Sat 22 Jun 2019 14:00 - 14:20 at 106A - Engineering Advances for Program Analysis Tools Chair(s): Thierry Lavoie

Different Java compilers and compiler versions, e.g., javac or ecj, produce different bytecode from the same source code. This makes it hard to trace if the bytecode of an open-source library really matches the provided source code. Moreover, it prevents one from detecting which open-source libraries have been re-compiled and rebundled into a single jar, which is a common way to distribute an application. Such rebundling is problematic because it prevents one to check if the jar file contains open-source libraries with known vulnerabilities. To cope with these problems, we propose the tool SootDiff that uses Soot’s intermediate representation Jimple, in combination with code clone detection techniques, to reduce dissimilarities introduced by different compilers, and to identify clones. Our results show that SootDiff successfully identifies clones in 102 of 144 cases, whereas bytecode comparison succeeds in 58 cases only.

Sat 22 Jun

SOAP-2019-papers
14:00 - 15:30: SOAP - Engineering Advances for Program Analysis Tools at 106A
Chair(s): Thierry LavoieSynopsys, Inc.
SOAP-2019-papers14:00 - 14:20
Talk
Andreas DannPaderborn University, Ben HermannPaderborn University, Eric BoddenHeinz Nixdorf Institut, Paderborn University and Fraunhofer IEM
Pre-print
SOAP-2019-papers14:20 - 14:40
Talk
SOAP-2019-papers14:40 - 15:00
Talk
Pre-print
SOAP-2019-papers15:00 - 15:30
Talk