Background and goal of the project
While scanning tools are, among other, used to determine under which license a particular file may be copied and distributed, they do not provide any information which of the files create a so-called "combined work". However, certain Open Source licenses, namely those that belong to the GPL family of licenses, impose additional obligations on files that are combined with the licensed files. Such obligations are related to the copyleft clause of these licenses and dictate the licensing of combined files, other obligations are related to the distribution of combined files and, for example, force permission of modification, reverse-engineering and debugging.
The key to analyzing the linkage relationship between binary files is the so-called ELF data structure. It can contain i) information which symbols are undefined and need an external file to be resolved and imported (this could be a program or a library) and ii) information about locally defined symbols that can be exported (this would then normally be a library). A command line tool to explore ELF data sets of a program or library is objdump. It is used with the -T option to display the contents of the dynamic symbol table that indicates unresolved symbols to be imported (marked with *UND*) and with the -R option to display the dynamic relocation entries in the file that are available for export. However, manual analysis is not recommended and often simply not feasible because of the sheer size of the tables. Therefore, Armijn Hemel has written a tool that automatically and recursively determines the link dependency between files in a root file system. This tool has been extended by OSADL and, since Armijn was kind enough to put it under an Open Source license, the repository is available for the general public to freely use, copy and distribute (see below for the link).
Example callgraph graphics
Callgraph of /bin/bash.bash of a standard Debian root filesystem
- Callgraph output converted to graphics with Graphviz
Callgraph of systemd of a randomly selected Linux distribution
- Callgraph output generated with GraphViz
- Click here to display the graph at full size in a new window or tab
The famous "Hello world" program, no symbols
- Callgraph cypher output generated with Neo4j
Same as above, but with symbols
- Callgraph cypher output generated with Neo4j
OpenSSH server, no symbols
- Callgraph cypher output generated with Neo4j
- Click here to display the graph at full size in a new window or tab
Same as above, but with symbols
- Callgraph cypher output generated with Neo4j
- Click here to display the graph at full size in a new window or tab
Access to the software
The callgraph software is hosted on OSADL's Git server https://git.osadl.org/ckresse/callgraph where instructions how to use, download and install the software are given. Please send merge requests, if you fixed bugs or added new features. Requests for information on the project and support may be directed to officeªosadl.org.