[Soot-list] Inter-procedural control flow graph containing resolved application method calls

Mon Nov 18 16:35:47 EST 2013

Hi,

I am trying to build an inter-procedural control flow graph (CFG). In 
the generated CFG, I would like to have the following: if there is an 
invocation to a method and the method has been defined inside the 
application itself, then that method call should be resolved statically. 
This should be done in a recursive manner, until no more resolutions are 
possible. For example, if you have the following code where doStuff() 
calls foo(), foo() calls bar() and bar() calls println(), then the 
ultimate control flow graph for doStuff() should only have the call to 
println().

My current code resolves the method calls, but does it only once. For 
example, consider the following code:

package testers;

public class CallGraphs
{
         public static void main(String[] args) {
         }

         public static void doStuff() {
                 new A().foo();
         }
}

class A
{
         public void foo() {
                 bar();
         }

         public void bar() {
                 System.out.println("This is bar()");
         }
}

In my current implementation, all I do is to get the CFG of the program 
in whole program mode. Specifically, I call the method 
BriefBlockGraph(src.getActiveBody()) where "src" is a "SootMethod" 
defined in the class. (some additional information: I have implemented 
this in "wjop.smb" (static method binder) phase of "wjop" pack. I used 
it, since the tutorial mentions that it "replaces virtual invocations 
with invocations of a static copy of the single called implementation". 
Also, I use the following options: -w -p cg all-reachable:true -p wjop 
enabled:true )

So, using my implementation, if we walk down the CFG of method doStuff() 
to produce the method invocations as a string, the output looks like this:

specialinvoke $r0.<testers.A: void <init>()>()
virtualinvoke r2.<testers.A: void bar()>()

But what I want instead is this:

specialinvoke $r0.<testers.A: void <init>()>()
virtualinvoke $r2.<java.io.PrintStream: void 
println(java.lang.String)>("This is bar()")

i.e., I want to have all the method calls resolved in this invocation 
chain: doStuff() -> foo() -> bar() -> println() and have only the Java 
API methods be present in the CFG. I believe this is possible but not 
sure about the way forward.

(a) Is it that I have to invoke the same transformation multiple times 
until all method calls get resolved? If so, can somebody illustrate via 
say pseudo-code?
(b) Or is it that there is another pack/phase available in Soot to do this?

I would appreciate any help.

Thanks!
Amruta
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.cs.mcgill.ca/pipermail/soot-list/attachments/20131118/7d0fd553/attachment.html 