Users of Soot

Commercial Projects

Those can be both closed-source and open source.

Viadee Process Application Validator

The Viadee Process Application Validator is a BSD-licensed open-source tool that identifies potential problems in automated business processes, i.e. process applications that need to make assumptions about the underlying Java code, implementing the process. It is currently tailored for use with the Camunda ecosystem and available on Github.

Research Projects

CogniCrypt

CogniCrypt comprises a static analysis to identify misuses of cryptography APIs. The static analysis uses IDE/AL and Boomerang based on WPDS (see below). The implementation is available as an official Eclipse open-source project.

WPDS

Weighted Pushdown Systems (WDPS) are our preferred way of implementing efficient field, context and flow-sensitive static data-flow analyses, as described in our POPL 2019 paper. WDPS are more expressive than IFDS and IDE (see below). Further, our implementation of Synchronized PDS, as described in the paper, yields additional performance for field-sensitive analyses. The repository also comprises a very efficient, WPDS-based implementation of Boomerang and IDE/AL (see below).

Boomerang

Boomerang is a demand-driven pointer analysis for Java built on top of Soot and Heros. Boomerang is context-,field, and flow-sensitive and efficiently answers pointer queries on demand. For a given variable at a statement, Boomerang computes (1) all potential objects a variable refers to a runtime (in form of their allocation statements) and (2) all other local variables pointing to the same objects. This repository here contains an updated and more efficient variant of Boomerang, based on WPDS, see above.

IDE/AL

IDE/AL builts on top of Boomerang and Heros and enables an alias-aware data-flow analysis, for instance, an alias-aware typestate analysis. IDE/AL automatically computes and constructs data-flow between aliases with a minimal overhead: Alias information is only compute where necessary. This repository here contains an updated and more efficient variant of IDE/AL, based on WPDS, see above.

Heros

Heros supports the template-driven inter-procedural data-flow analysis of applications using the IFDS and IDE frameworks. Using Heros, you can quickly prototype context and flow-sensitive data-flow analyses by simply defining a set of flow functions.

FlowDroid

FlowDroid supports the analysis of Android apps. It comprises an entry-point generator that allows you to simulate the events of the Android lifecycle. Moreover, it supports the automated tracking of both explicit and implicit information flows.

TamiFlex

TamiFlex allows you to collect information about reflective calls and incorporate them into your static analysis. Also, it can be used to incorporate offline-transformed classes into an application's class-loading process.

Soot-Scala

Soot-Scala is a Scala thin wrapper around many parts of the Soot API to make it follow Scala conventions. It includes many implicit classes that follow the Pimp-my-library pattern and a few extractors to use in Scala match statements.

JavaEE Entry Point Generator

The JavaEE Entry Point Generator creates entry points for Jax-WS web services and Servlets. Servlet information can be loaded from web.xml or from the code. Jax-WS information is always loaded from the code. Servlets' access control restrictions and filters are integrated in the entry points we generate.

Averroes

Averroes is a standalone tool that generates a placeholder library over-approximating the possible behaviour of the original library. The placeholder library can be constructed quickly without analyzing the whole program, and is typically in the order of 80 kB of classes (comparatively, the Java standard library is 25 MB). Any existing whole-program call graph construction framework, including Soot, can use the placeholder library as a replacement for the actual libraries to efficiently construct a sound and precise application call graph. The current version of Averroes is both context-insensitive and flow-insensitive.

JTDec

JTDec adds a tree-decomposition framework to Soot. It can be used to obtain small-width tree decompositions of Soot Methods and balance them so that they can be utilized for other analyses.

Cheetah

The Just-in-Time analysis concepts aims at making static analysis more usable to the end user, often the code developer. It allows analysis writers to encode prioritization properties into the analysis. At runtime, certain paths are analyzed before others, allowing important results to be returned first. Cheetah is an implementation of the Just-in-Time analysis concept for taint analysis for Android applications. It is integrated in the Eclipse IDE as a plugin.

VisuFlow

VisuFlow is a debugging environment designed to support static analysis writers understand and debug an analysis. It is written as an Eclipse plugin, and supports static data-flow analyses written on top of the Soot analysis framework.

CryptoGuard

CryptoGuard is a static tool to detect cryptographic and SSL/TLS API misuses in Java and Android. The static data-flow analyses of CryptoGuard is written on top of the Soot. To know more about CryptoGuard, please look into our CCS'19 paper.

Mandoline

Mandoline is an accurate, low-overhead dynamic slicer for Android. Mandoline automatically generates a backward dynamic slice from a user-selected executed statement and variables used in the statement. Mandoline is the first dynamic slicer for Android apps that accounts for data flows through fields and framework methods. Mandoline uses soot for instrumentation and static analysis. More information about Mandoline is in our ICST'21 paper

Joern

Joern is a platform for analyzing source code, bytecode, and binary executables. It generates code property graphs (CPGs), a graph representation of code for cross-language code analysis. Code property graphs are stored in a custom graph database. This allows code to be mined using search queries formulated in a Scala-based domain-specific query language. Joern is developed with the goal of providing a useful tool for vulnerability discovery and research in static program analysis. Joern uses Soot for JVM bytecode support.

Your project here...

Also check out Soot's webpage.

NOTE: If you find any bugs in those tutorials (or other parts of Soot) please help us out by reporting them in our issue tracker.

Home
Getting Help
Tutorials
Reference Material
General Notions
Getting Started
A Few Uses of Soot
Using Soot as a Command-Line Tool
- Annotation Options for Array Bounds Checks and Null Pointer Checks
- Using Side Effect Attributes
Using the Soot Eclipse Plugin
- Eclipse Plugin Installation
Using Soot as a Compiler Framework
Building Soot
Coding Conventions
Contributing to Soot
Updating the Soot Web Page
Reporting Bugs
Preparing a New Soot Release

Provide feedback

Saved searches

Use saved searches to filter your results more quickly