Soot获取基本类的方法体

时间:2017-11-01 17:08:48

标签: java static-analysis soot

我使用烟灰为java写了一个小的副作用检测。它为我提供了我自己编写的函数的预期输出。但是对于基本类(java.lang。,java.awt。),它不起作用。

我想用Soot分析以下功能: 

public void testMeWithSoot(){
    Point p = new Point(1,1);
    double q = Math.sqrt(p.getX() + 9);
}

我希望输出只返回 java.awt.Point 中对象的x值,但是Soot为 getX-function 提供以下代码:< / p> 

public double getX(){ 
  java.awt.Point $r0; 
  java.lang.Error $r1; 
  $r0 :=> @this: java.awt.Point; 
  $r1 = new java.lang.Error; 
  specialinvoke $r1.<java.lang.Error: void <init>(java.lang.String)>("Unresolved
  compilation error: Method <java.awt.Point: double getX()> does not exist!");
  throw $r1; 
}

我使用以下代码检测副作用: 

public static boolean hasSideEffects(SootMethod toAnalyse){
    HashSet<SootMethod> visited = new HashSet<>();
    Stack<SootMethod> toVisit = new Stack<>();
    toVisit.add(toAnalyse);
    while (!toVisit.empty()){
        SootMethod current = toVisit.pop();
        if(visited.contains(current)) continue;
        System.out.println(current.retrieveActiveBody());
        visited.add(current);
        List<AssignStmt> assignments = current.retrieveActiveBody().getUnits().stream().filter(it -> it instanceof AssignStmt).map(it -> (AssignStmt) it).collect(Collectors.toList());
        if(assignments.stream().filter( it -> it.getLeftOp() instanceof FieldRef).findAny().orElse(null) != null){
            return true;
        }
        if(assignments.stream().filter( it -> it.getRightOp() instanceof FieldRef).findAny().orElse(null) != null){
            return true;
        }
        List<SootMethodRef> assignMethods = assignments.stream().filter(it -> it.getRightOp() instanceof InvokeExpr).map(it -> ((InvokeExpr) it.getRightOp()).getMethodRef()).collect(Collectors.toList());
        assignMethods.addAll(current.retrieveActiveBody().getUnits().stream().filter(it -> it instanceof InvokeStmt).map(it -> ((InvokeStmt) it).getInvokeExpr().getMethodRef()).collect(Collectors.toList()));


        for (SootMethodRef ref: assignMethods) {
            SootClass sootClass = bringClassToScene(ref.declaringClass().getName());
            sootClass.setApplicationClass();
            toVisit.add(ref.resolve());
        }
    }
    return false;
}

函数调用:

classToAnalyse = Scene.v().loadClassAndSupport("ToAnalyseTest");
SootMethod method = classToAnalyse.getMethod("void testMeWithSoot()");
hasSideEffects(method);

我是否必须手动加载类? 如果是,我该怎么做?

1 个答案:

答案 0 :(得分:0)

您是否尝试在相应的SootMethod上调用retrieveActiveBody()?

相关问题
最新问题