1. 包列表
  2. 类列表
  3. soot.jimple.InstanceFieldRef

Java 类soot.jimple.InstanceFieldRef 实例源码

项目:cheetah    文件:AnalysisTask.java    
private Set<FlowAbstraction> getTaints(Value right, Value left, FlowAbstraction source, Unit src) {
    Set<FlowAbstraction> ret = new HashSet<FlowAbstraction>();
    FlowAbstraction fa = getTaint(right, left, source, src);
    if (fa != null)
        ret.add(fa);

    // f0 = o.x {o} -> taint f0 and o.x if o is API object
    if (right instanceof InstanceFieldRef && source.getLocal() != null && source.getFields().length == 0) {
        String type = ((InstanceFieldRef) right).getBase().getType().toString();
        // if o is an API object (ex: Point)
        if (!inProject(type)) {
            fa = FlowAbstraction.v(source.getSource(), right, src, icfg.getMethodOf(src), source);
            if (fa.hasPrefix(source.getLocal())) {
                ret.add(fa);
                fa = FlowAbstraction.v(source.getSource(), left, src, icfg.getMethodOf(src), source);
                ret.add(fa);
            }
        }

    }
    return ret;
}
项目:JAADAS    文件:PtsBasedAliasStrategy.java    
/**
 * Gets the points-to-set for the given value
 * @param targetValue The value for which to get the points-to-set
 * @return The points-to-set for the given value
 */
private PointsToSet getPointsToSet(Value targetValue) {
    PointsToAnalysis pta = Scene.v().getPointsToAnalysis();
    synchronized (pta) {            
        if (targetValue instanceof Local)
            return pta.reachingObjects((Local) targetValue);
        else if (targetValue instanceof InstanceFieldRef) {
            InstanceFieldRef iref = (InstanceFieldRef) targetValue;
            return pta.reachingObjects((Local) iref.getBase(), iref.getField());
        }
        else if (targetValue instanceof StaticFieldRef) {
            StaticFieldRef sref = (StaticFieldRef) targetValue;
            return pta.reachingObjects(sref.getField());
        }
        else if (targetValue instanceof ArrayRef) {
            ArrayRef aref = (ArrayRef) targetValue;
            return pta.reachingObjects((Local) aref.getBase());
        }
        else
            throw new RuntimeException("Unexpected value type for aliasing: " + targetValue.getClass());
    }
}
项目:JAADAS    文件:ImplicitFlowAliasStrategy.java    
@Override
public void computeAliasTaints(Abstraction d1, Stmt src, Value targetValue,
        Set<Abstraction> taintSet, SootMethod method, Abstraction newAbs) {
    // Use global aliasing
    Value baseValue = ((InstanceFieldRef) targetValue).getBase();
    Set<AccessPath> aliases = methodToAliases.getUnchecked(method).get
            (new AccessPath(baseValue, true));
    if (aliases != null)
        for (AccessPath ap : aliases) {
            Abstraction aliasAbs = newAbs.deriveNewAbstraction(
                    ap.merge(newAbs.getAccessPath()), null);
            if (taintSet.add(aliasAbs))
                // We have found a new alias. This new base object may however yet
                // again alias with something, so we need to check again
                if (ap.isInstanceFieldRef()) {
                    InstanceFieldRef aliasBaseVal = Jimple.v().newInstanceFieldRef
                            (ap.getPlainValue(), ap.getFirstField().makeRef());
                    computeAliasTaints(d1, src, aliasBaseVal, taintSet, method, aliasAbs);
                }
        }
}
项目:JAADAS    文件:AbstractInfoflowProblem.java    
/**
 * Checks whether the given base value matches the base of the given
 * taint abstraction
 * @param baseValue The value to check
 * @param source The taint abstraction to check
 * @return True if the given value has the same base value as the given
 * taint abstraction, otherwise false
 */
protected boolean baseMatches(final Value baseValue, Abstraction source) {
    if (baseValue instanceof Local) {
        if (baseValue.equals(source.getAccessPath().getPlainValue()))
            return true;
    }
    else if (baseValue instanceof InstanceFieldRef) {
        InstanceFieldRef ifr = (InstanceFieldRef) baseValue;
        if (ifr.getBase().equals(source.getAccessPath().getPlainValue())
                && source.getAccessPath().firstFieldMatches(ifr.getField()))
            return true;
    }
    else if (baseValue instanceof StaticFieldRef) {
        StaticFieldRef sfr = (StaticFieldRef) baseValue;
        if (source.getAccessPath().firstFieldMatches(sfr.getField()))
            return true;
    }
    return false;
}
项目:JAADAS    文件:IgetInstruction.java    
public void jimplify (DexBody body) {
      TwoRegisterInstruction i = (TwoRegisterInstruction)instruction;
      int dest = i.getRegisterA();
      int object = i.getRegisterB();
      FieldReference f = (FieldReference)((ReferenceInstruction)instruction).getReference();
      InstanceFieldRef r = Jimple.v().newInstanceFieldRef(body.getRegisterLocal(object),
                                                          getSootFieldRef(f));
      assign = Jimple.v().newAssignStmt(body.getRegisterLocal(dest), r);
      setUnit(assign);
      addTags(assign);
      body.add(assign);

if (IDalvikTyper.ENABLE_DVKTYPER) {
    Debug.printDbg(IDalvikTyper.DEBUG, "constraint: "+ assign);
        int op = (int)instruction.getOpcode().value;
        DalvikTyper.v().setType(assign.getLeftOpBox(), r.getType(), false);
      }
  }
项目:JAADAS    文件:IputInstruction.java    
public void jimplify (DexBody body) {
      TwoRegisterInstruction i = (TwoRegisterInstruction)instruction;
      int source = i.getRegisterA();
      int object = i.getRegisterB();
      FieldReference f = (FieldReference)((ReferenceInstruction)instruction).getReference();
      InstanceFieldRef instanceField = Jimple.v().newInstanceFieldRef(body.getRegisterLocal(object),
                           getSootFieldRef(f));
      Local sourceValue = body.getRegisterLocal(source);
      assign = getAssignStmt(body, sourceValue, instanceField);
      setUnit(assign);
      addTags(assign);
      body.add(assign);

if (IDalvikTyper.ENABLE_DVKTYPER) {
    Debug.printDbg(IDalvikTyper.DEBUG, "constraint: "+ assign);
        int op = (int)instruction.getOpcode().value;
        DalvikTyper.v().setType(assign.getRightOpBox(), instanceField.getType(), true);
      }
  }
项目:Sus    文件:BodyAnalysis.java    
private void checkAccessStmt(Stmt sootStmt, SootMethod currentMethod)
{
    if(sootStmt.containsFieldRef())
    {
        SootField accessField = sootStmt.getFieldRef().getField();
        boolean isWrite = (((DefinitionStmt)sootStmt).getLeftOp() instanceof FieldRef);
        boolean isStatic = (sootStmt.getFieldRef() instanceof StaticFieldRef);
        Value object = isStatic ? NullConstant.v() : ((InstanceFieldRef)sootStmt.getFieldRef()).getBase();

        String methodSig = currentMethod.getSignature();

        List<Value> currentLocks = new ArrayList<Value>(lockStack);

        System.out.println(isWrite+" access on "+isStatic+" field "+accessField+" of "+object+" in "+methodSig+" with "+currentLocks.size()+" locks");

        if(!variableAccesses.containsKey(methodSig))
        {
            variableAccesses.put(methodSig, new HashSet<VariableAccess>());
        }
        variableAccesses.get(currentMethod.getSignature()).add(
                new VariableAccess(accessField, sootStmt, currentMethod, isWrite, isStatic, currentLocks));
    }
}
项目:DroidRA    文件:FunctionFactoryUtils.java    
/**
 * Determines if an instance field should be propagated through a method call. This method only
 * checks propagation rule for the field base. It does not check if the field points to an
 * argument, which should be done outside this method.
 * 
 * @param instanceFieldRef An instance field reference.
 * @param invokeExpr An invoke expression for the called method.
 * @return True if the field should be propagated.
 */
public static boolean shouldPropagateInstanceField(InstanceFieldRef instanceFieldRef,
    InvokeExpr invokeExpr) {
  Value fieldBase = instanceFieldRef.getBase();
  List<Value> argList = invokeExpr.getArgs();
  // A field reference should be propagated if the base of the field points to a method argument.
  for (int i = 0; i < argList.size(); ++i) {
    if (sourcePointsToArgument(fieldBase, argList.get(i))) {
      return true;
    }
  }

  // A field reference should be propagated if the base of the field points to the base of the
  // method call for an instance call.
  if (invokeExpr instanceof InstanceInvokeExpr) {
    Value invokeExprBase = ((InstanceInvokeExpr) invokeExpr).getBase();
    if (sourcePointsToArgument(fieldBase, invokeExprBase)) {
      return true;
    }
  }

  return false;
}
项目:petablox    文件:DomE.java    
@Override
public void visitHeapInst(Unit u) {
    if (u instanceof JAssignStmt){
        JAssignStmt as = (JAssignStmt) u;

        if (SootUtilities.isFieldLoad(as)) {
            if(as.rightBox.getValue() instanceof InstanceFieldRef)
                if (!(((InstanceFieldRef)as.rightBox.getValue()).getBase() instanceof Local))
                    return;
        }
        if (SootUtilities.isFieldStore(as)) {
            if(as.rightBox.getValue() instanceof InstanceFieldRef)
                if (!(((InstanceFieldRef)as.leftBox.getValue()).getBase() instanceof Local))
                    return;
        }
    }

    add(u);
}
项目:petablox    文件:IterThrEscAnalysis.java    
public DNF getErrSuf(Unit q) {
    if (!(q instanceof AssignStmt)) return null;
    AssignStmt s = (AssignStmt)q;
    soot.Value lhs = s.getLeftOp();
    soot.Value rhs = s.getRightOp();

    soot.Value rx;
    if (rhs instanceof ArrayRef)
        rx = ((ArrayRef)rhs).getBase();
    else if (rhs instanceof InstanceFieldRef)
        rx = ((InstanceFieldRef)rhs).getBase();
    else if (lhs instanceof ArrayRef)
        rx = ((ArrayRef)lhs).getBase();
    else if (lhs instanceof InstanceFieldRef)
        rx = ((InstanceFieldRef)lhs).getBase();
    else
        throw new RuntimeException("Wrong query + " + q);
    EscVVariable escv = null;
    if (rx instanceof Local) {
        int vidx = this.getDomVIdx((Local)rx);
        escv = new EscVVariable(vidx,domV);
    }
    return new DNF(new ClauseSizeCMP(), escv, Value.E());
}
项目:soot-inflow    文件:PtsBasedAliasStrategy.java    
/**
 * Gets the points-to-set for the given value
 * @param targetValue The value for which to get the points-to-set
 * @return The points-to-set for the given value
 */
private PointsToSet getPointsToSet(Value targetValue) {
    if (targetValue instanceof Local)
        return Scene.v().getPointsToAnalysis().reachingObjects((Local) targetValue);
    else if (targetValue instanceof InstanceFieldRef) {
        InstanceFieldRef iref = (InstanceFieldRef) targetValue;
        return Scene.v().getPointsToAnalysis().reachingObjects((Local) iref.getBase(), iref.getField());
    }
    else if (targetValue instanceof StaticFieldRef) {
        StaticFieldRef sref = (StaticFieldRef) targetValue;
        return Scene.v().getPointsToAnalysis().reachingObjects(sref.getField());
    }
    else if (targetValue instanceof ArrayRef) {
        ArrayRef aref = (ArrayRef) targetValue;
        return Scene.v().getPointsToAnalysis().reachingObjects((Local) aref.getBase());
    }
    else
        throw new RuntimeException("Unexpected value type for aliasing: " + targetValue.getClass());
}
项目:soot-inflow    文件:ImplicitFlowAliasStrategy.java    
@Override
public void computeAliasTaints(Abstraction d1, Stmt src, Value targetValue,
        Set<Abstraction> taintSet, SootMethod method, Abstraction newAbs) {
    // If we don't have an alias set for this method yet, we compute it
    if (!globalAliases.containsRow(method))
        computeGlobalAliases(method);

    // Use global aliasing
    Value baseValue = ((InstanceFieldRef) targetValue).getBase();
    Set<AccessPath> aliases = globalAliases.get(method, new AccessPath(
            baseValue));
    if (aliases != null)
        for (AccessPath ap : aliases) {
            Abstraction aliasAbs = newAbs.deriveNewAbstraction(
                    ap.merge(newAbs.getAccessPath()), src);
            taintSet.add(aliasAbs);
        }
}
项目:soot-inflow    文件:AliasValue.java    
/** x = y.s; //y.s.f is an alias
 * x.f = tainted;
 * g = y.s; //call isAliasBase(y.s), return true
 * j = g.f; 
 * n = y; //n.s.f
 * sink(j);
 */
public boolean isWithinAccessPath(Value value){
    boolean result = false;
    if(value instanceof InstanceFieldRef){
        InstanceFieldRef ifr = (InstanceFieldRef) value;
        if(ifr.getBase().toString().equals(aliasBase.toString())){
            if(accessPath.size() > 0){
                SootFieldRef sfr = ifr.getFieldRef();
                if(accessPath.get(0).toString().equals(sfr.toString())){
                    result = true;
                }
            }
        }
    }else{
        if(value.toString().equals(aliasBase.toString())){
            result = true;
        }
    }
    return result;
}
项目:soot-inflow    文件:PathSummary.java    
/**
 * 
 * @param value
 * @param currUnit
 * @return ==
 */
public Set<AliasValue> isAlias(Value value, Unit currUnit){
    Set<AliasValue> result = new HashSet<AliasValue>();
    if(value instanceof InstanceFieldRef){
        for(AliasValue av : aliasSet){
            TaintValue tv = av.getSource();
            int activationIndex = 0;
            if(tv == null){
                activationIndex = av.getActivationIndex();
            }else{
                activationIndex = allUnits.indexOf(tv.getActivation());
            }
            if(av.isMe((InstanceFieldRef)value) && activationIndex < allUnits.indexOf(currUnit)){
                result.add(av);
            }
        }
    }
    return result;
}
项目:soot-inflow    文件:ForwardAnalysis.java    
private void foundNewTaint(Unit currUnit, Value lv){
    if(spa.getPathSummary().alreadyInTaintsSet(currUnit, lv)){
        return;
    }
    if(lv instanceof StaticFieldRef){
        spa.getPathSummary().addStaticFieldRefTV((StaticFieldRef) lv);
    }
    //first add the left value to taints set
    TaintValue tv = new TaintValue(currUnit, lv);
    spa.getPathSummary().addTaintValue(tv);
    //then, whether the left value is a FieldRef (only instance field can have alias) TODO
    if(lv instanceof InstanceFieldRef){
        tv.setHeapAssignment(true);
        BackwardAnalysis ba = new BackwardAnalysis(currUnit, tv, spa);
        ba.startBackward();
    }
}
项目:soot-inflow    文件:AnalysisManager.java    
private Set<AliasValue> isAliasValue(Set<AliasValue> aliasSet, Value value){
    Set<AliasValue> result = new HashSet<AliasValue>();
    for(AliasValue av : aliasSet){
        if(value instanceof InstanceFieldRef){
            ArrayList<SootFieldRef> accessPath = av.getAccessPath();
            if(accessPath != null && accessPath.size() > 0){
                InstanceFieldRef ifr = (InstanceFieldRef) value;
                Value base = ifr.getBase();
                SootFieldRef sfr = ifr.getFieldRef();
                if(av.getAliasBase().toString().equals(base.toString()) &&
                        accessPath.get(0).toString().equals(sfr.toString())){
                    result.add(av);
                }
            }
        }else{
            if(av.getAliasBase().toString().equals(value.toString())){
                result.add(av);
            }
        }
    }
    return result;
}
项目:coal    文件:FunctionFactoryUtils.java    
/**
 * Determines if an instance field should be propagated through a method call. This method only
 * checks propagation rule for the field base. It does not check if the field points to an
 * argument, which should be done outside this method.
 * 
 * @param instanceFieldRef An instance field reference.
 * @param invokeExpr An invoke expression for the called method.
 * @return True if the field should be propagated.
 */
public static boolean shouldPropagateInstanceField(InstanceFieldRef instanceFieldRef,
    InvokeExpr invokeExpr) {
  Value fieldBase = instanceFieldRef.getBase();
  List<Value> argList = invokeExpr.getArgs();
  // A field reference should be propagated if the base of the field points to a method argument.
  for (int i = 0; i < argList.size(); ++i) {
    if (sourcePointsToArgument(fieldBase, argList.get(i))) {
      return true;
    }
  }

  // A field reference should be propagated if the base of the field points to the base of the
  // method call for an instance call.
  if (invokeExpr instanceof InstanceInvokeExpr) {
    Value invokeExprBase = ((InstanceInvokeExpr) invokeExpr).getBase();
    if (sourcePointsToArgument(fieldBase, invokeExprBase)) {
      return true;
    }
  }

  return false;
}
项目:cheetah    文件:LocalMayAliasAnalysisWithFields.java    
private Set<EquivValue> getChildren(Set<EquivValue> set, Local local) {
    Set<EquivValue> children = new HashSet<EquivValue>();
    for (EquivValue ev : set) {
        if (ev.value instanceof InstanceFieldRef) {
            if (local.equivTo(((InstanceFieldRef) ev.value).getBase()))
                children.add(ev);
        }
    }
    return children;
}
项目:cheetah    文件:FlowAbstraction.java    
public boolean hasPrefix(Value v) { // if this has prefix v
    if (v instanceof Local) {
        if (local == null)
            return false;
        else
            return (local.equals(v));

    } else if (v instanceof InstanceFieldRef) {
        InstanceFieldRef ifr = (InstanceFieldRef) v;
        if (local == null) {
            if (ifr.getBase() != null)
                return false;
        } else if (!local.equals(ifr.getBase()))
            return false;
        if (fields.length > 0 && ifr.getField() == fields[0])
            return true;
        return false;

    } else if (v instanceof StaticFieldRef) {
        StaticFieldRef sfr = (StaticFieldRef) v;
        if (local != null)
            return false;
        if (fields.length > 0 && sfr.getField() == fields[0])
            return true;
        return false;

    } else if (v instanceof ArrayRef) {
        ArrayRef ar = (ArrayRef) v;
        if (local == null)
            return false;
        else
            return (local.equals(ar.getBase()));

    } else if (v instanceof Constant) {
        return false;
    } else
        throw new RuntimeException("Unexpected left side " + v.getClass());
}
项目:cheetah    文件:FlowAbstraction.java    
public SootField[] getPostfix(Value v) { // this is longer than v
    if (v instanceof InstanceFieldRef || v instanceof StaticFieldRef) {
        if (fields.length > 0)
            return Arrays.copyOfRange(fields, 1, fields.length);
        return new SootField[] {};
    } else if (v instanceof ArrayRef) {
        return new SootField[] {};
    } else
        throw new RuntimeException("Unexpected left side " + v.getClass());
}
项目:cheetah    文件:AnalysisTask.java    
/***** Aliases *****/

    private Set<FlowAbstraction> taintAliases(FlowAbstraction fa) {

        // System.out.println(icfg.getMethodOf(fa.getUnit()).getActiveBody());

        Set<FlowAbstraction> ret = new HashSet<FlowAbstraction>();

        // Should not consider other cases...
        if (fa.getLocal() != null) {
            Set<Value> mayAliases = icfg.mayAlias(fa.getLocal(), fa.getUnit());
            mayAliases.remove(fa.getLocal());

            for (Value alias : mayAliases) {
                if (alias instanceof Local || alias instanceof ArrayRef || alias instanceof StaticFieldRef
                        || alias instanceof InstanceFieldRef) {
                    FlowAbstraction faT = getTaint(fa.getLocal(), alias, fa, fa.getUnit());
                    if (faT != null)
                        ret.add(faT);
                }
            }

            if (DEBUG_ALIAS) {
                if (!ret.isEmpty()) {
                    LOGGER.debug("At " + fa.getUnit());
                    LOGGER.debug("\tAliases of " + fa.getLocal() + " are: " + mayAliases);
                    LOGGER.debug("\tAlias tainting " + ret);
                }
            }
        }
        return ret;
    }
项目:cheetah    文件:AnalysisTask.java    
/***** Taints *****/

    private FlowAbstraction getTaint(Value right, Value left, FlowAbstraction source, Unit src) {
        FlowAbstraction fa = null;

        if (right instanceof CastExpr)
            right = ((CastExpr) right).getOp();

        if (right instanceof Local && source.getLocal() == right) {
            fa = FlowAbstraction.v(source.getSource(), left, src, icfg.getMethodOf(src), source);
            fa = fa.append(source.getFields());
        } else if (right instanceof InstanceFieldRef) {
            InstanceFieldRef ifr = (InstanceFieldRef) right;
            if (source.hasPrefix(ifr)) {
                fa = FlowAbstraction.v(source.getSource(), left, src, icfg.getMethodOf(src), source);
                fa = fa.append(source.getPostfix(ifr));
            }
        } else if (right instanceof StaticFieldRef) {
            StaticFieldRef sfr = (StaticFieldRef) right;
            if (source.hasPrefix(sfr)) {
                fa = FlowAbstraction.v(source.getSource(), left, src, icfg.getMethodOf(src), source);
                fa = fa.append(source.getPostfix(sfr));
            }
        } else if (right instanceof ArrayRef) {
            ArrayRef ar = (ArrayRef) right;
            if (ar.getBase() == source.getLocal())
                fa = FlowAbstraction.v(source.getSource(), left, src, icfg.getMethodOf(src), source);
        }
        return fa;
    }
项目:JAADAS    文件:AbstractInfoflowProblem.java    
/**
 * Checks whether the given base value matches the base of the given
 * taint abstraction and ends there. So a will match a, but not a.x.
 * Not that this function will still match a to a.*.
 * @param baseValue The value to check
 * @param source The taint abstraction to check
 * @return True if the given value has the same base value as the given
 * taint abstraction and no further elements, otherwise false
 */
protected boolean baseMatchesStrict(final Value baseValue, Abstraction source) {
    if (!baseMatches(baseValue, source))
        return false;

    if (baseValue instanceof Local)
        return source.getAccessPath().isLocal();
    else if (baseValue instanceof InstanceFieldRef || baseValue instanceof StaticFieldRef)
        return source.getAccessPath().getFieldCount() == 1;

    throw new RuntimeException("Unexpected left side");
}
项目:JAADAS    文件:NullnessAssumptionAnalysis.java    
private void handleFieldRef(FieldRef fieldRef,
            AnalysisInfo out) {
        if(fieldRef instanceof InstanceFieldRef) {
            InstanceFieldRef instanceFieldRef = (InstanceFieldRef) fieldRef;
            //here we know that the receiver must point to an object
            Value base = instanceFieldRef.getBase();
            out.put(base,NON_NULL);
        }
        //but the referenced object might point to everything
//      out.put(fieldRef, TOP);
    }
项目:JAADAS    文件:NullnessAnalysis.java    
private void handleFieldRef(FieldRef fieldRef,
        AnalysisInfo out) {
    if(fieldRef instanceof InstanceFieldRef) {
        InstanceFieldRef instanceFieldRef = (InstanceFieldRef) fieldRef;
        //here we know that the receiver must point to an object
        Value base = instanceFieldRef.getBase();
        out.put(base,NON_NULL);
    }
}
项目:JAADAS    文件:StmtVisitor.java    
private Insn buildGetInsn(ConcreteRef sourceRef, Register destinationReg) {
    if (sourceRef instanceof StaticFieldRef) {
        return buildStaticFieldGetInsn(destinationReg, (StaticFieldRef) sourceRef);
    } else if (sourceRef instanceof InstanceFieldRef) {
        return buildInstanceFieldGetInsn(destinationReg, (InstanceFieldRef) sourceRef);
    } else if (sourceRef instanceof ArrayRef) {
        return buildArrayGetInsn(destinationReg, (ArrayRef) sourceRef);
    } else {
        throw new RuntimeException("unsupported type of ConcreteRef: " + sourceRef.getClass());
    }
}
项目:JAADAS    文件:StmtVisitor.java    
private Insn buildPutInsn(ConcreteRef destRef, Value source) {
    if (destRef instanceof StaticFieldRef) {
        return buildStaticFieldPutInsn((StaticFieldRef) destRef, source);
    } else if (destRef instanceof InstanceFieldRef) {
        return buildInstanceFieldPutInsn((InstanceFieldRef) destRef, source);
    } else if (destRef instanceof ArrayRef) {
        return buildArrayPutInsn((ArrayRef) destRef, source);
    } else {
        throw new RuntimeException("unsupported type of ConcreteRef: " + destRef.getClass());
    }
}
项目:JAADAS    文件:StmtVisitor.java    
private Insn buildInstanceFieldPutInsn(InstanceFieldRef destRef, Value source) {
    SootField destSootField = destRef.getField();
    BuilderFieldReference destField = DexPrinter.toFieldReference(destSootField, belongingFile);
    Value instance = destRef.getBase();
    Register instanceReg = regAlloc.asLocal(instance);
    Register sourceReg = regAlloc.asImmediate(source, constantV);
    Opcode opc = getPutGetOpcodeWithTypeSuffix("iput", destField.getType());
    return new Insn22c(opc, sourceReg, instanceReg, destField);
}
项目:JAADAS    文件:StmtVisitor.java    
private Insn buildInstanceFieldGetInsn(Register destinationReg, InstanceFieldRef sourceRef) {
    Value instance = sourceRef.getBase();
    Register instanceReg = regAlloc.asLocal(instance);
    SootField sourceSootField = sourceRef.getField();
    BuilderFieldReference sourceField = DexPrinter.toFieldReference(sourceSootField, belongingFile);
    Opcode opc = getPutGetOpcodeWithTypeSuffix("iget", sourceField.getType());
    return new Insn22c(opc, destinationReg, instanceReg, sourceField);
}
项目:JAADAS    文件:AsmMethodSource.java    
private void convertGetFieldInsn(FieldInsnNode insn) {
    StackFrame frame = getFrame(insn);
    Operand[] out = frame.out();
    Operand opr;
    Type type;
    if (out == null) {
        SootClass declClass = Scene.v().getSootClass(
                AsmUtil.toQualifiedName(insn.owner));
        type = AsmUtil.toJimpleType(insn.desc);
        Value val;
        SootFieldRef ref;
        if (insn.getOpcode() == GETSTATIC) {
            ref = Scene.v().makeFieldRef(declClass, insn.name, type, true);
            val = Jimple.v().newStaticFieldRef(ref);
        } else {
            Operand base = popLocal();
            ref = Scene.v().makeFieldRef(declClass, insn.name, type, false);
            InstanceFieldRef ifr =
                    Jimple.v().newInstanceFieldRef(
                            base.stackOrValue(), ref);
            val = ifr;
            base.addBox(ifr.getBaseBox());
            frame.in(base);
            frame.boxes(ifr.getBaseBox());
        }
        opr = new Operand(insn, val);
        frame.out(opr);
    } else {
        opr = out[0];
        type = opr.<FieldRef>value().getFieldRef().type();
        if (insn.getOpcode() == GETFIELD)
            frame.mergeIn(pop());
    }
    push(type, opr);
}
项目:petablox    文件:RelInstanceFieldExpr.java    
@Override
public void visit(Value e) {
    if (e instanceof InstanceFieldRef) {
        InstanceFieldRef sfe = (InstanceFieldRef) e;
        add(e, sfe.getBase(), sfe.getField());
    }
}
项目:soot-inflow    文件:InfoflowProblem.java    
/**
 * Computes the taints for the aliases of a given tainted variable
 * @param d1 The context in which the variable has been tainted
 * @param src The statement that tainted the variable
 * @param targetValue The target value which has been tainted
 * @param taintSet The set to which all generated alias taints shall be
 * added
 * @param method The method containing src
 * @param newAbs The newly generated abstraction for the variable taint
 */
private void computeAliasTaints
        (final Abstraction d1, final Stmt src,
        final Value targetValue, Set<Abstraction> taintSet,
        SootMethod method, Abstraction newAbs) {
    // If we are not in a conditionally-called method, we run the
    // full alias analysis algorithm. Otherwise, we use a global
    // non-flow-sensitive approximation.
    if (!d1.getAccessPath().isEmpty()) {
        aliasingStrategy.computeAliasTaints(d1, src, targetValue, taintSet, method, newAbs);
    } else if (targetValue instanceof InstanceFieldRef) {
        assert enableImplicitFlows;
        implicitFlowAliasingStrategy.computeAliasTaints(d1, src, targetValue, taintSet, method, newAbs);
    }
}
项目:soot-inflow    文件:AbstractInfoflowProblem.java    
/**
 * we cannot rely just on "real" heap objects, but must also inspect locals because of Jimple's representation ($r0 =... )
 * @param val the value which gets tainted
 * @param source the source from which the taints comes from. Important if not the value, but a field is tainted
 * @return true if a reverseFlow should be triggered or an inactive taint should be propagated (= resulting object is stored in heap = alias)
 */
public boolean triggerInaktiveTaintOrReverseFlow(Value val, Abstraction source){
    if(val == null){
        return false;
    }
    //no string
    if(!(val instanceof InstanceFieldRef) && !(val instanceof ArrayRef) 
            && val.getType() instanceof RefType && ((RefType)val.getType()).getClassName().equals("java.lang.String")){
        return false;
    }
    if(val instanceof InstanceFieldRef && ((InstanceFieldRef)val).getBase().getType() instanceof RefType &&
             ((RefType)((InstanceFieldRef)val).getBase().getType()).getClassName().equals("java.lang.String")){
        return false;
    }
    if(val.getType() instanceof PrimType){
        return false;
    }
    if(val instanceof Constant)
        return false;

    if(DataTypeHandler.isFieldRefOrArrayRef(val)
            || source.getAccessPath().isInstanceFieldRef()
            || source.getAccessPath().isStaticFieldRef())
        return true;

    return false;
}
项目:soot-inflow    文件:TaintValue.java    
public String getFieldName(){
    String result = null;
    if(isHeapAssignment){
        result = ((InstanceFieldRef)taintValue).getFieldRef().name();
    }
    return result;
}
项目:soot-inflow    文件:TaintValue.java    
public SootFieldRef getSootFieldRef(){
    SootFieldRef result = null;
    if(isHeapAssignment){
        result = ((InstanceFieldRef)taintValue).getFieldRef();
    }
    return result;
}
项目:soot-inflow    文件:AliasValue.java    
public boolean isMe(InstanceFieldRef ifr){
    boolean result = false;
    if(accessPath.size() == 1){
        Value base = ifr.getBase();
        SootFieldRef srf = ifr.getFieldRef();
        if(aliasBase.toString().equals(base.toString()) &&
            srf.toString().equals(accessPath.get(0).toString())){
            result = true;
        }
    }
    return result;
}
项目:soot-inflow    文件:PathSummary.java    
/**
 * p0.f = tainted_value; ——————————— p0.f is tainted
 * p1 = p0; ————————————————- p1.f is an alias ********************bug issue3
 * sink(p1.f); ————————————————   
 * @param value
 * @param currUnit
 * @return
 */
public TaintValue isTaintBase(Value value, Unit currUnit){
    TaintValue result = null;
    for(TaintValue tv : taintsSet){
        if(tv.isHeapAssignment){
            InstanceFieldRef ifr = (InstanceFieldRef) tv.getTaintValue();
            if(value.toString().equals(ifr.getBase().toString())
                    && allUnits.indexOf(currUnit) > allUnits.indexOf(tv.getActivation())){
                result = tv;
                break;
            }
        }
    }
    return result;
}
项目:matos-tool    文件:MethodSpyAnalysis.java    
/**
 * Analyze an expression (a value) and computes an abstract value representing its contents.
 * @param r the expression to analyse.
 * @param u The unit that encapsulate the value.
 * @param seen What has already be seen (avoid loops).
 * @return
 */
public AbsValue analyze_expr(Value r, Unit u,  Set<Unit> seen) {
    AbsValue result;
    if (r instanceof Local) {
        result = analyzeLocal((Local) r, u, seen);
    } else if (r instanceof StringConstant)
        result = new StringValue(((StringConstant) r).value);
    else if (r instanceof Constant) 
        result = new ConstantValue((Constant) r,((Constant) r).getType());
    else if (r instanceof InvokeExpr) {
        result = analyzeInvoke((InvokeExpr) r,u,seen);
    } else if (r instanceof CastExpr) {
        result = analyze_expr(((CastExpr) r).getOp(),u,seen);
    } else if (r instanceof ParameterRef) {
        result = analyzeParameterRef((ParameterRef) r, u, seen);
    } else if (r instanceof ConditionExpr) {
        result = analyzeConditionExpr((ConditionExpr) r, u, seen);
    } else if (r instanceof InstanceOfExpr) {
        result = analyzeInstanceOfExpr((InstanceOfExpr) r, u, seen);
    } else if (r instanceof StaticFieldRef) {
        result = analyzeStaticFieldRef((StaticFieldRef) r,u,seen);
    } else if (r instanceof InstanceFieldRef) {
        result = analyzeInstanceFieldRef((InstanceFieldRef) r,u,seen);
    } else if (r instanceof ArrayRef) {
        result = analyzeArrayRef((ArrayRef) r,u,seen);
    } else if (r instanceof NewExpr) {
        result = analyzeNewExpr((NewExpr) r, u, seen);
    } else {
        result = new UnknownValue(r.toString());
    }
    return solve_init(result,u,seen);
}
项目:jgs    文件:AnnotationValueSwitch.java    
@Override
public void caseInstanceFieldRef(InstanceFieldRef v) {  
    rightElement = RightElement.NOT;
    logger.finest("Instance field reference identified " + v.toString());   
    System.out.println("kh" + v.getBase().toString());
    if (actualContext == StmtContext.ASSIGNRIGHT) {
        JimpleInjector.addLevelInAssignStmt(v, callingStmt);
    } else if (actualContext == StmtContext.ASSIGNLEFT) {
        JimpleInjector.setLevelOfAssignStmt(v, callingStmt);
    } else {
        new InternalAnalyzerException();            
    }
}
项目:jgs    文件:JimpleInjector.java    
/**
 * Add the level of a field of an object. It can be the field of the actually
 * analyzed object or the field
 * @param f Reference to the instance field
 * @param pos The statement where this field occurs
 */
public static void addLevelInAssignStmt(InstanceFieldRef f, Unit pos) {
    logger.log(Level.INFO, "Adding level of field {0} in assignStmt in method {1}", 
            new Object[] {f.getField().getSignature(),b.getMethod().getName()});

    String fieldSignature = getSignatureForField(f.getField());

    ArrayList<Type> parameterTypes = new ArrayList<Type>();
    parameterTypes.add(RefType.v("java.lang.Object"));
    parameterTypes.add(RefType.v("java.lang.String"));

    // units.getFirst is already a reference to @this
    // Local tmpLocal = (Local) units.getFirst().getDefBoxes().get(0).getValue();
    Unit assignBase = Jimple.v().newAssignStmt(local_for_Objects, f.getBase());
    System.out.println("Base " + f.getBase());

    Unit assignSignature = Jimple.v().newAssignStmt(
            local_for_Strings, StringConstant.v(fieldSignature));

    Expr addObj = Jimple.v().newVirtualInvokeExpr(
            hs, Scene.v().makeMethodRef(
            Scene.v().getSootClass(HANDLE_CLASS), "joinLevelOfFieldAndAssignmentLevel", 
            parameterTypes, Scene.v().getObjectType(), false), 
            local_for_Objects, local_for_Strings);
    Unit assignExpr = Jimple.v().newInvokeStmt(addObj);

    unitStore_Before.insertElement(unitStore_Before.new Element(assignBase, pos));
    unitStore_Before.insertElement(unitStore_Before.new Element(assignSignature, pos));
    unitStore_Before.insertElement(unitStore_Before.new Element(assignExpr, pos));
    lastPos = pos;
}