public static PushInst getPushInitializer(Local l, Type t) { if (t instanceof IntegerType) { return Baf.v().newPushInst(IntConstant.v(soot.jbco.util.Rand.getInt())); } else if (t instanceof RefLikeType || t instanceof StmtAddressType) { return Baf.v().newPushInst(NullConstant.v()); } else if (t instanceof LongType) { return Baf.v().newPushInst(LongConstant.v(soot.jbco.util.Rand.getLong())); } else if (t instanceof FloatType) { return Baf.v().newPushInst( FloatConstant.v(soot.jbco.util.Rand.getFloat())); } else if (t instanceof DoubleType) { return Baf.v().newPushInst( DoubleConstant.v(soot.jbco.util.Rand.getDouble())); } return null; }
@Override protected void internalTransform(Body b, String phaseName, Map<String, String> options) { LocalCreation lc = new LocalCreation(b.getLocals(), "ex"); for (Iterator<Unit> unitIt = b.getUnits().snapshotIterator(); unitIt.hasNext(); ) { Unit u = unitIt.next(); // Check for a null exception if (u instanceof ThrowStmt) { ThrowStmt throwStmt = (ThrowStmt) u; if (throwStmt.getOp() == NullConstant.v() || throwStmt.getOp().equals(IntConstant.v(0)) || throwStmt.getOp().equals(LongConstant.v(0))) { createThrowStmt(b, throwStmt, lc); } } } }
private void checkAccessStmt(Stmt sootStmt, SootMethod currentMethod) { if(sootStmt.containsFieldRef()) { SootField accessField = sootStmt.getFieldRef().getField(); boolean isWrite = (((DefinitionStmt)sootStmt).getLeftOp() instanceof FieldRef); boolean isStatic = (sootStmt.getFieldRef() instanceof StaticFieldRef); Value object = isStatic ? NullConstant.v() : ((InstanceFieldRef)sootStmt.getFieldRef()).getBase(); String methodSig = currentMethod.getSignature(); List<Value> currentLocks = new ArrayList<Value>(lockStack); System.out.println(isWrite+" access on "+isStatic+" field "+accessField+" of "+object+" in "+methodSig+" with "+currentLocks.size()+" locks"); if(!variableAccesses.containsKey(methodSig)) { variableAccesses.put(methodSig, new HashSet<VariableAccess>()); } variableAccesses.get(currentMethod.getSignature()).add( new VariableAccess(accessField, sootStmt, currentMethod, isWrite, isStatic, currentLocks)); } }
/** * This is a helper function to suppress false positives: Sometimes, * when try-catch with resources is being used * @param v * @return */ private boolean isTrivialNullCheck(Value v) { if (v instanceof BinopExpr) { BinopExpr bo = (BinopExpr)v; if (bo.getOp2() instanceof NullConstant && bo.getSymbol().equals(" == ")) { //now it gets itchy. We want to catch only that case //where the bytecode introduces a renaming of null and //does this unreachable null check. if (bo.getOp1() instanceof Local) { Local l = (Local)bo.getOp1(); if (l.getType() instanceof NullType) { return true; } } } } return false; }
public static Value getDefaultValue(Type type) { if ((type instanceof BooleanType) || (type instanceof ByteType) || (type instanceof CharType) || (type instanceof DoubleType) || (type instanceof FloatType) || (type instanceof IntType) || (type instanceof LongType) || (type instanceof ShortType)) { return IntConstant.v(0); } else { return NullConstant.v(); } }
private void instrumentEachBranchAccess(Body body, IfStmt ifStmt){ String methodSignature = body.getMethod().getSignature(); String condition = ifStmt.getCondition().toString(); Unit generatedJimpleCodeForBranch = UtilInstrumenter.makeJimpleStaticCallForPathExecution("logInfoAboutBranchAccess", RefType.v("java.lang.String"), StringConstant.v(methodSignature), RefType.v("java.lang.String"), StringConstant.v(condition), RefType.v("java.lang.String"), NullConstant.v() ); generatedJimpleCodeForBranch.addTag(new InstrumentedCodeTag()); Unit generatedJimpleCodeThenBranch = UtilInstrumenter.makeJimpleStaticCallForPathExecution("logInfoAboutBranchAccess", RefType.v("java.lang.String"), StringConstant.v(methodSignature), RefType.v("java.lang.String"), NullConstant.v(), RefType.v("java.lang.String"), StringConstant.v("then branch") ); generatedJimpleCodeThenBranch.addTag(new InstrumentedCodeTag()); Unit generatedJimpleCodeElseBranch = UtilInstrumenter.makeJimpleStaticCallForPathExecution("logInfoAboutBranchAccess", RefType.v("java.lang.String"), StringConstant.v(methodSignature), RefType.v("java.lang.String"), NullConstant.v(), RefType.v("java.lang.String"), StringConstant.v("else branch") ); generatedJimpleCodeElseBranch.addTag(new InstrumentedCodeTag()); body.getUnits().insertBefore(generatedJimpleCodeForBranch, ifStmt); //treatment of target statement ("true"-branch) Stmt targetStmt = ifStmt.getTarget(); if(!branchTargetStmt.contains(targetStmt.toString())) { branchTargetStmt.add(generatedJimpleCodeThenBranch.toString()); body.getUnits().insertBefore(generatedJimpleCodeThenBranch, targetStmt); } //treatment of "else"-branch body.getUnits().insertAfter(generatedJimpleCodeElseBranch, ifStmt); }
public void redirectGetSystemServiceCalls(Body b, List<Unit> getSSStmt, List<String> sSNames, SootClass servicesInitClass) { if (getSSStmt.size() != sSNames.size()) { int callNbr = getSSStmt.size(); int namesNbr = sSNames.size(); throw new RuntimeException("[Error] System Services get calls units should all correspond to a service name! calls: "+ callNbr +" names: "+ namesNbr); } PatchingChain<Unit> units = b.getUnits(); int i = 0; for (Unit u: getSSStmt) { // must be an assignment of the type: r = c.getSystemService("serviceName") if (!(u instanceof AssignStmt)) { throw new RuntimeException("[Error] must be assign statement! Current statement is: "+ u); } // current assignment statement AssignStmt ass = (AssignStmt)u; // create new assignment statement: replacement of call to getSystemService by a reference to // the static field ref to the service (which is created in a custom class called ServicesInit.java) //RefType rt = RefType.v("ServicesInit"); Unit newU = null; if (!servicesInitClass.declaresFieldByName(sSNames.get(i))) { System.out.println("[Warning] servicesInit class does not contain field '"+ sSNames.get(i) +"' replacing statement by nop."); newU = Jimple.v().newAssignStmt(ass.getLeftOp(), NullConstant.v());//Jimple.v().newNopStmt(); } else { SootField sf = servicesInitClass.getFieldByName(sSNames.get(i)); //new SootField(sSNames.get(i), rt, Modifier.STATIC); Value rvalue = Jimple.v().newStaticFieldRef(sf.makeRef()); AssignStmt newAss = Jimple.v().newAssignStmt(ass.getLeftOp(), rvalue); newU = (Unit) newAss; } System.out.println("swapping "+ u +" with "+ newU); units.swapWith(u, newU); i++; } }
/** * Creates a synthetic "java.lang.Thread.run()" method implementation that * calls the target previously passed in when the constructor was called * @param smRun The run() method for which to create a synthetic * implementation * @param runnable The "java.lang.Runnable" interface * @param fldTarget The field containing the target object */ private void patchThreadRunMethod(SootMethod smRun, SootClass runnable, SootField fldTarget) { SootClass sc = smRun.getDeclaringClass(); Body b = Jimple.v().newBody(smRun); smRun.setActiveBody(b); Local thisLocal = Jimple.v().newLocal("this", sc.getType()); b.getLocals().add(thisLocal); b.getUnits().add(Jimple.v().newIdentityStmt(thisLocal, Jimple.v().newThisRef(sc.getType()))); Local targetLocal = Jimple.v().newLocal("target", runnable.getType()); b.getLocals().add(targetLocal); b.getUnits().add(Jimple.v().newAssignStmt(targetLocal, Jimple.v().newInstanceFieldRef(thisLocal, fldTarget.makeRef()))); Unit retStmt = Jimple.v().newReturnVoidStmt(); // If (this.target == null) return; b.getUnits().add(Jimple.v().newIfStmt(Jimple.v().newEqExpr(targetLocal, NullConstant.v()), retStmt)); // Invoke target.run() b.getUnits().add(Jimple.v().newInvokeStmt(Jimple.v().newInterfaceInvokeExpr(targetLocal, runnable.getMethod("void run()").makeRef()))); b.getUnits().add(retStmt); }
private void handleEqualityOrNonEqualityCheck(AbstractBinopExpr eqExpr, AnalysisInfo in, AnalysisInfo out, AnalysisInfo outBranch) { Value left = eqExpr.getOp1(); Value right = eqExpr.getOp2(); Value val=null; if(left==NullConstant.v()) { if(right!=NullConstant.v()) { val = right; } } else if(right==NullConstant.v()) { if(left!=NullConstant.v()) { val = left; } } //if we compare a local with null then process further... if(val!=null && val instanceof Local) { if(eqExpr instanceof JEqExpr) //a==null handleEquality(val, out, outBranch); else if(eqExpr instanceof JNeExpr) //a!=null handleNonEquality(val, out, outBranch); else throw new IllegalStateException("unexpected condition: "+eqExpr.getClass()); } }
private void handleRefTypeAssignment(DefinitionStmt assignStmt, AnalysisInfo out) { Value left = assignStmt.getLeftOp(); Value right = assignStmt.getRightOp(); //unbox casted value if(right instanceof JCastExpr) { JCastExpr castExpr = (JCastExpr) right; right = castExpr.getOp(); } //if we have a definition (assignment) statement to a ref-like type, handle it, if ( isAlwaysNonNull(right) || right instanceof NewExpr || right instanceof NewArrayExpr || right instanceof NewMultiArrayExpr || right instanceof ThisRef || right instanceof StringConstant || right instanceof ClassConstant || right instanceof CaughtExceptionRef) { //if we assign new... or @this, the result is non-null out.put(left,NON_NULL); } else if(right==NullConstant.v()) { //if we assign null, well, it's null out.put(left, NULL); } else if(left instanceof Local && right instanceof Local) { out.put(left, out.get(right)); } else { out.put(left, TOP); } }
public void internalTransform(Body body, String phaseName, Map<String,String> options) { // really, the analysis should be able to use its own results to determine // that some branches are dead, but since it doesn't we just iterate. boolean changed; do { changed=false; NullnessAnalysis analysis=analysisFactory.newAnalysis(new ExceptionalUnitGraph(body)); Chain<Unit> units=body.getUnits(); Stmt s; for(s=(Stmt) units.getFirst();s!=null;s=(Stmt) units.getSuccOf(s)) { if(!(s instanceof IfStmt)) continue; IfStmt is=(IfStmt) s; Value c=is.getCondition(); if(!(c instanceof EqExpr || c instanceof NeExpr)) continue; BinopExpr e=(BinopExpr) c; Immediate i=null; if(e.getOp1() instanceof NullConstant) i=(Immediate) e.getOp2(); if(e.getOp2() instanceof NullConstant) i=(Immediate) e.getOp1(); if(i==null) continue; boolean alwaysNull = analysis.isAlwaysNullBefore(s, i); boolean alwaysNonNull = analysis.isAlwaysNonNullBefore(s, i); int elim=0; // -1 => condition is false, 1 => condition is true if(alwaysNonNull) elim=c instanceof EqExpr ? -1 : 1; if(alwaysNull) elim=c instanceof EqExpr ? 1 : -1; Stmt newstmt=null; if(elim==-1) newstmt=Jimple.v().newNopStmt(); if(elim==1) newstmt=Jimple.v().newGotoStmt(is.getTarget()); if(newstmt!=null) { units.swapWith(s,newstmt); s=newstmt; changed=true; } } } while(changed); }
private Value fixNullConstant(Value potentialNullConstant) { /* * The bytecode spec says: "In terms of bitwise representation, (Object) null == (int) 0." * So use an IntConstant(0) for null comparison in if-*z opcodes. */ if (potentialNullConstant instanceof NullConstant) { return IntConstant.v(0); } return potentialNullConstant; }
/** * Checks whether the given local is guaranteed to be always null at the * given statement * @param s The statement at which to check the local * @param base The local to check * @param defs The definition analysis object to use for the check * @return True if the given local is guaranteed to always be null at the * given statement, otherwise false */ private boolean isAlwaysNullBefore(Stmt s, Local base, LocalDefs defs) { List<Unit> baseDefs = defs.getDefsOfAt(base, s); if (baseDefs.isEmpty()) return true; for (Unit u : baseDefs) { if (!(u instanceof DefinitionStmt)) return false; DefinitionStmt defStmt = (DefinitionStmt) u; if (defStmt.getRightOp() != NullConstant.v()) return false; } return true; }
private void convertConstInsn(InsnNode insn) { int op = insn.getOpcode(); StackFrame frame = getFrame(insn); Operand[] out = frame.out(); Operand opr; if (out == null) { Value v; if (op == ACONST_NULL) v = NullConstant.v(); else if (op >= ICONST_M1 && op <= ICONST_5) v = IntConstant.v(op - ICONST_0); else if (op == LCONST_0 || op == LCONST_1) v = LongConstant.v(op - LCONST_0); else if (op >= FCONST_0 && op <= FCONST_2) v = FloatConstant.v(op - FCONST_0); else if (op == DCONST_0 || op == DCONST_1) v = DoubleConstant.v(op - DCONST_0); else throw new AssertionError("Unknown constant opcode: " + op); opr = new Operand(insn, v); frame.out(opr); } else { opr = out[0]; } if (op == LCONST_0 || op == LCONST_1 || op == DCONST_0 || op == DCONST_1) { pushDual(opr); } else { push(opr); } }
/** * Returns a normal edge function. * * @param curr The current statement. * @param currNode The current variable. * @param succNode The variable the current variable is propagated to after the statement. * @param zeroValue The zero value, which represents the absence of a data flow fact. * @param pointsToAnalysis The pointer analysis. * @return A normal edge function. */ public EdgeFunction<BasePropagationValue> getNormalEdgeFunction(Unit curr, Value currNode, Value succNode, Value zeroValue, PointsToAnalysis pointsToAnalysis) { if (curr instanceof AssignStmt) { if (logger.isDebugEnabled()) { logger.debug("Normal edge: " + curr); logger.debug(currNode + " " + succNode); } AssignStmt assignStmt = (AssignStmt) curr; final Value left = assignStmt.getLeftOp(); final String type = left.getType().toString(); final Value right = assignStmt.getRightOp(); if (Model.v().isModeledType(type)) { if (currNode.equivTo(zeroValue) && succNode.equivTo(left)) { if (right instanceof StaticFieldRef) { StaticFieldRef staticFieldRef = (StaticFieldRef) right; Argument[] arguments = Model.v().getArgumentsForStaticField(staticFieldRef.getField().getSignature()); EdgeFunction<BasePropagationValue> result = PropagationTransformerFactory.makeTransformer(null, arguments, false); if (arguments != null) { if (logger.isDebugEnabled()) { logger.debug("Returning " + result); } return PropagationTransformerFactory.makeTransformer(null, arguments, false); } } else if (right instanceof NullConstant) { return PropagationTransformerFactory.makeTransformer(null, null, false); } } } } return EdgeIdentity.v(); }
public static Value toDefaultSootTypeValue(Type sootType) { String type = sootType.toString(); if ("boolean".equals(type)) { IntConstant.v(0); } else if ("byte".equals(type)) { return IntConstant.v(0); } else if ("char".equals(type)) { return IntConstant.v(0); } else if ("short".equals(type)) { return IntConstant.v(0); } else if ("int".equals(type)) { return IntConstant.v(0); } else if ("long".equals(type)) { return LongConstant.v(0); } else if ("float".equals(type)) { return FloatConstant.v(0); } else if ("double".equals(type)) { return DoubleConstant.v(0); } return NullConstant.v(); }
public void visitMoveInst(Unit q) { if(q instanceof JAssignStmt){ JAssignStmt j = (JAssignStmt)q; if(SootUtilities.isMoveInst(j)){ Local l = (Local)j.leftBox.getValue(); Local r = (Local)j.rightBox.getValue(); if(r instanceof NullConstant && l.getType() instanceof RefLikeType){ add(q, l); } } } }
public void visitCastInst(Unit q) { if(q instanceof JAssignStmt){ JAssignStmt j = (JAssignStmt)q; if(j.rightBox.getValue() instanceof JCastExpr){ JCastExpr jce = (JCastExpr)j.rightBox.getValue(); Local l = (Local)j.leftBox.getValue(); Value r = jce.getOp(); if(r instanceof NullConstant && l.getType() instanceof RefLikeType){ add(q, l); } } } }
public SootMethod generateRedirectMethodForStartActivity(SootClass wrapper) { System.out.println("create method to call wrapper class: "+ wrapper); String newSM_name = "redirector" + num++; List<Type> newSM_parameters = new ArrayList<Type>(); newSM_parameters.add(INTENT_TYPE); Type newSM_return_type = VoidType.v(); int modifiers = Modifier.STATIC | Modifier.PUBLIC; SootMethod newSM = new SootMethod(newSM_name, newSM_parameters, newSM_return_type, modifiers); ipcSC.addMethod(newSM); JimpleBody b = Jimple.v().newBody(newSM); newSM.setActiveBody(b); LocalGenerator lg = new LocalGenerator(b); // identity Local intentParameterLocal = lg.generateLocal(INTENT_TYPE); Unit intentParameterU = Jimple.v().newIdentityStmt( intentParameterLocal, Jimple.v().newParameterRef(INTENT_TYPE, 0)); // new Local al = lg.generateLocal(wrapper.getType()); Unit newU = (Unit) Jimple.v().newAssignStmt(al, Jimple.v().newNewExpr(wrapper.getType()) ); // init List<Type> parameters = new ArrayList<Type>(); parameters.add(INTENT_TYPE); SootMethod method = wrapper.getMethod("<init>", parameters, VoidType.v()); List<Value> args = new ArrayList<Value>(); args.add(intentParameterLocal); Unit initU = (Unit) Jimple.v().newInvokeStmt( Jimple.v().newSpecialInvokeExpr(al, method.makeRef(), args)); // call dummyMainMethod //method = wrapper.getMethodByName(ICCDummyMainCreator.DUMMY_MAIN_METHOD); method = wrapper.getMethodByName("onCreate"); args = new ArrayList<Value>(); Local pLocal = lg.generateLocal(RefType.v("android.os.Bundle")); Unit nullParamU = (Unit) Jimple.v().newAssignStmt(pLocal, NullConstant.v()); args.add(pLocal); InvokeExpr invoke = Jimple.v().newVirtualInvokeExpr(al, method.makeRef(), args); Unit callU = (Unit) Jimple.v().newInvokeStmt(invoke); b.getUnits().add(intentParameterU); b.getUnits().add(newU); b.getUnits().add(initU); b.getUnits().add(nullParamU); b.getUnits().add(callU); b.getUnits().add(Jimple.v().newReturnVoidStmt()); System.out.println("new lifecypcle method: "+ newSM +" body: "+ newSM.retrieveActiveBody()); return newSM; }
/** * Builds a representation of a constant from its value expressed as * a Soot constant and its Soot type. It is transformed in an equivalent * pair of strings. * @param v the value of the constant * @param t its type. */ public ConstantValue(Constant v, Type t) { if (v instanceof IntConstant) { int n = ((IntConstant) v).value; if (t instanceof CharType) { rep_t = CHAR_TYPE; rep_v = Character.toString((char) n); } else if (t instanceof BooleanType) { rep_t = BOOLEAN_TYPE; rep_v = Boolean.toString((n != 0)); } else { rep_t = INT_TYPE; rep_v = Integer.toString(n); } } else if (v instanceof LongConstant) { rep_t = LONG_TYPE; rep_v = Long.toString(((LongConstant) v).value); } else if (v instanceof FloatConstant) { rep_t = FLOAT_TYPE; rep_v = Float.toString(((FloatConstant) v).value); } else if (v instanceof NullConstant) { rep_t = NULL; rep_v = NULL; } else { rep_t = t.toString(); rep_v = ""; } }
@Override public KillGenInfo processBackwardCallToReturn(Trackable taint, Stmt callSite, InvokeExpr ie) { Value classNameArg = ie.getArg(0); if (classNameArg instanceof NullConstant) return KillGenInfo.kill(); Taint classNameParameter = new Taint(callSite, taint, classNameArg, ie.getMethod().getParameterType(0)); return KillGenInfo.propagate(classNameParameter); }
@Override public KillGenInfo processBackwardCallToReturn(Trackable taint, Stmt callSite, InvokeExpr ie) { if (!enabled) return kill(); Value classNameArg = ie.getArg(0); if (classNameArg instanceof NullConstant) return KillGenInfo.kill(); Taint classNameTaint = new Taint(callSite, taint, classNameArg, ie.getMethod().getParameterType(0)); classNameTaint.addPayload("checkPackageAccess"); return KillGenInfo.propagate(classNameTaint); }
@Override public KillGenInfo processBackwardCallToReturn(Trackable taint, Stmt callSite, InvokeExpr ie) { Value classNameArg = ie.getArg(0); Value classLoaderArg = ie.getArg(2); if (classNameArg instanceof NullConstant || classLoaderArg instanceof NullConstant) return KillGenInfo.kill(); SootMethod method = ie.getMethod(); Taint classNameParameter = new Taint(callSite, taint, classNameArg, method.getParameterType(0)); Taint classLoaderParameter = new Taint(callSite, taint, classLoaderArg, method.getParameterType(2)); return KillGenInfo.propagate(classNameParameter, classLoaderParameter); }
/** * Creates a new node for a constant. */ private NewExpr constantNewExpr(Constant constant) { if (constant instanceof StringConstant) { return STRING_SITE; } else if (constant instanceof ClassConstant) { return CLASS_SITE; } else if (constant instanceof NullConstant) { return null; } else { throw new RuntimeException(constant.toString()); } }
private void instrumentInfoAboutNonApiCaller(Body body, Unit unit) { //our instrumented code if(unit.hasTag(InstrumentedCodeTag.name)) return; InvokeExpr invokeExpr = null; if(unit instanceof DefinitionStmt) { DefinitionStmt defStmt = (DefinitionStmt)unit; if(defStmt.containsInvokeExpr()) { invokeExpr = defStmt.getInvokeExpr(); } } else if(unit instanceof InvokeStmt) { InvokeStmt invokeStmt = (InvokeStmt)unit; invokeExpr = invokeStmt.getInvokeExpr(); } if(invokeExpr != null) { if(!UtilInstrumenter.isApiCall(invokeExpr)) { String invokeExprMethodSignature = invokeExpr.getMethod().getSignature(); List<Value> parameter = invokeExpr.getArgs(); List<Unit> generated = new ArrayList<Unit>(); Pair<Value, List<Unit>> arrayRefAndInstrumentation = UtilInstrumenter.generateParameterArray(parameter, body); List<Unit> generatedArrayInstrumentation = arrayRefAndInstrumentation.getSecond(); Value arrayRef = arrayRefAndInstrumentation.getFirst(); Unit generatedInvokeStmt = UtilInstrumenter.makeJimpleStaticCallForPathExecution("logInfoAboutNonApiMethodCaller", RefType.v("java.lang.String"), StringConstant.v(body.getMethod().getSignature()), RefType.v("java.lang.String"), StringConstant.v(invokeExprMethodSignature), UtilInstrumenter.getParameterArrayType(), (parameter.isEmpty())? NullConstant.v() : arrayRef); generatedInvokeStmt.addTag(new InstrumentedCodeTag()); generated.addAll(generatedArrayInstrumentation); generated.add(generatedInvokeStmt); body.getUnits().insertBefore(generated, unit); } } }
private static List<MethodCall> getStringParameterInCall(SootMethod targetM, SootMethod callToSearchM, int paramPos, Set<String> mpSet, boolean isCheckMethod) { List<MethodCall> methodCallsList = new ArrayList<MethodCall>(); Body b = targetM.getActiveBody(); for( Unit u: b.getUnits()) { MethodCall currMC = null; Stmt s = (Stmt)u; if (!s.containsInvokeExpr()) continue; InvokeExpr invokeExpr = s.getInvokeExpr(); boolean condition = false; if (isCheckMethod) condition = isCheckPermissionMethod(invokeExpr.getMethod()); else condition = invokeExpr.getMethod().toString().split(":")[1].equals(callToSearchM.toString().split(":")[1]); // TODO: should check all out edges if (condition) { logger.info("Target method '"+ invokeExpr.getMethod() +"' found! Source method: "+ targetM); methodCallsList.add(new MethodCall(invokeExpr.getMethod(), u)); currMC = methodCallsList.get(0); } if (currMC == null) { continue; } // at this point we know that we are dealing with a permission check method call unit // retrieve first argument which points to the permission string Value vParam = null; int count = invokeExpr.getArgCount(); if (count <= 0) throw new RuntimeException("Method has 0 arguments! "+ s); vParam = invokeExpr.getArg(paramPos); // the first argument is a StringConstant whose value // is the permission string if (vParam instanceof StringConstant) { AnalysisType.v().cur().case1_direct_string_passed_as_parameter(); currMC.paramConstantString = vParam.toString(); logger.info("[F] "+ currMC.paramConstantString); mpSet.add (currMC.paramConstantString); // is String constant continue; } if (vParam instanceof NullConstant) { logger.info("[F] NullConstant!"); //mpSet.add("NULL_CONSTANT"); continue; } // the first argument must be a local at this point if (!(vParam instanceof Local)) throw new RuntimeException("vParam is not instance of Local! -> '"+ (vParam==null?"is null":vParam.getClass()) +"'"); // store info about this local for step2 below currMC.paramName = ((Local)vParam).getName(); currMC.paramLocal = (Local)vParam; currMC.paramNameUnit = u; } return methodCallsList; }
/** * Create getManager_ for managers created through <init> methods * @param initMethod * @return */ private Body createNewInstance(SootMethod initMethod) { SootClass servicesInitClass = Scene.v().getSootClass(GenerateServiceInit.servicesInitClassName); RefType newType = initMethod.getDeclaringClass().getType(); Body b = Jimple.v().newBody(); LocalGenerator lg = new LocalGenerator(b); Local newLocal = lg.generateLocal(newType); SootField sf = servicesInitClass.getFieldByName("androidcontentContext"); Value newR = Jimple.v().newStaticFieldRef(sf.makeRef()); Local contextLocal = lg.generateLocal(sf.getType()); Unit u0 = Jimple.v().newAssignStmt(contextLocal, newR); boolean addU0 = false; NewExpr n1 = Jimple.v().newNewExpr(newType); Unit u1 = Jimple.v().newAssignStmt(newLocal, n1); List<Value> args = new ArrayList<Value>(); for (Type t : initMethod.getParameterTypes()) { if (t.toString().startsWith("android.content.Context")) { args.add(contextLocal); addU0 = true; } else { args.add(NullConstant.v()); } } InvokeExpr n2 = Jimple.v().newSpecialInvokeExpr(newLocal, initMethod.makeRef(), args); Unit u2 = Jimple.v().newInvokeStmt(n2); Unit u3 = Jimple.v().newReturnStmt(newLocal); if (addU0) b.getUnits().addFirst(u0); else b.getLocals().remove(contextLocal); System.out.println("u1: "+ u1); System.out.println("u1: "+ u2); System.out.println("u1: "+ u3); if (addU0) b.getUnits().insertAfter(u1, u0); else b.getUnits().addFirst(u1); b.getUnits().insertAfter(u2, u1); b.getUnits().insertAfter(u3, u2); return b; }
public void caseNullConstant(NullConstant expr) { jt.notSupported("The null constant is not supported"); }
public void caseNullConstant(NullConstant v) { printConstant(v); }
public void outANullConstant(ANullConstant node) { mProductions.addLast(NullConstant.v()); }
public void caseIfStmt(IfStmt stmt) { if (uses) { ConditionExpr cond = (ConditionExpr) stmt.getCondition(); BinopExpr expr = cond; Value lv = expr.getOp1(); Value rv = expr.getOp2(); TypeVariable lop; TypeVariable rop; // ******** LEFT ******** if (lv instanceof Local) { lop = resolver.typeVariable((Local) lv); } else if (lv instanceof DoubleConstant) { lop = resolver.typeVariable(DoubleType.v()); } else if (lv instanceof FloatConstant) { lop = resolver.typeVariable(FloatType.v()); } else if (lv instanceof IntConstant) { lop = resolver.typeVariable(IntType.v()); } else if (lv instanceof LongConstant) { lop = resolver.typeVariable(LongType.v()); } else if (lv instanceof NullConstant) { lop = resolver.typeVariable(NullType.v()); } else if (lv instanceof StringConstant) { lop = resolver.typeVariable(RefType.v("java.lang.String")); } else if (lv instanceof ClassConstant) { lop = resolver.typeVariable(RefType.v("java.lang.Class")); } else { throw new RuntimeException("Unhandled binary expression left operand type: " + lv.getClass()); } // ******** RIGHT ******** if (rv instanceof Local) { rop = resolver.typeVariable((Local) rv); } else if (rv instanceof DoubleConstant) { rop = resolver.typeVariable(DoubleType.v()); } else if (rv instanceof FloatConstant) { rop = resolver.typeVariable(FloatType.v()); } else if (rv instanceof IntConstant) { rop = resolver.typeVariable(IntType.v()); } else if (rv instanceof LongConstant) { rop = resolver.typeVariable(LongType.v()); } else if (rv instanceof NullConstant) { rop = resolver.typeVariable(NullType.v()); } else if (rv instanceof StringConstant) { rop = resolver.typeVariable(RefType.v("java.lang.String")); } else if (rv instanceof ClassConstant) { rop = resolver.typeVariable(RefType.v("java.lang.Class")); } else { throw new RuntimeException("Unhandled binary expression right operand type: " + rv.getClass()); } TypeVariable common = resolver.typeVariable(); rop.addParent(common); lop.addParent(common); } }
private Register asConstant(Value v, ConstantVisitor constantV) { Constant c = (Constant) v; Register constantRegister = null; List<Register> rArray = null; AtomicInteger iI = null; if (c instanceof ClassConstant) { rArray = classConstantReg; iI = classI; } else if (c instanceof NullConstant) { rArray = nullConstantReg; iI = nullI; } else if (c instanceof FloatConstant) { rArray = floatConstantReg; iI = floatI; } else if (c instanceof IntConstant) { rArray = intConstantReg; iI = intI; } else if (c instanceof LongConstant) { rArray = longConstantReg; iI = longI; } else if (c instanceof DoubleConstant) { rArray = doubleConstantReg; iI = doubleI; } else if (c instanceof StringConstant) { rArray = stringConstantReg; iI = stringI; } else { throw new RuntimeException("Error. Unknown constant type: '"+ c.getType() +"'"); } if (rArray.size() == 0 || iI.intValue() >= rArray.size()) { rArray.add(new Register(c.getType(), nextRegNum)); nextRegNum += SootToDexUtils.getDexWords(c.getType()); } constantRegister = rArray.get(iI.intValue()).clone(); iI.set(iI.intValue() + 1); // "load" constant into the register... constantV.setDestination(constantRegister); c.apply(constantV); // ...but return an independent register object return constantRegister.clone(); }
public void caseNullConstant(NullConstant v) { // dex bytecode spec says: "In terms of bitwise representation, (Object) null == (int) 0." stmtV.addInsn(buildConstInsn(0), origStmt); }
public void caseNullConstant(NullConstant c) { }
@Override public void caseNullConstant(NullConstant arg0) { expressionStack.push(SootPrelude.v().getNullConstant()); }
/** * Returns the string values of a variable used at a given statement. * * @param value The value or variable that should be determined. * @param stmt The statement that uses the variable whose values should be determined. * @return The set of possible values. */ @Override public Set<Object> computeVariableValues(Value value, Stmt stmt) { if (value instanceof StringConstant) { return Collections.singleton((Object) ((StringConstant) value).value.intern()); } else if (value instanceof NullConstant) { return Collections.singleton((Object) "<NULL>"); } else if (value instanceof Local) { Local local = (Local) value; ConstraintCollector constraintCollector = new ConstraintCollector(new ExceptionalUnitGraph(AnalysisParameters.v().getIcfg() .getMethodOf(stmt).getActiveBody())); LanguageConstraints.Box lcb = constraintCollector.getConstraintOfAt(local, stmt); RecursiveDAGSolverVisitorLC dagvlc = new RecursiveDAGSolverVisitorLC(5, null, new RecursiveDAGSolverVisitorLC.MethodReturnValueAnalysisInterface() { @Override public Set<Object> getMethodReturnValues(Call call) { return MethodReturnValueManager.v().getMethodReturnValues(call); } }); if (dagvlc.solve(lcb)) { // boolean flag = false; // if (dagvlc.result.size() == 0 || flag == true) { // System.out.println("ID: " + lcb.uid); // // int dbg = 10; // // while (dbg == 10) { // System.out.println("Returning " + dagvlc.result); // System.out.println("Returning.. " + lcb); // dagvlc.solve(lcb); // System.out.println("done"); // // } // } // System.out.println("Returning " + dagvlc.result); return new HashSet<Object>(dagvlc.result); } else { return Collections.singleton((Object) TOP_VALUE); } } else { return Collections.singleton((Object) TOP_VALUE); } }
public void visit(Value e) { if (e instanceof NullConstant) add(e); }