International Workshop on the State Of the Art in Java Program Analysis (SOAP 2012)

Eric | September 28, 2011

Co-located with PLDI 2012 in Beijing…

Soot has enabled hundreds of users to carry out research in static analysis of Java. As Soot enters its second decade, the first SOAP workshop will bring together the thriving Soot community and help catalyze the future development of the Soot framework. We anticipate that SOAP will help spur discussions and collaborations between different groups using Soot. The agenda for SOAP will also include discussions and work on integrating external contributions into the main Soot framework, as well as explorations of potential future extensions to Soot.

Important Dates

Paper submissions: March 28th, 2012
Notification of authors: April 28th, 2012
Submission of camera-ready copies: May 12th, 2012
Workshop date: TBA (June 14th, 15th or 16th) 2012
Comments
Comments Off on International Workshop on the State Of the Art in Java Program Analysis (SOAP 2012)
Categories
Research
Tags
PLDI, Soot

Soot is now invokedynamic-ready

Eric | August 24, 2010

As many of you may know, JDK 7 will bring support for a new bytecode called invokedynamic. Thanks to Matthias Perner, a bright student of ours, Soot is already ready for this new bytecode today. I have just committed appropriate changes to the SVN trunk. The new instructions are handled as follows:

  • On the Jimple, Grimp and Baf level, invokedynamic instructions appear as DynamicInvokeExpr with a static SootMethodRef that has class java.dyn.InvokeDynamic as target class. This is in accordance with the internal handling in JDK 7.
  • SootMethodRefs which have java.dyn.InvokeDynamic as target class may not be resolved: calling resolve() will throw an exception
  • On the Jasmin level, invokedynamic instruction appear in the form “invokedynamic <methodName>(<methodParams>)<methodRetType>“. In particular, there is no target class given.
  • Jasmin translates this into an invokedynamic instruction with two arguments:
    • a NameAndType attribute referring to <methodName>(<methodParams>)<methodRetType> and
    • the constant “0” (two zero bytes, i.e., a short); according to the VM spec this is reserved for future use.

The above is an experimental design. Comments are welcome! In the near future we plan to extend TamiFlex to handle invokedynamic as well.

Comments
1 Comment »
Categories
Research
Tags
invokedynamic, Soot

Lecture on Soot, Hands-on Tutorials on Clara

Eric | August 12, 2010

Dear all, for all of those of you who happened to be in Chile in November: I will be giving a lecture about the latest techniques in analyzing Java programs with Soot at the 3rd Summer School on Programming Languages, which is co-located with the Chilean Computing Week. You can find more information here. At the same even, I will moreover be giving a hands-on tutorial on Clara (“Partially evaluating finite-state runtime monitors ahead-of-time”), which is likely going to be similar to my RV tutorial.

Comments
Comments Off on Lecture on Soot, Hands-on Tutorials on Clara
Categories
Research
Tags
Chile, Clara, SCCC, Soot

TamiFlex 1.1 released

Eric | August 4, 2010

I am happy to announce that today we released version 1.1 of TamiFlex, our tool suite for dealing with reflection and custom class loaders in static analysis. Version 1.1 not only features several minor bug fixes but a completely new component called the Booster. Previous versions of TamiFlex required static analyses that were “TamiFlex-aware”, and at the current time the only such tool is Soot. The Booster makes TamiFlex compatible with virtually every static-analysis tool for Java bytecode: it transforms the original program into a new program version that is enriched with “materialized” versions of the originally reflective method calls, now in the form of standard Java method calls. Because these calls are now materialized in the code, static-analysis tools will discover them instead of unsoundly ignoring the calls.

Comments
Comments Off on TamiFlex 1.1 released
Categories
Research
Tags
Java, Soot, Static Analysis, TamiFlex

Whole-program analysis, but without the JDK (using Soot)

Eric | June 4, 2010

In the past many people have asked how they can configure Soot so that it would analyze a given set of classes, but without analyzing all the internals of the JDK. Of course, such an analysis is generally unsound, but often people don’t really care – they just want to have fast results. I have often found myself in the same situation when testing whole-program analyses that I wrote myself. Every analysis run would normally take minutes to run, which can cause your day to pass by quickly when you are debugging a complicated analysis.

Today I added a new option to Soot: -no-bodies-for-excluded. This option causes Soot to not load any method bodies of classes from the “exclude” packages (see –exclude option), even in whole-program mode, unless the class is explicitly as a “basic class”. -no-bodies-for-excluded implies -allow-phantom-refs, as it uses the phantom-refs mechanism to model classes that are not loaded.

All changes have been committed to SVN. This feature is still experimental, but it appears to work for me – I am now able to run all of Clara‘s tests in seconds each instead of minutes each, just because they now ignore JDK classes.

Comments
Comments Off on Whole-program analysis, but without the JDK (using Soot)
Categories
Research
Tags
Java, Soot, Soot Tutorial

Using Soot and TamiFlex to analyze DaCapo

Eric | March 29, 2010

In this tutorial, I describe how to use TamiFlex to facilitate the static analysis of the DaCapo benchmarks with Soot. You can also find this tutorial on the TamiFlex website.

Also feel free to use our scripts for this purpose. You can also find many details in our Technical Report.

Step 0: Downloading the necessary components

To analyze DaCapo benchmarks with Soot, first download the following:

Read the rest of this entry »

Comments
Comments Off on Using Soot and TamiFlex to analyze DaCapo
Categories
Research
Tags
Soot, Soot Tutorial, TamiFlex

Soot 2.4.0 released

Eric | March 29, 2010

I am pleased to announce that Soot version 2.4.0 is now available at:
http://www.sable.mcgill.ca/soot/

This release contains the following additions and improvements:

  1. Hossein Sadat-Mohtasham’s implementation of program dependency graphs
  2. Support for creating sound call graphs even for programs that use reflection, custom class loaders and runtime-generated classes. For this purpose, Soot uses TamiFlex to create a runtime log file that contains information about how reflection is being used. Spark then uses the log file during call-graph and points-to graph construction. See this tutorial for details.

Also we incorporated fixes to numerous bugs. Thanks for reporting bugs and/or providing fixes! See http://www.sable.mcgill.ca/soot/CHANGES for details.

As of version 2.2.0 the Soot bugzilla is available at: http://svn.sable.mcgill.ca/bugzilla/. We encourage you to add any Soot bugs there.

Comments
5 Comments »
Categories
Research
Tags
Soot, TamiFlex

Taming Reflection – Static Analysis in the Presence of Reflection and Custom Class Loaders

Eric | March 25, 2010

I am happy to announce the first release of TamiFlex, our new tool suite for “taming reflection”. TamiFlex comes with an accompanying Technical Report. Using TamiFlex, you can, in combination with static-analysis tools such as Soot 2.4.0, analyze even such programs statically that use reflection and custom class loaders.

For instance, we describe how to use TamiFlex to statically analyze the new DaCapo “bach” release with Soot. This document gives an overview of the architecture of TamiFlex.

Read the rest of this entry »

Comments
Comments Off on Taming Reflection – Static Analysis in the Presence of Reflection and Custom Class Loaders
Categories
Research
Tags
Soot, TamiFlex

Packs and phases in Soot

Eric | November 26, 2008

This the fourth post in a series of blog posts about frequently asked questions with using Soot. Today’s topic will be on packs and phases in Soot.

One frequent question that comes up on the Soot mailing list is when to run a particular analysis in Soot. Soot’s execution is divided in a set of different packs and each pack contains different phases. Therefore the question could be rephrased as “In which pack do I have to run my analysis or transformation?”. This tutorial tries to help you answer this question.

Read the rest of this entry »

Implementing an intra-procedural data-flow analysis in Soot

Eric | September 22, 2008

After my last tutorials on using Soot on the command line, and using the Soot Eclipse plugin, this is the third of a series of blog posts about frequently asked questions with using Soot. Today’s topic will be on extending Soot with your own intra-procedural data-flow analysis.

Read the rest of this entry »