search

soot-oss / soot

Soot - A Java optimization framework
GNU Lesser General Public License v2.1
2.84k stars 708 forks source link

An inconsistent behavior in Soot analysis #2067

Open tisble opened 3 months ago

tisble commented 3 months ago

Describe the bug Hi, I found a code example which can help improving Soot. See the minimized code example below.

The inconsistency is the call graph edge from A.foo() to B.foo(). When the method A.bar() is commented out, this edge is not reported, however, when this method is uncommented, this edge will appear in the results.

Actually, the method A.bar() definitely should not affect this call edge. So, I think this is an inconsistency bug. Input file

public class A extends B {
    protected String bar() {
        return "";
    }
    @Override
    public boolean foo() {
        return super.foo();
    }
}
abstract class B {
    public boolean foo() {
        return true;
    }
}

To reproduce I use the following code to setup and generate the call graph via RTA algorithm:

Transform transform = new Transform("cg.spark", null);
PhaseOptions.v().setPhaseOption("cg.spark", "on");
PhaseOptions.v().setPhaseOption("cg.spark", "rta:true");
PhaseOptions.v().setPhaseOption("cg.spark", "types-for-sites:true");
PhaseOptions.v().setPhaseOption("cg.spark", "on-fly-cg:false");
Map<String, String> phaseOptions = PhaseOptions.v().getPhaseOptions(transform);
SparkTransformer.v().transform(transform.getPhaseName(), phaseOptions);
PackManager.v().runPacks();

My Soot version is 4.5.0.