[Soot-list] Incomplete Call Graph for Web Application
Eric Bodden
eric.bodden at ec-spride.de
Tue Dec 11 08:31:29 EST 2012
Hi.
> Hi Eric,
> I took a look at Sparks' source code, and found Spark only adds "interface"
> edge to the call graph if the points-to set of base of "interface call" is
> not empty.
> In most cases of web applications, the arguments of function is not
> available until runtime, so their points-to sets are empty.
> My questions is, is it possible to make the call graph complete without
> initializing the arguments of the methods like doPost?
This is a well-known problem to which no good solution exists yet. One
possible solution is to use a call graph that is built, for instance
using CHA, and thus does not depend on points-to sets. Spark can be
configured to use CHA.
Another possibility is to auto-generate main methods for a given
framework. We use such an approach when analyzing Android apps, and I
know that other people have taken this approach for other frameworks.
Eric
More information about the Soot-list
mailing list