soot.jimple.StaticInvokeExpr Java Examples
The following examples show how to use
soot.jimple.StaticInvokeExpr.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: TimingBombTransformer.java From FuzzDroid with Apache License 2.0 | 7 votes |
|
private void prepareAlarmManagerSet(Body body, InvokeStmt setStmt, SootMethodRef reportRef) {
Value oldVal = setStmt.getInvokeExpr().getArg(1);
Local longLocal = UtilInstrumenter.generateFreshLocal(body, LongType.v());
SootMethod currentTimeMillis = Scene.v().getMethod("<java.lang.System: long currentTimeMillis()>");
StaticInvokeExpr timeInvoke = Jimple.v().newStaticInvokeExpr(currentTimeMillis.makeRef());
AssignStmt timeInitalize = Jimple.v().newAssignStmt(longLocal, timeInvoke);
AddExpr addTime = Jimple.v().newAddExpr(longLocal, LongConstant.v(2000L));
AssignStmt timeAssign = Jimple.v().newAssignStmt(longLocal, addTime);
body.getUnits().insertBefore(timeInitalize, setStmt);
body.getUnits().insertBefore(timeAssign, setStmt);
InvokeExpr expr = setStmt.getInvokeExpr();
expr.setArg(0, IntConstant.v(0));
expr.setArg(1, longLocal);
// Report the change
InvokeStmt reportStmt = Jimple.v().newInvokeStmt(Jimple.v().newStaticInvokeExpr(
reportRef, oldVal, longLocal));
reportStmt.addTag(new InstrumentedCodeTag());
body.getUnits().insertAfter(reportStmt, setStmt);
}
Example #2
| Source File: UtilInstrumenter.java From FuzzDroid with Apache License 2.0 | 5 votes |
|
public static Unit makeJimpleStaticCallForPathExecution(String methodName, Object... args) {
SootClass sootClass = Scene.v().getSootClass(UtilInstrumenter.JAVA_CLASS_FOR_PATH_EXECUTION);
Unit generated = null;
ArrayList<Type> argTypes = new ArrayList<Type>();
ArrayList<Value> argList = new ArrayList<Value>();
if (args != null) {
if (args.length % 2 != 0) {
throw new RuntimeException(
"Mismatched argument types:values in static call to "
+ methodName);
} else {
for (int i = 0; i < args.length; i++)
if (i % 2 == 0) // First type, then argument
argTypes.add((Type) args[i]);
else
argList.add((Value) args[i]);
}
}
SootMethod createAndAdd = sootClass.getMethod(methodName, argTypes);
StaticInvokeExpr sie = Jimple.v().newStaticInvokeExpr(
createAndAdd.makeRef(), argList);
generated = Jimple.v().newInvokeStmt(sie);
return generated;
}
Example #3
| Source File: ConditionTracking.java From FuzzDroid with Apache License 2.0 | 5 votes |
|
private void instrumentEachBranchAccess(Body body, Unit unit){
SootClass sootClass = Scene.v().getSootClass(
UtilInstrumenter.JAVA_CLASS_FOR_PATH_INSTRUMENTATION);
// Create the method invocation
SootMethod createAndAdd = sootClass.getMethod("reportConditionOutcomeSynchronous",
Collections.<Type>singletonList(BooleanType.v()));
StaticInvokeExpr sieThen = Jimple.v().newStaticInvokeExpr(
createAndAdd.makeRef(), IntConstant.v(1));
StaticInvokeExpr sieElse = Jimple.v().newStaticInvokeExpr(
createAndAdd.makeRef(), IntConstant.v(0));
Unit sieThenUnit = Jimple.v().newInvokeStmt(sieThen);
sieThenUnit.addTag(new InstrumentedCodeTag());
Unit sieElseUnit = Jimple.v().newInvokeStmt(sieElse);
sieElseUnit.addTag(new InstrumentedCodeTag());
//treatment of target statement ("true"-branch)
IfStmt ifStmt = (IfStmt)unit;
Stmt targetStmt = ifStmt.getTarget();
if(!branchTargetStmt.contains(targetStmt.toString())) {
branchTargetStmt.add(sieThenUnit.toString());
body.getUnits().insertBefore(sieThenUnit, targetStmt);
NopStmt nop = Jimple.v().newNopStmt();
GotoStmt gotoNop = Jimple.v().newGotoStmt(nop);
body.getUnits().insertBeforeNoRedirect(nop, targetStmt);
body.getUnits().insertBeforeNoRedirect(gotoNop, sieThenUnit);
}
//treatment of "else"-branch
body.getUnits().insertAfter(sieElseUnit, unit);
}
Example #4
| Source File: JimpleExprVisitorImpl.java From FuzzDroid with Apache License 2.0 | 5 votes |
|
@Override
public void caseStaticInvokeExpr(StaticInvokeExpr v) {
//just propagate the taint value of previous statement
Stmt prevStmt = stmtVisitor.getPreviousDataFlowPathElement(currentStatement);
if(prevStmt == null)
throw new RuntimeException("there is no previous statement");
else {
//create an assignment between the incoming taint-value and the
//assigned taint-value inside the method
SMTBinding bindingPrevStmt = stmtVisitor.getBindingForTaintedValue(prevStmt);
//if there is no taint-tracking involved, we do not have to create an SMT formula
if(bindingPrevStmt == null)
return;
AccessPath accessPath = stmtVisitor.getCorrectAccessPathForStmt(currentStatement);
Local identityStmtTaintValue = accessPath.getPlainValue();
SMTBinding bindingCurentStmt = stmtVisitor.getLatestBindingForValue(identityStmtTaintValue);
if(bindingCurentStmt == null) {
bindingCurentStmt = stmtVisitor.createNewBindingForValue(identityStmtTaintValue);
stmtVisitor.addValueBindingToVariableDeclaration(identityStmtTaintValue, bindingCurentStmt);
}
if(bindingCurentStmt != bindingPrevStmt) {
SMTSimpleAssignment simpleAssignForTaintProp = new SMTSimpleAssignment(bindingCurentStmt, new SMTBindingValue(bindingPrevStmt));
SMTAssertStatement simpleAssignAssert = new SMTAssertStatement(simpleAssignForTaintProp);
stmtVisitor.addAssertStmtToAllPrograms(simpleAssignAssert);
}
this.result = bindingCurentStmt;
}
}
Example #5
| Source File: ExprVisitor.java From JAADAS with GNU General Public License v3.0 | 5 votes |
|
@Override
public void caseStaticInvokeExpr(StaticInvokeExpr sie) {
BuilderMethodReference method = DexPrinter.toMethodReference
(sie.getMethodRef(), dexFile);
List<Register> arguments = getInvokeArgumentRegs(sie);
stmtV.addInsn(buildInvokeInsn("INVOKE_STATIC", method, arguments), origStmt);
}
Example #6
| Source File: UnitThrowAnalysis.java From JAADAS with GNU General Public License v3.0 | 5 votes |
|
public void caseStaticInvokeExpr(StaticInvokeExpr expr) {
result = result.add(mgr.INITIALIZATION_ERRORS);
for (int i = 0; i < expr.getArgCount(); i++) {
result = result.add(mightThrow(expr.getArg(i)));
}
result = result.add(mightThrow(expr.getMethodRef()));
}
Example #7
| Source File: Instrumentation.java From DroidForce with GNU Lesser General Public License v2.1 | 5 votes |
|
public static StaticInvokeExpr createJimpleStaticInvokeExpr(String javaClass, String call, List<Object> args) {
SootClass sootClass = Scene.v().getSootClass(javaClass);
ArrayList<Type> argTypes = new ArrayList<Type>();
ArrayList<Value> argList = new ArrayList<Value>();
if (args != null) {
if (args.size() % 2 != 0) {
throw new RuntimeException(
"Mismatched argument types:values in static call to "
+ call);
} else {
for (int i = 0; i < args.size(); i++)
if (i % 2 == 0) // First type, then argument
argTypes.add((Type) args.get(i));
else
argList.add((Value) args.get(i));
}
}
SootMethod createAndAdd = sootClass.getMethod(call, argTypes);
StaticInvokeExpr sie = Jimple.v().newStaticInvokeExpr(
createAndAdd.makeRef(), argList);
log.debug("new invoke expression: "+ sie);
return sie;
}
Example #8
| Source File: Util.java From DroidForce with GNU Lesser General Public License v2.1 | 5 votes |
|
private static void initializePeP(SootClass sc){
SootMethod onCreate = null;
log.info("add Pep initialization in class "+ sc);
for(SootMethod sm : sc.getMethods()){
if(sm.getName().equals("onCreate") &&
sm.getParameterCount() == 1 &&
sm.getParameterType(0).toString().equals("android.os.Bundle")){
onCreate = sm;
}
}
if(onCreate != null){
List<Unit> generated = new ArrayList<Unit>();
Body body = onCreate.retrieveActiveBody();
Local thisLocal = body.getThisLocal();
SootClass context = Scene.v().forceResolve("android.content.Context", SootClass.BODIES);
// SootMethod applicationContext =sc.getMethod("android.content.Context getApplicationContext()");
SootMethod applicationContext = context.getMethod("android.content.Context getApplicationContext()");
SpecialInvokeExpr virtInvExpr = Jimple.v().newSpecialInvokeExpr(thisLocal, applicationContext.makeRef());
Local applicationContextLocal = generateFreshLocal(body, RefType.v("android.content.Context"));
generated.add(Jimple.v().newAssignStmt(applicationContextLocal, virtInvExpr));
List<Object> args = new ArrayList<Object>();
args.add(RefType.v("android.content.Context"));
args.add(applicationContextLocal);
StaticInvokeExpr staticInvExpr = Instrumentation.createJimpleStaticInvokeExpr(Settings.instance.INSTRUMENTATION_HELPER_JAVA, Settings.instance.INSTRUMENTATION_HELPER_INITIALIZE_METHOD, args);
generated.add(Jimple.v().newInvokeStmt(staticInvExpr));
Unit onCreateSpecialInvoke = getSuperOnCreateUnit(body);
if(onCreateSpecialInvoke == null)
throw new RuntimeException("error: super.onCreate() statement missing in method "+ onCreate);
body.getUnits().insertAfter(generated, onCreateSpecialInvoke);
}
}
Example #9
| Source File: ExprTranslator.java From JAADAS with GNU General Public License v3.0 | 4 votes |
|
public void caseStaticInvokeExpr(StaticInvokeExpr expr) {
handleCall(expr, expr.getMethod());
}
Example #10
| Source File: ValueTemplatePrinter.java From JAADAS with GNU General Public License v3.0 | 4 votes |
|
public void caseStaticInvokeExpr(StaticInvokeExpr v) {
printInvokeExpr(v);
}
Example #11
| Source File: PolicyEnforcementPoint.java From DroidForce with GNU Lesser General Public License v2.1 | 4 votes |
|
private List<Unit> instrumentIntentAddings(BiDiInterproceduralCFG<Unit, SootMethod> cfg,
Unit unit, InvokeExpr sinkExpr, Set<ResultSourceInfo> sourceInfo){
if(isMethodInterComponentSink(sinkExpr.getMethod())){
SootMethod method = cfg.getMethodOf(unit);
Body body = null;
if(method.hasActiveBody())
body = method.retrieveActiveBody();
else
throw new RuntimeException("No body found!");
Set<String> sourceCategories = getDataIdList(sourceInfo);
final String hashSetType = "java.util.HashSet";
List<Unit> generated = new ArrayList<Unit>();
//HashSet initialization
Local hashSetLocal = generateFreshLocal(body, RefType.v(hashSetType));
NewExpr newExpr = Jimple.v().newNewExpr(RefType.v(hashSetType));
AssignStmt assignStmt = Jimple.v().newAssignStmt(hashSetLocal, newExpr);
generated.add(assignStmt);
//constructor call
SpecialInvokeExpr constructorCall = Jimple.v().newSpecialInvokeExpr(hashSetLocal, Scene.v().getMethod("<java.util.HashSet: void <init>()>").makeRef());
InvokeStmt constructorCallStmt = Jimple.v().newInvokeStmt(constructorCall);
generated.add(constructorCallStmt);
//add categories to HashSet
for(String cat : sourceCategories){
InterfaceInvokeExpr addCall = Jimple.v().newInterfaceInvokeExpr(hashSetLocal, Scene.v().getMethod("<java.util.Set: boolean add(java.lang.Object)>").makeRef(), StringConstant.v(cat));
InvokeStmt addCallStmt = Jimple.v().newInvokeStmt(addCall);
generated.add(addCallStmt);
}
//get Intent
Value intent = sinkExpr.getArg(0);
List<Object> args = new ArrayList<Object>();
args.add(RefType.v("android.content.Intent"));
args.add(intent);
args.add(RefType.v(hashSetType));
args.add(hashSetLocal);
StaticInvokeExpr sie = Instrumentation.createJimpleStaticInvokeExpr(
Settings.INSTRUMENTATION_HELPER_JAVA,
"addTaintInformationToIntent",
args);
InvokeStmt invStmt = Jimple.v().newInvokeStmt(sie);
generated.add(invStmt);
return generated;
}
return Collections.emptyList();
}
Example #12
| Source File: PointsToAnalysis.java From vasco with GNU Lesser General Public License v2.1 | 4 votes |
|
/**
* Computes the targets of an invoke expression using a given points-to graph.
*
* <p>For static invocations, there is only target. For instance method
* invocations, the targets depend on the type of receiver objects pointed-to
* by the instance variable whose method is being invoked.</p>
*
* <p>If the instance variable points to a summary node, then the returned
* value is <tt>null</tt> signifying a <em>default</em> call-site.</p>
*/
private Set<SootMethod> getTargets(SootMethod callerMethod, Stmt callStmt, InvokeExpr ie, PointsToGraph ptg) {
Set<SootMethod> targets = new HashSet<SootMethod>();
SootMethod invokedMethod = ie.getMethod();
String subsignature = invokedMethod.getSubSignature();
// Static and special invocations refer to the target method directly
if (ie instanceof StaticInvokeExpr || ie instanceof SpecialInvokeExpr) {
targets.add(invokedMethod);
return targets;
} else {
assert (ie instanceof InterfaceInvokeExpr || ie instanceof VirtualInvokeExpr);
// Get the receiver
Local receiver = (Local) ((InstanceInvokeExpr) ie).getBase();
// Get what objects the receiver points-to
Set<AnyNewExpr> heapNodes = ptg.getTargets(receiver);
if (heapNodes != null) {
// For each object, find the invoked method for the declared type
for (AnyNewExpr heapNode : heapNodes) {
if (heapNode == PointsToGraph.SUMMARY_NODE) {
// If even one pointee is a summary node, then this is a default site
return null;
} else if (heapNode instanceof NewArrayExpr) {
// Probably getClass() or something like that on an array
return null;
}
// Find the top-most class that declares a method with the given
// signature and add it to the resulting targets
SootClass sootClass = ((RefType) heapNode.getType()).getSootClass();
do {
if (sootClass.declaresMethod(subsignature)) {
targets.add(sootClass.getMethod(subsignature));
break;
} else if (sootClass.hasSuperclass()) {
sootClass = sootClass.getSuperclass();
} else {
sootClass = null;
}
} while (sootClass != null);
}
}
if (targets.isEmpty()) {
// System.err.println("Warning! Null call at: " + callStmt+ " in " + callerMethod);
}
return targets;
}
}
Example #13
| Source File: FixedMethods.java From JAADAS with GNU General Public License v3.0 | 2 votes |
|
/**
* Returns true if a method call is fixed, i.e., assuming that all classes in the Scene resemble library code,
* then client code cannot possible overwrite the called method.
* This is trivially true for InvokeStatic and InvokeSpecial, but can also hold for virtual invokes if
* all possible call targets in the library cannot be overwritten.
* @see #clientOverwriteableOverwrites(SootMethod)
*/
public static boolean isFixed(InvokeExpr ie) {
return ie instanceof StaticInvokeExpr || ie instanceof SpecialInvokeExpr || !clientOverwriteableOverwrites(ie.getMethod());
}
