SootUp
SootUp copied to clipboard
soot-oss
An inconsistency between call graphs
I used SootUp to construct call graphs for my project, and found a bug in CHA algorithms.
A.java
package org.sslab;
import java.io.Closeable;
public interface A extends Closeable {
@Override
default void close(){
close();
}
}
B.java
package org.sslab;
public class B implements A {
public static void main(String[] args) {
try (B b = new B()) {
}
}
}
In the above code examples, RTA call graph includes an edge from B.main to A.close that is reasonable, but CHA does not have. I think CHA should provide a more sound analysis results.
This edge seems related to callback process of SootUp as no type hierarchy and new expressions here to guide the above two algorithms.
SootUp version: 1.1.2
Configuration
AnalysisInputLocation<JavaSootClass> javaBaseInputLocation = new JavaClassPathAnalysisInputLocation("Path/to/javaBase", SourceType.Library);
AnalysisInputLocation<JavaSootClass> classInput = new JavaClassPathAnalysisInputLocation("Path/to/classDir", SourceType.Application);
JavaProject project = JavaProject.builder(new JavaLanguage(8))
.addInputLocation(classInput)
.addInputLocation(javaBaseInputLocation)
.build();
JavaView view = project.createView();
String EntrySignature="<org.sslab.B: void main(java.lang.String[])>"
List<MethodSignature> entryMethods = new ArrayList<>();
for (JavaSootClass klass : classes) {
for (JavaSootMethod method : klass.getMethods()) {
if (method.isMain() && method.getSignature().toString().equals(EntrySignature)) {
entryMethods.add(method.getSignature());
}
}
}
CallGraphAlgorithm cha = new ClassHierarchyAnalysisAlgorithm(Constants.view);
CallGraph cg1 = cha.initialize(entryMethods);
CallGraphAlgorithm rta = new RapidTypeAnalysisAlgorithm(view);
CallGraph cg2 = rta.initialize(entryMethods);
It is really weird that RTA has an edge and CHA does not have an edge, since RTA works like CHA but filters the results, so everything RTA finds should be in CHA. I will investigate why there is no edge in CHA
