Unexpected results in call graph constuction

[karlls12321]

Hi, I used CHA, RTA, and context insensitive analysis to generate call graphs on the same input program, but wala provided incorrect results. See the minimized code example below:

public class Test {
    public Test() {
        foo();
    }
    public void foo() {}
}

I set the method Test.foo as the entry method. Considering a call graph edge from Test.<init> to Test.foo, CHA cannot report this, but RTA and CI report it. There is inconsistent behaviour here.

For me, RTA should not build the edge because of no new expressions here. For CHA and context insensitive, they should have consistent behaviour (but actually not) as the key factor to affect their results is whether we should set the method as default.

Wala Setup

AnalysisScope scope = AnalysisScopeReader.instance.makeJavaBinaryAnalysisScope("Path/to/Input", walaExclusionFile);
scope.addToScope(javaScope);
IClassHierarchy hierarchy = ClassHierarchyFactory.makeWithRoot(scope);
Iterable<Entrypoint> entryPoints = generateEntryPoints(hierarchy);
AnalysisOptions options = new AnalysisOptions(scope, entryPoints);
// CHA setup
CallGraph cg1 = new CHACallGraph(hierarchy);
try {
    ((CHACallGraph) cg1).init(entryPoints);
} catch (CancelException e) {
    throw new RuntimeException(e);
}
// CI setup
AnalysisCache cache = new AnalysisCacheImpl();
CallGraphBuilder<InstanceKey> builder = Util.makeZeroCFABuilder(Language.JAVA, options, cache, hierarchy);
CallGraph cg2 = builder.makeCallGraph(options, null);

Version: Wala 1.6.2

[msridhar]

Hi, thanks for the report. I haven't dug in deeply here, but I suspect the issue might be in how the synthetic IR that invokes the entrypoint method gets generated. In particular, I suspect that IR has instructions to construct a new Test object to pass as the receiver argument to the foo() entrypoint. Could you print the IR for the "fake root method" to see if this is the case?