SootUp is a complete reimplementation of the Soot framework for static analysis. Over the last two decades, Soot has gained popularity within the research community. However, some of Soot’s original design decisions no longer fully meet the current requirements of the static analysis researchers.

This tutorial introduces the SootUp framework and how it addresses many of the major shortcomings of Soot. We walk through the unique features and functionalities of SootUp, highlighting its novel design choices that better align with the current demands of static code analysis. Throughout the tutorial, we guide the users through SootUp’s new intuitive API. We aim to ensure that both newcomers and individuals familiar with Soot can seamlessly leverage the enhanced capabilities of SootUp.

By the end of this tutorial, users should gain a comprehensive understanding of how to integrate SootUp into their workflow for static code analysis. We provide practical examples, step-by-step instructions, and insights into how SootUp can be used for a diverse set of purposes, including call graph construction, intra-, and inter-procedural program analysis.