The custom edges added by `solver.addCallEdge()` are not present in the call graph.

[YunFy26]

📝 Overall Description

I'm using Tai-e to analyze Spring AOP functionality.

@Controller
public class UserController {
		@Autowired
    private OrderService orderService;

    @RequestMapping("/createOrder")
    public void createOrder() {
        orderService.createOrder("1");
    }
}

@Service
public class OrderService {

    public void createOrder(String orderId) {
        return;
    }
}

@Aspect
@Component
public class LogAspect {

	@Pointcut("execution(* org.example.springtarget.example.OrderService.createOrder(..))")
   public void executionPointcut() {}
   
   @Before("executionPointcut()")
    public void beforeAdvice(JoinPoint joinPoint) {
        int abs = Math.abs(1);
        System.out.println(abs);
        System.out.println("Before: " + joinPoint.getSignature().getName());
    }
    
    @After("executionPointcut()")
    public void afterAdvice(JoinPoint joinPoint) {
        System.out.println("After: " + joinPoint.getSignature().getName());
    }
}

Spring dynamically creates proxy classes at runtime to intercept the createOrder()method, resulting in the actual call sequence: beforeAdvice() -> createOrder() -> afterAdvice().

I've implemented a plugin to analyze this call sequence:

public class AspectPlugin implements Plugin {

    private static final Logger logger = LogManager.getLogger(AspectPlugin.class);

    private Solver solver;

    private final List<AspectClass> aspects = World.get().getResult(AspectAnalysis.ID);

    private final Map<JMethod, Boolean> processedMethods = new HashMap<>();

    @Override
    public void setSolver(Solver solver) {
        this.solver = solver;
    }

    @Override
    public void onNewCSMethod(CSMethod csMethod) {
        JMethod targetMethod = csMethod.getMethod();

        if (processedMethods.containsKey(targetMethod)) {
            return;
        }
        processedMethods.put(targetMethod, true);

        
        for (AspectClass aspect : aspects) {
            weaveAspectForMethod(csMethod, aspect);
        }
    }

    
    private void weaveAspectForMethod(CSMethod csMethod, AspectClass aspect) {
        JMethod currMethod = csMethod.getMethod();
        Context context = csMethod.getContext();
        CSManager csManager = solver.getCSManager();

       
        for (var entry : aspect.getPointcutMethodMap().entrySet()) {
            Pointcut pointcut = entry.getKey();
            List<AspectMethod> aspectMethods = entry.getValue();

           
            if (!PointcutMatcher.matches(pointcut, currMethod, aspect)) {
                continue;
            }

           
        
            for (AspectMethod aspectMethod : aspectMethods) {
                weaveAdvice(csMethod, aspectMethod, aspect, context, csManager);
            }
        }
    }
    

    private void weaveAdvice(CSMethod csTargetMethod, AspectMethod aspectMethod,
                             AspectClass aspect, Context context, CSManager csManager) {
        JMethod adviceMethod = aspectMethod.getMethod();
        CSCallSite virtualCallSite = createVirtualCallSite(csTargetMethod, aspectMethod, context, csManager);

        
        Context adviceContext = solver.getContextSelector().selectContext(virtualCallSite, adviceMethod);
        CSMethod csAdviceMethod = csManager.getCSMethod(adviceContext, adviceMethod);

       
        AOPEdge aopEdge = new AOPEdge(virtualCallSite, csAdviceMethod, aspectMethod.getAdviceType());
        solver.addCallEdge(aopEdge);
				
    }

...
}

In the weaveAdvice()method, I create AOPEdge and add it using solver.addCallEdge().

The analysis successfully enters DefaultSolver and in processCallEdge, callGraph.addEdge(edge) returns true

However, in the final call graph output, only the calls inside beforeAdvice():

<org.example.springtarget.example.LogAspect: void beforeAdvice(org.aspectj.lang.JoinPoint)>/java.lang.Math.abs/0	<java.lang.Math: int abs(int)>
<org.example.springtarget.example.UserController: void createOrder()>/org.example.springtarget.example.OrderService.createOrder/0	<org.example.springtarget.example.OrderService: void createOrder(java.lang.String)>
// ... other edges

But the expected AOP edges like:

[AOP-AFTER][DependencyInjectedBean{alloc=<org.example.springtarget.example.UserController: void createOrder()>:orderService,type=org.example.springtarget.example.OrderService}]:[AOP:AFTER] virtual invoke void afterAdvice(org.aspectj.lang.JoinPoint) from <org.example.springtarget.example.OrderService: void createOrder(java.lang.String)> -> [DependencyInjectedBean{alloc=<org.example.springtarget.example.UserController: void createOrder()>:orderService,type=org.example.springtarget.example.OrderService}]:<org.example.springtarget.example.LogAspect: void afterAdvice(org.aspectj.lang.JoinPoint)>

are not present in the output. It seems like callGraph.addEdge(edge) is not working properly for AOPEdges?

🎯 Expected Behavior

Edges like these should be included in the call graph.

[AOP-AFTER][DependencyInjectedBean{alloc=<org.example.springtarget.example.UserController: void createOrder()>:orderService,type=org.example.springtarget.example.OrderService}]:[AOP:AFTER] virtual invoke void afterAdvice(org.aspectj.lang.JoinPoint) from <org.example.springtarget.example.OrderService: void createOrder(java.lang.String)> -> [DependencyInjectedBean{alloc=<org.example.springtarget.example.UserController: void createOrder()>:orderService,type=org.example.springtarget.example.OrderService}]:<org.example.springtarget.example.LogAspect: void afterAdvice(org.aspectj.lang.JoinPoint)>

🐛 Current Behavior

Edges like these are not included in the call graph.

🔄 Reproducible Example

No response

⚙️ Tai-e Arguments

🔍 Click here to see Tai-e Options

optionsFile: null
printHelp: false
classPath:
- ../SpringTarget
appClassPath:
- ../SpringTarget/target/classes
mainClass: null
inputClasses: []
javaVersion: 17
prependJVM: true
allowPhantom: true
worldBuilderClass: pascal.taie.frontend.soot.SootWorldBuilder
outputDir: output
preBuildIR: false
worldCacheMode: false
scope: APP
nativeModel: true
planFile: null
analyses:
ir-dumper: ;
routerAnalysis: ""
beanAnalysis: ""
injectPointsAnalysis: ""
aspectAnalysis: ""
cg: ""
pta: "plugins:[org.example.spring.plugin.ProcessDIPlugin, org.example.spring.plugin.ProcessEntryPlugin, org.example.spring.plugin.aop.AspectPlugin]"
onlyGenPlan: false
keepResult:
- $KEEP-ALL

🔍 Click here to see Tai-e Analysis Plan

- id: ir-dumper
options: {}
- id: routerAnalysis
options: {}
- id: beanAnalysis
options: {}
- id: injectPointsAnalysis
options: {}
- id: aspectAnalysis
options: {}
- id: pta
options:
  cs: 1-obj
  only-app: true
  implicit-entries: false
  distinguish-string-constants: reflection
  merge-string-objects: true
  merge-string-builders: true
  merge-exception-objects: true
  handle-invokedynamic: true
  propagate-types:
  - reference
  advanced: null
  dump: false
  dump-ci: false
  dump-yaml: false
  expected-file: null
  reflection-inference: string-constant
  reflection-log: null
  taint-config: /Users/yuntsy/My/Projects/Java/WebAnalyzer/configs/taint-config.yml
  taint-config-providers: []
  taint-interactive-mode: false
  plugins:
  - org.example.spring.plugin.ProcessDIPlugin
  - org.example.spring.plugin.ProcessEntryPlugin
  - org.example.spring.plugin.aop.AspectPlugin
  time-limit: -1
- id: cg
options:
  algorithm: pta
  dump: true
  dump-methods: true
  dump-call-edges: true

📜 Tai-e Log

🔍 Click here to see Tai-e Log

Writing log to /Users/yuntsy/My/Projects/Java/WebAnalyzer/output/tai-e.log
java.version: 17.0.11
java.version.date: 2024-04-16
java.runtime.version: 17.0.11+7-LTS-207
java.vendor: Oracle Corporation
java.vendor.version: null
os.name: Mac OS X
os.version: 26.1
os.arch: aarch64
Tai-e Version: 0.5.2-SNAPSHOT
Tai-e Commit: 3f3b802611bf6b8187abc1785e6c5d08a4cf5a4a
Writing analysis plan to /Users/yuntsy/My/Projects/Java/WebAnalyzer/output/tai-e-plan.yml
WorldBuilder starts ...
Warning: main class was not given!
10231 classes with 100939 methods in the world
WorldBuilder finishes, elapsed time: 1.93s
ir-dumper starts ...
Dumping IR in /Users/yuntsy/My/Projects/Java/WebAnalyzer/output/tir
28 classes in scope (APP) of class analyses
ir-dumper finishes, elapsed time: 0.03s
routerAnalysis starts ...
Router analysis started at: 2025-11-11 20:03:31
Router analysis completed at: 2025-11-11 20:03:31 (Duration: 4ms)
routerAnalysis finishes, elapsed time: 0.00s
beanAnalysis starts ...
beanAnalysis finishes, elapsed time: 0.00s
injectPointsAnalysis starts ...
injectPointsAnalysis finishes, elapsed time: 0.00s
aspectAnalysis starts ...
Starting AOP aspect analysis...
aspectAnalysis finishes, elapsed time: 0.00s
pta starts ...
Loading taint config from /Users/yuntsy/My/Projects/Java/WebAnalyzer/configs/taint-config.yml
Cannot find source method '<javax.servlet.ServletRequestWrapper: java.lang.String getParameter(java.lang.String)>'
Cannot find source method '<org.example.springtest.CommandExecClass: java.lang.String index(jakarta.servlet.http.HttpServletRequest)>'
Cannot find sink method '<org.springframework.web.client.RestTemplate: org.springframework.http.ResponseEntity exchange(java.lang.String,org.springframework.http.HttpMethod,org.springframework.http.HttpEntity,java.lang.Class,java.lang.Object[])>'
Cannot find sink method '<org.example.springtest.FieldInjection: java.lang.String sayInjection()>'
TaintConfig:
sinks:
- { method: "<java.sql.Statement: java.sql.ResultSet executeQuery(java.lang.String)>", index: "0" }
- { method: "<java.sql.Connection: java.sql.PreparedStatement prepareStatement(java.lang.String)>", index: "0" }

transfers:
- { method: "<java.lang.String: java.lang.String concat(java.lang.String)>", from: "base", to: "result", type: "java.lang.String" }
- { method: "<java.lang.String: java.lang.String concat(java.lang.String)>", from: "0", to: "result", type: "java.lang.String" }
- { method: "<java.lang.String: char[] toCharArray()>", from: "base", to: "result", type: "char[]" }
- { method: "<java.lang.String: void <init>(char[])>", from: "0", to: "base", type: "java.lang.String" }
- { method: "<java.lang.String: void getChars(int,int,char[],int)>", from: "base", to: "2", type: "char[]" }
- { method: "<java.lang.String: java.lang.String format(java.lang.String,java.lang.Object[])>", from: "1[*]", to: "result", type: "java.lang.String" }
- { method: "<java.lang.StringBuffer: void <init>(java.lang.String)>", from: "0", to: "base", type: "java.lang.StringBuffer" }
- { method: "<java.lang.StringBuffer: java.lang.StringBuffer append(java.lang.String)>", from: "0", to: "base", type: "java.lang.StringBuffer" }
- { method: "<java.lang.StringBuffer: java.lang.StringBuffer append(java.lang.String)>", from: "0", to: "result", type: "java.lang.StringBuffer" }
- { method: "<java.lang.StringBuffer: java.lang.StringBuffer append(java.lang.String)>", from: "base", to: "result", type: "java.lang.StringBuffer" }
- { method: "<java.lang.StringBuffer: java.lang.String toString()>", from: "base", to: "result", type: "java.lang.String" }
- { method: "<java.lang.StringBuilder: void <init>(java.lang.String)>", from: "0", to: "base", type: "java.lang.StringBuilder" }
- { method: "<java.lang.StringBuilder: java.lang.StringBuilder append(java.lang.String)>", from: "0", to: "base", type: "java.lang.StringBuilder" }
- { method: "<java.lang.StringBuilder: java.lang.StringBuilder append(java.lang.String)>", from: "0", to: "result", type: "java.lang.StringBuilder" }
- { method: "<java.lang.StringBuilder: java.lang.StringBuilder append(java.lang.String)>", from: "base", to: "result", type: "java.lang.StringBuilder" }
- { method: "<java.lang.StringBuilder: java.lang.String toString()>", from: "base", to: "result", type: "java.lang.String" }

callSiteMode: true

Add entry point (empty params): <org.example.springtarget.di.entry.controller.RestControllerEntry: java.lang.String requestMapping()>
Add entry point (empty params): <org.example.springtarget.di.entry.controller.RestControllerEntry: java.lang.String defaultMapping()>
Add entry point (empty params): <org.example.springtarget.di.entry.controller.RestControllerEntry: java.lang.String getMapping()>
Add entry point (empty params): <org.example.springtarget.di.entry.controller.RestControllerEntry: java.lang.String postMapping()>
Add entry point (empty params): <org.example.springtarget.di.entry.controller.RestControllerEntry: java.lang.String putMapping()>
Add entry point (empty params): <org.example.springtarget.di.entry.controller.RestControllerEntry: java.lang.String deleteMapping()>
Add entry point (empty params): <org.example.springtarget.di.entry.controller.RestControllerEntry: java.lang.String patchMapping()>
Added entry point (with params): <org.example.springtarget.di.entry.controller.RestControllerEntry: java.lang.String pathVariable(java.lang.Long)>
Added entry point (with params): <org.example.springtarget.di.entry.controller.RestControllerEntry: java.lang.String requestParameter(java.lang.String)>
Add entry point (empty params): <org.example.springtarget.di.entry.controller.ControllerEntry: java.lang.String requestMapping()>
Add entry point (empty params): <org.example.springtarget.di.entry.controller.ControllerEntry: java.lang.String getMapping()>
Add entry point (empty params): <org.example.springtarget.di.entry.controller.ControllerEntry: java.lang.String postMapping()>
Add entry point (empty params): <org.example.springtarget.di.entry.controller.ControllerEntry: java.lang.String putMapping()>
Add entry point (empty params): <org.example.springtarget.di.entry.controller.ControllerEntry: java.lang.String deleteMapping()>
Add entry point (empty params): <org.example.springtarget.di.entry.controller.ControllerEntry: java.lang.String patchMapping()>
Added entry point (with params): <org.example.springtarget.di.entry.controller.ControllerEntry: java.lang.String pathVariable(java.lang.Long)>
Added entry point (with params): <org.example.springtarget.di.entry.controller.ControllerEntry: java.lang.String requestParameter(java.lang.String)>
Add entry point (empty params): <org.example.springtarget.example.UserController: void createOrder()>
Added entry point (with params): <org.example.springtarget.example.UserController: void getUser(jakarta.servlet.http.HttpServletRequest)>
Add entry point (empty params): <org.example.springtarget.example.UserController: void getUserAndId()>
Add entry point (empty params): <org.example.springtarget.example.UserController: void getServiceBeanMessage()>
方法 <org.example.springtarget.example.OrderService: void createOrder(java.lang.String)> 匹配切点: bean(orderService)
织入切面: org.example.springtarget.example.LogAspect -> 通知类型: AROUND -> 目标方法: <org.example.springtarget.example.OrderService: void createOrder(java.lang.String)>
方法 <org.example.springtarget.example.OrderService: void createOrder(java.lang.String)> 匹配切点: @within(org.springframework.stereotype.Service)
织入切面: org.example.springtarget.example.LogAspect -> 通知类型: AFTER -> 目标方法: <org.example.springtarget.example.OrderService: void createOrder(java.lang.String)>
方法 <org.example.springtarget.example.OrderService: void createOrder(java.lang.String)> 匹配切点: execution(* org.example.springtarget.example.OrderService.createOrder(..))
织入切面: org.example.springtarget.example.LogAspect -> 通知类型: BEFORE -> 目标方法: <org.example.springtarget.example.OrderService: void createOrder(java.lang.String)>
织入切面: org.example.springtarget.example.LogAspect -> 通知类型: AFTER_RETURNING -> 目标方法: <org.example.springtarget.example.OrderService: void createOrder(java.lang.String)>
织入切面: org.example.springtarget.example.LogAspect -> 通知类型: AFTER_THROWING -> 目标方法: <org.example.springtarget.example.OrderService: void createOrder(java.lang.String)>
✓ 处理 AOP 调用边: <org.example.springtarget.example.OrderService: void createOrder(java.lang.String)> -> <org.example.springtarget.example.LogAspect: java.lang.Object aroundAdvice(org.aspectj.lang.ProceedingJoinPoint)>, 通知类型: AROUND
✓ 处理 AOP 调用边: <org.example.springtarget.example.OrderService: void createOrder(java.lang.String)> -> <org.example.springtarget.example.LogAspect: void afterAdvice(org.aspectj.lang.JoinPoint)>, 通知类型: AFTER
✓ 处理 AOP 调用边: <org.example.springtarget.example.OrderService: void createOrder(java.lang.String)> -> <org.example.springtarget.example.LogAspect: void beforeAdvice(org.aspectj.lang.JoinPoint)>, 通知类型: BEFORE
✓ 处理 AOP 调用边: <org.example.springtarget.example.OrderService: void createOrder(java.lang.String)> -> <org.example.springtarget.example.LogAspect: void afterReturningAdvice(java.lang.Object)>, 通知类型: AFTER_RETURNING
✓ 处理 AOP 调用边: <org.example.springtarget.example.OrderService: void createOrder(java.lang.String)> -> <org.example.springtarget.example.LogAspect: void afterThrowingAdvice(java.lang.Exception)>, 通知类型: AFTER_THROWING
方法 <org.example.springtarget.example.UserServiceImpl: java.lang.String getUser()> 匹配切点: @within(org.springframework.stereotype.Service)
织入切面: org.example.springtarget.example.LogAspect -> 通知类型: AFTER -> 目标方法: <org.example.springtarget.example.UserServiceImpl: java.lang.String getUser()>
✓ 处理 AOP 调用边: <org.example.springtarget.example.UserServiceImpl: java.lang.String getUser()> -> <org.example.springtarget.example.LogAspect: void afterAdvice(org.aspectj.lang.JoinPoint)>, 通知类型: AFTER
方法 <org.example.springtarget.example.UserServiceAbstractImpl: java.lang.String getUser()> 匹配切点: @within(org.springframework.stereotype.Service)
织入切面: org.example.springtarget.example.LogAspect -> 通知类型: AFTER -> 目标方法: <org.example.springtarget.example.UserServiceAbstractImpl: java.lang.String getUser()>
✓ 处理 AOP 调用边: <org.example.springtarget.example.UserServiceAbstractImpl: java.lang.String getUser()> -> <org.example.springtarget.example.LogAspect: void afterAdvice(org.aspectj.lang.JoinPoint)>, 通知类型: AFTER
方法 <org.example.springtarget.example.UserServiceImpl: java.lang.String getId()> 匹配切点: @within(org.springframework.stereotype.Service)
织入切面: org.example.springtarget.example.LogAspect -> 通知类型: AFTER -> 目标方法: <org.example.springtarget.example.UserServiceImpl: java.lang.String getId()>
✓ 处理 AOP 调用边: <org.example.springtarget.example.UserServiceImpl: java.lang.String getId()> -> <org.example.springtarget.example.LogAspect: void afterAdvice(org.aspectj.lang.JoinPoint)>, 通知类型: AFTER
方法 <org.example.springtarget.di.beans.ServiceBeanImpl2: java.lang.String getMessage()> 匹配切点: @within(org.springframework.stereotype.Service)
织入切面: org.example.springtarget.example.LogAspect -> 通知类型: AFTER -> 目标方法: <org.example.springtarget.di.beans.ServiceBeanImpl2: java.lang.String getMessage()>
✓ 处理 AOP 调用边: <org.example.springtarget.di.beans.ServiceBeanImpl2: java.lang.String getMessage()> -> <org.example.springtarget.example.LogAspect: void afterAdvice(org.aspectj.lang.JoinPoint)>, 通知类型: AFTER
[Pointer analysis] elapsed time: 0.02s
Detected 0 taint flow(s):
TFGDumper starts ...
Source nodes:
Sink nodes:
Dumping /Users/yuntsy/My/Projects/Java/WebAnalyzer/output/taint-flow-graph.dot
TFGDumper finishes, elapsed time: 0.00s
-------------- Pointer analysis statistics: --------------
#var pointers:                71 (insens) / 91 (sens)
#objects:                     27 (insens) / 27 (sens)
#var points-to:               54 (insens) / 60 (sens)
#static field points-to:      0 (sens)
#instance field points-to:    8 (sens)
#array points-to:             0 (sens)
#reachable methods:           39 (insens) / 45 (sens)
#call graph edges:            11 (insens) / 11 (sens)
----------------------------------------
1
pta finishes, elapsed time: 0.13s
cg starts ...
Call graph has 39 reachable methods and 11 edges
Dumping call graph to /Users/yuntsy/My/Projects/Java/WebAnalyzer/output/call-graph.dot
Dumping reachable methods to /Users/yuntsy/My/Projects/Java/WebAnalyzer/output/reachable-methods.txt
Dumping call edges to /Users/yuntsy/My/Projects/Java/WebAnalyzer/output/call-edges.txt
cg finishes, elapsed time: 0.01s
Tai-e finishes, elapsed time: 2.19s

Please ignore the related log printouts and taint analysis information...

ℹ️ Additional Information

No response

[jjppp]

Hi @YunFy26 !
I suspect the cause for your issue originates from the createVirtualCallSite() method in your example.
In tai-e, edges in the CSCallGraph are associated to nodes (or more specifically, CSCallSites) in the callgraph, which are all attached to a CSMethod. If your createVirtualCallSite improperly creates callsites that are not attached to any CSMethods, then these callsites might be lost when the traversal on the callgraph is actually performed (see CSCallGraph#getCallSitesIn for more details).

Tai-e/src/main/java/pascal/taie/analysis/pta/core/cs/CSCallGraph.java

Lines 102 to 117 in 7caca0a

	public Set<CSCallSite> getCallSitesIn(CSMethod csMethod) {
	// Note: this method does not return the artificial Invokes
	// added to csMethod.getMethod().
	JMethod method = csMethod.getMethod();
	Context context = csMethod.getContext();
	ArrayList<CSCallSite> callSites = new ArrayList<>();
	for (Stmt s : method.getIR()) {
	if (s instanceof Invoke) {
	CSCallSite csCallSite = csManager.getCSCallSite(context, (Invoke) s);
	// each Invoke is iterated once, that we can ensure that
	// callSites contain no duplicate Invokes
	callSites.add(csCallSite);
	}
	}
	return Collections.unmodifiableSet(new ArraySet<>(callSites, true));
	}

To further investigate into your issue, could you please provide more detailed information on your project? For example, some more details about AOPEdges and createVirtualCallSite() would be helpful.

[YunFy26]

public class AOPEdge extends Edge<CSCallSite, CSMethod> {

    private final AspectMethod.AdviceType adviceType;

    public AOPEdge(CSCallSite callSite, CSMethod callee, AspectMethod.AdviceType adviceType) {
        super(CallKind.VIRTUAL, callSite, callee);
        this.adviceType = adviceType;
    }

    @Override
    public String getInfo() {
        return "AOP-" + adviceType.name();
    }

    public AspectMethod.AdviceType getAdviceType() {
        return adviceType;
    }
}

private CSCallSite createVirtualCallSite(CSMethod csTargetMethod, AspectMethod aspectMethod,
                                             Context context, CSManager csManager) {
        Invoke virtualInvoke = AOPInvokeFactory.createVirtualInvoke(
            csTargetMethod.getMethod(), aspectMethod);
        return csManager.getCSCallSite(context, virtualInvoke);
    }

public class AOPInvokeFactory {

    public static VirtualAOPInvoke createVirtualInvoke(JMethod container,
                                                       AspectMethod aspectMethod) {
        return new VirtualAOPInvoke(container, aspectMethod.getMethod(), aspectMethod.getAdviceType());
    }
}

public class VirtualAOPInvoke extends Invoke {

    private final AdviceType adviceType;

    public VirtualAOPInvoke(JMethod container, JMethod adviceMethod, AdviceType adviceType) {
        super(container, new VirtualInvokeExp(adviceMethod.getRef()), null);
        this.adviceType = adviceType;
    }

    public AdviceType getAdviceType() {
        return adviceType;
    }
    private static class VirtualInvokeExp extends InvokeStatic {

        VirtualInvokeExp(MethodRef methodRef) {
            super(methodRef, Collections.emptyList());
        }

        @Override
        public <T> T accept(ExpVisitor<T> visitor) {
            return visitor.visit(this);
        }

        @Override
        public Set<RValue> getUses() {
            return Collections.emptySet();
        }
    }
}

The container of csCallSite

in getCallSitesIn

public Set<CSCallSite> getCallSitesIn(CSMethod csMethod) {
        // Note: this method does not return the artificial Invokes
        // added to csMethod.getMethod().
        JMethod method = csMethod.getMethod();
        Context context = csMethod.getContext();
        ArrayList<CSCallSite> callSites = new ArrayList<>();
        for (Stmt s : method.getIR()) {
            if (s instanceof Invoke) {
                CSCallSite csCallSite = csManager.getCSCallSite(context, (Invoke) s);
                // each Invoke is iterated once, that we can ensure that
                // callSites contain no duplicate Invokes
                callSites.add(csCallSite);
            }
        }
        return Collections.unmodifiableSet(new ArraySet<>(callSites, true));
    }

The csCallSite is obtained based on the statement in the IR, but the virtualCallSite I created does not have a corresponding invoke stmt in createOrder.

[jjppp]

The csCallSite is obtained based on the statement in the IR, but the virtualCallSite I created does not have a corresponding invoke stmt in createOrder.

So the problem is clear: your AOPEdges are actually added to the callgraph, but they are not aware by tai-e's callgraph dumper and are invisible due to the way tai-e traverses the callgraph. I believe writing your own callgraph dumper with extra handle for VirtualAOPInvokes, using a Map like datastructure to track artificial invoke statements created, will solve your issue.

More words on getCallSitesIn: currently this design is intended to reflect the calling structure of the original program (that is, only with invoke statements from method.getIR().invokes()), which is probably why the added edges are seemingly missing 🙂.

[YunFy26]

I see, thanks.