 in DelegatingContext [A=ReceiverInstanceContext<SITE_IN_NODE{< Application, LArraySample, main([Ljava/lang/String;)V >:NEW <Application,Ljava/util/ArrayList>@0 in Everywhere}>, B=Everywhere]}>, B=Everywhere]:9 = phi  8,7"
3 = {NormalReturnCallee@2197} "NORMAL_RET_CALLEE:Node: < Primordial, Ljava/util/ArrayList$Itr, hasNext()Z > Context: DelegatingContext [A=ReceiverInstanceContext<SITE_IN_NODE{< Primordial, Ljava/util/ArrayList, iterator()Ljava/util/Iterator; >:NEW <Primordial,Ljava/util/ArrayList$Itr>@0 in DelegatingContext [A=ReceiverInstanceContext<SITE_IN_NODE{< Application, LArraySample, main([Ljava/lang/String;)V >:NEW <Application,Ljava/util/ArrayList>@0 in Everywhere}>, B=Everywhere]}>, B=Everywhere]"

The slice results I expect:

List<Integer> list = new ArrayList<>();
list.add(1);

If an iterator is used, isn't a backward slice of the original object valid?
If so, how can I get the results I expect?

Could you give me some advice if convenient.

Manu Sridharan
@msridhar
Hi @malionet-sarka. I agree; I would expect the statements you list to be in the slice. Can you report an issue? I will look when I have time
malionet-sarka
@malionet-sarka
@msridhar
Sorry...
When I reviewed the settings, I found that it was running in Slicer.ControlDependenceOptions.NONE.
In this case, won't the slice result include statement of the original object?
malionet-sarka
@malionet-sarka
If not, I'll report the Issue.
Manu Sridharan
@msridhar
Glancing at the ArrayList code I would expect the slice to include the statements on the original ArrayList even with no control dependence. But I'm not 100% sure. In any case I think it's worth reporting the issue
Ali Ahsan
@aliahsan07
Hi @msridhar , quick question, what are these definers 1 you see when a Call Graph gets constructed?
Manu Sridharan
@msridhar
@aliahsan07 I am not 100% sure. Do you have a small example? I think it might have something to do variables that get overwritten by a nested function
malionet-sarka
@malionet-sarka
Hi all.
I would like to calculate the distance between one node and another on CFG, is there a class implemented on WALA to do this?
Manu Sridharan
@msridhar
Hi @malionet-sarka can you use com.ibm.wala.util.graph.traverse.BFSPathFinder?
you can call find() and then check the length of the returned List
malionet-sarka
@malionet-sarka
@msridhar
Thank you for your reply.
I see... Okay, I'm going to implement it using com.ibm.wala.util.graph.traverse.BFSPathFinder.
Manu Sridharan
@msridhar
Sounds good!
Zhen Zhang
@izgzhen
Hi, I am trying to use WALA's JavaScript support, and I wonder how callbacks are handled typically during data-flow analysis?
For example, given snippet https.get(..., function (r) { ... }), is it possible to use certain API to construct data-flow entering the callback's body? (assuming the model of https.get can be manually constructed using any approach)
Manu Sridharan
@msridhar
Hi @izgzhen! At a high level, what you'd like to do should "just work" assuming you have a correct model of https.get. In particular, our call graph construction accounts for inter-procedural data flow, and we have many frameworks that allow you to perform inter-procedural data flow analysis on top of a call graph
Zhen Zhang
@izgzhen
Thanks for the reply! "have a correct model of https.get" -> how is that typically done from user side? (I can imagine to provide some model written in JS, similar to the prologue.js -- but I am not familiar how that is actually implemented)
@msridhar Forget to ping you on this...
Manu Sridharan
@msridhar
@izgzhen You could just write the model in JavaScript, defining a global variable https as an object that has a get method. Then, include that extra script along with the code you are trying to analyze
Zhen Zhang
@izgzhen
Cool, thanks!
malionet-sarka
@malionet-sarka

Hi, all.
I'd like to specify the definition of the arguments in a method call.
For example, the following code is assumed.

public class Main {
    public static void main(String[] args) {
        int x = 3;
        branch(x);
    }

    private static void test(int x) {
        for(int i = 0; i<x ; i++){
                Syste.out.println("count");
        }
}

In this case, is it possible to specify the source of the definition of x, which is referenced in the test method?

One possible way is to use a backward slice with a conditional branch as the seed in a loop statement.
I would like to know if there is any other good way.

WALA has a way to do inter-procedural data flow analysis, but as far as I know, I am aware that it only works with static fields.

Manu Sridharan
@msridhar

I'd like to specify the definition of the arguments in a method call.

Should the "definitions" be the invoke instructions that call the method? Those are the instructions that pass the actual parameter that ends up being the value for the argument within the method

malionet-sarka
@malionet-sarka
@msridhar
Thank you for your reply.
I see... Then I feel like the simplest way to track it is with backward slicing.
Thank you for your continued advice.
Manu Sridharan
@msridhar
@malionet-sarka I guess it depends on what exactly you are trying to do. Based on the CallGraph you should be able to easily discover which instructions are invoking some method, so you might not need to do slicing. If you give some more details possibly we could help more
Ali Ahsan
@aliahsan07
@msridhar as we were discussing in the wala/WALA#743 how to achieve direct mapping from source variables to points to set. Can you give a pointer to how I can do it? Particularly how to use the toSourceLevelString function in my driver
Manu Sridharan
@msridhar
@aliahsan07 for now your best bet is to copy and adapt the code. I don't immediately have time to extract it out and make it generally usable
Leo0426
@Leo0426
Hello, gentlemen and ladies,I'm new, and i want to know how can i get class dependency from WALA, for example : I have two classes, in class a, has import class b's method, i need to know b is depended by a. How should i do ? please help me.
Manu Sridharan
@msridhar
there is nothing built in to WALA to compute exactly what you need. your best bet is maybe to build a ClassHierarchy and then scan all the methods in each class, looking for references to other classes in fields, method signatures, instructions, etc. You should look around; maybe this kind of analysis already exists using some other framework (Soot, ASM, etc.). It's pretty simple so I wouldn't be surprised if someone has built it already
Ali Ahsan
@aliahsan07
Hi @msridhar is there literature on how WALA handles the with semantics in Javascript?
Leo0426
@Leo0426
@msridhar Thanks for your suggestion, I think I already understand how to do it.
Manu Sridharan
@msridhar

Hi @msridhar is there literature on how WALA handles the with semantics in Javascript?

Unfortunately WALA does not handle with. I don't know of any static analysis framework that handles it. (It's even hard to handle using dynamic analysis; Jalangi2 doesn't handle it.)

Ali Ahsan
@aliahsan07
oh okay. I think Safe framework does do something, it rewrites the with statements at ast level.
Leo0426
@Leo0426
Does Wala support building a class hierarchy based on .java source files?
I saw SourceDirCallGraph demo,is it means i can add -sourceFile xx/xx.java -mainClass LclassName to get analysis Scope?
malionet-sarka
@malionet-sarka

Hi, everyone.
I would like to map the bytecode position to the WALA IR index. But I could not find such a method. Is there any better way?

What I want to do is to reference the beginning of the corresponding bytecode position from the WALA IR. For example, if you reference a bytecode position from invokestatic(WALA IR), you want to reference the bytecode position of the push instruction, not the bytecode position of invokestatic(bytecode).

My understanding is that the WALA IR position does not have a one-to-one correspondence with the bytecode position.

Manu Sridharan
@msridhar
@Leo0426 yes WALA supports class hierarchies from source files. SourceDirCallGraph is good code to look at as an example
@malionet-sarka I think the bytecode index and IR instruction index might actually be the same! But some instructions like push and pop do not appear in WALA IR since it is register-based. This is why some WALA IR instruction indices have a null value. Could you try that out
...and see if its true?
malionet-sarka
@malionet-sarka
@msridhar
Thank you for your reply.
I checked, and the WALA IR index and the bytecode index do not seem to match. My problem was solved by using ISSABasicBlock's getFirstInstructionIndex() to get the bytecode index of the stack operation before the method call.
Ali Ahsan
@aliahsan07
Hi @msridhar I had a query regarding the points to set from a ssa variable
lets say my source variable maps to v7 in the ir 
[Node: <Code body of function Lexample.js> Context: Everywhere, v7] --> [SITE_IN_NODE{<ctor for <JavaScriptLoader,LObject>>:NEW <JavaScriptLoader,LObject>@2 in CallStringContext: [ example.js.do()LRoot;@7 ]}]
[Node: <ctor for <JavaScriptLoader,LFunction>(Lexample.js/example.js@118)> Context: CallStringContext: [ example.js.do()LRoot;@10 ], v7] --> [SITE_IN_NODE{<ctor for <JavaScriptLoader,LFunction>(Lexample.js/example.js@118)>:NEW <JavaScriptLoader,LObject>@3 in CallStringContext: [ example.js.do()LRoot;@10 ]}]
[Node: <Code body of function Lexample.js/example.js@118> Context: Everywhere, v7] --> [SITE_IN_NODE{<ctor for <JavaScriptLoader,LArray>>:NEW <JavaScriptLoader,LArray>@2 in CallStringContext: [ example.js.example.js@118.do()LRoot;@5 ]}]
[Node: <ctor for <JavaScriptLoader,LArray>> Context: CallStringContext: [ example.js.example.js@118.do()LRoot;@5 ], v7] --> [[ConstantKey:0:<JavaScriptLoader,LNumber>]]
How will you interpret this series of points to sets? I think I can ignore the ctor calls right
Leo0426
@Leo0426
Hi sir, I want to get the line number in the source code.Now I usenode.getMethod().getSourcePositionByIRIdx(iindex).getLastLine()method, but some line number is empty. Can i have any other way to get it ?