[Soot-list] Incomplete Call Graph for Web Application
Tony Yan
yan at cse.ohio-state.edu
Tue Dec 11 11:30:05 EST 2012
Hi Eric,
I have similar questions too. Is it possible to have Soot perform an
analysis of mixed precisions? Here is what I mean: when the points-to
set is not empty, let SPARK do what it used to do; when it is empty,
let it fall back to a CHA solution.
Thanks,
Tony
On Tue, Dec 11, 2012 at 8:31 AM, Eric Bodden <eric.bodden at ec-spride.de> wrote:
> Hi.
>
>> Hi Eric,
>> I took a look at Sparks' source code, and found Spark only adds "interface"
>> edge to the call graph if the points-to set of base of "interface call" is
>> not empty.
>> In most cases of web applications, the arguments of function is not
>> available until runtime, so their points-to sets are empty.
>> My questions is, is it possible to make the call graph complete without
>> initializing the arguments of the methods like doPost?
>
> This is a well-known problem to which no good solution exists yet. One
> possible solution is to use a call graph that is built, for instance
> using CHA, and thus does not depend on points-to sets. Spark can be
> configured to use CHA.
>
> Another possibility is to auto-generate main methods for a given
> framework. We use such an approach when analyzing Android apps, and I
> know that other people have taken this approach for other frameworks.
>
> Eric
> _______________________________________________
> Soot-list mailing list
> Soot-list at sable.mcgill.ca
> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
--
Dacong (Tony) Yan
Ph.D. Student
Computer Science and Engineering
The Ohio State University, Columbus
http://www.cse.ohio-state.edu/~yan
More information about the Soot-list
mailing list