How to make reachableMethods() more precise? #1982
Unanswered
BManasa-uber
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi,
I am trying to use Soot Spark for generating static call graphs. My aim is to use the call graphs in the following way -
If a method is changed in the code, I want to backtrack along the call graph to figure out all the methods that it is going to affect.
Now, the case where I'm facing a issue is as follows -
Consider the case where I have a parent class A (methods - process(), handle()) and 2 classes, B and C inherit it.
B and C override the method handle() but not process().
Consider 2 cases:
![image](https://private-user-images.githubusercontent.com/123051523/248834621-1d9a6452-dc8a-4198-9fa6-71f7454197aa.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTg4ODExOTAsIm5iZiI6MTcxODg4MDg5MCwicGF0aCI6Ii8xMjMwNTE1MjMvMjQ4ODM0NjIxLTFkOWE2NDUyLWRjOGEtNDE5OC05ZmE2LTcxZjc0NTQxOTdhYS5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjQwNjIwJTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI0MDYyMFQxMDU0NTBaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT04Mzg2M2NhMjFjM2I4MGI1MDJiNDc4YmEwOTE4Nzc2YmQzYmEzZGIzMGVkMDdkZTVlYzZhYmIyOTQ3NWQwM2VkJlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZhY3Rvcl9pZD0wJmtleV9pZD0wJnJlcG9faWQ9MCJ9.OFZu6AGe8b-U-fJZHfgb-hSuoiQxGGzLSaSPxOz0k_s)
Case 1: We only call b.process() in the code -
In this case, the methods reachable from D.func1() are precise -
![image](https://private-user-images.githubusercontent.com/123051523/248833958-1d25388a-8d9d-46d3-bff8-3e0555116e9d.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTg4ODExOTAsIm5iZiI6MTcxODg4MDg5MCwicGF0aCI6Ii8xMjMwNTE1MjMvMjQ4ODMzOTU4LTFkMjUzODhhLThkOWQtNDZkMy1iZmY4LTNlMDU1NTExNmU5ZC5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjQwNjIwJTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI0MDYyMFQxMDU0NTBaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT1mOWY0YTQ0NWNiYjY0OTM5MWYwNDFjNWExNGFlYjlkZTEwMTA4ODE2YTkyNzFjZDhmMmMxNWMzMTM3YTViN2M4JlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZhY3Rvcl9pZD0wJmtleV9pZD0wJnJlcG9faWQ9MCJ9.N3ql4vuzrU3R2Gvpxchdvy4iyJXYar-wQbghzrNZ8Iw)
Case 2: We call both b.process() and c.process() but from 2 methods -
![image](https://private-user-images.githubusercontent.com/123051523/248834446-5608e3b4-f2b8-4656-8e6c-d3e2d72b128f.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTg4ODExOTAsIm5iZiI6MTcxODg4MDg5MCwicGF0aCI6Ii8xMjMwNTE1MjMvMjQ4ODM0NDQ2LTU2MDhlM2I0LWYyYjgtNDY1Ni04ZTZjLWQzZTJkNzJiMTI4Zi5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjQwNjIwJTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI0MDYyMFQxMDU0NTBaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT03NmUyMzZhOGUyNWY4ZTlhY2M5ZTBlNTViMWZlMDE1ODM4MDBkMTg4ZDRhZjMxNWM0NWIwNTNiMGUyOTg3MzE0JlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZhY3Rvcl9pZD0wJmtleV9pZD0wJnJlcG9faWQ9MCJ9.rH9bEQ0vJvpEVMCAYAcYtCfzuX2HmkCOb-mtlhIwAVs)
However, in this case, C.handle() is also shown as a reachable method from D.func1()
![image](https://private-user-images.githubusercontent.com/123051523/248835109-1892ebe5-9b08-475c-855b-16e910e933aa.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTg4ODExOTAsIm5iZiI6MTcxODg4MDg5MCwicGF0aCI6Ii8xMjMwNTE1MjMvMjQ4ODM1MTA5LTE4OTJlYmU1LTliMDgtNDc1Yy04NTViLTE2ZTkxMGU5MzNhYS5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjQwNjIwJTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI0MDYyMFQxMDU0NTBaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT1hYmViYTIwNWE1Nzk3MjE0MzlhNDNiMThlN2VjODY2ODc0YmI2Zjk2M2I4ZDg5NTRiMjkxZTliYzc5NGEzNjYxJlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZhY3Rvcl9pZD0wJmtleV9pZD0wJnJlcG9faWQ9MCJ9.o4vWr7xYlt97ANOqYz4PidAf-iw93ujNhGWLTLqB2cc)
As a result of this issue, I end up marking false positive methods too while backtracking from a method, say that is probably called from B.handle(). For eg: if b.handle() call a method foo(), and foo() is changed, we end up marking both D.func1() and D.func2() as affected, when in truth only D.func1() should be affected.
I understand that this is due to the fact that we find methods iteratively
![image](https://private-user-images.githubusercontent.com/123051523/248837286-5afa57ca-561f-4d33-acdd-4805b95b6982.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTg4ODExOTAsIm5iZiI6MTcxODg4MDg5MCwicGF0aCI6Ii8xMjMwNTE1MjMvMjQ4ODM3Mjg2LTVhZmE1N2NhLTU2MWYtNGQzMy1hY2RkLTQ4MDViOTViNjk4Mi5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjQwNjIwJTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI0MDYyMFQxMDU0NTBaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT00NzA2NGVjOWUzNWQzNzBjYmVlM2U3ZGM5ODhiMzY3ZmVhYzRlNWIxMzczMzI1Mjc1OGQ5ZWE5ZWMxNWYxYzc3JlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZhY3Rvcl9pZD0wJmtleV9pZD0wJnJlcG9faWQ9MCJ9.tfDO77BSrVVTqXeazjT0ePDwHPTHkztwfa3Wl6JTnLM)
Is there some way in which I can get reachable methods more precisely
Note:
![image](https://private-user-images.githubusercontent.com/123051523/248837976-1b5ed9dc-6bcb-4f0c-ace9-375013a82dbc.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTg4ODExOTAsIm5iZiI6MTcxODg4MDg5MCwicGF0aCI6Ii8xMjMwNTE1MjMvMjQ4ODM3OTc2LTFiNWVkOWRjLTZiY2ItNGYwYy1hY2U5LTM3NTAxM2E4MmRiYy5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjQwNjIwJTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI0MDYyMFQxMDU0NTBaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT02ZWJjMTc1MTg1ZWY3NzRjYWMyMzZlZTVmYTkzNGRjMGE2MDBiOTliOWQzMmY1ZjNlYjRhMzU1ZjJmOGI3YTE0JlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZhY3Rvcl9pZD0wJmtleV9pZD0wJnJlcG9faWQ9MCJ9.r7ZpY2eQ6h8UMvoj9pvXv1AYqX44QakXEucItU-YZ3M)
This is the way I call reachable methods
And this is the spark config I've been using
Beta Was this translation helpful? Give feedback.
All reactions