[Soot-list] Help Regarding Intra and Inter Procedural Analysis
Marc Miltenberger
Marc.Miltenberger at cased.de
Sat Feb 7 06:09:52 EST 2015
Hi Lokesh,
well, you can run a batch (Windows) or shell script (Linux/Mac/etc.) in
order to start flowdroid.
The raw app size you mention includes the resources, right? Consider an
app with a lot of image and video resources. Since these are not getting
analyzed, the app size can only give a hint about the settings to use.
You could use the size of classes.dex to get an idea of what settings to
use, but here is another idea:
You just try to use the most precise settings which use the most RAM.
Your script checks whether flowdroid crashes due to memory errors. In
this case you try less precise settings on this particular app.
This process can be automated using the beforementioned scripts.
Regards,
Marc Miltenberger
Am 07.02.2015 um 11:49 schrieb LOKESH JAIN:
> Hi Steven,
>
> Thanks a lot for all the help. I really appreciate it.
>
> I have 1 more question
> Since flowdroid has tendency to give memory error and it could be
> resolved by using additional options.
> My question is, i want to run flowdroid on multiple apk's of different
> sizes varying from low size to big size. Do i need to run flowdroid for
> each and every application manually (there are around 3000 apps) or
> there is some way that would help me run multiple apk's at once without
> doing additonal options settings every time.??
>
> It would be very difficult to do manual settings for these many apps
> manually.
>
> I have maximum app size of around 45 MB and i have 4 GB RAM
>
> Thanks & Regards
> Lokesh Jain
>
> On Fri, Feb 6, 2015 at 3:59 PM, Steven Arzt <Steven.Arzt at cased.de
> <mailto:Steven.Arzt at cased.de>> wrote:
>
> Hi Lokesh,____
>
> __ __
>
> If you want to analyze an Android application, use the
> SetupApplication class. The method “runInfoflow” gives you back an
> InfoflowResults object. For an example, look at how the command-line
> application uses the FlowDroid API:
> soot.jimple.infoflow.android.TestApps.Test.____
>
> __ __
>
> To generate a dot file from the InfoflowResults object, you need to
> iterate over the path and convert the information there to the dot
> format.____
>
> __ __
>
> Best regards,____
>
> Steven____
>
> __ __
>
> __ __
>
> *Von:*soot-list-bounces at CS.McGill.CA
> <mailto:soot-list-bounces at CS.McGill.CA>
> [mailto:soot-list-bounces at CS.McGill.CA
> <mailto:soot-list-bounces at CS.McGill.CA>] *Im Auftrag von *LOKESH JAIN
> *Gesendet:* Donnerstag, 5. Februar 2015 21:19
> *An:* Steven Arzt
> *Cc:* soot-list at cs.mcgill.ca <mailto:soot-list at cs.mcgill.ca>; Soot
> list; soot-list at googlegroups.com <mailto:soot-list at googlegroups.com>
>
>
> *Betreff:* Re: [Soot-list] Help Regarding Intra and Inter Procedural
> Analysis____
>
> __ __
>
> Hi,____
>
> Oh sorry, I thought you forgot to update SourcesandSinks.txt.
>
> ____
>
> Final data flow results are stored in InfoflowResults object. I need
> to create a graph as it is difficult to understand in console. For
> this I have looked through soot API documentation. The nearest i
> could get is to the class InfoFlowAnalysis, but none of the methods
> defined in this class has InfoflowResults object as argument.____
>
> Likewise with CallGraph object, we can create callgraph in dot
> format, How can I create dataflow dependency graph from
> InfoflowResults object ?____
>
> __ __
>
> Regards____
>
> Lokesh Jain____
>
> __ __
>
> On Thu, Feb 5, 2015 at 3:49 PM, Steven Arzt <Steven.Arzt at cased.de
> <mailto:Steven.Arzt at cased.de>> wrote:____
>
> Hi Lokesh,____
>
> ____
>
> The SourcesAndSinks.txt file shipped with FlowDroid is just an
> example. We have a project called SuSi (published at NDSS’14) in
> which we use machine learning to automatically derive an almost
> complete set of sources and sinks from the Android API
> implementation. To be able to better compare FlowDroid with other
> tools, we however restricted ourselves to the small set. SuSi uses
> the same format as FlowDroid, so you can simply copy over the file
> is you want.____
>
> ____
>
> The command-line application is only an example of how to use
> FlowDroid. It was never meant to be used as the main way of
> interacting with the data flow engine. That’s also why it is
> implemented in a class called
> “soot.jimple.infoflow.android.TestApps.Test. You can look into what
> we do there and take it as an example of how to use the FlowDroid
> API. The API gives you the path, sources, and sinks neatly in data
> objects. The most interesting method should be “runAnalysis”.____
>
> ____
>
> Best regards,____
>
> Steven____
>
> ____
>
> *Von:*LOKESH JAIN [mailto:lokeshjain92 at gmail.com
> <mailto:lokeshjain92 at gmail.com>]
> *Gesendet:* Donnerstag, 5. Februar 2015 11:15
> *An:* Steven Arzt
> *Cc:* soot-list at googlegroups.com
> <mailto:soot-list at googlegroups.com>; Soot list;
> soot-list at cs.mcgill.ca <mailto:soot-list at cs.mcgill.ca>____
>
>
> *Betreff:* Re: [Soot-list] Help Regarding Intra and Inter Procedural
> Analysis____
>
> ____
>
> Hi,____
>
> Thanks for the reply Steven.
>
> Yes i have increased that heap size to 3GB. I have followed the
> steps from
> https://github.com/secure-software-engineering/soot-infoflow-android/wiki
> for eclipse. There it's mentioned that i need to import Heros Project.
>
> It's working when i decrease the --aplength to 4. ____
>
> I have tried --pathalgo contextsensitive, output of this is on
> command line which is very messy to understand. Is there a way that
> i could get a graph depicting these paths that would be easily
> understanble.?____
>
> *Suggestion*____
>
> Please update the SourcesAndSinks.txt. It does not contain some
> important sources and sinks eg. gettext() function is missing from
> this text file.____
>
> ____
>
> Thanks & Regards
> Lokesh Jain____
>
> ____
>
> On Thu, Feb 5, 2015 at 2:59 PM, Steven Arzt <Steven.Arzt at cased.de
> <mailto:Steven.Arzt at cased.de>> wrote:____
>
> Hi Lokesh,____
>
> ____
>
> I am the maintainer of the FlowDroid project.____
>
> ____
>
> If you get an OutOfMemory exception or the analysis is simply taking
> forever, the most likely reason is that you run out of memory. Are
> you sure that you actually increased the Java heap size to 3 GB
> using the –Xmx3g VM parameter?____
>
> ____
>
> Additionally, your FlowDroid installation seems to be out of date.
> Where did you download it from? We don’t use the Heros solver
> anymore and that change has been done quite a while ago. If you just
> need a JAR file, use our nightly builds as described in the wiki:
> https://github.com/secure-software-engineering/soot-infoflow-android/wiki.
> If you want the code, make sure to use the “develop” branch, not
> “master”.____
>
> ____
>
> The wiki also contains a number of options with which you can
> configure the tradeoff between precision and performance. If you
> still run short on memory even with the newest version of FlowDroid,
> you might try those options.____
>
> ____
>
> It’s good that you use the official Android JARs. Do **not** use
> those from the Sable repository on Github. I think we should really
> add a disclaimer to that repository at some point. Those are
> complete implementations of the Android API extracted from emulators
> or real devices which is unnecessary for almost all analyses. In
> FlowDroid, we have other means of dealing with the Android API.
> Instead, use the JAR files shipped with Google’s official Android
> SDK, you can find them in the “platforms” folder of you SDK
> installation directory. This can make a difference of tens of
> gigabytes of memory consumption.____
>
> ____
>
> Your older questions looks like you are interested in the path,
> i.e., the statements over which the taint was propagated. FlowDroid
> can do that for you. You need to select a path reconstruction
> algorithm which supports full paths, not only source-to-sink
> connections. Try “--pathalgo contextsensitive” on the command-line
> application, that should do the trick. However, note that path
> tracking does add some performance penalty.____
>
> ____
>
> Best regards,____
>
> Steven____
>
> ____
>
> ____
>
> M.Sc. M.Sc. Steven Arzt____
>
> Secure Software Engineering Group (SSE)____
>
> European Center for Security and Privacy by Design (EC SPRIDE) ____
>
> Rheinstraße 75____
>
> D-64293 Darmstadt____
>
> Phone: +49 61 51 869-336____
>
> Fax: +49 61 51 16-72118____
>
> eMail: steven.arzt at ec-spride.de <mailto:steven.arzt at ec-spride.de>____
>
> Web: http://sse.ec-spride.de <http://sse.ec-spride.de/>____
>
> ____
>
> ____
>
> ____
>
> *Von:*LOKESH JAIN [mailto:lokeshjain92 at gmail.com
> <mailto:lokeshjain92 at gmail.com>]
> *Gesendet:* Donnerstag, 5. Februar 2015 10:19
> *An:* soot-list at googlegroups.com
> <mailto:soot-list at googlegroups.com>; Steven Arzt; Soot list;
> soot-list at cs.mcgill.ca <mailto:soot-list at cs.mcgill.ca>
> *Betreff:* Re: [Soot-list] Help Regarding Intra and Inter Procedural
> Analysis____
>
> ____
>
> Hi,
>
> I am getting memory error using flowdroid. I am using 3GB memory for
> 398.1 kB android application. I am using official android.jar file
> of 21.8 MB(android-19).
>
> [Thread-4] ERROR heros.solver.IDESolver - Worker thread execution
> failed: GC overhead limit exceeded
> java.lang.OutOfMemoryError: GC overhead limit exceeded____
>
> How do i resolve this? Also please help me with my previous question
> posted in the same thread____
>
> Thanks & Regards____
>
> Lokesh Jain____
>
> ____
>
> On Wed, Feb 4, 2015 at 10:18 PM, LOKESH JAIN <lokeshjain92 at gmail.com
> <mailto:lokeshjain92 at gmail.com>> wrote:____
>
> Hi,____
>
> Thanks for the reply.____
>
> Eric, yeah it's notifying me the flows but that's not only what i
> want. I need to analyze the data flow.
>
> For eg. in the RV2013.apk i got the o/p
> Found a flow to sink virtualinvoke
> $r4.<android.telephony.SmsManager: void
> sendTextMessage(java.lang.String,java.lang.String,java.lang.String,android.app.PendingIntent,android.app.PendingIntent)>($r6,
> null, $r7, null, null) on line 31, from the following sources:
> - $r1 = virtualinvoke $r0.<de.ecspride.RV2013: android.view.View
> findViewById(int)>(2131165187) (in <de.ecspride.RV2013: void
> sendSms(android.view.View)>)
> - $r1 = virtualinvoke $r0.<de.ecspride.RV2013: android.view.View
> findViewById(int)>(2131165184) (in <de.ecspride.RV2013: void
> sendSms(android.view.View)>)____
>
> I actually need the analyses(some data dependency graph) that could
> depict the flow ,a node sendsms() followed by(i.e edge) the node
> gettext() that is in the argument of sendTextMessage(...) followed
> by node sendTextMessage(...) etc.____
>
> How do i get this?? I think i could get that flow using flowdroid,
> but i am not able to get how to i convert it to dot file.____
>
> Dacong, I will definitely try that tool.____
>
> Thanks & Regards____
>
> Lokesh Jain____
>
> ____
>
> ____
>
> ____
>
> ____
>
> On Wed, Feb 4, 2015 at 2:05 PM, Bodden, Eric
> <eric.bodden at sit.fraunhofer.de
> <mailto:eric.bodden at sit.fraunhofer.de>> wrote:____
>
> Hi Lokesh.
>
> > I want to do intra and inter procedural data flow analysis for an
> .apk file.
> > For this I have used FlowDroid. I followed
> https://github.com/secure-software-engineering/soot-infoflow-android/wiki
> this tutorial in eclipse and it worked fine. But i am not able to
> deduce anything useful from the output. Is there any way, I can get
> the Data dependency graph from this ?
>
> Yes, sure. That's the main data structure that FlowDroid supports.
> The textual output indeed won't help you much, though. FlowDroid
> provides callbacks instead, which notify you of any flows found.
> That's usually how people use the tool.
>
> > Also is FlowDroid is good option for getting Data dependency or is
> there any other option better than this?
>
> There are other tools but FlowDroid is certainly one of the most
> stable and thorough ones.
>
> Cheers,
> Eric____
>
> ____
>
> ____
>
> ____
>
> __ __
>
>
>
>
> _______________________________________________
> Soot-list mailing list
> Soot-list at CS.McGill.CA
> https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
>
More information about the Soot-list
mailing list