In
static program analysis
In computer science, static program analysis (also known as static analysis or static simulation) is the analysis of computer programs performed without executing them, in contrast with dynamic program analysis, which is performed on programs duri ...
, Soot is a bytecode manipulation and optimization framework consisting of
intermediate language
An intermediate representation (IR) is the data structure or code used internally by a compiler or virtual machine to represent source code. An IR is designed to be conducive to further processing, such as optimization and translation. A "good" ...
s for
Java
Java is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea (a part of Pacific Ocean) to the north. With a population of 156.9 million people (including Madura) in mid 2024, proje ...
. It has been developed by the
Sable Research Group at
McGill University
McGill University (French: Université McGill) is an English-language public research university in Montreal, Quebec, Canada. Founded in 1821 by royal charter,Frost, Stanley Brice. ''McGill University, Vol. I. For the Advancement of Learning, ...
. Soot is currently maintained by the
Secure Software Engineering Group at
Paderborn University
Paderborn University () is a public research university in Paderborn, North Rhine-Westphalia, Germany. It was founded in 1972 and 20,308 students were enrolled at the university in the winter semester 2016/2017 in 62 different degree programmes.
...
.
Soot provides four
intermediate representation
An intermediate representation (IR) is the data structure or code used internally by a compiler or virtual machine to represent source code. An IR is designed to be conducive to further processing, such as optimization and translation. A "good" ...
s for use through its
API
An application programming interface (API) is a connection between computers or between computer programs. It is a type of software interface, offering a service to other pieces of software. A document or standard that describes how to build ...
for other analysis programs to access and build upon:
* Baf: a near
bytecode
Bytecode (also called portable code or p-code) is a form of instruction set designed for efficient execution by a software interpreter. Unlike human-readable source code, bytecodes are compact numeric codes, constants, and references (normal ...
representation.
*
Jimple: a simplified version of Java source code that has a maximum of
three components per statement.
* Shimple: an
SSA variation of Jimple (similar to
GIMPLE
The GNU Compiler Collection (GCC) is a collection of compilers from the GNU Project that support various programming languages, hardware architectures, and operating systems. The Free Software Foundation (FSF) distributes GCC as free software ...
).
* Grimp: an aggregated version of Jimple suitable for
decompilation
A decompiler is a computer program that translates an executable file back into high-level source code. Unlike a compiler, which converts high-level code into machine code, a decompiler performs the reverse process. While disassemblers translate e ...
and code inspection.
The current Soot software release also contains detailed
program analyses that can be used out-of-the-box, such as
context-sensitive flow-insensitive points-to analysis,
call graph
A call graph (also known as a call multigraph) is a control-flow graph, which represents calling relationships between subroutines in a computer program. Each node represents a procedure and each edge ''(f, g)'' indicates that procedure ''f'' c ...
analysis and
domination analysis (answering the question "must event ''a'' follow event ''b''?"). It also has a decompiler called dava.
Soot is
free software
Free software, libre software, libreware sometimes known as freedom-respecting software is computer software distributed open-source license, under terms that allow users to run the software for any purpose as well as to study, change, distribut ...
available under the
GNU Lesser General Public License
The GNU Lesser General Public License (LGPL) is a free-software license published by the Free Software Foundation (FSF). The license allows developers and companies to use and integrate a software component released under the LGPL into their own ...
(LGPL).
In 2010, two research papers on Soot ( and ) were selected as IBM ''
CASCON First Decade High Impact Papers'' among 12 other papers from the 425 entries.
Jimple
Jimple is an
intermediate representation
An intermediate representation (IR) is the data structure or code used internally by a compiler or virtual machine to represent source code. An IR is designed to be conducive to further processing, such as optimization and translation. A "good" ...
of a
Java
Java is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea (a part of Pacific Ocean) to the north. With a population of 156.9 million people (including Madura) in mid 2024, proje ...
program designed to be easier to optimize than
Java bytecode
Java bytecode is the instruction set of the Java virtual machine (JVM), the language to which Java and other JVM-compatible source code is compiled. Each instruction is represented by a single byte, hence the name bytecode, making it a compact ...
. It is
typed, has a concrete syntax and is based on
three-address code
In computer science, three-address code (often abbreviated to TAC or 3AC) is an intermediate language, intermediate code used by optimizing compilers to aid in the implementation of code-improving transformations. Each TAC instruction has at most t ...
.
Jimple includes only 15 different operations, thus simplifying flow analysis. By contrast, java bytecode includes
over 200 different operations.
Unlike java bytecode, in Jimple local and stack variables are typed and Jimple is inherently type safe.
Converting to Jimple, or "Jimplifying" (after "simplifying"), is conversion of bytecode to three-address code. The idea behind the conversion, first investigated by Clark Verbrugge, is to associate a variable to each position in the stack. Hence stack operations become assignments involving the stack variables.
Example
Consider the following bytecode, which is from the
iload 1 // load variable x1, and push it on the stack
iload 2 // load variable x2, and push it on the stack
iadd // pop two values, and push their sum on the stack
istore 1 // pop a value from the stack, and store it in variable x1
The above translates to the following three-address code:
stack1 = x1 // iload 1
stack2 = x2 // iload 2
stack1 = stack1 + stack2 // iadd
x1 = stack1 // istore 1
In general the resulting code does not have
static single assignment form
In compiler design, static single assignment form (often abbreviated as SSA form or simply SSA) is a type of intermediate representation (IR) where each variable is assigned exactly once. SSA is used in most high-quality optimizing compilers for ...
.
SootUp
Soot is now succeeded by the
SootUp framework developed by the
Secure Software Engineering Group at
Paderborn University
Paderborn University () is a public research university in Paderborn, North Rhine-Westphalia, Germany. It was founded in 1972 and 20,308 students were enrolled at the university in the winter semester 2016/2017 in 62 different degree programmes.
...
.
SootUp is a complete reimplementation of Soot with a novel design, that focuses more on static program analysis, rather than bytecode optimization.
References
Further reading
* Republished in
* Republished in
*
External links
* {{official website, https://soot-oss.github.io/soot/
Scientific publications citing Soot(on
Google Scholar
Google Scholar is a freely accessible web search engine that indexes the full text or metadata of Academic publishing, scholarly literature across an array of publishing formats and disciplines. Released in Beta release, beta in November 2004, th ...
)
Free software programmed in Java (programming language)
Free computer programming tools
Static program analysis tools
McGill University