1. Usage 2. Overview of the entire system
1. Usage 2. Overview of the entire system
1. Usage 2. Overview of the entire system
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
for use within Eclipse.Developing With Soot in EclipseControl-flow graph is called UnitGraph in Soot. A unit graph contains statements asnodes, and <strong>the</strong>re is an edge between two nodes if control can flow from <strong>the</strong> statementrepresented by <strong>the</strong> source node to <strong>the</strong> statement represented by <strong>the</strong> target node.A data-flow analysis associates two elements with each node in <strong>the</strong> unit graph, usuallytwo so-called flow sets: one in-set and one out-set. These sets are (1) initialized, <strong>the</strong>n (2)propagated through <strong>the</strong> unit graph along statement nodes until (3) a fixed point isreached.In <strong>the</strong> end, all you do is inspect <strong>the</strong> flow set before and after each statement. By <strong>the</strong>design <strong>of</strong> <strong>the</strong> analysis, your flow sets should tell you exactly <strong>the</strong> information you need.There exist three different kind <strong>of</strong> FlowAnalysis implementations in Soot: ForwardFlowAnalysis – this analysis starts at <strong>the</strong> entry statement <strong>of</strong> a UnitGraphand propagates forward from <strong>the</strong>re, BackwardsFlowAnalysis – this analysis starts at <strong>the</strong> exit node(s) <strong>of</strong> a Unit Graphand propagates back from <strong>the</strong>re (as an alternative you can produce<strong>the</strong> InverseGraph <strong>of</strong> your UnitGraph and use a ForwardFlowAnalysis; it does notmatter); and ForwardBranchedFlowAnalysis – this is essentially a forward analysis but it allowsyou to propagate different flow sets into different branches. For instance, if youprocess a statement like if(p!=null) <strong>the</strong>n you may propagate <strong>the</strong> into “p is not null”into <strong>the</strong> “<strong>the</strong>n” branch and “p is null” into <strong>the</strong> ”else” branch.What direction you want to use depends <strong>entire</strong>ly on your analysis problem.Displaying analysis result as tagsYou can display <strong>the</strong> result <strong>of</strong> your analysis as tags. To do so, simply add a Tag to any Host.After Eclipse has executed your analysis, it willdisplay <strong>the</strong> results stored in <strong>the</strong> tag whenyou hover over <strong>the</strong> tagged element with your mouse.[from: http://www.bodden.de/tag/soot-tutorial/]Setting up a project so that Soot can work with itChoose: File->New->Java ProjectNow you get <strong>the</strong> following window:
Give <strong>the</strong> project a name, take TestCfg for exampleClick FinishNow you get a project in your workbench as following:The java file named TestCfg.java(Note: this is only an example):public class TestCfg {public void TestFor(){int i;int a[][]=new int[3][3];for(i=0;i
Choose file <strong>system</strong> <strong>the</strong>n click NextBrowse to get your target java filesSelect your files for analyzingClick FinishBecause your codes may depends on some packages from soot, you must add <strong>the</strong> sootpath into <strong>the</strong> current build path.Configure <strong>the</strong> build pathRight click <strong>the</strong> project iconChoose: Build Path->Configure Build Path..Select <strong>the</strong> Libraries tabNow what’s on <strong>the</strong> screen is such a window:Click Add Variables..Select SOOTCLASSES <strong>the</strong>n click okClick okNow you add a special lib to your working project.
6. Fundamental Soot objectsSoot builds data structures to represent:Scene. The Scene class represents <strong>the</strong> complete environment <strong>the</strong> analysis takesplace in. Through it, you can set e.g., <strong>the</strong> application classes(The classes supplied toSoot for analysis), <strong>the</strong> main class (<strong>the</strong> one that contains <strong>the</strong> main method) andaccess information regarding interprocedural analysis (e.g., points-to information andcall graphs).SootClass. Represents a single class loaded into Soot or created using Soot.SootMethod. Represents a single method <strong>of</strong> a class.SootField. Represents a member field <strong>of</strong> a class.Body. Represents a method body and comes in different flavors, corresponding todifferent IRs (e.g., JimpleBody).These data structures are implemented using Object-Oriented techniques, and designed to beeasy to use and generic where possible.6-1 Soot ClassesFrom: http://plg.uwaterloo.ca/~olhotak/cs744/4soot.pdfFor more information, refer to this tutorial: A Survivor’s Guide to Java Program Analysis withSoot.
AppendixSoot’s home:(1)McGill Universityhttp://www.sable.mcgill.ca/soot/>(2)Ano<strong>the</strong>r wonderful sitehttp://www.brics.dk/SootGuide/>download soot:http://www.sable.mcgill.ca/soot/soot_download.htmlsoot api doc :http://www.sable.mcgill.ca/soot/doc/index.htmllocalfs://soot\sootall-<strong>2.</strong>3.0\soot-<strong>2.</strong>3.0\doc\index.htmlsoot tutorial:http://plg.uwaterloo.ca/~olhotak/cs744/http://www.sable.mcgill.ca/soot/tutorial/index.htmllocalfs:// soot\sootall-<strong>2.</strong>3.0\soot-<strong>2.</strong>3.0\tutorial\index.htmlSoot Eclipse plugin:General introhttp://www.sable.mcgill.ca/soot/eclipse/index.htmlInstallation guidehttp://www.sable.mcgill.ca/soot/eclipse/updates/Developing With Soot in Eclipsehttp://www.sable.mcgill.ca/soot/soot_in_eclipse_howto.htmlUsing <strong>the</strong> plugin with a custom main classhttp://www.sable.mcgill.ca/soot/eclipse/different-main.htmlPlugin helphttp://www.sable.mcgill.ca/soot/eclipse/ca.mcgill.sable.soot/doc/concepts/concepts.html
Change language