[Soot-list] Inter-procedural control flow graph containing resolved application method calls

Marc-André Laverdière marc-andre.laverdiere-papineau at polymtl.ca
Fri Dec 6 10:56:36 EST 2013 

Namaskar Amruta,

I am not sure what you are really trying to do. It sounds like you want
to inline a lot of stuff, from the example you give.

I also have the impression that you haven't discovered the callgraph
generated by Spark, nor the pre-computed reachable methods yet. The hard
work is already done for us, so we might as well enjoy it :)

I encourage you to have a look at Scene.v().getCallGraph() and
Scene.v().getReacheableMethods().

Marc-André Laverdière-Papineau
Doctorant - PhD Candidate

On 11/18/2013 04:35 PM, Amruta Gokhale wrote:
> Hi,
> 
> I am trying to build an inter-procedural control flow graph (CFG). In
> the generated CFG, I would like to have the following: if there is an
> invocation to a method and the method has been defined inside the
> application itself, then that method call should be resolved statically.
> This should be done in a recursive manner, until no more resolutions are
> possible. For example, if you have the following code where doStuff()
> calls foo(), foo() calls bar() and bar() calls println(), then the
> ultimate control flow graph for doStuff() should only have the call to
> println().
> 
> My current code resolves the method calls, but does it only once. For
> example, consider the following code:
> 
> package testers;
> 
> public class CallGraphs
> {
>         public static void main(String[] args) {
>         }
> 
>         public static void doStuff() {
>                 new A().foo();
>         }
> }
> 
> class A
> {
>         public void foo() {
>                 bar();
>         }
> 
>         public void bar() {
>                 System.out.println("This is bar()");
>         }
> }
> 
> In my current implementation, all I do is to get the CFG of the program
> in whole program mode. Specifically, I call the method
> BriefBlockGraph(src.getActiveBody()) where "src" is a "SootMethod"
> defined in the class. (some additional information: I have implemented
> this in "wjop.smb" (static method binder) phase of "wjop" pack. I used
> it, since the tutorial mentions that it "replaces virtual invocations
> with invocations of a static copy of the single called implementation".
> Also, I use the following options: -w -p cg all-reachable:true -p wjop
> enabled:true )
> 
> So, using my implementation, if we walk down the CFG of method doStuff()
> to produce the method invocations as a string, the output looks like this:
> 
> specialinvoke $r0.<testers.A: void <init>()>()
> virtualinvoke r2.<testers.A: void bar()>()
> 
> But what I want instead is this:
> 
> specialinvoke $r0.<testers.A: void <init>()>()
> virtualinvoke $r2.<java.io.PrintStream: void
> println(java.lang.String)>("This is bar()")
> 
> i.e., I want to have all the method calls resolved in this invocation
> chain: doStuff() -> foo() -> bar() -> println() and have only the Java
> API methods be present in the CFG. I believe this is possible but not
> sure about the way forward.
> 
> (a) Is it that I have to invoke the same transformation multiple times
> until all method calls get resolved? If so, can somebody illustrate via
> say pseudo-code?
> (b) Or is it that there is another pack/phase available in Soot to do this?
> 
> I would appreciate any help.
> 
> Thanks!
> Amruta
> 
> 
> _______________________________________________
> Soot-list mailing list
> Soot-list at sable.mcgill.ca
> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
>

More information about the Soot-list mailing list