I am happy to announce that today we released version 1.1 of TamiFlex, our tool suite for dealing with reflection and custom class loaders in static analysis. Version 1.1 not only features several minor bug fixes but a completely new component called the Booster. Previous versions of TamiFlex required static analyses that were “TamiFlex-aware”, and at the current time the only such tool is Soot. The Booster makes TamiFlex compatible with virtually every static-analysis tool for Java bytecode: it transforms the original program into a new program version that is enriched with “materialized” versions of the originally reflective method calls, now in the form of standard Java method calls. Because these calls are now materialized in the code, static-analysis tools will discover them instead of unsoundly ignoring the calls.
TamiFlex 1.1 released
Eric | August 4, 2010Using Soot and TamiFlex to analyze DaCapo
Eric | March 29, 2010In this tutorial, I describe how to use TamiFlex to facilitate the static analysis of the DaCapo benchmarks with Soot. You can also find this tutorial on the TamiFlex website.
Also feel free to use our scripts for this purpose. You can also find many details in our Technical Report.
Step 0: Downloading the necessary components
To analyze DaCapo benchmarks with Soot, first download the following:
- the current DaCapo JAR file
- TamiFlex:
- soot-2.4.0.jar (or higher) for Soot
Soot 2.4.0 released
Eric | March 29, 2010I am pleased to announce that Soot version 2.4.0 is now available at:
http://www.sable.mcgill.ca/soot/
This release contains the following additions and improvements:
- Hossein Sadat-Mohtasham’s implementation of program dependency graphs
- Support for creating sound call graphs even for programs that use reflection, custom class loaders and runtime-generated classes. For this purpose, Soot uses TamiFlex to create a runtime log file that contains information about how reflection is being used. Spark then uses the log file during call-graph and points-to graph construction. See this tutorial for details.
Also we incorporated fixes to numerous bugs. Thanks for reporting bugs and/or providing fixes! See http://www.sable.mcgill.ca/soot/CHANGES for details.
As of version 2.2.0 the Soot bugzilla is available at: http://svn.sable.mcgill.ca/bugzilla/. We encourage you to add any Soot bugs there.
Taming Reflection – Static Analysis in the Presence of Reflection and Custom Class Loaders
Eric | March 25, 2010I am happy to announce the first release of TamiFlex, our new tool suite for “taming reflection”. TamiFlex comes with an accompanying Technical Report. Using TamiFlex, you can, in combination with static-analysis tools such as Soot 2.4.0, analyze even such programs statically that use reflection and custom class loaders.
For instance, we describe how to use TamiFlex to statically analyze the new DaCapo “bach” release with Soot. This document gives an overview of the architecture of TamiFlex.