[Program Analysis] CHA Analysis in Soot

source

Helper Class

CHACallNode

I use a Node to record the caller callee and which invoke method the Call node is calling. The invoke method is recorded in an integer which is the offset for the following enum

enum InvokeMorphism {
    InterfaceInvokeExpr,
    VirtualInvokeExpr,
    SpecialInvokeExpr,
    StaticInvokeExpr,
    JStaticInvokeExpr,
    JSpecialInvokeExpr,
    JVirtualInvokeExpr,
    JInterfaceInvokeExpr
}

The toString method are overridden for linting the line and the <CHAInput: void main(java.lang.String[])>-><CHAInput: int addOne(int)>.

ReachableMethods

This method maintains Set<SootMethod>. The toString method to linting the line Reachable.

CHAAnalysis

This class maintains the CallerCalleeMap for the latter use by virtual calls, the cha_class contains the information of Class FastHierachy, entries will store the init entries and will put it into the worklist queue, it will add to worklist if the function is invoked and reachable from the stand view from method main. unitSootMethodMap is to store the unit method relations and will init in the first place and will be used in the call printing.