search

wala / WALA

T.J. Watson Libraries for Analysis, with frontends for Java, Android, and JavaScript, and may common static program analyses
http://github.com/wala/WALA
Eclipse Public License 2.0
750 stars 221 forks source link

An inconsistent behaviour between different call graphs #1388

Open karlls12321 opened 5 months ago

karlls12321 commented 5 months ago

Hi, I used Wala to generate call graphs for my projects. However, I found two strange bugs. Similar to #1386, CHA and context insensitive report inconsistent behaviour. See the minimized code example below:

Input file

A.java

public class A {
    public static void main(String[] args) {
        bar.INSTANCE.toString();
    }
    static class bar {
        public static bar INSTANCE;
        static {
            B.foo();
            INSTANCE = new bar();
        }
    }
}

B.java

public class B {
    public static boolean foo() {
        return true;
    }
}

In this example, I set B.foo()Z as the entry point in CHA and CI. CI reports the edge A$bar.<clinit>()V --> B.foo()Z, and CHA does not have this edge.

I think the problem may be related to whether the method is reachable in default. The problem is similar to the issue #1386 .

However, I think setting the <clinit> method as default entry is reasonable. In #1386, <init> method should not be default entry.

Wala setup

AnalysisScope scope = AnalysisScopeReader.instance.makeJavaBinaryAnalysisScope("Path/to/input", walaExclusionFile);
scope.addToScope(JDK_DEPDENCY_PATH);
IClassHierarchy hierarchy = ClassHierarchyFactory.makeWithRoot(scope);
Iterable<Entrypoint> entryPoints = generateEntryPoints(hierarchy);
AnalysisOptions options = new AnalysisOptions(scope, entryPoints);
// CHA Setup
CallGraph CHA_CG = new CHACallGraph(hierarchy);
try {
    ((CHACallGraph) CHA_CG).init(entryPoints);
} catch (CancelException e) {
    throw new RuntimeException(e);
}

//CI setup
AnalysisCache cache = new AnalysisCacheImpl();
CallGraphBuilder<InstanceKey> builder = Util.makeZeroCFABuilder(Language.JAVA, options, cache, hierarchy);
try {
    CallGraph CI_CG = builder.makeCallGraph(options, null);
} catch (CancelException e) {
    throw new RuntimeException(e);
}

Wala version: 1.6.2

msridhar commented 3 months ago

Hi @karlls12321 so since we have static methods here this would have a different explanation than my other comment. Is the only entrypoint B.foo() for this case? If so, I'm not sure why the A$bar.<clinit>()V --> B.foo()Z shows up in the 0-CFA call graph and would have to take a look.