soot.jimple.ArrayRef Java Examples

The following examples show how to use soot.jimple.ArrayRef. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source Project: FuzzDroid   Author: srasthofer   File: UtilInstrumenter.java    License: Apache License 2.0 6 votes vote down vote up
public static Pair<Value, List<Unit>> generateParameterArray(List<Value> parameterList, Body body){
	List<Unit> generated = new ArrayList<Unit>();
	
	NewArrayExpr arrayExpr = Jimple.v().newNewArrayExpr(RefType.v("java.lang.Object"), IntConstant.v(parameterList.size()));
	
	Value newArrayLocal = generateFreshLocal(body, getParameterArrayType());
	Unit newAssignStmt = Jimple.v().newAssignStmt(newArrayLocal, arrayExpr);
	generated.add(newAssignStmt);
	
	for(int i = 0; i < parameterList.size(); i++){
		Value index = IntConstant.v(i);
		ArrayRef leftSide = Jimple.v().newArrayRef(newArrayLocal, index);
		Value rightSide = generateCorrectObject(body, parameterList.get(i), generated);
		
		Unit parameterInArray = Jimple.v().newAssignStmt(leftSide, rightSide);
		generated.add(parameterInArray);
	}
	
	return new Pair<Value, List<Unit>>(newArrayLocal, generated);
}
 
Example #2
Source Project: FuzzDroid   Author: srasthofer   File: SmartConstantDataExtractorFuzzyAnalysis.java    License: Apache License 2.0 6 votes vote down vote up
private boolean hasConstantIndexAtArrayForSplitDataFlow(Stmt[] dataflow) {
	Stmt firstAssign = dataflow[0];
	if(firstAssign instanceof AssignStmt) {
		AssignStmt ass = (AssignStmt)firstAssign;
		Value value = ass.getRightOp();
		if(value instanceof ArrayRef) {
			ArrayRef aRef = (ArrayRef)value;
			Value index = aRef.getIndex();
			
			if(index instanceof IntConstant)
				return true;
		}
	}
	else
		throw new RuntimeException("this should not happen - wrong assumption");
	
	return false;
}
 
Example #3
Source Project: FuzzDroid   Author: srasthofer   File: SmartConstantDataExtractorFuzzyAnalysis.java    License: Apache License 2.0 6 votes vote down vote up
private int getConstantArrayIndexForSplitDataFlow(Stmt[] dataflow) {
	Stmt firstAssign = dataflow[0];
	if(firstAssign instanceof AssignStmt) {
		AssignStmt ass = (AssignStmt)firstAssign;
		Value value = ass.getRightOp();
		if(value instanceof ArrayRef) {
			ArrayRef aRef = (ArrayRef)value;
			Value index = aRef.getIndex();
			
			if(index instanceof IntConstant)
				return ((IntConstant) index).value;
		}
	}
	else
		throw new RuntimeException("this should not happen - wrong assumption");
	
	return -1;
}
 
Example #4
Source Project: JAADAS   Author: flankerhqd   File: PtsBasedAliasStrategy.java    License: GNU General Public License v3.0 6 votes vote down vote up
/**
 * Gets the points-to-set for the given value
 * @param targetValue The value for which to get the points-to-set
 * @return The points-to-set for the given value
 */
private PointsToSet getPointsToSet(Value targetValue) {
	PointsToAnalysis pta = Scene.v().getPointsToAnalysis();
	synchronized (pta) {			
		if (targetValue instanceof Local)
			return pta.reachingObjects((Local) targetValue);
		else if (targetValue instanceof InstanceFieldRef) {
			InstanceFieldRef iref = (InstanceFieldRef) targetValue;
			return pta.reachingObjects((Local) iref.getBase(), iref.getField());
		}
		else if (targetValue instanceof StaticFieldRef) {
			StaticFieldRef sref = (StaticFieldRef) targetValue;
			return pta.reachingObjects(sref.getField());
		}
		else if (targetValue instanceof ArrayRef) {
			ArrayRef aref = (ArrayRef) targetValue;
			return pta.reachingObjects((Local) aref.getBase());
		}
		else
			throw new RuntimeException("Unexpected value type for aliasing: " + targetValue.getClass());
	}
}
 
Example #5
Source Project: JAADAS   Author: flankerhqd   File: BaseSelector.java    License: GNU General Public License v3.0 6 votes vote down vote up
/**
 * the operations that are not relevant for analysis like "not" or casts
 * are removed - array refs are only removed if explicitly stated
 * @param val the value which should be pruned
 * @param keepArrayRef if false then array refs are pruned to the base array object
 * @return the value (possibly pruned to base object)
 */ //we want to keep ArrayRef for objects on the right side of the assignment
public static Value selectBase(Value val, boolean keepArrayRef){
	//we taint base of array instead of array elements
	if (val instanceof ArrayRef && !keepArrayRef) {
		return selectBase(((ArrayRef) val).getBase(), keepArrayRef);
	}
	
	if (val instanceof CastExpr) {
		return selectBase(((CastExpr) val).getOp(), keepArrayRef);
	}
	
	// Check for unary operators like "not" or "length"
	if (val instanceof UnopExpr)
		return selectBase(((UnopExpr) val).getOp(), keepArrayRef);
	
	return val;
}
 
Example #6
Source Project: JAADAS   Author: flankerhqd   File: StmtTranslator.java    License: GNU General Public License v3.0 6 votes vote down vote up
void handleAssign(DefinitionStmt stmt) {
	Value lval = stmt.getLeftOp();
	Value rval = stmt.getRightOp();
	Variable rvar;
	if (lval instanceof Local) {
		rvar = getLocalVariable((Local)lval);
	} else {
		rvar = jt.makeVariable(rval);
	}
	et.translateExpr(rvar, stmt.getRightOpBox());
	if (lval instanceof ArrayRef) {
		notSupported("We do not support arrays");
	} else if (lval instanceof FieldRef) {
		notSupported("We do not support field references");
	}
}
 
Example #7
Source Project: JAADAS   Author: flankerhqd   File: ValueTemplatePrinter.java    License: GNU General Public License v3.0 6 votes vote down vote up
public void caseArrayRef(ArrayRef v) {
	String oldName = varName;
	
	Value base = v.getBase();
	suggestVariableName("base");
	String baseName = varName;
	base.apply(this);
	
	Value index = v.getIndex();
	suggestVariableName("index");
	String indexName = varName;
	index.apply(this);
	
	p.println("Value "+oldName+" = Jimple.v().newArrayRef("+baseName+", "+indexName+");");
	varName = oldName;
}
 
Example #8
Source Project: JAADAS   Author: flankerhqd   File: AputInstruction.java    License: GNU General Public License v3.0 6 votes vote down vote up
public void jimplify (DexBody body) {
      if(!(instruction instanceof Instruction23x))
          throw new IllegalArgumentException("Expected Instruction23x but got: "+instruction.getClass());

      Instruction23x aPutInstr = (Instruction23x)instruction;
      int source = aPutInstr.getRegisterA();

      Local arrayBase = body.getRegisterLocal(aPutInstr.getRegisterB());
      Local index = body.getRegisterLocal(aPutInstr.getRegisterC());
      ArrayRef arrayRef = Jimple.v().newArrayRef(arrayBase, index);

      Local sourceValue = body.getRegisterLocal(source);
      assign = getAssignStmt(body, sourceValue, arrayRef);
      if (aPutInstr.getOpcode().value == Opcode.APUT_OBJECT.value)
        assign.addTag(new ObjectOpTag());
      
      setUnit(assign);
      addTags(assign);
      body.add(assign);
      
if (IDalvikTyper.ENABLE_DVKTYPER) {
	Debug.printDbg(IDalvikTyper.DEBUG, "constraint: "+ assign);
        DalvikTyper.v().addConstraint(assign.getLeftOpBox(), assign.getRightOpBox());
        DalvikTyper.v().setType(arrayRef.getIndexBox(), IntType.v(), true);
      }
  }
 
Example #9
Source Project: JAADAS   Author: flankerhqd   File: AsmMethodSource.java    License: GNU General Public License v3.0 6 votes vote down vote up
private void convertArrayLoadInsn(InsnNode insn) {
	StackFrame frame = getFrame(insn);
	Operand[] out = frame.out();
	Operand opr;
	if (out == null) {
		Operand indx = popImmediate();
		Operand base = popImmediate();
		ArrayRef ar = Jimple.v().newArrayRef(
				base.stackOrValue(), indx.stackOrValue());
		indx.addBox(ar.getIndexBox());
		base.addBox(ar.getBaseBox());
		opr = new Operand(insn, ar);
		frame.in(indx, base);
		frame.boxes(ar.getIndexBox(), ar.getBaseBox());
		frame.out(opr);
	} else {
		opr = out[0];
		frame.mergeIn(pop(), pop());
	}
	int op = insn.getOpcode();
	if (op == DALOAD || op == LALOAD)
		pushDual(opr);
	else
		push(opr);
}
 
Example #10
Source Project: JAADAS   Author: flankerhqd   File: AsmMethodSource.java    License: GNU General Public License v3.0 6 votes vote down vote up
private void convertArrayStoreInsn(InsnNode insn) {
	int op = insn.getOpcode();
	boolean dword = op == LASTORE || op == DASTORE;
	StackFrame frame = getFrame(insn);
	if (!units.containsKey(insn)) {
		Operand valu = dword ? popImmediateDual() : popImmediate();
		Operand indx = popImmediate();
		Operand base = popLocal();
		ArrayRef ar = Jimple.v().newArrayRef(
				base.stackOrValue(), indx.stackOrValue());
		indx.addBox(ar.getIndexBox());
		base.addBox(ar.getBaseBox());
		AssignStmt as = Jimple.v().newAssignStmt(ar, valu.stackOrValue());
		valu.addBox(as.getRightOpBox());
		frame.in(valu, indx, base);
		frame.boxes(as.getRightOpBox(),
				ar.getIndexBox(), ar.getBaseBox());
		setUnit(insn, as);
	} else {
		frame.mergeIn(dword ? popDual() : pop(), pop(), pop());
	}
}
 
Example #11
Source Project: JAADAS   Author: flankerhqd   File: UnitThrowAnalysisTest.java    License: GNU General Public License v3.0 6 votes vote down vote up
@Test
public void testJArrayRef() {
    ArrayRef arrayRef = Jimple.v().newArrayRef(
            Jimple.v().newLocal("local1",
                ArrayType.v(RefType.v("java.lang.Object"), 1)), 
            IntConstant.v(0));

    Set expectedRep = new ExceptionHashSet(utility.VM_ERRORS);
    expectedRep.add(utility.NULL_POINTER_EXCEPTION);
    expectedRep.add(utility.ARRAY_INDEX_OUT_OF_BOUNDS_EXCEPTION);
    assertTrue(ExceptionTestUtility.sameMembers(expectedRep, Collections.EMPTY_SET,
                unitAnalysis.mightThrow(arrayRef)));

    Set expectedCatch = new ExceptionHashSet(utility.VM_ERRORS_PLUS_SUPERTYPES);
    expectedCatch.add(utility.NULL_POINTER_EXCEPTION);
    expectedCatch.add(utility.ARRAY_INDEX_OUT_OF_BOUNDS_EXCEPTION);
    expectedCatch.add(utility.INDEX_OUT_OF_BOUNDS_EXCEPTION);
    expectedCatch.add(utility.RUNTIME_EXCEPTION);
    expectedCatch.add(utility.EXCEPTION);
    assertEquals(expectedCatch, 
            utility.catchableSubset(unitAnalysis.mightThrow(arrayRef)));
}
 
Example #12
Source Project: JAADAS   Author: flankerhqd   File: UnitThrowAnalysisTest.java    License: GNU General Public License v3.0 6 votes vote down vote up
@Test
public void testGArrayRef() {
    ArrayRef arrayRef = Grimp.v().newArrayRef(
            Grimp.v().newLocal("local1",
                ArrayType.v(RefType.v("java.lang.Object"), 1)), 
            IntConstant.v(0));

    Set expectedRep = new ExceptionHashSet(utility.VM_ERRORS);
    expectedRep.add(utility.NULL_POINTER_EXCEPTION);
    expectedRep.add(utility.ARRAY_INDEX_OUT_OF_BOUNDS_EXCEPTION);
    assertTrue(ExceptionTestUtility.sameMembers(expectedRep, Collections.EMPTY_SET,
                unitAnalysis.mightThrow(arrayRef)));

    Set expectedCatch = new ExceptionHashSet(utility.VM_ERRORS_PLUS_SUPERTYPES);
    expectedCatch.add(utility.NULL_POINTER_EXCEPTION);
    expectedCatch.add(utility.ARRAY_INDEX_OUT_OF_BOUNDS_EXCEPTION);
    expectedCatch.add(utility.INDEX_OUT_OF_BOUNDS_EXCEPTION);
    expectedCatch.add(utility.RUNTIME_EXCEPTION);
    expectedCatch.add(utility.EXCEPTION);
    assertEquals(expectedCatch, 
            utility.catchableSubset(unitAnalysis.mightThrow(arrayRef)));
}
 
Example #13
Source Project: DroidForce   Author: secure-software-engineering   File: PolicyEnforcementPoint.java    License: GNU Lesser General Public License v2.1 6 votes vote down vote up
/**
 * 
 * @param parameter
 * @param body
 * @return
 */
private Pair<Value, List<Unit>> generateParameterArray(List<Value> parameter, Body body){
	List<Unit> generated = new ArrayList<Unit>();
	
	NewArrayExpr arrayExpr = Jimple.v().newNewArrayExpr(RefType.v("java.lang.Object"), IntConstant.v(parameter.size()));
	
	Value newArrayLocal = generateFreshLocal(body, getParameterArrayType());
	Unit newAssignStmt = Jimple.v().newAssignStmt(newArrayLocal, arrayExpr);
	generated.add(newAssignStmt);
	
	for(int i = 0; i < parameter.size(); i++){
		Value index = IntConstant.v(i);
		ArrayRef leftSide = Jimple.v().newArrayRef(newArrayLocal, index);
		Value rightSide = generateCorrectObject(body, parameter.get(i), generated);
		
		Unit parameterInArray = Jimple.v().newAssignStmt(leftSide, rightSide);
		generated.add(parameterInArray);
	}
	
	return new Pair<Value, List<Unit>>(newArrayLocal, generated);
}
 
Example #14
Source Project: FuzzDroid   Author: srasthofer   File: JimpleStmtVisitorImpl.java    License: Apache License 2.0 5 votes vote down vote up
public SMTBinding getCorrectBindingForArrayRef(ArrayRef arrayRef) {
	for(Map.Entry<String, SMTBinding> entry : arrayHelper.entrySet()) {
		if(entry.getKey().equals(arrayRef.toString()))
			return entry.getValue();
	}
	
	return null;
}
 
Example #15
Source Project: FuzzDroid   Author: srasthofer   File: JimpleExprVisitorImpl.java    License: Apache License 2.0 5 votes vote down vote up
private int findMaxIndexOfArray(InvokeExpr invokeExpr) {
	Value array = null;
	int maxIndex = -1;
	for(Stmt stmt : stmtVisitor.getJimpleDataFlowStatements()) {
		if(stmt instanceof AssignStmt) {
			AssignStmt assign = (AssignStmt)stmt;
			if(array == null) {
				if(assign.getRightOp().equals(invokeExpr)) {
					array = assign.getLeftOp();
				}
			}
			else{
				Value rhs = assign.getRightOp();
				if(rhs instanceof ArrayRef) {
					ArrayRef arrayRef = (ArrayRef)rhs;
					if(arrayRef.getBase().equals(array)) {
						Value index = arrayRef.getIndex();
						if(index instanceof IntConstant) {
							IntConstant constant = (IntConstant)index;
							maxIndex = constant.value;
						}
					}
				}
			}
		}
	}
	return maxIndex;
}
 
Example #16
Source Project: JAADAS   Author: flankerhqd   File: StmtVisitor.java    License: GNU General Public License v3.0 5 votes vote down vote up
private Insn buildGetInsn(ConcreteRef sourceRef, Register destinationReg) {
	if (sourceRef instanceof StaticFieldRef) {
		return buildStaticFieldGetInsn(destinationReg, (StaticFieldRef) sourceRef);
	} else if (sourceRef instanceof InstanceFieldRef) {
		return buildInstanceFieldGetInsn(destinationReg, (InstanceFieldRef) sourceRef);
	} else if (sourceRef instanceof ArrayRef) {
		return buildArrayGetInsn(destinationReg, (ArrayRef) sourceRef);
	} else {
		throw new RuntimeException("unsupported type of ConcreteRef: " + sourceRef.getClass());
	}
}
 
Example #17
Source Project: JAADAS   Author: flankerhqd   File: StmtVisitor.java    License: GNU General Public License v3.0 5 votes vote down vote up
private Insn buildPutInsn(ConcreteRef destRef, Value source) {
	if (destRef instanceof StaticFieldRef) {
		return buildStaticFieldPutInsn((StaticFieldRef) destRef, source);
	} else if (destRef instanceof InstanceFieldRef) {
		return buildInstanceFieldPutInsn((InstanceFieldRef) destRef, source);
	} else if (destRef instanceof ArrayRef) {
		return buildArrayPutInsn((ArrayRef) destRef, source);
	} else {
		throw new RuntimeException("unsupported type of ConcreteRef: " + destRef.getClass());
	}
}
 
Example #18
Source Project: JAADAS   Author: flankerhqd   File: StmtVisitor.java    License: GNU General Public License v3.0 5 votes vote down vote up
private Insn buildArrayPutInsn(ArrayRef destRef, Value source) {
	Value array = destRef.getBase();
	Register arrayReg = regAlloc.asLocal(array);
	Value index = destRef.getIndex();
	Register indexReg = regAlloc.asImmediate(index, constantV);
	Register sourceReg  = regAlloc.asImmediate(source, constantV);
	String arrayTypeDescriptor = SootToDexUtils.getArrayTypeDescriptor((ArrayType) array.getType());
	Opcode opc = getPutGetOpcodeWithTypeSuffix("aput", arrayTypeDescriptor);
	return new Insn23x(opc, sourceReg, arrayReg, indexReg);
}
 
Example #19
Source Project: JAADAS   Author: flankerhqd   File: StmtVisitor.java    License: GNU General Public License v3.0 5 votes vote down vote up
private Insn buildArrayGetInsn(Register destinationReg, ArrayRef sourceRef) {
	Value index = sourceRef.getIndex();
	Register indexReg = regAlloc.asImmediate(index, constantV);
	Value array = sourceRef.getBase();
	Register arrayReg = regAlloc.asLocal(array);
	String arrayTypeDescriptor = SootToDexUtils.getArrayTypeDescriptor((ArrayType) array.getType());
	Opcode opc = getPutGetOpcodeWithTypeSuffix("aget", arrayTypeDescriptor);
	return new Insn23x(opc, destinationReg, arrayReg, indexReg);
}
 
Example #20
Source Project: JAADAS   Author: flankerhqd   File: AgetInstruction.java    License: GNU General Public License v3.0 5 votes vote down vote up
public void jimplify (DexBody body) throws InvalidDalvikBytecodeException {
      if(!(instruction instanceof Instruction23x))
          throw new IllegalArgumentException("Expected Instruction23x but got: "+instruction.getClass());

      Instruction23x aGetInstr = (Instruction23x)instruction;
      int dest = aGetInstr.getRegisterA();
     
      Local arrayBase = body.getRegisterLocal(aGetInstr.getRegisterB());
      Local index = body.getRegisterLocal(aGetInstr.getRegisterC());

      ArrayRef arrayRef = Jimple.v().newArrayRef(arrayBase, index);
      Local l = body.getRegisterLocal(dest);
      
      assign = Jimple.v().newAssignStmt(l, arrayRef);
      if (aGetInstr.getOpcode().value == Opcode.AGET_OBJECT.value)
        assign.addTag(new ObjectOpTag());

      setUnit(assign);
      addTags(assign);
      body.add(assign);
      
if (IDalvikTyper.ENABLE_DVKTYPER) {
	Debug.printDbg(IDalvikTyper.DEBUG, "constraint: "+ assign);
        DalvikTyper.v().addConstraint(assign.getLeftOpBox(), assign.getRightOpBox());
        DalvikTyper.v().setType(arrayRef.getIndexBox(), IntType.v(), true);
      }
  }
 
Example #21
Source Project: JAADAS   Author: flankerhqd   File: ShortcutArrayInit.java    License: GNU General Public License v3.0 5 votes vote down vote up
public boolean isInSequenceAssignment(Stmt s, Value leftOp, int index){
	//DEBUG=false;
	if(!(s instanceof DefinitionStmt))
		return false;
	
	DefinitionStmt ds = (DefinitionStmt)s;
	Value leftValue = ds.getLeftOp();
	if(! (leftValue instanceof ArrayRef))
		return false;
	
	if(DEBUG){
		System.out.println("Stmt number "+index + " is an array ref assignment"+leftValue);
		System.out.println("Array is"+leftOp);
	}

	ArrayRef leftRef = (ArrayRef)leftValue;
	if(! (leftOp.equals(leftRef.getBase()))){
		if(DEBUG)
			System.out.println("Not assigning to same array");
		return false;
	}
		
	if( ! (leftRef.getIndex() instanceof IntConstant)){
		if(DEBUG)
			System.out.println("Cant determine index of assignment");
		return false;
	}
	
	IntConstant leftIndex = (IntConstant)leftRef.getIndex();
	if(leftIndex.value != index){
		if(DEBUG)
			System.out.println("Out of order assignment");
		return false;
	}
	
	return true;
}
 
Example #22
Source Project: JAADAS   Author: flankerhqd   File: UnitThrowAnalysis.java    License: GNU General Public License v3.0 5 votes vote down vote up
@Override
public void caseAssignStmt(AssignStmt s) {
    Value lhs = s.getLeftOp();
    if (lhs instanceof ArrayRef &&
	(lhs.getType() instanceof UnknownType ||
	 lhs.getType() instanceof RefType)) {
	// This corresponds to an aastore byte code.
	result = result.add(mgr.ARRAY_STORE_EXCEPTION);
    }
    result = result.add(mightThrow(s.getLeftOp()));
    result = result.add(mightThrow(s.getRightOp()));
}
 
Example #23
Source Project: SPDS   Author: CROSSINGTUD   File: WeightedBoomerang.java    License: Eclipse Public License 2.0 5 votes vote down vote up
protected FieldReadPOI createArrayFieldLoad(Statement s) {
    Stmt stmt = s.getUnit().get();
    AssignStmt as = (AssignStmt) stmt;
    ArrayRef ifr = (ArrayRef) as.getRightOp();
    Val base = new Val(ifr.getBase(), icfg().getMethodOf(as));
    Val stored = new Val(as.getLeftOp(), icfg().getMethodOf(as));
    return fieldReads.getOrCreate(new FieldReadPOI(s, base, Field.array(), stored));
}
 
Example #24
Source Project: SPDS   Author: CROSSINGTUD   File: WeightedBoomerang.java    License: Eclipse Public License 2.0 5 votes vote down vote up
protected FieldWritePOI createArrayFieldStore(Statement s) {
    Stmt stmt = s.getUnit().get();
    AssignStmt as = (AssignStmt) stmt;
    ArrayRef ifr = (ArrayRef) as.getLeftOp();
    Val base = new Val(ifr.getBase(), icfg().getMethodOf(as));
    Val stored = new Val(as.getRightOp(), icfg().getMethodOf(as));
    return fieldWrites.getOrCreate(new FieldWritePOI(s, base, Field.array(), stored));
}
 
Example #25
Source Project: SPDS   Author: CROSSINGTUD   File: WeightedBoomerang.java    License: Eclipse Public License 2.0 5 votes vote down vote up
public static boolean isArrayStore(Statement s) {
    Optional<Stmt> optUnit = s.getUnit();
    if (optUnit.isPresent()) {
        Stmt stmt = optUnit.get();
        if (stmt instanceof AssignStmt && ((AssignStmt) stmt).getLeftOp() instanceof ArrayRef) {
            return true;
        }
    }
    return false;
}
 
Example #26
Source Project: SPDS   Author: CROSSINGTUD   File: WeightedBoomerang.java    License: Eclipse Public License 2.0 5 votes vote down vote up
public static boolean isArrayLoad(Statement s) {
    Optional<Stmt> optUnit = s.getUnit();
    if (optUnit.isPresent()) {
        Stmt stmt = optUnit.get();
        if (stmt instanceof AssignStmt && ((AssignStmt) stmt).getRightOp() instanceof ArrayRef) {
            return true;
        }
    }
    return false;
}
 
Example #27
Source Project: JAADAS   Author: flankerhqd   File: Aliasing.java    License: GNU General Public License v3.0 4 votes vote down vote up
/**
 * Gets whether a value and an access path may potentially point to the same
 * runtime object
 * @param ap The access path
 * @param val The value
 * @return The access path that actually matched if the given value and
 * access path alias. In the simplest case, this is the given access path.
 * When using recursive access paths, it can however also be a base
 * expansion. If the given access path and value do not alias, null is
 * returned.
 */
public AccessPath mayAlias(AccessPath ap, Value val) {
	// What cannot be represented in an access path cannot alias
	if (!AccessPath.canContainValue(val))
		return null;
	
	// Constants can never alias
	if (val instanceof Constant)
		return null;
	
	// For instance field references, the base must match
	if (val instanceof Local)
		if (ap.getPlainValue() != val)
			return null;
	
	// For array references, the base must match
	if (val instanceof ArrayRef)
		if (ap.getPlainValue() != ((ArrayRef) val).getBase())
			return null;
	
	// For instance field references, the base local must match
	if (val instanceof InstanceFieldRef) {
		if (!ap.isLocal() && !ap.isInstanceFieldRef())
			return null;
		if (((InstanceFieldRef) val).getBase() != ap.getPlainValue())
			return null;
	}
	
	// If the value is a static field reference, the access path must be
	// static as well
	if (val instanceof StaticFieldRef)
		if (!ap.isStaticFieldRef())
			return null;
					
	// If we have an interactive aliasing algorithm, we check that as well
	/*
	if (aliasingStrategy.isInteractive())
		return aliasingStrategy.mayAlias(new AccessPath(val1, false), new AccessPath(val2, false));
	*/
	
	// Get the field set from the value
	SootField[] fields = val instanceof FieldRef
			? new SootField[] { ((FieldRef) val).getField() } : new SootField[0];
	return getReferencedAPBase(ap, fields);
}
 
Example #28
Source Project: JAADAS   Author: flankerhqd   File: InterproceduralConstantValuePropagator.java    License: GNU General Public License v3.0 4 votes vote down vote up
/**
 * Checks whether the given method or one of its transitive callees has
 * side-effects or calls a sink method
 * @param method The method to check
 * @param runList A set to receive all methods that have already been
 * processed
 * @param cache The cache in which to store the results
 * @return True if the given method or one of its transitive callees has
 * side-effects or calls a sink method, otherwise false.
 */
private boolean hasSideEffectsOrCallsSink(SootMethod method,
		Set<SootMethod> runList) {		
	// Without a body, we cannot say much
	if (!method.hasActiveBody())
		return false;
	
	// Do we already have an entry?
	Boolean hasSideEffects = methodSideEffects.get(method);
	if (hasSideEffects != null)
		return hasSideEffects;
	
	Boolean hasSink = methodSinks.get(method);
	if (hasSink != null)
		return hasSink;
	
	// Do not process the same method twice
	if (!runList.add(method))
		return false;
			
	// If this is an Android stub method that just throws a stub exception,
	// this will never happen in practice and can be removed
	if (methodIsAndroidStub(method)) {
		methodSideEffects.put(method, false);
		return false;
	}
	
	// Scan for references to this variable
	for (Unit u : method.getActiveBody().getUnits()) {
		if (u instanceof AssignStmt) {
			AssignStmt assign = (AssignStmt) u;
			if (assign.getLeftOp() instanceof FieldRef
					|| assign.getLeftOp() instanceof ArrayRef) {
				methodSideEffects.put(method, true);
				return true;
			}
		}
		
		Stmt s = (Stmt) u;
		
		// If this method calls another method for which we have a taint
		// wrapper, we need to conservatively assume that the taint wrapper
		// can do anything
		if (taintWrapper != null && taintWrapper.supportsCallee(s)) {
			methodSideEffects.put(method, true);
			return true;
		}
		
		if (s.containsInvokeExpr()) {
			// If this method calls a sink, we need to keep it
			if (sourceSinkManager != null
					&& sourceSinkManager.isSink((Stmt) u, icfg, null)) {
				methodSinks.put(method, true);
				return true;
			}
			
			// Check the callees
			for (Iterator<Edge> edgeIt = Scene.v().getCallGraph().edgesOutOf(u); edgeIt.hasNext(); ) {
				Edge e = edgeIt.next();
					if (hasSideEffectsOrCallsSink(e.getTgt().method(), runList))
						return true;
			}
		}
	}
	
	// Variable is not read
	methodSideEffects.put(method, false);
	return false;
}
 
Example #29
Source Project: JAADAS   Author: flankerhqd   File: InterproceduralConstantValuePropagator.java    License: GNU General Public License v3.0 4 votes vote down vote up
/**
 * Checks whether the given method or one of its transitive callees has
 * side-effects or calls a sink method
 * @param method The method to check
 * @param runList A set to receive all methods that have already been
 * processed
 * @param cache The cache in which to store the results
 * @return True if the given method or one of its transitive callees has
 * side-effects or calls a sink method, otherwise false.
 */
private boolean hasSideEffectsOrReadsThis(SootMethod method,
		Set<SootMethod> runList) {		
	// Without a body, we cannot say much
	if (!method.hasActiveBody())
		return false;
	
	// Do we already have an entry?
	Boolean hasSideEffects = methodSideEffects.get(method);
	if (hasSideEffects != null)
		return hasSideEffects;
	
	// Do not process the same method twice
	if (!runList.add(method))
		return false;
	
	// If this is an Android stub method that just throws a stub exception,
	// this will never happen in practice and can be removed
	if (methodIsAndroidStub(method)) {
		methodSideEffects.put(method, false);
		return false;
	}
	
	// Scan for references to this variable
	Local thisLocal = method.isStatic() ? null : method.getActiveBody().getThisLocal();
	for (Unit u : method.getActiveBody().getUnits()) {
		if (u instanceof AssignStmt) {
			AssignStmt assign = (AssignStmt) u;
			if (assign.getLeftOp() instanceof FieldRef
					|| assign.getLeftOp() instanceof ArrayRef) {
				methodSideEffects.put(method, true);
				return true;
			}
		}
		
		Stmt s = (Stmt) u;
		
		// If this statement uses the "this" local, we have to
		// conservatively assume that is can read data
		if (thisLocal != null)
			for (ValueBox vb : s.getUseBoxes())
				if (vb.getValue() == thisLocal)
					return true;
		
		if (s.containsInvokeExpr()) {
			// Check the callees
			for (Iterator<Edge> edgeIt = Scene.v().getCallGraph().edgesOutOf(u); edgeIt.hasNext(); ) {
				Edge e = edgeIt.next();
				if (hasSideEffectsOrReadsThis(e.getTgt().method(), runList))
					return true;
			}
		}
	}
	
	// Variable is not read
	methodSideEffects.put(method, false);
	return false;
}
 
Example #30
Source Project: JAADAS   Author: flankerhqd   File: ExprTranslator.java    License: GNU General Public License v3.0 4 votes vote down vote up
public void caseArrayRef(ArrayRef expr) {
	jt.notSupported("Array references are not supported");
}