[Soot-list] Call graphs and excluding libraries

[John A Toman]

Hello!

I'm trying to use Soot for an interprocedural analysis but I'm having
trouble getting a callgraph. I'm analyzing a web application that depends
on several libraries, each of which have their own dependencies. These
dependencies aren't interesting to my analysis but without them I can't
seem to get a reliable call-graph.

I'm invoking Soot as follows:

java -cp ./soot-trunk.jar:./myanalysis -pp -soot-class-path
/path/to/application/classes:/paths/to/app/library/jars
-no-bodies-for-excluded -x 'freemarker' -w -p cg.cha enabled:false -p
cg.spark enabled:true,verbose:true -p wjtp.myanalysis on com.acme.DummyMain
-allow-phantom-refs

where freemarker is the package name of the library I'm not interested in
(I exclude the freemarker.jar from the soot class path in the above
invocation too)[

With these options Spark builds a callgraph, but the results are strange.
For instance, the possible types analysis dies because (as far I as can
tell) it thinks that a call to <java.security.AccessController:
java.lang.Object doPrivileged(java.security.PrivilegedAction)>
potentially resolves to <org.apache.commons.logging.LogFactory$1:
java.lang.Object run()>.

Without the -no-bodies-for-excluded option Spark churns for a while until
it reaches some part of the Freemarker library that relies on Jython.
However, the Jython jar also has unmet dependencies which cause Spark to
choke...

In short: how do I configure Soot to ignore missing/uninteresting library
calls with the least effort possible?

Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20150610/9297229f/attachment.html