The 'handleMaps' option cannot deal with Maps that are aliased

[smeyer198]

The handleMaps option extends Boomerang's default behavior by tracking keys and values of maps. For example, in the following program, Boomerang finds the allocation site new MapAlloc():

MapAlloc someValue = new MapAlloc();
Map<String, MapAlloc> x = new HashMap<>();
x.put("key", someValue);
MapAlloc t = x.get("key");
queryFor(t);

In the 3-address code, Soot and Opal transform the program into a form of

$s0 = new test.cases.hashmap.MapAlloc
$s0.<init>()
someValue = $s0
$s1 = new java.util.HashMap
$s1.<init>()
x = $s1
$s3 = "key"
$s5 = x.put($s3,someValue)
$s7 = "key"
$s8 = x.get($s7)
<Cast $s8 to test.core.selfrunning.AllocatedObject>
t = $s8
queryFor(t)

In comparison, SootUp constructs the code:

$stack4 = new MapAlloc
$stack4.<init>()
someValue = $stack4
$stack5 = new HashMap
$stack5.<init>()
x = $stack5
#l0 = (java.util.Map) x
varReplacer0 = "key"
#l0.put(varReplacer0,someValue)
#l1 = (java.util.Map) x
varReplacer1 = "key"
$stack6 = #l1.get(varReplacer1)
t = (test.core.selfrunning.AllocatedObject) $stack6
queryFor(t)

As one can see, in the Soot and Opal variant, the call to put and get originate from the same base x, whereas the calls in SootUp originate from different bases (aliases #l0 and #l1). Using the aliases causes Boomerang to miss the allocation site new MapAlloc in SootUp