secure-software-engineering
diff --git a/‎soot-infoflow-integration/test/soot/jimple/infoflow/integration/test/junit/AndroidRegressionTests.java‎
Lines changed: 15 additions & 3 deletions b/‎soot-infoflow-integration/test/soot/jimple/infoflow/integration/test/junit/AndroidRegressionTests.java‎
Lines changed: 15 additions & 3 deletions
diff --git a/‎soot-infoflow-integration/testAPKs/TypeHierarchyTest.apk‎
5.25 MB b/‎soot-infoflow-integration/testAPKs/TypeHierarchyTest.apk‎
5.25 MB
diff --git a/‎soot-infoflow-summaries/src/soot/jimple/infoflow/methodSummary/taintWrappers/SummaryTaintWrapper.java‎
Lines changed: 1 addition & 54 deletions b/‎soot-infoflow-summaries/src/soot/jimple/infoflow/methodSummary/taintWrappers/SummaryTaintWrapper.java‎
Lines changed: 1 addition & 54 deletions
diff --git a/‎soot-infoflow/src/soot/jimple/infoflow/AbstractInfoflow.java‎
Lines changed: 2 additions & 1 deletion b/‎soot-infoflow/src/soot/jimple/infoflow/AbstractInfoflow.java‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎soot-infoflow/src/soot/jimple/infoflow/typing/ITypeChecker.java‎
Lines changed: 0 additions & 23 deletions b/‎soot-infoflow/src/soot/jimple/infoflow/typing/ITypeChecker.java‎
Lines changed: 0 additions & 23 deletions
diff --git a/‎soot-infoflow/src/soot/jimple/infoflow/typing/SootBasedTypeChecker.java‎
Lines changed: 0 additions & 61 deletions b/‎soot-infoflow/src/soot/jimple/infoflow/typing/SootBasedTypeChecker.java‎
Lines changed: 0 additions & 61 deletions
diff --git a/‎soot-infoflow/src/soot/jimple/infoflow/typing/TypeUtils.java‎
Lines changed: 38 additions & 20 deletions b/‎soot-infoflow/src/soot/jimple/infoflow/typing/TypeUtils.java‎
Lines changed: 38 additions & 20 deletions
@@ -5,15 +5,13 @@
 import org.xmlpull.v1.XmlPullParserException;
 import soot.jimple.infoflow.InfoflowConfiguration;
 import soot.jimple.infoflow.android.SetupApplication;
-import soot.jimple.infoflow.methodSummary.data.provider.EagerSummaryProvider;
-import soot.jimple.infoflow.methodSummary.taintWrappers.SummaryTaintWrapper;
 import soot.jimple.infoflow.methodSummary.taintWrappers.TaintWrapperFactory;
 import soot.jimple.infoflow.results.InfoflowResults;
 import soot.jimple.infoflow.taintWrappers.ITaintPropagationWrapper;
+import soot.jimple.infoflow.util.DebugFlowFunctionTaintPropagationHandler;
 
 import javax.xml.stream.XMLStreamException;
 import java.io.IOException;
-import java.net.URISyntaxException;
 import java.util.Collections;
 
 /**
@@ -43,4 +41,18 @@ public void testFlowSensitivityWithOverwrite() throws XmlPullParserException, IO
         Assert.assertEquals(2, results.size());
         Assert.assertEquals(2, results.getResultSet().size());
     }
+
+
+    /**
+     * Tests that StubDroid correctly narrows the type when the summary is in a superclass.
+     * See also the comment in SummaryTaintWrapper#getSummaryDeclaringClass().
+     */
+    @Test
+    public void testTypeHierarchyFromSummary() throws XmlPullParserException, IOException {
+        SetupApplication app = initApplication("testAPKs/TypeHierarchyTest.apk");
+        app.setTaintPropagationHandler(new DebugFlowFunctionTaintPropagationHandler());
+        InfoflowResults results = app.runInfoflow("../soot-infoflow-android/SourcesAndSinks.txt");
+        Assert.assertEquals(1, results.size());
+        Assert.assertEquals(1, results.getResultSet().size());
+    }
 }
@@ -38,7 +38,6 @@
 import soot.jimple.infoflow.solver.IFollowReturnsPastSeedsHandler;
 import soot.jimple.infoflow.taintWrappers.IReversibleTaintWrapper;
 import soot.jimple.infoflow.taintWrappers.ITaintPropagationWrapper;
-import soot.jimple.infoflow.typing.ITypeChecker;
 import soot.jimple.infoflow.typing.TypeUtils;
 import soot.jimple.infoflow.util.ByReferenceBoolean;
 import soot.jimple.infoflow.util.SootMethodRepresentationParser;
@@ -53,7 +52,7 @@
  * @author Steven Arzt
  *
  */
-public class SummaryTaintWrapper implements IReversibleTaintWrapper, ITypeChecker {
+public class SummaryTaintWrapper implements IReversibleTaintWrapper {
 
 	private InfoflowManager manager;
 	private AtomicInteger wrapperHits = new AtomicInteger();
@@ -207,9 +206,6 @@ public void initialize(InfoflowManager manager) {
 		// If we have a fallback wrapper, we need to initialize that one as well
 		if (fallbackWrapper != null)
 			fallbackWrapper.initialize(manager);
-
-		// We need to query the summaries in case we have no proper type information
-		manager.getTypeUtils().registerTypeChecker(this);
 	}
 
 	public Collection<PreAnalysisHandler> getPreAnalysisHandlers() {
@@ -1826,53 +1822,4 @@ public Set<Abstraction> getInverseTaintsForMethod(Stmt stmt, Abstraction d1, Abs
 		return resAbs;
 	}
 
-	@Override
-	public Type getMorePreciseType(Type tp1, Type tp2) {
-		// We query the summaries to establish a type hierarchy beyond the Soot scene
-		if (tp1 instanceof RefType && tp2 instanceof RefType) {
-			RefType rt1 = (RefType) tp1;
-			RefType rt2 = (RefType) tp2;
-
-			SootClass sc1 = rt1.getSootClass();
-			SootClass sc2 = rt2.getSootClass();
-
-			if (sc1.isPhantom() || sc2.isPhantom()) {
-				String sc1Name = sc1.getName();
-				String sc2Name = sc2.getName();
-
-				ClassMethodSummaries cs1 = flows.getClassFlows(sc1.getName());
-				ClassMethodSummaries cs2 = flows.getClassFlows(sc2.getName());
-
-				// Type1 may be a superclass or interface of cs2
-				if (cs2 != null) {
-					ClassMethodSummaries curSummaries = cs2;
-					while (curSummaries != null) {
-						if (sc1Name.equals(curSummaries.getSuperClass()))
-							return tp2;
-						for (String intf : curSummaries.getInterfaces()) {
-							if (intf.equals(sc1Name))
-								return tp2;
-						}
-						curSummaries = flows.getClassFlows(curSummaries.getSuperClass());
-					}
-				}
-
-				// Type2 may be a superclass or interface of cs1
-				if (cs1 != null) {
-					ClassMethodSummaries curSummaries = cs1;
-					while (curSummaries != null) {
-						if (sc2Name.equals(curSummaries.getSuperClass()))
-							return tp1;
-						for (String intf : curSummaries.getInterfaces()) {
-							if (intf.equals(sc2Name))
-								return tp1;
-						}
-						curSummaries = flows.getClassFlows(curSummaries.getSuperClass());
-					}
-				}
-			}
-		}
-		return null;
-	}
-
 }
@@ -593,7 +593,8 @@ protected void runAnalysis(final ISourceSinkManager sourcesSinks, final Set<Stri
 			// Initialize the abstraction configuration
 			Abstraction.initialize(config);
 
-			preProcessors.addAll(getTaintWrapper().getPreAnalysisHandlers());
+			if (taintWrapper != null)
+				preProcessors.addAll(taintWrapper.getPreAnalysisHandlers());
 
 			// Build the callgraph
 			long beforeCallgraph = System.nanoTime();
 
@@ -1,6 +1,5 @@
 package soot.jimple.infoflow.typing;
 
-import java.util.ArrayList;
 import java.util.List;
 import java.util.stream.Collectors;
 
@@ -22,7 +21,6 @@
 import soot.Type;
 import soot.jimple.infoflow.InfoflowManager;
 import soot.jimple.infoflow.data.AccessPath;
-import soot.jimple.infoflow.taintWrappers.ITaintPropagationWrapper;
 
 /**
  * Class containing various utility methods for dealing with type information
@@ -33,13 +31,9 @@
 public class TypeUtils {
 
 	private final InfoflowManager manager;
-	private final List<ITypeChecker> typeCheckers = new ArrayList<>();
 
 	public TypeUtils(InfoflowManager manager) {
 		this.manager = manager;
-
-		// We want to query the standard Soot type hierarchy first
-		typeCheckers.add(new SootBasedTypeChecker());
 	}
 
 	/**
@@ -192,10 +186,44 @@ public boolean hasCompatibleTypesForCall(AccessPath apBase, SootClass dest) {
 	 * @return The more precise one of the two given types
 	 */
 	public Type getMorePreciseType(Type tp1, Type tp2) {
-		for (ITypeChecker checker : this.typeCheckers) {
-			Type tp = checker.getMorePreciseType(tp1, tp2);
-			if (tp != null)
-				return tp;
+		final FastHierarchy fastHierarchy = Scene.v().getOrMakeFastHierarchy();
+
+		if (tp1 == null)
+			return tp2;
+		else if (tp2 == null)
+			return tp1;
+		else if (tp1 == tp2)
+			return tp1;
+		else if (TypeUtils.isObjectLikeType(tp1))
+			return tp2;
+		else if (TypeUtils.isObjectLikeType(tp2))
+			return tp1;
+		else if (tp1 instanceof PrimType && tp2 instanceof PrimType)
+			return tp1; // arbitrary choice
+		else if (fastHierarchy.canStoreType(tp2, tp1))
+			return tp2;
+		else if (fastHierarchy.canStoreType(tp1, tp2))
+			return tp1;
+		else {
+			// If one type is an array type and the other one is the base type,
+			// we still accept the cast
+			if (tp1 instanceof ArrayType && tp2 instanceof ArrayType) {
+				ArrayType at1 = (ArrayType) tp1;
+				ArrayType at2 = (ArrayType) tp2;
+				if (at1.numDimensions != at2.numDimensions)
+					return null;
+				Type preciseType = getMorePreciseType(at1.getElementType(), at2.getElementType());
+				if (preciseType == null)
+					return null;
+
+				return ArrayType.v(preciseType, at1.numDimensions);
+			} else if (tp1 instanceof ArrayType) {
+				ArrayType at = (ArrayType) tp1;
+				return getMorePreciseType(at.getElementType(), tp2);
+			} else if (tp2 instanceof ArrayType) {
+				ArrayType at = (ArrayType) tp2;
+				return getMorePreciseType(tp1, at.getElementType());
+			}
 		}
 		return null;
 	}
@@ -289,16 +317,6 @@ public static Type buildArrayOrAddDimension(Type type, Type arrayType) {
 			return ArrayType.v(type, 1);
 	}
 
-	/**
-	 * Registers an additional type checker implementation with the typing
-	 * infrastructure
-	 * 
-	 * @param checker The type checker to register
-	 */
-	public void registerTypeChecker(ITypeChecker checker) {
-		this.typeCheckers.add(checker);
-	}
-
 	/**
 	 * Gets all classes that inherit from the given class or that transitively
 	 * implement the given interface