项目:JAADAS
文件:DexIfTransformer.java
/**
* Collect all the if statements comparing two locals with an Eq or Ne
* expression
*
* @param body
* the body to analyze
*/
private Set<IfStmt> getNullIfCandidates(Body body) {
Set<IfStmt> candidates = new HashSet<IfStmt>();
Iterator<Unit> i = body.getUnits().iterator();
while (i.hasNext()) {
Unit u = i.next();
if (u instanceof IfStmt) {
ConditionExpr expr = (ConditionExpr) ((IfStmt) u).getCondition();
boolean isTargetIf = false;
if (((expr instanceof EqExpr) || (expr instanceof NeExpr))) {
if (expr.getop1() instanceof Local && expr.getop2() instanceof Local) {
isTargetIf = true;
}
}
if (isTargetIf) {
candidates.add((IfStmt) u);
Debug.printDbg("[add if candidate: ",u);
}
}
}
return candidates;
}
@Override
public ConditionExpr instantitate(Value var) {
ConditionExpr ret = null;
IntConstant valInt = IntConstant.v(Integer.parseInt(val));
switch(op){
case "=": ret = new GEqExpr(var,valInt);
break;
case ">=" : ret = new GGeExpr(var,valInt);
break;
case ">" : ret = new GGtExpr(var,valInt);
break;
case "<=" : ret = new GLeExpr(var,valInt);
break;
case "<" : ret = new GLtExpr(var,valInt);
break;
case "!=" : ret = new GNeExpr(var,valInt);
break;
}
if(ret == null){
System.out.println("Cannot initialize interval predicate");
System.exit(2);
}
return ret;
}
项目:JAADAS
文件:AbstractNullTransformer.java
/**
* examine expr if it is a comparison with 0.
*
* @param expr
* the ConditionExpr to examine
*/
protected boolean isZeroComparison(ConditionExpr expr) {
if (expr instanceof EqExpr || expr instanceof NeExpr) {
if (expr.getop2() instanceof IntConstant
&& ((IntConstant) expr.getop2()).value == 0)
return true;
if (expr.getop2() instanceof LongConstant
&& ((LongConstant) expr.getop2()).value == 0)
return true;
}
return false;
}
项目:JAADAS
文件:ConditionalJumpInstruction.java
/**
* Get comparison expression depending on opcode between two immediates
*
* @param one first immediate
* @param other second immediate
* @throws RuntimeException if this is not a IfTest or IfTestz instruction.
*/
protected ConditionExpr getComparisonExpr(Immediate one,Immediate other) {
Opcode opcode = instruction.getopcode();
switch(opcode) {
case IF_EQ:
case IF_EQZ:
return Jimple.v().newEqExpr(one,other);
case IF_NE:
case IF_NEZ:
return Jimple.v().newNeExpr(one,other);
case IF_LT:
case IF_LTZ:
return Jimple.v().newLtExpr(one,other);
case IF_GE:
case IF_GEZ:
return Jimple.v().newGeExpr(one,other);
case IF_GT:
case IF_GTZ:
return Jimple.v().newGtExpr(one,other);
case IF_LE:
case IF_LEZ:
return Jimple.v().newLeExpr(one,other);
default:
throw new RuntimeException("Instruction is not an IfTest(z) instruction.");
}
}
/**
* Collect all the locals which are assigned a IntConstant(0) or are used
* within a zero comparison.
*
* @param body
* the body to analyze
*/
private Set<Local> getNullCandidates(Body body) {
Set<Local> candidates = null;
for (Unit u : body.getUnits()) {
if (u instanceof AssignStmt) {
AssignStmt a = (AssignStmt) u;
if (!(a.getLeftOp() instanceof Local))
continue;
Local l = (Local) a.getLeftOp();
Value r = a.getRightOp();
if ((r instanceof IntConstant && ((IntConstant) r).value == 0)
|| (r instanceof LongConstant && ((LongConstant) r).value == 0)) {
if (candidates == null)
candidates = new HashSet<Local>();
candidates.add(l);
Debug.printDbg("[add null candidate: ",u);
}
} else if (u instanceof IfStmt) {
ConditionExpr expr = (ConditionExpr) ((IfStmt) u)
.getCondition();
if (isZeroComparison(expr) && expr.getop1() instanceof Local) {
if (candidates == null)
candidates = new HashSet<Local>();
candidates.add((Local) expr.getop1());
Debug.printDbg("[add null candidate if: ",u);
}
}
}
return candidates == null ? Collections.<Local>emptySet() : candidates;
}
项目:JAADAS
文件:DavaBody.java
private void javafy_binop_expr(ValueBox vb) {
BinopExpr boe = (BinopExpr) vb.getValue();
ValueBox leftOpBox = boe.getop1Box(),rightOpBox = boe.getop2Box();
Value leftOp = leftOpBox.getValue(),rightOp = rightOpBox.getValue();
if (rightOp instanceof IntConstant) {
if ((leftOp instanceof IntConstant) == false) {
javafy(leftOpBox);
leftOp = leftOpBox.getValue();
if (boe instanceof ConditionExpr)
rightOpBox.setValue(DIntConstant.v(
((IntConstant) rightOp).value,leftOp.getType()));
else
rightOpBox.setValue(DIntConstant.v(
((IntConstant) rightOp).value,null));
}
}
else if (leftOp instanceof IntConstant) {
javafy(rightOpBox);
rightOp = rightOpBox.getValue();
if (boe instanceof ConditionExpr)
leftOpBox.setValue(DIntConstant.v(((IntConstant) leftOp).value,rightOp.getType()));
else
leftOpBox.setValue(DIntConstant.v(((IntConstant) leftOp).value,null));
} else {
javafy(rightOpBox);
rightOp = rightOpBox.getValue();
javafy(leftOpBox);
leftOp = leftOpBox.getValue();
}
if (boe instanceof CmpExpr)
vb.setValue(new DCmpExpr(leftOp,rightOp));
else if (boe instanceof CmplExpr)
vb.setValue(new DCmplExpr(leftOp,rightOp));
else if (boe instanceof CmpgExpr)
vb.setValue(new DCmpgExpr(leftOp,rightOp));
}
项目:matos-tool
文件:MethodSpyAnalysis.java
/**
* Analyze an expression (a value) and computes an abstract value representing its contents.
* @param r the expression to analyse.
* @param u The unit that encapsulate the value.
* @param seen What has already be seen (avoid loops).
* @return
*/
public AbsValue analyze_expr(Value r,Unit u,Set<Unit> seen) {
AbsValue result;
if (r instanceof Local) {
result = analyzeLocal((Local) r,u,seen);
} else if (r instanceof StringConstant)
result = new StringValue(((StringConstant) r).value);
else if (r instanceof Constant)
result = new ConstantValue((Constant) r,((Constant) r).getType());
else if (r instanceof InvokeExpr) {
result = analyzeInvoke((InvokeExpr) r,seen);
} else if (r instanceof CastExpr) {
result = analyze_expr(((CastExpr) r).getop(),seen);
} else if (r instanceof ParameterRef) {
result = analyzeParameterRef((ParameterRef) r,seen);
} else if (r instanceof ConditionExpr) {
result = analyzeConditionExpr((ConditionExpr) r,seen);
} else if (r instanceof InstanceOfExpr) {
result = analyzeInstanceOfExpr((InstanceOfExpr) r,seen);
} else if (r instanceof StaticFieldRef) {
result = analyzeStaticFieldRef((StaticFieldRef) r,seen);
} else if (r instanceof InstanceFieldRef) {
result = analyzeInstanceFieldRef((InstanceFieldRef) r,seen);
} else if (r instanceof ArrayRef) {
result = analyzeArrayRef((ArrayRef) r,seen);
} else if (r instanceof NewExpr) {
result = analyzeNewExpr((NewExpr) r,seen);
} else {
result = new UnkNownValue(r.toString());
}
return solve_init(result,seen);
}
private void getGenAndKillSet(Body body,HashMap<Stmt,HashSet<Value>> absgen,HashSet<Object>> gen,HashSet<Value>> kill,HashSet<Value>> condition)
{
for (Unit u : body.getUnits())
{
Stmt stmt = (Stmt)u;
HashSet<Object> genset = new HashSet<Object>();
HashSet<Value> absgenset = new HashSet<Value>();
HashSet<Value> killset = new HashSet<Value>();
HashSet<Value> condset = new HashSet<Value>();
if (stmt instanceof DeFinitionStmt)
{
getGenAndKillSetForDefnStmt((DeFinitionStmt)stmt,absgen,genset,absgenset,killset,condset);
}
else if (stmt instanceof IfStmt)
{
/* if one of condition is living,than other one is live. */
Value cmpcond = ((IfStmt)stmt).getCondition();
if (cmpcond instanceof ConditionExpr)
{
Value op1 = ((ConditionExpr)cmpcond).getop1();
Value op2 = ((ConditionExpr)cmpcond).getop2();
if (fullSet.contains(op1) && fullSet.contains(op2))
{
condset.add(op1);
condset.add(op2);
genset.add(op1);
genset.add(op2);
}
}
}
if (genset.size() != 0)
gen.put(stmt,genset);
if (absgenset.size() != 0)
absgen.put(stmt,absgenset);
if (killset.size() != 0)
kill.put(stmt,killset);
if (condset.size() != 0)
condition.put(stmt,condset);
}
}
项目:JAADAS
文件:ConstraintCollector.java
public void caseIfStmt(IfStmt stmt) {
if (uses) {
ConditionExpr cond = (ConditionExpr) stmt.getCondition();
BinopExpr expr = cond;
Value lv = expr.getop1();
Value rv = expr.getop2();
TypeVariable lop;
TypeVariable rop;
// ******** LEFT ********
if (lv instanceof Local) {
lop = resolver.typeVariable((Local) lv);
} else if (lv instanceof DoubleConstant) {
lop = resolver.typeVariable(DoubleType.v());
} else if (lv instanceof FloatConstant) {
lop = resolver.typeVariable(FloatType.v());
} else if (lv instanceof IntConstant) {
lop = resolver.typeVariable(IntType.v());
} else if (lv instanceof LongConstant) {
lop = resolver.typeVariable(LongType.v());
} else if (lv instanceof NullConstant) {
lop = resolver.typeVariable(NullType.v());
} else if (lv instanceof StringConstant) {
lop = resolver.typeVariable(RefType.v("java.lang.String"));
} else if (lv instanceof ClassConstant) {
lop = resolver.typeVariable(RefType.v("java.lang.class"));
} else {
throw new RuntimeException("Unhandled binary expression left operand type: " + lv.getClass());
}
// ******** RIGHT ********
if (rv instanceof Local) {
rop = resolver.typeVariable((Local) rv);
} else if (rv instanceof DoubleConstant) {
rop = resolver.typeVariable(DoubleType.v());
} else if (rv instanceof FloatConstant) {
rop = resolver.typeVariable(FloatType.v());
} else if (rv instanceof IntConstant) {
rop = resolver.typeVariable(IntType.v());
} else if (rv instanceof LongConstant) {
rop = resolver.typeVariable(LongType.v());
} else if (rv instanceof NullConstant) {
rop = resolver.typeVariable(NullType.v());
} else if (rv instanceof StringConstant) {
rop = resolver.typeVariable(RefType.v("java.lang.String"));
} else if (rv instanceof ClassConstant) {
rop = resolver.typeVariable(RefType.v("java.lang.class"));
} else {
throw new RuntimeException("Unhandled binary expression right operand type: " + rv.getClass());
}
TypeVariable common = resolver.typeVariable();
rop.addParent(common);
lop.addParent(common);
}
}
private void processIfStmt(IfStmt s,AbstractState inState,AbstractState ifStmtFalse,AbstractState ifStmtTrue) {
ConditionExpr condExpr = (ConditionExpr)s.getCondition();
Value lhs = condExpr.getop1();
Value rhs = condExpr.getop2();
//make sure this is an integer conditional stmt
if(isAnyIntType(lhs)){
//add it to the tracked states
outputStmt.add(s);
//create the set of variables to be tracked
Set<Value> track = new HashSet<Value>();
changedVariables.put(s,track);
//precondition of the IfStmt
Set<Expr> precond = new HashSet<Expr>();
Set<Value> valuesToEval = new HashSet<Value>();//there should be one value only
addNotNull(findLocal(lhs),valuesToEval);
addNotNull(findLocal(rhs),valuesToEval);
//need to make a special case when valuesToEval is empty
//it means that both sides are concrete values
//hence no need call for the solver
for(Value v : valuesToEval){
precond.addAll(evaluateStates(inState,v));
}
precond.addAll(evaluateStates(inState,null));//to evaluate symbolic state only
//otherwise symbolic state can be evaluated twice -- equality of Binop has not been implemented
//it looks like in Jimple only statement of the same object are equal,but not
//if they have the same semantics,assuming that locals are of the same object
//do for true branch
//add the current expression
BinopExpr symbState = condExpr;
BinopExpr symbNotState = negate(condExpr);
for(Expr be : precond){
symbState = new GAndExpr(symbState,be);
symbNotState = new GAndExpr(symbNotState,be);
}
//at this point we have precondition set
//make sure lhs is not a constant
if(lhs instanceof JimpleLocal){
//find new values for lhs
updateStateCond(lhs,symbState,condExpr,ifStmtTrue,s);//s is only used for the symbolic state
updateStateCond(lhs,symbNotState,negate(condExpr),ifStmtFalse,s);
condExpr = null; //so no need to update the symbolic state twice
track.add(lhs);
}
//make sure rhs is not a constant
if(rhs instanceof JimpleLocal){
updateStateCond(rhs,s);
updateStateCond(rhs,s );
track.add(rhs);
}
//created the negated one
} // end if this is an integer conditional stmt
}
项目:matos-tool
文件:MethodSpyAnalysis.java
项目:JAADAS
文件:ConditionalJumpInstruction.java
/**
* Get comparison expression depending on opcode against zero or null.
*
* If the register is used as an object this will create a comparison with
* null,not zero.
*
* @param body the containing DexBody
* @param reg the register to compare against zero.
*/
protected ConditionExpr getComparisonExpr(DexBody body,int reg) {
Local one = body.getRegisterLocal(reg);
return getComparisonExpr(one,IntConstant.v(0));
}
public abstract ConditionExpr instantitate(Value var);