Around three years ago, researchers at Paderborn University succeeded in developing "SootUp", a groundbreaking innovation to "Soot", the world's leading framework for analysing and transforming Java and Android applications. Now they are taking the next big step: The researchers at the Heinz Nixdorf Institute at Paderborn University are realising the "CoSA"[1] project under the leadership of Prof. Dr. Eric Bodden's "Secure Software Engineering" group and are adding important functions to "SootUp". The aim is to enable users to adopt "SootUp" as a new standard framework for programme analysis in Java and Android. The project is being funded by the German Research Foundation (DFG) with around 1.2 million euros over a period of three years. The Fraunhofer Institute for Mechatronic Systems Design (IEM) is a project partner, the Fraunhofer Institute for Secure Information Technology (SIT) is an associated partner.
In software development, a framework is a "development framework" that is available to programmers to provide the basic architecture and functionality of software. "Soot" has evolved into a powerful framework over more than 20 years, but has presented challenges to both researchers and users due to technical shortcomings and complexity issues. To overcome these obstacles, "SootUp" was developed. The successor presents a completely redesigned, modular version and was created as part of the DFG special programme "Sustainability of research software". The number of users has grown steadily, as the new framework is easier to use, test and maintain thanks to its modernised architecture. Nevertheless, "SootUp" is not yet established. The reason for this is that the successor currently lacks functions that long-standing “Soot” users rely on. As part of "CoSA", the scientists want to add these important but not yet implemented functions so that "Soot" could be phased out gradually. This would make it possible to concentrate maintenance resources on "SootUp" in future and ensure its continued availability and maintenance in the long term.
The central project goals include generating Java and Android bytecode to enable not only the analysis but also the transformation of applications, as well as migration support from "Soot" to "SootUp" to assist "Soot" users in updating their projects. Learning materials and tutorials will also be provided. Prof. Bodden explains: "The aim of the 'CoSA' project is to extend 'SootUp' with the functions that users need most urgently. In this way, we can increase acceptance of the framework and provide users with targeted support." Kadiray Karakaya, Head of Development for "SootUp" at Paderborn University, adds: "Developing a successor to such a popular framework is a challenge in many respects. We have to ensure correctness, high quality and comparable performance in order to convince the broad community in the long term. This is how we can establish 'SootUp' for modern programme analysis."
This text was translated automatically.
[1] Full project name: "Consolidating SootUp to become a leading Static-Analysis Framework" (German: Konsolidierung von SootUp als ein führenden Rahmenwerk für statische Programmmanalyse)
