[Soot-list] Help Regarding Intra and Inter Procedural Analysis

Steven Arzt Steven.Arzt at cased.de
Thu Feb 5 04:29:47 EST 2015 

Hi Lokesh,

 

I am the maintainer of the FlowDroid project.

 

If you get an OutOfMemory exception or the analysis is simply taking forever, the most likely reason is that you run out of memory. Are you sure that you actually increased the Java heap size to 3 GB using the –Xmx3g VM parameter?

 

Additionally, your FlowDroid installation seems to be out of date. Where did you download it from? We don’t use the Heros solver anymore and that change has been done quite a while ago. If you just need a JAR file, use our nightly builds as described in the wiki: https://github.com/secure-software-engineering/soot-infoflow-android/wiki. If you want the code, make sure to use the “develop” branch, not “master”.

 

The wiki also contains a number of options with which you can configure the tradeoff between precision and performance. If you still run short on memory even with the newest version of FlowDroid, you might try those options.

 

It’s good that you use the official Android JARs. Do *not* use those from the Sable repository on Github. I think we should really add a disclaimer to that repository at some point. Those are complete implementations of the Android API extracted from emulators or real devices which is unnecessary for almost all analyses. In FlowDroid, we have other means of dealing with the Android API. Instead, use the JAR files shipped with Google’s official Android SDK, you can find them in the “platforms” folder of you SDK installation directory. This can make a difference of tens of gigabytes of memory consumption.

 

Your older questions looks like you are interested in the path, i.e., the statements over which the taint was propagated. FlowDroid can do that for you. You need to select a path reconstruction algorithm which supports full paths, not only source-to-sink connections. Try “--pathalgo contextsensitive” on the command-line application, that should do the trick. However, note that path tracking does add some performance penalty.

 

Best regards,

  Steven

 

 

M.Sc. M.Sc. Steven Arzt

Secure Software Engineering Group (SSE)

European Center for Security and Privacy by Design (EC SPRIDE) 

Rheinstraße 75

D-64293 Darmstadt

Phone: +49 61 51 869-336

Fax: +49 61 51 16-72118

eMail:  <mailto:steven.arzt at ec-spride.de> steven.arzt at ec-spride.de

Web: http://sse.ec-spride.de <http://sse.ec-spride.de/> 

 

 

 

Von: LOKESH JAIN [mailto:lokeshjain92 at gmail.com] 
Gesendet: Donnerstag, 5. Februar 2015 10:19
An: soot-list at googlegroups.com; Steven Arzt; Soot list; soot-list at cs.mcgill.ca
Betreff: Re: [Soot-list] Help Regarding Intra and Inter Procedural Analysis

 

Hi,

I am getting memory error using flowdroid. I am using 3GB memory for 398.1 kB android application. I am using official android.jar file of 21.8 MB(android-19).

[Thread-4] ERROR heros.solver.IDESolver - Worker thread execution failed: GC overhead limit exceeded
java.lang.OutOfMemoryError: GC overhead limit exceeded



How do i resolve this? Also please help me with my previous question posted in the same thread

Thanks & Regards

Lokesh Jain

 

On Wed, Feb 4, 2015 at 10:18 PM, LOKESH JAIN <lokeshjain92 at gmail.com> wrote:

Hi,

Thanks for the reply.

Eric, yeah it's notifying me the flows but that's not only what i want. I need to analyze the data flow.

For eg. in the RV2013.apk i got the o/p
Found a flow to sink virtualinvoke $r4.<android.telephony.SmsManager: void sendTextMessage(java.lang.String,java.lang.String,java.lang.String,android.app.PendingIntent,android.app.PendingIntent)>($r6, null, $r7, null, null) on line 31, from the following sources:
    - $r1 = virtualinvoke $r0.<de.ecspride.RV2013: android.view.View findViewById(int)>(2131165187) (in <de.ecspride.RV2013: void sendSms(android.view.View)>)
    - $r1 = virtualinvoke $r0.<de.ecspride.RV2013: android.view.View findViewById(int)>(2131165184) (in <de.ecspride.RV2013: void sendSms(android.view.View)>)

I actually need the analyses(some data dependency graph) that could depict the flow ,a node sendsms() followed by(i.e edge) the node gettext() that is in the argument of sendTextMessage(...) followed by node sendTextMessage(...)  etc.

How do i get this?? I think i could get that flow using flowdroid, but i am not able to get how to i convert it to dot file.

Dacong, I will definitely try that tool.

Thanks & Regards

Lokesh Jain

 

 

 

 

On Wed, Feb 4, 2015 at 2:05 PM, Bodden, Eric <eric.bodden at sit.fraunhofer.de> wrote:

Hi Lokesh.

> I want to do intra and inter procedural data flow analysis for an .apk file.
> For this I have used FlowDroid. I followed https://github.com/secure-software-engineering/soot-infoflow-android/wiki this tutorial in eclipse and it worked fine. But i am not able to deduce anything useful from the output. Is there any way, I can get the Data dependency graph from this ?

Yes, sure. That's the main data structure that FlowDroid supports. The textual output indeed won't help you much, though. FlowDroid provides callbacks instead, which notify you of any flows found. That's usually how people use the tool.

> Also is FlowDroid is good option for getting Data dependency or is there any other option better than this?

There are other tools but FlowDroid is certainly one of the most stable and thorough ones.

Cheers,
Eric

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20150205/41c64347/attachment-0002.html

More information about the Soot-list mailing list