Skip to content
Switch branches/tags
Go to file

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time


Do you have a large evaluation base to run your analysis on? Tired of rerunning the basic analyses when only your specific analysis changes? We developed OSGi modularity for static analysis to counter this.


The use of static analysis allows developers to analyze the source code of a program. On one hand, developers get accurate data representing any issues with the program. On the other hand, static analysis programs can have lengthy execution times. This results in a large amount of developer idleness, waiting for their program to execute. A developer's debug cycles can be particularly time consuming, when tweaking their analyses. They then have to wait around for long periods of time to test their minor changes. In order to avoid this needless idle time, we have looked into modularizing a static analysis program in order to cut down on time wasted.


  • Ben Hermann
  • Florian Kübler
  • Johannes Lerch
  • Patrick Müller
  • Ben Setzer


  • Java 1.8
  • Maven (At least Version 2)
  • Ant (If you want to install soot from source)
  • soot in your local maven repository (See below)
  • OSGi framework distribution, either apache felix or eclipse equinox work

Installing soot

From nightly

Download the current nightly build of Soot, for instance using curl:

curl > soot-trunk.jar

And install it using maven:

mvn org.apache.maven.plugins:maven-install-plugin:install-file -Dfile=soot-trunk.jar -DgroupId=ca.mcgill.sable -DartifactId=soot -Dversion=trunk -Dpackaging=jar

From Source

If you made Modifications of your own to Soot you need to build it yourself. This requires you to build jasmin,heros and soot (in this order) using ant publish-local-maven in each project.

Getting the Source Code

If you want to install the latest version from git, clone the repository with:

git clone

Compiling and installing

Simply use mvn package. The Resulting jars will be in the top level out directory.


In IntelliJ IDEA

In IntelliJ IDEA go to Run > Edit Configurations..., click on + and select OSGi Bundles.

Give the configuration a name of your choice and select either Felix or Equinox as OSGi Framework. (Make sure you added a OSGi Framework to IntelliJ IDEA as shown here)

Now add the SootKeeper bundles by clicking + and select framework, container and the analysis bundles (e.g. soot-bundle).

Furthermore we recommend to clean the OSGi cache on each run (in the Parameters tap, select Runtime directory: Recreate each time

In eclipse



For this example we are going to use the felix framework.

Copy the built jars from the out folder to the bundle folder of the felix framework. Run felix using in the top level folder of the felix distribution.

java -jar bin/felix.jar

Note: If you changed a bundle (e.g. your analysis) it is not sufficient enough to just replace the jar within the bundle directory for subsequent runs. Furthermore you have to delete the felix-cache directory.

Using the OSGi shell

Sootkeeper provides two commands in the OSGi shell, listAnalyses and runAnalysis and their respective shorthands la and ra.

Any listed Analysis can then be run with runAnalysis <analysisName> <Optional Parameter>.

In Addition there is the command updateAnalysis(short version:ua) which reloads the provided Analysis or the one which was run last if none is provided into the framework.

The command rep repeats the previously run analysis with the same arguments, so that you can run the commands ua, and rep when you have replaced an anlysis with a newer version.

Implement your own Analysis

The easiest way to implement an modular analysis is creating a maven project and extending our framework.

The pom.xml

Within your pom file you need to care about three things:

  1. Say maven that your project is an OSGi bundle and should be exported as one (by <packaging>bundle</packaging>).
  2. Add the SootKeeper framework to your dependencies (GroupId: de.tud.cs.peaks.osgi ArtifactId sootkeeper-framework).
  3. Configure the maven-bundle-plugin s.t. you list your packages to export (that should be used by other bundles), import (that you use from other bundles and must include the SootKeeper API de.tud.cs.peaks.osgi.framework.api.*) and the private packages (code that should be in your bundle jar but is not used outside you bundle). More over you need to set your Bundle Activator class.

Step three can be done when an implementation draft exists.

Here is an example of a valid pom.xml. Another simple example can be seen in the submodule hello-world of this project

  <project xmlns="" xmlns:xsi=""


Modularity for static analyses based on SOOT




No packages published

Contributors 4