Package sootup.spark
Class PointsToAnalysis
java.lang.Object
sootup.spark.PointsToAnalysis
Client-facing pointer analysis API over a SPARK
PAG.
Construct via fromSolver(Solver). The factory triggers Solver.solve() (if the
PAG has not yet been built) and then runs an Andersen-style fixed-point propagation over the
allocation, assignment, store, and load edges of the PAG. After construction the following
queries are supported:
reachingObjects(Node)— the set ofAllocationNodes a node may point to.aliases(Node)— the set of other PAG nodes whose points-to set intersects the query node's.reachingTypes(Node)— the set of run-timeTypes induced by the points-to set.
-
Method Summary
Modifier and TypeMethodDescriptionReturns the set of nodes (other thannodeitself) whose points-to set shares at least one allocation withreachingObjects(node)— i.e. nodes that may refer to a common run-time object.static PointsToAnalysisfromSolver(@NonNull Solver solver) Builds aPointsToAnalysisover the PAG ofsolver.reachingObjects(@NonNull Node node) Returns the set of allocation sites thatnodemay point to.reachingTypes(@NonNull Node node) Returns the set of run-time types thatnode's points-to set may induce.
-
Method Details
-
fromSolver
Builds aPointsToAnalysisover the PAG ofsolver. If the PAG has not yet been built (i.e. has no vertices),Solver.solve()is invoked first. -
reachingObjects
Returns the set of allocation sites thatnodemay point to.For an
AllocationNodethe result is the singleton containing that allocation. For anInstanceFieldRefNodeb.fthe result is the union ofheap[o, f]over eachoinreachingObjects(b). -
aliases
Returns the set of nodes (other thannodeitself) whose points-to set shares at least one allocation withreachingObjects(node)— i.e. nodes that may refer to a common run-time object. Only PAG vertices are considered as candidates. -
reachingTypes
Returns the set of run-time types thatnode's points-to set may induce.
-