In static program analysis, Soot is a bytecode manipulation and optimization framework consisting of intermediate languages for Java. It has been developed by the Sable Research Group at McGill University. Soot is currently maintained by the Secure Software Engineering Group at Paderborn University.[1] Soot provides four intermediate representations for use through its API for other analysis programs to access and build upon:[2]

  • Baf: a near bytecode representation.
  • Jimple: a simplified version of Java source code that has a maximum of three components per statement.
  • Shimple: an SSA variation of Jimple (similar to GIMPLE).
  • Grimp: an aggregated version of Jimple suitable for decompilation and code inspection.

The current Soot software release also contains detailed program analyses that can be used out-of-the-box, such as context-sensitive flow-insensitive points-to analysis,[3] call graph analysis and domination analysis (answering the question "must event a follow event b?"). It also has a decompiler called dava.

Soot is free software available under the GNU Lesser General Public License (LGPL). In 2010, two research papers on Soot (Vallée-Rai et al. 1999 and Pominville et al. 2000) were selected as IBM CASCON First Decade High Impact Papers among 12 other papers from the 425 entries.[4]

Jimple

edit

Jimple is an intermediate representation of a Java program designed to be easier to optimize than Java bytecode. It is typed, has a concrete syntax and is based on three-address code.

Jimple includes only 15 different operations, thus simplifying flow analysis. By contrast, java bytecode includes over 200 different operations.[5][6]

Unlike java bytecode, in Jimple local and stack variables are typed and Jimple is inherently type safe.

Converting to Jimple, or "Jimplifying" (after "simplifying"), is conversion of bytecode to three-address code. The idea behind the conversion, first investigated by Clark Verbrugge, is to associate a variable to each position in the stack. Hence stack operations become assignments involving the stack variables.

Example

edit

Consider the following bytecode, which is from the [7]

iload 1  // load variable x1, and push it on the stack
iload 2  // load variable x2, and push it on the stack
iadd     // pop two values, and push their sum on the stack
istore 1 // pop a value from the stack, and store it in variable x1

The above translates to the following three-address code:

stack1 = x1 // iload 1
stack2 = x2 // iload 2
stack1 = stack1 + stack2 // iadd
x1 = stack1 // istore 1

In general the resulting code does not have static single assignment form.

SootUp

edit

Soot is now succeeded by the SootUp framework developed by the Secure Software Engineering Group at Paderborn University.[8] SootUp is a complete reimplementation of Soot with a novel design, that focuses more on static program analysis, rather than bytecode optimization.

References

edit
  1. ^ "Soot - A Java optimization framework". github.com. Retrieved 16 January 2024.
  2. ^ "A framework for analyzing and transforming Java and Android Applications". Sable.mcgill.ca. Archived from the original on 2008-12-28. Retrieved 2016-08-10.
  3. ^ "Tutorials · Sable/soot Wiki · GitHub". Sable.mcgill.ca. 2016-01-12. Retrieved 2016-08-10.
  4. ^ "CASCON First Decade High Impact Papers". Dl.acm.org. Retrieved 2016-08-10.
  5. ^ Vallee-Rai, Raja (1998). "The Jimple Framework". Sable.mcgill.ca.
  6. ^ Vallee-Rai, Raja; Hendren, Laurie J. (1998). "Jimple: Simplifying Java Bytecode for Analyses and Transformations". Sable.mcgill.ca.
  7. ^ Vallee-Rai 1998.
  8. ^ "A new version of Soot with a completely overhauled architecture". github.com. Retrieved 16 January 2024.

Further reading

edit
edit