Java Code Examples for soot.jimple.Stmt#addTag()
The following examples show how to use
soot.jimple.Stmt#addTag() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: DominatorsTagger.java From JAADAS with GNU General Public License v3.0 | 6 votes |
|
protected void internalTransform(
Body b, String phaseName, Map opts)
{
MHGDominatorsFinder analysis = new MHGDominatorsFinder(new ExceptionalUnitGraph(b));
Iterator it = b.getUnits().iterator();
while (it.hasNext()){
Stmt s = (Stmt)it.next();
List dominators = analysis.getDominators(s);
Iterator dIt = dominators.iterator();
while (dIt.hasNext()){
Stmt ds = (Stmt)dIt.next();
String info = ds+" dominates "+s;
s.addTag(new LinkTag(info, ds, b.getMethod().getDeclaringClass().getName(), "Dominators"));
}
}
}
Example 2
| Source File: CodePositionTracking.java From FuzzDroid with Apache License 2.0 | 5 votes |
|
@Override
protected void internalTransform(Body b, String phaseName, Map<String, String> options) {
// Do not instrument methods in framework classes
if (!canInstrumentMethod(b.getMethod()))
return;
// Make a reference to the tracker method
SootMethodRef ref = Scene.v().makeMethodRef(
Scene.v().getSootClass(UtilInstrumenter.JAVA_CLASS_FOR_CODE_POSITIONS),
"setLastExecutedStatement",
Collections.<Type>singletonList(IntType.v()),
VoidType.v(),
true);
final String methodSig = b.getMethod().getSignature();
// Iterate over all the units and add a unit that sets the current
// execution pointer
int curLineNum = 0;
for (Iterator<Unit> unitIt = b.getUnits().snapshotIterator(); unitIt.hasNext(); ) {
Unit curUnit = unitIt.next();
// If we're still inside the IdentityStmt block, there's nothing to
// instrument
if (curUnit instanceof IdentityStmt ||
// If this unit was instrumented by another transformer, there's nothing to instrument
curUnit.hasTag(InstrumentedCodeTag.name))
continue;
// Get the current code positions
CodePosition codePos = codePositionManager.getCodePositionForUnit(curUnit,
methodSig, curLineNum++, ((Stmt) curUnit).getJavaSourceStartLineNumber());
Stmt setCodePosStmt = Jimple.v().newInvokeStmt(
Jimple.v().newStaticInvokeExpr(ref, IntConstant.v(codePos.getID())));
setCodePosStmt.addTag(new InstrumentedCodeTag());
b.getUnits().insertAfter(setCodePosStmt, curUnit);
}
}
Example 3
| Source File: GoalReachedTracking.java From FuzzDroid with Apache License 2.0 | 5 votes |
|
@Override
protected void internalTransform(Body b, String phaseName,
Map<String, String> options) {
// Do not instrument methods in framework classes
if (!canInstrumentMethod(b.getMethod()))
return;
// Create method references
final SootMethodRef targetReachedRef = Scene.v().makeMethodRef(
Scene.v().getSootClass(UtilInstrumenter.JAVA_CLASS_FOR_CODE_POSITIONS),
"reportTargetReachedSynchronous",
Collections.<Type>emptyList(),
VoidType.v(),
true);
// Iterate over the method and find calls to the target methods
for (Iterator<Unit> unitIt = b.getUnits().snapshotIterator(); unitIt.hasNext(); ) {
Stmt stmt = (Stmt) unitIt.next();
if(targetSignatures.contains(stmt)){
// Notify the server that the target was reached
Stmt reachedStmt = Jimple.v().newInvokeStmt(
Jimple.v().newStaticInvokeExpr(targetReachedRef));
reachedStmt.addTag(new InstrumentedCodeTag());
b.getUnits().insertBefore(reachedStmt, stmt);
}
}
}
Example 4
| Source File: CrashReporterInjection.java From FuzzDroid with Apache License 2.0 | 5 votes |
|
@Override
protected void internalTransform(String phaseName,
Map<String, String> options) {
// Make a reference to the registration method
SootMethodRef ref = Scene.v().makeMethodRef(
Scene.v().getSootClass(UtilInstrumenter.JAVA_CLASS_FOR_CRASH_REPORTING),
"registerExceptionHandler",
Collections.<Type>emptyList(),
VoidType.v(),
true);
for (String sig : methodsToInstrument) {
try{
SootMethod sm = Scene.v().grabMethod(sig);
if(sm == null)
continue;
for (Iterator<Unit> unitIt = sm.getActiveBody().getUnits()
.snapshotIterator(); unitIt.hasNext(); ) {
Unit curUnit = unitIt.next();
// If we're still inside the IdentityStmt block, there's nothing to
// instrument
if (curUnit instanceof IdentityStmt)
continue;
// Put the registration in
Stmt stmt = Jimple.v().newInvokeStmt(Jimple.v().newStaticInvokeExpr(ref));
stmt.addTag(new InstrumentedCodeTag());
sm.getActiveBody().getUnits().insertAfter(stmt, curUnit);
break;
}
}catch(Exception ex) {
ex.printStackTrace();
}
}
}
Example 5
| Source File: DynamicValueTransformer.java From FuzzDroid with Apache License 2.0 | 4 votes |
|
private void checkAndReport(Body b, Stmt curStmt, Value value, int paramIdx) {
LocalGenerator localGenerator = new LocalGenerator(b);
RefType stringType = RefType.v("java.lang.String");
Value lhs = value;
if(lhs instanceof StringConstant)
return;
else if(lhs instanceof IntConstant)
return;
// If this is a CharSequence, we need to convert it into a string
if (lhs.getType() == RefType.v("java.lang.CharSequence") ||
lhs.getType() == RefType.v("java.lang.StringBuilder") && lhs instanceof Local) {
SootMethodRef toStringRef = Scene.v().getMethod("<java.lang.Object: "
+ "java.lang.String toString()>").makeRef();
Local stringLocal = localGenerator.generateLocal(stringType);
Stmt stringAssignStmt = Jimple.v().newAssignStmt(stringLocal,
Jimple.v().newVirtualInvokeExpr((Local) lhs, toStringRef));
stringAssignStmt.addTag(new InstrumentedCodeTag());
b.getUnits().insertBefore(stringAssignStmt, curStmt);
lhs = stringLocal;
}
else if (lhs.getType() != IntType.v() && lhs.getType() != stringType)
return;
//new String() case
if (value instanceof NewExpr)
return;
// Depending on the type of the value, we might need an intermediate local
if (!(lhs instanceof Local)) {
Local newLhs = localGenerator.generateLocal(lhs.getType());
AssignStmt assignLocalStmt = Jimple.v().newAssignStmt(newLhs, lhs);
assignLocalStmt.addTag(new InstrumentedCodeTag());
b.getUnits().insertBefore(assignLocalStmt, curStmt);
lhs = newLhs;
}
// Report the value
Stmt reportValueStmt;
if (lhs.getType() == stringType) {
reportValueStmt = Jimple.v().newInvokeStmt(
Jimple.v().newStaticInvokeExpr(refString, lhs, IntConstant.v(paramIdx)));
}
else if (lhs.getType() == IntType.v()) {
reportValueStmt = Jimple.v().newInvokeStmt(
Jimple.v().newStaticInvokeExpr(refInt, lhs, IntConstant.v(paramIdx)));
}
else
return;
reportValueStmt.addTag(new InstrumentedCodeTag());
b.getUnits().insertBefore(reportValueStmt, curStmt);
}
Example 6
| Source File: GlobalInstanceTransformer.java From FuzzDroid with Apache License 2.0 | 4 votes |
|
@Override
protected void internalTransform(String phaseName, Map<String, String> options) {
// Get some system components
SootClass scActivity = Scene.v().getSootClassUnsafe("android.app.Activity");
SootClass scService = Scene.v().getSootClassUnsafe("android.app.Service");
SootClass scBroadcastReceiver = Scene.v().getSootClassUnsafe("android.app.BroadcastReceiver");
SootClass scContentProvider = Scene.v().getSootClassUnsafe("android.app.ContentProvider");
// Get the registration class
SootClass scRegistrar = Scene.v().getSootClassUnsafe("de.tu_darmstadt.sse.additionalappclasses.ComponentCallerService");
SootMethodRef smRegistrarRef = scRegistrar.getMethodByName("registerGlobalInstance").makeRef();
// Get the getClass() method
Type classType = Scene.v().getType("java.lang.Class");
SootMethodRef smGetClass = Scene.v().getObjectType().getSootClass().getMethod("java.lang.Class getClass()").makeRef();
// Is this an Android component?
for (SootClass sc : Scene.v().getApplicationClasses()) {
// We only instrument user code
if (!UtilInstrumenter.isAppDeveloperCode(sc))
continue;
// Is this class a component?
if (Scene.v().getOrMakeFastHierarchy().canStoreType(sc.getType(), scActivity.getType())
|| Scene.v().getOrMakeFastHierarchy().canStoreType(sc.getType(), scService.getType())
|| Scene.v().getOrMakeFastHierarchy().canStoreType(sc.getType(), scBroadcastReceiver.getType())
|| Scene.v().getOrMakeFastHierarchy().canStoreType(sc.getType(), scContentProvider.getType())) {
Body b = null;
Local locThis = null;
Unit lastUnit = null;
// Do we already have a constructor?
SootMethod cons = sc.getMethodUnsafe("void <init>()");
if (cons == null) {
SootMethod smSuperClassCons = sc.getSuperclass().getMethodUnsafe("void <init>()");
if (smSuperClassCons == null)
continue;
// Create the new constructor
cons = new SootMethod("<init>", Collections.<Type>emptyList(), VoidType.v());
sc.addMethod(cons);
cons.setActiveBody(b = Jimple.v().newBody(cons));
// Add a reference to the "this" object
locThis = Jimple.v().newLocal("this", sc.getType());
b.getLocals().add(locThis);
b.getUnits().add(Jimple.v().newIdentityStmt(locThis, Jimple.v().newThisRef(sc.getType())));
// Add a call to the superclass constructor
b.getUnits().add(Jimple.v().newInvokeStmt(Jimple.v().newSpecialInvokeExpr(locThis,
smSuperClassCons.makeRef())));
// Add a return statement
b.getUnits().add(lastUnit = Jimple.v().newReturnVoidStmt());
}
else {
b = cons.getActiveBody();
locThis = b.getThisLocal();
// Find where we can inject out code. We must have called
// the super constructor first, or the Dalvik verifier will
// complain that the "this" local is not yet initialized.
for (Unit u : b.getUnits()) {
Stmt s = (Stmt) u;
if (s.containsInvokeExpr()) {
InvokeExpr iexpr = s.getInvokeExpr();
if (iexpr instanceof SpecialInvokeExpr) {
if (iexpr.getMethod().getName().equals("<init>")
&& ((SpecialInvokeExpr) iexpr).getBase() == locThis) {
lastUnit = b.getUnits().getSuccOf(u);
break;
}
}
}
}
}
// Get the class
LocalGenerator localGen = new LocalGenerator(b);
Local locClass = localGen.generateLocal(classType);
Stmt stmtAssignClass = Jimple.v().newAssignStmt(locClass, Jimple.v().newVirtualInvokeExpr(
locThis, smGetClass));
stmtAssignClass.addTag(new InstrumentedCodeTag());
b.getUnits().insertBefore(stmtAssignClass, lastUnit);
// Register the instance
List<Value> argList = new ArrayList<>();
argList.add(locClass);
argList.add(locThis);
Stmt stmtRegister = Jimple.v().newInvokeStmt(Jimple.v().newStaticInvokeExpr(
smRegistrarRef, argList));
stmtRegister.addTag(new InstrumentedCodeTag());
b.getUnits().insertBefore(stmtRegister, lastUnit);
}
}
}
Example 7
| Source File: JimpleIndexNumberTransformer.java From soot-infoflow-android-iccta with GNU Lesser General Public License v2.1 | 4 votes |
|
@Override
public void updateJimple()
{
Chain<SootClass> sootClasses = Scene.v().getClasses();
for (Iterator<SootClass> iter = sootClasses.iterator(); iter.hasNext(); )
{
SootClass sc = iter.next();
//Putting all the code in a try-catch.
//Just trying the best to put the index number to "JimpleIndexNumberTag" of Stmt.
try
{
List<SootMethod> sms = sc.getMethods();
for (SootMethod sm : sms)
{
Body b = sm.retrieveActiveBody();
PatchingChain<Unit> units = b.getUnits();
int indexNumber = 0;
for (Iterator<Unit> iterU = units.snapshotIterator(); iterU.hasNext(); )
{
Stmt stmt = (Stmt) iterU.next();
//System.out.println(indexNumber + "->" + stmt);
Tag t = new JimpleIndexNumberTag(indexNumber++);
stmt.addTag(t);
}
}
}
catch (Exception ex)
{
//System.out.println("Exception in " + sc.getName());
//ex.printStackTrace();
}
}
}
