<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi Christian,<br>
<br>
the options that will be of interest for you are the following:<br>
<br>
-cp and -process-dir to provide paths to the jar files of the jre.
You probably want to include all jars inside JAVA_HOME/lib/, but at
the very least the rt.jar file.<br>
<br>
-include-all to remove the default filter for java packages.<br>
<br>
-whole-program to set it to a whole program analysis, i.e., there is
no main method.<br>
<br>
-allow-phantom-refs is required if you will not include all jars and
even if, there might be some platform specific classes missing.<br>
<br>
-p cg all-reachable:true as Eric already explained.<br>
<br>
-p jb use-original-names:true to use the original local variable
names (if information is provided: analyze a jdk instead of a jre to
have debug information!)<br>
<br>
More information about each option can be found here:
<a class="moz-txt-link-freetext" href="https://ssebuild.cased.de/nightly/soot/doc/soot_options.htm">https://ssebuild.cased.de/nightly/soot/doc/soot_options.htm</a><br>
<br>
Regards,<br>
Johannes<br>
<br>
<br>
<div class="moz-cite-prefix">Am 10.04.2015 um 07:44 schrieb Bodden,
Eric:<br>
</div>
<blockquote
cite="mid:90905F15-95CC-4139-9F45-777F40A284B1@sit.fraunhofer.de"
type="cite">
<pre wrap="">Hi Christian.
</pre>
<blockquote type="cite">
<pre wrap="">How do I get SOOT to load & parse (so I can get Jimple bodies) for say the entire java 1.x library.
Do I have to supply SOOT with the classes (or source code) as arguments in the call to Main.main(args) (see code below)?
Do I have to create a main class to get it to work? Or can SOOT analyze all classes I provide as arguments to Main.main(args) call without a main class & method?
</pre>
</blockquote>
<pre wrap="">
This really depends on what you want to do. If you want to do intra-procedural analysis then it should be “just” a matter of giving Soot the right command line to parse all the classes faithfully. I have a PhD student who is currently analyzing the JDK for vulnerabilities and I have asked him to provide more info on which command line he uses.
If you want to do inter-procedural analysis then it’s more tricky. The problem is that you need a call graph and this, in turn, requires some entry points. You can use "-p cg all-reachable:true” to instruct Soot to consider _all_ methods as entry points during call-graph construction. If you combine this with using CHA then this should typically give you a call graph that is sound but may be very imprecise. We are currently working towards more precise analyses of libraries but it’s a hard problem to solve.
Best wishes,
Eric
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Soot-list mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Soot-list@CS.McGill.CA">Soot-list@CS.McGill.CA</a>
<a class="moz-txt-link-freetext" href="https://mailman.CS.McGill.CA/mailman/listinfo/soot-list">https://mailman.CS.McGill.CA/mailman/listinfo/soot-list</a>
</pre>
</blockquote>
<br>
</body>
</html>