soot.jimple.SpecialInvokeExpr Java Examples

@Override
public void caseSpecialInvokeExpr(SpecialInvokeExpr v) {
	//is the invokeExpr a source method?
	if(isSourceMethod(v)) {
		StringConstant newSourceValue = StringConstant.v("loggingPoint");
		SMTBinding binding = stmtVisitor.createNewBindingForValue(newSourceValue);
		stmtVisitor.addValueBindingToVariableDeclaration(newSourceValue, binding);				
		//no smt-statement required, just return the binding
		this.result = binding;
		
		// Additionally check whether the source method need special treatment
		if(isExpressionThatNeedsToBeConvertedToSMT(v)) {
			convertSpecialExpressionsToSMT(v, currentStatement);
		}
		
	} else {
		if(isStringOperationSupportedBySMT(v))
			convertStringOperationToSMT(v, v.getBase());
		else if(isExpressionThatNeedsToBeConvertedToSMT(v))
			convertSpecialExpressionsToSMT(v, currentStatement);
		else
			convertAPIMethodToSMT(v);
	}
}
 

/** Returns the target for the given SpecialInvokeExpr. */
public SootMethod resolveSpecialDispatch(SpecialInvokeExpr ie, SootMethod container)
{
    container.getDeclaringClass().checkLevel(SootClass.HIERARCHY);
    SootMethod target = ie.getMethod();
    target.getDeclaringClass().checkLevel(SootClass.HIERARCHY);

    /* This is a bizarre condition!  Hopefully the implementation is correct.
       See VM Spec, 2nd Edition, Chapter 6, in the definition of invokespecial. */
    if ("<init>".equals(target.getName()) || target.isPrivate())
        return target;
    else if (isClassSubclassOf(target.getDeclaringClass(), container.getDeclaringClass()))
        return resolveConcreteDispatch(container.getDeclaringClass(), target);
    else
        return target;
}
 

private boolean isCallToSuper(SpecialInvokeExpr sie) {
	SootClass classWithInvokation = sie.getMethod().getDeclaringClass();
	SootClass currentClass = stmtV.getBelongingClass();
	while (currentClass.hasSuperclass()) {
		currentClass = currentClass.getSuperclass();
		if (currentClass.equals(classWithInvokation)) {
			return true;
		}
	}
	
	// If we're dealing with phantom classes, we might not actually
	// arrive at java.lang.Object. In this case, we should not fail
	// the check
	if (currentClass.isPhantom() && !currentClass.getName().equals("java.lang.Object"))
		return true;
	
	return false; // we arrived at java.lang.Object and did not find a declaration
}
 

@Override
public void caseSpecialInvokeExpr(SpecialInvokeExpr sie) {
	BuilderMethodReference method = DexPrinter.toMethodReference
			(sie.getMethodRef(), dexFile);
	List<Register> arguments = getInstanceInvokeArgumentRegs(sie);
	if (isCallToConstructor(sie) || isCallToPrivate(sie)) {
           stmtV.addInsn(buildInvokeInsn("INVOKE_DIRECT", method, arguments), origStmt);
	} else if (isCallToSuper(sie)) {
           stmtV.addInsn(buildInvokeInsn("INVOKE_SUPER", method, arguments), origStmt);
	} else {
		// This should normally never happen, but if we have such a
		// broken call (happens in malware for instance), we fix it.
           stmtV.addInsn(buildInvokeInsn("INVOKE_VIRTUAL", method, arguments), origStmt);
	}
}
 

private static void initializePeP(SootClass sc){
		SootMethod onCreate = null;
		log.info("add Pep initialization in class "+ sc);
		for(SootMethod sm : sc.getMethods()){
			if(sm.getName().equals("onCreate") && 
					sm.getParameterCount() == 1 && 
					sm.getParameterType(0).toString().equals("android.os.Bundle")){
				onCreate = sm;
			}
		}
	
		if(onCreate != null){
			List<Unit> generated = new ArrayList<Unit>();
			Body body = onCreate.retrieveActiveBody();
			
			Local thisLocal = body.getThisLocal();
			SootClass context = Scene.v().forceResolve("android.content.Context", SootClass.BODIES);
//				SootMethod applicationContext =sc.getMethod("android.content.Context getApplicationContext()");
			SootMethod applicationContext = context.getMethod("android.content.Context getApplicationContext()");
			SpecialInvokeExpr virtInvExpr = Jimple.v().newSpecialInvokeExpr(thisLocal, applicationContext.makeRef());
			
			Local applicationContextLocal = generateFreshLocal(body, RefType.v("android.content.Context"));
			generated.add(Jimple.v().newAssignStmt(applicationContextLocal, virtInvExpr));
			
			List<Object> args = new ArrayList<Object>();
			args.add(RefType.v("android.content.Context"));
			args.add(applicationContextLocal);
			
			StaticInvokeExpr staticInvExpr = Instrumentation.createJimpleStaticInvokeExpr(Settings.instance.INSTRUMENTATION_HELPER_JAVA, Settings.instance.INSTRUMENTATION_HELPER_INITIALIZE_METHOD, args);
			generated.add(Jimple.v().newInvokeStmt(staticInvExpr));
			
			Unit onCreateSpecialInvoke = getSuperOnCreateUnit(body);
			if(onCreateSpecialInvoke == null)
				throw new RuntimeException("error: super.onCreate() statement missing in method "+ onCreate);
			
			body.getUnits().insertAfter(generated, onCreateSpecialInvoke);
		}
		
		
	}
 

@Override
public void addCalleeListener(CalleeListener<Unit, SootMethod> listener) {
    if (!calleeListeners.put(listener.getObservedCaller(), listener)) {
        return;
    }

    // Notify the new listener about edges we already know
    Unit unit = listener.getObservedCaller();
    Stmt stmt = (Stmt) unit;
    Iterator<Edge> edgeIterator = demandDrivenCallGraph.edgesOutOf(unit);
    while (edgeIterator.hasNext()) {
        Edge edge = edgeIterator.next();
        listener.onCalleeAdded(unit, edge.tgt());
    }

    InvokeExpr ie = stmt.getInvokeExpr();
    // Now check if we need to find new edges
    if ((ie instanceof InstanceInvokeExpr)) {
        // If it was invoked on an object we might find new instances
        if (ie instanceof SpecialInvokeExpr) {
            // If it was a special invoke, there is a single target
            addCallIfNotInGraph(unit, ie.getMethod(), Kind.SPECIAL);
            // If the precomputed graph has more edges than our graph, there may be more edges to find
        } else if (precomputedCallGraph != null && potentiallyHasMoreEdges(precomputedCallGraph.edgesOutOf(unit),
                demandDrivenCallGraph.edgesOutOf(unit))) {
            // Query for callees of the unit and add edges to the graph
            queryForCallees(unit);
        }
    } else {
        // Call was not invoked on an object. Must be static
        addCallIfNotInGraph(unit, ie.getMethod(), Kind.STATIC);
    }
}
 

/** Returns the target for the given SpecialInvokeExpr. */
public SootMethod resolveSpecialDispatch(SpecialInvokeExpr ie, SootMethod container)
{
    SootMethod target = ie.getMethod();

    /* This is a bizarre condition!  Hopefully the implementation is correct.
       See VM Spec, 2nd Edition, Chapter 6, in the definition of invokespecial. */
    if (target.getName().equals("<init>") || target.isPrivate())
        return target;
    else if (isSubclass(target.getDeclaringClass(), container.getDeclaringClass()))
        return resolveConcreteDispatch(container.getDeclaringClass(), target );
    else
        return target;
}
 

@Override
public Set<SootMethod> load(Unit u) throws Exception {
	Stmt stmt = (Stmt)u;
	InvokeExpr ie = stmt.getInvokeExpr();
	FastHierarchy fastHierarchy = Scene.v().getFastHierarchy();
	//FIXME Handle Thread.start etc.
	if(ie instanceof InstanceInvokeExpr) {
		if(ie instanceof SpecialInvokeExpr) {
			//special
			return Collections.singleton(ie.getMethod());
		} else {
			//virtual and interface
			InstanceInvokeExpr iie = (InstanceInvokeExpr) ie;
			Local base = (Local) iie.getBase();
			RefType concreteType = bodyToLMNAA.getUnchecked(unitToOwner.get(u)).concreteType(base, stmt);
			if(concreteType!=null) {
				//the base variable definitely points to a single concrete type 
				SootMethod singleTargetMethod = fastHierarchy.resolveConcreteDispatch(concreteType.getSootClass(), iie.getMethod());
				return Collections.singleton(singleTargetMethod);
			} else {
				SootClass baseTypeClass;
				if(base.getType() instanceof RefType) {
					RefType refType = (RefType) base.getType();
					baseTypeClass = refType.getSootClass();
				} else if(base.getType() instanceof ArrayType) {
					baseTypeClass = Scene.v().getSootClass("java.lang.Object");
				} else if(base.getType() instanceof NullType) {
					//if the base is definitely null then there is no call target
					return Collections.emptySet();
				} else {
					throw new InternalError("Unexpected base type:"+base.getType());
				}
				return fastHierarchy.resolveAbstractDispatch(baseTypeClass, iie.getMethod());
			}
		}
	} else {
		//static
		return Collections.singleton(ie.getMethod());
	}
}
 

private InvokeStmt getFirstSpecialInvoke(Body b){
    for (Unit u : b.getUnits()) {
        Stmt s = (Stmt)u;
        if (!(s instanceof InvokeStmt)) continue;

        InvokeExpr invokeExpr = ((InvokeStmt)s).getInvokeExpr();
        if (!(invokeExpr instanceof SpecialInvokeExpr)) continue;

        return (InvokeStmt)s;        
    }
    // but there will always be either a call to this() or to super()
    // from the constructor
    return null;
}
 

public void caseSpecialInvokeExpr(SpecialInvokeExpr expr) {
	// Constructor calls, maybe
	Variable bvar = st.getLocalVariable((Local)expr.getBase());
	SootMethod m = expr.getMethod();
	if (m.getName().equals("<init>")) {
		SootClass dc = m.getDeclaringClass();
		if (isFoo(dc)) {
			FooInit fi = new FooInit();
			fi.setAssignmentTarget(bvar);
			st.addStatement(fi);
			return;
		}
	}
	handleCall(expr, expr.getMethod());
}
 

private void split_new()
 {
LocalDefs defs = LocalDefs.Factory.newLocalDefs(stmtBody);
   PatchingChain<Unit> units = stmtBody.getUnits();
   Stmt[] stmts = new Stmt[units.size()];

   units.toArray(stmts);
   
   for (Stmt stmt : stmts) {
if(stmt instanceof InvokeStmt)
  {
    InvokeStmt invoke = (InvokeStmt) stmt;
    
    if(invoke.getInvokeExpr() instanceof SpecialInvokeExpr)
      {
	SpecialInvokeExpr special = (SpecialInvokeExpr) invoke.getInvokeExpr();
	
	if(special.getMethodRef().name().equals("<init>"))
	  {
	    List<Unit> deflist = defs.getDefsOfAt((Local) special.getBase(), invoke);
	    
	    while(deflist.size() == 1)
	      {
		Stmt stmt2 = (Stmt) deflist.get(0);
		
		if(stmt2 instanceof AssignStmt)
		  {
		    AssignStmt assign = (AssignStmt) stmt2;
		    
		    if(assign.getRightOp() instanceof Local)
		      {
			deflist = defs.getDefsOfAt((Local) assign.getRightOp(), assign);
			continue;
		      }
		    else if(assign.getRightOp() instanceof NewExpr)
		      {			
			// We split the local.
			//G.v().out.println("split: [" + assign + "] and [" + stmt + "]");
			Local newlocal = Jimple.v().newLocal("tmp", null);
			stmtBody.getLocals().add(newlocal);
			
			special.setBase(newlocal);
			
			units.insertAfter(Jimple.v().newAssignStmt(assign.getLeftOp(), newlocal), assign);
			assign.setLeftOp(newlocal);
		      }
		  }
		break;
	      }
	  }
      }
  }
     }
 }
 

private void split_new()
 {
LocalDefs defs = LocalDefs.Factory.newLocalDefs(stmtBody);
   PatchingChain<Unit> units = stmtBody.getUnits();
   Stmt[] stmts = new Stmt[units.size()];

   units.toArray(stmts);
   
   for (Stmt stmt : stmts) {
if(stmt instanceof InvokeStmt)
  {
    InvokeStmt invoke = (InvokeStmt) stmt;
    
    if(invoke.getInvokeExpr() instanceof SpecialInvokeExpr)
      {
	SpecialInvokeExpr special = (SpecialInvokeExpr) invoke.getInvokeExpr();
	
	if("<init>".equals(special.getMethodRef().name()))
	  {
	    List<Unit> deflist = defs.getDefsOfAt((Local) special.getBase(), invoke);
	    
	    while(deflist.size() == 1)
	      {
		Stmt stmt2 = (Stmt) deflist.get(0);
		
		if(stmt2 instanceof AssignStmt)
		  {
		    AssignStmt assign = (AssignStmt) stmt2;
		    
		    if(assign.getRightOp() instanceof Local)
		      {
			deflist = defs.getDefsOfAt((Local) assign.getRightOp(), assign);
			continue;
		      }
		    else if(assign.getRightOp() instanceof NewExpr)
		      {			
			// We split the local.
			//G.v().out.println("split: [" + assign + "] and [" + stmt + "]");
			Local newlocal = Jimple.v().newLocal("tmp", null);
			stmtBody.getLocals().add(newlocal);
			
			special.setBase(newlocal);
			
			units.insertAfter(Jimple.v().newAssignStmt(assign.getLeftOp(), newlocal), assign);
			assign.setLeftOp(newlocal);
		      }
		  }
		break;
	      }
	  }
      }
  }
     }
 }
 

@Override
protected void internalTransform(String phaseName, Map<String, String> options) {
	// Get some system components
	SootClass scActivity = Scene.v().getSootClassUnsafe("android.app.Activity");
	SootClass scService = Scene.v().getSootClassUnsafe("android.app.Service");
	SootClass scBroadcastReceiver = Scene.v().getSootClassUnsafe("android.app.BroadcastReceiver");
	SootClass scContentProvider = Scene.v().getSootClassUnsafe("android.app.ContentProvider");
	
	// Get the registration class
	SootClass scRegistrar = Scene.v().getSootClassUnsafe("de.tu_darmstadt.sse.additionalappclasses.ComponentCallerService");
	SootMethodRef smRegistrarRef = scRegistrar.getMethodByName("registerGlobalInstance").makeRef();
	
	// Get the getClass() method
	Type classType = Scene.v().getType("java.lang.Class");
	SootMethodRef smGetClass = Scene.v().getObjectType().getSootClass().getMethod("java.lang.Class getClass()").makeRef();
	
	// Is this an Android component?
	for (SootClass sc : Scene.v().getApplicationClasses()) {
		// We only instrument user code
		if (!UtilInstrumenter.isAppDeveloperCode(sc))
			continue;
		
		// Is this class a component?
		if (Scene.v().getOrMakeFastHierarchy().canStoreType(sc.getType(), scActivity.getType())
				|| Scene.v().getOrMakeFastHierarchy().canStoreType(sc.getType(), scService.getType())
				|| Scene.v().getOrMakeFastHierarchy().canStoreType(sc.getType(), scBroadcastReceiver.getType())
				|| Scene.v().getOrMakeFastHierarchy().canStoreType(sc.getType(), scContentProvider.getType())) {
			Body b = null;
			Local locThis = null;
			Unit lastUnit = null;
			
			// Do we already have a constructor?
			SootMethod cons = sc.getMethodUnsafe("void <init>()");
			if (cons == null) {
				SootMethod smSuperClassCons = sc.getSuperclass().getMethodUnsafe("void <init>()");
				if (smSuperClassCons == null)
					continue;
				
				// Create the new constructor
				cons = new SootMethod("<init>", Collections.<Type>emptyList(), VoidType.v());
				sc.addMethod(cons);
				cons.setActiveBody(b = Jimple.v().newBody(cons));
				
				// Add a reference to the "this" object
				locThis = Jimple.v().newLocal("this", sc.getType());
				b.getLocals().add(locThis);
				b.getUnits().add(Jimple.v().newIdentityStmt(locThis, Jimple.v().newThisRef(sc.getType())));
				
				// Add a call to the superclass constructor
				b.getUnits().add(Jimple.v().newInvokeStmt(Jimple.v().newSpecialInvokeExpr(locThis,
						smSuperClassCons.makeRef())));
				
				// Add a return statement
				b.getUnits().add(lastUnit = Jimple.v().newReturnVoidStmt());
			}
			else {
				b = cons.getActiveBody();
				locThis = b.getThisLocal();
				
				// Find where we can inject out code. We must have called
				// the super constructor first, or the Dalvik verifier will
				// complain that the "this" local is not yet initialized.
				for (Unit u : b.getUnits()) {
					Stmt s = (Stmt) u;
					if (s.containsInvokeExpr()) {
						InvokeExpr iexpr = s.getInvokeExpr();
						if (iexpr instanceof SpecialInvokeExpr) {
							if (iexpr.getMethod().getName().equals("<init>")
									&& ((SpecialInvokeExpr) iexpr).getBase() == locThis) {
								lastUnit = b.getUnits().getSuccOf(u);
								break;
							}
						}
					}
				}
			}
			
			// Get the class
			LocalGenerator localGen = new LocalGenerator(b);
			Local locClass = localGen.generateLocal(classType);
			Stmt stmtAssignClass = Jimple.v().newAssignStmt(locClass, Jimple.v().newVirtualInvokeExpr(
					locThis, smGetClass));
			stmtAssignClass.addTag(new InstrumentedCodeTag());
			b.getUnits().insertBefore(stmtAssignClass, lastUnit);
			
			// Register the instance
			List<Value> argList = new ArrayList<>();
			argList.add(locClass);
			argList.add(locThis);
			Stmt stmtRegister = Jimple.v().newInvokeStmt(Jimple.v().newStaticInvokeExpr(
					smRegistrarRef, argList));
			stmtRegister.addTag(new InstrumentedCodeTag());
			b.getUnits().insertBefore(stmtRegister, lastUnit);
		}
	}
}
 

private boolean isCallToPrivate(SpecialInvokeExpr sie) {
	return sie.getMethod().isPrivate();
}
 

private boolean isCallToConstructor(SpecialInvokeExpr sie) {
	return sie.getMethod().isConstructor();
}
 

private void split_new()
{		
	LocalDefs defs = LocalDefs.Factory.newLocalDefs(jb);
	PatchingChain<Unit> units = this.jb.getUnits();
	Stmt[] stmts = new Stmt[units.size()];
	
	units.toArray(stmts);
	
	for ( Stmt stmt : stmts )
	{
		if ( stmt instanceof InvokeStmt )
		{
			InvokeStmt invoke = (InvokeStmt)stmt;
			
			if ( invoke.getInvokeExpr() instanceof SpecialInvokeExpr )
			{
				SpecialInvokeExpr special
					= (SpecialInvokeExpr)invoke.getInvokeExpr();
				
				if ( special.getMethodRef().name().equals("<init>") )
				{
					List<Unit> deflist = defs.getDefsOfAt(
						(Local)special.getBase(), invoke);
					
					while ( deflist.size() == 1 )
					{
						Stmt stmt2 = (Stmt)deflist.get(0);
						
						if ( stmt2 instanceof AssignStmt )
						{
							AssignStmt assign = (AssignStmt)stmt2;
							
							if ( assign.getRightOp() instanceof Local )
							{
								deflist = defs.getDefsOfAt(
									(Local)assign.getRightOp(), assign);
								continue;
							}
							else if ( assign.getRightOp()
								instanceof NewExpr )
							{
								Local newlocal = Jimple.v().newLocal(
									"tmp", null);
								newlocal.setName("tmp$" + System.identityHashCode(newlocal));
								this.jb.getLocals().add(newlocal);
								
								special.setBase(newlocal);
								
								DefinitionStmt assignStmt
									= Jimple.v().newAssignStmt(
									assign.getLeftOp(), newlocal);
								Unit u = Util.findLastIdentityUnit(jb, assign);
								units.insertAfter(assignStmt, u);
								assign.setLeftOp(newlocal);
								
								this.addLocal(newlocal);
								this.initAssignment(assignStmt);
							}
						}
						break;
					}
				}
			}
		}
	}
}
 

/**
    * Creates a method body that throws an "unresolved compilation error"
    * message
    * @param declaringClass The class that was supposed to contain the method
    * @return The created SootMethod
    */
private SootMethod createUnresolvedErrorMethod(SootClass declaringClass) {
	SootMethod m = new SootMethod(name, parameterTypes, returnType, isStatic()?Modifier.STATIC:0);
	int modifiers = Modifier.PUBLIC; //  we don't know who will be calling us
	if (isStatic())
		modifiers |= Modifier.STATIC;
	m.setModifiers(modifiers);
	JimpleBody body = Jimple.v().newBody(m);
	m.setActiveBody(body);

	final LocalGenerator lg = new LocalGenerator(body);
	
	// For producing valid Jimple code, we need to access all parameters.
	// Otherwise, methods like "getThisLocal()" will fail.
	if (!isStatic) {
		RefType thisType = RefType.v(declaringClass);
		Local lThis = lg.generateLocal(thisType);
		body.getUnits().add(Jimple.v().newIdentityStmt(lThis, Jimple.v().newThisRef(thisType)));
	}
	for (int i = 0; i < m.getParameterCount(); i++) {
		Type paramType = m.getParameterType(i);
		Local lParam = lg.generateLocal(paramType);
		body.getUnits().add(Jimple.v().newIdentityStmt(lParam, Jimple.v().newParameterRef(paramType, i)));
	}
	
	//exc = new Error
	RefType runtimeExceptionType = RefType.v("java.lang.Error");
	NewExpr newExpr = Jimple.v().newNewExpr(runtimeExceptionType);
	Local exceptionLocal = lg.generateLocal(runtimeExceptionType);
	AssignStmt assignStmt = Jimple.v().newAssignStmt(exceptionLocal, newExpr);
	body.getUnits().add(assignStmt);
	
	//exc.<init>(message)
	SootMethodRef cref = Scene.v().makeConstructorRef(runtimeExceptionType.getSootClass(),
			Collections.<Type>singletonList(RefType.v("java.lang.String")));
	SpecialInvokeExpr constructorInvokeExpr = Jimple.v().newSpecialInvokeExpr(exceptionLocal, cref,
			StringConstant.v("Unresolved compilation error: Method "+getSignature()+" does not exist!"));
	InvokeStmt initStmt = Jimple.v().newInvokeStmt(constructorInvokeExpr);
	body.getUnits().insertAfter(initStmt, assignStmt);
	
	//throw exc
	body.getUnits().insertAfter(Jimple.v().newThrowStmt(exceptionLocal), initStmt);

	declaringClass.addMethod(m);
	return m;
}
 

public void caseSpecialInvokeExpr(SpecialInvokeExpr expr) {
    caseInstanceInvokeExpr(expr);
}
 

/** This method change all new Obj/<init>(args) pairs to new Obj(args) idioms. */
protected void internalTransform(Body b, String phaseName, Map options)
{
    GrimpBody body = (GrimpBody)b;

    if(Options.v().verbose())
        G.v().out.println("[" + body.getMethod().getName() +
            "] Folding constructors...");

  Chain units = body.getUnits();
  List<Unit> stmtList = new ArrayList<Unit>();
  stmtList.addAll(units);

  Iterator<Unit> it = stmtList.iterator();
  
  LocalUses localUses = LocalUses.Factory.newLocalUses(b);

  /* fold in NewExpr's with specialinvoke's */
  while (it.hasNext())
    {
      Stmt s = (Stmt)it.next();
        
      if (!(s instanceof AssignStmt))
        continue;
        
      /* this should be generalized to ArrayRefs */
      Value lhs = ((AssignStmt)s).getLeftOp();
      if (!(lhs instanceof Local))
        continue;
        
      Value rhs = ((AssignStmt)s).getRightOp();
      if (!(rhs instanceof NewExpr))
        continue;

      /* TO BE IMPLEMENTED LATER: move any copy of the object reference
         for lhs down beyond the NewInvokeExpr, with the rationale
         being that you can't modify the object before the constructor
         call in any case.

         Also, do note that any new's (object creation) without
         corresponding constructors must be dead. */
       
      List lu = localUses.getUsesOf(s);
      Iterator luIter = lu.iterator();
      boolean MadeNewInvokeExpr = false;
       
      while (luIter.hasNext())
        {
          Unit use = ((UnitValueBoxPair)(luIter.next())).unit;
          if (!(use instanceof InvokeStmt))
            continue;
          InvokeStmt is = (InvokeStmt)use;
          if (!(is.getInvokeExpr() instanceof SpecialInvokeExpr) ||
              lhs != ((SpecialInvokeExpr)is.getInvokeExpr()).getBase())
            continue;
          
          SpecialInvokeExpr oldInvoke = 
            ((SpecialInvokeExpr)is.getInvokeExpr());
          LinkedList invokeArgs = new LinkedList();
          for (int i = 0; i < oldInvoke.getArgCount(); i++)
            invokeArgs.add(oldInvoke.getArg(i));
          
          AssignStmt constructStmt = Grimp.v().newAssignStmt
            ((AssignStmt)s);
          constructStmt.setRightOp
            (Grimp.v().newNewInvokeExpr
             (((NewExpr)rhs).getBaseType(), oldInvoke.getMethodRef(), invokeArgs));
          MadeNewInvokeExpr = true;
          
          use.redirectJumpsToThisTo(constructStmt);
          units.insertBefore(constructStmt, use);
          units.remove(use);
        }
      if (MadeNewInvokeExpr)
        {
          units.remove(s);
        }
    }
}
 

public void caseSpecialInvokeExpr(SpecialInvokeExpr v) {
	printInvokeExpr(v);		
}
 

private List<Unit> instrumentIntentAddings(BiDiInterproceduralCFG<Unit, SootMethod> cfg,
		Unit unit, InvokeExpr sinkExpr, Set<ResultSourceInfo> sourceInfo){
	if(isMethodInterComponentSink(sinkExpr.getMethod())){
		SootMethod method = cfg.getMethodOf(unit);
		Body body = null;
		if(method.hasActiveBody())
			body = method.retrieveActiveBody();
		else
			throw new RuntimeException("No body found!");
		
		Set<String> sourceCategories = getDataIdList(sourceInfo);
		
		final String hashSetType = "java.util.HashSet";
		List<Unit> generated = new ArrayList<Unit>();
		
		//HashSet initialization
		Local hashSetLocal = generateFreshLocal(body, RefType.v(hashSetType));
		NewExpr newExpr = Jimple.v().newNewExpr(RefType.v(hashSetType));
		AssignStmt assignStmt = Jimple.v().newAssignStmt(hashSetLocal, newExpr);
		generated.add(assignStmt);
		
		//constructor call
		SpecialInvokeExpr constructorCall = Jimple.v().newSpecialInvokeExpr(hashSetLocal, Scene.v().getMethod("<java.util.HashSet: void <init>()>").makeRef());
		InvokeStmt constructorCallStmt = Jimple.v().newInvokeStmt(constructorCall);
		generated.add(constructorCallStmt);
		
		//add categories to HashSet
		for(String cat : sourceCategories){
			InterfaceInvokeExpr addCall = Jimple.v().newInterfaceInvokeExpr(hashSetLocal, Scene.v().getMethod("<java.util.Set: boolean add(java.lang.Object)>").makeRef(), StringConstant.v(cat));
			InvokeStmt addCallStmt = Jimple.v().newInvokeStmt(addCall);
			generated.add(addCallStmt);
		}
		
		//get Intent
		Value intent = sinkExpr.getArg(0);
		List<Object> args = new ArrayList<Object>();
		args.add(RefType.v("android.content.Intent"));
		args.add(intent);
		args.add(RefType.v(hashSetType));
		args.add(hashSetLocal);
		StaticInvokeExpr sie = Instrumentation.createJimpleStaticInvokeExpr(
				Settings.INSTRUMENTATION_HELPER_JAVA,
				"addTaintInformationToIntent",
				args);
		InvokeStmt invStmt = Jimple.v().newInvokeStmt(sie);
		generated.add(invStmt);
		
		return generated;
	}
	return Collections.emptyList();
}
 

/**
 * Computes the targets of an invoke expression using a given points-to graph.
 * 
 * <p>For static invocations, there is only target. For instance method
 * invocations, the targets depend on the type of receiver objects pointed-to
 * by the instance variable whose method is being invoked.</p>
 * 
 * <p>If the instance variable points to a summary node, then the returned
 * value is <tt>null</tt> signifying a <em>default</em> call-site.</p>
 */
private Set<SootMethod> getTargets(SootMethod callerMethod, Stmt callStmt, InvokeExpr ie, PointsToGraph ptg) {
	Set<SootMethod> targets = new HashSet<SootMethod>();
	SootMethod invokedMethod = ie.getMethod();
	String subsignature = invokedMethod.getSubSignature();
	
	// Static and special invocations refer to the target method directly
	if (ie instanceof StaticInvokeExpr || ie instanceof SpecialInvokeExpr) {
		targets.add(invokedMethod);
		return targets;
	} else {
		assert (ie instanceof InterfaceInvokeExpr || ie instanceof VirtualInvokeExpr);
		// Get the receiver
		Local receiver = (Local) ((InstanceInvokeExpr) ie).getBase();
		// Get what objects the receiver points-to
		Set<AnyNewExpr> heapNodes = ptg.getTargets(receiver);
		if (heapNodes != null) {
			// For each object, find the invoked method for the declared type
			for (AnyNewExpr heapNode : heapNodes) {
				if (heapNode == PointsToGraph.SUMMARY_NODE) {						
					// If even one pointee is a summary node, then this is a default site
					return null;
				} else if (heapNode instanceof NewArrayExpr) {
					// Probably getClass() or something like that on an array
					return null;
				}
				// Find the top-most class that declares a method with the given
				// signature and add it to the resulting targets
				SootClass sootClass = ((RefType) heapNode.getType()).getSootClass();
				do {
					if (sootClass.declaresMethod(subsignature)) {
						targets.add(sootClass.getMethod(subsignature));
						break;
					} else if (sootClass.hasSuperclass()) {
						sootClass = sootClass.getSuperclass();
					} else {
						sootClass = null;
					}
				} while (sootClass != null);
			}
		}
		if (targets.isEmpty()) {
			// System.err.println("Warning! Null call at: " + callStmt+ " in " + callerMethod);
		}
		return targets;
	}
}
 

/**
 * Returns true if a method call is fixed, i.e., assuming that all classes in the Scene resemble library code,
 * then client code cannot possible overwrite the called method.
 * This is trivially true for InvokeStatic and InvokeSpecial, but can also hold for virtual invokes if
 * all possible call targets in the library cannot be overwritten.
 * @see #clientOverwriteableOverwrites(SootMethod)
 */
public static boolean isFixed(InvokeExpr ie) {
	return ie instanceof StaticInvokeExpr || ie instanceof SpecialInvokeExpr || !clientOverwriteableOverwrites(ie.getMethod());
}