Java中的别名分析

发布于 2024-12-19 09:49:42 字数 114 浏览 5 评论 0原文

有人可以向我指出 Java 别名分析的框架或实现吗? 我查看了asm框架,但它只提供数据流分析和控制流分析。

更新:只是好奇,但有人知道 Findbugs 是否进行别名分析吗?

Can somebody point me to a framework or an implementation of alias analysis for Java.
I looked at the asm framework but it only provides data flow analysis and control flow analysis.

Update: Just curious but does anyone know if Findbugs does alias analysis?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

过潦 2024-12-26 09:49:42

我知道三个带有 Java 别名分析的开源程序分析框架:

  1. WALA (免责声明:我是 WALA 维护者)。
  2. 烟灰
  3. Chord

请注意,这些框架中实际实现的是 指向分析,通过它可以确定可能的混叠。有关 WALA 指针分析的一些详细信息,请访问 http://wala.sourceforge.net/ wiki/index.php/UserGuide:指针分析

I know of three open-source program analysis frameworks with an alias analysis for Java:

  1. WALA (disclaimer: I'm a WALA maintainer).
  2. Soot
  3. Chord

Note that what is actually implemented in these frameworks is a points-to analysis, with which one can determine possible aliasing. Some details on WALA's pointer analyses are available at http://wala.sourceforge.net/wiki/index.php/UserGuide:PointerAnalysis.

赴月观长安 2024-12-26 09:49:42

我认为这是一个非常重要的问题,因为指向分析/别名分析是大多数程序分析任务的基本部分。下面是我尝试列出的更完整的 Java 框架。有些比其他更完整,这是一个活跃的研究领域,所以我可能错过了一些。很难说哪种实现最好,但 DOOP 和 SPARK 似乎是学术界的热门选择。

  1. 烟灰(SPARK)
    • 在 PADDLE 之前发布,但仍被 Soot 社区积极使用。 SPARK 完全集成到 Soot 中,并且在上下文不敏感分析方面表现良好。
    • 论文:[1]
    • 资源:[1][2]
  2. 烟灰(桨)
    • 2005-2008 年发布。 Soot 包括 PADDLE 的前端接口,但不包括后端。该项目不再维护(我无法让它与最新版本的 Soot 一起运行)。支持基于 BDD 的集合表示和上下文敏感的多重抽象,以便在 Soot 中进行分析。
    • 论文:[1][2], [3][4]
    • 资源:[1]
  3. bddbddb
    • 基于声明性数据日志的规范,可将分析转换为基于 BDD 的高效操作。
    • 论文:[1][2]
    • 资源:[1]
  4. <一个href="http://pag-www.gtisc.gatech.edu/chord/user_guide/">和弦
    • CHORD 为上下文和上下文不敏感分析提供了多个标准指向分析选项。
    • 资源:[1][2]
  5. WALA
    • WALA 具有过程间分布式环境 (IDE) 数据流算法的实现。
    • 论文:[1]
    • 资源:[1][2]
  6. DOOP
    • 根据 MIT 许可证发布的基于声明性 Datalog 的实现,但需要专有的 LogicBlox Datalog 框架。我相信这个项目目前被誉为最快、最通用的框架。这也是一个非常活跃的项目,并在研究界得到广泛采用。
    • 论文:[1][2][3][4], [5 ]
    • 资源:[1][2][3][4]
  7. 阿特拉斯(指向工具箱)
    • 由我本人于 2016 年发布。 Atlas 的简单安徒生风格的指向分析。
    • Points-To Toolbox 在 MIT 许可下发布,但需要专有的 Atlas 框架。
    • 资源:[1]
  8. 水肺
    • 基于约束的求解器,用于上下文敏感的点分析。
    • 论文:[1]

用于处理第三方库的额外补充工具。

  1. 阿威罗伊
    • 生成第三方库的 Java 字节码摘要。
    • 论文:[1][2]
    • 资源:[1]
  2. 流矿工
    • 生成第三方库的流和属性的 XML 摘要。
    • 论文:[1]
    • 资源:[1]

I think this is a pretty important question as points-to analysis/alias analysis is a fundamental piece of most program analysis tasks. So here is my attempt at a more complete listing of frameworks for Java. Some are more complete than others and this is an active research area so I may have missed a few. It's hard to say which implementation is the best, but DOOP and SPARK seem to popular choices among academics.

  1. Soot (SPARK)
    • Released before PADDLE, but still actively used by the Soot community. SPARK is fully integrated into Soot and performs well for context-insensitive analysis.
    • Papers: [1]
    • Resources: [1], [2]
  2. Soot (PADDLE)
    • Released in 2005-2008. Soot includes the frontend interface to PADDLE, but not the backend. The project is no longer maintained (I could not get it to run with the latest releases of Soot). Supported BDD based set representation and multiple abstractions of context-sensitivity for analysis in Soot.
    • Papers: [1], [2], [3], [4]
    • Resources: [1]
  3. bddbddb
    • A declarative Datalog based specification that transforms analysis to efficient BDD based operations.
    • Papers: [1], [2]
    • Resources: [1]
  4. CHORD
    • CHORD offers several standard points-to analysis options for context and context-insensitive analysis.
    • Resources: [1], [2]
  5. WALA
    • WALA has an implementation of the Interprocedural Distributive Environment (IDE) data flow algorithm.
    • Papers: [1]
    • Resources: [1], [2]
  6. DOOP
    • A declarative Datalog based implementation released under the MIT License, but requires the proprietary LogicBlox Datalog framework. I believe this project currently holds the claim for being the fastest and most versatile framework available. It is also a very active project and becoming well adopted in the research community.
    • Papers: [1], [2], [3], [4], [5]
    • Resources: [1], [2], [3], [4]
  7. Atlas (Points-to Toolbox)
    • Released in 2016 by myself. Simple Andersen style points-to analysis for Atlas.
    • Points-To Toolbox released under MIT License, but requires proprietary Atlas framework.
    • Resources: [1]
  8. SCUBA
    • A constraint based solver for context sensitive points-to analysis.
    • Papers: [1]

Bonus supplementary tools for dealing with third party libraries.

  1. Averroes
    • Generates Java bytecode summaries of third party libraries.
    • Papers: [1], [2]
    • Resources: [1]
  2. Flow Miner
    • Generates XML summaries of flows and properties of third party libraries.
    • Papers: [1]
    • Resources: [1]
惟欲睡 2024-12-26 09:49:42

一种可能性是 Sawja,在 OCaml 中实现。它似乎还不包含别名分析,但它提供了构建模块。

关于您的更新,Bill Pugh 的 Google 演讲 听起来像是 Findbugs 会在没有解析指针的代码。当然,那是2006年的事了,谁知道之后发生了什么……时间过得很快。

One possibility is Sawja, implemented in OCaml. It doesn't seem to contain an alias analysis yet, but it offers building blocks to make one.

Regarding your update, Bill Pugh's Google talk makes it sound like Findbugs looks for specific patterns in the code without resolving pointers. Of course, that was in 2006, so who knows what has happened since... Time flies fast.

眼眸里的快感 2024-12-26 09:49:42

我在 OOPSLA 上看到了 doop ,但我不知道它处于什么状态。

我不知道其他实现,只知道大量论文。

There's doop which I saw at an OOPSLA, but I don't know what state it is in.

I know of no other implementations, just a ton of papers.

油饼 2024-12-26 09:49:42

我们的 DMS 软件重组工具包 及其 Java Front End 可用于构建此内容。

DMS 提供通用解析、树/符号表构建和流分析(控制流、数据流、指向、调用图等)功能。通过将前端连接到该机器,人们可以实现特定于语言的分析,而无需从头开始构建大部分机器。这些已用于在大型 C 应用程序上进行全局指向分析和调用图构建,以及在 C++ 上进行控制流分析。

对于Java,我们实现了方法本地控制流和本地数据流的某些方面。为了进行良好的别名分析,您需要填写调用图构造。

Our DMS Software Reengineering Toolkit and its Java Front End could be used to build this.

DMS provide general purpose parsing, tree/symbol table building, and flow analysis (control flow, data flow, points-to, call graph, ...) capabilities. By connecting a front end to this machinery, one can implement langauge-specific analyses without having to build most of the machinery from scratch. These have been used to do global points-to analyses and call graph construction on very big C applications, and control flow analysis on C++.

For Java, we have method-local control flow implemented and some aspects of local data flow. To do good alias analysis, you'd need to fill out call graph construction.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文