[Soot-list] Missing edges in Call Graph
Saswat Anand
saswat78 at gmail.com
Thu May 9 16:19:53 EDT 2013
It looks like that "type filters" are causing your confusion. Consider
for example,
Object o = new Object();
MyClass c = (MyClass) o;
The points-to set of c in the above example would be empty, and as a
result there will no outgoing edge from a callsite where c is used as
the receiver.
During runtime, c cannot point to the Object instance --- a cast
exception will be generated when the second stmt is executed.
Corresponding to that, a smart points-to analysis will prevent any
abstract object whose type is *not* a subtype of MyClass from flowing
into c.
Saswat
On Thu, May 9, 2013 at 12:29 PM, salim bansal <salim.bansal at gmail.com> wrote:
> Hi,
>
> I am using soot to build call graph for java applications.
> It's working fine except that in the following case it doesn't capture the
> call
> .......
> foo(){
> ((MyClass)getObject()).myMethod();
> }
>
> where getObject() returns an instance of class java.lang.Object
> But I am unable to see an edge from foo() to myMethod().
> While the following code gets the edge
> foo(){
> (new MyClass()).myMethod();
> }
>
> I have attached a small java program exercising this scenario.
> The methods called on aChildTwo field variable of class SootTest
> are unreachable as I do an explicit cast to ChildTwo after getting
> an Object from getObject.
> it can be run like this
>
> javac -cp .:../soot-2.5.0.jar *.java
>
> java -cp .:../soot-2.5.0.jar Driver
>
> and it prints the reachable methods from SootTest.main(String args[]).
>
> Am I missing something on how to get these kind of edges?
>
>
> _______________________________________________
> Soot-list mailing list
> Soot-list at sable.mcgill.ca
> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
>
More information about the Soot-list
mailing list