Java 类soot.jimple.NullConstant 实例源码
项目:JAADAS
文件:FixUndefinedLocals.java
public static PushInst getPushInitializer(Local l, Type t) {
if (t instanceof IntegerType) {
return Baf.v().newPushInst(IntConstant.v(soot.jbco.util.Rand.getInt()));
} else if (t instanceof RefLikeType || t instanceof StmtAddressType) {
return Baf.v().newPushInst(NullConstant.v());
} else if (t instanceof LongType) {
return Baf.v().newPushInst(LongConstant.v(soot.jbco.util.Rand.getLong()));
} else if (t instanceof FloatType) {
return Baf.v().newPushInst(
FloatConstant.v(soot.jbco.util.Rand.getFloat()));
} else if (t instanceof DoubleType) {
return Baf.v().newPushInst(
DoubleConstant.v(soot.jbco.util.Rand.getDouble()));
}
return null;
}
项目:JAADAS
文件:DexNullThrowTransformer.java
@Override
protected void internalTransform(Body b, String phaseName, Map<String, String> options) {
LocalCreation lc = new LocalCreation(b.getLocals(), "ex");
for (Iterator<Unit> unitIt = b.getUnits().snapshotIterator(); unitIt.hasNext(); ) {
Unit u = unitIt.next();
// Check for a null exception
if (u instanceof ThrowStmt) {
ThrowStmt throwStmt = (ThrowStmt) u;
if (throwStmt.getOp() == NullConstant.v()
|| throwStmt.getOp().equals(IntConstant.v(0))
|| throwStmt.getOp().equals(LongConstant.v(0))) {
createThrowStmt(b, throwStmt, lc);
}
}
}
}
项目:Sus
文件:BodyAnalysis.java
private void checkAccessStmt(Stmt sootStmt, SootMethod currentMethod)
{
if(sootStmt.containsFieldRef())
{
SootField accessField = sootStmt.getFieldRef().getField();
boolean isWrite = (((DefinitionStmt)sootStmt).getLeftOp() instanceof FieldRef);
boolean isStatic = (sootStmt.getFieldRef() instanceof StaticFieldRef);
Value object = isStatic ? NullConstant.v() : ((InstanceFieldRef)sootStmt.getFieldRef()).getBase();
String methodSig = currentMethod.getSignature();
List<Value> currentLocks = new ArrayList<Value>(lockStack);
System.out.println(isWrite+" access on "+isStatic+" field "+accessField+" of "+object+" in "+methodSig+" with "+currentLocks.size()+" locks");
if(!variableAccesses.containsKey(methodSig))
{
variableAccesses.put(methodSig, new HashSet<VariableAccess>());
}
variableAccesses.get(currentMethod.getSignature()).add(
new VariableAccess(accessField, sootStmt, currentMethod, isWrite, isStatic, currentLocks));
}
}
项目:bixie
文件:SootStmtSwitch.java
/**
* This is a helper function to suppress false positives: Sometimes,
* when try-catch with resources is being used
* @param v
* @return
*/
private boolean isTrivialNullCheck(Value v) {
if (v instanceof BinopExpr) {
BinopExpr bo = (BinopExpr)v;
if (bo.getOp2() instanceof NullConstant && bo.getSymbol().equals(" == ")) {
//now it gets itchy. We want to catch only that case
//where the bytecode introduces a renaming of null and
//does this unreachable null check.
if (bo.getOp1() instanceof Local) {
Local l = (Local)bo.getOp1();
if (l.getType() instanceof NullType) {
return true;
}
}
}
}
return false;
}
项目:jar2bpl
文件:SootStmtSwitch.java
/**
* This is a helper function to suppress false positives: Sometimes,
* when try-catch with resources is being used
* @param v
* @return
*/
private boolean isTrivialNullCheck(Value v) {
if (v instanceof BinopExpr) {
BinopExpr bo = (BinopExpr)v;
if (bo.getOp2() instanceof NullConstant && bo.getSymbol().equals(" == ")) {
//now it gets itchy. We want to catch only that case
//where the bytecode introduces a renaming of null and
//does this unreachable null check.
if (bo.getOp1() instanceof Local) {
Local l = (Local)bo.getOp1();
if (l.getType() instanceof NullType) {
return true;
}
}
}
}
return false;
}
项目:bladedroid
文件:Util.java
public static Value getDefaultValue(Type type) {
if ((type instanceof BooleanType)
|| (type instanceof ByteType)
|| (type instanceof CharType)
|| (type instanceof DoubleType)
|| (type instanceof FloatType)
|| (type instanceof IntType)
|| (type instanceof LongType)
|| (type instanceof ShortType))
{
return IntConstant.v(0);
}
else
{
return NullConstant.v();
}
}
项目:FuzzDroid
文件:PathExecutionTransformer.java
private void instrumentEachBranchAccess(Body body, IfStmt ifStmt){
String methodSignature = body.getMethod().getSignature();
String condition = ifStmt.getCondition().toString();
Unit generatedJimpleCodeForBranch = UtilInstrumenter.makeJimpleStaticCallForPathExecution("logInfoAboutBranchAccess",
RefType.v("java.lang.String"), StringConstant.v(methodSignature),
RefType.v("java.lang.String"), StringConstant.v(condition),
RefType.v("java.lang.String"), NullConstant.v()
);
generatedJimpleCodeForBranch.addTag(new InstrumentedCodeTag());
Unit generatedJimpleCodeThenBranch = UtilInstrumenter.makeJimpleStaticCallForPathExecution("logInfoAboutBranchAccess",
RefType.v("java.lang.String"), StringConstant.v(methodSignature),
RefType.v("java.lang.String"), NullConstant.v(),
RefType.v("java.lang.String"), StringConstant.v("then branch")
);
generatedJimpleCodeThenBranch.addTag(new InstrumentedCodeTag());
Unit generatedJimpleCodeElseBranch = UtilInstrumenter.makeJimpleStaticCallForPathExecution("logInfoAboutBranchAccess",
RefType.v("java.lang.String"), StringConstant.v(methodSignature),
RefType.v("java.lang.String"), NullConstant.v(),
RefType.v("java.lang.String"), StringConstant.v("else branch")
);
generatedJimpleCodeElseBranch.addTag(new InstrumentedCodeTag());
body.getUnits().insertBefore(generatedJimpleCodeForBranch, ifStmt);
//treatment of target statement ("true"-branch)
Stmt targetStmt = ifStmt.getTarget();
if(!branchTargetStmt.contains(targetStmt.toString())) {
branchTargetStmt.add(generatedJimpleCodeThenBranch.toString());
body.getUnits().insertBefore(generatedJimpleCodeThenBranch, targetStmt);
}
//treatment of "else"-branch
body.getUnits().insertAfter(generatedJimpleCodeElseBranch, ifStmt);
}
项目:permission-map
文件:RedirectService.java
public void redirectGetSystemServiceCalls(Body b, List<Unit> getSSStmt, List<String> sSNames, SootClass servicesInitClass) {
if (getSSStmt.size() != sSNames.size()) {
int callNbr = getSSStmt.size();
int namesNbr = sSNames.size();
throw new RuntimeException("[Error] System Services get calls units should all correspond to a service name! calls: "+ callNbr +" names: "+ namesNbr);
}
PatchingChain<Unit> units = b.getUnits();
int i = 0;
for (Unit u: getSSStmt) {
// must be an assignment of the type: r = c.getSystemService("serviceName")
if (!(u instanceof AssignStmt)) {
throw new RuntimeException("[Error] must be assign statement! Current statement is: "+ u);
}
// current assignment statement
AssignStmt ass = (AssignStmt)u;
// create new assignment statement: replacement of call to getSystemService by a reference to
// the static field ref to the service (which is created in a custom class called ServicesInit.java)
//RefType rt = RefType.v("ServicesInit");
Unit newU = null;
if (!servicesInitClass.declaresFieldByName(sSNames.get(i))) {
System.out.println("[Warning] servicesInit class does not contain field '"+ sSNames.get(i) +"' replacing statement by nop.");
newU = Jimple.v().newAssignStmt(ass.getLeftOp(), NullConstant.v());//Jimple.v().newNopStmt();
} else {
SootField sf = servicesInitClass.getFieldByName(sSNames.get(i)); //new SootField(sSNames.get(i), rt, Modifier.STATIC);
Value rvalue = Jimple.v().newStaticFieldRef(sf.makeRef());
AssignStmt newAss = Jimple.v().newAssignStmt(ass.getLeftOp(), rvalue);
newU = (Unit) newAss;
}
System.out.println("swapping "+ u +" with "+ newU);
units.swapWith(u, newU);
i++;
}
}
项目:JAADAS
文件:LibraryClassPatcher.java
/**
* Creates a synthetic "java.lang.Thread.run()" method implementation that
* calls the target previously passed in when the constructor was called
* @param smRun The run() method for which to create a synthetic
* implementation
* @param runnable The "java.lang.Runnable" interface
* @param fldTarget The field containing the target object
*/
private void patchThreadRunMethod(SootMethod smRun, SootClass runnable,
SootField fldTarget) {
SootClass sc = smRun.getDeclaringClass();
Body b = Jimple.v().newBody(smRun);
smRun.setActiveBody(b);
Local thisLocal = Jimple.v().newLocal("this", sc.getType());
b.getLocals().add(thisLocal);
b.getUnits().add(Jimple.v().newIdentityStmt(thisLocal,
Jimple.v().newThisRef(sc.getType())));
Local targetLocal = Jimple.v().newLocal("target", runnable.getType());
b.getLocals().add(targetLocal);
b.getUnits().add(Jimple.v().newAssignStmt(targetLocal,
Jimple.v().newInstanceFieldRef(thisLocal, fldTarget.makeRef())));
Unit retStmt = Jimple.v().newReturnVoidStmt();
// If (this.target == null) return;
b.getUnits().add(Jimple.v().newIfStmt(Jimple.v().newEqExpr(targetLocal,
NullConstant.v()), retStmt));
// Invoke target.run()
b.getUnits().add(Jimple.v().newInvokeStmt(Jimple.v().newInterfaceInvokeExpr(targetLocal,
runnable.getMethod("void run()").makeRef())));
b.getUnits().add(retStmt);
}
项目:JAADAS
文件:NullnessAnalysis.java
private void handleEqualityOrNonEqualityCheck(AbstractBinopExpr eqExpr, AnalysisInfo in,
AnalysisInfo out, AnalysisInfo outBranch) {
Value left = eqExpr.getOp1();
Value right = eqExpr.getOp2();
Value val=null;
if(left==NullConstant.v()) {
if(right!=NullConstant.v()) {
val = right;
}
} else if(right==NullConstant.v()) {
if(left!=NullConstant.v()) {
val = left;
}
}
//if we compare a local with null then process further...
if(val!=null && val instanceof Local) {
if(eqExpr instanceof JEqExpr)
//a==null
handleEquality(val, out, outBranch);
else if(eqExpr instanceof JNeExpr)
//a!=null
handleNonEquality(val, out, outBranch);
else
throw new IllegalStateException("unexpected condition: "+eqExpr.getClass());
}
}
项目:JAADAS
文件:NullnessAnalysis.java
private void handleRefTypeAssignment(DefinitionStmt assignStmt, AnalysisInfo out) {
Value left = assignStmt.getLeftOp();
Value right = assignStmt.getRightOp();
//unbox casted value
if(right instanceof JCastExpr) {
JCastExpr castExpr = (JCastExpr) right;
right = castExpr.getOp();
}
//if we have a definition (assignment) statement to a ref-like type, handle it,
if ( isAlwaysNonNull(right)
|| right instanceof NewExpr || right instanceof NewArrayExpr
|| right instanceof NewMultiArrayExpr || right instanceof ThisRef
|| right instanceof StringConstant || right instanceof ClassConstant
|| right instanceof CaughtExceptionRef) {
//if we assign new... or @this, the result is non-null
out.put(left,NON_NULL);
} else if(right==NullConstant.v()) {
//if we assign null, well, it's null
out.put(left, NULL);
} else if(left instanceof Local && right instanceof Local) {
out.put(left, out.get(right));
} else {
out.put(left, TOP);
}
}
项目:JAADAS
文件:NullCheckEliminator.java
public void internalTransform(Body body, String phaseName, Map<String,String> options) {
// really, the analysis should be able to use its own results to determine
// that some branches are dead, but since it doesn't we just iterate.
boolean changed;
do {
changed=false;
NullnessAnalysis analysis=analysisFactory.newAnalysis(new ExceptionalUnitGraph(body));
Chain<Unit> units=body.getUnits();
Stmt s;
for(s=(Stmt) units.getFirst();s!=null;s=(Stmt) units.getSuccOf(s)) {
if(!(s instanceof IfStmt)) continue;
IfStmt is=(IfStmt) s;
Value c=is.getCondition();
if(!(c instanceof EqExpr || c instanceof NeExpr)) continue;
BinopExpr e=(BinopExpr) c;
Immediate i=null;
if(e.getOp1() instanceof NullConstant) i=(Immediate) e.getOp2();
if(e.getOp2() instanceof NullConstant) i=(Immediate) e.getOp1();
if(i==null) continue;
boolean alwaysNull = analysis.isAlwaysNullBefore(s, i);
boolean alwaysNonNull = analysis.isAlwaysNonNullBefore(s, i);
int elim=0; // -1 => condition is false, 1 => condition is true
if(alwaysNonNull) elim=c instanceof EqExpr ? -1 : 1;
if(alwaysNull) elim=c instanceof EqExpr ? 1 : -1;
Stmt newstmt=null;
if(elim==-1) newstmt=Jimple.v().newNopStmt();
if(elim==1) newstmt=Jimple.v().newGotoStmt(is.getTarget());
if(newstmt!=null) {
units.swapWith(s,newstmt);
s=newstmt;
changed=true;
}
}
} while(changed);
}
项目:JAADAS
文件:ExprVisitor.java
private Value fixNullConstant(Value potentialNullConstant) {
/*
* The bytecode spec says: "In terms of bitwise representation, (Object) null == (int) 0."
* So use an IntConstant(0) for null comparison in if-*z opcodes.
*/
if (potentialNullConstant instanceof NullConstant) {
return IntConstant.v(0);
}
return potentialNullConstant;
}
项目:JAADAS
文件:DexNullArrayRefTransformer.java
/**
* Checks whether the given local is guaranteed to be always null at the
* given statement
* @param s The statement at which to check the local
* @param base The local to check
* @param defs The definition analysis object to use for the check
* @return True if the given local is guaranteed to always be null at the
* given statement, otherwise false
*/
private boolean isAlwaysNullBefore(Stmt s, Local base, LocalDefs defs) {
List<Unit> baseDefs = defs.getDefsOfAt(base, s);
if (baseDefs.isEmpty())
return true;
for (Unit u : baseDefs) {
if (!(u instanceof DefinitionStmt))
return false;
DefinitionStmt defStmt = (DefinitionStmt) u;
if (defStmt.getRightOp() != NullConstant.v())
return false;
}
return true;
}
项目:JAADAS
文件:AsmMethodSource.java
private void convertConstInsn(InsnNode insn) {
int op = insn.getOpcode();
StackFrame frame = getFrame(insn);
Operand[] out = frame.out();
Operand opr;
if (out == null) {
Value v;
if (op == ACONST_NULL)
v = NullConstant.v();
else if (op >= ICONST_M1 && op <= ICONST_5)
v = IntConstant.v(op - ICONST_0);
else if (op == LCONST_0 || op == LCONST_1)
v = LongConstant.v(op - LCONST_0);
else if (op >= FCONST_0 && op <= FCONST_2)
v = FloatConstant.v(op - FCONST_0);
else if (op == DCONST_0 || op == DCONST_1)
v = DoubleConstant.v(op - DCONST_0);
else
throw new AssertionError("Unknown constant opcode: " + op);
opr = new Operand(insn, v);
frame.out(opr);
} else {
opr = out[0];
}
if (op == LCONST_0 || op == LCONST_1 ||
op == DCONST_0 || op == DCONST_1) {
pushDual(opr);
} else {
push(opr);
}
}
项目:DroidRA
文件:NormalEdgeFunctionFactory.java
/**
* Returns a normal edge function.
*
* @param curr The current statement.
* @param currNode The current variable.
* @param succNode The variable the current variable is propagated to after the statement.
* @param zeroValue The zero value, which represents the absence of a data flow fact.
* @param pointsToAnalysis The pointer analysis.
* @return A normal edge function.
*/
public EdgeFunction<BasePropagationValue> getNormalEdgeFunction(Unit curr, Value currNode,
Value succNode, Value zeroValue, PointsToAnalysis pointsToAnalysis) {
if (curr instanceof AssignStmt) {
if (logger.isDebugEnabled()) {
logger.debug("Normal edge: " + curr);
logger.debug(currNode + " " + succNode);
}
AssignStmt assignStmt = (AssignStmt) curr;
final Value left = assignStmt.getLeftOp();
final String type = left.getType().toString();
final Value right = assignStmt.getRightOp();
if (Model.v().isModeledType(type)) {
if (currNode.equivTo(zeroValue) && succNode.equivTo(left)) {
if (right instanceof StaticFieldRef) {
StaticFieldRef staticFieldRef = (StaticFieldRef) right;
Argument[] arguments =
Model.v().getArgumentsForStaticField(staticFieldRef.getField().getSignature());
EdgeFunction<BasePropagationValue> result =
PropagationTransformerFactory.makeTransformer(null, arguments, false);
if (arguments != null) {
if (logger.isDebugEnabled()) {
logger.debug("Returning " + result);
}
return PropagationTransformerFactory.makeTransformer(null, arguments, false);
}
} else if (right instanceof NullConstant) {
return PropagationTransformerFactory.makeTransformer(null, null, false);
}
}
}
}
return EdgeIdentity.v();
}
项目:DroidRA
文件:InstrumentationUtils.java
public static Value toDefaultSootTypeValue(Type sootType)
{
String type = sootType.toString();
if ("boolean".equals(type))
{
IntConstant.v(0);
}
else if ("byte".equals(type))
{
return IntConstant.v(0);
}
else if ("char".equals(type))
{
return IntConstant.v(0);
}
else if ("short".equals(type))
{
return IntConstant.v(0);
}
else if ("int".equals(type))
{
return IntConstant.v(0);
}
else if ("long".equals(type))
{
return LongConstant.v(0);
}
else if ("float".equals(type))
{
return FloatConstant.v(0);
}
else if ("double".equals(type))
{
return DoubleConstant.v(0);
}
return NullConstant.v();
}
项目:petablox
文件:RelPobjNullAsgnInst.java
public void visitMoveInst(Unit q) {
if(q instanceof JAssignStmt){
JAssignStmt j = (JAssignStmt)q;
if(SootUtilities.isMoveInst(j)){
Local l = (Local)j.leftBox.getValue();
Local r = (Local)j.rightBox.getValue();
if(r instanceof NullConstant && l.getType() instanceof RefLikeType){
add(q, l);
}
}
}
}
项目:petablox
文件:RelPobjNullAsgnInst.java
public void visitCastInst(Unit q) {
if(q instanceof JAssignStmt){
JAssignStmt j = (JAssignStmt)q;
if(j.rightBox.getValue() instanceof JCastExpr){
JCastExpr jce = (JCastExpr)j.rightBox.getValue();
Local l = (Local)j.leftBox.getValue();
Value r = jce.getOp();
if(r instanceof NullConstant && l.getType() instanceof RefLikeType){
add(q, l);
}
}
}
}
项目:soot-infoflow-android-iccta
文件:ICCRedirectionCreator.java
public SootMethod generateRedirectMethodForStartActivity(SootClass wrapper) {
System.out.println("create method to call wrapper class: "+ wrapper);
String newSM_name = "redirector" + num++;
List<Type> newSM_parameters = new ArrayList<Type>();
newSM_parameters.add(INTENT_TYPE);
Type newSM_return_type = VoidType.v();
int modifiers = Modifier.STATIC | Modifier.PUBLIC;
SootMethod newSM = new SootMethod(newSM_name, newSM_parameters, newSM_return_type, modifiers);
ipcSC.addMethod(newSM);
JimpleBody b = Jimple.v().newBody(newSM);
newSM.setActiveBody(b);
LocalGenerator lg = new LocalGenerator(b);
// identity
Local intentParameterLocal = lg.generateLocal(INTENT_TYPE);
Unit intentParameterU = Jimple.v().newIdentityStmt(
intentParameterLocal,
Jimple.v().newParameterRef(INTENT_TYPE, 0));
// new
Local al = lg.generateLocal(wrapper.getType());
Unit newU = (Unit) Jimple.v().newAssignStmt(al,
Jimple.v().newNewExpr(wrapper.getType())
);
// init
List<Type> parameters = new ArrayList<Type>();
parameters.add(INTENT_TYPE);
SootMethod method = wrapper.getMethod("<init>", parameters, VoidType.v());
List<Value> args = new ArrayList<Value>();
args.add(intentParameterLocal);
Unit initU = (Unit) Jimple.v().newInvokeStmt(
Jimple.v().newSpecialInvokeExpr(al, method.makeRef(), args));
// call dummyMainMethod
//method = wrapper.getMethodByName(ICCDummyMainCreator.DUMMY_MAIN_METHOD);
method = wrapper.getMethodByName("onCreate");
args = new ArrayList<Value>();
Local pLocal = lg.generateLocal(RefType.v("android.os.Bundle"));
Unit nullParamU = (Unit) Jimple.v().newAssignStmt(pLocal, NullConstant.v());
args.add(pLocal);
InvokeExpr invoke = Jimple.v().newVirtualInvokeExpr(al, method.makeRef(), args);
Unit callU = (Unit) Jimple.v().newInvokeStmt(invoke);
b.getUnits().add(intentParameterU);
b.getUnits().add(newU);
b.getUnits().add(initU);
b.getUnits().add(nullParamU);
b.getUnits().add(callU);
b.getUnits().add(Jimple.v().newReturnVoidStmt());
System.out.println("new lifecypcle method: "+ newSM +" body: "+ newSM.retrieveActiveBody());
return newSM;
}
项目:coal
文件:NormalEdgeFunctionFactory.java
/**
* Returns a normal edge function.
*
* @param curr The current statement.
* @param currNode The current variable.
* @param succNode The variable the current variable is propagated to after the statement.
* @param zeroValue The zero value, which represents the absence of a data flow fact.
* @param pointsToAnalysis The pointer analysis.
* @return A normal edge function.
*/
public EdgeFunction<BasePropagationValue> getNormalEdgeFunction(Unit curr, Value currNode,
Value succNode, Value zeroValue, PointsToAnalysis pointsToAnalysis) {
if (curr instanceof AssignStmt) {
if (logger.isDebugEnabled()) {
logger.debug("Normal edge: " + curr);
logger.debug(currNode + " " + succNode);
}
AssignStmt assignStmt = (AssignStmt) curr;
final Value left = assignStmt.getLeftOp();
final String type = left.getType().toString();
final Value right = assignStmt.getRightOp();
if (Model.v().isModeledType(type)) {
if (currNode.equivTo(zeroValue) && succNode.equivTo(left)) {
if (right instanceof StaticFieldRef) {
StaticFieldRef staticFieldRef = (StaticFieldRef) right;
Argument[] arguments =
Model.v().getArgumentsForStaticField(staticFieldRef.getField().getSignature());
EdgeFunction<BasePropagationValue> result =
PropagationTransformerFactory.makeTransformer(null, arguments, false);
if (arguments != null) {
if (logger.isDebugEnabled()) {
logger.debug("Returning " + result);
}
return PropagationTransformerFactory.makeTransformer(null, arguments, false);
}
} else if (right instanceof NullConstant) {
return PropagationTransformerFactory.makeTransformer(null, null, false);
}
}
}
}
return EdgeIdentity.v();
}
项目:matos-tool
文件:ConstantValue.java
/**
* Builds a representation of a constant from its value expressed as
* a Soot constant and its Soot type. It is transformed in an equivalent
* pair of strings.
* @param v the value of the constant
* @param t its type.
*/
public ConstantValue(Constant v, Type t) {
if (v instanceof IntConstant) {
int n = ((IntConstant) v).value;
if (t instanceof CharType) {
rep_t = CHAR_TYPE;
rep_v = Character.toString((char) n);
} else if (t instanceof BooleanType) {
rep_t = BOOLEAN_TYPE;
rep_v = Boolean.toString((n != 0));
} else {
rep_t = INT_TYPE;
rep_v = Integer.toString(n);
}
} else if (v instanceof LongConstant) {
rep_t = LONG_TYPE;
rep_v = Long.toString(((LongConstant) v).value);
} else if (v instanceof FloatConstant) {
rep_t = FLOAT_TYPE;
rep_v = Float.toString(((FloatConstant) v).value);
} else if (v instanceof NullConstant) {
rep_t = NULL;
rep_v = NULL;
} else {
rep_t = t.toString();
rep_v = "";
}
}
项目:FlowTwist
文件:SimpleClassForNameTarget.java
@Override
public KillGenInfo processBackwardCallToReturn(Trackable taint, Stmt callSite, InvokeExpr ie) {
Value classNameArg = ie.getArg(0);
if (classNameArg instanceof NullConstant)
return KillGenInfo.kill();
Taint classNameParameter = new Taint(callSite, taint, classNameArg, ie.getMethod().getParameterType(0));
return KillGenInfo.propagate(classNameParameter);
}
项目:FlowTwist
文件:PackageAccessCheckTarget.java
@Override
public KillGenInfo processBackwardCallToReturn(Trackable taint, Stmt callSite, InvokeExpr ie) {
if (!enabled)
return kill();
Value classNameArg = ie.getArg(0);
if (classNameArg instanceof NullConstant)
return KillGenInfo.kill();
Taint classNameTaint = new Taint(callSite, taint, classNameArg, ie.getMethod().getParameterType(0));
classNameTaint.addPayload("checkPackageAccess");
return KillGenInfo.propagate(classNameTaint);
}
项目:FlowTwist
文件:ExtendedClassForNameTarget.java
@Override
public KillGenInfo processBackwardCallToReturn(Trackable taint, Stmt callSite, InvokeExpr ie) {
Value classNameArg = ie.getArg(0);
Value classLoaderArg = ie.getArg(2);
if (classNameArg instanceof NullConstant || classLoaderArg instanceof NullConstant)
return KillGenInfo.kill();
SootMethod method = ie.getMethod();
Taint classNameParameter = new Taint(callSite, taint, classNameArg, method.getParameterType(0));
Taint classLoaderParameter = new Taint(callSite, taint, classLoaderArg, method.getParameterType(2));
return KillGenInfo.propagate(classNameParameter, classLoaderParameter);
}
项目:vasco
文件:PointsToGraph.java
/**
* Creates a new node for a constant.
*/
private NewExpr constantNewExpr(Constant constant) {
if (constant instanceof StringConstant) {
return STRING_SITE;
} else if (constant instanceof ClassConstant) {
return CLASS_SITE;
} else if (constant instanceof NullConstant) {
return null;
} else {
throw new RuntimeException(constant.toString());
}
}
项目:FuzzDroid
文件:PathExecutionTransformer.java
private void instrumentInfoAboutNonApiCaller(Body body, Unit unit)
{
//our instrumented code
if(unit.hasTag(InstrumentedCodeTag.name))
return;
InvokeExpr invokeExpr = null;
if(unit instanceof DefinitionStmt)
{
DefinitionStmt defStmt = (DefinitionStmt)unit;
if(defStmt.containsInvokeExpr())
{
invokeExpr = defStmt.getInvokeExpr();
}
}
else if(unit instanceof InvokeStmt)
{
InvokeStmt invokeStmt = (InvokeStmt)unit;
invokeExpr = invokeStmt.getInvokeExpr();
}
if(invokeExpr != null)
{
if(!UtilInstrumenter.isApiCall(invokeExpr))
{
String invokeExprMethodSignature = invokeExpr.getMethod().getSignature();
List<Value> parameter = invokeExpr.getArgs();
List<Unit> generated = new ArrayList<Unit>();
Pair<Value, List<Unit>> arrayRefAndInstrumentation = UtilInstrumenter.generateParameterArray(parameter, body);
List<Unit> generatedArrayInstrumentation = arrayRefAndInstrumentation.getSecond();
Value arrayRef = arrayRefAndInstrumentation.getFirst();
Unit generatedInvokeStmt = UtilInstrumenter.makeJimpleStaticCallForPathExecution("logInfoAboutNonApiMethodCaller",
RefType.v("java.lang.String"), StringConstant.v(body.getMethod().getSignature()),
RefType.v("java.lang.String"), StringConstant.v(invokeExprMethodSignature),
UtilInstrumenter.getParameterArrayType(), (parameter.isEmpty())? NullConstant.v() : arrayRef);
generatedInvokeStmt.addTag(new InstrumentedCodeTag());
generated.addAll(generatedArrayInstrumentation);
generated.add(generatedInvokeStmt);
body.getUnits().insertBefore(generated, unit);
}
}
}
项目:permission-map
文件:CheckForPermission.java
private static List<MethodCall> getStringParameterInCall(SootMethod targetM, SootMethod callToSearchM, int paramPos, Set<String> mpSet, boolean isCheckMethod) {
List<MethodCall> methodCallsList = new ArrayList<MethodCall>();
Body b = targetM.getActiveBody();
for( Unit u: b.getUnits()) {
MethodCall currMC = null;
Stmt s = (Stmt)u;
if (!s.containsInvokeExpr())
continue;
InvokeExpr invokeExpr = s.getInvokeExpr();
boolean condition = false;
if (isCheckMethod)
condition = isCheckPermissionMethod(invokeExpr.getMethod());
else
condition = invokeExpr.getMethod().toString().split(":")[1].equals(callToSearchM.toString().split(":")[1]); // TODO: should check all out edges
if (condition) {
logger.info("Target method '"+ invokeExpr.getMethod() +"' found! Source method: "+ targetM);
methodCallsList.add(new MethodCall(invokeExpr.getMethod(), u));
currMC = methodCallsList.get(0);
}
if (currMC == null) {
continue;
}
// at this point we know that we are dealing with a permission check method call unit
// retrieve first argument which points to the permission string
Value vParam = null;
int count = invokeExpr.getArgCount();
if (count <= 0)
throw new RuntimeException("Method has 0 arguments! "+ s);
vParam = invokeExpr.getArg(paramPos);
// the first argument is a StringConstant whose value
// is the permission string
if (vParam instanceof StringConstant) {
AnalysisType.v().cur().case1_direct_string_passed_as_parameter();
currMC.paramConstantString = vParam.toString();
logger.info("[F] "+ currMC.paramConstantString);
mpSet.add (currMC.paramConstantString); // is String constant
continue;
}
if (vParam instanceof NullConstant) {
logger.info("[F] NullConstant!");
//mpSet.add("NULL_CONSTANT");
continue;
}
// the first argument must be a local at this point
if (!(vParam instanceof Local))
throw new RuntimeException("vParam is not instance of Local! -> '"+ (vParam==null?"is null":vParam.getClass()) +"'");
// store info about this local for step2 below
currMC.paramName = ((Local)vParam).getName();
currMC.paramLocal = (Local)vParam;
currMC.paramNameUnit = u;
}
return methodCallsList;
}
项目:permission-map
文件:CreateManagers.java
/**
* Create getManager_ for managers created through <init> methods
* @param initMethod
* @return
*/
private Body createNewInstance(SootMethod initMethod) {
SootClass servicesInitClass = Scene.v().getSootClass(GenerateServiceInit.servicesInitClassName);
RefType newType = initMethod.getDeclaringClass().getType();
Body b = Jimple.v().newBody();
LocalGenerator lg = new LocalGenerator(b);
Local newLocal = lg.generateLocal(newType);
SootField sf = servicesInitClass.getFieldByName("androidcontentContext");
Value newR = Jimple.v().newStaticFieldRef(sf.makeRef());
Local contextLocal = lg.generateLocal(sf.getType());
Unit u0 = Jimple.v().newAssignStmt(contextLocal, newR);
boolean addU0 = false;
NewExpr n1 = Jimple.v().newNewExpr(newType);
Unit u1 = Jimple.v().newAssignStmt(newLocal, n1);
List<Value> args = new ArrayList<Value>();
for (Type t : initMethod.getParameterTypes()) {
if (t.toString().startsWith("android.content.Context")) {
args.add(contextLocal);
addU0 = true;
} else {
args.add(NullConstant.v());
}
}
InvokeExpr n2 = Jimple.v().newSpecialInvokeExpr(newLocal, initMethod.makeRef(), args);
Unit u2 = Jimple.v().newInvokeStmt(n2);
Unit u3 = Jimple.v().newReturnStmt(newLocal);
if (addU0)
b.getUnits().addFirst(u0);
else
b.getLocals().remove(contextLocal);
System.out.println("u1: "+ u1);
System.out.println("u1: "+ u2);
System.out.println("u1: "+ u3);
if (addU0)
b.getUnits().insertAfter(u1, u0);
else
b.getUnits().addFirst(u1);
b.getUnits().insertAfter(u2, u1);
b.getUnits().insertAfter(u3, u2);
return b;
}
项目:JAADAS
文件:ExprTranslator.java
public void caseNullConstant(NullConstant expr) {
jt.notSupported("The null constant is not supported");
}
项目:JAADAS
文件:ValueTemplatePrinter.java
public void caseNullConstant(NullConstant v) {
printConstant(v);
}
项目:JAADAS
文件:Walker.java
public void outANullConstant(ANullConstant node)
{
mProductions.addLast(NullConstant.v());
}
项目:JAADAS
文件:ConstraintCollector.java
public void caseIfStmt(IfStmt stmt) {
if (uses) {
ConditionExpr cond = (ConditionExpr) stmt.getCondition();
BinopExpr expr = cond;
Value lv = expr.getOp1();
Value rv = expr.getOp2();
TypeVariable lop;
TypeVariable rop;
// ******** LEFT ********
if (lv instanceof Local) {
lop = resolver.typeVariable((Local) lv);
} else if (lv instanceof DoubleConstant) {
lop = resolver.typeVariable(DoubleType.v());
} else if (lv instanceof FloatConstant) {
lop = resolver.typeVariable(FloatType.v());
} else if (lv instanceof IntConstant) {
lop = resolver.typeVariable(IntType.v());
} else if (lv instanceof LongConstant) {
lop = resolver.typeVariable(LongType.v());
} else if (lv instanceof NullConstant) {
lop = resolver.typeVariable(NullType.v());
} else if (lv instanceof StringConstant) {
lop = resolver.typeVariable(RefType.v("java.lang.String"));
} else if (lv instanceof ClassConstant) {
lop = resolver.typeVariable(RefType.v("java.lang.Class"));
} else {
throw new RuntimeException("Unhandled binary expression left operand type: " + lv.getClass());
}
// ******** RIGHT ********
if (rv instanceof Local) {
rop = resolver.typeVariable((Local) rv);
} else if (rv instanceof DoubleConstant) {
rop = resolver.typeVariable(DoubleType.v());
} else if (rv instanceof FloatConstant) {
rop = resolver.typeVariable(FloatType.v());
} else if (rv instanceof IntConstant) {
rop = resolver.typeVariable(IntType.v());
} else if (rv instanceof LongConstant) {
rop = resolver.typeVariable(LongType.v());
} else if (rv instanceof NullConstant) {
rop = resolver.typeVariable(NullType.v());
} else if (rv instanceof StringConstant) {
rop = resolver.typeVariable(RefType.v("java.lang.String"));
} else if (rv instanceof ClassConstant) {
rop = resolver.typeVariable(RefType.v("java.lang.Class"));
} else {
throw new RuntimeException("Unhandled binary expression right operand type: " + rv.getClass());
}
TypeVariable common = resolver.typeVariable();
rop.addParent(common);
lop.addParent(common);
}
}
项目:JAADAS
文件:RegisterAllocator.java
private Register asConstant(Value v, ConstantVisitor constantV) {
Constant c = (Constant) v;
Register constantRegister = null;
List<Register> rArray = null;
AtomicInteger iI = null;
if (c instanceof ClassConstant) {
rArray = classConstantReg;
iI = classI;
} else if (c instanceof NullConstant) {
rArray = nullConstantReg;
iI = nullI;
} else if (c instanceof FloatConstant) {
rArray = floatConstantReg;
iI = floatI;
} else if (c instanceof IntConstant) {
rArray = intConstantReg;
iI = intI;
} else if (c instanceof LongConstant) {
rArray = longConstantReg;
iI = longI;
} else if (c instanceof DoubleConstant) {
rArray = doubleConstantReg;
iI = doubleI;
} else if (c instanceof StringConstant) {
rArray = stringConstantReg;
iI = stringI;
} else {
throw new RuntimeException("Error. Unknown constant type: '"+ c.getType() +"'");
}
if (rArray.size() == 0 || iI.intValue() >= rArray.size()) {
rArray.add(new Register(c.getType(), nextRegNum));
nextRegNum += SootToDexUtils.getDexWords(c.getType());
}
constantRegister = rArray.get(iI.intValue()).clone();
iI.set(iI.intValue() + 1);
// "load" constant into the register...
constantV.setDestination(constantRegister);
c.apply(constantV);
// ...but return an independent register object
return constantRegister.clone();
}
项目:JAADAS
文件:ConstantVisitor.java
public void caseNullConstant(NullConstant v) {
// dex bytecode spec says: "In terms of bitwise representation, (Object) null == (int) 0."
stmtV.addInsn(buildConstInsn(0), origStmt);
}
项目:JAADAS
文件:UnitThrowAnalysis.java
public void caseNullConstant(NullConstant c) {
}
项目:bixie
文件:SootValueSwitch.java
@Override
public void caseNullConstant(NullConstant arg0) {
expressionStack.push(SootPrelude.v().getNullConstant());
}
项目:DroidRA
文件:StringValueAnalysis.java
/**
* Returns the string values of a variable used at a given statement.
*
* @param value The value or variable that should be determined.
* @param stmt The statement that uses the variable whose values should be determined.
* @return The set of possible values.
*/
@Override
public Set<Object> computeVariableValues(Value value, Stmt stmt) {
if (value instanceof StringConstant) {
return Collections.singleton((Object) ((StringConstant) value).value.intern());
} else if (value instanceof NullConstant) {
return Collections.singleton((Object) "<NULL>");
} else if (value instanceof Local) {
Local local = (Local) value;
ConstraintCollector constraintCollector =
new ConstraintCollector(new ExceptionalUnitGraph(AnalysisParameters.v().getIcfg()
.getMethodOf(stmt).getActiveBody()));
LanguageConstraints.Box lcb = constraintCollector.getConstraintOfAt(local, stmt);
RecursiveDAGSolverVisitorLC dagvlc =
new RecursiveDAGSolverVisitorLC(5, null,
new RecursiveDAGSolverVisitorLC.MethodReturnValueAnalysisInterface() {
@Override
public Set<Object> getMethodReturnValues(Call call) {
return MethodReturnValueManager.v().getMethodReturnValues(call);
}
});
if (dagvlc.solve(lcb)) {
// boolean flag = false;
// if (dagvlc.result.size() == 0 || flag == true) {
// System.out.println("ID: " + lcb.uid);
// // int dbg = 10;
// // while (dbg == 10) {
// System.out.println("Returning " + dagvlc.result);
// System.out.println("Returning.. " + lcb);
// dagvlc.solve(lcb);
// System.out.println("done");
// // }
// }
// System.out.println("Returning " + dagvlc.result);
return new HashSet<Object>(dagvlc.result);
} else {
return Collections.singleton((Object) TOP_VALUE);
}
} else {
return Collections.singleton((Object) TOP_VALUE);
}
}
项目:petablox
文件:RelNullExpr.java
public void visit(Value e) {
if (e instanceof NullConstant)
add(e);
}
项目:petablox
文件:DomNull.java
public void visit(Value e) {
if (e instanceof NullConstant)
add(e);
}