Java Code Examples for soot.jimple.ReturnStmt#getOp()
The following examples show how to use
soot.jimple.ReturnStmt#getOp() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: JimpleStmtVisitorImpl.java From FuzzDroid with Apache License 2.0 | 6 votes |
|
@Override
public void caseReturnStmt(ReturnStmt stmt) {
//in case of return CONSTANT, we do nothing; unfortunately, this is part of FlowDroid's path
if(stmt.getOp() instanceof Constant)
return;
int index = jimpleDataFlowStatements.indexOf(stmt);
AccessPath ap = accessPathPath.get(index);
Local local = ap.getPlainValue();
SMTBinding lhs = createNewBindingForValue(local);
addValueBindingToVariableDeclaration(local, lhs);
if(!hasBindingForValue(stmt.getOp()))
throw new RuntimeException("There has to be a tainted value");
SMTBinding rhs = getLatestBindingForValue(stmt.getOp());
SMTSimpleAssignment simpleAss = new SMTSimpleAssignment(lhs, new SMTBindingValue(rhs));
SMTAssertStatement assertStmt = new SMTAssertStatement(simpleAss);
addAssertStmtToAllPrograms(assertStmt);
}
Example 2
| Source File: ConstraintChecker.java From JAADAS with GNU General Public License v3.0 | 6 votes |
|
public void caseReturnStmt(ReturnStmt stmt) {
if (stmt.getOp() instanceof Local) {
if (((Local) stmt.getOp()).getType() instanceof IntegerType) {
if (!ClassHierarchy
.v()
.typeNode(((Local) stmt.getOp()).getType())
.hasAncestor_1(
ClassHierarchy.v().typeNode(
stmtBody.getMethod().getReturnType()))) {
if (fix) {
stmt.setOp(insertCast((Local) stmt.getOp(), stmtBody
.getMethod().getReturnType(), stmt));
} else {
error("Type Error(19)");
}
}
}
}
}
Example 3
| Source File: StmtVisitor.java From JAADAS with GNU General Public License v3.0 | 6 votes |
|
@Override
public void caseReturnStmt(ReturnStmt stmt) {
Value returnValue = stmt.getOp();
constantV.setOrigStmt(stmt);
Register returnReg = regAlloc.asImmediate(returnValue, constantV);
Opcode opc;
Type retType = returnValue.getType();
if (SootToDexUtils.isObject(retType)) {
opc = Opcode.RETURN_OBJECT;
} else if (SootToDexUtils.isWide(retType)) {
opc = Opcode.RETURN_WIDE;
} else {
opc = Opcode.RETURN;
}
addInsn(new Insn11x(opc, returnReg), stmt);
}
Example 4
| Source File: ConstraintCollector.java From JAADAS with GNU General Public License v3.0 | 5 votes |
|
public void caseReturnStmt(ReturnStmt stmt) {
if (uses) {
if (stmt.getOp() instanceof Local) {
if (((Local) stmt.getOp()).getType() instanceof IntegerType) {
resolver.typeVariable((Local) stmt.getOp()).addParent(
resolver.typeVariable(stmtBody.getMethod().getReturnType()));
}
}
}
}
Example 5
| Source File: ConstraintCollector.java From JAADAS with GNU General Public License v3.0 | 5 votes |
|
public void caseReturnStmt(ReturnStmt stmt) {
if (uses) {
if (stmt.getOp() instanceof Local) {
resolver.typeVariable((Local) stmt.getOp()).addParent(
resolver.typeVariable(stmtBody.getMethod().getReturnType()));
}
}
}
Example 6
| Source File: CastAndReturnInliner.java From JAADAS with GNU General Public License v3.0 | 5 votes |
|
@Override
protected void internalTransform(Body body, String phaseName,
Map<String, String> options) {
Iterator<Unit> it = body.getUnits().snapshotIterator();
while (it.hasNext()) {
Unit u = it.next();
if (u instanceof GotoStmt) {
GotoStmt gtStmt = (GotoStmt) u;
if (gtStmt.getTarget() instanceof AssignStmt) {
AssignStmt assign = (AssignStmt) gtStmt.getTarget();
if (assign.getRightOp() instanceof CastExpr) {
CastExpr ce = (CastExpr) assign.getRightOp();
// We have goto that ends up at a cast statement
Unit nextStmt = body.getUnits().getSuccOf(assign);
if (nextStmt instanceof ReturnStmt) {
ReturnStmt retStmt = (ReturnStmt) nextStmt;
if (retStmt.getOp() == assign.getLeftOp()) {
// We need to replace the GOTO with the return
ReturnStmt newStmt = (ReturnStmt) retStmt.clone();
newStmt.setOp(ce.getOp());
for (Trap t : body.getTraps())
for (UnitBox ubox : t.getUnitBoxes())
if (ubox.getUnit() == gtStmt)
ubox.setUnit(newStmt);
while (!gtStmt.getBoxesPointingToThis().isEmpty())
gtStmt.getBoxesPointingToThis().get(0).setUnit(newStmt);
body.getUnits().swapWith(gtStmt, newStmt);
}
}
}
}
}
}
}
Example 7
| Source File: ICCInstrumentDestination.java From soot-infoflow-android-iccta with GNU Lesser General Public License v2.1 | 5 votes |
|
public void instrumentOnBindMethod(SootClass sootClass, SootField ibinder_for_ipc)
{
SootMethod onBindMethod = null;
try
{
onBindMethod = sootClass.getMethodByName("onBind");
}
catch (RuntimeException ex)
{
}
if (null == onBindMethod)
{
return;
}
Body body = onBindMethod.retrieveActiveBody();
PatchingChain<Unit> units = body.getUnits();
for (Iterator<Unit> iter = units.snapshotIterator(); iter.hasNext(); )
{
Stmt stmt = (Stmt) iter.next();
if (stmt instanceof ReturnStmt)
{
ReturnStmt rtStmt = (ReturnStmt) stmt;
Value rtValue = rtStmt.getOp();
Unit setIBinderU = Jimple.v().newAssignStmt(
Jimple.v().newStaticFieldRef(ibinder_for_ipc.makeRef()),
rtValue);
units.insertBefore(setIBinderU, rtStmt);
}
}
}
Example 8
| Source File: DexReturnValuePropagator.java From JAADAS with GNU General Public License v3.0 | 4 votes |
|
@Override
protected void internalTransform(Body body, String phaseName, Map<String, String> options) {
ExceptionalUnitGraph graph = new ExceptionalUnitGraph(body, DalvikThrowAnalysis.v(), true);
LocalDefs localDefs = LocalDefs.Factory.newLocalDefs(graph);
LocalUses localUses = null;
LocalCreation localCreation = null;
// If a return statement's operand has only one definition and this is
// a copy statement, we take the original operand
for (Unit u : body.getUnits())
if (u instanceof ReturnStmt) {
ReturnStmt retStmt = (ReturnStmt) u;
if (retStmt.getOp() instanceof Local) {
List<Unit> defs = localDefs.getDefsOfAt((Local) retStmt.getOp(), retStmt);
if (defs.size() == 1 && defs.get(0) instanceof AssignStmt) {
AssignStmt assign = (AssignStmt) defs.get(0);
final Value rightOp = assign.getRightOp();
final Value leftOp = assign.getLeftOp();
// Copy over the left side if it is a local
if (rightOp instanceof Local) {
// We must make sure that the definition we propagate to
// the return statement is not overwritten in between
// a = 1; b = a; a = 3; return b; may not be translated
// to return a;
if (!isRedefined((Local) rightOp, u, assign, graph))
retStmt.setOp(rightOp);
}
else if (rightOp instanceof Constant) {
retStmt.setOp(rightOp);
}
// If this is a field access which has no other uses,
// we rename the local to help splitting
else if (rightOp instanceof FieldRef) {
if (localUses == null)
localUses = LocalUses.Factory.newLocalUses(body, localDefs);
if (localUses.getUsesOf(assign).size() == 1) {
if (localCreation == null)
localCreation = new LocalCreation(body.getLocals(), "ret");
Local newLocal = localCreation.newLocal(leftOp.getType());
assign.setLeftOp(newLocal);
retStmt.setOp(newLocal);
}
}
}
}
}
}
Example 9
| Source File: ClassValueAnalysis.java From DroidRA with GNU Lesser General Public License v2.1 | 4 votes |
|
/**
* Returns the variable values that are associated with an call statement.
*
* @param sourceStmt The statement at which we should start.
* @param visitedStmts The set of visited statements.
* @return The set of possible values.
*/
protected Set<Object> handleInvokeExpression(Stmt sourceStmt, Set<Stmt> visitedStmts) {
if (visitedStmts.contains(sourceStmt)) {
return Collections.emptySet();
} else {
visitedStmts.add(sourceStmt);
}
Iterator<Edge> edges = Scene.v().getCallGraph().edgesOutOf(sourceStmt);
Set<Object> result = new HashSet<>();
while (edges.hasNext()) {
Edge edge = edges.next();
SootMethod target = edge.getTgt().method();
if (target.isConcrete()) {
for (Unit unit : target.getActiveBody().getUnits()) {
if (unit instanceof ReturnStmt) {
ReturnStmt returnStmt = (ReturnStmt) unit;
Value returnValue = returnStmt.getOp();
if (returnValue instanceof StringConstant) {
result.add(((StringConstant) returnValue).value);
} else if (returnValue instanceof ClassConstant) {
result.add(((ClassConstant) returnValue).value);
} else if (returnValue instanceof Local) {
List<DefinitionStmt> assignStmts =
findAssignmentsForLocal(returnStmt, (Local) returnValue, true,
new HashSet<Pair<Unit, Local>>());
Set<Object> classConstants = processClassAssignments(assignStmts, visitedStmts);
if (classConstants == null || classConstants.contains(TOP_VALUE)
|| classConstants.contains(Constants.ANY_STRING)) {
return null;
} else {
result.addAll(classConstants);
}
} else {
return null;
}
}
}
}
}
return result;
}
Example 10
| Source File: ICCInstrumentDestination.java From soot-infoflow-android-iccta with GNU Lesser General Public License v2.1 | 4 votes |
|
/**
* To extract the real binder type,
* Thus, a more precision way is to perform a type analysis for IBinder reference
*
* @return
*/
public Type extractBinderType(SootClass sootClass)
{
SootMethod onBindMethod = null;
try
{
onBindMethod = sootClass.getMethodByName("onBind");
}
catch (RuntimeException ex)
{
}
if (null == onBindMethod)
{
return null;
}
Body body = onBindMethod.retrieveActiveBody();
PatchingChain<Unit> units = body.getUnits();
for (Iterator<Unit> iter = units.snapshotIterator(); iter.hasNext(); )
{
Stmt stmt = (Stmt) iter.next();
if (stmt instanceof ReturnStmt)
{
ReturnStmt rtStmt = (ReturnStmt) stmt;
Value rtValue = rtStmt.getOp();
if (rtValue.toString().equals("null"))
{
return onBindMethod.getReturnType();
}
return rtValue.getType();
}
}
return onBindMethod.getReturnType();
}
