You are here: Home / Projects / OSADL Toolbox / 
2024-03-19 - 07:25

Callgraph: Evaluate link dependency between files

Background and goal of the project

While scanning tools are, among other, used to determine under which license a particular file may be copied and distributed, they do not provide any information which of the files create a so-called "combined work". However, certain Open Source licenses, namely those that belong to the GPL family of licenses, impose additional obligations on files that are combined with the licensed files. Such obligations are related to the copyleft clause of these licenses and dictate the licensing of combined files, other obligations are related to the distribution of combined files and, for example, force permission of modification, reverse-engineering and debugging.

The key to analyzing the linkage relationship between binary files is the so-called ELF data structure. It can contain i) information which symbols are undefined and need an external file to be resolved and imported (this could be a program or a library) and ii) information about locally defined symbols that can be exported (this would then normally be a library). A command line tool to explore ELF data sets of a program or library is objdump. It is used with the -T option to display the contents of the dynamic symbol table that indicates unresolved symbols to be imported (marked with *UND*) and with the -R option to display the dynamic relocation entries in the file that are available for export. However, manual analysis is not recommended and often simply not feasible because of the sheer size of the tables. Therefore, Armijn Hemel has written a tool that automatically and recursively determines the link dependency between files in a root file system. This tool has been extended by OSADL and, since Armijn was kind enough to put it under an Open Source license, the repository is available for the general public to freely use, copy and distribute (see below for the link).

Example callgraph graphics

Callgraph of /bin/bash.bash of a standard Debian root filesystem

Callgraph output converted to graphics with Graphviz

Callgraph of systemd of a randomly selected Linux distribution

Callgraph output generated with GraphViz
Click here to display the graph at full size in a new window or tab

The famous "Hello world" program, no symbols

Callgraph cypher output generated with Neo4j

Same as above, but with symbols

Callgraph cypher output generated with Neo4j

OpenSSH server, no symbols

Callgraph cypher output generated with Neo4j
Click here to display the graph at full size in a new window or tab

Same as above, but with symbols

Callgraph cypher output generated with Neo4j
Click here to display the graph at full size in a new window or tab

Access to the software

The callgraph software is hosted on OSADL's Git server https://git.osadl.org/ckresse/callgraph where instructions how to use, download and install the software are given. Please send merge requests, if you fixed bugs or added new features. Requests for information on the project and support may be directed to officeªosadl.org.