the soot framework for java program analysis a
play

The Soot framework for Java program analysis: a retrospective - PowerPoint PPT Presentation

Jul 13, 2023 •469 likes •867 views

The Soot framework for Java program analysis: a retrospective Patrick Lam, Eric Bodden, Ond rej Lhot ak, and Laurie Hendren October 2011 This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 License . Soot a

  1. The Soot framework for Java program analysis: a retrospective Patrick Lam, Eric Bodden, Ondˇ rej Lhot´ ak, and Laurie Hendren October 2011 This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 License .

  2. Soot a compiler framework for Java (bytecode), enabling development of static analysis tools.

  3. Map of Reported Soot Users

  4. Selected Soot Applications Compile-time deallocation (Cherem and Rugina) Elimination of array bounds checks (many, including Qian, Hendren and Verbrugge) Test adequacy for DB-driven applications (Kapfhammer and Soffa)

  5. Outline About Soot About Soot’s development

  6. Features Working With Soot Part I About Soot

  7. Features Working With Soot Soot Workflow Java Java Scala source source source javac scalac Eclipse class files Soot TamiFlex output JastAdd parser Produce Jimple 3−address IR Analyze, Optimize and Tag HTML Graphs Generate Bytecode Java Error source messages Optimized/transformed class files + attributes Java Virtual Machine

  8. Features Working With Soot We start by describing Soot’s features, namely: intraprocedural features; interprocedural features; and getting results out of Soot.

  9. Features Working With Soot Intraprocedural Features Provides three-address code. Supports implementing dataflow analyses.

  10. Features Working With Soot Three-Address Code public int foo(java.lang.String) { // [local defs] r0 := @this; // IdentityStmt r1 := @parameter0; if r1 != null goto label0; // IfStmt $i0 = r1.length(); // AssignStmt r1.toUpperCase(); // InvokeStmt return $i0; // ReturnStmt label0: return 2; }

  11. Features Working With Soot Connecting with Java source Each Jimple statement if r1 != null goto label0; // IfStmt belongs to: a SootMethod, e.g. foo(String) , and a SootClass, e.g. Foo , reflecting the structure of the original source code. You can also get: line number information (if available), e.g. “ Foo.java:72 ”. original variable names (on a best-effort basis).

  12. Features Working With Soot Dataflow Analysis Example: “Live Locals” Soot’s Eclipse plugin helps you debug your flow analysis.

  13. Features Working With Soot Interprocedural Features Call graph/pointer information (Side effect analysis) (Reflection)

  14. Features Working With Soot Why Call Graphs? Sophisticated static analyses need to answer questions like: class A { bar() { /* */ foo() { } } A o = ...; class B extends A { o.bar(); bar() { } /* */ } } “Which methods might o.bar() reach?”

  15. Features Working With Soot Call Graphs in Soot Spark (part of Soot) computes call graph edges, which contain: Source method Source statement (if applicable) Target method Kind of edge source m. source stmt. target m. kind • • • VIRTUAL foo() bar() { { o.bar(); /* */ } }

  16. Features Working With Soot Points-to Analysis A closely related question: Could x and y be aliases in: x.f = 5; y.f = 6; z = x.f; Spark can answer this question with a call to hasNonEmptyIntersection() on points-to sets.

  17. Features Working With Soot Running unaltered versions of Soot Use Soot as a: disassembler to three-address code; or visualizer for CFGs and analysis results, in Eclipse.

  18. Features Working With Soot Extending Soot You can write a compiler pass extending Soot, as either a BodyTransformer , for a intraprocedural analysis; or SceneTransformer , for a whole-program analysis. You choose where this pass should run by putting it in a Pack . Use Map s or attributes to share analysis results. We explicitly disallow subclassing of IR statements, based on past experience. (Mixins would be OK). To run extended Soot, you create a custom main class which calls soot.Main.main() .

  19. Dev Process & Community Reflections Reflections & Conclusions Part II About Soot’s Development

  20. Dev Process & Community Reflections Reflections & Conclusions History Initial release in 1999–2000; Soot 1.0.0 was an intraprocedural Java bytecode analysis framework.

  21. Dev Process & Community Reflections Reflections & Conclusions Soot Evolution (credit: persocomholic/flickr) Stepwise evolution of key features: Local variable type inference, initially by Gagnon et al; later by 1 Bellamy et al. Call graph information, initially Variable Type Analysis by 2 Sundaresan et al; subsumed by Spark.

  22. Dev Process & Community Reflections Reflections & Conclusions Support and Community (credit: Marsyas/Wikimedia Commons) Main agora: Soot mailing list, about 30 messages/month. Soot Bugzilla contains some bugs. Soot Wiki is good for recording certain types of information. Publicly readable Subversion repository; we’d welcome external committers.

  23. Dev Process & Community Reflections Reflections & Conclusions Licensing Soot is licensed under GNU Lesser General Public License. We recommend choosing a license that works for you. McLab (compiler framework for MATLAB) will be released under the Apache 2.0 license.

  24. Dev Process & Community Reflections Reflections & Conclusions Documentation Documentation is critical to framework success. API carefully designed. Soot Survivor’s Guide by Einarsson and Nielsen. Plus: Helpful error messages.

  25. Dev Process & Community Reflections Reflections & Conclusions Future Improvements for Soot Some future directions where we’d like to see Soot improvements: faster startup and computation time; structured interprocedural analysis support;

  26. Dev Process & Community Reflections Reflections & Conclusions Future Improvements for Soot (credit: wwarby/flickr) Some future directions where we’d like to see Soot improvements: faster startup and computation time; structured interprocedural analysis support;

  27. Dev Process & Community Reflections Reflections & Conclusions Future Improvements for Soot (credit: Mike Hunt/Wikimedia commons) Some future directions where we’d like to see Soot improvements: faster startup and computation time; structured interprocedural analysis support;

  28. Dev Process & Community Reflections Reflections & Conclusions Reflections Soot does what we expected it to do. a surprise: unsound and incomplete analyses. Challenges: keeping up with external changes (e.g. in the Java specification); incorporating external extensions into Soot.

  29. Dev Process & Community Reflections Reflections & Conclusions Useful Features for Compiler Frameworks While Soot doesn’t have these features, they are indispensible for compiler frameworks. some way of avoiding redundant re-computations, e.g. incremental computation; quasiquoting, for easily generating code from templates.

  30. Dev Process & Community Reflections Reflections & Conclusions Reflections on Compiler Frameworks Our suggestions for compiler frameworks and the community: make it easy to independently release extensions (non-monolithic structure, like CPAN); the community must value software and data releases; we need more venues for framework papers.

  31. Dev Process & Community Reflections Reflections & Conclusions Reasons for Success Soot: provided the right features at the right time; was easy enough to use (availability, license, community). Key features: Jimple intermediate representation; Spark pointer analysis toolkit.

  32. Dev Process & Community Reflections Reflections & Conclusions Thanks! Soot’s development was supported in part by: Canada’s Natural Science and Engineering Research Council Fonds de recherche du Qu´ ebec—Nature et technologies IBM’s Centre for Advanced Studies, and an Eclipse Innovation Grant. Eric Bodden is supported by CASED (www.cased.de).

  33. Dev Process & Community Reflections Reflections & Conclusions Contributors Initial Designer: Raja Vall´ ee-Rai Maintainers: Patrick Lam, Feng Qian, Ondˇ rej Lhot´ ak, Eric Bodden Project Advisor: Laurie Hendren Contributors: Ben Bellamy John Jorgensen Chris Pickett Will Benton Felix Kwok Patrice Pominville Marc Berndl Patrick Lam Feng Qian Eric Bodden Jennifer Lhotak Hossein Sadat-Mohtasham Phong Co Ondrej Lhotak Ganesh Sittampalam Archie Cobbs Lin Li Manu Sridharan Torbjorn Ekman Florian Loitsch Vijay Sundaresan David Eng Jerome Miecznikowski Julian Tibble Etienne Gagnon Antoine Mine Navindra Umanee Chris Goard Nomair Naeem Raja Val´ ee-Rai Richard Halpert Matthias Perner Clark Verbrugge

  34. Dev Process & Community Reflections Reflections & Conclusions

  35. Dev Process & Community Reflections Reflections & Conclusions External contributors Ben Bellamy at Oxford (type assigner); Torbj¨ orn Ekman at Oxford (Java 5 parser); Manu Sridharan, while at Berkeley (demand-driven pointer analysis).

  36. Dev Process & Community Reflections Reflections & Conclusions Notable Changes in Soot Over the years, we and others have improved Soot: a single singleton; dealing with partial programs; better front-end parsers; demand-driven efficiency improvements.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Numerical static analysis with Soot Gianluca Amato Universit` a G. dAnnunzio di

Numerical static analysis with Soot Gianluca Amato Universit` a G. dAnnunzio di

Numerical static analysis with Soot Gianluca Amato Universit` a G. dAnnunzio di ChietiPescara ACM SIGPLAN International Workshop on the State Of the Art in Java Program Analysis SOAP 2013 (joint work with Francesca Scozzari and

859 views • 62 slides
Soot .class .jimple .java commandline args Soot Polyglot Jimpilfy Jimple Parser

Soot .class .jimple .java commandline args Soot Polyglot Jimpilfy Jimple Parser

Soot .class .jimple .java commandline args Soot Polyglot Jimpilfy Jimple Parser Frontend Jimple Analysis and Transformations Jimple, with Flow Analysis Information Add tags Jimple with Tags Generate Jimple Files Generate

217 views • 18 slides
Introduction to Soot Automated testing and J.P . Galeotti - Alessandra Gorla verification

Introduction to Soot Automated testing and J.P . Galeotti - Alessandra Gorla verification

Introduction to Soot Automated testing and J.P . Galeotti - Alessandra Gorla verification Thursday, November 22, 12 The Java virtual machine (JVM) The Java compiler translates a Java program into Java bytecode (input language of the JVM)

446 views • 20 slides
Problems Implementing a points-to analysis to handle the details of Java is a lot of work. is

Problems Implementing a points-to analysis to handle the details of Java is a lot of work. is

Scaling Java Points-To Analysis Using S PARK (Soot Pointer Analysis Research Kit) Ond rej Lhot ak and Laurie Hendren Sable Research Group McGill University April 8th, 2003 p. 1/53 Problems Implementing a points-to analysis to

610 views • 59 slides
Java Collections Framework 6 May 2019 OSU CSE 1 Overview The Java Collections Framework

Java Collections Framework 6 May 2019 OSU CSE 1 Overview The Java Collections Framework

Java Collections Framework 6 May 2019 OSU CSE 1 Overview The Java Collections Framework (JCF) is a group of interfaces and classes similar to the OSU CSE components The similarities will become clearly evident from examples See

836 views • 61 slides
Java Java Basics Java Program Statements Java Review Conditional statements

Java Java Basics Java Program Statements Java Review Conditional statements

Java Java Basics Java Program Statements Java Review Conditional statements Repetition statements (loops) Writing Classes in Java Selim Aksoy Class definitions Bilkent University Encapsulation and Java modifiers

346 views • 11 slides
QtJambi Java bindings for the powerful Qt framework Qt Powerful framework for C++ GUI, XML,

QtJambi Java bindings for the powerful Qt framework Qt Powerful framework for C++ GUI, XML,

QtJambi Java bindings for the powerful Qt framework Qt Powerful framework for C++ GUI, XML, Database, IO, Network, Threads... Crossplatfrom including embedded systems Double license - GPL & commertial Bindings for Java, Python,Perl, PHP

367 views • 10 slides
JAVA CONCURRENCY FRAMEWORK Kaushik Kanetkar Old days One CPU, executing one single program at a

JAVA CONCURRENCY FRAMEWORK Kaushik Kanetkar Old days One CPU, executing one single program at a

JAVA CONCURRENCY FRAMEWORK Kaushik Kanetkar Old days One CPU, executing one single program at a time No overlap of work/processes Lots of slack time CPU not completely utilized What is Concurrency Concurrency is the ability to run several

761 views • 43 slides
Introduction to Java Brief history of Java Sample Java Program Compiling &

Introduction to Java Brief history of Java Sample Java Program Compiling &

Introduction to Java Brief history of Java Sample Java Program Compiling & Executing Reading: => Section 1.1 1 Introduction to Java History Invented in 1991 - Sun Microsystems, Inc (James Gosling). Sun

593 views • 12 slides
The Java Collections Framework Definition Set of interfaces, abstract and concrete classes that

The Java Collections Framework Definition Set of interfaces, abstract and concrete classes that

The Java Collections Framework Definition Set of interfaces, abstract and concrete classes that define common abstract data types in Java e.g. list, stack, queue, set, map Part of the java.util package Implementation Extensive use of

669 views • 22 slides
Programs, and Java 1 Objectives To Know the basics To write a simple Java program To

Programs, and Java 1 Objectives To Know the basics To write a simple Java program To

Chapter 1 Introduction to Computers, Programs, and Java 1 Objectives To Know the basics To write a simple Java program To know error types To Know basic syntax of a Java program 2 Programs Computer programs , known as software

473 views • 36 slides
Java Generics Generics n Since JDK 1.5 (Java 5), the Collections framework has been

Java Generics Generics n Since JDK 1.5 (Java 5), the Collections framework has been

Java Generics Generics n Since JDK 1.5 (Java 5), the Collections framework has been parameterized. n A class that is defined with a parameter for a type is called a generic or a parameterized class. In C++, there were referred to as

300 views • 12 slides
Modeling Soot Formation from Solid Complex Fuels Alexander J. Josephson 1,2,* , Emily Hopkins 2 ,

Modeling Soot Formation from Solid Complex Fuels Alexander J. Josephson 1,2,* , Emily Hopkins 2 ,

Paper # 29SF-0073 Topic: Soot Formation Western States Section of the Combustion Institute Fall 2017 Meeting Hosted by the University of Wyoming October 2-3, 2017 Modeling Soot Formation from Solid Complex Fuels Alexander J. Josephson 1,2,*

608 views • 8 slides
Program Analysis in Software Development Summary of Papers Program Analysis Application Areas

Program Analysis in Software Development Summary of Papers Program Analysis Application Areas

Program Analysis in Software Development Summary of Papers Program Analysis Application Areas Compilation and Optimization LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation Obfuscation Generation and

1.64k views • 6 slides
Ja Java va Co Coll llection ection Fra ramew ework ork Version March 2009 Framework

Ja Java va Co Coll llection ection Fra ramew ework ork Version March 2009 Framework

Ja Java va Co Coll llection ection Fra ramew ework ork Version March 2009 Framework Interfaces (ADT, Abstract Data Types) Implementations (of ADT) Algorithms (sort) java.util.* Java 5 released! Lots of changes about

1k views • 71 slides
JAVA Java vs. Java Java Language Specification

JAVA Java vs. Java Java Language Specification

BR 10/05 JAVA Java vs. Java Java Language Specification http://java.sun.com/docs/books/jls/second_edition/html/j.title.doc.html Java programming language is compiled into java byte code Java Virtual Machine Specification

1.07k views • 44 slides
Linearizability, revisited Radha Jagadeesan Gustavo Petri Corin Pitcher James Riely

Linearizability, revisited Radha Jagadeesan Gustavo Petri Corin Pitcher James Riely

Linearizability, revisited Radha Jagadeesan Gustavo Petri Corin Pitcher James Riely DePaul University Purdue University ESOP 2010, FOSSACS 2012, TLDI 2012, ESOP 2013 Linearizability, revisited ESOP 2010, FOSSACS 2012,

1.24k views • 70 slides
Direct Self-Consistent Field Computations on GPU Clusters Guochun Shi, Ivan Ufimtsev, Volodymyr

Direct Self-Consistent Field Computations on GPU Clusters Guochun Shi, Ivan Ufimtsev, Volodymyr

Direct Self-Consistent Field Computations on GPU Clusters Guochun Shi, Ivan Ufimtsev, Volodymyr Kindratenko Todd Martinez National Center for Supercomputing Department of Chemistry Applications Stanford University University of Illinois at

1.23k views • 26 slides
Malware: Viruses, Worms, Rootkits, Botnets Spring 2015

Malware: Viruses, Worms, Rootkits, Botnets Spring 2015

CSE 484 / CSE M 584: Computer Security and Privacy Malware: Viruses, Worms, Rootkits, Botnets Spring 2015 Franziska (Franzi) Roesner

403 views • 37 slides
Attacking AUTOSAR using Software and Hardware Attacks Pascal al Nasahl Graz University of

Attacking AUTOSAR using Software and Hardware Attacks Pascal al Nasahl Graz University of

Attacking AUTOSAR using Software and Hardware Attacks Pascal al Nasahl Graz University of Technology Niek Timmer mers Riscure 1 Introduction 2 Introduction Niek Timmers Principal Security Analyst @ Riscure 3 Introduction

1.34k views • 115 slides
3 John Series Lesson #020 October 19, 2003 Dean Bible Ministries www.deanbibleministries.org

3 John Series Lesson #020 October 19, 2003 Dean Bible Ministries www.deanbibleministries.org

3 John Series Lesson #020 October 19, 2003 Dean Bible Ministries www.deanbibleministries.org Dr. Robert L. Dean, Jr. Missions technically refers to a form of cross cultural evangelism where designated individuals are set apart by a local

417 views • 18 slides
Registrant List UCSF OCME Page 1 of 6 Name City, State Acosta R Maritza Masters Sausalito,

Registrant List UCSF OCME Page 1 of 6 Name City, State Acosta R Maritza Masters Sausalito,

University of California San Francisco 7/27/2015 MDM16M02: Essentials of Primary Care Registrant List UCSF OCME Page 1 of 6 Name City, State Acosta R Maritza Masters Sausalito, CA 1 2 Ajudia Ketan Md Placerville, CA Akinsanya

784 views • 6 slides
Localization: Algorithms and System Applications of Location Information Location aware

Localization: Algorithms and System Applications of Location Information Location aware

Localization: Algorithms and System Applications of Location Information Location aware information services e.g., E911, location-based search, target advertisement, tour guide, inventory management, traffic monitoring, disaster

912 views • 44 slides
Welcome to Advisens Transaction Insurance Insights Conference Welcoming Remarks Rebecca Bole

Welcome to Advisens Transaction Insurance Insights Conference Welcoming Remarks Rebecca Bole

Welcome to Advisens Transaction Insurance Insights Conference Welcoming Remarks Rebecca Bole EVP & Editor-in-Chief Advisen Leading the way to smarter and more efficient risk and insurance communities, Advisen delivers: The right

778 views • 48 slides

More recommend