Java Code Examples for soot.jimple.Stmt#addTag()

The following examples show how to use soot.jimple.Stmt#addTag() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: DominatorsTagger.java    From JAADAS with GNU General Public License v3.0 6 votes vote down vote up 
protected void internalTransform(
        Body b, String phaseName, Map opts)
{

   
    MHGDominatorsFinder analysis = new MHGDominatorsFinder(new ExceptionalUnitGraph(b));
    Iterator it = b.getUnits().iterator();
    while (it.hasNext()){
        Stmt s = (Stmt)it.next();
        List dominators = analysis.getDominators(s);
        Iterator dIt = dominators.iterator();
        while (dIt.hasNext()){
            Stmt ds = (Stmt)dIt.next();
            String info = ds+" dominates "+s;
            s.addTag(new LinkTag(info, ds, b.getMethod().getDeclaringClass().getName(), "Dominators"));
        }
    }
}
Example 2
Source File: CodePositionTracking.java    From FuzzDroid with Apache License 2.0 5 votes vote down vote up 
@Override
protected void internalTransform(Body b, String phaseName, Map<String, String> options) {		
	// Do not instrument methods in framework classes
	if (!canInstrumentMethod(b.getMethod()))
		return;
	
	// Make a reference to the tracker method
	SootMethodRef ref = Scene.v().makeMethodRef(
			Scene.v().getSootClass(UtilInstrumenter.JAVA_CLASS_FOR_CODE_POSITIONS),
			"setLastExecutedStatement",
			Collections.<Type>singletonList(IntType.v()),
			VoidType.v(),
			true);
	final String methodSig = b.getMethod().getSignature();
	
	// Iterate over all the units and add a unit that sets the current
	// execution pointer
	int curLineNum = 0;
	for (Iterator<Unit> unitIt = b.getUnits().snapshotIterator(); unitIt.hasNext(); ) {
		Unit curUnit = unitIt.next();
		
		// If we're still inside the IdentityStmt block, there's nothing to
		// instrument
		if (curUnit instanceof IdentityStmt ||
				// If this unit was instrumented by another transformer, there's nothing to instrument
				curUnit.hasTag(InstrumentedCodeTag.name))
			continue;
		
		// Get the current code positions
		CodePosition codePos = codePositionManager.getCodePositionForUnit(curUnit,
				methodSig, curLineNum++, ((Stmt) curUnit).getJavaSourceStartLineNumber());
		
		Stmt setCodePosStmt = Jimple.v().newInvokeStmt(
				Jimple.v().newStaticInvokeExpr(ref, IntConstant.v(codePos.getID())));
		setCodePosStmt.addTag(new InstrumentedCodeTag());
		
		b.getUnits().insertAfter(setCodePosStmt, curUnit);
	}
}
Example 3
Source File: GoalReachedTracking.java    From FuzzDroid with Apache License 2.0 5 votes vote down vote up 
@Override
protected void internalTransform(Body b, String phaseName,
		Map<String, String> options) {
	// Do not instrument methods in framework classes
	if (!canInstrumentMethod(b.getMethod()))
		return;
	
	// Create method references
	final SootMethodRef targetReachedRef = Scene.v().makeMethodRef(
			Scene.v().getSootClass(UtilInstrumenter.JAVA_CLASS_FOR_CODE_POSITIONS),
			"reportTargetReachedSynchronous",
			Collections.<Type>emptyList(),
			VoidType.v(),
			true);
	
	// Iterate over the method and find calls to the target methods
	for (Iterator<Unit> unitIt = b.getUnits().snapshotIterator(); unitIt.hasNext(); ) {
		Stmt stmt = (Stmt) unitIt.next();
		
		if(targetSignatures.contains(stmt)){
			// Notify the server that the target was reached
			Stmt reachedStmt = Jimple.v().newInvokeStmt(
					Jimple.v().newStaticInvokeExpr(targetReachedRef));
			reachedStmt.addTag(new InstrumentedCodeTag());
			b.getUnits().insertBefore(reachedStmt, stmt);
		}
	}
}
Example 4
Source File: CrashReporterInjection.java    From FuzzDroid with Apache License 2.0 5 votes vote down vote up 
@Override
protected void internalTransform(String phaseName,
		Map<String, String> options) {
	// Make a reference to the registration method
	SootMethodRef ref = Scene.v().makeMethodRef(
			Scene.v().getSootClass(UtilInstrumenter.JAVA_CLASS_FOR_CRASH_REPORTING),
			"registerExceptionHandler",
			Collections.<Type>emptyList(),
			VoidType.v(),
			true);
	
	for (String sig : methodsToInstrument) {
		try{
			SootMethod sm = Scene.v().grabMethod(sig);
			if(sm == null)
				continue;
			
			for (Iterator<Unit> unitIt = sm.getActiveBody().getUnits()
					.snapshotIterator(); unitIt.hasNext(); ) {
				Unit curUnit = unitIt.next();
				
				// If we're still inside the IdentityStmt block, there's nothing to
				// instrument
				if (curUnit instanceof IdentityStmt)
					continue;
				
				// Put the registration in
				Stmt stmt = Jimple.v().newInvokeStmt(Jimple.v().newStaticInvokeExpr(ref));
				stmt.addTag(new InstrumentedCodeTag());					
				sm.getActiveBody().getUnits().insertAfter(stmt, curUnit);
				break;
			}
		}catch(Exception ex) {
			ex.printStackTrace();
		}
	}
}
Example 5
Source File: DynamicValueTransformer.java    From FuzzDroid with Apache License 2.0 4 votes vote down vote up 
private void checkAndReport(Body b, Stmt curStmt, Value value, int paramIdx) {
	LocalGenerator localGenerator = new LocalGenerator(b);
	RefType stringType = RefType.v("java.lang.String");
	Value lhs = value;
	
	if(lhs instanceof StringConstant)
		return;
	else if(lhs instanceof IntConstant)
		return;
	
	// If this is a CharSequence, we need to convert it into a string
	if (lhs.getType() == RefType.v("java.lang.CharSequence") ||
			lhs.getType() == RefType.v("java.lang.StringBuilder") && lhs instanceof Local) {
		SootMethodRef toStringRef = Scene.v().getMethod("<java.lang.Object: "
				+ "java.lang.String toString()>").makeRef();
		Local stringLocal = localGenerator.generateLocal(stringType);
		Stmt stringAssignStmt = Jimple.v().newAssignStmt(stringLocal,
				Jimple.v().newVirtualInvokeExpr((Local) lhs, toStringRef));
		stringAssignStmt.addTag(new InstrumentedCodeTag());
		
		b.getUnits().insertBefore(stringAssignStmt, curStmt);
		lhs = stringLocal;
	}
	else if (lhs.getType() != IntType.v() && lhs.getType() != stringType)
		return;
	
	//new String() case
	if (value instanceof NewExpr)
		return;
	
	// Depending on the type of the value, we might need an intermediate local
	if (!(lhs instanceof Local)) {
		Local newLhs = localGenerator.generateLocal(lhs.getType());
		AssignStmt assignLocalStmt = Jimple.v().newAssignStmt(newLhs, lhs);
		assignLocalStmt.addTag(new InstrumentedCodeTag());
		b.getUnits().insertBefore(assignLocalStmt, curStmt);
		lhs = newLhs;
	}
	
	// Report the value
	Stmt reportValueStmt;
	if (lhs.getType() == stringType) {
		reportValueStmt = Jimple.v().newInvokeStmt(
				Jimple.v().newStaticInvokeExpr(refString, lhs, IntConstant.v(paramIdx)));
	}
	else if (lhs.getType() == IntType.v()) {
		reportValueStmt = Jimple.v().newInvokeStmt(
				Jimple.v().newStaticInvokeExpr(refInt, lhs, IntConstant.v(paramIdx)));
	}
	else
		return;
	reportValueStmt.addTag(new InstrumentedCodeTag());
	
	b.getUnits().insertBefore(reportValueStmt, curStmt);
}
Example 6
Source File: GlobalInstanceTransformer.java    From FuzzDroid with Apache License 2.0 4 votes vote down vote up 
@Override
protected void internalTransform(String phaseName, Map<String, String> options) {
	// Get some system components
	SootClass scActivity = Scene.v().getSootClassUnsafe("android.app.Activity");
	SootClass scService = Scene.v().getSootClassUnsafe("android.app.Service");
	SootClass scBroadcastReceiver = Scene.v().getSootClassUnsafe("android.app.BroadcastReceiver");
	SootClass scContentProvider = Scene.v().getSootClassUnsafe("android.app.ContentProvider");
	
	// Get the registration class
	SootClass scRegistrar = Scene.v().getSootClassUnsafe("de.tu_darmstadt.sse.additionalappclasses.ComponentCallerService");
	SootMethodRef smRegistrarRef = scRegistrar.getMethodByName("registerGlobalInstance").makeRef();
	
	// Get the getClass() method
	Type classType = Scene.v().getType("java.lang.Class");
	SootMethodRef smGetClass = Scene.v().getObjectType().getSootClass().getMethod("java.lang.Class getClass()").makeRef();
	
	// Is this an Android component?
	for (SootClass sc : Scene.v().getApplicationClasses()) {
		// We only instrument user code
		if (!UtilInstrumenter.isAppDeveloperCode(sc))
			continue;
		
		// Is this class a component?
		if (Scene.v().getOrMakeFastHierarchy().canStoreType(sc.getType(), scActivity.getType())
				|| Scene.v().getOrMakeFastHierarchy().canStoreType(sc.getType(), scService.getType())
				|| Scene.v().getOrMakeFastHierarchy().canStoreType(sc.getType(), scBroadcastReceiver.getType())
				|| Scene.v().getOrMakeFastHierarchy().canStoreType(sc.getType(), scContentProvider.getType())) {
			Body b = null;
			Local locThis = null;
			Unit lastUnit = null;
			
			// Do we already have a constructor?
			SootMethod cons = sc.getMethodUnsafe("void <init>()");
			if (cons == null) {
				SootMethod smSuperClassCons = sc.getSuperclass().getMethodUnsafe("void <init>()");
				if (smSuperClassCons == null)
					continue;
				
				// Create the new constructor
				cons = new SootMethod("<init>", Collections.<Type>emptyList(), VoidType.v());
				sc.addMethod(cons);
				cons.setActiveBody(b = Jimple.v().newBody(cons));
				
				// Add a reference to the "this" object
				locThis = Jimple.v().newLocal("this", sc.getType());
				b.getLocals().add(locThis);
				b.getUnits().add(Jimple.v().newIdentityStmt(locThis, Jimple.v().newThisRef(sc.getType())));
				
				// Add a call to the superclass constructor
				b.getUnits().add(Jimple.v().newInvokeStmt(Jimple.v().newSpecialInvokeExpr(locThis,
						smSuperClassCons.makeRef())));
				
				// Add a return statement
				b.getUnits().add(lastUnit = Jimple.v().newReturnVoidStmt());
			}
			else {
				b = cons.getActiveBody();
				locThis = b.getThisLocal();
				
				// Find where we can inject out code. We must have called
				// the super constructor first, or the Dalvik verifier will
				// complain that the "this" local is not yet initialized.
				for (Unit u : b.getUnits()) {
					Stmt s = (Stmt) u;
					if (s.containsInvokeExpr()) {
						InvokeExpr iexpr = s.getInvokeExpr();
						if (iexpr instanceof SpecialInvokeExpr) {
							if (iexpr.getMethod().getName().equals("<init>")
									&& ((SpecialInvokeExpr) iexpr).getBase() == locThis) {
								lastUnit = b.getUnits().getSuccOf(u);
								break;
							}
						}
					}
				}
			}
			
			// Get the class
			LocalGenerator localGen = new LocalGenerator(b);
			Local locClass = localGen.generateLocal(classType);
			Stmt stmtAssignClass = Jimple.v().newAssignStmt(locClass, Jimple.v().newVirtualInvokeExpr(
					locThis, smGetClass));
			stmtAssignClass.addTag(new InstrumentedCodeTag());
			b.getUnits().insertBefore(stmtAssignClass, lastUnit);
			
			// Register the instance
			List<Value> argList = new ArrayList<>();
			argList.add(locClass);
			argList.add(locThis);
			Stmt stmtRegister = Jimple.v().newInvokeStmt(Jimple.v().newStaticInvokeExpr(
					smRegistrarRef, argList));
			stmtRegister.addTag(new InstrumentedCodeTag());
			b.getUnits().insertBefore(stmtRegister, lastUnit);
		}
	}
}
Example 7
Source File: JimpleIndexNumberTransformer.java    From soot-infoflow-android-iccta with GNU Lesser General Public License v2.1 4 votes vote down vote up 
@Override
public void updateJimple() 
{
	Chain<SootClass> sootClasses = Scene.v().getClasses();
	
	for (Iterator<SootClass> iter = sootClasses.iterator(); iter.hasNext(); )
	{
		SootClass sc = iter.next();
		
		//Putting all the code in a try-catch.
		//Just trying the best to put the index number to "JimpleIndexNumberTag" of Stmt.
		try
		{
			List<SootMethod> sms = sc.getMethods();
			
			for (SootMethod sm : sms)
			{
				Body b = sm.retrieveActiveBody();
				
				PatchingChain<Unit> units = b.getUnits();
				
				int indexNumber = 0;
				
				for (Iterator<Unit> iterU = units.snapshotIterator(); iterU.hasNext(); )
				{
					Stmt stmt = (Stmt) iterU.next();
					
					//System.out.println(indexNumber + "->" + stmt);
					
					Tag t = new JimpleIndexNumberTag(indexNumber++);
					stmt.addTag(t);
				}
			}
		}
		catch (Exception ex)
		{
			//System.out.println("Exception in " + sc.getName());
			//ex.printStackTrace();
		}
	}
}