soot.jimple.InterfaceInvokeExpr Java Examples
The following examples show how to use
soot.jimple.InterfaceInvokeExpr.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: JimpleExprVisitorImpl.java From FuzzDroid with Apache License 2.0 | 5 votes |
|
@Override
public void caseInterfaceInvokeExpr(InterfaceInvokeExpr v) {
if(isSourceMethod(v)) {
StringConstant newSourceValue = StringConstant.v("loggingPoint");
SMTBinding binding = stmtVisitor.createNewBindingForValue(newSourceValue);
stmtVisitor.addValueBindingToVariableDeclaration(newSourceValue, binding);
//no smt-statement required, just return the binding
this.result = binding;
// Additionally check whether the source method need special treatment
if(isExpressionThatNeedsToBeConvertedToSMT(v)) {
convertSpecialExpressionsToSMT(v, currentStatement);
}
}
else if(isExpressionThatNeedsToBeConvertedToSMT(v)){
convertSpecialExpressionsToSMT(v, currentStatement);
}else{
//just propagate the taint value of previous statement
Stmt prevStmt = stmtVisitor.getPreviousDataFlowPathElement(currentStatement);
if(prevStmt == null)
throw new RuntimeException("there is no previous statement");
else{
this.result = stmtVisitor.getBindingForTaintedValue(prevStmt);
if(this.result == null)
throw new RuntimeException("double check this here");
}
}
}
Example #2
| Source File: ExprVisitor.java From JAADAS with GNU General Public License v3.0 | 5 votes |
|
@Override
public void caseInterfaceInvokeExpr(InterfaceInvokeExpr iie) {
BuilderMethodReference method = DexPrinter.toMethodReference
(iie.getMethodRef(), dexFile);
List<Register> arguments = getInstanceInvokeArgumentRegs(iie);
stmtV.addInsn(buildInvokeInsn("INVOKE_INTERFACE", method, arguments), origStmt);
}
Example #3
| Source File: Model.java From DroidRA with GNU Lesser General Public License v2.1 | 5 votes |
|
/**
* Returns the arguments associated with a method descriptor.
*
* @param signatureToMethodDescriptionMap A map from signatures to method descriptors.
* @param invokeExpr An invoke expression.
* @return An array of arguments if arguments are found for the method descriptor, null otherwise.
*/
private Argument[] getArgumentsFromMethodDescription(
Map<String, MethodDescription> signatureToMethodDescriptionMap, InvokeExpr invokeExpr) {
SootMethod method = invokeExpr.getMethod();
String signature = method.getSignature();
MethodDescription methodDescription = signatureToMethodDescriptionMap.get(signature);
if (methodDescription != null) {
return methodDescription.getArguments();
}
signature = method.getSubSignature();
methodDescription = signatureToMethodDescriptionMap.get(signature);
if (methodDescription == null) {
return null;
}
String superclassName = methodDescription.getBaseClass();
if (superclassName == null || !Scene.v().containsClass(superclassName)
|| invokeExpr instanceof InterfaceInvokeExpr) {
return null;
}
SootClass superclass = Scene.v().getSootClass(superclassName);
String baseType;
if (invokeExpr instanceof InstanceInvokeExpr) {
Value baseValue = ((InstanceInvokeExpr) invokeExpr).getBase();
baseType = baseValue.getType().toString();
} else {
baseType = invokeExpr.getMethod().getDeclaringClass().getName();
}
if (Scene.v().containsClass(baseType)
&& Scene.v().getActiveHierarchy()
.isClassSubclassOfIncluding(Scene.v().getSootClass(baseType), superclass)) {
return methodDescription.getArguments();
} else {
return null;
}
}
Example #4
| Source File: ExprTranslator.java From JAADAS with GNU General Public License v3.0 | 4 votes |
|
public void caseInterfaceInvokeExpr(InterfaceInvokeExpr expr) {
caseInstanceInvokeExpr(expr);
}
Example #5
| Source File: ValueTemplatePrinter.java From JAADAS with GNU General Public License v3.0 | 4 votes |
|
public void caseInterfaceInvokeExpr(InterfaceInvokeExpr v) {
printInvokeExpr(v);
}
Example #6
| Source File: OnTheFlyJimpleBasedICFG.java From JAADAS with GNU General Public License v3.0 | 4 votes |
|
public static void main(String[] args) {
PackManager.v().getPack("wjtp").add(new Transform("wjtp.onflyicfg", new SceneTransformer() {
@Override
protected void internalTransform(String phaseName, Map<String, String> options) {
if(Scene.v().hasCallGraph()) throw new RuntimeException("call graph present!");
loadAllClassesOnClassPathToSignatures();
SootMethod mainMethod = Scene.v().getMainMethod();
OnTheFlyJimpleBasedICFG icfg = new OnTheFlyJimpleBasedICFG(mainMethod);
Set<SootMethod> worklist = new LinkedHashSet<SootMethod>();
Set<SootMethod> visited = new HashSet<SootMethod>();
worklist.add(mainMethod);
int monomorphic = 0, polymorphic = 0;
while(!worklist.isEmpty()) {
Iterator<SootMethod> iter = worklist.iterator();
SootMethod currMethod = iter.next();
iter.remove();
visited.add(currMethod);
System.err.println(currMethod);
//MUST call this method to initialize ICFG for every method
Body body = currMethod.getActiveBody();
if(body==null) continue;
for(Unit u: body.getUnits()) {
Stmt s = (Stmt)u;
if(s.containsInvokeExpr()) {
Set<SootMethod> calleesOfCallAt = icfg.getCalleesOfCallAt(s);
if(s.getInvokeExpr() instanceof VirtualInvokeExpr || s.getInvokeExpr() instanceof InterfaceInvokeExpr) {
if(calleesOfCallAt.size()<=1) monomorphic++; else polymorphic++;
System.err.println("mono: "+monomorphic+" poly: "+polymorphic);
}
for (SootMethod callee : calleesOfCallAt) {
if(!visited.contains(callee)) {
System.err.println(callee);
//worklist.add(callee);
}
}
}
}
}
}
}));
Options.v().set_on_the_fly(true);
soot.Main.main(args);
}
Example #7
| Source File: UnitThrowAnalysis.java From JAADAS with GNU General Public License v3.0 | 4 votes |
|
public void caseInterfaceInvokeExpr(InterfaceInvokeExpr expr) {
caseInstanceInvokeExpr(expr);
}
Example #8
| Source File: PolicyEnforcementPoint.java From DroidForce with GNU Lesser General Public License v2.1 | 4 votes |
|
private List<Unit> instrumentIntentAddings(BiDiInterproceduralCFG<Unit, SootMethod> cfg,
Unit unit, InvokeExpr sinkExpr, Set<ResultSourceInfo> sourceInfo){
if(isMethodInterComponentSink(sinkExpr.getMethod())){
SootMethod method = cfg.getMethodOf(unit);
Body body = null;
if(method.hasActiveBody())
body = method.retrieveActiveBody();
else
throw new RuntimeException("No body found!");
Set<String> sourceCategories = getDataIdList(sourceInfo);
final String hashSetType = "java.util.HashSet";
List<Unit> generated = new ArrayList<Unit>();
//HashSet initialization
Local hashSetLocal = generateFreshLocal(body, RefType.v(hashSetType));
NewExpr newExpr = Jimple.v().newNewExpr(RefType.v(hashSetType));
AssignStmt assignStmt = Jimple.v().newAssignStmt(hashSetLocal, newExpr);
generated.add(assignStmt);
//constructor call
SpecialInvokeExpr constructorCall = Jimple.v().newSpecialInvokeExpr(hashSetLocal, Scene.v().getMethod("<java.util.HashSet: void <init>()>").makeRef());
InvokeStmt constructorCallStmt = Jimple.v().newInvokeStmt(constructorCall);
generated.add(constructorCallStmt);
//add categories to HashSet
for(String cat : sourceCategories){
InterfaceInvokeExpr addCall = Jimple.v().newInterfaceInvokeExpr(hashSetLocal, Scene.v().getMethod("<java.util.Set: boolean add(java.lang.Object)>").makeRef(), StringConstant.v(cat));
InvokeStmt addCallStmt = Jimple.v().newInvokeStmt(addCall);
generated.add(addCallStmt);
}
//get Intent
Value intent = sinkExpr.getArg(0);
List<Object> args = new ArrayList<Object>();
args.add(RefType.v("android.content.Intent"));
args.add(intent);
args.add(RefType.v(hashSetType));
args.add(hashSetLocal);
StaticInvokeExpr sie = Instrumentation.createJimpleStaticInvokeExpr(
Settings.INSTRUMENTATION_HELPER_JAVA,
"addTaintInformationToIntent",
args);
InvokeStmt invStmt = Jimple.v().newInvokeStmt(sie);
generated.add(invStmt);
return generated;
}
return Collections.emptyList();
}
Example #9
| Source File: PointsToAnalysis.java From vasco with GNU Lesser General Public License v2.1 | 4 votes |
|
/**
* Computes the targets of an invoke expression using a given points-to graph.
*
* <p>For static invocations, there is only target. For instance method
* invocations, the targets depend on the type of receiver objects pointed-to
* by the instance variable whose method is being invoked.</p>
*
* <p>If the instance variable points to a summary node, then the returned
* value is <tt>null</tt> signifying a <em>default</em> call-site.</p>
*/
private Set<SootMethod> getTargets(SootMethod callerMethod, Stmt callStmt, InvokeExpr ie, PointsToGraph ptg) {
Set<SootMethod> targets = new HashSet<SootMethod>();
SootMethod invokedMethod = ie.getMethod();
String subsignature = invokedMethod.getSubSignature();
// Static and special invocations refer to the target method directly
if (ie instanceof StaticInvokeExpr || ie instanceof SpecialInvokeExpr) {
targets.add(invokedMethod);
return targets;
} else {
assert (ie instanceof InterfaceInvokeExpr || ie instanceof VirtualInvokeExpr);
// Get the receiver
Local receiver = (Local) ((InstanceInvokeExpr) ie).getBase();
// Get what objects the receiver points-to
Set<AnyNewExpr> heapNodes = ptg.getTargets(receiver);
if (heapNodes != null) {
// For each object, find the invoked method for the declared type
for (AnyNewExpr heapNode : heapNodes) {
if (heapNode == PointsToGraph.SUMMARY_NODE) {
// If even one pointee is a summary node, then this is a default site
return null;
} else if (heapNode instanceof NewArrayExpr) {
// Probably getClass() or something like that on an array
return null;
}
// Find the top-most class that declares a method with the given
// signature and add it to the resulting targets
SootClass sootClass = ((RefType) heapNode.getType()).getSootClass();
do {
if (sootClass.declaresMethod(subsignature)) {
targets.add(sootClass.getMethod(subsignature));
break;
} else if (sootClass.hasSuperclass()) {
sootClass = sootClass.getSuperclass();
} else {
sootClass = null;
}
} while (sootClass != null);
}
}
if (targets.isEmpty()) {
// System.err.println("Warning! Null call at: " + callStmt+ " in " + callerMethod);
}
return targets;
}
}
