Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • 05:48
    dependabot-preview[bot] review_requested #881
  • 05:48
    dependabot-preview[bot] labeled #881
  • 05:48
    dependabot-preview[bot] opened #881
  • 05:48

    dependabot-preview[bot] on gradle

    Bump ant from 1.10.9 to 1.10.10… (compare)

  • Apr 12 05:58

    dependabot-preview[bot] on gradle

    (compare)

  • Apr 12 05:58
    dependabot-preview[bot] closed #878
  • Apr 12 05:58
    dependabot-preview[bot] commented #878
  • Apr 12 05:58
    dependabot-preview[bot] review_requested #880
  • Apr 12 05:58
    dependabot-preview[bot] labeled #880
  • Apr 12 05:58
    dependabot-preview[bot] opened #880
  • Apr 12 05:58

    dependabot-preview[bot] on gradle

    Bump com.diffplug.eclipse.maven… (compare)

  • Mar 29 15:20

    juliandolby on master

    - allow overrriding of field re… block_exprs represent normal in… (compare)

  • Mar 26 14:34
    ox1234 commented #879
  • Mar 26 14:18
    ox1234 opened #879
  • Mar 24 05:34
    dependabot-preview[bot] review_requested #878
  • Mar 24 05:34
    dependabot-preview[bot] labeled #878
  • Mar 24 05:34
    dependabot-preview[bot] opened #878
  • Mar 24 05:34

    dependabot-preview[bot] on gradle

    Bump com.diffplug.eclipse.maven… (compare)

  • Mar 23 00:44
    msridhar commented #869
  • Mar 22 15:29

    dependabot-preview[bot] on gradle

    (compare)

Manu Sridharan
@msridhar
Hi @izgzhen! At a high level, what you'd like to do should "just work" assuming you have a correct model of https.get. In particular, our call graph construction accounts for inter-procedural data flow, and we have many frameworks that allow you to perform inter-procedural data flow analysis on top of a call graph
Zhen Zhang
@izgzhen
Thanks for the reply! "have a correct model of https.get" -> how is that typically done from user side? (I can imagine to provide some model written in JS, similar to the prologue.js -- but I am not familiar how that is actually implemented)
@msridhar Forget to ping you on this...
Manu Sridharan
@msridhar
@izgzhen You could just write the model in JavaScript, defining a global variable https as an object that has a get method. Then, include that extra script along with the code you are trying to analyze
Zhen Zhang
@izgzhen
Cool, thanks!
malionet-sarka
@malionet-sarka

Hi, all.
I'd like to specify the definition of the arguments in a method call.
For example, the following code is assumed.

public class Main {
    public static void main(String[] args) {
        int x = 3;
        branch(x);
    }

    private static void test(int x) {
        for(int i = 0; i<x ; i++){
                Syste.out.println("count");
        }
}

In this case, is it possible to specify the source of the definition of x, which is referenced in the test method?

One possible way is to use a backward slice with a conditional branch as the seed in a loop statement.
I would like to know if there is any other good way.

WALA has a way to do inter-procedural data flow analysis, but as far as I know, I am aware that it only works with static fields.

Manu Sridharan
@msridhar

I'd like to specify the definition of the arguments in a method call.

Should the "definitions" be the invoke instructions that call the method? Those are the instructions that pass the actual parameter that ends up being the value for the argument within the method

malionet-sarka
@malionet-sarka
@msridhar
Thank you for your reply.
I see... Then I feel like the simplest way to track it is with backward slicing.
Thank you for your continued advice.
Manu Sridharan
@msridhar
@malionet-sarka I guess it depends on what exactly you are trying to do. Based on the CallGraph you should be able to easily discover which instructions are invoking some method, so you might not need to do slicing. If you give some more details possibly we could help more
Ali Ahsan
@aliahsan07
@msridhar as we were discussing in the wala/WALA#743 how to achieve direct mapping from source variables to points to set. Can you give a pointer to how I can do it? Particularly how to use the toSourceLevelString function in my driver
Manu Sridharan
@msridhar
@aliahsan07 for now your best bet is to copy and adapt the code. I don't immediately have time to extract it out and make it generally usable
Leo0426
@Leo0426
Hello, gentlemen and ladies,I'm new, and i want to know how can i get class dependency from WALA, for example : I have two classes, in class a, has import class b's method, i need to know b is depended by a. How should i do ? please help me.
Manu Sridharan
@msridhar
there is nothing built in to WALA to compute exactly what you need. your best bet is maybe to build a ClassHierarchy and then scan all the methods in each class, looking for references to other classes in fields, method signatures, instructions, etc. You should look around; maybe this kind of analysis already exists using some other framework (Soot, ASM, etc.). It's pretty simple so I wouldn't be surprised if someone has built it already
Ali Ahsan
@aliahsan07
Hi @msridhar is there literature on how WALA handles the with semantics in Javascript?
Leo0426
@Leo0426
@msridhar Thanks for your suggestion, I think I already understand how to do it.
Manu Sridharan
@msridhar

Hi @msridhar is there literature on how WALA handles the with semantics in Javascript?

Unfortunately WALA does not handle with. I don't know of any static analysis framework that handles it. (It's even hard to handle using dynamic analysis; Jalangi2 doesn't handle it.)

Ali Ahsan
@aliahsan07
oh okay. I think Safe framework does do something, it rewrites the with statements at ast level.
Leo0426
@Leo0426
Does Wala support building a class hierarchy based on .java source files?
I saw SourceDirCallGraph demo,is it means i can add -sourceFile xx/xx.java -mainClass LclassName to get analysis Scope?
malionet-sarka
@malionet-sarka

Hi, everyone.
I would like to map the bytecode position to the WALA IR index. But I could not find such a method. Is there any better way?

What I want to do is to reference the beginning of the corresponding bytecode position from the WALA IR. For example, if you reference a bytecode position from invokestatic(WALA IR), you want to reference the bytecode position of the push instruction, not the bytecode position of invokestatic(bytecode).

My understanding is that the WALA IR position does not have a one-to-one correspondence with the bytecode position.

Manu Sridharan
@msridhar
@Leo0426 yes WALA supports class hierarchies from source files. SourceDirCallGraph is good code to look at as an example
@malionet-sarka I think the bytecode index and IR instruction index might actually be the same! But some instructions like push and pop do not appear in WALA IR since it is register-based. This is why some WALA IR instruction indices have a null value. Could you try that out
...and see if its true?
malionet-sarka
@malionet-sarka
@msridhar
Thank you for your reply.
I checked, and the WALA IR index and the bytecode index do not seem to match. My problem was solved by using ISSABasicBlock's getFirstInstructionIndex() to get the bytecode index of the stack operation before the method call.
Ali Ahsan
@aliahsan07
Hi @msridhar I had a query regarding the points to set from a ssa variable
lets say my source variable maps to v7 in the ir
[Node: <Code body of function Lexample.js> Context: Everywhere, v7] --> [SITE_IN_NODE{<ctor for <JavaScriptLoader,LObject>>:NEW <JavaScriptLoader,LObject>@2 in CallStringContext: [ example.js.do()LRoot;@7 ]}]
[Node: <ctor for <JavaScriptLoader,LFunction>(Lexample.js/example.js@118)> Context: CallStringContext: [ example.js.do()LRoot;@10 ], v7] --> [SITE_IN_NODE{<ctor for <JavaScriptLoader,LFunction>(Lexample.js/example.js@118)>:NEW <JavaScriptLoader,LObject>@3 in CallStringContext: [ example.js.do()LRoot;@10 ]}]
[Node: <Code body of function Lexample.js/example.js@118> Context: Everywhere, v7] --> [SITE_IN_NODE{<ctor for <JavaScriptLoader,LArray>>:NEW <JavaScriptLoader,LArray>@2 in CallStringContext: [ example.js.example.js@118.do()LRoot;@5 ]}]
[Node: <ctor for <JavaScriptLoader,LArray>> Context: CallStringContext: [ example.js.example.js@118.do()LRoot;@5 ], v7] --> [[ConstantKey:0:<JavaScriptLoader,LNumber>]]
How will you interpret this series of points to sets? I think I can ignore the ctor calls right
1 reply
Leo0426
@Leo0426
Hi sir, I want to get the line number in the source code.Now I usenode.getMethod().getSourcePositionByIRIdx(iindex).getLastLine()method, but some line number is empty. Can i have any other way to get it ?
1 reply
paul_szymanski
@paul_szymanski:matrix.org
[m]
I want to use the classes from com.ibm.wala.cast.js.nodejs in my project. Unfortunately this is not provided by any public repository like maven central. What is the easiest way for me to make use of this? Do I have to pull the whole WALA repo and build the whole project?
Manu Sridharan
@msridhar
@paul_szymanski:matrix.org unfortunately, I think you have to build from source for now. The reason we did not create a maven central artifact for that project is that I think as of right now it depends on downloading node.js and pulling in files from it, to model node.js libraries. That didn't seem to fit well with distributing an artifact on Maven Central. Would you still find a Central artifact useful?
paul_szymanski
@paul_szymanski:matrix.org
[m]
@msridhar: That would be useful. For now I have copied files from the com.ibm.wala.cast.js.nodejs package over to my project, similar like it was done for the js package in wala-start. And I copied the resources and core-modules over. This seems to work fine so far. I guess it is not straight forward to include this into maven central? The core modules should probably not be included into the artifact, as someone might want to choose a different nodejs version? Also the set of CORE_MODULES should probably not be hard coded? I noticed, the current list is for Nodejs v6.2.2, however the gradle task pulls nodejs v0.12.4...
Manu Sridharan
@msridhar
@paul_szymanski:matrix.org so disclaimer: I didn't write this code. I think for it to be useful as a Maven artifact, we need some way for the client to pass in / override the location of the core modules to be used. We can't re-distribute any version of nodejs as part of the artifact due to licensing. I don't think this would be a hard change; if you'd like to submit a PR around it I'd be happy to review it!
paul_szymanski
@paul_szymanski:matrix.org
[m]
@msridhar: Thanks for your offer :) I would like to submit a PR, but I can't right now because deadline 😅 I will stick with my solution for now.
Manu Sridharan
@msridhar
Sounds good!