[Soot-list] Get Caller Stmt and SootMethod in Callgraph

Johannes Lerch lerch at st.informatik.tu-darmstadt.de
Fri Jul 17 02:24:49 EDT 2015 

Hi,

you can ask the ICFG to give you the method as well:
JimpleBasedInterproceduralCFG.getMethodOf(Unit u)

I guess in the discussion Marc-André was talking about that you indeed 
could traverse the ICFG as you can traverse directed graphs. If you do 
so, this would yield context-insensitive paths.

Example:
void bar() {
   foo();
   print("return site of foo()");
   foo();
   print("another return site");
}

Assume you are at the first call to foo(). You enter foo(). Now, if you 
ask the ICFG where the return statement in foo() might return to, you 
will get print("return site of foo()") and print("another return site"). 
If you continue to traverse to both return sites, then only the first 
path to print("return site of foo()") is actually a realizable path that 
may occur at runtime, while the second is impossible.
To know that you should not return to the second return site you have to 
know that you entered foo() via the first call site, i.e., you have to 
take care of "context". This is why such an approach would be called 
context-sensitive, while traversing the ICFG as simple as traversing a 
directed graph is context-insensitive.

Regards,
Johannes

Am 16.07.2015 um 15:52 schrieb R.F.:
> Hi,
>
> I want to find the caller Stmt and the SootMethod which the Stmt 
> belongs to in the callgraph (for example, given that SootMethod m1 is 
> invoked by SootMethod m2 with m2's statement s1, now I have m1, and I 
> want to find both m2 and s1).
>
> I have tried two approaches:
>
>  1. JimpleBasedInterproceduralCFG.getCallersOf(SootMethod m), this
>     method returns a collection of Unit, but from the returned
>     collection of Unit, I cannot get the SootMethod which each Unit
>     belongs to.
>  2. Scene.v().getCallGraph().edgesInto(SootMethod m), this method
>     returns an iterator of SootMethod. To get the Stmt, I need to
>     iterate through all the Stmt of each SootMethod and find the one
>     by matching stmt.getInvokeExpr().getMethod() with the given
>     SootMethod by signature. However, I think simply matching by
>     SootMethod's signature may fail to find the Stmt because the given
>     method can be an override method, so their signatures will not match.
>
> So, is there a method to find the caller Stmt and SootMethod in 
> callgraph accurately even with override and overload?
>
> Moreover, Marc-André Laverdière mentioned 
> the JimpleBasedInterproceduralCFG-based method in 
> https://mailman.cs.mcgill.ca/pipermail/soot-list/2014-July/007043.html 
> with the notion that "as long as you don't mind context-insensitive 
> results". Can someone tell me what are "context-insensitive results"?
>
> Thank you in advance.
>
>
> Best Regards,
> R.F.
>
>
> _______________________________________________
> Soot-list mailing list
> Soot-list at CS.McGill.CA
> https://mailman.CS.McGill.CA/mailman/listinfo/soot-list

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20150717/8b1fa444/attachment.html

More information about the Soot-list mailing list