soot.jimple.Constant Java Examples

/**
 * Gets whether two values may potentially point to the same runtime object
 * @param val1 The first value
 * @param val2 The second value
 * @return True if the two values may potentially point to the same runtime
 * object, otherwise false
 */
public boolean mayAlias(Value val1, Value val2) {
	// What cannot be represented in an access path cannot alias
	if (!AccessPath.canContainValue(val1) || !AccessPath.canContainValue(val2))
		return false;
	
	// Constants can never alias
	if (val1 instanceof Constant || val2 instanceof Constant)
		return false;
	
	// If the two values are equal, they alias by definition
	if (val1 == val2)
		return true;
	
	// If we have an interactive aliasing algorithm, we check that as well
	if (aliasingStrategy.isInteractive())
		return aliasingStrategy.mayAlias(new AccessPath(val1, false), new AccessPath(val2, false));
	
	return false;		
}
 

@Override
public void isParamVulnAndStore(SootMethod originMethod, Stmt originStmt, Value reachedValue) { //avoid sideeffect
	//constant already guaranteed by caller
	System.out.println(originStmt);
	String funcSig = originStmt.getInvokeExpr().getMethod().getSignature();
	String valueString = reachedValue.toString();
	if (evaluateResult(funcSig, valueString)) {
		if(DEBUG) {
			System.out.println("result found");
			System.out.println("originstmt: " + originStmt + " reachedValue: " + reachedValue);
		}
		this.results.add(new Pair<>(originMethod, new Pair<>(originStmt, valueString)));
	}
	if(DEBUG) {
		if (reachedValue instanceof Constant || reachedValue instanceof StaticFieldRef) {
			System.out.println("originstmt: " + originStmt + " reachedValue: " + reachedValue);
		}
	}
}
 

private void assign(Local lhs, Value rhs, Map<Local, Constant> input, Map<Local, Constant> output) {
	// First remove casts, if any.
	if (rhs instanceof CastExpr) {
		rhs = ((CastExpr) rhs).getOp();
	}
	// Then check if the RHS operand is a constant or local
	if (rhs instanceof Constant) {
		// If RHS is a constant, it is a direct gen
		output.put(lhs, (Constant) rhs);
	} else if (rhs instanceof Local) {
		// Copy constant-status of RHS to LHS (indirect gen), if exists
		if(input.containsKey(rhs)) {
			output.put(lhs, input.get(rhs));
		}
	} else {
		// RHS is some compound expression, then LHS is non-constant (only kill)
		output.put(lhs, null);
	}			
}
 

@Override
public Map<Local, Constant> callEntryFlowFunction(Context<SootMethod, Unit, Map<Local, Constant>> context, SootMethod calledMethod, Unit unit, Map<Local, Constant> inValue) {
	// Initialise result to empty map
	Map<Local, Constant> entryValue = topValue();
	// Map arguments to parameters
	InvokeExpr ie = ((Stmt) unit).getInvokeExpr();
	for (int i = 0; i < ie.getArgCount(); i++) {
		Value arg = ie.getArg(i);
		Local param = calledMethod.getActiveBody().getParameterLocal(i);
		assign(param, arg, inValue, entryValue);
	}
	// And instance of the this local
	if (ie instanceof InstanceInvokeExpr) {
		Value instance = ((InstanceInvokeExpr) ie).getBase();
		Local thisLocal = calledMethod.getActiveBody().getThisLocal();
		assign(thisLocal, instance, inValue, entryValue);
	}
	// Return the entry value at the called method
	return entryValue;
}
 

public void jimplify (DexBody body) {
      if(!(instruction instanceof Instruction21c))
          throw new IllegalArgumentException("Expected Instruction21c but got: "+instruction.getClass());

      ReferenceInstruction constClass = (ReferenceInstruction) this.instruction;

      TypeReference tidi = (TypeReference)(constClass.getReference());
      String type = tidi.getType();
      if (type.startsWith("L") && type.endsWith(";"))
        type = type.replaceAll("^L", "").replaceAll(";$", "");

      int dest = ((OneRegisterInstruction) instruction).getRegisterA();
      Constant cst = ClassConstant.v(type);
      assign = Jimple.v().newAssignStmt(body.getRegisterLocal(dest), cst);
      setUnit(assign);
      addTags(assign);
      body.add(assign);

if (IDalvikTyper.ENABLE_DVKTYPER) {
	Debug.printDbg(IDalvikTyper.DEBUG, "constraint: "+ assign);
        int op = (int)instruction.getOpcode().value;
        //DalvikTyper.v().captureAssign((JAssignStmt)assign, op); //TODO: classtype could be null!
        DalvikTyper.v().setType(assign.getLeftOpBox(), cst.getType(), false);
      }
  }
 

public void jimplify (DexBody body) {
    int dest = ((OneRegisterInstruction) instruction).getRegisterA();

    Constant cst = getConstant(dest, body);
    assign = Jimple.v().newAssignStmt(body.getRegisterLocal(dest), cst);
    setUnit(assign);
    addTags(assign);
    body.add(assign);

    if (IDalvikTyper.ENABLE_DVKTYPER) {
        Debug.printDbg(IDalvikTyper.DEBUG, "constraint: "+ assign);
        int op = (int)instruction.getOpcode().value;
        if (cst instanceof UntypedConstant) {
            DalvikTyper.v().addConstraint(assign.getLeftOpBox(), assign.getRightOpBox());
        } else {
            DalvikTyper.v().setType(assign.getLeftOpBox(), cst.getType(), false);
        }
    }
}
 

@Override
public Map<Local, Constant> meet(Map<Local, Constant> op1, Map<Local, Constant> op2) {
	Map<Local, Constant> result;
	// First add everything in the first operand
	result = new HashMap<Local, Constant>(op1);
	// Then add everything in the second operand, bottoming out the common keys with different values
	for (Local x : op2.keySet()) {
		if (op1.containsKey(x)) {
			// Check the values in both operands
			Constant c1 = op1.get(x);
			Constant c2 = op2.get(x);
			if (c1 != null && c1.equals(c2) == false) {
				// Set to non-constant
				result.put(x, null);
			}
		} else {
			// Only in second operand, so add as-is
			result.put(x, op2.get(x));
		}
	}
	return result;
}
 

public void toString(UnitPrinter up) {
    up.literal( "lookupswitch" );
    up.newline();
    up.literal("{");
    up.newline();
    
    for(int i = 0; i < lookupValues.size(); i++)
    {
        up.literal("    case ");
        up.constant( (Constant) lookupValues.get(i) );
        up.literal(": goto ");
        targetBoxes[i].toString(up);
        up.literal(";");
        up.newline();
    }

    up.literal("    default: goto ");
    defaultTargetBox.toString(up);
    up.literal(";");
    up.newline();
    up.literal("}");
}
 

@Override
protected void internalTransform(String arg0, @SuppressWarnings("rawtypes") Map arg1) {
	analysis = new CopyConstantAnalysis();
	analysis.doAnalysis();
	DataFlowSolution<Unit,Map<Local,Constant>> solution = analysis.getMeetOverValidPathsSolution();
	System.out.println("----------------------------------------------------------------");
	for (SootMethod sootMethod : analysis.getMethods()) {
		System.out.println(sootMethod);
		for (Unit unit : sootMethod.getActiveBody().getUnits()) {
			System.out.println("----------------------------------------------------------------");
			System.out.println(unit);
			System.out.println("IN:  " + formatConstants(solution.getValueBefore(unit)));
			System.out.println("OUT: " + formatConstants(solution.getValueAfter(unit)));
		}
		System.out.println("----------------------------------------------------------------");
	}		
}
 

@Override
public boolean supportsCallee(Stmt callSite) {
	// We need an invocation expression
	if (!callSite.containsInvokeExpr())
		return false;

	SootMethod method = callSite.getInvokeExpr().getMethod();
	if (!supportsCallee(method))
		return false;
			
	// We need a method that can create a taint
	if (!aggressiveMode) {
		// Check for a cached wrap type
		final MethodWrapType wrapType = methodWrapCache.getUnchecked(method);
		if (wrapType != MethodWrapType.CreateTaint)
			return false;
	}
	
	// We need at least one non-constant argument or a tainted base
	if (callSite.getInvokeExpr() instanceof InstanceInvokeExpr)
		return true;
	for (Value val : callSite.getInvokeExpr().getArgs())
		if (!(val instanceof Constant))
			return true;
	return false;
}
 

@Override
public void caseReturnStmt(ReturnStmt stmt) {
	//in case of return CONSTANT, we do nothing; unfortunately, this is part of FlowDroid's path
	if(stmt.getOp() instanceof Constant)
		return;
	int index = jimpleDataFlowStatements.indexOf(stmt);
	AccessPath ap = accessPathPath.get(index);
	Local local = ap.getPlainValue();
			
	SMTBinding lhs = createNewBindingForValue(local);
	addValueBindingToVariableDeclaration(local, lhs);
	
	if(!hasBindingForValue(stmt.getOp()))
		throw new RuntimeException("There has to be a tainted value");
	SMTBinding rhs = getLatestBindingForValue(stmt.getOp());
	
	SMTSimpleAssignment simpleAss = new SMTSimpleAssignment(lhs, new SMTBindingValue(rhs));
	SMTAssertStatement assertStmt = new SMTAssertStatement(simpleAss);
	addAssertStmtToAllPrograms(assertStmt);	
}
 

/**
 * Creates a new node for a constant.
 */
private NewExpr constantNewExpr(Constant constant) {
	if (constant instanceof StringConstant) {
		return STRING_SITE;
	} else if (constant instanceof ClassConstant) {
		return CLASS_SITE;
	} else if (constant instanceof NullConstant) {
		return null;
	} else {
		throw new RuntimeException(constant.toString());
	}
}
 

/**
 * Assigns a constant to a root variable.
 */
public void assignConstant(Local lhs, Constant rhs) {
	// Get the allocation site of this constant
	NewExpr newExpr = constantNewExpr(rhs);
	// If it was a null constant, assign null, otherwise assign alloc site
	if (newExpr == null) {
		assign(lhs, null);
	} else {
		assignNew(lhs, newExpr);
	}
}
 

/**
 * Stores a constant into a field of objects pointed-to by a root variable.
 */
public void setFieldConstant(Local lhs, SootField field, Constant rhs) {
	// Find out the alloc site of the constant
	NewExpr newExpr = constantNewExpr(rhs);
	// If null, do nothing, as we handle only weak updates,
	// otherwise, add the edge
	if (newExpr != null) {
		setFieldNew(lhs, field, newExpr);
	}
}
 

@Override
public Map<Local, Constant> callLocalFlowFunction(Context<SootMethod, Unit, Map<Local, Constant>> context, Unit unit, Map<Local, Constant> inValue) {
	// Initialise result to the input
	Map<Local, Constant> afterCallValue = copy(inValue);
	// Remove information for return value (as it's value will flow from the call)
	if (unit instanceof AssignStmt) {
		Value lhsOp = ((AssignStmt) unit).getLeftOp();
		afterCallValue.remove(lhsOp);
	}
	// Rest of the map remains the same
	return afterCallValue;
	
}
 

@Override
public Map<Local, Constant> callExitFlowFunction(Context<SootMethod, Unit, Map<Local, Constant>> context, SootMethod calledMethod, Unit unit, Map<Local, Constant> exitValue) {
	// Initialise result to an empty value
	Map<Local, Constant> afterCallValue = topValue();
	// Only propagate constants for return values
	if (unit instanceof AssignStmt) {
		Value lhsOp = ((AssignStmt) unit).getLeftOp();
		assign((Local) lhsOp, RETURN_LOCAL, exitValue, afterCallValue);
	}
	// Return the map with the returned value's constant
	return afterCallValue;
}
 

public static String formatConstants(Map<Local, Constant> value) {
	if (value == null) {
		return "";
	}
	StringBuffer sb = new StringBuffer();
	for (Map.Entry<Local,Constant> entry : value.entrySet()) {
		Local local = entry.getKey();
		Constant constant = entry.getValue();
		if (constant != null) {
			sb.append("(").append(local).append("=").append(constant).append(") ");
		}
	}
	return sb.toString();
}
 

private boolean checkConstantValue(ConstantValueTag t, Constant rightOp) {
	if (t == null || rightOp == null)
		return true;
	
	if (t instanceof DoubleConstantValueTag) {
		if (!(rightOp instanceof DoubleConstant))
			return false;
		return ((DoubleConstantValueTag) t).getDoubleValue() == ((DoubleConstant) rightOp).value;
	}
	else if (t instanceof FloatConstantValueTag) {
		if (!(rightOp instanceof FloatConstant))
			return false;
		return ((FloatConstantValueTag) t).getFloatValue() == ((FloatConstant) rightOp).value;
	}
	else if (t instanceof IntegerConstantValueTag) {
		if (!(rightOp instanceof IntConstant))
			return false;
		return ((IntegerConstantValueTag) t).getIntValue() == ((IntConstant) rightOp).value;
	}
	else if (t instanceof LongConstantValueTag) {
		if (!(rightOp instanceof LongConstant))
			return false;
		return ((LongConstantValueTag) t).getLongValue() == ((LongConstant) rightOp).value;
	}
	else if (t instanceof StringConstantValueTag) {
		if (!(rightOp instanceof StringConstant))
			return false;
		return ((StringConstantValueTag) t).getStringValue().equals(((StringConstant) rightOp).value);
	}
	else
		// We don't know the type, so we assume it's alright
		return true;
}
 

private ConstantValueTag createConstantTagFromValue(Constant rightOp) {
	if (rightOp instanceof DoubleConstant)
		return new DoubleConstantValueTag(((DoubleConstant) rightOp).value);
	else if (rightOp instanceof FloatConstant)
		return new FloatConstantValueTag(((FloatConstant) rightOp).value);
	else if (rightOp instanceof IntConstant)
		return new IntegerConstantValueTag(((IntConstant) rightOp).value);
	else if (rightOp instanceof LongConstant)
		return new LongConstantValueTag(((LongConstant) rightOp).value);
	else if (rightOp instanceof StringConstant)
		return new StringConstantValueTag(((StringConstant) rightOp).value);
	else
		return null;
}
 

private Operand popStackConst(Operand o) {
	Value v = o.value;
	Local l = o.stack;
	if (l == null && !(v instanceof Constant)) {
		l = o.stack = newStackLocal();
		setUnit(o.insn, Jimple.v().newAssignStmt(l, v));
		o.updateBoxes();
	}
	return o;
}
 

private Operand popImmediate(Operand o) {
	Value v = o.value;
	Local l = o.stack;
	if (l == null && !(v instanceof Local) && !(v instanceof Constant)) {
		l = o.stack = newStackLocal();
		setUnit(o.insn, Jimple.v().newAssignStmt(l, v));
		o.updateBoxes();
	}
	return o;
}
 

@Override
public void constant( Constant c ) {
  if (c instanceof ClassConstant) {
    handleIndent();
    String fullClassName =
      ((ClassConstant)c).value.replaceAll("/", ".");
    output.append(fullClassName + ".class");
  } else {
    super.constant(c);
  }
}
 

private void javafy(ValueBox vb) {
	Value v = vb.getValue();

	if (v instanceof Expr)
		javafy_expr(vb);
	else if (v instanceof Ref)
		javafy_ref(vb);
	else if (v instanceof Local)
		javafy_local(vb);
	else if (v instanceof Constant)
		javafy_constant(vb);
}
 

public Register asImmediate(Value v, ConstantVisitor constantV) {
	if (v instanceof Constant) {
		 return asConstant(v, constantV);
	} else if (v instanceof Local) {
		return asLocal(v);
	} else {
		throw new RuntimeException("expected Immediate (Constant or Local), but was: " + v.getClass());
	}
}
 

/**
 * Gets the number of non-constant arguments to the given method call
 * @param s A call site
 * @return The number of non-constant arguments in the given call site
 */
private int getNonConstParamCount(Stmt s) {
	int cnt = 0;
	for (Value val : s.getInvokeExpr().getArgs())
		if (!(val instanceof Constant))
			cnt++;
	return cnt;
}
 

@Override
protected void internalTransform(Body body, String phaseName, Map<String, String> options) {
       ExceptionalUnitGraph graph = new ExceptionalUnitGraph(body, DalvikThrowAnalysis.v(), true);
       LocalDefs localDefs = LocalDefs.Factory.newLocalDefs(graph);
       LocalUses localUses = null;
       LocalCreation localCreation = null;
       
	// If a return statement's operand has only one definition and this is
	// a copy statement, we take the original operand
	for (Unit u : body.getUnits())
		if (u instanceof ReturnStmt) {
			ReturnStmt retStmt = (ReturnStmt) u;
			if (retStmt.getOp() instanceof Local) {
				List<Unit> defs = localDefs.getDefsOfAt((Local) retStmt.getOp(), retStmt);
				if (defs.size() == 1 && defs.get(0) instanceof AssignStmt) {
					AssignStmt assign = (AssignStmt) defs.get(0);
					final Value rightOp = assign.getRightOp();
					final Value leftOp = assign.getLeftOp();
					
					// Copy over the left side if it is a local
					if (rightOp instanceof Local) {
						// We must make sure that the definition we propagate to
						// the return statement is not overwritten in between
						// a = 1; b = a; a = 3; return b; may not be translated
						// to return a;
						if (!isRedefined((Local) rightOp, u, assign, graph))
							retStmt.setOp(rightOp);
					}
					else if (rightOp instanceof Constant) {
						retStmt.setOp(rightOp);
					}
					// If this is a field access which has no other uses,
					// we rename the local to help splitting
					else if (rightOp instanceof FieldRef) {
						if (localUses == null)
							localUses = LocalUses.Factory.newLocalUses(body, localDefs);
						if (localUses.getUsesOf(assign).size() == 1) {
							if (localCreation == null)
								localCreation = new LocalCreation(body.getLocals(), "ret");
							Local newLocal = localCreation.newLocal(leftOp.getType());
							assign.setLeftOp(newLocal);
							retStmt.setOp(newLocal);
						}
					}
				}
			}
		}
}
 

/**
 * Return the literal constant for this instruction.
 *
 * @param register the register number to fill
 * @param body the body containing the instruction
 */
private Constant getConstant(int dest, DexBody body) {

    long literal = 0;

    if (instruction instanceof WideLiteralInstruction) {
        literal = ((WideLiteralInstruction)instruction).getWideLiteral();
    } else if (instruction instanceof NarrowLiteralInstruction) {
        literal = ((NarrowLiteralInstruction)instruction).getNarrowLiteral();
    } else {
        throw new RuntimeException("literal error: expected narrow or wide literal.");
    }
    

    // floats are handled later in DexBody by calling DexNumtransformer
    Opcode opcode = instruction.getOpcode();
    switch (opcode) {
    case CONST:
    case CONST_4:
    case CONST_16:
        if (IDalvikTyper.ENABLE_DVKTYPER) {
            return UntypedIntOrFloatConstant.v((int)literal);
        } else {
            return IntConstant.v((int) literal);
        }

    case CONST_HIGH16:
        if (IDalvikTyper.ENABLE_DVKTYPER) {
            //
            //return UntypedIntOrFloatConstant.v((int)literal<<16).toFloatConstant();
            // seems that dexlib correctly puts the 16bits into the topmost bits.
            //
            return UntypedIntOrFloatConstant.v((int)literal);//.toFloatConstant();
        } else {
            return IntConstant.v((int) literal);
        }

    case CONST_WIDE_HIGH16:
        if (IDalvikTyper.ENABLE_DVKTYPER) {
            //return UntypedLongOrDoubleConstant.v((long)literal<<48).toDoubleConstant();
            // seems that dexlib correctly puts the 16bits into the topmost bits.
            //
            return UntypedLongOrDoubleConstant.v((long)literal);//.toDoubleConstant();
        } else {
        	return LongConstant.v(literal);
        }

    case CONST_WIDE:
    case CONST_WIDE_16:
    case CONST_WIDE_32:
        if (IDalvikTyper.ENABLE_DVKTYPER) {
            return UntypedLongOrDoubleConstant.v(literal);
        } else {
        	return LongConstant.v(literal);
        }
    default:
        throw new IllegalArgumentException("Expected a const or a const-wide instruction, got neither.");
    }
}
 

@Override
public Map<Local, Constant> boundaryValue(SootMethod method) {
	return topValue();
}
 

@Override
public Map<Local, Constant> copy(Map<Local, Constant> src) {
	return new HashMap<Local, Constant>(src);
}
 

@Override
public void caseAssignStmt(AssignStmt stmt) {
	constantV.setOrigStmt(stmt);
       exprV.setOrigStmt(stmt);
	Value lhs = stmt.getLeftOp();
	if (lhs instanceof ConcreteRef) {
		// special cases that lead to *put* opcodes
		Value source = stmt.getRightOp();
           addInsn(buildPutInsn((ConcreteRef) lhs, source), stmt);
		return;
	}
	// other cases, where lhs is a local
	if (!(lhs instanceof Local)) {
		throw new Error("left-hand side of AssignStmt is not a Local: " + lhs.getClass());
	}
	Register lhsReg = regAlloc.asLocal(lhs);
	
	Value rhs = stmt.getRightOp();
	if (rhs instanceof Local) {
		// move rhs local to lhs local, if different
		String lhsName = ((Local)lhs).getName();
		String rhsName = ((Local)rhs).getName();
		if (lhsName.equals(rhsName)) {
			return;
		}
		Register sourceReg = regAlloc.asLocal(rhs);
           addInsn(buildMoveInsn(lhsReg, sourceReg), stmt);
	} else if (rhs instanceof Constant) {
		// move rhs constant into the lhs local
		constantV.setDestination(lhsReg);
		rhs.apply(constantV);
	} else if (rhs instanceof ConcreteRef) {
           addInsn(buildGetInsn((ConcreteRef) rhs, lhsReg), stmt);
	} else {
		// evaluate rhs expression, saving the result in the lhs local
		exprV.setDestinationReg(lhsReg);
		rhs.apply(exprV);
		if (rhs instanceof InvokeExpr) {
			// do the actual "assignment" for an invocation: move its result to the lhs reg (it was not used yet)
			Insn moveResultInsn = buildMoveResultInsn(lhsReg);
			int invokeInsnIndex = insns.indexOf(getLastInvokeInsn());
			addInsn(invokeInsnIndex + 1, moveResultInsn);
		}
	}

	this.insnRegisterMap.put(insns.get(insns.size() - 1), LocalRegisterAssignmentInformation.v(lhsReg, (Local)lhs));
}