2

I have just started playing around with Soot in order to analyze .java files programmatically. From what I've read, Soot seems to be a very powerful tool for source code analysis but most of the material I found online talks about using it as a command-line tool.

I need to programmatically load classes from .java files in a given directory, construct a Program Dependence Graph (PDG) and do some Program Slicing. I am still not sure if Soot offers slicing but I can implement that myself once I have the PDG.

To get started, I tried using the code below:

Options.v().set_whole_program(true);
Options.v().set_soot_classpath("...");

SootClass c = Scene.v().loadClassAndSupport("MyClass");
c.setApplicationClass();

CHATransformer.v().transform();
CallGraph cg = Scene.v().getCallGraph();

However, it does not work. It gets stuck at the loadClassAndSupport call for a few seconds and then my program just exists abruptly, without giving any exception or anything.

If anyone has tried to use Soot programmatically, are there any other options that I need to set? Or can you point me to a tutorial where they set up Soot programmatically from scratch?

Rizkallah
  • 113
  • 6
  • Did you succed? If yes, how? – jincy abraham Feb 29 '16 at 06:30
  • 1
    I ended up using Wala (http://wala.sourceforge.net/wiki/index.php/Main_Page) to do the source code analysis that I needed. I found that it was a bit easier to use and has more documentation online. – Rizkallah Mar 01 '16 at 09:12
  • @Rizkallah would be curious to know whether wala was enough for doing program slicing. Also, your implementation is opensource? – Exploring Mar 26 '21 at 23:28

1 Answers1

0

You should not use loadClassAndSupport. Insert a "Scene transformer" instead. Slicing can be achieved by using the FlowDroid extension to Soot. It supports slicing of both Android and Java code.

Eric
  • 1,343
  • 1
  • 11
  • 19