<div dir="ltr"><span id="gmail-docs-internal-guid-85bfb7d8-7fff-aca9-5a44-871d1bd5f432"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Good day,</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">I have been trying to get Soot working on analyzing the call graph of external libraries/apps. Specifically, I want to get the call graph of a class, ‘DefaultServlet’, within a Tomcat jar file, ‘catalina.jar’. First, I followed tutorials that analyze a simple class/file with a main method. However, the classes I want to analyze don’t typically have main methods. So I found and followed examples that utilize entrypoints but Soot is still unable to find the class. Please, I would appreciate some help. Here is the latest main piece of code I have tried.</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap"><br></span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">```</span></p><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex" class="gmail_quote">public class IFDSDataFlowTransformer extends SceneTransformer {<br>    <br>     static LinkedList<String> excludeList;<br>  static String mainclass = "DefaultServlet";<br> static String mainmethod = "doGet"; // "doPut";<br><br> public static void main(String[] args)  {<br>             <br>              // Set Soot's internal classpath<br>      String javapath = System.getProperty("java.class.path");<br>          String jredir = System.getProperty("java.home")+"/lib/rt.jar";<br>          String path = javapath+File.pathSeparator+jredir;<br>           Options.v().set_soot_classpath(path);<br><br>        // Enable whole-program mode<br>        Options.v().set_whole_program(true);<br>        Options.v().set_app(true);<br><br>        // Call-graph options<br>        Options.v().setPhaseOption("cg", "safe-newinstance:true");<br>        Options.v().setPhaseOption("cg.cha","enabled:false");<br><br>        // Enable SPARK call-graph construction<br>        Options.v().setPhaseOption("cg.spark","enabled:true");<br>        Options.v().setPhaseOption("cg.spark","verbose:true");<br>        Options.v().setPhaseOption("cg.spark","on-fly-cg:true");<br><br>        Options.v().set_allow_phantom_refs(true);<br><br>        // Set the main class of the application to be analysed<br>        Options.v().set_main_class(mainclass);<br><br>        // Load the main class<br>        SootClass c = Scene.v().loadClass(mainclass, SootClass.BODIES);<br>        c.setApplicationClass();<br><br>        // Load the "main" method of the main class and set it as a Soot entry point<br>//        SootMethod entryPoint = c.getMethodByName("main");<br>        SootMethod entryPoint = c.getMethodByName(mainmethod);<br>        List<SootMethod> entryPoints = new ArrayList<SootMethod>();<br>        entryPoints.add(entryPoint);<br>        Scene.v().setEntryPoints(entryPoints);<br>        <br>        PackManager.v().getPack("wjtp").add(new Transform("wjtp.herosifds", new IFDSDataFlowTransformer()));<br>        <br>//        soot.Main.main();<br>        //start working<br>          PackManager.v().runPacks();<br>     } </blockquote><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex" class="gmail_quote"> </blockquote><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">```</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap"><br></span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">I am using Soot 3.3.1, Java 1.8 and I have exported my eclipse project in a zip below (project structure in photo). The files, IFDSDataFlowTransformer and TestSootCallGraph, start two separate trials. </span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Do I have to create a new class with a main that would start a request (e.g. http or curl request) to the Tomcat application? </span><span style="color:rgb(0,0,0);font-family:Arial;white-space:pre-wrap">If so, that would require including more Tomcat jars/files in the project. </span><span style="background-color:transparent;color:rgb(0,0,0);font-family:Arial;white-space:pre-wrap">However, I figured that Soot did not need specific inputs or </span>all files in an application<span style="background-color:transparent;color:rgb(0,0,0);font-family:Arial;white-space:pre-wrap"> to statically analyze code. </span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Thank you,</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Fogo</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap"><br></span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap"><span style="border:none;display:inline-block;overflow:hidden;width:224px;height:207px"><img src="https://lh4.googleusercontent.com/myNBBJpNbGtDcY6ocwqBdwVvaloz9gb28mDgJxKrlbxcKQRDtTOozzCUaKqnC0MZH-Z1Zfv6qKWcUXIfzBHC_wYp_PKdl-2CTUp4Yn5EmjK5cpDds7tHwMo85CgbCeg6vKi8JQt0" width="224" height="207" style="margin-left: 0px; margin-top: 0px;"></span></span></p></span><br class="gmail-Apple-interchange-newline"><div><br></div>--<div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div style="color:rgb(136,136,136)"><div dir="ltr" style=""><div style="">

Fogo Tunde-Onadele </div><div style="">PhD student</div><div style="">Computer Science</div><div style="">North Carolina State University<br></div></div></div></div></div></div></div></div>