Skip to content

Commit

Permalink
Merge pull request #4 from secure-software-engineering/main
Browse files Browse the repository at this point in the history 
Main
  • Loading branch information
@anddann
anddann authored Jan 8, 2023
2 parents 097a603 + c434db8 commit 3f88e91
Show file tree
Hide file tree
Showing 39 changed files with 2,328 additions and 2,151 deletions.
20 changes: 20 additions & 0 deletions .github/workflows/maven-deploy.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
name: Publish package to GitHub Packages
on:
release:
types: [created]
jobs:
publish:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v3
- uses: actions/setup-java@v3
with:
java-version: '11'
distribution: 'adopt'
- name: Publish package
run: mvn --batch-mode deploy
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
35 changes: 35 additions & 0 deletions .github/workflows/maven.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-maven

# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.

name: Java CI with Maven

on:
push:
branches: [ main ]
pull_request:
branches: [ main ]

jobs:
build:

runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v3
- name: Set up JDK 11
uses: actions/setup-java@v3
with:
java-version: '11'
distribution: 'adopt'
cache: maven
- name: Build with Maven
run: mvn -B package --file pom.xml

# Optional: Uploads the full dependency graph to GitHub to improve the quality of Dependabot alerts this repository can receive
# - name: Update dependency graph
# uses: advanced-security/maven-dependency-submission-action@571e99aab1055c2e71a1e2309b9691de18d6b7d6
5 changes: 4 additions & 1 deletion .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -194,4 +194,7 @@ buildNumber.properties

### allow the ecj and jdt core jar ###
!src/test/resources/ecj-3.15.1.jar
!src/test/resources/org.eclipse.jdt.core-3.15.0.jar
!src/test/resources/org.eclipse.jdt.core-3.15.0.jar
/sootdiff.iml
**/sootOutput
.idea
35 changes: 28 additions & 7 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,24 @@
![Maven Build](https://github.com/secure-software-engineering/sootdiff/actions/workflows/maven.yml/badge.svg)

# SootDiff - Bytecode Comparison Across Different Java Compilers

This repository hosts the SootDiff analysis tool. SootDiff allows the comparison of the Java ByteCode create by different Java compilers.
To do so it uses static analysis and optimizations to unify the generated ByteCode, e.g. Constant Propagation, Dead Code Elimination, String Handling. Its goal is to provide researchers and practitioners with a tool and library on which they can base their own research projects and product implementations.
This repository hosts the SootDiff analysis tool. SootDiff allows the comparison of the Java ByteCode create by
different Java compilers. To do so it uses static analysis and optimizations to unify the generated ByteCode, e.g.
Constant Propagation, Dead Code Elimination, String Handling. Its goal is to provide researchers and practitioners with
a tool and library on which they can base their own research projects and product implementations.

## Obtaining SootDiff

You can either build SootDiff on your own using Maven, or you can download a release from here on Github.

### Downloading the Release
The Release Page contains all pre-built JAR files for each release that we officially publish. We recommend using the latest and greatest version unless you have a specific issue that prevents you from doing so. In that case, please let us know.

The Release Page contains all pre-built JAR files for each release that we officially publish. We recommend using the
latest and greatest version unless you have a specific issue that prevents you from doing so. In that case, please let
us know.

### Building SootDiff with Maven

To build SootDiff with Maven run
```
mvn install
Expand All @@ -21,11 +29,24 @@ or to build a standalone `jar-with-dependencies` run
mvn clean compile assembly:single
```


## Publications
If you want to read the details on how SootDiff works, the published paper [SootDiff @SOAP'19,Phoenix, AZ, USA](https://dl.acm.org/citation.cfm?id=3329966) is a good place to start.


If you want to read the details on how SootDiff works, the published
paper [SootDiff @SOAP'19,Phoenix, AZ, USA](https://dl.acm.org/citation.cfm?id=3329966) is a good place to start.

## License
SootDiff is licensed under the MIT license, see LICENSE file. This basically means that you are free to use the tool (even in commercial, closed-source projects).

SootDiff is licensed under the MIT license, see LICENSE file. This basically means that you are free to use the tool (
even in commercial, closed-source projects).

# Use SootDiff to compare Jars

The class `src/test/java/MainCompareArtifacts.java` can be used to compare multiple jars on the basis of class sha,tlshs
and timestamps and produces a markdown report of that.

Invoke the main method with parameters `-inJars jar1,jar2,jar3 -fileFilter pathToFilterFile.txt`

The filter file can be used to specify classes of interest (e.g. classes fixed in a fixing commit). Make sure to specify
the files as they would be located in the analyzed jar, e.g., in a commit the change might be related
to `src/main/java/pack/a/b.java`, in the jar it would be referenced from the package onwards and in class
format: `pack/a/b.class`.
108 changes: 86 additions & 22 deletions pom.xml
View file
Original file line number Diff line number Diff line change
@@ -1,24 +1,23 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://maven.apache.org/POM/4.0.0"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>

<groupId>de.upb</groupId>
<artifactId>sootdiff</artifactId>
<version>1.0</version>
<version>2.3-SNAPSHOT</version>


<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
<maven-compiler-plugin.version>3.7.0</maven-compiler-plugin.version>
<maven-compiler-plugin.version>3.8.1</maven-compiler-plugin.version>
</properties>


<build>
<plugins>


<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
Expand All @@ -27,9 +26,7 @@
<source>${maven.compiler.source}</source>
<target>${maven.compiler.target}</target>
</configuration>

</plugin>

<plugin>
<artifactId>maven-assembly-plugin</artifactId>
<configuration>
Expand All @@ -44,50 +41,117 @@
</configuration>
</plugin>

<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-release-plugin</artifactId>
<version>2.5.3</version>
</plugin>


<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>3.0.0-M4</version>
<configuration>
<trimStackTrace>false</trimStackTrace>
<reuseForks>false</reuseForks>
<forkCount>1</forkCount>
</configuration>
</plugin>


<plugin>
<artifactId>exec-maven-plugin</artifactId>
<groupId>org.codehaus.mojo</groupId>
<version>1.6.0</version>
<executions>
<execution><!-- Run our version calculation script -->
<id>Compile Test Classes/Resources</id>
<phase>generate-sources</phase>
<goals>
<goal>exec</goal>
</goals>
<configuration>
<executable>${basedir}/src/test/resources/compile.sh</executable>
</configuration>
</execution>
</executions>
</plugin>

</plugins>
</build>


<dependencies>
<dependency>
<groupId>ca.mcgill.sable</groupId>
<groupId>org.soot-oss</groupId>
<artifactId>soot</artifactId>
<version>3.2.0-SNAPSHOT</version>
<version>4.2.1</version>
</dependency>


<dependency>
<groupId>commons-cli</groupId>
<artifactId>commons-cli</artifactId>
<version>1.4</version>
</dependency>

<dependency>
<groupId>io.github.java-diff-utils</groupId>
<artifactId>java-diff-utils</artifactId>
<version>4.5</version>
</dependency>





<!-- https://mvnrepository.com/artifact/commons-codec/commons-codec -->
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.14</version>
<scope>test</scope>
</dependency>

<dependency>
<groupId>com.google.code.findbugs</groupId>
<artifactId>jsr305</artifactId>
<version>3.0.2</version>
</dependency>

<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.8.1</version>
<version>3.9</version>
</dependency>

<dependency>
<groupId>io.github.java-diff-utils</groupId>
<artifactId>java-diff-utils</artifactId>
<version>4.0</version>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-annotations</artifactId>
<version>4.0.1</version>
</dependency>

<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
<version>4.13</version>
<scope>test</scope>
</dependency>

</dependencies>

<repositories>
<repository>
<id>soot-snapshot</id>
<name>soot snapshots</name>
<url>https://soot-build.cs.uni-paderborn.de/nexus/repository/swt-upb/</url>
<id>jcenter</id>
<url>https://jcenter.bintray.com/</url>
</repository>
</repositories>


<distributionManagement>
<repository>
<id>github</id>
<name>GitHub Packages</name>
<url>https://maven.pkg.github.com/secure-software-engineering/sootdiff</url>
</repository>
</distributionManagement>

</project>
Loading

0 comments on commit 3f88e91

Please sign in to comment.