-
-
Notifications
You must be signed in to change notification settings - Fork 712
Users of Soot
Those can be both closed-source and open source.
The Viadee Process Application Validator is a BSD-licensed open-source tool that identifies potential problems in automated business processes, i.e. process applications that need to make assumptions about the underlying Java code, implementing the process. It is currently tailored for use with the Camunda ecosystem and available on Github.
CogniCrypt comprises a static analysis to identify misuses of cryptography APIs. The static analysis uses IDE/AL and Boomerang based on WPDS (see below). The implementation is available as an official Eclipse open-source project.
Weighted Pushdown Systems (WDPS) are our preferred way of implementing efficient field, context and flow-sensitive static data-flow analyses, as described in our POPL 2019 paper. WDPS are more expressive than IFDS and IDE (see below). Further, our implementation of Synchronized PDS, as described in the paper, yields additional performance for field-sensitive analyses. The repository also comprises a very efficient, WPDS-based implementation of Boomerang and IDE/AL (see below).
Boomerang is a demand-driven pointer analysis for Java built on top of Soot and Heros. Boomerang is context-,field, and flow-sensitive and efficiently answers pointer queries on demand. For a given variable at a statement, Boomerang computes (1) all potential objects a variable refers to a runtime (in form of their allocation statements) and (2) all other local variables pointing to the same objects. This repository here contains an updated and more efficient variant of Boomerang, based on WPDS, see above.
IDE/AL builts on top of Boomerang and Heros and enables an alias-aware data-flow analysis, for instance, an alias-aware typestate analysis. IDE/AL automatically computes and constructs data-flow between aliases with a minimal overhead: Alias information is only compute where necessary. This repository here contains an updated and more efficient variant of IDE/AL, based on WPDS, see above.
Heros supports the template-driven inter-procedural data-flow analysis of applications using the IFDS and IDE frameworks. Using Heros, you can quickly prototype context and flow-sensitive data-flow analyses by simply defining a set of flow functions.
FlowDroid supports the analysis of Android apps. It comprises an entry-point generator that allows you to simulate the events of the Android lifecycle. Moreover, it supports the automated tracking of both explicit and implicit information flows.
TamiFlex allows you to collect information about reflective calls and incorporate them into your static analysis. Also, it can be used to incorporate offline-transformed classes into an application's class-loading process.
Soot-Scala is a Scala thin wrapper around many parts of the Soot API to make it follow Scala conventions. It includes many implicit classes that follow the Pimp-my-library pattern and a few extractors to use in Scala match statements.
The JavaEE Entry Point Generator creates entry points for Jax-WS web services and Servlets. Servlet information can be loaded from web.xml
or from the code. Jax-WS information is always loaded from the code. Servlets' access control restrictions and filters are integrated in the entry points we generate.
Averroes is a standalone tool that generates a placeholder library over-approximating the possible behaviour of the original library. The placeholder library can be constructed quickly without analyzing the whole program, and is typically in the order of 80 kB of classes (comparatively, the Java standard library is 25 MB). Any existing whole-program call graph construction framework, including Soot, can use the placeholder library as a replacement for the actual libraries to efficiently construct a sound and precise application call graph. The current version of Averroes is both context-insensitive and flow-insensitive.
JTDec adds a tree-decomposition framework to Soot. It can be used to obtain small-width tree decompositions of Soot Methods and balance them so that they can be utilized for other analyses.
The Just-in-Time analysis concepts aims at making static analysis more usable to the end user, often the code developer. It allows analysis writers to encode prioritization properties into the analysis. At runtime, certain paths are analyzed before others, allowing important results to be returned first. Cheetah is an implementation of the Just-in-Time analysis concept for taint analysis for Android applications. It is integrated in the Eclipse IDE as a plugin.
VisuFlow is a debugging environment designed to support static analysis writers understand and debug an analysis. It is written as an Eclipse plugin, and supports static data-flow analyses written on top of the Soot analysis framework.
CryptoGuard is a static tool to detect cryptographic and SSL/TLS API misuses in Java and Android. The static data-flow analyses of CryptoGuard is written on top of the Soot. To know more about CryptoGuard, please look into our CCS'19 paper.
Mandoline is an accurate, low-overhead dynamic slicer for Android. Mandoline automatically generates a backward dynamic slice from a user-selected executed statement and variables used in the statement. Mandoline is the first dynamic slicer for Android apps that accounts for data flows through fields and framework methods. Mandoline uses soot for instrumentation and static analysis. More information about Mandoline is in our ICST'21 paper
Joern is a platform for analyzing source code, bytecode, and binary executables. It generates code property graphs (CPGs), a graph representation of code for cross-language code analysis. Code property graphs are stored in a custom graph database. This allows code to be mined using search queries formulated in a Scala-based domain-specific query language. Joern is developed with the goal of providing a useful tool for vulnerability discovery and research in static program analysis. Joern uses Soot for JVM bytecode support.
Also check out Soot's webpage.
NOTE: If you find any bugs in those tutorials (or other parts of Soot) please help us out by reporting them in our issue tracker.
- Home
- Getting Help
- Tutorials
- Reference Material
- General Notions
- Getting Started
- A Few Uses of Soot
- Using Soot as a Command-Line Tool
- Using the Soot Eclipse Plugin
- Using Soot as a Compiler Framework
- Building Soot
- Coding Conventions
- Contributing to Soot
- Updating the Soot Web Page
- Reporting Bugs
- Preparing a New Soot Release