Skip to content

Using Transformers

Jump to bottom
Hassaan edited this page Jan 8, 2016 · 6 revisions

Transformers

Transformers in SPADE are used to modify a graph resulting from a query before sending it back to the user. Multiple transformers can chained together, the order of which can be specified by the user.

Adding Transformers

A transformer is added by specifying the exact name of the transformer and the index at which the transformer is to be added in the chain. For example, you can add the RemoveBEEPUnits transformer at index 1 and that would ensure that the result graph is transformed first by the above-mentioned transformer. You can do that as follows:

-> add transformer RemoveBEEPUnits 1
Adding transformer RemoveBEEPUnits... done

And you can add more transformers by specifying an index bigger than the already added one or you can specify the same index for a new transformer which would push ahead the already added transformer and the new transformer would take be at the index of the old one. For example, if you want to add the transformer MergeIOEdges before RemoveBEEPUnits then run the following command:

-> add transformer MergeIOEdge 1
Adding transformer MergeIOEdges... done

Removing Transformers

You can remove a transformer by specifying the index as follows:

-> remove transformer 1
Removing transformer MergeIOEdges... done

Listing Transformers

You can view the list of currently added transformers as follows:

-> list transformers
1 transformer(s) added:
    1. RemoveBEEPUnits

Description of current Transformers (7th of Jan, 2016):

  1. CollapseArtifactVersions - Collapses all artifact vertices with different version numbers into one and removes the version annotation

  2. MergeForkCloneAndExecveEdges - Converts relationships of the type "process p1 forked p2 and process p2 execved p3" into "process p1 forked and execved p3"

  3. MergeIOEdges - Converts multiple IO edges with the same operation between a process and an artifact into just IO edge. It does that for each operation.

  4. RemoveBEEPUnits - Collapses all unit vertices of a process into one process vertex.

  5. RemoveFileReadIfReadOnly - Removes file read edge from the graph if the artifact being read is not written by any process other than the currently reading processes. It checks that for only specific files which are specified using a regex in cfg/removegarbagefilestransformer.config.

  6. RemoveFiles - Removes files which match the regex pattern specified in the file cfg/removefilestransformer.config

  7. RemoveFileWriteIfWriteOnly - Removes file write edge from the graph if the artifact being written is not read by any process other than the currently writing processes. It does that for all write edges.

  8. RemoveLineage - This transformer takes a vertex expression as an arguments and the lineage of that vertex is removed from the graph. The direction of the lineage is gotten automatically from the query that is run.

  9. RemoveMemoryVertices - Removes edges which exist between memory artifact and a process and also removes the memory artifact vertices.

  10. ReplaceRenameLinkWithWrite - Removes edges with operation 'link_oldpath', 'link', 'rename_oldpath', 'rename', and replaces the operations 'link_newpath' and 'rename_newpath' by the operation 'write'

  11. BEEP - The transformer uses the transformers listed above in predefined order to replicate the graphs which are outputted by BEEP code.

This material is based upon work supported by the National Science Foundation under Grants OCI-0722068, IIS-1116414, and ACI-1547467. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.

Clone this wiki locally