[Soot-list] Soot as a commercial static analyzer front-end
plam at sable.mcgill.ca
Tue Apr 27 09:59:32 EDT 2010
On 27/04/10 02:39 AM, 이희종 wrote:
> I'm working with a startup that makes a static program analyzer.
> We're planning to launch a new Java static analyzer project and
> Soot is one of our possible front-end candidates. Please anyone
> give us an advice about:
> 1. Is there any possible license problem?
> Soot is LGPL. But I think we can use it with our commercial
> private source codes since Java doesn't link classes statically.
> Is this right?
> 2. Can we only use Coffi parser and Jimple producing part of Soot?
> Soot document says, if you want to add your analysis you may
> provide a pack and insert it in the pack manager. But our analyzer
> is a commercial product. We want to minimize an inter-dependency
> between our product and any open source software. If Soot
> provides any option to be used as a library not a framework, that
> would be the best choice.
You are welcome to use Soot under the LGPL. That means that you can
distribute the Soot jarfile with your application and call Soot from
your application. You must also distribute the Soot source code.
The best way to use Soot in your case is probably, as you say, not to
add yourself to the pack manager. You can produce the Jimple IR and
perform transformations on it. The best way to do that is probably via
the loadClassesAndSupport() call, but you have to be sure to use it
appropriately; many people report problems from not calling
loadClassesAndSupport() not quite correctly.
More information about the Soot-list