soot.jimple.InstanceFieldRef Java Examples

public void jimplify (DexBody body) {
      TwoRegisterInstruction i = (TwoRegisterInstruction)instruction;
      int source = i.getRegisterA();
      int object = i.getRegisterB();
      FieldReference f = (FieldReference)((ReferenceInstruction)instruction).getReference();
      InstanceFieldRef instanceField = Jimple.v().newInstanceFieldRef(body.getRegisterLocal(object),
                           getSootFieldRef(f));
      Local sourceValue = body.getRegisterLocal(source);
      assign = getAssignStmt(body, sourceValue, instanceField);
      setUnit(assign);
      addTags(assign);
      body.add(assign);

if (IDalvikTyper.ENABLE_DVKTYPER) {
	Debug.printDbg(IDalvikTyper.DEBUG, "constraint: "+ assign);
        int op = (int)instruction.getOpcode().value;
        DalvikTyper.v().setType(assign.getRightOpBox(), instanceField.getType(), true);
      }
  }
 

/**
 * Determines if an instance field should be propagated through a method call. This method only
 * checks propagation rule for the field base. It does not check if the field points to an
 * argument, which should be done outside this method.
 * 
 * @param instanceFieldRef An instance field reference.
 * @param invokeExpr An invoke expression for the called method.
 * @return True if the field should be propagated.
 */
public static boolean shouldPropagateInstanceField(InstanceFieldRef instanceFieldRef,
    InvokeExpr invokeExpr) {
  Value fieldBase = instanceFieldRef.getBase();
  List<Value> argList = invokeExpr.getArgs();
  // A field reference should be propagated if the base of the field points to a method argument.
  for (int i = 0; i < argList.size(); ++i) {
    if (sourcePointsToArgument(fieldBase, argList.get(i))) {
      return true;
    }
  }

  // A field reference should be propagated if the base of the field points to the base of the
  // method call for an instance call.
  if (invokeExpr instanceof InstanceInvokeExpr) {
    Value invokeExprBase = ((InstanceInvokeExpr) invokeExpr).getBase();
    if (sourcePointsToArgument(fieldBase, invokeExprBase)) {
      return true;
    }
  }

  return false;
}
 

@Override
protected boolean killFlow(SootMethod m, Stmt curr, Val value) {
    if (!m.getActiveBody().getLocals().contains(value.value()) && !value.isStatic())
        return true;
    if (curr instanceof AssignStmt) {
        AssignStmt as = (AssignStmt) curr;
        // Kill x at any statement x = * during propagation.
        if (as.getLeftOp().equals(value.value())) {
            // But not for a statement x = x.f
            if (as.getRightOp() instanceof InstanceFieldRef) {
                InstanceFieldRef iie = (InstanceFieldRef) as.getRightOp();
                if (iie.getBase().equals(value.value())) {
                    return false;
                }
            }
            return true;
        }
        if (as.getLeftOp() instanceof StaticFieldRef) {
            StaticFieldRef sfr = (StaticFieldRef) as.getLeftOp();
            if (value.isStatic() && value.equals(new StaticFieldVal(as.getLeftOp(), sfr.getField(), m))) {
                return true;
            }
        }
    }
    return false;
}
 

/**
 * Gets the points-to-set for the given value
 * @param targetValue The value for which to get the points-to-set
 * @return The points-to-set for the given value
 */
private PointsToSet getPointsToSet(Value targetValue) {
	PointsToAnalysis pta = Scene.v().getPointsToAnalysis();
	synchronized (pta) {			
		if (targetValue instanceof Local)
			return pta.reachingObjects((Local) targetValue);
		else if (targetValue instanceof InstanceFieldRef) {
			InstanceFieldRef iref = (InstanceFieldRef) targetValue;
			return pta.reachingObjects((Local) iref.getBase(), iref.getField());
		}
		else if (targetValue instanceof StaticFieldRef) {
			StaticFieldRef sref = (StaticFieldRef) targetValue;
			return pta.reachingObjects(sref.getField());
		}
		else if (targetValue instanceof ArrayRef) {
			ArrayRef aref = (ArrayRef) targetValue;
			return pta.reachingObjects((Local) aref.getBase());
		}
		else
			throw new RuntimeException("Unexpected value type for aliasing: " + targetValue.getClass());
	}
}
 

public void jimplify (DexBody body) {
      TwoRegisterInstruction i = (TwoRegisterInstruction)instruction;
      int dest = i.getRegisterA();
      int object = i.getRegisterB();
      FieldReference f = (FieldReference)((ReferenceInstruction)instruction).getReference();
      InstanceFieldRef r = Jimple.v().newInstanceFieldRef(body.getRegisterLocal(object),
                                                          getSootFieldRef(f));
      assign = Jimple.v().newAssignStmt(body.getRegisterLocal(dest), r);
      setUnit(assign);
      addTags(assign);
      body.add(assign);
      
if (IDalvikTyper.ENABLE_DVKTYPER) {
	Debug.printDbg(IDalvikTyper.DEBUG, "constraint: "+ assign);
        int op = (int)instruction.getOpcode().value;
        DalvikTyper.v().setType(assign.getLeftOpBox(), r.getType(), false);
      }
  }
 

@Override
public void computeAliasTaints(Abstraction d1, Stmt src, Value targetValue,
		Set<Abstraction> taintSet, SootMethod method, Abstraction newAbs) {
	// Use global aliasing
	Value baseValue = ((InstanceFieldRef) targetValue).getBase();
	Set<AccessPath> aliases = methodToAliases.getUnchecked(method).get
			(new AccessPath(baseValue, true));
	if (aliases != null)
		for (AccessPath ap : aliases) {
			Abstraction aliasAbs = newAbs.deriveNewAbstraction(
					ap.merge(newAbs.getAccessPath()), null);
			if (taintSet.add(aliasAbs))
				// We have found a new alias. This new base object may however yet
				// again alias with something, so we need to check again
				if (ap.isInstanceFieldRef()) {
					InstanceFieldRef aliasBaseVal = Jimple.v().newInstanceFieldRef
							(ap.getPlainValue(), ap.getFirstField().makeRef());
					computeAliasTaints(d1, src, aliasBaseVal, taintSet, method, aliasAbs);
				}
		}
}
 

/**
 * Checks whether the given base value matches the base of the given
 * taint abstraction
 * @param baseValue The value to check
 * @param source The taint abstraction to check
 * @return True if the given value has the same base value as the given
 * taint abstraction, otherwise false
 */
protected boolean baseMatches(final Value baseValue, Abstraction source) {
	if (baseValue instanceof Local) {
		if (baseValue.equals(source.getAccessPath().getPlainValue()))
			return true;
	}
	else if (baseValue instanceof InstanceFieldRef) {
		InstanceFieldRef ifr = (InstanceFieldRef) baseValue;
		if (ifr.getBase().equals(source.getAccessPath().getPlainValue())
				&& source.getAccessPath().firstFieldMatches(ifr.getField()))
			return true;
	}
	else if (baseValue instanceof StaticFieldRef) {
		StaticFieldRef sfr = (StaticFieldRef) baseValue;
		if (source.getAccessPath().firstFieldMatches(sfr.getField()))
			return true;
	}
	return false;
}
 

private Insn buildInstanceFieldGetInsn(Register destinationReg, InstanceFieldRef sourceRef) {
	Value instance = sourceRef.getBase();
	Register instanceReg = regAlloc.asLocal(instance);
	SootField sourceSootField = sourceRef.getField();
	BuilderFieldReference sourceField = DexPrinter.toFieldReference(sourceSootField, belongingFile);
	Opcode opc = getPutGetOpcodeWithTypeSuffix("iget", sourceField.getType());
	return new Insn22c(opc, destinationReg, instanceReg, sourceField);
}
 

protected boolean isFieldLoadWithBase(Stmt curr, Val base) {
    if (curr instanceof AssignStmt) {
        AssignStmt as = (AssignStmt) curr;
        if (as.getRightOp() instanceof InstanceFieldRef) {
            InstanceFieldRef ifr = (InstanceFieldRef) as.getRightOp();
            return ifr.getBase().equals(base.value());
        }
    }
    return false;
}
 

protected boolean isFieldWriteWithBase(Stmt curr, Val base) {
    if (curr instanceof AssignStmt) {
        AssignStmt as = (AssignStmt) curr;
        if (as.getLeftOp() instanceof InstanceFieldRef) {
            InstanceFieldRef ifr = (InstanceFieldRef) as.getLeftOp();
            return ifr.getBase().equals(base.value());
        }
    }
    return false;
}
 

protected Field getWrittenField(Stmt curr) {
    AssignStmt as = (AssignStmt) curr;
    if (as.getLeftOp() instanceof StaticFieldRef) {
        StaticFieldRef staticFieldRef = (StaticFieldRef) as.getLeftOp();
        return new Field(staticFieldRef.getField());
    }
    InstanceFieldRef ifr = (InstanceFieldRef) as.getLeftOp();
    return new Field(ifr.getField());
}
 

private void convertGetFieldInsn(FieldInsnNode insn) {
	StackFrame frame = getFrame(insn);
	Operand[] out = frame.out();
	Operand opr;
	Type type;
	if (out == null) {
		SootClass declClass = Scene.v().getSootClass(
				AsmUtil.toQualifiedName(insn.owner));
		type = AsmUtil.toJimpleType(insn.desc);
		Value val;
		SootFieldRef ref;
		if (insn.getOpcode() == GETSTATIC) {
			ref = Scene.v().makeFieldRef(declClass, insn.name, type, true);
			val = Jimple.v().newStaticFieldRef(ref);
		} else {
			Operand base = popLocal();
			ref = Scene.v().makeFieldRef(declClass, insn.name, type, false);
			InstanceFieldRef ifr =
					Jimple.v().newInstanceFieldRef(
							base.stackOrValue(), ref);
			val = ifr;
			base.addBox(ifr.getBaseBox());
			frame.in(base);
			frame.boxes(ifr.getBaseBox());
		}
		opr = new Operand(insn, val);
		frame.out(opr);
	} else {
		opr = out[0];
		type = opr.<FieldRef>value().getFieldRef().type();
		if (insn.getOpcode() == GETFIELD)
			frame.mergeIn(pop());
	}
	push(type, opr);
}
 

protected FieldReadPOI createFieldLoad(Statement s) {
    Stmt stmt = s.getUnit().get();
    AssignStmt as = (AssignStmt) stmt;
    InstanceFieldRef ifr = (InstanceFieldRef) as.getRightOp();
    Val base = new Val(ifr.getBase(), icfg().getMethodOf(as));
    Field field = new Field(ifr.getField());
    return fieldReads
            .getOrCreate(new FieldReadPOI(s, base, field, new Val(as.getLeftOp(), icfg().getMethodOf(as))));
}
 

/**
 * Checks whether the given base value matches the base of the given
 * taint abstraction and ends there. So a will match a, but not a.x.
 * Not that this function will still match a to a.*.
 * @param baseValue The value to check
 * @param source The taint abstraction to check
 * @return True if the given value has the same base value as the given
 * taint abstraction and no further elements, otherwise false
 */
protected boolean baseMatchesStrict(final Value baseValue, Abstraction source) {
	if (!baseMatches(baseValue, source))
		return false;
	
	if (baseValue instanceof Local)
		return source.getAccessPath().isLocal();
	else if (baseValue instanceof InstanceFieldRef || baseValue instanceof StaticFieldRef)
		return source.getAccessPath().getFieldCount() == 1;
	
	throw new RuntimeException("Unexpected left side");
}
 

private Insn buildInstanceFieldPutInsn(InstanceFieldRef destRef, Value source) {
	SootField destSootField = destRef.getField();
	BuilderFieldReference destField = DexPrinter.toFieldReference(destSootField, belongingFile);
	Value instance = destRef.getBase();
	Register instanceReg = regAlloc.asLocal(instance);
	Register sourceReg = regAlloc.asImmediate(source, constantV);
	Opcode opc = getPutGetOpcodeWithTypeSuffix("iput", destField.getType());
	return new Insn22c(opc, sourceReg, instanceReg, destField);
}
 

private Insn buildPutInsn(ConcreteRef destRef, Value source) {
	if (destRef instanceof StaticFieldRef) {
		return buildStaticFieldPutInsn((StaticFieldRef) destRef, source);
	} else if (destRef instanceof InstanceFieldRef) {
		return buildInstanceFieldPutInsn((InstanceFieldRef) destRef, source);
	} else if (destRef instanceof ArrayRef) {
		return buildArrayPutInsn((ArrayRef) destRef, source);
	} else {
		throw new RuntimeException("unsupported type of ConcreteRef: " + destRef.getClass());
	}
}
 

private Insn buildGetInsn(ConcreteRef sourceRef, Register destinationReg) {
	if (sourceRef instanceof StaticFieldRef) {
		return buildStaticFieldGetInsn(destinationReg, (StaticFieldRef) sourceRef);
	} else if (sourceRef instanceof InstanceFieldRef) {
		return buildInstanceFieldGetInsn(destinationReg, (InstanceFieldRef) sourceRef);
	} else if (sourceRef instanceof ArrayRef) {
		return buildArrayGetInsn(destinationReg, (ArrayRef) sourceRef);
	} else {
		throw new RuntimeException("unsupported type of ConcreteRef: " + sourceRef.getClass());
	}
}
 

protected FieldWritePOI createFieldStore(Statement s) {
    Stmt stmt = s.getUnit().get();
    AssignStmt as = (AssignStmt) stmt;
    InstanceFieldRef ifr = (InstanceFieldRef) as.getLeftOp();
    Val base = new Val(ifr.getBase(), icfg().getMethodOf(as));
    Val stored = new Val(as.getRightOp(), icfg().getMethodOf(as));
    Field field = new Field(ifr.getField());
    return fieldWrites.getOrCreate(new FieldWritePOI(s, base, field, stored));
}
 

public static boolean isFieldStore(Statement s) {
    Optional<Stmt> optUnit = s.getUnit();
    if (optUnit.isPresent()) {
        Stmt stmt = optUnit.get();
        if (stmt instanceof AssignStmt && ((AssignStmt) stmt).getLeftOp() instanceof InstanceFieldRef) {
            return true;
        }
    }
    return false;
}
 

private void handleFieldRef(FieldRef fieldRef,
		AnalysisInfo out) {
	if(fieldRef instanceof InstanceFieldRef) {
		InstanceFieldRef instanceFieldRef = (InstanceFieldRef) fieldRef;
		//here we know that the receiver must point to an object
		Value base = instanceFieldRef.getBase();
		out.put(base,NON_NULL);
	}
}
 

private void handleFieldRef(FieldRef fieldRef,
			AnalysisInfo out) {
		if(fieldRef instanceof InstanceFieldRef) {
			InstanceFieldRef instanceFieldRef = (InstanceFieldRef) fieldRef;
			//here we know that the receiver must point to an object
			Value base = instanceFieldRef.getBase();
			out.put(base,NON_NULL);
		}
		//but the referenced object might point to everything
//		out.put(fieldRef, TOP);
	}
 

public static boolean isFieldLoad(Statement s) {
    Optional<Stmt> optUnit = s.getUnit();
    if (optUnit.isPresent()) {
        Stmt stmt = optUnit.get();
        if (stmt instanceof AssignStmt && ((AssignStmt) stmt).getRightOp() instanceof InstanceFieldRef) {
            return true;
        }
    }
    return false;
}
 

/**
 * Gets whether a value and an access path may potentially point to the same
 * runtime object
 * @param ap The access path
 * @param val The value
 * @return The access path that actually matched if the given value and
 * access path alias. In the simplest case, this is the given access path.
 * When using recursive access paths, it can however also be a base
 * expansion. If the given access path and value do not alias, null is
 * returned.
 */
public AccessPath mayAlias(AccessPath ap, Value val) {
	// What cannot be represented in an access path cannot alias
	if (!AccessPath.canContainValue(val))
		return null;
	
	// Constants can never alias
	if (val instanceof Constant)
		return null;
	
	// For instance field references, the base must match
	if (val instanceof Local)
		if (ap.getPlainValue() != val)
			return null;
	
	// For array references, the base must match
	if (val instanceof ArrayRef)
		if (ap.getPlainValue() != ((ArrayRef) val).getBase())
			return null;
	
	// For instance field references, the base local must match
	if (val instanceof InstanceFieldRef) {
		if (!ap.isLocal() && !ap.isInstanceFieldRef())
			return null;
		if (((InstanceFieldRef) val).getBase() != ap.getPlainValue())
			return null;
	}
	
	// If the value is a static field reference, the access path must be
	// static as well
	if (val instanceof StaticFieldRef)
		if (!ap.isStaticFieldRef())
			return null;
					
	// If we have an interactive aliasing algorithm, we check that as well
	/*
	if (aliasingStrategy.isInteractive())
		return aliasingStrategy.mayAlias(new AccessPath(val1, false), new AccessPath(val2, false));
	*/
	
	// Get the field set from the value
	SootField[] fields = val instanceof FieldRef
			? new SootField[] { ((FieldRef) val).getField() } : new SootField[0];
	return getReferencedAPBase(ap, fields);
}
 

private boolean isFieldRef(Value op) {
    return op instanceof InstanceFieldRef || op instanceof StaticFieldRef;
}
 

/**
 * Returns a call flow function.
 * 
 * @param src A statement that is the source of a call edge in the call graph. This is generally a
 *          call statement, but field accesses can also lead to edges leading to class
 *          initializers.
 * @param dest The destination method.
 * @param zeroValue The zero value for the analysis, which represents the absence of a data flow
 *          fact.
 * @return The call flow function for the input statement.
 */
public FlowFunction<Value> getCallFlowFunction(Unit src, final SootMethod dest,
    final Value zeroValue) {
  if (logger.isDebugEnabled()) {
    logger.debug("Call: " + src);
  }

  String declaringClass = dest.getDeclaringClass().getName();

  if (!AnalysisParameters.v().isAnalysisClass(declaringClass)) {
    // Only propagate through analysis classes.
    return KillAll.v();
  }

  Stmt stmt = (Stmt) src;
  // Some statements other than call statements (e.g., field accesses) can lead to call edges to
  // class initializers.
  boolean containsInvokeExpr = stmt.containsInvokeExpr();

  final InvokeExpr ie = containsInvokeExpr ? stmt.getInvokeExpr() : null;

  if (containsInvokeExpr
      && (Model.v().getArgumentsForGenMethod(ie) != null || Model.v()
          .getArgumentsForCopyConstructor(ie.getMethodRef()) != null)) {
    return KillAll.v();
  }

  return new FlowFunction<Value>() {
    @Override
    public Set<Value> computeTargets(Value source) {
      if (logger.isDebugEnabled()) {
        logger.debug("Source: " + source);
      }

      if (dest.getName().equals(SootMethod.staticInitializerName)) {
        if (source instanceof FieldRef) {
          return Collections.singleton(source);
        } else {
          return Collections.emptySet();
        }
      }

      final List<Value> paramLocals = new ArrayList<Value>();

      for (int i = 0; i < dest.getParameterCount(); ++i) {
        // TODO (Damien): maybe activate again?
        // if (ie.getArg(i) instanceof NullConstant && source.equals(zeroValue)) {
        // return Collections.singleton((Value) dest.getActiveBody().getParameterLocal(i));
        // }
        paramLocals.add(dest.getActiveBody().getParameterLocal(i));
      }

      int argIndex = FunctionFactoryUtils.shouldPropagateSource(source, ie.getArgs());
      if (argIndex != -1) {
        if (logger.isDebugEnabled()) {
          logger.debug("Returning " + paramLocals.get(argIndex));
        }
        return Collections.singleton(paramLocals.get(argIndex));
      }

      if (source instanceof StaticFieldRef) {
        // Always propagate static fields.
        return Collections.singleton(source);
      } else if (source instanceof InstanceFieldRef) {
        if (FunctionFactoryUtils.shouldPropagateInstanceField((InstanceFieldRef) source, ie)) {
          return Collections.singleton(source);
        }
      }

      if (logger.isDebugEnabled()) {
        logger.debug("Returning empty set");
      }
      return Collections.emptySet();
    }
  };
}
 

protected Field getLoadedField(Stmt curr) {
    AssignStmt as = (AssignStmt) curr;
    InstanceFieldRef ifr = (InstanceFieldRef) as.getRightOp();
    return new Field(ifr.getField());
}
 

public void caseInstanceFieldRef(InstanceFieldRef ref) {
    result = result.add(mgr.RESOLVE_FIELD_ERRORS);
    result = result.add(mgr.NULL_POINTER_EXCEPTION);
    result = result.add(mightThrow(ref.getBase()));
}
 

private void convertPutFieldInsn(FieldInsnNode insn) {
	boolean instance = insn.getOpcode() == PUTFIELD;
	StackFrame frame = getFrame(insn);
	Operand[] out = frame.out();
	Operand opr, rvalue;
	Type type;
	if (out == null) {
		SootClass declClass = Scene.v().getSootClass(
				AsmUtil.toQualifiedName(insn.owner));
		type = AsmUtil.toJimpleType(insn.desc);
		Value val;
		SootFieldRef ref;
		rvalue = popImmediate(type);
		if (!instance) {
			ref = Scene.v().makeFieldRef(declClass, insn.name, type, true);
			val = Jimple.v().newStaticFieldRef(ref);
			frame.in(rvalue);
		} else {
			Operand base = popLocal();
			ref = Scene.v().makeFieldRef(declClass, insn.name, type, false);
			InstanceFieldRef ifr =
					Jimple.v().newInstanceFieldRef(
							base.stackOrValue(), ref);
			val = ifr;
			base.addBox(ifr.getBaseBox());
			frame.in(rvalue, base);
		}
		opr = new Operand(insn, val);
		frame.out(opr);
		AssignStmt as = Jimple.v().newAssignStmt(val, rvalue.stackOrValue()); 
		rvalue.addBox(as.getRightOpBox());
		if (!instance) {
			frame.boxes(as.getRightOpBox());
		} else {
			frame.boxes(as.getRightOpBox(),
					((InstanceFieldRef) val).getBaseBox());
		}
		setUnit(insn, as);
	} else {
		opr = out[0];
		type = opr.<FieldRef>value().getFieldRef().type();
		rvalue = pop(type);
		if (!instance) {
			/* PUTSTATIC only needs one operand on the stack, the rvalue */
			frame.mergeIn(rvalue);
		} else {
			/* PUTFIELD has a rvalue and a base */
			frame.mergeIn(rvalue, pop());
		}
	}
	/*
	 * in case any static field or array is read from, and the static constructor
	 * or the field this instruction writes to, modifies that field, write out any
	 * previous read from field/array
	 */
	assignReadOps(null);
}
 

private void javafy_ref(ValueBox vb) {
	Ref r = (Ref) vb.getValue();

	if (r instanceof StaticFieldRef) {
		SootFieldRef fieldRef = ((StaticFieldRef) r).getFieldRef();
		//addPackage(fieldRef.declaringClass().getJavaPackageName());
		
		String className = fieldRef.declaringClass().toString();
		String packageName = fieldRef.declaringClass().getJavaPackageName();
		
		String classPackageName = packageName;
		
		if (className.lastIndexOf('.') > 0) {// 0 doesnt make sense
			classPackageName = className.substring(0, className.lastIndexOf('.'));
		}
		if(!packageName.equals(classPackageName))
			throw new DecompilationException("Unable to retrieve package name for identifier. Please report to developer.");
		
		addToImportList(className);
		
		
		vb.setValue(new DStaticFieldRef(fieldRef, getMethod().getDeclaringClass().getName()));
	} else if (r instanceof ArrayRef) {
		ArrayRef ar = (ArrayRef) r;

		javafy(ar.getBaseBox());
		javafy(ar.getIndexBox());
	}

	else if (r instanceof InstanceFieldRef) {
		InstanceFieldRef ifr = (InstanceFieldRef) r;

		javafy(ifr.getBaseBox());

		vb.setValue(new DInstanceFieldRef(ifr.getBase(), ifr.getFieldRef(),
				thisLocals));
	}

	else if (r instanceof ThisRef) {
		ThisRef tr = (ThisRef) r;

		vb.setValue(new DThisRef((RefType) tr.getType()));
	}
}
 

private void handleInstanceFieldRef(InstanceFieldRef ifr, Stmt stmt)
{
	ifr.setBase(this.uv.visit(ifr.getBase(),
		ifr.getFieldRef().declaringClass().getType(), stmt));
}