soot.jimple.ReturnStmt Java Examples

@Override
public void caseReturnStmt(ReturnStmt stmt) {
	//in case of return CONSTANT, we do nothing; unfortunately, this is part of FlowDroid's path
	if(stmt.getOp() instanceof Constant)
		return;
	int index = jimpleDataFlowStatements.indexOf(stmt);
	AccessPath ap = accessPathPath.get(index);
	Local local = ap.getPlainValue();
			
	SMTBinding lhs = createNewBindingForValue(local);
	addValueBindingToVariableDeclaration(local, lhs);
	
	if(!hasBindingForValue(stmt.getOp()))
		throw new RuntimeException("There has to be a tainted value");
	SMTBinding rhs = getLatestBindingForValue(stmt.getOp());
	
	SMTSimpleAssignment simpleAss = new SMTSimpleAssignment(lhs, new SMTBindingValue(rhs));
	SMTAssertStatement assertStmt = new SMTAssertStatement(simpleAss);
	addAssertStmtToAllPrograms(assertStmt);	
}
 

public boolean tryBodyPattern(List<Object> body,SETNodeLabel label, List<Object> otherBody){
	Stmt lastStmt = getLastStmt(body);
	if(lastStmt == null){
		//dont have a last stmt so cant match pattern
		return false;
	}
		
	if(! (lastStmt instanceof ReturnStmt || lastStmt instanceof ReturnVoidStmt || lastStmt instanceof DAbruptStmt)){
		//lastStmt is not an abrupt stmt
		return false;
	}

	if(bodyTargetsLabel(label,body) || bodyTargetsLabel(label,otherBody)){
		//one of the bodies targets the label on the ifelse cant match pattern
		return false;
	}

	//pattern matched
	return true;
}
 

@Override
public void caseReturnStmt(ReturnStmt stmt) {
	Value returnValue = stmt.getOp();
	constantV.setOrigStmt(stmt);
	Register returnReg = regAlloc.asImmediate(returnValue, constantV);
	Opcode opc;
	Type retType = returnValue.getType();
	if (SootToDexUtils.isObject(retType)) {
		opc = Opcode.RETURN_OBJECT;
	} else if (SootToDexUtils.isWide(retType)) {
		opc = Opcode.RETURN_WIDE;
	} else {
		opc = Opcode.RETURN;
	}
       addInsn(new Insn11x(opc, returnReg), stmt);
}
 

public void caseReturnStmt(ReturnStmt stmt) {
	if (stmt.getOp() instanceof Local) {
		if (((Local) stmt.getOp()).getType() instanceof IntegerType) {
			if (!ClassHierarchy
					.v()
					.typeNode(((Local) stmt.getOp()).getType())
					.hasAncestor_1(
							ClassHierarchy.v().typeNode(
									stmtBody.getMethod().getReturnType()))) {
				if (fix) {
					stmt.setOp(insertCast((Local) stmt.getOp(), stmtBody
							.getMethod().getReturnType(), stmt));
				} else {
					error("Type Error(19)");
				}
			}
		}
	}
}
 

public static Stmt getReturnStmt(SootMethod sootMethod)
{
	Stmt rtVal = null;
	
	Body b = sootMethod.retrieveActiveBody();
	PatchingChain<Unit> units = b.getUnits();
	
	for (Iterator<Unit> iter = units.iterator(); iter.hasNext(); )
	{
		Stmt stmt = (Stmt) iter.next();
		
		if (stmt instanceof ReturnStmt || stmt instanceof ReturnVoidStmt)
		{
			rtVal = stmt;
		}
	}
	
	return rtVal;
}
 

@Override
protected void internalTransform(Body body, String phaseName, Map<String, String> options) {
	// Do not instrument methods in framework classes
	if (!canInstrumentMethod(body.getMethod()))
		return;
	
	instrumentInfoAboutNonAPICall(body);
	
	//important to use snapshotIterator here
	Iterator<Unit> iterator = body.getUnits().snapshotIterator();
	while(iterator.hasNext()){
		Unit unit = iterator.next();
		if(unit instanceof ReturnStmt || unit instanceof ReturnVoidStmt)
			instrumentInfoAboutReturnStmt(body, unit);
		else if(unit instanceof DefinitionStmt || unit instanceof InvokeStmt)
			instrumentInfoAboutNonApiCaller(body, unit);
		else if(unit instanceof IfStmt)
			instrumentEachBranchAccess(body, (IfStmt)unit);
	}				
}
 

@Override
public boolean isSink(Stmt sCallSite, InterproceduralCFG<Unit, SootMethod> cfg,
		AccessPath ap) {
	// Check whether values returned by the current method are to be
	// considered as sinks
	if (this.returnTaintMethods != null
			&& sCallSite instanceof ReturnStmt
			&& this.returnTaintMethods.contains(cfg.getMethodOf(sCallSite).getSignature()))
		return true;
	
	// Check whether the callee is a sink
	if (this.sinks != null
			&& sCallSite.containsInvokeExpr()
			&& this.sinks.contains(sCallSite.getInvokeExpr().getMethod().getSignature()))
		return true;
	
	return false;
}
 

public void instrumentOnBindMethod(SootClass sootClass, SootField ibinder_for_ipc)
{
	SootMethod onBindMethod = null;
	try
	{
		onBindMethod = sootClass.getMethodByName("onBind");
	}
	catch (RuntimeException ex)
	{
	}
	
	
	if (null == onBindMethod)
	{
		return;
	}
	
	Body body = onBindMethod.retrieveActiveBody();
	PatchingChain<Unit> units = body.getUnits();
	for (Iterator<Unit> iter = units.snapshotIterator(); iter.hasNext(); )
	{
		Stmt stmt = (Stmt) iter.next();
		
		if (stmt instanceof ReturnStmt)
		{
			ReturnStmt rtStmt = (ReturnStmt) stmt;
			Value rtValue = rtStmt.getOp();
			
			Unit setIBinderU = Jimple.v().newAssignStmt(
					Jimple.v().newStaticFieldRef(ibinder_for_ipc.makeRef()), 
					rtValue);
			
			units.insertBefore(setIBinderU, rtStmt);
		}
		
	}
	
	
}
 

public void caseReturnStmt(ReturnStmt stmt) {
	if (uses) {
		if (stmt.getOp() instanceof Local) {
			if (((Local) stmt.getOp()).getType() instanceof IntegerType) {
				resolver.typeVariable((Local) stmt.getOp()).addParent(
						resolver.typeVariable(stmtBody.getMethod().getReturnType()));
			}
		}
	}
}
 

public void caseReturnStmt(ReturnStmt stmt) {
	if (uses) {
		if (stmt.getOp() instanceof Local) {
			resolver.typeVariable((Local) stmt.getOp()).addParent(
					resolver.typeVariable(stmtBody.getMethod().getReturnType()));
		}
	}
}
 

@Override
public void onCalleeAdded(Unit unit, SootMethod sootMethod) {
    for (Unit u : staticIcfg.getEndPointsOf(sootMethod)) {
        if (u instanceof ReturnStmt && ((ReturnStmt) u).getOp() instanceof IntConstant) {
            ForwardQuery forwardQuery = new ForwardQuery(p_statement,
                    new AllocVal(p_as.getLeftOp(), staticIcfg.getMethodOf(p_stmt), ((ReturnStmt) u).getOp(),
                            new Statement((Stmt) u, sootMethod)));
            p_returnValue.set(forwardQuery);
        }
    }
}
 

@Override
protected void internalTransform(Body body, String phaseName,
		Map<String, String> options) {
	Iterator<Unit> it = body.getUnits().snapshotIterator();
	while (it.hasNext()) {
		Unit u = it.next();
		if (u instanceof GotoStmt) {
			GotoStmt gtStmt = (GotoStmt) u;
			if (gtStmt.getTarget() instanceof AssignStmt) {
				AssignStmt assign = (AssignStmt) gtStmt.getTarget();
				if (assign.getRightOp() instanceof CastExpr) {
					CastExpr ce = (CastExpr) assign.getRightOp();
					// We have goto that ends up at a cast statement
					Unit nextStmt = body.getUnits().getSuccOf(assign);
					if (nextStmt instanceof ReturnStmt) {
						ReturnStmt retStmt = (ReturnStmt) nextStmt;
						if (retStmt.getOp() == assign.getLeftOp()) {
							// We need to replace the GOTO with the return
							ReturnStmt newStmt = (ReturnStmt) retStmt.clone();
							newStmt.setOp(ce.getOp());

							for (Trap t : body.getTraps())
								for (UnitBox ubox : t.getUnitBoxes())
									if (ubox.getUnit() == gtStmt)
										ubox.setUnit(newStmt);
							
							while (!gtStmt.getBoxesPointingToThis().isEmpty())
								gtStmt.getBoxesPointingToThis().get(0).setUnit(newStmt);
							body.getUnits().swapWith(gtStmt, newStmt);
						}
					}
				}
			}
		}
	}
}
 

private void convertReturnInsn(InsnNode insn) {
	int op = insn.getOpcode();
	boolean dword = op == LRETURN || op == DRETURN;
	StackFrame frame = getFrame(insn);
	if (!units.containsKey(insn)) {
		Operand val = dword ? popImmediateDual() : popImmediate();
		ReturnStmt ret = Jimple.v().newReturnStmt(val.stackOrValue());
		val.addBox(ret.getOpBox());
		frame.in(val);
		frame.boxes(ret.getOpBox());
		setUnit(insn, ret);
	} else {
		frame.mergeIn(dword ? popDual() : pop());
	}
}
 

public SootMethod addMethod(SootMethod mainMethod, String methodSignature)
{
	Body body = mainMethod.getActiveBody();
   	
	Stmt returnStmt = null;
	
   	PatchingChain<Unit> units = body.getUnits();
   	for (Iterator<Unit> iter = units.snapshotIterator(); iter.hasNext(); )
   	{
   		Stmt stmt = (Stmt) iter.next();
   		
   		if (stmt instanceof ReturnStmt || stmt instanceof ReturnVoidStmt)
   		{
   			returnStmt = stmt;
   		}
   	}
   	
   	SootMethod sm = Scene.v().getMethod(methodSignature);
   	
   	List<Type> paramTypes = sm.getParameterTypes();
   	List<Value> paramValues = new ArrayList<Value>();
   	for (int i = 0; i < paramTypes.size(); i++)
   	{
   		paramValues.add(InstrumentationUtils.toDefaultSootTypeValue(paramTypes.get(i)));
   	}
   	
   	
   	if (sm.isStatic())    //No need to construct its obj ref
   	{
   		InvokeExpr expr = Jimple.v().newStaticInvokeExpr(sm.makeRef(), paramValues);
   		Unit callU = Jimple.v().newInvokeStmt(expr);
   		units.insertBefore(callU, returnStmt);
   	}
   	else
   	{
   		//new obj first and then call the method
   		
   		SootClass sc = sm.getDeclaringClass();
   		List<SootMethod> methods = sc.getMethods();
   		
   		SootMethod init = null;
   		SootMethod clinit = null;
   		
   		for (SootMethod method : methods)
   		{
   			if (method.getName().equals("<clinit>"))
   			{
   				clinit = method;
   			}
   			
   			if (method.getName().equals("<init>"))
   			{
   				init = method;
   			}
   		}
   		
   		LocalGenerator localGenerator = new LocalGenerator(body);
   		
   		Local obj = localGenerator.generateLocal(sc.getType());
   		
   		Unit newU = Jimple.v().newAssignStmt(obj, Jimple.v().newNewExpr(sc.getType())); 
   		units.insertBefore(newU, returnStmt);
   		
   		if (null != clinit)
   		{
   			Unit clinitCallU = Jimple.v().newInvokeStmt(Jimple.v().newStaticInvokeExpr(clinit.makeRef()));
   			units.insertBefore(clinitCallU, returnStmt);
   		}
   		
   		if (null != init)
   		{
   			List<Type> initParamTypes = init.getParameterTypes();
   	    	List<Value> initParamValues = new ArrayList<Value>();
   	    	for (int i = 0; i < initParamTypes.size(); i++)
   	    	{
   	    		initParamValues.add(InstrumentationUtils.toDefaultSootTypeValue(initParamTypes.get(i)));
   	    	}
   	    	
   	    	Unit initCallU = Jimple.v().newInvokeStmt(Jimple.v().newVirtualInvokeExpr(obj, init.makeRef(), initParamValues));
   	    	units.insertBefore(initCallU, returnStmt);
   		}
   		else
   		{
   			throw new RuntimeException("Is it possible that a class does not contain an <init> method?");
   		}
   	}
   	
   	System.out.println(body);
   	body.validate();
   	
   	return mainMethod;
}
 

/**
 * Returns the variable values that are associated with an call statement.
 * 
 * @param sourceStmt The statement at which we should start.
 * @param visitedStmts The set of visited statements.
 * @return The set of possible values.
 */
protected Set<Object> handleInvokeExpression(Stmt sourceStmt, Set<Stmt> visitedStmts) {
  if (visitedStmts.contains(sourceStmt)) {
    return Collections.emptySet();
  } else {
    visitedStmts.add(sourceStmt);
  }
  Iterator<Edge> edges = Scene.v().getCallGraph().edgesOutOf(sourceStmt);
  Set<Object> result = new HashSet<>();

  while (edges.hasNext()) {
    Edge edge = edges.next();
    SootMethod target = edge.getTgt().method();
    if (target.isConcrete()) {
      for (Unit unit : target.getActiveBody().getUnits()) {
        if (unit instanceof ReturnStmt) {
          ReturnStmt returnStmt = (ReturnStmt) unit;

          Value returnValue = returnStmt.getOp();
          if (returnValue instanceof StringConstant) {
            result.add(((StringConstant) returnValue).value);
          } else if (returnValue instanceof ClassConstant) {
            result.add(((ClassConstant) returnValue).value);
          } else if (returnValue instanceof Local) {
            List<DefinitionStmt> assignStmts =
                findAssignmentsForLocal(returnStmt, (Local) returnValue, true,
                    new HashSet<Pair<Unit, Local>>());
            Set<Object> classConstants = processClassAssignments(assignStmts, visitedStmts);
            if (classConstants == null || classConstants.contains(TOP_VALUE)
                || classConstants.contains(Constants.ANY_STRING)) {
              return null;
            } else {
              result.addAll(classConstants);
            }
          } else {
            return null;
          }
        }
      }
    }
  }

  return result;
}
 

protected Collection<? extends State> computeCallFlow(SootMethod caller, Statement returnSite, Statement callSite,
        InvokeExpr invokeExpr, Val fact, SootMethod callee, Stmt calleeSp) {
    if (!callee.hasActiveBody())
        return Collections.emptySet();
    if (calleeSp instanceof ThrowStmt) {
        return Collections.emptySet();
    }
    Body calleeBody = callee.getActiveBody();
    Set<State> out = Sets.newHashSet();
    if (invokeExpr instanceof InstanceInvokeExpr) {
        InstanceInvokeExpr iie = (InstanceInvokeExpr) invokeExpr;
        if (iie.getBase().equals(fact.value()) && !callee.isStatic()) {
            out.add(new PushNode<Statement, Val, Statement>(new Statement(calleeSp, callee),
                    new Val(calleeBody.getThisLocal(), callee), returnSite, PDSSystem.CALLS));
        }
    }
    List<Local> parameterLocals = calleeBody.getParameterLocals();
    int i = 0;
    for (Value arg : invokeExpr.getArgs()) {
        if (arg.equals(fact.value()) && parameterLocals.size() > i) {
            Local param = parameterLocals.get(i);
            out.add(new PushNode<Statement, Val, Statement>(new Statement(calleeSp, callee), new Val(param, callee),
                    returnSite, PDSSystem.CALLS));
        }
        i++;
    }

    if (callSite.getUnit().get() instanceof AssignStmt && calleeSp instanceof ReturnStmt) {
        AssignStmt as = (AssignStmt) callSite.getUnit().get();
        ReturnStmt retStmt = (ReturnStmt) calleeSp;
        if (as.getLeftOp().equals(fact.value())) {
            out.add(new PushNode<Statement, Val, Statement>(new Statement(calleeSp, callee),
                    new Val(retStmt.getOp(), callee), returnSite, PDSSystem.CALLS));
        }
    }
    if (fact.isStatic()) {
        out.add(new PushNode<Statement, Val, Statement>(new Statement(calleeSp, callee),
                new StaticFieldVal(fact.value(), ((StaticFieldVal) fact).field(), callee), returnSite,
                PDSSystem.CALLS));
    }
    return out;
}
 

/**
 * To extract the real binder type,
 * Thus, a more precision way is to perform a type analysis for IBinder reference
 * 
 * @return
 */
public Type extractBinderType(SootClass sootClass)
{
	SootMethod onBindMethod = null;
	try
	{
		onBindMethod = sootClass.getMethodByName("onBind");
	}
	catch (RuntimeException ex)
	{
	}
	
	
	if (null == onBindMethod)
	{
		return null;
	}
	
	
	Body body = onBindMethod.retrieveActiveBody();
	PatchingChain<Unit> units = body.getUnits();
	for (Iterator<Unit> iter = units.snapshotIterator(); iter.hasNext(); )
	{
		Stmt stmt = (Stmt) iter.next();
		
		if (stmt instanceof ReturnStmt)
		{
			ReturnStmt rtStmt = (ReturnStmt) stmt;
			Value rtValue = rtStmt.getOp();
			
			if (rtValue.toString().equals("null"))
			{
				return onBindMethod.getReturnType();
			}
			
			return rtValue.getType();
		}
		
	}
	
	return onBindMethod.getReturnType();
}
 

public static boolean isReturnOperator(Val val, Stmt stmt) {
    return (stmt instanceof ReturnStmt && ((ReturnStmt) stmt).getOp().equals(val.value()));
}
 

@Override
	public void caseReturnStmt(ReturnStmt s) {
//	    result = result.add(mgr.ILLEGAL_MONITOR_STATE_EXCEPTION);
//	    result = result.add(mightThrow(s.getOp()));
	}
 

@Override
public DavaFlowSet processAbruptStatements(Stmt s, DavaFlowSet input){
   	if(DEBUG)	System.out.println("processing stmt "+s);
   	if(s instanceof ReturnStmt || s instanceof RetStmt || s instanceof ReturnVoidStmt){
   	    //dont need to remember this path
   		UnreachableCodeFlowSet toReturn = new UnreachableCodeFlowSet();
   		toReturn.add(new Boolean(false));
   		toReturn.copyInternalDataFrom(input);
   		//false indicates NOPATH
       	if(DEBUG)	System.out.println("\tstmt is a return stmt. Hence sending forward false");
   	    return toReturn;
   	}
   	else if(s instanceof DAbruptStmt){
   	    DAbruptStmt abStmt = (DAbruptStmt)s;
   	    
   	    //see if its a break or continue
   	    if(!(abStmt.is_Continue()|| abStmt.is_Break())){
   	    	//DAbruptStmt is of only two kinds
   	    	throw new RuntimeException("Found a DAbruptStmt which is neither break nor continue!!");
   	    }		    
   	    
   	    DavaFlowSet temp = new UnreachableCodeFlowSet();
   	    SETNodeLabel nodeLabel = abStmt.getLabel();

   	    //    	  notice we ignore continues for this analysis
   		if (abStmt.is_Break()){
   			if(nodeLabel != null && nodeLabel.toString() != null){
   				//explicit break stmt    	    
   	    		temp.addToBreakList(nodeLabel.toString(),input);			
   			}
   			else{
   				//found implicit break
   	    		temp.addToImplicitBreaks(abStmt,input);    	    	
   			}
   	    }
   	    temp.add(new Boolean(false));
   	    temp.copyInternalDataFrom(input);
       	if(DEBUG)	System.out.println("\tstmt is an abrupt stmt. Hence sending forward false");
   	    return temp;
   	}
   	else{
       	if(DEBUG)	System.out.println("\tstmt is not an abrupt stmt.");
   	    return processStatement(s,input);
   	}
   }
 

/**
 * Whenever a statement has to be processed the first step is to invoke this
 * method. This is to remove the tedious work of adding code to deal with
 * abrupt control flow from the programmer of the analysis. The method
 * invokes the processStatement method for all other statements
 * 
 * A programmer can decide to override this method if they want to do
 * something specific
 */
public DavaFlowSet processAbruptStatements(Stmt s, DavaFlowSet input) {
	if (s instanceof ReturnStmt || s instanceof RetStmt || s instanceof ReturnVoidStmt) {
		// dont need to remember this path
		return NOPATH;
	} else if (s instanceof DAbruptStmt) {
		DAbruptStmt abStmt = (DAbruptStmt) s;

		// see if its a break or continue
		if (!(abStmt.is_Continue() || abStmt.is_Break())) {
			// DAbruptStmt is of only two kinds
			throw new RuntimeException("Found a DAbruptStmt which is neither break nor continue!!");
		}

		DavaFlowSet temp = NOPATH;
		SETNodeLabel nodeLabel = abStmt.getLabel();
		// System.out.println("here");
		if (nodeLabel != null && nodeLabel.toString() != null) {
			// explicit abrupt stmt
			if (abStmt.is_Continue())
				temp.addToContinueList(nodeLabel.toString(), input);
			else if (abStmt.is_Break())
				temp.addToBreakList(nodeLabel.toString(), input);
			else
				throw new RuntimeException("Found abruptstmt which is neither break nor continue");
		} else {
			// found implicit break/continue
			if (abStmt.is_Continue())
				temp.addToImplicitContinues(abStmt, input);
			else if (abStmt.is_Break())
				temp.addToImplicitBreaks(abStmt, input);
			else
				throw new RuntimeException("Found abruptstmt which is neither break nor continue");
		}
		return temp;
	} else {
		/**************************************************************/
		/****** ALL OTHER STATEMENTS HANDLED BY PROGRAMMER **************/
		/**************************************************************/
		return processStatement(s, input);
	}
}
 

@Override
protected void internalTransform(Body body, String phaseName, Map<String, String> options) {
       ExceptionalUnitGraph graph = new ExceptionalUnitGraph(body, DalvikThrowAnalysis.v(), true);
       LocalDefs localDefs = LocalDefs.Factory.newLocalDefs(graph);
       LocalUses localUses = null;
       LocalCreation localCreation = null;
       
	// If a return statement's operand has only one definition and this is
	// a copy statement, we take the original operand
	for (Unit u : body.getUnits())
		if (u instanceof ReturnStmt) {
			ReturnStmt retStmt = (ReturnStmt) u;
			if (retStmt.getOp() instanceof Local) {
				List<Unit> defs = localDefs.getDefsOfAt((Local) retStmt.getOp(), retStmt);
				if (defs.size() == 1 && defs.get(0) instanceof AssignStmt) {
					AssignStmt assign = (AssignStmt) defs.get(0);
					final Value rightOp = assign.getRightOp();
					final Value leftOp = assign.getLeftOp();
					
					// Copy over the left side if it is a local
					if (rightOp instanceof Local) {
						// We must make sure that the definition we propagate to
						// the return statement is not overwritten in between
						// a = 1; b = a; a = 3; return b; may not be translated
						// to return a;
						if (!isRedefined((Local) rightOp, u, assign, graph))
							retStmt.setOp(rightOp);
					}
					else if (rightOp instanceof Constant) {
						retStmt.setOp(rightOp);
					}
					// If this is a field access which has no other uses,
					// we rename the local to help splitting
					else if (rightOp instanceof FieldRef) {
						if (localUses == null)
							localUses = LocalUses.Factory.newLocalUses(body, localDefs);
						if (localUses.getUsesOf(assign).size() == 1) {
							if (localCreation == null)
								localCreation = new LocalCreation(body.getLocals(), "ret");
							Local newLocal = localCreation.newLocal(leftOp.getType());
							assign.setLeftOp(newLocal);
							retStmt.setOp(newLocal);
						}
					}
				}
			}
		}
}
 

private boolean isInstanceofReturn(Unit u) {
	if (u instanceof ReturnStmt || u instanceof ReturnVoidStmt)
		return true;
	return false;
}
 

public void caseReturnStmt(ReturnStmt stmt)
{
	stmt.setOp(this.uv.visit(
		stmt.getOp(), this.jb.getMethod().getReturnType(), stmt));
}
 

public void caseReturnStmt(ReturnStmt stmt) {
	String varName = printValueAssignment(stmt.getOp(), "retVal");
	printStmt(stmt,varName);
}
 

public void caseReturnStmt(ReturnStmt stmt) {
	Variable rvar = jt.makeVariable(stmt.getOp());
	Return r = new Return();
	r.setAssignmentTarget(rvar);
	addStatement(r);
}