MQP:Static Analysis Tools

From JimboWiki
Jump to: navigation, search
MQP Navigation
MQP
MQP-Design
MQP-Prototypes
MQP-Research
  Main
  Project Overview

What We're Looking For

For the kind of static analysis we're doing, some sort of a call graph is needed to model the flow of the program and where calls to checkPermissions are going to be found. To that end, we investigated some static analysis tools that provide models of Java code and ways to inspect it.

More tools may be added as the project continues.

This page is incomplete
More work needs to be done on this page, so if somthing is missing, don't be surprised

Some Tools

Java Compiler API

The Java Compiler API provides access to the functionality of the Java Compiler, most notably the ability to create an Abstract Syntax Tree of some set of Java code. This is a straightforward tool, but does not seem to have any simple provision for creating a customizable call graph, which would be ideal for our application.

NetBeans API for Call Hierarchy

NetBeans has an API for accessing the code model used internally in the program. NetBeans itself does have a sort of call graph functionality in the "Call Hierarchy" tool. This could prove useful, but at this point in time we would rather focus on tools that aren't dependent on an IDE, and let us create a standalone application.

Soot

Soot is a "Java optimization framework," and provides a large number of tools that can (and have been) used to perform static analysis of Java programs. Soot has a number of features that we are looking for:

  1. Analyzes Java source, bytecode, and class files
  2. Creates a call graph based on class hierarchy
  3. Is free and open source (LGPL License)
  4. Can be used outside any IDE
  5. Is tested by use in a number of research applications
  6. Has a other static analysis applications (data flow analysis, points-to analysis) which could be applicable to security

Soot is a likely candidate for use in the security static analysis. More on Soot

Other Tools

Other tools that were looked at and may be considered for reference are TACLE (Type Analysis and Call Graph Construction for Eclipse), and a program verification tool called Bandera that used Soot and has an implementation of their own CallGraph class. Other tools may be considered or added as the project continues.

References

  1. Soot - http://www.sable.mcgill.ca/soot/
  2. NetBeans API for Call Hierarchy (in Java Source package) - http://bits.netbeans.org/dev/javadoc/index.html
  3. javac API - http://java.sun.com/javase/6/docs/technotes/guides/javac/index.html
  4. Larry Koved's excellent paper on access rights analysis for java - Access Rights Analysis for Java
Retrieved from "http://jimbodude.net/w/index.php?title=MQP:Static_Analysis_Tools&oldid=1900"