DASCA combines dynamic and static techniques for analysing code for finding security (i.e., vulnerabilities), safety, or reliability problems.
Achim D. Brucker df3237bc28 Upgraded spray. 1 week ago
buildSrc Integrated extraction of android.jar from Android SDK based on the implementation of the WALA gradle setup. 3 weeks ago
com.logicalhacking.dasca.crosslanguage Upgraded spray. 1 week ago
com.logicalhacking.dasca.crosslanguage.test Moved Android SDK download into main crosslanguage project. 2 weeks ago
com.logicalhacking.dasca.crosslanguage.test.confidential @ 0d650be534 Updated submodule. 3 weeks ago
com.logicalhacking.dasca.dataflow Migrated to EPL 2.0. 3 weeks ago
com.logicalhacking.dasca.dataflow.test.data Migrated to EPL 2.0. 3 weeks ago
com.logicalhacking.dasca.js Migrated to EPL 2.0. 3 weeks ago
gradle/wrapper File hierarchy refactoring. 3 weeks ago
.gitignore Improved handling of Android framework archive (in particualr for Eclipse). 2 weeks ago
.gitmodules Integrated confidential test cases. 3 weeks ago
CITATION Added ESSoS 2016 publication. 2 years ago
LICENSE Migrated to EPL 2.0. 3 weeks ago
README.md Migrated to EPL 2.0. 3 weeks ago
build.gradle Added Eclipse plugin. 2 weeks ago
gradle.properties Upgraded to WALA 1.5.1.S.DASCA.1.0.0. 3 weeks ago
gradlew File hierarchy refactoring. 3 weeks ago
gradlew.bat File hierarchy refactoring. 3 weeks ago
settings.gradle Integrated confidential test cases. 3 weeks ago





  • Java 8 (Java 9 or later is currently not supported)
  • Eclipse Oxygen, including the following additional packages:
  • The native libraries and the JNI packages for CVC3. On a Debian-based Linux system, you need to install the package libcvc3-5-jni. CVC3 is only required for the sub-project com.logicalhacking.dasca.dataflow and the corresponding tests.

Note, if you install the Eclipse for Java EE Developers, you should get a version that includes already PDE, JSDT, and Buildship. Thus, you only need to add the Scala IDE.


The repository can be cloned as usual:

git clone https://git.logicalhacking.com/DASCA/DASCA.git

Note, if you authorized to access the confidential test cases of DASCA, you can obtain them by executing

git submodule update --init --recursive

Configuration (optional)

The dataflow analysis can be configured in various ways in the com.logicalhacking.dasca.dataflow/config/main.config file. Most importantly, if you experience problems or want to optimize the performance (e.g., by analyzing the programs based on a different Java version), you might need to configure the location of the Java JDK. The JDK used as part of the static analysis is configured in the file com.logicalhacking.dasca.dataflow/config/main.config, e.g.

echo "java_runtime_dir = <PATH-TO-JDK>" >> ./com.logicalhacking.dasca.dataflow/config/main.config

Don’t forget to adjust the path to the Java JDK accordingly, i.e., the <PATH-TO-JDK> should point to the directory containing the file rt.lib.

How to Compile

First check that the variable JAVA_HOME is configured correctly, to ensure that Java 8 is used, e.g.:

export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
export PATH=$JAVA_HOME/bin:$PATH

The project can be compiled using gradle

./gradlew clean assemble test

Import into Eclipse

All projects can be imported into a (fresh) Eclipse workspace using File -> Import -> Gradle -> Existing Gradle Projects:

  1. Select the DASCA folder as source for the import
  2. Import all offered projects


Main contact: Achim D. Brucker



This project is licensed under the Eclipse Public License 2.0.

SPDX-License-Identifier: EPL-2.0

Master Repository

The master git repository for this project is hosted by the Software Assurance & Security Research Team at https://git.logicalhacking.com/DASCA/DASCA.