[Soot-list] Use SOOT to analyse Java library.
Johannes Lerch
lerch at st.informatik.tu-darmstadt.de
Fri Apr 10 04:17:45 EDT 2015
Hi Christian,
the options that will be of interest for you are the following:
-cp and -process-dir to provide paths to the jar files of the jre. You
probably want to include all jars inside JAVA_HOME/lib/, but at the very
least the rt.jar file.
-include-all to remove the default filter for java packages.
-whole-program to set it to a whole program analysis, i.e., there is no
main method.
-allow-phantom-refs is required if you will not include all jars and
even if, there might be some platform specific classes missing.
-p cg all-reachable:true as Eric already explained.
-p jb use-original-names:true to use the original local variable names
(if information is provided: analyze a jdk instead of a jre to have
debug information!)
More information about each option can be found here:
https://ssebuild.cased.de/nightly/soot/doc/soot_options.htm
Regards,
Johannes
Am 10.04.2015 um 07:44 schrieb Bodden, Eric:
> Hi Christian.
>
>> How do I get SOOT to load & parse (so I can get Jimple bodies) for say the entire java 1.x library.
>>
>> Do I have to supply SOOT with the classes (or source code) as arguments in the call to Main.main(args) (see code below)?
>>
>> Do I have to create a main class to get it to work? Or can SOOT analyze all classes I provide as arguments to Main.main(args) call without a main class & method?
> This really depends on what you want to do. If you want to do intra-procedural analysis then it should be “just” a matter of giving Soot the right command line to parse all the classes faithfully. I have a PhD student who is currently analyzing the JDK for vulnerabilities and I have asked him to provide more info on which command line he uses.
>
> If you want to do inter-procedural analysis then it’s more tricky. The problem is that you need a call graph and this, in turn, requires some entry points. You can use "-p cg all-reachable:true” to instruct Soot to consider _all_ methods as entry points during call-graph construction. If you combine this with using CHA then this should typically give you a call graph that is sound but may be very imprecise. We are currently working towards more precise analyses of libraries but it’s a hard problem to solve.
>
> Best wishes,
> Eric
>
>
> _______________________________________________
> Soot-list mailing list
> Soot-list at CS.McGill.CA
> https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20150410/6948b388/attachment.html
More information about the Soot-list
mailing list