Java Code Examples for soot.jimple.InvokeExpr#getArg()

@Override
public Map<Local, Constant> callEntryFlowFunction(Context<SootMethod, Unit, Map<Local, Constant>> context, SootMethod calledMethod, Unit unit, Map<Local, Constant> inValue) {
	// Initialise result to empty map
	Map<Local, Constant> entryValue = topValue();
	// Map arguments to parameters
	InvokeExpr ie = ((Stmt) unit).getInvokeExpr();
	for (int i = 0; i < ie.getArgCount(); i++) {
		Value arg = ie.getArg(i);
		Local param = calledMethod.getActiveBody().getParameterLocal(i);
		assign(param, arg, inValue, entryValue);
	}
	// And instance of the this local
	if (ie instanceof InstanceInvokeExpr) {
		Value instance = ((InstanceInvokeExpr) ie).getBase();
		Local thisLocal = calledMethod.getActiveBody().getThisLocal();
		assign(thisLocal, instance, inValue, entryValue);
	}
	// Return the entry value at the called method
	return entryValue;
}
 

@Override
public Map<Local, SignAnalysis.Sign> callEntryFlowFunction(
		Context<SootMethod, Unit, Map<Local, SignAnalysis.Sign>> context, SootMethod calledMethod, Unit unit,
		Map<Local, SignAnalysis.Sign> inValue) {
	// Initialise result to empty map
	Map<Local, SignAnalysis.Sign> entryValue = topValue();
	// Map arguments to parameters
	InvokeExpr ie = ((Stmt) unit).getInvokeExpr();
	for (int i = 0; i < ie.getArgCount(); i++) {
		Value arg = ie.getArg(i);
		Local param = calledMethod.getActiveBody().getParameterLocal(i);
		assign(param, arg, inValue, entryValue);
	}
	// And instance of the this local
	if (ie instanceof InstanceInvokeExpr) {
		Value instance = ((InstanceInvokeExpr) ie).getBase();
		Local thisLocal = calledMethod.getActiveBody().getThisLocal();
		assign(thisLocal, instance, inValue, entryValue);
	}
	// Return the entry value at the called method
	return entryValue;
}
 

@Override
public Optional<? extends Query> test(Stmt unit) {
    Stmt stmt = unit;
    if (!(stmt.containsInvokeExpr()))
        return Optional.empty();
    InvokeExpr invokeExpr = stmt.getInvokeExpr();
    if (!invokeExpr.getMethod().getName().matches(methodNameMatcher))
        return Optional.empty();
    Value param = invokeExpr.getArg(0);
    if (!(param instanceof Local))
        return Optional.empty();
    SootMethod newMethod = icfg.getMethodOf(unit);
    Statement newStatement = new Statement(unit, newMethod);
    Val newVal = new Val(param, newMethod);
    BackwardQuery newBackwardQuery = new BackwardQuery(newStatement, newVal);
    return Optional.<Query> of(newBackwardQuery);
}
 

/**
 * Explicitly handles String.getChars() which does not really fit our
 * declarative model
 * @param invokeExpr The invocation of String.getChars()
 * @param taintedPath The tainted access path
 * @return The set of new taints to pass on in the taint propagation
 */
private Set<AccessPath> handleStringGetChars(InvokeExpr invokeExpr,
		AccessPath taintedPath) {
	// If the base object is tainted, the third argument gets tainted as
	// well
	if (((InstanceInvokeExpr) invokeExpr).getBase() == taintedPath.getPlainValue())
		return new TwoElementSet<AccessPath>(taintedPath, new AccessPath(
				invokeExpr.getArg(2), true));
	return Collections.singleton(taintedPath);
}
 

/**
 * Return all possible values for an integer local variable.
 * 
 * @param start The statement where the analysis should start.
 * @param local The local variable whose values we are looking for.
 * @param visitedStmts The set of visited statement.
 * @return The set of possible values for the local variable.
 */
private Set<Object> findIntAssignmentsForLocal(Stmt start, Local local, Set<Stmt> visitedStmts) {
  List<DefinitionStmt> assignStmts =
      findAssignmentsForLocal(start, local, true, new HashSet<Pair<Unit, Local>>());
  Set<Object> result = new HashSet<>(assignStmts.size());

  for (DefinitionStmt assignStmt : assignStmts) {
    Value rhsValue = assignStmt.getRightOp();
    if (rhsValue instanceof IntConstant) {
      result.add(((IntConstant) rhsValue).value);
    } else if (rhsValue instanceof LongConstant) {
      result.add(((LongConstant) rhsValue).value);
    } else if (rhsValue instanceof ParameterRef) {
      ParameterRef parameterRef = (ParameterRef) rhsValue;
      Iterator<Edge> edges =
          Scene.v().getCallGraph()
              .edgesInto(AnalysisParameters.v().getIcfg().getMethodOf(assignStmt));
      while (edges.hasNext()) {
        Edge edge = edges.next();
        InvokeExpr invokeExpr = edge.srcStmt().getInvokeExpr();
        Value argValue = invokeExpr.getArg(parameterRef.getIndex());
        if (argValue instanceof IntConstant) {
          result.add(((IntConstant) argValue).value);
        } else if (argValue instanceof LongConstant) {
          result.add(((LongConstant) argValue).value);
        } else if (argValue instanceof Local) {
          Set<Object> newResults =
              findIntAssignmentsForLocal(edge.srcStmt(), (Local) argValue, visitedStmts);
          result.addAll(newResults);
        } else {
          result.add(TOP_VALUE);
        }
      }
    } else {
      return Collections.singleton((Object) TOP_VALUE);
    }
  }

  return result;
}
 

private void parseExpectedQueryResults(SootMethod m, Set<Assertion> queries, Set<SootMethod> visited) {
    if (!m.hasActiveBody() || visited.contains(m))
        return;
    visited.add(m);
    Body activeBody = m.getActiveBody();
    for (Unit callSite : staticIcfg.getCallsFromWithin(m)) {
        staticIcfg.addCalleeListener(new ParseExpectedQueryResultCalleeListener(queries, visited, callSite));
    }
    for (Unit u : activeBody.getUnits()) {
        if (!(u instanceof Stmt))
            continue;

        Stmt stmt = (Stmt) u;
        if (!(stmt.containsInvokeExpr()))
            continue;
        InvokeExpr invokeExpr = stmt.getInvokeExpr();
        String invocationName = invokeExpr.getMethod().getName();
        if (invocationName.equals("shouldNotBeAnalyzed")) {
            queries.add(new ShouldNotBeAnalyzed(stmt));
        }
        if (!invocationName.startsWith("mayBeIn") && !invocationName.startsWith("mustBeIn"))
            continue;
        Value param = invokeExpr.getArg(0);
        Val val = new Val(param, m);
        if (invocationName.startsWith("mayBeIn")) {
            if (invocationName.contains("Error"))
                queries.add(new MayBe(stmt, val, InternalState.ERROR));
            else
                queries.add(new MayBe(stmt, val, InternalState.ACCEPTING));
        } else if (invocationName.startsWith("mustBeIn")) {
            if (invocationName.contains("Error"))
                queries.add(new MustBe(stmt, val, InternalState.ERROR));
            else
                queries.add(new MustBe(stmt, val, InternalState.ACCEPTING));
        }
    }
}
 

private void compareIntegerResults(Set<Node<Statement, Val>> backwardResults, AnalysisMode analysis) {
    if (queryForCallSites.size() > 1)
        throw new RuntimeException("Not implemented");
    for (Query q : queryForCallSites) {
        Statement stmt = q.stmt();
        InvokeExpr ie = stmt.getUnit().get().getInvokeExpr();
        Value arg = ie.getArg(1);
        Collection<String> expectedResults = parse(arg);
        boolean imprecise = false;
        for (Node<Statement, Val> v : backwardResults) {
            if (v.fact() instanceof AllocVal) {
                AllocVal allocVal = (AllocVal) v.fact();
                Value allocationValue = allocVal.allocationValue();
                boolean remove = expectedResults.remove(allocationValue.toString());
                if (!remove)
                    imprecise = true;
            } else {
                imprecise = true;
            }
        }
        if (!expectedResults.isEmpty()) {
            unsoundErrors.add(new Error(analysis + " Unsound results!"));
        }
        if (imprecise)
            imprecisionErrors.add(new Error(analysis + " Imprecise results!"));
    }
}
 

private void prepareHandlerPostDelayed(Body body, Stmt invokeStmt, SootMethodRef reportRef) {
	InvokeExpr expr = invokeStmt.getInvokeExpr();
	
	Value oldValue = expr.getArg(1);
	Value newValue = LongConstant.v(2000L);
	
	expr.setArg(1, newValue);

	// Report the change
	InvokeStmt reportStmt = Jimple.v().newInvokeStmt(Jimple.v().newStaticInvokeExpr(
			reportRef, oldValue, newValue));
	reportStmt.addTag(new InstrumentedCodeTag());
	body.getUnits().insertAfter(reportStmt, invokeStmt);
}
 

private void convertSendTextMessage(SMTBinding taintBinding, InvokeExpr invokeExpr) {
	if(taintBinding != null){				
		//sms number: we know that the length should be at least 4 and the characters are digits
		Value smsNr = invokeExpr.getArg(0);
		if(smsNr.toString().equals(taintBinding.getVariableName())) {					
			SMTLengthMethodCall length = new SMTLengthMethodCall(new SMTBindingValue(taintBinding));
			SMTBinding tmpBinding = stmtVisitor.createTemporalBinding(SMTBinding.TYPE.Int);
			SMTMethodAssignment lengthMethodAssignment = new SMTMethodAssignment(tmpBinding, length);
			SMTAssertStatement lengthMethodAssert = new SMTAssertStatement(lengthMethodAssignment);
			stmtVisitor.addAssertStmtToAllPrograms(lengthMethodAssert);
			// (assert (> int 4 ) )
			SMTValue valueThreeBinding = new SMTConstantValue<Integer>(4);
			SMTSimpleBinaryOperation gtBinaryOperation = new SMTSimpleBinaryOperation(SMTSimpleBinaryOperation.SMTSimpleBinaryOperator.GT, new SMTBindingValue(tmpBinding), valueThreeBinding);
			SMTAssertStatement gtBinaryAssertion = new SMTAssertStatement(gtBinaryOperation);
			stmtVisitor.addAssertStmtToAllPrograms(gtBinaryAssertion);
			
			//second: (assert (RegexIn a (RegexStar (RegexDigit "") ) ) )
			SMTRegexDigitOperation isDigitOperation = new SMTRegexDigitOperation(taintBinding);
			SMTAssertStatement isDigitAssert = new SMTAssertStatement(isDigitOperation);
			//Todo: temporarily disabled this one due to performance reasons; please enable it!!
			stmtVisitor.addAssertStmtToAllPrograms(isDigitAssert);
		}
		//there is no return value
		this.result = null;
	}
	else
		throw new RuntimeException("it should be an assignment!");
}
 

/**
 * Finds the last assignment to the given local representing a resource ID
 * by searching upwards from the given statement
 * 
 * @param stmt
 *            The statement from which to look backwards
 * @param local
 *            The variable for which to look for assignments
 * @return The last value assigned to the given variable
 */
private Integer findLastResIDAssignment(Stmt stmt, Local local, BiDiInterproceduralCFG<Unit, SootMethod> cfg, Set<Stmt> doneSet) {
	if (!doneSet.add(stmt))
		return null;

	// If this is an assign statement, we need to check whether it changes
	// the variable we're looking for
	if (stmt instanceof AssignStmt) {
		AssignStmt assign = (AssignStmt) stmt;
		if (assign.getLeftOp() == local) {
			// ok, now find the new value from the right side
			if (assign.getRightOp() instanceof IntConstant)
				return ((IntConstant) assign.getRightOp()).value;
			else if (assign.getRightOp() instanceof FieldRef) {
				SootField field = ((FieldRef) assign.getRightOp()).getField();
				for (Tag tag : field.getTags())
					if (tag instanceof IntegerConstantValueTag)
						return ((IntegerConstantValueTag) tag).getIntValue();
					else
						System.err.println("Constant " + field + " was of unexpected type");
			} else if (assign.getRightOp() instanceof InvokeExpr) {
				InvokeExpr inv = (InvokeExpr) assign.getRightOp();
				if (inv.getMethod().getName().equals("getIdentifier") && inv.getMethod().getDeclaringClass().getName().equals("android.content.res.Resources") && this.resourcePackages != null) {
					// The right side of the assignment is a call into the
					// well-known
					// Android API method for resource handling
					if (inv.getArgCount() != 3) {
						System.err.println("Invalid parameter count for call to getIdentifier");
						return null;
					}

					// Find the parameter values
					String resName = "";
					String resID = "";
					String packageName = "";

					// In the trivial case, these values are constants
					if (inv.getArg(0) instanceof StringConstant)
						resName = ((StringConstant) inv.getArg(0)).value;
					if (inv.getArg(1) instanceof StringConstant)
						resID = ((StringConstant) inv.getArg(1)).value;
					if (inv.getArg(2) instanceof StringConstant)
						packageName = ((StringConstant) inv.getArg(2)).value;
					else if (inv.getArg(2) instanceof Local)
						packageName = findLastStringAssignment(stmt, (Local) inv.getArg(2), cfg);
					else {
						System.err.println("Unknown parameter type in call to getIdentifier");
						return null;
					}

					// Find the resource
					ARSCFileParser.AbstractResource res = findResource(resName, resID, packageName);
					if (res != null)
						return res.getResourceID();
				}
			}
		}
	}

	// Continue the search upwards
	for (Unit pred : cfg.getPredsOf(stmt)) {
		if (!(pred instanceof Stmt))
			continue;
		Integer lastAssignment = findLastResIDAssignment((Stmt) pred, local, cfg, doneSet);
		if (lastAssignment != null)
			return lastAssignment;
	}
	return null;
}
 

/**
 * Checks whether the given call site indicates a UI source, e.g. a password
 * input
 * 
 * @param sCallSite
 *            The call site that may potentially read data from a sensitive
 *            UI control
 * @param cfg
 *            The bidirectional control flow graph
 * @return True if the given call site reads data from a UI source, false
 *         otherwise
 */
private boolean isUISource(Stmt sCallSite, InterproceduralCFG<Unit, SootMethod> cfg) {
	// If we match input controls, we need to check whether this is a call
	// to one of the well-known resource handling functions in Android
	if (this.layoutMatching != LayoutMatchingMode.NoMatch && sCallSite.containsInvokeExpr()) {
		InvokeExpr ie = sCallSite.getInvokeExpr();
		final String signature = methodToSignature.getUnchecked(ie.getMethod());
		if (signature.equals(Activity_FindViewById)
				|| signature.equals(View_FindViewById)) {
			// Perform a constant propagation inside this method exactly
			// once
			SootMethod uiMethod = cfg.getMethodOf(sCallSite);
			if (analyzedLayoutMethods.add(uiMethod))
				ConstantPropagatorAndFolder.v().transform(uiMethod.getActiveBody());

			// If we match all controls, we don't care about the specific
			// control we're dealing with
			if (this.layoutMatching == LayoutMatchingMode.MatchAll)
				return true;
			// If we don't have a layout control list, we cannot perform any
			// more specific checks
			if (this.layoutControls == null)
				return false;

			// If we match specific controls, we need to get the ID of
			// control and look up the respective data object
			if (ie.getArgCount() != 1) {
				System.err.println("Framework method call with unexpected " + "number of arguments");
				return false;
			}
			int id = 0;
			if (ie.getArg(0) instanceof IntConstant)
				id = ((IntConstant) ie.getArg(0)).value;
			else if (ie.getArg(0) instanceof Local) {
				Integer idVal = findLastResIDAssignment(sCallSite, (Local) ie.getArg(0), (BiDiInterproceduralCFG<Unit, SootMethod>) cfg, new HashSet<Stmt>(cfg.getMethodOf(sCallSite).getActiveBody().getUnits().size()));
				if (idVal == null) {
					System.err.println("Could not find assignment to local "
								+ ((Local) ie.getArg(0)).getName()
								+ " in method "
								+ cfg.getMethodOf(sCallSite).getSignature());
					return false;
				} else
					id = idVal.intValue();
			} else {
				System.err.println("Framework method call with unexpected " + "parameter type: " + ie.toString() + ", " + "first parameter is of type " + ie.getArg(0).getClass());
				return false;
			}

			LayoutControl control = this.layoutControls.get(id);
			if (control == null) {
				System.err.println("Layout control with ID " + id + " not found");
				return false;
			}
			if (this.layoutMatching == LayoutMatchingMode.MatchSensitiveOnly && control.isSensitive())
				return true;
		}
	}
	return false;
}
 

/**
 * Checks whether all call sites for a specific callee agree on the same
 * constant value for one or more arguments. If so, these constant values
 * are propagated into the callee.
 * @param sm The method for which to look for call sites.
 */
private void propagateConstantsIntoCallee(SootMethod sm) {		
	Collection<Unit> callSites = icfg.getCallersOf(sm);
	if (callSites.isEmpty())
		return;
	
	boolean[] isConstant = new boolean[sm.getParameterCount()];
	Constant[] values = new Constant[sm.getParameterCount()];
	for (int i = 0; i < isConstant.length; i++)
		isConstant[i] = true;
	
	// Do all of our callees agree on one constant value?
	boolean hasCallSites = false;
	for (Unit callSite : callSites) {
		// If this call site is in an excluded method, we ignore it
		if (excludedMethods != null && excludedMethods.contains(icfg.getMethodOf(callSite)))
			continue;
		
		InvokeExpr iiExpr = ((Stmt) callSite).getInvokeExpr();
		hasCallSites = true;
		
		// Check whether we have constant parameter values
		for (int i = 0; i < iiExpr.getArgCount(); i++) {
			final Value argVal = iiExpr.getArg(i);
			if (argVal instanceof Constant) {
				// If we already have a value for this argument and the
				// new one does not agree, this parameter is not globally
				// constant.
				if (values[i] != null && !values[i].equals(argVal))
					isConstant[i] = false;
				else
					values[i] = (Constant) argVal;
			}
			else
				isConstant[i] = false;
		}
	}
	
	if (hasCallSites) {
		// Get the constant parameters
		List<Unit> inserted = null;
		for (int i = 0; i < isConstant.length; i++) {
			if (isConstant[i]) {
				// Propagate the constant into the callee
				Local paramLocal = sm.getActiveBody().getParameterLocal(i);
				Unit point = getFirstNonIdentityStmt(sm);
				Unit assignConst = Jimple.v().newAssignStmt(paramLocal, values[i]);
				sm.getActiveBody().getUnits().insertBefore(assignConst, point);
				
				if (inserted == null)
					inserted = new ArrayList<Unit>();
				inserted.add(assignConst);
			}
		}
		
		// Propagate the constant inside the callee
		if (inserted != null) {
			ConstantPropagatorAndFolder.v().transform(sm.getActiveBody());
			for (Unit u : inserted)
				sm.getActiveBody().getUnits().remove(u);
		}
	}
}
 

private void generateSMTAppendStmt(InvokeExpr invokeExpr, Value base) {
	//############## a.append(b) treatment ##############
	//(= t (Concat a b) )
	
	//treatment of lhs
	SMTBinding lhs = stmtVisitor.createTemporalBinding(SMTBinding.TYPE.String);
	
	//base treatment
	SMTBinding baseBinding = null;
	if(stmtVisitor.hasBindingForValue(base))
		baseBinding = stmtVisitor.getLatestBindingForValue(base);
	else {
		baseBinding = stmtVisitor.createNewBindingForValue(base);
		stmtVisitor.addValueBindingToVariableDeclaration(base, baseBinding);
		stmtVisitor.addNewDynamicValueForBaseObjectToMap(currentStatement, baseBinding);
	}
	
	//rhs treatment
	Value argumentValue = invokeExpr.getArg(0);
	SMTValue argumentSMTForm = null;
	if(argumentValue instanceof StringConstant) {
		argumentSMTForm = new SMTConstantValue<String>(((StringConstant) argumentValue).value);
	}
	else {			
		SMTBinding tmpBinding = null;
		if(stmtVisitor.hasBindingForValue(argumentValue))
			tmpBinding = stmtVisitor.getLatestBindingForValue(argumentValue);
		else {
			tmpBinding = stmtVisitor.createNewBindingForValue(argumentValue);
			stmtVisitor.addValueBindingToVariableDeclaration(argumentValue, tmpBinding);
			stmtVisitor.addNewDynamicValueForBaseObjectToMap(currentStatement, tmpBinding);
		}
		argumentSMTForm = new SMTBindingValue(tmpBinding);
	}

	SMTConcatMethodCall concat = new SMTConcatMethodCall(new SMTBindingValue(baseBinding), argumentSMTForm);
	SMTMethodAssignment conacatAss = new SMTMethodAssignment(lhs, concat);
	SMTAssertStatement assertStmt = new SMTAssertStatement(conacatAss);
	stmtVisitor.addAssertStmtToAllPrograms(assertStmt);
	
	this.result = lhs;
}
 

private void generateSMTContainsStmt(InvokeExpr invokeExpr, Value base) {
	//############## a.contains(b), a.replaceAll(b, c) treatment ##############
	//(= t (Contains a b) )				
	SMTBinding lhs = stmtVisitor.createTemporalBinding(SMTBinding.TYPE.Bool);
	
	//rhs treatment
	Value argumentValue = invokeExpr.getArg(0);
	SMTValue argumentSMTForm = null;
	if(argumentValue instanceof StringConstant) {
		argumentSMTForm = new SMTConstantValue<String>(((StringConstant) argumentValue).value);
	}
	else {			
		SMTBinding tmpBinding = null;
		if(stmtVisitor.hasBindingForValue(argumentValue))
			tmpBinding = stmtVisitor.getLatestBindingForValue(argumentValue);
		else {
			tmpBinding = 
			stmtVisitor.createNewBindingForValue(argumentValue);
			stmtVisitor.addValueBindingToVariableDeclaration(argumentValue, tmpBinding);
			stmtVisitor.addNewDynamicValueForArgumentToMap(currentStatement, tmpBinding, 0);
		}
		argumentSMTForm = new SMTBindingValue(tmpBinding);
	}
	
	//base treatment
	SMTBinding baseBinding = null;
	if(stmtVisitor.hasBindingForValue(base))
		baseBinding = stmtVisitor.getLatestBindingForValue(base);
	else {			
		baseBinding = stmtVisitor.createNewBindingForValue(base);
		stmtVisitor.addValueBindingToVariableDeclaration(base, baseBinding);
		stmtVisitor.addNewDynamicValueForBaseObjectToMap(currentStatement, baseBinding);
	}
	
	SMTContainsMethodCall containsMethod = new SMTContainsMethodCall(new SMTBindingValue(baseBinding), argumentSMTForm);
	SMTMethodAssignment methodAss = new SMTMethodAssignment(lhs, containsMethod);
	SMTAssertStatement assertStmt = new SMTAssertStatement(methodAss);
	
	stmtVisitor.addAssertStmtToAllPrograms(assertStmt);			
	this.result = lhs;
}
 

private void generateSMTStartsWithStmt(InvokeExpr invokeExpr, Value base) {
	//############## a.startsWith(b) treatment ##############
	//(= t (StartsWith a b)
			
	//lhs treatment
	SMTBinding lhs = stmtVisitor.createTemporalBinding(SMTBinding.TYPE.Bool);
	
	//rhs treatment
	Value argumentValue = invokeExpr.getArg(0);
	SMTValue argumentSMTForm = null;
	if(argumentValue instanceof StringConstant) {
		argumentSMTForm = new SMTConstantValue<String>(((StringConstant) argumentValue).value); 
	}
	else {			
		SMTBinding tmpBinding = null;
		if(stmtVisitor.hasBindingForValue(argumentValue))
			tmpBinding = stmtVisitor.getLatestBindingForValue(argumentValue);
		else {
			tmpBinding = stmtVisitor.createNewBindingForValue(argumentValue);
			stmtVisitor.addValueBindingToVariableDeclaration(argumentValue, tmpBinding);
			stmtVisitor.addNewDynamicValueForArgumentToMap(currentStatement, tmpBinding, 0);
		}
					
		argumentSMTForm = new SMTBindingValue(tmpBinding);
	}
	
	//base treatment
	SMTBinding baseBinding = null;
	if(stmtVisitor.hasBindingForValue(base))
		baseBinding = stmtVisitor.getLatestBindingForValue(base);
	else {
		baseBinding = stmtVisitor.createNewBindingForValue(base);
		stmtVisitor.addValueBindingToVariableDeclaration(base, baseBinding);
		stmtVisitor.addNewDynamicValueForBaseObjectToMap(currentStatement, baseBinding);			
	}
	
	SMTStartsWithMethodCall startsWithMethod = new SMTStartsWithMethodCall(new SMTBindingValue(baseBinding), argumentSMTForm);
	SMTMethodAssignment methodAss = new SMTMethodAssignment(lhs, startsWithMethod);
	SMTAssertStatement assertStmt = new SMTAssertStatement(methodAss);
	
	stmtVisitor.addAssertStmtToAllPrograms(assertStmt);
	this.result = lhs;				
}
 

private List<Unit> instrumentIntentAddings(BiDiInterproceduralCFG<Unit, SootMethod> cfg,
		Unit unit, InvokeExpr sinkExpr, Set<ResultSourceInfo> sourceInfo){
	if(isMethodInterComponentSink(sinkExpr.getMethod())){
		SootMethod method = cfg.getMethodOf(unit);
		Body body = null;
		if(method.hasActiveBody())
			body = method.retrieveActiveBody();
		else
			throw new RuntimeException("No body found!");
		
		Set<String> sourceCategories = getDataIdList(sourceInfo);
		
		final String hashSetType = "java.util.HashSet";
		List<Unit> generated = new ArrayList<Unit>();
		
		//HashSet initialization
		Local hashSetLocal = generateFreshLocal(body, RefType.v(hashSetType));
		NewExpr newExpr = Jimple.v().newNewExpr(RefType.v(hashSetType));
		AssignStmt assignStmt = Jimple.v().newAssignStmt(hashSetLocal, newExpr);
		generated.add(assignStmt);
		
		//constructor call
		SpecialInvokeExpr constructorCall = Jimple.v().newSpecialInvokeExpr(hashSetLocal, Scene.v().getMethod("<java.util.HashSet: void <init>()>").makeRef());
		InvokeStmt constructorCallStmt = Jimple.v().newInvokeStmt(constructorCall);
		generated.add(constructorCallStmt);
		
		//add categories to HashSet
		for(String cat : sourceCategories){
			InterfaceInvokeExpr addCall = Jimple.v().newInterfaceInvokeExpr(hashSetLocal, Scene.v().getMethod("<java.util.Set: boolean add(java.lang.Object)>").makeRef(), StringConstant.v(cat));
			InvokeStmt addCallStmt = Jimple.v().newInvokeStmt(addCall);
			generated.add(addCallStmt);
		}
		
		//get Intent
		Value intent = sinkExpr.getArg(0);
		List<Object> args = new ArrayList<Object>();
		args.add(RefType.v("android.content.Intent"));
		args.add(intent);
		args.add(RefType.v(hashSetType));
		args.add(hashSetLocal);
		StaticInvokeExpr sie = Instrumentation.createJimpleStaticInvokeExpr(
				Settings.INSTRUMENTATION_HELPER_JAVA,
				"addTaintInformationToIntent",
				args);
		InvokeStmt invStmt = Jimple.v().newInvokeStmt(sie);
		generated.add(invStmt);
		
		return generated;
	}
	return Collections.emptyList();
}
 

private void generateSMTIndexOfStmt(InvokeExpr invokeExpr, Value base) {
	//############## a.indexOf(b) treatment ##############
	//(= t (Indexof a b)
			
	//lhs treatment
	SMTBinding lhs = stmtVisitor.createTemporalBinding(SMTBinding.TYPE.Int);
	
	//rhs treatment
	Value indexOf = invokeExpr.getArg(0);
	SMTValue argumentValue = null;
	if(indexOf instanceof StringConstant) {
		argumentValue = new SMTConstantValue<String>(((StringConstant)indexOf).value); 
	}
	else {			
		SMTBinding tmpBinding = null;
		if(stmtVisitor.hasBindingForValue(indexOf))
			tmpBinding = stmtVisitor.getLatestBindingForValue(indexOf);
		else {
			tmpBinding = stmtVisitor.createNewBindingForValue(indexOf);
			stmtVisitor.addValueBindingToVariableDeclaration(indexOf, tmpBinding);
			stmtVisitor.addNewDynamicValueForArgumentToMap(currentStatement, tmpBinding, 0);
		}
								
		argumentValue = new SMTBindingValue(tmpBinding);
	}
	
	//base treatment
	SMTBinding baseBinding = null;
	if(stmtVisitor.hasBindingForValue(base))
		baseBinding = stmtVisitor.getLatestBindingForValue(base);
	else {			
		baseBinding = stmtVisitor.createNewBindingForValue(base);
		stmtVisitor.addValueBindingToVariableDeclaration(base, baseBinding);
		stmtVisitor.addNewDynamicValueForBaseObjectToMap(currentStatement, baseBinding);
	}
	
	SMTIndexOfMethodCall indexOfMethod = new SMTIndexOfMethodCall(new SMTBindingValue(baseBinding), argumentValue);
	SMTMethodAssignment methodAssignment = new SMTMethodAssignment(lhs, indexOfMethod);
	SMTAssertStatement assertStmt = new SMTAssertStatement(methodAssignment);
	
	stmtVisitor.addAssertStmtToAllPrograms(assertStmt);
	
	this.result = lhs;				
}
 

private void generateSMTEqualStmt(InvokeExpr invokeExpr, Value base) {
	//############## a.equals(b), a.equalsIgnoreCase(b) and a.matches(b) treatment ##############
	//(= a b)
			
	//treatment of lhs
	SMTBinding lhs = null;		
	if(stmtVisitor.hasBindingForValue(base))
		lhs = stmtVisitor.getLatestBindingForValue(base);
	else {			
		lhs = stmtVisitor.createNewBindingForValue(base);
		//created a new binding => dynamic values are necessary here for improving the result
		if(lhs.getVersion() == 0) {
			stmtVisitor.addNewDynamicValueForBaseObjectToMap(currentStatement, lhs);
		}	
		stmtVisitor.addValueBindingToVariableDeclaration(base, lhs);			
	}
	
	//treatment of rhs
	Value equalsCheck = invokeExpr.getArg(0);
	SMTValue smtArgumentValue = null;
	if(equalsCheck instanceof StringConstant)
		smtArgumentValue = new SMTConstantValue<String>(((StringConstant) equalsCheck).value);
	else {
		//no constant string available; there is maybe a need for dynamic information to improve the result
		SMTBinding tmpBinding = null;
		if(stmtVisitor.hasBindingForValue(equalsCheck))
			tmpBinding = stmtVisitor.getLatestBindingForValue(equalsCheck);
		else {
			tmpBinding = stmtVisitor.createNewBindingForValue(equalsCheck);
			stmtVisitor.addValueBindingToVariableDeclaration(equalsCheck, tmpBinding);
			//created a new binding => dynamic values are necessary here for improving the result
			stmtVisitor.addNewDynamicValueForArgumentToMap(currentStatement, tmpBinding, 0);
		}				
					
		smtArgumentValue = new SMTBindingValue(tmpBinding);
	}
	
	SMTBinding outerLHS = stmtVisitor.createTemporalBinding(SMTBinding.TYPE.Bool);
	SMTBooleanEqualsAssignment booleanEqualsAssignment = new SMTBooleanEqualsAssignment(outerLHS, new SMTBindingValue(lhs), smtArgumentValue);
	SMTAssertStatement booleanEqualsnAssert = new SMTAssertStatement(booleanEqualsAssignment);
	stmtVisitor.addAssertStmtToAllPrograms(booleanEqualsnAssert);
	
	// result is treated in JimpleStmtVisitor
	this.result = outerLHS;						
}