Java 类soot.jimple.NullConstant 实例源码

项目:JAADAS    文件:FixUndefinedLocals.java   
public static PushInst getPushInitializer(Local l, Type t) {
  if (t instanceof IntegerType) {
    return Baf.v().newPushInst(IntConstant.v(soot.jbco.util.Rand.getInt()));
  } else if (t instanceof RefLikeType || t instanceof StmtAddressType) {
    return Baf.v().newPushInst(NullConstant.v());
  } else if (t instanceof LongType) {
    return Baf.v().newPushInst(LongConstant.v(soot.jbco.util.Rand.getLong()));
  } else if (t instanceof FloatType) {
    return Baf.v().newPushInst(
        FloatConstant.v(soot.jbco.util.Rand.getFloat()));
  } else if (t instanceof DoubleType) {
    return Baf.v().newPushInst(
        DoubleConstant.v(soot.jbco.util.Rand.getDouble()));
  }

  return null;
}
项目:JAADAS    文件:DexNullThrowTransformer.java   
@Override
protected void internalTransform(Body b, String phaseName, Map<String, String> options) {
    LocalCreation lc = new LocalCreation(b.getLocals(), "ex");

    for (Iterator<Unit> unitIt = b.getUnits().snapshotIterator(); unitIt.hasNext(); ) {
        Unit u = unitIt.next();

        // Check for a null exception
        if (u instanceof ThrowStmt) {
            ThrowStmt throwStmt = (ThrowStmt) u;
            if (throwStmt.getOp() == NullConstant.v()
                    || throwStmt.getOp().equals(IntConstant.v(0))
                    || throwStmt.getOp().equals(LongConstant.v(0))) {
                createThrowStmt(b, throwStmt, lc);
            }
        }
    }
}
项目:Sus    文件:BodyAnalysis.java   
private void checkAccessStmt(Stmt sootStmt, SootMethod currentMethod)
{
    if(sootStmt.containsFieldRef())
    {
        SootField accessField = sootStmt.getFieldRef().getField();
        boolean isWrite = (((DefinitionStmt)sootStmt).getLeftOp() instanceof FieldRef);
        boolean isStatic = (sootStmt.getFieldRef() instanceof StaticFieldRef);
        Value object = isStatic ? NullConstant.v() : ((InstanceFieldRef)sootStmt.getFieldRef()).getBase();

        String methodSig = currentMethod.getSignature();

        List<Value> currentLocks = new ArrayList<Value>(lockStack);

        System.out.println(isWrite+" access on "+isStatic+" field "+accessField+" of "+object+" in "+methodSig+" with "+currentLocks.size()+" locks");

        if(!variableAccesses.containsKey(methodSig))
        {
            variableAccesses.put(methodSig, new HashSet<VariableAccess>());
        }
        variableAccesses.get(currentMethod.getSignature()).add(
                new VariableAccess(accessField, sootStmt, currentMethod, isWrite, isStatic, currentLocks));
    }
}
项目:bixie    文件:SootStmtSwitch.java   
/**
 * This is a helper function to suppress false positives: Sometimes,
 * when try-catch with resources is being used
 * @param v
 * @return
 */
private boolean isTrivialNullCheck(Value v) {
     if (v instanceof BinopExpr) {
         BinopExpr bo = (BinopExpr)v;
         if (bo.getOp2() instanceof NullConstant && bo.getSymbol().equals(" == ")) {
             //now it gets itchy. We want to catch only that case
             //where the bytecode introduces a renaming of null and
             //does this unreachable null check.
             if (bo.getOp1() instanceof Local) {
                 Local l = (Local)bo.getOp1();
                 if (l.getType() instanceof NullType) {                      
                     return true;
                 } 
             }
         }
     }
     return false;
}
项目:jar2bpl    文件:SootStmtSwitch.java   
/**
 * This is a helper function to suppress false positives: Sometimes,
 * when try-catch with resources is being used
 * @param v
 * @return
 */
private boolean isTrivialNullCheck(Value v) {
     if (v instanceof BinopExpr) {
         BinopExpr bo = (BinopExpr)v;
         if (bo.getOp2() instanceof NullConstant && bo.getSymbol().equals(" == ")) {
             //now it gets itchy. We want to catch only that case
             //where the bytecode introduces a renaming of null and
             //does this unreachable null check.
             if (bo.getOp1() instanceof Local) {
                 Local l = (Local)bo.getOp1();
                 if (l.getType() instanceof NullType) {                      
                     return true;
                 } 
             }
         }
     }
     return false;
}
项目:bladedroid    文件:Util.java   
public static Value getDefaultValue(Type type) {

        if ((type instanceof BooleanType)
                || (type instanceof ByteType)
                || (type instanceof CharType)
                || (type instanceof DoubleType)
                || (type instanceof FloatType)
                || (type instanceof IntType)
                || (type instanceof LongType)
                || (type instanceof ShortType))
        {
            return IntConstant.v(0);
        }
        else
        {
            return NullConstant.v();
        }
    }
项目:FuzzDroid    文件:PathExecutionTransformer.java   
private void instrumentEachBranchAccess(Body body, IfStmt ifStmt){      
    String methodSignature =  body.getMethod().getSignature();
    String condition = ifStmt.getCondition().toString();        
    Unit generatedJimpleCodeForBranch = UtilInstrumenter.makeJimpleStaticCallForPathExecution("logInfoAboutBranchAccess", 
            RefType.v("java.lang.String"), StringConstant.v(methodSignature),
            RefType.v("java.lang.String"), StringConstant.v(condition),
            RefType.v("java.lang.String"), NullConstant.v()
            );
    generatedJimpleCodeForBranch.addTag(new InstrumentedCodeTag());

    Unit generatedJimpleCodeThenBranch = UtilInstrumenter.makeJimpleStaticCallForPathExecution("logInfoAboutBranchAccess", 
            RefType.v("java.lang.String"), StringConstant.v(methodSignature),
            RefType.v("java.lang.String"), NullConstant.v(),
            RefType.v("java.lang.String"), StringConstant.v("then branch")
            );
    generatedJimpleCodeThenBranch.addTag(new InstrumentedCodeTag());

    Unit generatedJimpleCodeElseBranch = UtilInstrumenter.makeJimpleStaticCallForPathExecution("logInfoAboutBranchAccess", 
            RefType.v("java.lang.String"), StringConstant.v(methodSignature),
            RefType.v("java.lang.String"), NullConstant.v(),
            RefType.v("java.lang.String"), StringConstant.v("else branch")
            );
    generatedJimpleCodeElseBranch.addTag(new InstrumentedCodeTag());

    body.getUnits().insertBefore(generatedJimpleCodeForBranch, ifStmt);

    //treatment of target statement ("true"-branch)
    Stmt targetStmt = ifStmt.getTarget();
    if(!branchTargetStmt.contains(targetStmt.toString())) {
        branchTargetStmt.add(generatedJimpleCodeThenBranch.toString());
        body.getUnits().insertBefore(generatedJimpleCodeThenBranch, targetStmt);
    }

    //treatment of "else"-branch
    body.getUnits().insertAfter(generatedJimpleCodeElseBranch, ifStmt);
}
项目:permission-map    文件:RedirectService.java   
public void redirectGetSystemServiceCalls(Body b, List<Unit> getSSStmt, List<String> sSNames, SootClass servicesInitClass) {
  if (getSSStmt.size() != sSNames.size()) {
    int callNbr = getSSStmt.size();
    int namesNbr = sSNames.size();
    throw new RuntimeException("[Error] System Services get calls units should all correspond to a service name! calls: "+ callNbr +" names: "+ namesNbr);
  }

  PatchingChain<Unit> units = b.getUnits();
  int i = 0;
  for (Unit u: getSSStmt) {
    // must be an assignment of the type: r = c.getSystemService("serviceName")
    if (!(u instanceof AssignStmt)) {
      throw new RuntimeException("[Error] must be assign statement! Current statement is: "+ u);
    }
    // current assignment statement
    AssignStmt ass = (AssignStmt)u;

    // create new assignment statement: replacement of call to getSystemService by a reference to
    // the static field ref to the service (which is created in a custom class called ServicesInit.java)
    //RefType rt = RefType.v("ServicesInit");
    Unit newU = null;
    if (!servicesInitClass.declaresFieldByName(sSNames.get(i))) {
      System.out.println("[Warning] servicesInit class does not contain field '"+ sSNames.get(i) +"' replacing statement by nop.");
      newU = Jimple.v().newAssignStmt(ass.getLeftOp(), NullConstant.v());//Jimple.v().newNopStmt();
    } else {
      SootField sf = servicesInitClass.getFieldByName(sSNames.get(i)); //new SootField(sSNames.get(i), rt, Modifier.STATIC);
      Value rvalue = Jimple.v().newStaticFieldRef(sf.makeRef());
      AssignStmt newAss = Jimple.v().newAssignStmt(ass.getLeftOp(), rvalue);
      newU = (Unit) newAss;
    }
    System.out.println("swapping "+ u +" with "+ newU);
    units.swapWith(u, newU);

    i++;
  }

}
项目:JAADAS    文件:LibraryClassPatcher.java   
/**
 * Creates a synthetic "java.lang.Thread.run()" method implementation that
 * calls the target previously passed in when the constructor was called
 * @param smRun The run() method for which to create a synthetic
 * implementation
 * @param runnable The "java.lang.Runnable" interface
 * @param fldTarget The field containing the target object
 */
private void patchThreadRunMethod(SootMethod smRun, SootClass runnable,
        SootField fldTarget) {
    SootClass sc = smRun.getDeclaringClass();
    Body b = Jimple.v().newBody(smRun);
    smRun.setActiveBody(b);

    Local thisLocal = Jimple.v().newLocal("this", sc.getType());
    b.getLocals().add(thisLocal);
    b.getUnits().add(Jimple.v().newIdentityStmt(thisLocal,
            Jimple.v().newThisRef(sc.getType())));

    Local targetLocal = Jimple.v().newLocal("target", runnable.getType());
    b.getLocals().add(targetLocal);
    b.getUnits().add(Jimple.v().newAssignStmt(targetLocal,
            Jimple.v().newInstanceFieldRef(thisLocal, fldTarget.makeRef())));

    Unit retStmt = Jimple.v().newReturnVoidStmt();

    // If (this.target == null) return;
    b.getUnits().add(Jimple.v().newIfStmt(Jimple.v().newEqExpr(targetLocal,
            NullConstant.v()), retStmt));

    // Invoke target.run()
    b.getUnits().add(Jimple.v().newInvokeStmt(Jimple.v().newInterfaceInvokeExpr(targetLocal,
            runnable.getMethod("void run()").makeRef())));

    b.getUnits().add(retStmt);
}
项目:JAADAS    文件:NullnessAnalysis.java   
private void handleEqualityOrNonEqualityCheck(AbstractBinopExpr eqExpr, AnalysisInfo in,
        AnalysisInfo out, AnalysisInfo outBranch) {
    Value left = eqExpr.getOp1();
    Value right = eqExpr.getOp2();

    Value val=null;
    if(left==NullConstant.v()) {
        if(right!=NullConstant.v()) {
            val = right;
        }
    } else if(right==NullConstant.v()) {
        if(left!=NullConstant.v()) {
            val = left;
        }
    }

    //if we compare a local with null then process further...
    if(val!=null && val instanceof Local) {
        if(eqExpr instanceof JEqExpr)
            //a==null
            handleEquality(val, out, outBranch);
        else if(eqExpr instanceof JNeExpr)
            //a!=null
            handleNonEquality(val, out, outBranch);
        else
            throw new IllegalStateException("unexpected condition: "+eqExpr.getClass());
    }
}
项目:JAADAS    文件:NullnessAnalysis.java   
private void handleRefTypeAssignment(DefinitionStmt assignStmt, AnalysisInfo out) {
    Value left = assignStmt.getLeftOp();
    Value right = assignStmt.getRightOp();

    //unbox casted value
    if(right instanceof JCastExpr) {
        JCastExpr castExpr = (JCastExpr) right;
        right = castExpr.getOp();
    }

    //if we have a definition (assignment) statement to a ref-like type, handle it,
    if ( isAlwaysNonNull(right)
    || right instanceof NewExpr || right instanceof NewArrayExpr
    || right instanceof NewMultiArrayExpr || right instanceof ThisRef
    || right instanceof StringConstant || right instanceof ClassConstant
    || right instanceof CaughtExceptionRef) {
        //if we assign new... or @this, the result is non-null
        out.put(left,NON_NULL);
    } else if(right==NullConstant.v()) {
        //if we assign null, well, it's null
        out.put(left, NULL);
    } else if(left instanceof Local && right instanceof Local) {
        out.put(left, out.get(right));
    } else {
        out.put(left, TOP);
    }
}
项目:JAADAS    文件:NullCheckEliminator.java   
public void internalTransform(Body body, String phaseName, Map<String,String> options) {

    // really, the analysis should be able to use its own results to determine
    // that some branches are dead, but since it doesn't we just iterate.
    boolean changed;
    do {
        changed=false;

        NullnessAnalysis analysis=analysisFactory.newAnalysis(new ExceptionalUnitGraph(body));

        Chain<Unit> units=body.getUnits();
        Stmt s;
        for(s=(Stmt) units.getFirst();s!=null;s=(Stmt) units.getSuccOf(s)) {
        if(!(s instanceof IfStmt)) continue;
        IfStmt is=(IfStmt) s;
        Value c=is.getCondition();
        if(!(c instanceof EqExpr || c instanceof NeExpr)) continue;
        BinopExpr e=(BinopExpr) c;
        Immediate i=null;
        if(e.getOp1() instanceof NullConstant) i=(Immediate) e.getOp2();
        if(e.getOp2() instanceof NullConstant) i=(Immediate) e.getOp1();
        if(i==null) continue;
        boolean alwaysNull = analysis.isAlwaysNullBefore(s, i);
        boolean alwaysNonNull = analysis.isAlwaysNonNullBefore(s, i);
        int elim=0; // -1 => condition is false, 1 => condition is true
        if(alwaysNonNull) elim=c instanceof EqExpr ? -1 : 1;
        if(alwaysNull) elim=c instanceof EqExpr ? 1 : -1;
        Stmt newstmt=null;
        if(elim==-1) newstmt=Jimple.v().newNopStmt();
        if(elim==1) newstmt=Jimple.v().newGotoStmt(is.getTarget());
        if(newstmt!=null) {
            units.swapWith(s,newstmt);
            s=newstmt;
            changed=true;
        }
        }
    } while(changed);
    }
项目:JAADAS    文件:ExprVisitor.java   
private Value fixNullConstant(Value potentialNullConstant) {
    /*
     * The bytecode spec says: "In terms of bitwise representation, (Object) null == (int) 0."
     * So use an IntConstant(0) for null comparison in if-*z opcodes.
     */
    if (potentialNullConstant instanceof NullConstant) {
        return IntConstant.v(0);
    }
    return potentialNullConstant;
}
项目:JAADAS    文件:DexNullArrayRefTransformer.java   
/**
 * Checks whether the given local is guaranteed to be always null at the
 * given statement
 * @param s The statement at which to check the local
 * @param base The local to check
 * @param defs The definition analysis object to use for the check
 * @return True if the given local is guaranteed to always be null at the
 * given statement, otherwise false
 */
private boolean isAlwaysNullBefore(Stmt s, Local base, LocalDefs defs) {
    List<Unit> baseDefs = defs.getDefsOfAt(base, s);
    if (baseDefs.isEmpty())
        return true;

    for (Unit u : baseDefs) {
        if (!(u instanceof DefinitionStmt))
            return false;
        DefinitionStmt defStmt = (DefinitionStmt) u;
        if (defStmt.getRightOp() != NullConstant.v())
            return false;
    }
    return true;
}
项目:JAADAS    文件:AsmMethodSource.java   
private void convertConstInsn(InsnNode insn) {
    int op = insn.getOpcode();
    StackFrame frame = getFrame(insn);
    Operand[] out = frame.out();
    Operand opr;
    if (out == null) {
        Value v;
        if (op == ACONST_NULL)
            v = NullConstant.v();
        else if (op >= ICONST_M1 && op <= ICONST_5)
            v = IntConstant.v(op - ICONST_0);
        else if (op == LCONST_0 || op == LCONST_1)
            v = LongConstant.v(op - LCONST_0);
        else if (op >= FCONST_0 && op <= FCONST_2)
            v = FloatConstant.v(op - FCONST_0);
        else if (op == DCONST_0 || op == DCONST_1)
            v = DoubleConstant.v(op - DCONST_0);
        else
            throw new AssertionError("Unknown constant opcode: " + op);
        opr = new Operand(insn, v);
        frame.out(opr);
    } else {
        opr = out[0];
    }
    if (op == LCONST_0 || op == LCONST_1 ||
            op == DCONST_0 || op == DCONST_1) {
        pushDual(opr);
    } else {
        push(opr);
    }
}
项目:DroidRA    文件:NormalEdgeFunctionFactory.java   
/**
 * Returns a normal edge function.
 * 
 * @param curr The current statement.
 * @param currNode The current variable.
 * @param succNode The variable the current variable is propagated to after the statement.
 * @param zeroValue The zero value, which represents the absence of a data flow fact.
 * @param pointsToAnalysis The pointer analysis.
 * @return A normal edge function.
 */
public EdgeFunction<BasePropagationValue> getNormalEdgeFunction(Unit curr, Value currNode,
    Value succNode, Value zeroValue, PointsToAnalysis pointsToAnalysis) {
  if (curr instanceof AssignStmt) {
    if (logger.isDebugEnabled()) {
      logger.debug("Normal edge: " + curr);
      logger.debug(currNode + " " + succNode);
    }
    AssignStmt assignStmt = (AssignStmt) curr;

    final Value left = assignStmt.getLeftOp();
    final String type = left.getType().toString();
    final Value right = assignStmt.getRightOp();

    if (Model.v().isModeledType(type)) {
      if (currNode.equivTo(zeroValue) && succNode.equivTo(left)) {
        if (right instanceof StaticFieldRef) {
          StaticFieldRef staticFieldRef = (StaticFieldRef) right;

          Argument[] arguments =
              Model.v().getArgumentsForStaticField(staticFieldRef.getField().getSignature());

          EdgeFunction<BasePropagationValue> result =
              PropagationTransformerFactory.makeTransformer(null, arguments, false);
          if (arguments != null) {
            if (logger.isDebugEnabled()) {
              logger.debug("Returning " + result);
            }
            return PropagationTransformerFactory.makeTransformer(null, arguments, false);
          }
        } else if (right instanceof NullConstant) {
          return PropagationTransformerFactory.makeTransformer(null, null, false);
        }
      }
    }
  }
  return EdgeIdentity.v();
}
项目:DroidRA    文件:InstrumentationUtils.java   
public static Value toDefaultSootTypeValue(Type sootType)
{
    String type = sootType.toString();

    if ("boolean".equals(type))
    {
        IntConstant.v(0);
    }
    else if ("byte".equals(type))
    {
        return IntConstant.v(0);
    }
    else if ("char".equals(type))
    {
        return IntConstant.v(0);
    }
    else if ("short".equals(type))
    {
        return IntConstant.v(0);
    }
    else if ("int".equals(type))
    {
        return IntConstant.v(0);
    }
    else if ("long".equals(type))
    {
        return LongConstant.v(0);
    }
    else if ("float".equals(type))
    {
        return FloatConstant.v(0);
    }
    else if ("double".equals(type))
    {
        return DoubleConstant.v(0);
    }

    return NullConstant.v();
}
项目:petablox    文件:RelPobjNullAsgnInst.java   
public void visitMoveInst(Unit q) {
    if(q instanceof JAssignStmt){
        JAssignStmt j = (JAssignStmt)q;
        if(SootUtilities.isMoveInst(j)){
            Local l = (Local)j.leftBox.getValue();
            Local r = (Local)j.rightBox.getValue();
            if(r instanceof NullConstant && l.getType() instanceof RefLikeType){
                add(q, l);
            }
        }
    }
}
项目:petablox    文件:RelPobjNullAsgnInst.java   
public void visitCastInst(Unit q) {
if(q instanceof JAssignStmt){
    JAssignStmt j = (JAssignStmt)q;
    if(j.rightBox.getValue() instanceof JCastExpr){
        JCastExpr jce = (JCastExpr)j.rightBox.getValue();
        Local l = (Local)j.leftBox.getValue();
        Value r = jce.getOp();
        if(r instanceof NullConstant && l.getType() instanceof RefLikeType){
            add(q, l);
        }
    }
}
  }
项目:soot-infoflow-android-iccta    文件:ICCRedirectionCreator.java   
public SootMethod generateRedirectMethodForStartActivity(SootClass wrapper) {
    System.out.println("create method to call wrapper class: "+ wrapper);
    String newSM_name = "redirector" + num++;
    List<Type> newSM_parameters = new ArrayList<Type>();
    newSM_parameters.add(INTENT_TYPE);
    Type newSM_return_type = VoidType.v();
    int modifiers = Modifier.STATIC | Modifier.PUBLIC;

    SootMethod newSM = new SootMethod(newSM_name, newSM_parameters, newSM_return_type, modifiers);
    ipcSC.addMethod(newSM);
    JimpleBody b = Jimple.v().newBody(newSM);
    newSM.setActiveBody(b);

    LocalGenerator lg = new LocalGenerator(b);

    // identity
    Local intentParameterLocal = lg.generateLocal(INTENT_TYPE);
    Unit intentParameterU = Jimple.v().newIdentityStmt(
            intentParameterLocal,
            Jimple.v().newParameterRef(INTENT_TYPE, 0));

    // new
    Local al = lg.generateLocal(wrapper.getType());
    Unit newU = (Unit) Jimple.v().newAssignStmt(al,
            Jimple.v().newNewExpr(wrapper.getType())
            );
    // init
    List<Type> parameters = new ArrayList<Type>();
    parameters.add(INTENT_TYPE);
    SootMethod method = wrapper.getMethod("<init>", parameters, VoidType.v());
    List<Value> args = new ArrayList<Value>();
    args.add(intentParameterLocal);
    Unit initU = (Unit) Jimple.v().newInvokeStmt(
            Jimple.v().newSpecialInvokeExpr(al, method.makeRef(), args));

    // call dummyMainMethod
    //method = wrapper.getMethodByName(ICCDummyMainCreator.DUMMY_MAIN_METHOD);
    method = wrapper.getMethodByName("onCreate");
    args = new ArrayList<Value>();
    Local pLocal = lg.generateLocal(RefType.v("android.os.Bundle"));
    Unit nullParamU = (Unit) Jimple.v().newAssignStmt(pLocal, NullConstant.v());
    args.add(pLocal);
    InvokeExpr invoke = Jimple.v().newVirtualInvokeExpr(al, method.makeRef(), args);
    Unit callU = (Unit) Jimple.v().newInvokeStmt(invoke);

    b.getUnits().add(intentParameterU);
    b.getUnits().add(newU);
    b.getUnits().add(initU);
    b.getUnits().add(nullParamU);
    b.getUnits().add(callU);
    b.getUnits().add(Jimple.v().newReturnVoidStmt());

    System.out.println("new lifecypcle method: "+ newSM +" body: "+ newSM.retrieveActiveBody());

    return newSM;

}
项目:coal    文件:NormalEdgeFunctionFactory.java   
/**
 * Returns a normal edge function.
 * 
 * @param curr The current statement.
 * @param currNode The current variable.
 * @param succNode The variable the current variable is propagated to after the statement.
 * @param zeroValue The zero value, which represents the absence of a data flow fact.
 * @param pointsToAnalysis The pointer analysis.
 * @return A normal edge function.
 */
public EdgeFunction<BasePropagationValue> getNormalEdgeFunction(Unit curr, Value currNode,
    Value succNode, Value zeroValue, PointsToAnalysis pointsToAnalysis) {
  if (curr instanceof AssignStmt) {
    if (logger.isDebugEnabled()) {
      logger.debug("Normal edge: " + curr);
      logger.debug(currNode + " " + succNode);
    }
    AssignStmt assignStmt = (AssignStmt) curr;

    final Value left = assignStmt.getLeftOp();
    final String type = left.getType().toString();
    final Value right = assignStmt.getRightOp();

    if (Model.v().isModeledType(type)) {
      if (currNode.equivTo(zeroValue) && succNode.equivTo(left)) {
        if (right instanceof StaticFieldRef) {
          StaticFieldRef staticFieldRef = (StaticFieldRef) right;

          Argument[] arguments =
              Model.v().getArgumentsForStaticField(staticFieldRef.getField().getSignature());

          EdgeFunction<BasePropagationValue> result =
              PropagationTransformerFactory.makeTransformer(null, arguments, false);
          if (arguments != null) {
            if (logger.isDebugEnabled()) {
              logger.debug("Returning " + result);
            }
            return PropagationTransformerFactory.makeTransformer(null, arguments, false);
          }
        } else if (right instanceof NullConstant) {
          return PropagationTransformerFactory.makeTransformer(null, null, false);
        }
      }
    }
  }
  return EdgeIdentity.v();
}
项目:matos-tool    文件:ConstantValue.java   
/**
 * Builds a representation of a constant from its value expressed as
 * a Soot constant and its Soot type. It is transformed in an equivalent
 * pair of strings.
 * @param v the value of the constant
 * @param t its type.
 */
public ConstantValue(Constant v, Type t) { 
    if (v instanceof IntConstant) {
        int n = ((IntConstant) v).value;
        if (t instanceof CharType) {
            rep_t = CHAR_TYPE;
            rep_v = Character.toString((char) n);
        } else if (t instanceof BooleanType) {
            rep_t = BOOLEAN_TYPE;
            rep_v = Boolean.toString((n != 0));
        } else {
            rep_t = INT_TYPE;
            rep_v = Integer.toString(n);
        }
    } else if (v instanceof LongConstant) {
        rep_t = LONG_TYPE;
        rep_v = Long.toString(((LongConstant) v).value);
    } else if (v instanceof FloatConstant) {
        rep_t = FLOAT_TYPE;
        rep_v = Float.toString(((FloatConstant) v).value);
    } else if (v instanceof NullConstant) {
        rep_t = NULL;
        rep_v = NULL;
    } else {
        rep_t = t.toString();
        rep_v = "";
    }
}
项目:FlowTwist    文件:SimpleClassForNameTarget.java   
@Override
public KillGenInfo processBackwardCallToReturn(Trackable taint, Stmt callSite, InvokeExpr ie) {
    Value classNameArg = ie.getArg(0);
    if (classNameArg instanceof NullConstant)
        return KillGenInfo.kill();

    Taint classNameParameter = new Taint(callSite, taint, classNameArg, ie.getMethod().getParameterType(0));
    return KillGenInfo.propagate(classNameParameter);
}
项目:FlowTwist    文件:PackageAccessCheckTarget.java   
@Override
public KillGenInfo processBackwardCallToReturn(Trackable taint, Stmt callSite, InvokeExpr ie) {
    if (!enabled)
        return kill();

    Value classNameArg = ie.getArg(0);
    if (classNameArg instanceof NullConstant)
        return KillGenInfo.kill();

    Taint classNameTaint = new Taint(callSite, taint, classNameArg, ie.getMethod().getParameterType(0));
    classNameTaint.addPayload("checkPackageAccess");
    return KillGenInfo.propagate(classNameTaint);
}
项目:FlowTwist    文件:ExtendedClassForNameTarget.java   
@Override
public KillGenInfo processBackwardCallToReturn(Trackable taint, Stmt callSite, InvokeExpr ie) {
    Value classNameArg = ie.getArg(0);
    Value classLoaderArg = ie.getArg(2);

    if (classNameArg instanceof NullConstant || classLoaderArg instanceof NullConstant)
        return KillGenInfo.kill();
    SootMethod method = ie.getMethod();
    Taint classNameParameter = new Taint(callSite, taint, classNameArg, method.getParameterType(0));
    Taint classLoaderParameter = new Taint(callSite, taint, classLoaderArg, method.getParameterType(2));
    return KillGenInfo.propagate(classNameParameter, classLoaderParameter);
}
项目:vasco    文件:PointsToGraph.java   
/**
 * Creates a new node for a constant.
 */
private NewExpr constantNewExpr(Constant constant) {
    if (constant instanceof StringConstant) {
        return STRING_SITE;
    } else if (constant instanceof ClassConstant) {
        return CLASS_SITE;
    } else if (constant instanceof NullConstant) {
        return null;
    } else {
        throw new RuntimeException(constant.toString());
    }
}
项目:FuzzDroid    文件:PathExecutionTransformer.java   
private void instrumentInfoAboutNonApiCaller(Body body, Unit unit)
{   
    //our instrumented code
    if(unit.hasTag(InstrumentedCodeTag.name))
        return;

    InvokeExpr invokeExpr = null;
    if(unit instanceof DefinitionStmt)
    {
        DefinitionStmt defStmt = (DefinitionStmt)unit;
        if(defStmt.containsInvokeExpr())
        {
            invokeExpr = defStmt.getInvokeExpr();
        }
    }                   
    else if(unit instanceof InvokeStmt)
    {
        InvokeStmt invokeStmt = (InvokeStmt)unit;
        invokeExpr = invokeStmt.getInvokeExpr();
    }               

    if(invokeExpr != null)
    {           
        if(!UtilInstrumenter.isApiCall(invokeExpr))
        {
            String invokeExprMethodSignature = invokeExpr.getMethod().getSignature();

            List<Value> parameter = invokeExpr.getArgs();
            List<Unit> generated = new ArrayList<Unit>();
            Pair<Value, List<Unit>> arrayRefAndInstrumentation = UtilInstrumenter.generateParameterArray(parameter, body);

            List<Unit> generatedArrayInstrumentation = arrayRefAndInstrumentation.getSecond();
            Value arrayRef = arrayRefAndInstrumentation.getFirst();

            Unit generatedInvokeStmt = UtilInstrumenter.makeJimpleStaticCallForPathExecution("logInfoAboutNonApiMethodCaller",  
                    RefType.v("java.lang.String"), StringConstant.v(body.getMethod().getSignature()),
                    RefType.v("java.lang.String"), StringConstant.v(invokeExprMethodSignature),
                    UtilInstrumenter.getParameterArrayType(), (parameter.isEmpty())? NullConstant.v() : arrayRef);
            generatedInvokeStmt.addTag(new InstrumentedCodeTag());
            generated.addAll(generatedArrayInstrumentation);
            generated.add(generatedInvokeStmt);

            body.getUnits().insertBefore(generated, unit);
        }
    }       
}
项目:permission-map    文件:CheckForPermission.java   
private static List<MethodCall> getStringParameterInCall(SootMethod targetM, SootMethod callToSearchM, int paramPos, Set<String> mpSet, boolean isCheckMethod) {
  List<MethodCall> methodCallsList = new ArrayList<MethodCall>();

  Body b = targetM.getActiveBody();
  for( Unit u: b.getUnits()) {
    MethodCall currMC = null;

    Stmt s = (Stmt)u;
    if (!s.containsInvokeExpr())
      continue;
    InvokeExpr invokeExpr = s.getInvokeExpr();

    boolean condition = false;
    if (isCheckMethod)
      condition = isCheckPermissionMethod(invokeExpr.getMethod());
    else
      condition = invokeExpr.getMethod().toString().split(":")[1].equals(callToSearchM.toString().split(":")[1]); // TODO: should check all out edges
    if (condition) {
      logger.info("Target method '"+ invokeExpr.getMethod() +"' found! Source method: "+ targetM);
      methodCallsList.add(new MethodCall(invokeExpr.getMethod(), u));
      currMC = methodCallsList.get(0);
    }

    if (currMC == null) {
      continue;
    }
    // at this point we know that we are dealing with a permission check method call unit

    // retrieve first argument which points to the permission string
    Value vParam = null;
    int count = invokeExpr.getArgCount();
    if (count <= 0)
      throw new RuntimeException("Method has 0 arguments! "+ s);
    vParam = invokeExpr.getArg(paramPos);

    // the first argument is a StringConstant whose value
    // is the permission string
    if (vParam instanceof StringConstant) { 
      AnalysisType.v().cur().case1_direct_string_passed_as_parameter();      
      currMC.paramConstantString = vParam.toString();
      logger.info("[F] "+ currMC.paramConstantString);
      mpSet.add (currMC.paramConstantString); // is String constant
      continue;
    } 

    if (vParam instanceof NullConstant) {
      logger.info("[F] NullConstant!");
      //mpSet.add("NULL_CONSTANT");
      continue;
    }

    // the first argument must be a local at this point
    if (!(vParam instanceof Local))
      throw new RuntimeException("vParam is not instance of Local! -> '"+ (vParam==null?"is null":vParam.getClass()) +"'"); 

    // store info about this local for step2 below
    currMC.paramName = ((Local)vParam).getName();
    currMC.paramLocal = (Local)vParam;
    currMC.paramNameUnit = u;
  }
  return methodCallsList;
}
项目:permission-map    文件:CreateManagers.java   
/**
 * Create getManager_ for managers created through <init> methods
 * @param initMethod
 * @return
 */
private Body createNewInstance(SootMethod initMethod) {

    SootClass servicesInitClass = Scene.v().getSootClass(GenerateServiceInit.servicesInitClassName);

    RefType newType = initMethod.getDeclaringClass().getType();
    Body b = Jimple.v().newBody();
    LocalGenerator lg = new LocalGenerator(b);
    Local newLocal = lg.generateLocal(newType);

    SootField sf = servicesInitClass.getFieldByName("androidcontentContext");
    Value newR = Jimple.v().newStaticFieldRef(sf.makeRef());
    Local contextLocal = lg.generateLocal(sf.getType());
    Unit u0 = Jimple.v().newAssignStmt(contextLocal, newR);               
    boolean addU0 = false;    

    NewExpr n1 = Jimple.v().newNewExpr(newType);
    Unit u1 = Jimple.v().newAssignStmt(newLocal, n1);
    List<Value> args = new ArrayList<Value>();
    for (Type t : initMethod.getParameterTypes()) {
        if (t.toString().startsWith("android.content.Context")) {
            args.add(contextLocal);
            addU0 = true;
        } else {
            args.add(NullConstant.v());
        }
    }

    InvokeExpr n2 = Jimple.v().newSpecialInvokeExpr(newLocal, initMethod.makeRef(), args);
    Unit u2 = Jimple.v().newInvokeStmt(n2);
    Unit u3 = Jimple.v().newReturnStmt(newLocal);

    if (addU0)
        b.getUnits().addFirst(u0);
    else
        b.getLocals().remove(contextLocal);
    System.out.println("u1: "+ u1);
    System.out.println("u1: "+ u2);
    System.out.println("u1: "+ u3);
    if (addU0)
        b.getUnits().insertAfter(u1, u0);
    else
        b.getUnits().addFirst(u1);
    b.getUnits().insertAfter(u2, u1);
    b.getUnits().insertAfter(u3, u2);

    return b;
}
项目:JAADAS    文件:ExprTranslator.java   
public void caseNullConstant(NullConstant expr) {
    jt.notSupported("The null constant is not supported");
}
项目:JAADAS    文件:ValueTemplatePrinter.java   
public void caseNullConstant(NullConstant v) {  
    printConstant(v);
}
项目:JAADAS    文件:Walker.java   
public void outANullConstant(ANullConstant node)
   {
mProductions.addLast(NullConstant.v());
   }
项目:JAADAS    文件:ConstraintCollector.java   
public void caseIfStmt(IfStmt stmt) {
    if (uses) {
        ConditionExpr cond = (ConditionExpr) stmt.getCondition();

        BinopExpr expr = cond;
        Value lv = expr.getOp1();
        Value rv = expr.getOp2();

        TypeVariable lop;
        TypeVariable rop;

        // ******** LEFT ********
        if (lv instanceof Local) {
            lop = resolver.typeVariable((Local) lv);
        } else if (lv instanceof DoubleConstant) {
            lop = resolver.typeVariable(DoubleType.v());
        } else if (lv instanceof FloatConstant) {
            lop = resolver.typeVariable(FloatType.v());
        } else if (lv instanceof IntConstant) {
            lop = resolver.typeVariable(IntType.v());
        } else if (lv instanceof LongConstant) {
            lop = resolver.typeVariable(LongType.v());
        } else if (lv instanceof NullConstant) {
            lop = resolver.typeVariable(NullType.v());
        } else if (lv instanceof StringConstant) {
            lop = resolver.typeVariable(RefType.v("java.lang.String"));
        } else if (lv instanceof ClassConstant) {
            lop = resolver.typeVariable(RefType.v("java.lang.Class"));
        } else {
            throw new RuntimeException("Unhandled binary expression left operand type: " + lv.getClass());
        }

        // ******** RIGHT ********
        if (rv instanceof Local) {
            rop = resolver.typeVariable((Local) rv);
        } else if (rv instanceof DoubleConstant) {
            rop = resolver.typeVariable(DoubleType.v());
        } else if (rv instanceof FloatConstant) {
            rop = resolver.typeVariable(FloatType.v());
        } else if (rv instanceof IntConstant) {
            rop = resolver.typeVariable(IntType.v());
        } else if (rv instanceof LongConstant) {
            rop = resolver.typeVariable(LongType.v());
        } else if (rv instanceof NullConstant) {
            rop = resolver.typeVariable(NullType.v());
        } else if (rv instanceof StringConstant) {
            rop = resolver.typeVariable(RefType.v("java.lang.String"));
        } else if (rv instanceof ClassConstant) {
            rop = resolver.typeVariable(RefType.v("java.lang.Class"));
        } else {
            throw new RuntimeException("Unhandled binary expression right operand type: " + rv.getClass());
        }

        TypeVariable common = resolver.typeVariable();
        rop.addParent(common);
        lop.addParent(common);
    }
}
项目:JAADAS    文件:RegisterAllocator.java   
private Register asConstant(Value v, ConstantVisitor constantV) {
    Constant c = (Constant) v;

    Register constantRegister = null;

    List<Register> rArray = null;
    AtomicInteger iI = null;
    if (c instanceof ClassConstant) {
        rArray = classConstantReg;
        iI = classI;
    } else if (c instanceof NullConstant) {
           rArray = nullConstantReg;
           iI = nullI;
       } else if (c instanceof FloatConstant) {
           rArray = floatConstantReg;
           iI = floatI;
       } else if (c instanceof IntConstant) {
           rArray = intConstantReg;
           iI = intI;
       } else if (c instanceof LongConstant) {
           rArray = longConstantReg;
           iI = longI;
       } else if (c instanceof DoubleConstant) {
           rArray = doubleConstantReg;
           iI = doubleI;
       } else if (c instanceof StringConstant) {
           rArray = stringConstantReg;
           iI = stringI;
       } else {
           throw new RuntimeException("Error. Unknown constant type: '"+ c.getType() +"'");
       }

    if (rArray.size() == 0 || iI.intValue() >= rArray.size()) {
        rArray.add(new Register(c.getType(), nextRegNum));
        nextRegNum += SootToDexUtils.getDexWords(c.getType());
    }

    constantRegister = rArray.get(iI.intValue()).clone();
    iI.set(iI.intValue() + 1);

    // "load" constant into the register...
    constantV.setDestination(constantRegister);
    c.apply(constantV);
    // ...but return an independent register object
    return constantRegister.clone();
}
项目:JAADAS    文件:ConstantVisitor.java   
public void caseNullConstant(NullConstant v) {
    // dex bytecode spec says: "In terms of bitwise representation, (Object) null == (int) 0."
       stmtV.addInsn(buildConstInsn(0), origStmt);
}
项目:JAADAS    文件:UnitThrowAnalysis.java   
public void caseNullConstant(NullConstant c) {
}
项目:bixie    文件:SootValueSwitch.java   
@Override
public void caseNullConstant(NullConstant arg0) {
    expressionStack.push(SootPrelude.v().getNullConstant());
}
项目:DroidRA    文件:StringValueAnalysis.java   
/**
 * Returns the string values of a variable used at a given statement.
 * 
 * @param value The value or variable that should be determined.
 * @param stmt The statement that uses the variable whose values should be determined.
 * @return The set of possible values.
 */
@Override
public Set<Object> computeVariableValues(Value value, Stmt stmt) {
  if (value instanceof StringConstant) {
    return Collections.singleton((Object) ((StringConstant) value).value.intern());
  } else if (value instanceof NullConstant) {
    return Collections.singleton((Object) "<NULL>");
  } else if (value instanceof Local) {
    Local local = (Local) value;

    ConstraintCollector constraintCollector =
        new ConstraintCollector(new ExceptionalUnitGraph(AnalysisParameters.v().getIcfg()
            .getMethodOf(stmt).getActiveBody()));
    LanguageConstraints.Box lcb = constraintCollector.getConstraintOfAt(local, stmt);
    RecursiveDAGSolverVisitorLC dagvlc =
        new RecursiveDAGSolverVisitorLC(5, null,
            new RecursiveDAGSolverVisitorLC.MethodReturnValueAnalysisInterface() {
              @Override
              public Set<Object> getMethodReturnValues(Call call) {
                return MethodReturnValueManager.v().getMethodReturnValues(call);
              }
            });

    if (dagvlc.solve(lcb)) {
      // boolean flag = false;
      // if (dagvlc.result.size() == 0 || flag == true) {
      // System.out.println("ID: " + lcb.uid);
      // // int dbg = 10;
      // // while (dbg == 10) {
      // System.out.println("Returning " + dagvlc.result);
      // System.out.println("Returning.. " + lcb);
      // dagvlc.solve(lcb);
      // System.out.println("done");
      // // }
      // }
      // System.out.println("Returning " + dagvlc.result);
      return new HashSet<Object>(dagvlc.result);
    } else {
      return Collections.singleton((Object) TOP_VALUE);
    }
  } else {
    return Collections.singleton((Object) TOP_VALUE);
  }
}
项目:petablox    文件:RelNullExpr.java   
public void visit(Value e) {
    if (e instanceof NullConstant)
        add(e);
}
项目:petablox    文件:DomNull.java   
public void visit(Value e) {
    if (e instanceof NullConstant)
        add(e);
}