Class TaintExpandOperator
- java.lang.Object
-
- proguard.analysis.cpa.jvm.operators.DefaultExpandOperator<SetAbstractState<JvmTaintSource>>
-
- proguard.analysis.cpa.jvm.domain.taint.TaintExpandOperator
-
- All Implemented Interfaces:
ExpandOperator<SetAbstractState<JvmTaintSource>>
public class TaintExpandOperator extends DefaultExpandOperator<SetAbstractState<JvmTaintSource>>
ThisExpandOperatorinherits all the functionalities of aDefaultExpandOperatorand in addition taints the return values if the called function is a source.
-
-
Constructor Summary
Constructors Constructor Description TaintExpandOperator(JvmCfa cfa, java.util.Map<Signature,java.util.Set<JvmTaintSource>> signaturesToSources)Create the operator specifying the taint sources.TaintExpandOperator(JvmCfa cfa, java.util.Map<Signature,java.util.Set<JvmTaintSource>> signaturesToSources, boolean expandHeap)Create the operator specifying the taint sources.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected java.util.List<SetAbstractState<JvmTaintSource>>calculateReturnValues(JvmAbstractState<SetAbstractState<JvmTaintSource>> reducedExitState, Instruction returnInstruction, Call call)The calculation of return values supports tainting it in case the analyzed method is a taint source.protected JvmAbstractState<SetAbstractState<JvmTaintSource>>createJvmAbstractState(JvmCfaNode programLocation, JvmFrameAbstractState<SetAbstractState<JvmTaintSource>> frame, JvmHeapAbstractState<SetAbstractState<JvmTaintSource>> heap, MapAbstractState<java.lang.String,SetAbstractState<JvmTaintSource>> staticFields)JvmAbstractState<SetAbstractState<JvmTaintSource>>expand(JvmAbstractState<SetAbstractState<JvmTaintSource>> expandedInitialState, JvmAbstractState<SetAbstractState<JvmTaintSource>> reducedExitState, JvmCfaNode blockEntryNode, Call call)Reconstructs the state of the caller of a procedure using the information of the expanded initial state, the reduced exit state, the block entry node (that can be used to retrieve the CFA subgraph of the function), and the call to the procedure.java.util.Map<Signature,java.util.Set<JvmTaintSource>>getSignaturesToSources()Returns the mapping from fqns to taint sources.-
Methods inherited from class proguard.analysis.cpa.jvm.operators.DefaultExpandOperator
expandHeap
-
-
-
-
Constructor Detail
-
TaintExpandOperator
public TaintExpandOperator(JvmCfa cfa, java.util.Map<Signature,java.util.Set<JvmTaintSource>> signaturesToSources, boolean expandHeap)
Create the operator specifying the taint sources.- Parameters:
cfa- the control flow automaton of the analyzed program.signaturesToSources- a mapping from method signatures to theirJvmTaintSourceexpandHeap- whether expansion of the heap is performed
-
TaintExpandOperator
public TaintExpandOperator(JvmCfa cfa, java.util.Map<Signature,java.util.Set<JvmTaintSource>> signaturesToSources)
Create the operator specifying the taint sources.- Parameters:
cfa- the control flow automaton of the analyzed program.signaturesToSources- a mapping from method signatures to theirJvmTaintSource
-
-
Method Detail
-
expand
public JvmAbstractState<SetAbstractState<JvmTaintSource>> expand(JvmAbstractState<SetAbstractState<JvmTaintSource>> expandedInitialState, JvmAbstractState<SetAbstractState<JvmTaintSource>> reducedExitState, JvmCfaNode blockEntryNode, Call call)
Description copied from interface:ExpandOperatorReconstructs the state of the caller of a procedure using the information of the expanded initial state, the reduced exit state, the block entry node (that can be used to retrieve the CFA subgraph of the function), and the call to the procedure.- Specified by:
expandin interfaceExpandOperator<SetAbstractState<JvmTaintSource>>- Overrides:
expandin classDefaultExpandOperator<SetAbstractState<JvmTaintSource>>- Parameters:
expandedInitialState- the entry state of the called procedure before any reductionreducedExitState- the state of the called procedure in its exit nodeblockEntryNode- the entry node of the called procedurecall- the information of the call to the procedure- Returns:
- The state of the caller after the procedure call, eventually with some collisions of
identifiers that need the
RebuildOperatorto be solved
-
calculateReturnValues
protected java.util.List<SetAbstractState<JvmTaintSource>> calculateReturnValues(JvmAbstractState<SetAbstractState<JvmTaintSource>> reducedExitState, Instruction returnInstruction, Call call)
The calculation of return values supports tainting it in case the analyzed method is a taint source.- Overrides:
calculateReturnValuesin classDefaultExpandOperator<SetAbstractState<JvmTaintSource>>
-
createJvmAbstractState
protected JvmAbstractState<SetAbstractState<JvmTaintSource>> createJvmAbstractState(JvmCfaNode programLocation, JvmFrameAbstractState<SetAbstractState<JvmTaintSource>> frame, JvmHeapAbstractState<SetAbstractState<JvmTaintSource>> heap, MapAbstractState<java.lang.String,SetAbstractState<JvmTaintSource>> staticFields)
- Overrides:
createJvmAbstractStatein classDefaultExpandOperator<SetAbstractState<JvmTaintSource>>
-
getSignaturesToSources
public java.util.Map<Signature,java.util.Set<JvmTaintSource>> getSignaturesToSources()
Returns the mapping from fqns to taint sources.
-
-