[Soot-list] Help Regarding Intra and Inter Procedural Analysis
LOKESH JAIN
lokeshjain92 at gmail.com
Sun Feb 8 17:03:46 EST 2015
Hi,
Any response regarding the question in last mail ?
Thanks & Regards
Lokesh Jain
On Sat, Feb 7, 2015 at 4:19 PM, LOKESH JAIN <lokeshjain92 at gmail.com> wrote:
> Hi Steven,
>
> Thanks a lot for all the help. I really appreciate it.
>
> I have 1 more question
> Since flowdroid has tendency to give memory error and it could be resolved
> by using additional options.
> My question is, i want to run flowdroid on multiple apk's of different
> sizes varying from low size to big size. Do i need to run flowdroid for
> each and every application manually (there are around 3000 apps) or there
> is some way that would help me run multiple apk's at once without doing
> additonal options settings every time.??
>
> It would be very difficult to do manual settings for these many apps
> manually.
>
> I have maximum app size of around 45 MB and i have 4 GB RAM
>
> Thanks & Regards
> Lokesh Jain
>
> On Fri, Feb 6, 2015 at 3:59 PM, Steven Arzt <Steven.Arzt at cased.de> wrote:
>
>> Hi Lokesh,
>>
>>
>>
>> If you want to analyze an Android application, use the SetupApplication
>> class. The method “runInfoflow” gives you back an InfoflowResults object.
>> For an example, look at how the command-line application uses the FlowDroid
>> API: soot.jimple.infoflow.android.TestApps.Test.
>>
>>
>>
>> To generate a dot file from the InfoflowResults object, you need to
>> iterate over the path and convert the information there to the dot format.
>>
>>
>>
>> Best regards,
>>
>> Steven
>>
>>
>>
>>
>>
>> *Von:* soot-list-bounces at CS.McGill.CA [mailto:
>> soot-list-bounces at CS.McGill.CA] *Im Auftrag von *LOKESH JAIN
>> *Gesendet:* Donnerstag, 5. Februar 2015 21:19
>> *An:* Steven Arzt
>> *Cc:* soot-list at cs.mcgill.ca; Soot list; soot-list at googlegroups.com
>>
>> *Betreff:* Re: [Soot-list] Help Regarding Intra and Inter Procedural
>> Analysis
>>
>>
>>
>> Hi,
>>
>> Oh sorry, I thought you forgot to update SourcesandSinks.txt.
>>
>> Final data flow results are stored in InfoflowResults object. I need to
>> create a graph as it is difficult to understand in console. For this I have
>> looked through soot API documentation. The nearest i could get is to the
>> class InfoFlowAnalysis, but none of the methods defined in this class has
>> InfoflowResults object as argument.
>>
>> Likewise with CallGraph object, we can create callgraph in dot format,
>> How can I create dataflow dependency graph from InfoflowResults object ?
>>
>>
>>
>> Regards
>>
>> Lokesh Jain
>>
>>
>>
>> On Thu, Feb 5, 2015 at 3:49 PM, Steven Arzt <Steven.Arzt at cased.de> wrote:
>>
>> Hi Lokesh,
>>
>>
>>
>> The SourcesAndSinks.txt file shipped with FlowDroid is just an example.
>> We have a project called SuSi (published at NDSS’14) in which we use
>> machine learning to automatically derive an almost complete set of sources
>> and sinks from the Android API implementation. To be able to better compare
>> FlowDroid with other tools, we however restricted ourselves to the small
>> set. SuSi uses the same format as FlowDroid, so you can simply copy over
>> the file is you want.
>>
>>
>>
>> The command-line application is only an example of how to use FlowDroid.
>> It was never meant to be used as the main way of interacting with the data
>> flow engine. That’s also why it is implemented in a class called
>> “soot.jimple.infoflow.android.TestApps.Test. You can look into what we do
>> there and take it as an example of how to use the FlowDroid API. The API
>> gives you the path, sources, and sinks neatly in data objects. The most
>> interesting method should be “runAnalysis”.
>>
>>
>>
>> Best regards,
>>
>> Steven
>>
>>
>>
>> *Von:* LOKESH JAIN [mailto:lokeshjain92 at gmail.com]
>> *Gesendet:* Donnerstag, 5. Februar 2015 11:15
>> *An:* Steven Arzt
>> *Cc:* soot-list at googlegroups.com; Soot list; soot-list at cs.mcgill.ca
>>
>>
>> *Betreff:* Re: [Soot-list] Help Regarding Intra and Inter Procedural
>> Analysis
>>
>>
>>
>> Hi,
>>
>> Thanks for the reply Steven.
>>
>> Yes i have increased that heap size to 3GB. I have followed the steps
>> from
>> https://github.com/secure-software-engineering/soot-infoflow-android/wiki
>> for eclipse. There it's mentioned that i need to import Heros Project.
>>
>> It's working when i decrease the --aplength to 4.
>>
>> I have tried --pathalgo contextsensitive, output of this is on command
>> line which is very messy to understand. Is there a way that i could get a
>> graph depicting these paths that would be easily understanble.?
>>
>> *Suggestion*
>>
>> Please update the SourcesAndSinks.txt. It does not contain some important
>> sources and sinks eg. gettext() function is missing from this text file.
>>
>>
>>
>> Thanks & Regards
>> Lokesh Jain
>>
>>
>>
>> On Thu, Feb 5, 2015 at 2:59 PM, Steven Arzt <Steven.Arzt at cased.de> wrote:
>>
>> Hi Lokesh,
>>
>>
>>
>> I am the maintainer of the FlowDroid project.
>>
>>
>>
>> If you get an OutOfMemory exception or the analysis is simply taking
>> forever, the most likely reason is that you run out of memory. Are you sure
>> that you actually increased the Java heap size to 3 GB using the –Xmx3g VM
>> parameter?
>>
>>
>>
>> Additionally, your FlowDroid installation seems to be out of date. Where
>> did you download it from? We don’t use the Heros solver anymore and that
>> change has been done quite a while ago. If you just need a JAR file, use
>> our nightly builds as described in the wiki:
>> https://github.com/secure-software-engineering/soot-infoflow-android/wiki.
>> If you want the code, make sure to use the “develop” branch, not “master”.
>>
>>
>>
>> The wiki also contains a number of options with which you can configure
>> the tradeoff between precision and performance. If you still run short on
>> memory even with the newest version of FlowDroid, you might try those
>> options.
>>
>>
>>
>> It’s good that you use the official Android JARs. Do **not** use those
>> from the Sable repository on Github. I think we should really add a
>> disclaimer to that repository at some point. Those are complete
>> implementations of the Android API extracted from emulators or real devices
>> which is unnecessary for almost all analyses. In FlowDroid, we have other
>> means of dealing with the Android API. Instead, use the JAR files shipped
>> with Google’s official Android SDK, you can find them in the “platforms”
>> folder of you SDK installation directory. This can make a difference of
>> tens of gigabytes of memory consumption.
>>
>>
>>
>> Your older questions looks like you are interested in the path, i.e., the
>> statements over which the taint was propagated. FlowDroid can do that for
>> you. You need to select a path reconstruction algorithm which supports full
>> paths, not only source-to-sink connections. Try “--pathalgo
>> contextsensitive” on the command-line application, that should do the
>> trick. However, note that path tracking does add some performance penalty.
>>
>>
>>
>> Best regards,
>>
>> Steven
>>
>>
>>
>>
>>
>> M.Sc. M.Sc. Steven Arzt
>>
>> Secure Software Engineering Group (SSE)
>>
>> European Center for Security and Privacy by Design (EC SPRIDE)
>>
>> Rheinstraße 75
>>
>> D-64293 Darmstadt
>>
>> Phone: +49 61 51 869-336
>>
>> Fax: +49 61 51 16-72118
>>
>> eMail: steven.arzt at ec-spride.de
>>
>> Web: http://sse.ec-spride.de
>>
>>
>>
>>
>>
>>
>>
>> *Von:* LOKESH JAIN [mailto:lokeshjain92 at gmail.com]
>> *Gesendet:* Donnerstag, 5. Februar 2015 10:19
>> *An:* soot-list at googlegroups.com; Steven Arzt; Soot list;
>> soot-list at cs.mcgill.ca
>> *Betreff:* Re: [Soot-list] Help Regarding Intra and Inter Procedural
>> Analysis
>>
>>
>>
>> Hi,
>>
>> I am getting memory error using flowdroid. I am using 3GB memory for
>> 398.1 kB android application. I am using official android.jar file of 21.8
>> MB(android-19).
>>
>> [Thread-4] ERROR heros.solver.IDESolver - Worker thread execution failed:
>> GC overhead limit exceeded
>> java.lang.OutOfMemoryError: GC overhead limit exceeded
>>
>> How do i resolve this? Also please help me with my previous question
>> posted in the same thread
>>
>> Thanks & Regards
>>
>> Lokesh Jain
>>
>>
>>
>> On Wed, Feb 4, 2015 at 10:18 PM, LOKESH JAIN <lokeshjain92 at gmail.com>
>> wrote:
>>
>> Hi,
>>
>> Thanks for the reply.
>>
>> Eric, yeah it's notifying me the flows but that's not only what i want. I
>> need to analyze the data flow.
>>
>> For eg. in the RV2013.apk i got the o/p
>> Found a flow to sink virtualinvoke $r4.<android.telephony.SmsManager:
>> void
>> sendTextMessage(java.lang.String,java.lang.String,java.lang.String,android.app.PendingIntent,android.app.PendingIntent)>($r6,
>> null, $r7, null, null) on line 31, from the following sources:
>> - $r1 = virtualinvoke $r0.<de.ecspride.RV2013: android.view.View
>> findViewById(int)>(2131165187) (in <de.ecspride.RV2013: void
>> sendSms(android.view.View)>)
>> - $r1 = virtualinvoke $r0.<de.ecspride.RV2013: android.view.View
>> findViewById(int)>(2131165184) (in <de.ecspride.RV2013: void
>> sendSms(android.view.View)>)
>>
>> I actually need the analyses(some data dependency graph) that could
>> depict the flow ,a node sendsms() followed by(i.e edge) the node gettext()
>> that is in the argument of sendTextMessage(...) followed by node
>> sendTextMessage(...) etc.
>>
>> How do i get this?? I think i could get that flow using flowdroid, but i
>> am not able to get how to i convert it to dot file.
>>
>> Dacong, I will definitely try that tool.
>>
>> Thanks & Regards
>>
>> Lokesh Jain
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> On Wed, Feb 4, 2015 at 2:05 PM, Bodden, Eric <
>> eric.bodden at sit.fraunhofer.de> wrote:
>>
>> Hi Lokesh.
>>
>> > I want to do intra and inter procedural data flow analysis for an .apk
>> file.
>> > For this I have used FlowDroid. I followed
>> https://github.com/secure-software-engineering/soot-infoflow-android/wiki
>> this tutorial in eclipse and it worked fine. But i am not able to deduce
>> anything useful from the output. Is there any way, I can get the Data
>> dependency graph from this ?
>>
>> Yes, sure. That's the main data structure that FlowDroid supports. The
>> textual output indeed won't help you much, though. FlowDroid provides
>> callbacks instead, which notify you of any flows found. That's usually how
>> people use the tool.
>>
>> > Also is FlowDroid is good option for getting Data dependency or is
>> there any other option better than this?
>>
>> There are other tools but FlowDroid is certainly one of the most stable
>> and thorough ones.
>>
>> Cheers,
>> Eric
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20150209/0c56cec5/attachment-0003.html
More information about the Soot-list
mailing list