[Soot-list] Call graphs and excluding libraries
John A Toman
jtoman at cs.washington.edu
Wed Jun 10 20:17:04 EDT 2015
Hello!
I'm trying to use Soot for an interprocedural analysis but I'm having
trouble getting a callgraph. I'm analyzing a web application that depends
on several libraries, each of which have their own dependencies. These
dependencies aren't interesting to my analysis but without them I can't
seem to get a reliable call-graph.
I'm invoking Soot as follows:
java -cp ./soot-trunk.jar:./myanalysis -pp -soot-class-path
/path/to/application/classes:/paths/to/app/library/jars
-no-bodies-for-excluded -x 'freemarker' -w -p cg.cha enabled:false -p
cg.spark enabled:true,verbose:true -p wjtp.myanalysis on com.acme.DummyMain
-allow-phantom-refs
where freemarker is the package name of the library I'm not interested in
(I exclude the freemarker.jar from the soot class path in the above
invocation too)[
With these options Spark builds a callgraph, but the results are strange.
For instance, the possible types analysis dies because (as far I as can
tell) it thinks that a call to <java.security.AccessController:
java.lang.Object doPrivileged(java.security.PrivilegedAction)>
potentially resolves to <org.apache.commons.logging.LogFactory$1:
java.lang.Object run()>.
Without the -no-bodies-for-excluded option Spark churns for a while until
it reaches some part of the Freemarker library that relies on Jython.
However, the Jython jar also has unmet dependencies which cause Spark to
choke...
In short: how do I configure Soot to ignore missing/uninteresting library
calls with the least effort possible?
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20150610/9297229f/attachment.html
More information about the Soot-list
mailing list