Пример #1
0
 protected ReferenceVariable arrayElementOfImpl(ReferenceVariable base) {
   VarNode l;
   if (base instanceof VarNode) {
     l = (VarNode) base;
   } else {
     FieldRefNode b = (FieldRefNode) base;
     l = pag.makeGlobalVarNode(b, b.getType());
     pag.addEdge(b, l);
   }
   return pag.makeFieldRefNode(l, ArrayElement.v());
 }
Пример #2
0
  protected void assignObjectToImpl(ReferenceVariable lhs, AbstractObject obj) {
    AllocNode objNode =
        pag.makeAllocNode(new Pair("AbstractObject", obj.getType()), obj.getType(), null);

    VarNode var;
    if (lhs instanceof FieldRefNode) {
      var = pag.makeGlobalVarNode(objNode, objNode.getType());
      pag.addEdge((Node) lhs, var);
    } else {
      var = (VarNode) lhs;
    }
    pag.addEdge(objNode, var);
  }
Пример #3
0
  @Override
  public Set<? extends IAllocNode> getPTSet(Value val, Context context) {
    // handle case for insensitive run
    if (k == 0) return getPTSetIns(val);

    final Set<AllocNode> allocNodes = new LinkedHashSet<AllocNode>();
    final Type filteringType = val.getType();

    PointsToSetInternal pts = null;

    try {
      if (val instanceof InstanceFieldRef) {
        final InstanceFieldRef ifr = (InstanceFieldRef) val;
        pts =
            (PointsToSetInternal)
                ptsProvider.reachingObjects(context, (Local) ifr.getBase(), ifr.getField());
      } else if (val instanceof ArrayRef) {
        ArrayRef arrayRef = (ArrayRef) val;
        pts =
            (PointsToSetInternal)
                ptsProvider.reachingObjectsOfArrayElement(
                    ptsProvider.reachingObjects(context, (Local) arrayRef.getBase()));
      } else if (val instanceof Local) {
        pts = (PointsToSetInternal) ptsProvider.reachingObjects(context, (Local) val);
      } else if (val instanceof StaticFieldRef) {
        SootField field = ((StaticFieldRef) val).getField();
        pts = (PointsToSetInternal) ptsProvider.reachingObjects(field);
      } else if (val instanceof NullConstant) {
        return allocNodes;
      } else {
        logger.error("Unknown reference type for insenstive search: {} {}", val, val.getClass());
        droidsafe.main.Main.exit(1);
      }

      // visit internal points to set and grab all allocnodes
      pts.forall(
          new P2SetVisitor() {
            public void visit(Node n) {
              if (typeManager.castNeverFails(n.getType(), filteringType))
                allocNodes.add((AllocNode) n);
            }
          });

    } catch (Exception e) {
      logger.info("Some sort of error getting context insensitive points to set for {}", val, e);
      // e.printStackTrace();
    }

    return allocNodes;
  }
Пример #4
0
  public Set<? extends IAllocNode> getPTSetOfArrayElement(IAllocNode allocNode) {
    final Set<AllocNode> ptSet = new LinkedHashSet<AllocNode>();
    if (!(allocNode.getType() instanceof ArrayType)) {
      logger.error(
          "Calling getPTSetOfArrayElement on non array type: {} with {}",
          allocNode,
          allocNode.getType());
    }

    final Type filteringType = ((ArrayType) allocNode.getType()).getElementType();

    HashPointsToSet pointsToSet = new HashPointsToSet(allocNode.getType(), ptsProvider);
    pointsToSet.add((AllocNode) allocNode);

    ((PointsToSetInternal) ptsProvider.reachingObjectsOfArrayElement(pointsToSet))
        .forall(
            new P2SetVisitor() {
              @Override
              public void visit(Node node) {
                if (typeManager.castNeverFails(node.getType(), filteringType))
                  ptSet.add((AllocNode) node);
              }
            });

    return (Set<? extends IAllocNode>) ptSet;
  }
Пример #5
0
 /** constructor, add edges to maps */
 public MatchEdges(PAG pag) {
   Iterator<VarNode> store_it = pag.storeSourcesIterator();
   // storeMap: store_src(VarNode) ----> store_targets(FieldRefNode)
   while (store_it.hasNext()) {
     // get the representative of the union
     VarNode from = ((VarNode) store_it.next()); // storeSrc, a
     Node[] storeTargets = pag.storeLookup(from);
     for (int i = 0; i < storeTargets.length; i++) {
       FieldRefNode storeTarget = (FieldRefNode) storeTargets[i]; // x.f
       VarNode storeTargetBase = storeTarget.getBase(); // x
       SparkField storeTargetField = storeTarget.getField(); // f
       String storeTargetFieldSig = ((SootField) storeTargetField).getSignature(); // f's signature
       // three inheritances of SparkField:
       // ArrayElement, Parm, and SootField
       if (storeTargetField instanceof SootField) {
         Iterator<FieldRefNode> load_it = pag.loadSourcesIterator();
         while (load_it.hasNext()) {
           FieldRefNode loadSrc = (FieldRefNode) load_it.next(); // y.f
           VarNode loadSrcBase = loadSrc.getBase(); // y
           SparkField loadSrcField = loadSrc.getField(); // f
           if (loadSrcField instanceof SootField) {
             // see whether x.f and y.f has the same offset of
             // the field
             String loadSrcFieldSig = ((SootField) loadSrcField).getSignature(); // f's signature
             if (loadSrcFieldSig.equals(storeTargetFieldSig)) {
               Node[] to = pag.loadLookup(loadSrc); // loadTargets
               for (int j = 0; j < to.length; j++) {
                 addMatchEdge(from, (VarNode) to[j]);
               }
             }
           }
         }
       }
     }
   }
 }
Пример #6
0
 @SuppressWarnings("unused")
 private String assignEdgesWellFormed(PAG pag) {
   for (Iterator iter = pag.getVarNodeNumberer().iterator(); iter.hasNext(); ) {
     VarNode v = (VarNode) iter.next();
     Set<AssignEdge> outgoingAssigns = getAssignBarEdges(v);
     for (AssignEdge edge : outgoingAssigns) {
       if (edge.getSrc() != v) return edge + " src should be " + v;
     }
     Set<AssignEdge> incomingAssigns = getAssignEdges(v);
     for (AssignEdge edge : incomingAssigns) {
       if (edge.getDst() != v) return edge + " dst should be " + v;
     }
   }
   return null;
 }
Пример #7
0
  @Override
  public Set<? extends IAllocNode> getPTSet(IAllocNode node, final SootField f) {
    if (f.isStatic()) {
      logger.error("Cannot call getPTSet(node, field) with static field: {}", f);
      droidsafe.main.Main.exit(1);
    }
    final Type filteringType = f.getType();

    final Set<AllocNode> allocNodes = new LinkedHashSet<AllocNode>();

    HashPointsToSet pointsToSet = new HashPointsToSet(node.getType(), ptsProvider);
    pointsToSet.add((AllocNode) node);

    ((PointsToSetInternal) ptsProvider.reachingObjects(pointsToSet, f))
        .forall(
            new P2SetVisitor() {
              @Override
              public void visit(Node node) {
                if (typeManager.castNeverFails(node.getType(), filteringType))
                  allocNodes.add((AllocNode) node);
              }
            });

    /*
    PointsToSetInternal bases = (PointsToSetInternal)ptsProvider.getSetFactory().newSet(node.getType(), ptsProvider);
    bases.add(node);

    final PointsToSetInternal pts = ptsProvider.getSetFactory().newSet(
        (f instanceof SootField) ? ((SootField)f).getType() : null, ptsProvider );
    bases.forall( new P2SetVisitor() {
        public final void visit( Node n ) {
            Node nDotF = ((AllocNode) n).dot( f );
            if(nDotF != null) pts.addAll( nDotF.getP2Set(), null );
        }} );

    //visit internal points to set and grab all allocnodes
    pts.forall(new P2SetVisitor() {
        public void visit(Node n) {
            allocNodes.add((AllocNode)n);
        }
    });
     */
    return (Set<? extends IAllocNode>) allocNodes;
  }
Пример #8
0
  @Override
  protected void runInternal() {
    // don't print crap to screen!
    G.v().out = new PrintStream(NullOutputStream.NULL_OUTPUT_STREAM);
    Scene.v().loadDynamicClasses();

    setSparkPointsToAnalysis();

    // other passes can print crap now
    G.v().out = System.out;

    ptsProvider = (PAG) Scene.v().getPointsToAnalysis();

    typeManager = ptsProvider.getTypeManager();

    // cache the call graph
    callGraph = Scene.v().getCallGraph();

    createNewToAllocMap();

    /*
    for (SootMethod method : getReachableMethods()) {
        Set<MethodOrMethodContext> mcs = getMethodContexts(method);
        if (mcs.size() > 30)
            System.out.println(method + " " + mcs.size());
    }
     */

    // dumpReachablesAndAllocNodes();
    // dumpCallGraphReachablesCSV();
    // dumpOutdegreesCSV();

    if (Config.v().dumpPta) {
      dumpPTA(Project.v().getOutputDir() + File.separator + "pta.txt");
    }

    if (Config.v().dumpCallGraph) {
      // dumpCallGraph(Project.v().getOutputDir() + File.separator + "callgraph.dot");
      String fileName = String.format("callgraph%d.txt", runCount++);
      dumpTextGraph(Project.v().getOutputDir() + File.separator + fileName);
    }

    // System.out.println(SparkEvaluator.v().toString());
  }
Пример #9
0
  /** Create the bi map of NewExpr <-> AllocNode */
  private void createNewToAllocMap() {
    newToAllocNodeMap = HashBiMap.create();
    allAllocNodes = new LinkedHashSet<AllocNode>();

    Map<SootClass, Integer> nodeCount = new LinkedHashMap<SootClass, Integer>();

    int realSize = 0;

    for (AllocNode node : ptsProvider.getAllocNodes()) {
      if (!(node instanceof InsensitiveAllocNode)) {
        logger.error("Found non-insensitive node in ptsProvider.getAllocNodes()");
        droidsafe.main.Main.exit(1);
      }

      InsensitiveAllocNode insNode = (InsensitiveAllocNode) node;

      newToAllocNodeMap.put(node.getNewExpr(), insNode);
      realSize++;
      allAllocNodes.add(node);

      // countNode(nodeCount, node);

      for (Map.Entry<Context, ObjectSensitiveAllocNode> entry :
          insNode.getContextNodeMap().entrySet()) {
        allAllocNodes.add(entry.getValue());
        // countNode(nodeCount, node);
      }
    }

    System.out.println("Alloc node size (insensitive objects): " + realSize);

    /* used to print a sorted list of alloc nodes created
    Map<SootClass, Integer> sortedNodeCount = SootUtils.sortByValue(nodeCount);
    for (Map.Entry<SootClass, Integer> entry : sortedNodeCount.entrySet()) {
        System.out.println(entry.getValue() + " " + entry.getKey());
    }
     */
  }
Пример #10
0
  private void dumpReachablesAndAllocNodes() {
    try {
      FileWriter fw =
          new FileWriter(Project.v().getOutputDir() + File.separator + "spark-dump.log");

      fw.write("# Reachable Method Contexts:\n\n");

      for (MethodOrMethodContext momc : getReachableMethodContexts()) {
        fw.write(momc + "\n\n");
      }

      fw.write("\n\n# AllocNodes: \n\n");
      Iterator<AllocNode> nodes = ptsProvider.getAllocNodeNumberer().iterator();
      while (nodes.hasNext()) {
        AllocNode node = nodes.next();
        fw.write(node + "\n\n");
      }

      fw.close();

    } catch (IOException e) {

    }
  }
Пример #11
0
 protected void assignImpl(ReferenceVariable lhs, ReferenceVariable rhs) {
   pag.addEdge((Node) rhs, (Node) lhs);
 }
Пример #12
0
 protected void throwExceptionImpl(AbstractObject obj) {
   AllocNode objNode =
       pag.makeAllocNode(new Pair("AbstractObject", obj.getType()), obj.getType(), null);
   pag.addEdge(objNode, pag.nodeFactory().caseThrow());
 }
Пример #13
0
  public ContextSensitiveInfo(PAG pag) {
    // set up method to node map
    for (Iterator iter = pag.getVarNodeNumberer().iterator(); iter.hasNext(); ) {
      VarNode varNode = (VarNode) iter.next();
      if (varNode instanceof LocalVarNode) {
        LocalVarNode local = (LocalVarNode) varNode;
        SootMethod method = local.getMethod();
        assert method != null : local;
        methodToNodes.put(method, local);
        if (SootUtil.isRetNode(local)) {
          methodToOutPorts.put(method, local);
        }
        if (SootUtil.isParamNode(local)) {
          methodToInPorts.put(method, local);
        }
      }
    }
    int callSiteNum = 0;
    // first, add regular assigns
    Set assignSources = pag.simpleSources();
    for (Iterator iter = assignSources.iterator(); iter.hasNext(); ) {
      VarNode assignSource = (VarNode) iter.next();
      if (skipNode(assignSource)) {
        continue;
      }
      boolean sourceGlobal = assignSource instanceof GlobalVarNode;
      Node[] assignTargets = pag.simpleLookup(assignSource);
      for (int i = 0; i < assignTargets.length; i++) {
        VarNode assignTarget = (VarNode) assignTargets[i];
        if (skipNode(assignTarget)) continue;
        boolean isFinalizerNode = false;
        if (assignTarget instanceof LocalVarNode) {
          LocalVarNode local = (LocalVarNode) assignTarget;
          SootMethod method = local.getMethod();
          if (method.toString().indexOf("finalize()") != -1 && SootUtil.isThisNode(local)) {
            isFinalizerNode = true;
          }
        }
        boolean targetGlobal = assignTarget instanceof GlobalVarNode;
        AssignEdge assignEdge = new AssignEdge(assignSource, assignTarget);
        // handle weird finalizers
        if (isFinalizerNode) {
          assignEdge.setParamEdge();
          Integer callSite = new Integer(callSiteNum++);
          assignEdge.setCallSite(callSite);
        }
        addAssignEdge(assignEdge);
        if (sourceGlobal) {
          if (targetGlobal) {
            // System.err.println("G2G " + assignSource + " --> "
            // + assignTarget);
          } else {
            SootMethod method = ((LocalVarNode) assignTarget).getMethod();
            // don't want to include things assigned something that
            // is already an in port
            if (!methodToInPorts.get(method).contains(assignTarget)) {
              methodToInPorts.put(method, assignSource);
            }
          }
        } else {
          if (targetGlobal) {
            SootMethod method = ((LocalVarNode) assignSource).getMethod();
            // don't want to include things assigned from something
            // that
            // is already an out port
            if (!methodToOutPorts.get(method).contains(assignSource)) {
              methodToOutPorts.put(method, assignTarget);
            }
          }
        }
      }
    }
    // now handle calls
    HashMultiMap callAssigns = pag.callAssigns;
    PrintWriter callSiteWriter = null;
    if (PRINT_CALL_SITE_INFO) {
      try {
        callSiteWriter = new PrintWriter(new FileWriter("callSiteInfo"), true);
      } catch (IOException e) {
        e.printStackTrace();
      }
    }
    for (Iterator iter = callAssigns.keySet().iterator(); iter.hasNext(); ) {
      InvokeExpr ie = (InvokeExpr) iter.next();
      Integer callSite = new Integer(callSiteNum++);
      callSiteToInvokedMethod.put(callSite, ie.getMethod());
      SootMethod invokingMethod = pag.callToMethod.get(ie);
      callSiteToInvokingMethod.put(callSite, invokingMethod);
      if (PRINT_CALL_SITE_INFO) {
        callSiteWriter.println(callSite + " " + callSiteToInvokingMethod.get(callSite) + " " + ie);
      }
      if (pag.virtualCallsToReceivers.containsKey(ie)) {
        LocalVarNode receiver = (LocalVarNode) pag.virtualCallsToReceivers.get(ie);
        assert receiver != null;
        virtCallSiteToReceiver.put(callSite, receiver);
        receiverToVirtCallSites.put(receiver, callSite);
      }
      Set curEdges = callAssigns.get(ie);
      for (Iterator iterator = curEdges.iterator(); iterator.hasNext(); ) {
        Pair callAssign = (Pair) iterator.next();
        VarNode src = (VarNode) callAssign.getO1();
        VarNode dst = (VarNode) callAssign.getO2();
        if (skipNode(src)) {
          continue;
        }
        ArraySet edges = getAssignBarEdges(src);
        AssignEdge edge = null;
        for (int i = 0; i < edges.size() && edge == null; i++) {
          AssignEdge curEdge = (AssignEdge) edges.get(i);
          if (curEdge.getDst() == dst) {
            edge = curEdge;
          }
        }
        assert edge != null : "no edge from " + src + " to " + dst;
        boolean edgeFromOtherCallSite = edge.isCallEdge();
        if (edgeFromOtherCallSite) {
          edge = new AssignEdge(src, dst);
        }
        edge.setCallSite(callSite);
        callSiteToEdges.put(callSite, edge);
        if (SootUtil.isParamNode(dst)) {
          // assert src instanceof LocalVarNode : src + " " + dst;
          edge.setParamEdge();
          SootMethod invokedMethod = ((LocalVarNode) dst).getMethod();
          callSiteToTargets.put(callSite, invokedMethod);
          callSitesInvokingMethod.put(invokedMethod, callSite);
          // assert src instanceof LocalVarNode : src + " NOT LOCAL";
          if (src instanceof LocalVarNode) {
            callSitesInMethod.put(((LocalVarNode) src).getMethod(), callSite);
          }
        } else if (SootUtil.isRetNode(src)) {
          edge.setReturnEdge();
          SootMethod invokedMethod = ((LocalVarNode) src).getMethod();
          callSiteToTargets.put(callSite, invokedMethod);
          callSitesInvokingMethod.put(invokedMethod, callSite);
          if (dst instanceof LocalVarNode) {
            callSitesInMethod.put(((LocalVarNode) dst).getMethod(), callSite);
          }
        } else {
          assert false : "weird call edge " + callAssign;
        }
        if (edgeFromOtherCallSite) {
          addAssignEdge(edge);
        }
      }
    }
    // System.err.println(callSiteNum + " call sites");
    assert callEdgesReasonable();
    if (PRINT_CALL_SITE_INFO) {
      callSiteWriter.close();
    }
    // assert assignEdgesWellFormed(pag) == null :
    // assignEdgesWellFormed(pag);

  }
Пример #14
0
 protected ReferenceVariable staticFieldImpl(String className, String fieldName) {
   SootClass c = RefType.v(className).getSootClass();
   SootField f = c.getFieldByName(fieldName);
   return pag.makeGlobalVarNode(f, f.getType());
 }
Пример #15
0
 protected ReferenceVariable newInstanceOfImpl(ReferenceVariable cls) {
   return pag.nodeFactory().caseNewInstance((VarNode) cls);
 }
Пример #16
0
 protected ReferenceVariable tempFieldImpl(String fieldsig) {
   return pag.makeGlobalVarNode(new Pair("tempField", fieldsig), RefType.v("java.lang.Object"));
 }
Пример #17
0
 protected ReferenceVariable tempVariableImpl() {
   return pag.makeGlobalVarNode(
       new Pair("TempVar", new Integer(++G.v().SparkNativeHelper_tempVar)),
       RefType.v("java.lang.Object"));
 }
Пример #18
0
 @Override
 public boolean isPointer(Value val) {
   return (ptsProvider.findGlobalVarNode(val) != null
       || ptsProvider.findLocalVarNode(val) != null);
 }
Пример #19
0
 @Override
 public boolean isLegalCast(Type objType, Type refType) {
   return ptsProvider.getTypeManager().castNeverFails(objType, refType);
 }
Пример #20
0
 protected ReferenceVariable tempLocalVariableImpl(SootMethod method) {
   return pag.makeLocalVarNode(
       new Pair("TempVar", new Integer(++G.v().SparkNativeHelper_tempVar)),
       RefType.v("java.lang.Object"),
       method);
 }