Java Code Examples for soot.jimple.InvokeExpr#getArgCount()
The following examples show how to use
soot.jimple.InvokeExpr#getArgCount() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: SignAnalysis.java From vasco with GNU Lesser General Public License v2.1 | 6 votes |
|
@Override
public Map<Local, SignAnalysis.Sign> callEntryFlowFunction(
Context<SootMethod, Unit, Map<Local, SignAnalysis.Sign>> context, SootMethod calledMethod, Unit unit,
Map<Local, SignAnalysis.Sign> inValue) {
// Initialise result to empty map
Map<Local, SignAnalysis.Sign> entryValue = topValue();
// Map arguments to parameters
InvokeExpr ie = ((Stmt) unit).getInvokeExpr();
for (int i = 0; i < ie.getArgCount(); i++) {
Value arg = ie.getArg(i);
Local param = calledMethod.getActiveBody().getParameterLocal(i);
assign(param, arg, inValue, entryValue);
}
// And instance of the this local
if (ie instanceof InstanceInvokeExpr) {
Value instance = ((InstanceInvokeExpr) ie).getBase();
Local thisLocal = calledMethod.getActiveBody().getThisLocal();
assign(thisLocal, instance, inValue, entryValue);
}
// Return the entry value at the called method
return entryValue;
}
Example 2
| Source File: CopyConstantAnalysis.java From vasco with GNU Lesser General Public License v2.1 | 6 votes |
|
@Override
public Map<Local, Constant> callEntryFlowFunction(Context<SootMethod, Unit, Map<Local, Constant>> context, SootMethod calledMethod, Unit unit, Map<Local, Constant> inValue) {
// Initialise result to empty map
Map<Local, Constant> entryValue = topValue();
// Map arguments to parameters
InvokeExpr ie = ((Stmt) unit).getInvokeExpr();
for (int i = 0; i < ie.getArgCount(); i++) {
Value arg = ie.getArg(i);
Local param = calledMethod.getActiveBody().getParameterLocal(i);
assign(param, arg, inValue, entryValue);
}
// And instance of the this local
if (ie instanceof InstanceInvokeExpr) {
Value instance = ((InstanceInvokeExpr) ie).getBase();
Local thisLocal = calledMethod.getActiveBody().getThisLocal();
assign(thisLocal, instance, inValue, entryValue);
}
// Return the entry value at the called method
return entryValue;
}
Example 3
| Source File: UseChecker.java From JAADAS with GNU General Public License v3.0 | 5 votes |
|
private void handleInvokeExpr(InvokeExpr ie, Stmt stmt)
{
SootMethodRef m = ie.getMethodRef();
if ( ie instanceof InstanceInvokeExpr )
{
InstanceInvokeExpr iie = (InstanceInvokeExpr)ie;
iie.setBase(this.uv.visit(
iie.getBase(),m.declaringClass().getType(), stmt));
}
for ( int i = 0; i < ie.getArgCount(); i++ )
ie.setArg(i, this.uv.visit(
ie.getArg(i), m.parameterType(i), stmt));
}
Example 4
| Source File: DynamicValueTransformer.java From FuzzDroid with Apache License 2.0 | 4 votes |
|
@Override
protected void internalTransform(Body b, String phaseName,
Map<String, String> options) {
// Do not instrument methods in framework classes
if (!canInstrumentMethod(b.getMethod()))
return;
// Iterate over all statements. For each definition statement that
// defines a string, report the string to the server.
for (Iterator<Unit> unitIt = b.getUnits().snapshotIterator(); unitIt.hasNext(); ) {
Unit curUnit = unitIt.next();
// If we're still inside the IdentityStmt block, there's nothing to
// instrument
if (curUnit instanceof IdentityStmt ||
// If this unit was instrumented by another transformer, there's nothing to instrument
curUnit.hasTag(InstrumentedCodeTag.name))
continue;
if (instrumentOnlyComparisons) {
// Is this a comparison?
Stmt curStmt = (Stmt) curUnit;
if (!curStmt.containsInvokeExpr())
continue;
InvokeExpr invExpr = curStmt.getInvokeExpr();
if (comparisonSignatures.contains(invExpr.getMethod().getSignature())) {
if (invExpr instanceof InstanceInvokeExpr)
checkAndReport(b, curStmt, ((InstanceInvokeExpr) invExpr).getBase(), -1);
for (int i = 0; i < invExpr.getArgCount(); i++)
checkAndReport(b, curStmt, invExpr.getArg(i), i);
}
// Do not look for anything else
continue;
}
// We only care about statements that define strings
if (!(curUnit instanceof AssignStmt))
continue;
AssignStmt assignStmt = (AssignStmt) curUnit;
checkAndReport(b, assignStmt, assignStmt.getLeftOp(), -1);
}
}
Example 5
| Source File: JimpleStmtVisitorImpl.java From FuzzDroid with Apache License 2.0 | 4 votes |
|
@Override
public void caseInvokeStmt(InvokeStmt stmt) {
InvokeExpr invokeExpr = stmt.getInvokeExpr();
SootClass declaringClass = invokeExpr.getMethod().getDeclaringClass();
if(exprVisitor.isExpressionThatNeedsToBeConvertedToSMT(invokeExpr))
exprVisitor.convertSpecialExpressionsToSMT(invokeExpr, stmt);
else if(UtilInstrumenter.isAppDeveloperCode(declaringClass)) {
SootMethod method = invokeExpr.getMethod();
Body body = method.retrieveActiveBody();
SMTBinding newRhs = getBindingForTaintedValue(stmt);
//if there is no taint-tracking involved (newRhs == null), we do not have to do anything here
if(newRhs == null)
return;
int indexOfInterest = -1;
for(int i = 0; i < invokeExpr.getArgCount(); i++) {
if(newRhs.getVariableName().equals(invokeExpr.getArg(i).toString())) {
indexOfInterest = i;
break;
}
}
if(indexOfInterest == -1)
return;
for(Unit unit : body.getUnits()) {
if(unit instanceof IdentityStmt) {
IdentityStmt identity = (IdentityStmt)unit;
Value rhs = identity.getRightOp();
if(rhs instanceof ParameterRef) {
ParameterRef param = (ParameterRef)rhs;
if(param.getIndex() == indexOfInterest) {
Value lhs = identity.getLeftOp();
SMTBinding newLhs = createNewBindingForValue(lhs);
addValueBindingToVariableDeclaration(lhs, newLhs);
SMTSimpleAssignment simpleAssignment = new SMTSimpleAssignment(newLhs, new SMTBindingValue(newRhs));
SMTAssertStatement assignmentAssert = new SMTAssertStatement(simpleAssignment);
addAssertStmtToAllPrograms(assignmentAssert);
}
}
}
}
}
else {
System.err.println(String.format("Double-Check if the following method contains useful information which can be extracted: \n%s", stmt));
}
}
Example 6
| Source File: AndroidSourceSinkManager.java From JAADAS with GNU General Public License v3.0 | 4 votes |
|
/**
* Checks whether the given call site indicates a UI source, e.g. a password
* input
*
* @param sCallSite
* The call site that may potentially read data from a sensitive
* UI control
* @param cfg
* The bidirectional control flow graph
* @return True if the given call site reads data from a UI source, false
* otherwise
*/
private boolean isUISource(Stmt sCallSite, InterproceduralCFG<Unit, SootMethod> cfg) {
// If we match input controls, we need to check whether this is a call
// to one of the well-known resource handling functions in Android
if (this.layoutMatching != LayoutMatchingMode.NoMatch && sCallSite.containsInvokeExpr()) {
InvokeExpr ie = sCallSite.getInvokeExpr();
final String signature = methodToSignature.getUnchecked(ie.getMethod());
if (signature.equals(Activity_FindViewById)
|| signature.equals(View_FindViewById)) {
// Perform a constant propagation inside this method exactly
// once
SootMethod uiMethod = cfg.getMethodOf(sCallSite);
if (analyzedLayoutMethods.add(uiMethod))
ConstantPropagatorAndFolder.v().transform(uiMethod.getActiveBody());
// If we match all controls, we don't care about the specific
// control we're dealing with
if (this.layoutMatching == LayoutMatchingMode.MatchAll)
return true;
// If we don't have a layout control list, we cannot perform any
// more specific checks
if (this.layoutControls == null)
return false;
// If we match specific controls, we need to get the ID of
// control and look up the respective data object
if (ie.getArgCount() != 1) {
System.err.println("Framework method call with unexpected " + "number of arguments");
return false;
}
int id = 0;
if (ie.getArg(0) instanceof IntConstant)
id = ((IntConstant) ie.getArg(0)).value;
else if (ie.getArg(0) instanceof Local) {
Integer idVal = findLastResIDAssignment(sCallSite, (Local) ie.getArg(0), (BiDiInterproceduralCFG<Unit, SootMethod>) cfg, new HashSet<Stmt>(cfg.getMethodOf(sCallSite).getActiveBody().getUnits().size()));
if (idVal == null) {
System.err.println("Could not find assignment to local "
+ ((Local) ie.getArg(0)).getName()
+ " in method "
+ cfg.getMethodOf(sCallSite).getSignature());
return false;
} else
id = idVal.intValue();
} else {
System.err.println("Framework method call with unexpected " + "parameter type: " + ie.toString() + ", " + "first parameter is of type " + ie.getArg(0).getClass());
return false;
}
LayoutControl control = this.layoutControls.get(id);
if (control == null) {
System.err.println("Layout control with ID " + id + " not found");
return false;
}
if (this.layoutMatching == LayoutMatchingMode.MatchSensitiveOnly && control.isSensitive())
return true;
}
}
return false;
}
Example 7
| Source File: AndroidSourceSinkManager.java From JAADAS with GNU General Public License v3.0 | 4 votes |
|
/**
* Finds the last assignment to the given local representing a resource ID
* by searching upwards from the given statement
*
* @param stmt
* The statement from which to look backwards
* @param local
* The variable for which to look for assignments
* @return The last value assigned to the given variable
*/
private Integer findLastResIDAssignment(Stmt stmt, Local local, BiDiInterproceduralCFG<Unit, SootMethod> cfg, Set<Stmt> doneSet) {
if (!doneSet.add(stmt))
return null;
// If this is an assign statement, we need to check whether it changes
// the variable we're looking for
if (stmt instanceof AssignStmt) {
AssignStmt assign = (AssignStmt) stmt;
if (assign.getLeftOp() == local) {
// ok, now find the new value from the right side
if (assign.getRightOp() instanceof IntConstant)
return ((IntConstant) assign.getRightOp()).value;
else if (assign.getRightOp() instanceof FieldRef) {
SootField field = ((FieldRef) assign.getRightOp()).getField();
for (Tag tag : field.getTags())
if (tag instanceof IntegerConstantValueTag)
return ((IntegerConstantValueTag) tag).getIntValue();
else
System.err.println("Constant " + field + " was of unexpected type");
} else if (assign.getRightOp() instanceof InvokeExpr) {
InvokeExpr inv = (InvokeExpr) assign.getRightOp();
if (inv.getMethod().getName().equals("getIdentifier") && inv.getMethod().getDeclaringClass().getName().equals("android.content.res.Resources") && this.resourcePackages != null) {
// The right side of the assignment is a call into the
// well-known
// Android API method for resource handling
if (inv.getArgCount() != 3) {
System.err.println("Invalid parameter count for call to getIdentifier");
return null;
}
// Find the parameter values
String resName = "";
String resID = "";
String packageName = "";
// In the trivial case, these values are constants
if (inv.getArg(0) instanceof StringConstant)
resName = ((StringConstant) inv.getArg(0)).value;
if (inv.getArg(1) instanceof StringConstant)
resID = ((StringConstant) inv.getArg(1)).value;
if (inv.getArg(2) instanceof StringConstant)
packageName = ((StringConstant) inv.getArg(2)).value;
else if (inv.getArg(2) instanceof Local)
packageName = findLastStringAssignment(stmt, (Local) inv.getArg(2), cfg);
else {
System.err.println("Unknown parameter type in call to getIdentifier");
return null;
}
// Find the resource
ARSCFileParser.AbstractResource res = findResource(resName, resID, packageName);
if (res != null)
return res.getResourceID();
}
}
}
}
// Continue the search upwards
for (Unit pred : cfg.getPredsOf(stmt)) {
if (!(pred instanceof Stmt))
continue;
Integer lastAssignment = findLastResIDAssignment((Stmt) pred, local, cfg, doneSet);
if (lastAssignment != null)
return lastAssignment;
}
return null;
}
Example 8
| Source File: InterproceduralConstantValuePropagator.java From JAADAS with GNU General Public License v3.0 | 4 votes |
|
/**
* Checks whether all call sites for a specific callee agree on the same
* constant value for one or more arguments. If so, these constant values
* are propagated into the callee.
* @param sm The method for which to look for call sites.
*/
private void propagateConstantsIntoCallee(SootMethod sm) {
Collection<Unit> callSites = icfg.getCallersOf(sm);
if (callSites.isEmpty())
return;
boolean[] isConstant = new boolean[sm.getParameterCount()];
Constant[] values = new Constant[sm.getParameterCount()];
for (int i = 0; i < isConstant.length; i++)
isConstant[i] = true;
// Do all of our callees agree on one constant value?
boolean hasCallSites = false;
for (Unit callSite : callSites) {
// If this call site is in an excluded method, we ignore it
if (excludedMethods != null && excludedMethods.contains(icfg.getMethodOf(callSite)))
continue;
InvokeExpr iiExpr = ((Stmt) callSite).getInvokeExpr();
hasCallSites = true;
// Check whether we have constant parameter values
for (int i = 0; i < iiExpr.getArgCount(); i++) {
final Value argVal = iiExpr.getArg(i);
if (argVal instanceof Constant) {
// If we already have a value for this argument and the
// new one does not agree, this parameter is not globally
// constant.
if (values[i] != null && !values[i].equals(argVal))
isConstant[i] = false;
else
values[i] = (Constant) argVal;
}
else
isConstant[i] = false;
}
}
if (hasCallSites) {
// Get the constant parameters
List<Unit> inserted = null;
for (int i = 0; i < isConstant.length; i++) {
if (isConstant[i]) {
// Propagate the constant into the callee
Local paramLocal = sm.getActiveBody().getParameterLocal(i);
Unit point = getFirstNonIdentityStmt(sm);
Unit assignConst = Jimple.v().newAssignStmt(paramLocal, values[i]);
sm.getActiveBody().getUnits().insertBefore(assignConst, point);
if (inserted == null)
inserted = new ArrayList<Unit>();
inserted.add(assignConst);
}
}
// Propagate the constant inside the callee
if (inserted != null) {
ConstantPropagatorAndFolder.v().transform(sm.getActiveBody());
for (Unit u : inserted)
sm.getActiveBody().getUnits().remove(u);
}
}
}
