DASCA combines dynamic and static techniques for analysing code for finding security (i.e., vulnerabilities), safety, or reliability problems.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Achim D. Brucker df3237bc28
Upgraded spray.
4 years ago
buildSrc Integrated extraction of android.jar from Android SDK based on the implementation of the WALA gradle setup. 4 years ago
com.logicalhacking.dasca.crosslanguage Upgraded spray. 4 years ago
com.logicalhacking.dasca.crosslanguage.test Moved Android SDK download into main crosslanguage project. 4 years ago
com.logicalhacking.dasca.crosslanguage.test.confidential@0d650be534 Updated submodule. 4 years ago
com.logicalhacking.dasca.dataflow Migrated to EPL 2.0. 4 years ago
com.logicalhacking.dasca.dataflow.test.data Migrated to EPL 2.0. 4 years ago
com.logicalhacking.dasca.js Migrated to EPL 2.0. 4 years ago
gradle/wrapper File hierarchy refactoring. 4 years ago
.gitignore Improved handling of Android framework archive (in particualr for Eclipse). 4 years ago
.gitmodules Integrated confidential test cases. 4 years ago
CITATION Added ESSoS 2016 publication. 7 years ago
LICENSE Migrated to EPL 2.0. 4 years ago
README.md Migrated to EPL 2.0. 4 years ago
build.gradle Added Eclipse plugin. 4 years ago
gradle.properties Upgraded to WALA 1.5.1.S.DASCA.1.0.0. 4 years ago
gradlew File hierarchy refactoring. 4 years ago
gradlew.bat File hierarchy refactoring. 4 years ago
settings.gradle Integrated confidential test cases. 4 years ago





  • Java 8 (Java 9 or later is currently not supported)
  • Eclipse Oxygen, including the following additional packages:
  • The native libraries and the JNI packages for CVC3. On a Debian-based Linux system, you need to install the package libcvc3-5-jni. CVC3 is only required for the sub-project com.logicalhacking.dasca.dataflow and the corresponding tests.

Note, if you install the Eclipse for Java EE Developers, you should get a version that includes already PDE, JSDT, and Buildship. Thus, you only need to add the Scala IDE.


The repository can be cloned as usual:

git clone https://git.logicalhacking.com/DASCA/DASCA.git

Note, if you authorized to access the confidential test cases of DASCA, you can obtain them by executing

git submodule update --init --recursive

Configuration (optional)

The dataflow analysis can be configured in various ways in the com.logicalhacking.dasca.dataflow/config/main.config file. Most importantly, if you experience problems or want to optimize the performance (e.g., by analyzing the programs based on a different Java version), you might need to configure the location of the Java JDK. The JDK used as part of the static analysis is configured in the file com.logicalhacking.dasca.dataflow/config/main.config, e.g.

echo "java_runtime_dir = <PATH-TO-JDK>" >> ./com.logicalhacking.dasca.dataflow/config/main.config

Don't forget to adjust the path to the Java JDK accordingly, i.e., the <PATH-TO-JDK> should point to the directory containing the file rt.lib.

How to Compile

First check that the variable JAVA_HOME is configured correctly, to ensure that Java 8 is used, e.g.:

export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
export PATH=$JAVA_HOME/bin:$PATH

The project can be compiled using gradle

./gradlew clean assemble test

Import into Eclipse

All projects can be imported into a (fresh) Eclipse workspace using File -> Import -> Gradle -> Existing Gradle Projects:

  1. Select the DASCA folder as source for the import
  2. Import all offered projects


Main contact: Achim D. Brucker



This project is licensed under the Eclipse Public License 2.0.

SPDX-License-Identifier: EPL-2.0

Master Repository

The master git repository for this project is hosted by the Software Assurance & Security Research Team at https://git.logicalhacking.com/DASCA/DASCA.