[Soot-list] Spark missing call edge when call self method

15 views
Skip to first unread message

cl0und

unread,
Oct 26, 2020, 4:43:24 AM10/26/20
to soot...@cs.mcgill.ca
Hi, I found spark missing call edge when call self method.The details are as follows
A.java
```
public class A {
    public void method1(){
        method2();
        new B().method2();
    }

    public void method2(){
        System.out.println("A method2");
    }
}
```
B.java
```
public class B {
    public void method2(){
        System.out.println("B method2");
    }
}
```
Main.java
```
String processDir = "/path/to/classes";
ArrayList<String> set_process_dir = new ArrayList<String>();
set_process_dir.add(processDir);
Options.v().set_process_dir(set_process_dir);
Options.v().set_whole_program(true);
Options.v().set_allow_phantom_refs(true);
Options.v().set_output_format(Options.output_format_none);
Scene.v().loadNecessaryClasses();

List<SootMethod> entryPoints = new ArrayList();
SootMethod sm = Scene.v().getSootClass("A").getMethodByName("method1");
entryPoints.add(sm);
Scene.v().setEntryPoints(entryPoints);
PackManager.v().runPacks();
Iterator<Unit> units = Scene.v().getSootClass("A").getMethodByName("method1").getActiveBody().getUnits().iterator();
while (units.hasNext()){
    Unit unit = units.next();
    Iterator targets = new Targets(Scene.v().getCallGraph().edgesOutOf(unit));
    while (targets.hasNext()){
        SootMethod tgt = (SootMethod) targets.next();
        System.out.println(unit + " may call " + tgt);
    }
}
```
when I run Main.java the output is 
```
specialinvoke $r1.<B: void <init>()>() may call <B: void <init>()>
virtualinvoke $r1.<B: void method2()>() may call <B: void method2()>
``` 
You can see It loses the calling side A.method1 to A.method2.

But when I comment out the option about spark,the outpout is complete
```
//        Options.v().setPhaseOption("cg.spark", "on");
//        Options.v().setPhaseOption("cg.spark", "enabled:true");
//        Options.v().setPhaseOption("cg.spark", "propagator:worklist");
//        Options.v().setPhaseOption("cg.spark", "on-fly-cg:true");

//output
virtualinvoke r0.<A: void method2()>() may call <A: void method2()>
specialinvoke $r1.<B: void <init>()>() may call <B: void <init>()>
virtualinvoke $r1.<B: void method2()>() may call <B: void method2()>
```
So there is a way to get the complete call side,when use spark?

Thank you for taking the time.

Sent with ProtonMail Secure Email.

Reply all
Reply to author
Forward
0 new messages