proguard.analysis.cpa.jvm.domain.taint

Class JvmTaintExpandOperator

java.lang.Object

proguard.analysis.cpa.jvm.operators.JvmDefaultExpandOperator<SetAbstractState<JvmTaintSource>>

proguard.analysis.cpa.jvm.domain.taint.JvmTaintExpandOperator

All Implemented Interfaces:

ExpandOperator<JvmCfaNode,JvmCfaEdge,MethodSignature>, JvmAbstractStateFactory<SetAbstractState<JvmTaintSource>>

public class JvmTaintExpandOperator
extends JvmDefaultExpandOperator<SetAbstractState<JvmTaintSource>>

This ExpandOperator inherits all the functionalities of a JvmDefaultExpandOperator and in addition taints the return values if the called function is a source.

Constructor Summary

Constructors

Constructor and Description
JvmTaintExpandOperator(JvmCfa cfa, java.util.Map<Signature,java.util.Set<JvmTaintSource>> signaturesToSources) Create the operator specifying the taint sources.
JvmTaintExpandOperator(JvmCfa cfa, java.util.Map<Signature,java.util.Set<JvmTaintSource>> signaturesToSources, boolean expandHeap) Create the operator specifying the taint sources.

Method Summary

Modifier and Type	Method and Description
protected java.util.List<SetAbstractState<JvmTaintSource>>	calculateReturnValues(AbstractState reducedExitState, Instruction returnInstruction, Call call) The calculation of return values supports tainting it in case the analyzed method is a taint source.
JvmTaintAbstractState	createJvmAbstractState(JvmCfaNode programLocation, JvmFrameAbstractState<SetAbstractState<JvmTaintSource>> frame, JvmHeapAbstractState<SetAbstractState<JvmTaintSource>> heap, MapAbstractState<java.lang.String,SetAbstractState<JvmTaintSource>> staticFields) Returns an instance of JvmAbstractState.
JvmTaintAbstractState	expand(AbstractState expandedInitialState, AbstractState reducedExitState, JvmCfaNode blockEntryNode, Call call) Reconstructs the state of the caller of a procedure using the information of the expanded initial state, the reduced exit state, the block entry node (that can be used to retrieve the CFA subgraph of the function), and the call to the procedure.
java.util.Map<Signature,java.util.Set<JvmTaintSource>>	getSignaturesToSources() Returns the mapping from fqns to taint sources.

Methods inherited from class proguard.analysis.cpa.jvm.operators.JvmDefaultExpandOperator

expandHeap

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

JvmTaintExpandOperator

public JvmTaintExpandOperator(JvmCfa cfa,
                              java.util.Map<Signature,java.util.Set<JvmTaintSource>> signaturesToSources,
                              boolean expandHeap)

Create the operator specifying the taint sources.

Parameters:

cfa - the control flow automaton of the analyzed program.

signaturesToSources - a mapping from method signatures to their JvmTaintSource

expandHeap - whether expansion of the heap is performed

JvmTaintExpandOperator

public JvmTaintExpandOperator(JvmCfa cfa,
                              java.util.Map<Signature,java.util.Set<JvmTaintSource>> signaturesToSources)

Create the operator specifying the taint sources.

Parameters:

cfa - the control flow automaton of the analyzed program.

signaturesToSources - a mapping from method signatures to their JvmTaintSource

Method Detail

expand

public JvmTaintAbstractState expand(AbstractState expandedInitialState,
                                    AbstractState reducedExitState,
                                    JvmCfaNode blockEntryNode,
                                    Call call)

Description copied from interface: ExpandOperator

Reconstructs the state of the caller of a procedure using the information of the expanded initial state, the reduced exit state, the block entry node (that can be used to retrieve the CFA subgraph of the function), and the call to the procedure.

Specified by:

expand in interface ExpandOperator<JvmCfaNode,JvmCfaEdge,MethodSignature>

Overrides:

expand in class JvmDefaultExpandOperator<SetAbstractState<JvmTaintSource>>

Parameters:

expandedInitialState - the entry state of the called procedure before any reduction

reducedExitState - the state of the called procedure in its exit node

blockEntryNode - the entry node of the called procedure

call - the information of the call to the procedure

Returns:

The state of the caller after the procedure call, eventually with some collisions of identifiers that need the RebuildOperator to be solved

calculateReturnValues

protected java.util.List<SetAbstractState<JvmTaintSource>> calculateReturnValues(AbstractState reducedExitState,
                                                                                 Instruction returnInstruction,
                                                                                 Call call)

The calculation of return values supports tainting it in case the analyzed method is a taint source.

Overrides:

calculateReturnValues in class JvmDefaultExpandOperator<SetAbstractState<JvmTaintSource>>

createJvmAbstractState

public JvmTaintAbstractState createJvmAbstractState(JvmCfaNode programLocation,
                                                    JvmFrameAbstractState<SetAbstractState<JvmTaintSource>> frame,
                                                    JvmHeapAbstractState<SetAbstractState<JvmTaintSource>> heap,
                                                    MapAbstractState<java.lang.String,SetAbstractState<JvmTaintSource>> staticFields)

Description copied from interface: JvmAbstractStateFactory

Returns an instance of JvmAbstractState.

getSignaturesToSources

public java.util.Map<Signature,java.util.Set<JvmTaintSource>> getSignaturesToSources()

Returns the mapping from fqns to taint sources.