[Soot-list] Help Regarding Intra and Inter Procedural Analysis

LOKESH JAIN lokeshjain92 at gmail.com
Thu Feb 5 05:14:46 EST 2015 

Hi,
Thanks for the reply Steven.

Yes i have increased that heap size to 3GB. I have followed the steps from
https://github.com/secure-software-engineering/soot-infoflow-android/wiki
for eclipse. There it's mentioned that i need to import Heros Project.

It's working when i decrease the --aplength to 4.

I have tried --pathalgo contextsensitive, output of this is on command line
which is very messy to understand. Is there a way that i could get a graph
depicting these paths that would be easily understanble.?

*Suggestion*
Please update the SourcesAndSinks.txt. It does not contain some important
sources and sinks eg. gettext() function is missing from this text file.

Thanks & Regards
Lokesh Jain

On Thu, Feb 5, 2015 at 2:59 PM, Steven Arzt <Steven.Arzt at cased.de> wrote:

> Hi Lokesh,
>
>
>
> I am the maintainer of the FlowDroid project.
>
>
>
> If you get an OutOfMemory exception or the analysis is simply taking
> forever, the most likely reason is that you run out of memory. Are you sure
> that you actually increased the Java heap size to 3 GB using the –Xmx3g VM
> parameter?
>
>
>
> Additionally, your FlowDroid installation seems to be out of date. Where
> did you download it from? We don’t use the Heros solver anymore and that
> change has been done quite a while ago. If you just need a JAR file, use
> our nightly builds as described in the wiki:
> https://github.com/secure-software-engineering/soot-infoflow-android/wiki.
> If you want the code, make sure to use the “develop” branch, not “master”.
>
>
>
> The wiki also contains a number of options with which you can configure
> the tradeoff between precision and performance. If you still run short on
> memory even with the newest version of FlowDroid, you might try those
> options.
>
>
>
> It’s good that you use the official Android JARs. Do **not** use those
> from the Sable repository on Github. I think we should really add a
> disclaimer to that repository at some point. Those are complete
> implementations of the Android API extracted from emulators or real devices
> which is unnecessary for almost all analyses. In FlowDroid, we have other
> means of dealing with the Android API. Instead, use the JAR files shipped
> with Google’s official Android SDK, you can find them in the “platforms”
> folder of you SDK installation directory. This can make a difference of
> tens of gigabytes of memory consumption.
>
>
>
> Your older questions looks like you are interested in the path, i.e., the
> statements over which the taint was propagated. FlowDroid can do that for
> you. You need to select a path reconstruction algorithm which supports full
> paths, not only source-to-sink connections. Try “--pathalgo
> contextsensitive” on the command-line application, that should do the
> trick. However, note that path tracking does add some performance penalty.
>
>
>
> Best regards,
>
>   Steven
>
>
>
>
>
> M.Sc. M.Sc. Steven Arzt
>
> Secure Software Engineering Group (SSE)
>
> European Center for Security and Privacy by Design (EC SPRIDE)
>
> Rheinstraße 75
>
> D-64293 Darmstadt
>
> Phone: +49 61 51 869-336
>
> Fax: +49 61 51 16-72118
>
> eMail: steven.arzt at ec-spride.de
>
> Web: http://sse.ec-spride.de
>
>
>
>
>
>
>
> *Von:* LOKESH JAIN [mailto:lokeshjain92 at gmail.com]
> *Gesendet:* Donnerstag, 5. Februar 2015 10:19
> *An:* soot-list at googlegroups.com; Steven Arzt; Soot list;
> soot-list at cs.mcgill.ca
> *Betreff:* Re: [Soot-list] Help Regarding Intra and Inter Procedural
> Analysis
>
>
>
> Hi,
>
> I am getting memory error using flowdroid. I am using 3GB memory for 398.1
> kB android application. I am using official android.jar file of 21.8
> MB(android-19).
>
> [Thread-4] ERROR heros.solver.IDESolver - Worker thread execution failed:
> GC overhead limit exceeded
> java.lang.OutOfMemoryError: GC overhead limit exceeded
>
> How do i resolve this? Also please help me with my previous question
> posted in the same thread
>
> Thanks & Regards
>
> Lokesh Jain
>
>
>
> On Wed, Feb 4, 2015 at 10:18 PM, LOKESH JAIN <lokeshjain92 at gmail.com>
> wrote:
>
> Hi,
>
> Thanks for the reply.
>
> Eric, yeah it's notifying me the flows but that's not only what i want. I
> need to analyze the data flow.
>
> For eg. in the RV2013.apk i got the o/p
> Found a flow to sink virtualinvoke $r4.<android.telephony.SmsManager: void
> sendTextMessage(java.lang.String,java.lang.String,java.lang.String,android.app.PendingIntent,android.app.PendingIntent)>($r6,
> null, $r7, null, null) on line 31, from the following sources:
>     - $r1 = virtualinvoke $r0.<de.ecspride.RV2013: android.view.View
> findViewById(int)>(2131165187) (in <de.ecspride.RV2013: void
> sendSms(android.view.View)>)
>     - $r1 = virtualinvoke $r0.<de.ecspride.RV2013: android.view.View
> findViewById(int)>(2131165184) (in <de.ecspride.RV2013: void
> sendSms(android.view.View)>)
>
> I actually need the analyses(some data dependency graph) that could depict
> the flow ,a node sendsms() followed by(i.e edge) the node gettext() that is
> in the argument of sendTextMessage(...) followed by node
> sendTextMessage(...)  etc.
>
> How do i get this?? I think i could get that flow using flowdroid, but i
> am not able to get how to i convert it to dot file.
>
> Dacong, I will definitely try that tool.
>
> Thanks & Regards
>
> Lokesh Jain
>
>
>
>
>
>
>
>
>
> On Wed, Feb 4, 2015 at 2:05 PM, Bodden, Eric <
> eric.bodden at sit.fraunhofer.de> wrote:
>
> Hi Lokesh.
>
> > I want to do intra and inter procedural data flow analysis for an .apk
> file.
> > For this I have used FlowDroid. I followed
> https://github.com/secure-software-engineering/soot-infoflow-android/wiki
> this tutorial in eclipse and it worked fine. But i am not able to deduce
> anything useful from the output. Is there any way, I can get the Data
> dependency graph from this ?
>
> Yes, sure. That's the main data structure that FlowDroid supports. The
> textual output indeed won't help you much, though. FlowDroid provides
> callbacks instead, which notify you of any flows found. That's usually how
> people use the tool.
>
> > Also is FlowDroid is good option for getting Data dependency or is there
> any other option better than this?
>
> There are other tools but FlowDroid is certainly one of the most stable
> and thorough ones.
>
> Cheers,
> Eric
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20150205/68c73068/attachment-0002.html

More information about the Soot-list mailing list