Java Code Optimization Framework Soot

Source: Internet
Author: User

Soot is a code optimization framework that can receive Java source code, bytecode, and Android APK, because it provides four intermediate representations that make analysis more convenient and therefore also used for code analysis.

The soot supports call graph construction, point-to-analysis, and so on.

Four intermediate forms of expression: Baf, Jimple, Shimple, Grimpl, here is the main understanding Jimple

jimple:typed, 3-address, statement based

In jimple, statements correspond to soot Units and can is used as such. Jimple has statements, the core statements are:nopstmt, identitystmt and assignstmt. Statements for Intraprocedural control-flow:ifstmt, goto-stmt, tableswitchstmt (corresponds to the JVM tableswitch Instru ction) and lookupswitchstmt (corresponds to the JVM lookupswitch instruction). State-ments for Interprocedural control-flow:invokestmt, returnstmt and return-voidstmt. Monitor statements:entermonitorstmt and exitmonitorstmt. The last of the are:throwstmt, retstmt (return from a JSR, not created when mak-ing jimple from byte code).

A variable starting with $ represents the stack positions, not the local variables in the original program.

In jimple, parameter values and the This reference is assigned to local vari-ables using identitystmt ' s e.g. the Stateme NTS I0: = @parameter0: int; and r0: = @this: Foo in the Bar method. By using Identitystmt's it is ensured, all local variables has at least one definition point and so it becomes explic It in the code where this is in THIS.M (); is defined. The type of this can be obtained accordingly, which is useful when handling polymorphism.

The execution of soot is divided into multiple packs (in fact, phases).

Pack naming scheme: The first letter indicates what type of ir,s for Shimple, J-Jimple, B for Baf, and G for Grimp to receive in this step.

The second letter indicates the role of the pack:b for body creation, T-user-defined transformation, O for optimizations and a for Attribu Te generation (annotation).

The most interesting pack is the Tranformation PACK:JTP, STP that allows the user to customize. User-defined tranformation can inject into these packs and they would be included in the execution of soot.

For inter-procedural analysis, soot needs to be in Whole-program mode (set-w option). In this mode, soot contains three additional steps: CG (call graph Generation), WJTP (Whole jimple Transformation pack), Wjap (Whole jimple annotation PA ck

Extend soot's main class to soot built-in analysis by adding its own analysis: depending on the analysis embedded in the inter or intra-procedural analyses. If inter-analysis, add to "WJTP" phase, intra-analysis Add to "JTP" phase.

Example: (Code taken from our Wechecker code)

Pack pack1=packmanager.v (). Getpack ("wjtp");

Pack1.add (new Transform ("Wjtp.mytrans", new Comptransfor ()));

try {

soot. Main.main (Soot_args);

}

catch (Exception e) {

Alarmlog.writetoalarm ("There may is some error for the soot");

Alarmlog.writetocommonalarm ("There may is some error for the soot");

}

Java Code Optimization Framework Soot

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.