[Soot-list] Help Regarding Intra and Inter Procedural Analysis
LOKESH JAIN
lokeshjain92 at gmail.com
Mon Feb 9 03:47:14 EST 2015
Hi,
Thanks Eric for reply.
Ok. I will try and run on 16 GB RAM.
Thanks a lot once again for all the help.
Regards
Lokesh Jain
On Mon, Feb 9, 2015 at 12:48 PM, Bodden, Eric <eric.bodden at sit.fraunhofer.de
> wrote:
> Best use a shell script to do so. But 4GB RAM likely won't be sufficient,
> let me say that upfront. We have done many improvements but apps using 16GB
> are still quite common.
>
> Cheers,
> Eric
>
> > On 08.02.2015, at 23:03, LOKESH JAIN <lokeshjain92 at gmail.com> wrote:
> >
> > Hi,
> >
> > Any response regarding the question in last mail ?
> >
> > Thanks & Regards
> > Lokesh Jain
> >
> > On Sat, Feb 7, 2015 at 4:19 PM, LOKESH JAIN <lokeshjain92 at gmail.com>
> wrote:
> > Hi Steven,
> >
> > Thanks a lot for all the help. I really appreciate it.
> >
> > I have 1 more question
> > Since flowdroid has tendency to give memory error and it could be
> resolved by using additional options.
> > My question is, i want to run flowdroid on multiple apk's of different
> sizes varying from low size to big size. Do i need to run flowdroid for
> each and every application manually (there are around 3000 apps) or there
> is some way that would help me run multiple apk's at once without doing
> additonal options settings every time.??
> >
> > It would be very difficult to do manual settings for these many apps
> manually.
> >
> > I have maximum app size of around 45 MB and i have 4 GB RAM
> >
> > Thanks & Regards
> > Lokesh Jain
> >
> > On Fri, Feb 6, 2015 at 3:59 PM, Steven Arzt <Steven.Arzt at cased.de>
> wrote:
> > Hi Lokesh,
> >
> >
> >
> > If you want to analyze an Android application, use the SetupApplication
> class. The method “runInfoflow” gives you back an InfoflowResults object.
> For an example, look at how the command-line application uses the FlowDroid
> API: soot.jimple.infoflow.android.TestApps.Test.
> >
> >
> >
> > To generate a dot file from the InfoflowResults object, you need to
> iterate over the path and convert the information there to the dot format.
> >
> >
> >
> > Best regards,
> >
> > Steven
> >
> >
> >
> >
> >
> > Von: soot-list-bounces at CS.McGill.CA [mailto:
> soot-list-bounces at CS.McGill.CA] Im Auftrag von LOKESH JAIN
> > Gesendet: Donnerstag, 5. Februar 2015 21:19
> > An: Steven Arzt
> > Cc: soot-list at cs.mcgill.ca; Soot list; soot-list at googlegroups.com
> >
> >
> > Betreff: Re: [Soot-list] Help Regarding Intra and Inter Procedural
> Analysis
> >
> >
> >
> > Hi,
> >
> > Oh sorry, I thought you forgot to update SourcesandSinks.txt.
> >
> >
> > Final data flow results are stored in InfoflowResults object. I need to
> create a graph as it is difficult to understand in console. For this I have
> looked through soot API documentation. The nearest i could get is to the
> class InfoFlowAnalysis, but none of the methods defined in this class has
> InfoflowResults object as argument.
> >
> > Likewise with CallGraph object, we can create callgraph in dot format,
> How can I create dataflow dependency graph from InfoflowResults object ?
> >
> >
> >
> > Regards
> >
> > Lokesh Jain
> >
> >
> >
> > On Thu, Feb 5, 2015 at 3:49 PM, Steven Arzt <Steven.Arzt at cased.de>
> wrote:
> >
> > Hi Lokesh,
> >
> >
> >
> > The SourcesAndSinks.txt file shipped with FlowDroid is just an example.
> We have a project called SuSi (published at NDSS’14) in which we use
> machine learning to automatically derive an almost complete set of sources
> and sinks from the Android API implementation. To be able to better compare
> FlowDroid with other tools, we however restricted ourselves to the small
> set. SuSi uses the same format as FlowDroid, so you can simply copy over
> the file is you want.
> >
> >
> >
> > The command-line application is only an example of how to use FlowDroid.
> It was never meant to be used as the main way of interacting with the data
> flow engine. That’s also why it is implemented in a class called
> “soot.jimple.infoflow.android.TestApps.Test. You can look into what we do
> there and take it as an example of how to use the FlowDroid API. The API
> gives you the path, sources, and sinks neatly in data objects. The most
> interesting method should be “runAnalysis”.
> >
> >
> >
> > Best regards,
> >
> > Steven
> >
> >
> >
> > Von: LOKESH JAIN [mailto:lokeshjain92 at gmail.com]
> > Gesendet: Donnerstag, 5. Februar 2015 11:15
> > An: Steven Arzt
> > Cc: soot-list at googlegroups.com; Soot list; soot-list at cs.mcgill.ca
> >
> >
> > Betreff: Re: [Soot-list] Help Regarding Intra and Inter Procedural
> Analysis
> >
> >
> >
> > Hi,
> >
> > Thanks for the reply Steven.
> >
> > Yes i have increased that heap size to 3GB. I have followed the steps
> from
> https://github.com/secure-software-engineering/soot-infoflow-android/wiki
> for eclipse. There it's mentioned that i need to import Heros Project.
> >
> > It's working when i decrease the --aplength to 4.
> >
> > I have tried --pathalgo contextsensitive, output of this is on command
> line which is very messy to understand. Is there a way that i could get a
> graph depicting these paths that would be easily understanble.?
> >
> > *Suggestion*
> >
> > Please update the SourcesAndSinks.txt. It does not contain some
> important sources and sinks eg. gettext() function is missing from this
> text file.
> >
> >
> >
> > Thanks & Regards
> > Lokesh Jain
> >
> >
> >
> > On Thu, Feb 5, 2015 at 2:59 PM, Steven Arzt <Steven.Arzt at cased.de>
> wrote:
> >
> > Hi Lokesh,
> >
> >
> >
> > I am the maintainer of the FlowDroid project.
> >
> >
> >
> > If you get an OutOfMemory exception or the analysis is simply taking
> forever, the most likely reason is that you run out of memory. Are you sure
> that you actually increased the Java heap size to 3 GB using the –Xmx3g VM
> parameter?
> >
> >
> >
> > Additionally, your FlowDroid installation seems to be out of date. Where
> did you download it from? We don’t use the Heros solver anymore and that
> change has been done quite a while ago. If you just need a JAR file, use
> our nightly builds as described in the wiki:
> https://github.com/secure-software-engineering/soot-infoflow-android/wiki.
> If you want the code, make sure to use the “develop” branch, not “master”.
> >
> >
> >
> > The wiki also contains a number of options with which you can configure
> the tradeoff between precision and performance. If you still run short on
> memory even with the newest version of FlowDroid, you might try those
> options.
> >
> >
> >
> > It’s good that you use the official Android JARs. Do *not* use those
> from the Sable repository on Github. I think we should really add a
> disclaimer to that repository at some point. Those are complete
> implementations of the Android API extracted from emulators or real devices
> which is unnecessary for almost all analyses. In FlowDroid, we have other
> means of dealing with the Android API. Instead, use the JAR files shipped
> with Google’s official Android SDK, you can find them in the “platforms”
> folder of you SDK installation directory. This can make a difference of
> tens of gigabytes of memory consumption.
> >
> >
> >
> > Your older questions looks like you are interested in the path, i.e.,
> the statements over which the taint was propagated. FlowDroid can do that
> for you. You need to select a path reconstruction algorithm which supports
> full paths, not only source-to-sink connections. Try “--pathalgo
> contextsensitive” on the command-line application, that should do the
> trick. However, note that path tracking does add some performance penalty.
> >
> >
> >
> > Best regards,
> >
> > Steven
> >
> >
> >
> >
> >
> > M.Sc. M.Sc. Steven Arzt
> >
> > Secure Software Engineering Group (SSE)
> >
> > European Center for Security and Privacy by Design (EC SPRIDE)
> >
> > Rheinstraße 75
> >
> > D-64293 Darmstadt
> >
> > Phone: +49 61 51 869-336
> >
> > Fax: +49 61 51 16-72118
> >
> > eMail: steven.arzt at ec-spride.de
> >
> > Web: http://sse.ec-spride.de
> >
> >
> >
> >
> >
> >
> >
> > Von: LOKESH JAIN [mailto:lokeshjain92 at gmail.com]
> > Gesendet: Donnerstag, 5. Februar 2015 10:19
> > An: soot-list at googlegroups.com; Steven Arzt; Soot list;
> soot-list at cs.mcgill.ca
> > Betreff: Re: [Soot-list] Help Regarding Intra and Inter Procedural
> Analysis
> >
> >
> >
> > Hi,
> >
> > I am getting memory error using flowdroid. I am using 3GB memory for
> 398.1 kB android application. I am using official android.jar file of 21.8
> MB(android-19).
> >
> > [Thread-4] ERROR heros.solver.IDESolver - Worker thread execution
> failed: GC overhead limit exceeded
> > java.lang.OutOfMemoryError: GC overhead limit exceeded
> >
> > How do i resolve this? Also please help me with my previous question
> posted in the same thread
> >
> > Thanks & Regards
> >
> > Lokesh Jain
> >
> >
> >
> > On Wed, Feb 4, 2015 at 10:18 PM, LOKESH JAIN <lokeshjain92 at gmail.com>
> wrote:
> >
> > Hi,
> >
> > Thanks for the reply.
> >
> > Eric, yeah it's notifying me the flows but that's not only what i want.
> I need to analyze the data flow.
> >
> > For eg. in the RV2013.apk i got the o/p
> > Found a flow to sink virtualinvoke $r4.<android.telephony.SmsManager:
> void
> sendTextMessage(java.lang.String,java.lang.String,java.lang.String,android.app.PendingIntent,android.app.PendingIntent)>($r6,
> null, $r7, null, null) on line 31, from the following sources:
> > - $r1 = virtualinvoke $r0.<de.ecspride.RV2013: android.view.View
> findViewById(int)>(2131165187) (in <de.ecspride.RV2013: void
> sendSms(android.view.View)>)
> > - $r1 = virtualinvoke $r0.<de.ecspride.RV2013: android.view.View
> findViewById(int)>(2131165184) (in <de.ecspride.RV2013: void
> sendSms(android.view.View)>)
> >
> > I actually need the analyses(some data dependency graph) that could
> depict the flow ,a node sendsms() followed by(i.e edge) the node gettext()
> that is in the argument of sendTextMessage(...) followed by node
> sendTextMessage(...) etc.
> >
> > How do i get this?? I think i could get that flow using flowdroid, but i
> am not able to get how to i convert it to dot file.
> >
> > Dacong, I will definitely try that tool.
> >
> > Thanks & Regards
> >
> > Lokesh Jain
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > On Wed, Feb 4, 2015 at 2:05 PM, Bodden, Eric <
> eric.bodden at sit.fraunhofer.de> wrote:
> >
> > Hi Lokesh.
> >
> > > I want to do intra and inter procedural data flow analysis for an .apk
> file.
> > > For this I have used FlowDroid. I followed
> https://github.com/secure-software-engineering/soot-infoflow-android/wiki
> this tutorial in eclipse and it worked fine. But i am not able to deduce
> anything useful from the output. Is there any way, I can get the Data
> dependency graph from this ?
> >
> > Yes, sure. That's the main data structure that FlowDroid supports. The
> textual output indeed won't help you much, though. FlowDroid provides
> callbacks instead, which notify you of any flows found. That's usually how
> people use the tool.
> >
> > > Also is FlowDroid is good option for getting Data dependency or is
> there any other option better than this?
> >
> > There are other tools but FlowDroid is certainly one of the most stable
> and thorough ones.
> >
> > Cheers,
> > Eric
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > Soot-list mailing list
> > Soot-list at CS.McGill.CA
> > https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
>
> --
> Prof. Eric Bodden, Ph.D., http://sse.ec-spride.de/ http://bodden.de/
> Head of Secure Software Engineering at Fraunhofer SIT, TU Darmstadt and EC
> SPRIDE
> Tel: +49 6151 16-75422 Fax: +49 6151 869-127
> Room B5.11, Fraunhofer SIT, Rheinstraße 75, 64295 Darmstadt
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20150209/7c899d20/attachment-0003.html
More information about the Soot-list
mailing list