Merge pull request #554 from MarcMil/marc-improvements

Some improvements

Author: StevenArzt

soot-infoflow-android/src/soot/jimple/infoflow/android/callbacks/AbstractCallbackAnalyzer.java

@@ -586,10 +586,6 @@ protected void analyzeMethodForViewPagers(SootClass clazz, SootMethod method) {
 
 		Body body = method.retrieveActiveBody();
 
-		if (method.getDeclaringClass().getName().equals("org.liberty.android.fantastischmemo.ui.AnyMemo")
-				&& method.getName().equals("initDrawer"))
-			System.out.println("x");
-
 		// look for invocations of ViewPager.setAdapter
 		for (Unit u : body.getUnits()) {
 			Stmt stmt = (Stmt) u;

soot-infoflow-summaries/src/soot/jimple/infoflow/methodSummary/data/provider/MergingSummaryProvider.java

@@ -16,6 +16,7 @@
 public class MergingSummaryProvider extends AbstractMethodSummaryProvider {
 
 	protected final Collection<IMethodSummaryProvider> innerProviders;
+	private ClassSummaries cachedSummaries;
 
 	protected MergingSummaryProvider() {
 		this.innerProviders = new HashSet<>();
@@ -108,7 +109,9 @@ public Collection<IMethodSummaryProvider> getInnerProviders() {
 
 	@Override
 	public ClassSummaries getSummaries() {
-		ClassSummaries summaries = null;
+		ClassSummaries summaries = cachedSummaries;
+		if (summaries != null)
+			return summaries;
 		for (IMethodSummaryProvider provider : innerProviders) {
 			ClassSummaries providerSummaries = provider.getSummaries();
 			if (providerSummaries != null) {
@@ -117,6 +120,7 @@ public ClassSummaries getSummaries() {
 				summaries.merge(providerSummaries);
 			}
 		}
+		this.cachedSummaries = summaries;
 		return summaries;
 	}
 

soot-infoflow-summaries/src/soot/jimple/infoflow/methodSummary/taintWrappers/SummaryTaintWrapper.java

@@ -1425,13 +1425,7 @@ protected AccessPathFragment cutSubFields(MethodFlow flow, AccessPathFragment ac
 	 */
 	protected boolean isCutSubFields(MethodFlow flow) {
 		Boolean cut = flow.getCutSubFields();
-		Boolean typeChecking = flow.getTypeChecking();
-		if (cut == null) {
-			if (typeChecking != null)
-				return !typeChecking.booleanValue();
-			return false;
-		}
-		return cut.booleanValue();
+		return cut != null && cut.booleanValue();
 	}
 
 	/**

soot-infoflow/src/soot/jimple/infoflow/InfoflowConfiguration.java

@@ -1304,6 +1304,7 @@ public boolean equals(Object obj) {
 	private long dataFlowTimeout = 0;
 	private double memoryThreshold = 0.9d;
 	private boolean oneSourceAtATime = false;
+	private int maxAliasingBases = Integer.MAX_VALUE;
 
 	private static String baseDirectory = "";
 
@@ -2240,4 +2241,12 @@ public SourceSinkConfiguration getSourceSinkConfig() {
 		return sourceSinkConfig;
 	}
 
+	public int getMaxAliasingBases() {
+		return maxAliasingBases;
+	}
+
+	public void setMaxAliasingBases(int value) {
+		maxAliasingBases = value;
+	}
+
 }

soot-infoflow/src/soot/jimple/infoflow/aliasing/Aliasing.java

@@ -30,6 +30,7 @@
 import soot.jimple.infoflow.InfoflowManager;
 import soot.jimple.infoflow.data.Abstraction;
 import soot.jimple.infoflow.data.AccessPath;
+import soot.jimple.infoflow.data.AccessPathFactory;
 import soot.jimple.infoflow.data.AccessPathFragment;
 import soot.jimple.infoflow.typing.TypeUtils;
 import soot.jimple.toolkits.pointer.LocalMustAliasAnalysis;
@@ -116,9 +117,13 @@ public AccessPath getReferencedAPBase(AccessPath taintedAP, SootField[] referenc
 	 */
 	public static AccessPath getReferencedAPBase(AccessPath taintedAP, SootField[] referencedFields,
 			InfoflowManager manager) {
+		final AccessPathFactory af = manager.getAccessPathFactory();
 		final Collection<AccessPathFragment[]> bases = taintedAP.isStaticFieldRef()
-				? manager.getAccessPathFactory().getBaseForType(taintedAP.getFirstFieldType())
-				: manager.getAccessPathFactory().getBaseForType(taintedAP.getBaseType());
+				? af.getBaseForType(taintedAP.getFirstFieldType())
+				: af.getBaseForType(taintedAP.getBaseType());
+		if (bases != null && bases.size() > manager.getConfig().getMaxAliasingBases())
+			// Too much stuff, possibly overtainted
+			return null;
 
 		int fieldIdx = 0;
 		while (fieldIdx < referencedFields.length) {

soot-infoflow/src/soot/jimple/infoflow/data/AccessPathFactory.java

@@ -7,6 +7,8 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import gnu.trove.set.hash.TCustomHashSet;
+import gnu.trove.strategy.HashingStrategy;
 import soot.ArrayType;
 import soot.Local;
 import soot.PrimType;
@@ -21,7 +23,6 @@
 import soot.jimple.StaticFieldRef;
 import soot.jimple.infoflow.InfoflowConfiguration;
 import soot.jimple.infoflow.InfoflowConfiguration.AccessPathConfiguration;
-import soot.jimple.infoflow.collect.ConcurrentHashSet;
 import soot.jimple.infoflow.collect.MyConcurrentHashMap;
 import soot.jimple.infoflow.data.AccessPath.ArrayTaintType;
 import soot.jimple.infoflow.typing.TypeUtils;
@@ -415,7 +416,20 @@ public AccessPath createAccessPath(Value val, Type valType, AccessPathFragment[]
 	}
 
 	private void registerBase(Type eiType, AccessPathFragment[] base) {
-		Set<AccessPathFragment[]> bases = baseRegister.computeIfAbsent(eiType, t -> new ConcurrentHashSet<>());
+		Set<AccessPathFragment[]> bases = baseRegister.computeIfAbsent(eiType,
+				t -> new TCustomHashSet<>(new HashingStrategy<AccessPathFragment[]>() {
+
+					@Override
+					public int computeHashCode(AccessPathFragment[] arg0) {
+						return Arrays.hashCode(arg0);
+					}
+
+					@Override
+					public boolean equals(AccessPathFragment[] arg0, AccessPathFragment[] arg1) {
+						return Arrays.equals(arg0, arg1);
+					}
+
+				}));
 		bases.add(base);
 	}
 

soot-infoflow/src/soot/jimple/infoflow/nativeCallHandler/DefaultNativeCallHandler.java

@@ -76,7 +76,18 @@ public Set<Abstraction> getTaintedValues(Stmt call, Abstraction source, Value[]
 
 	@Override
 	public boolean supportsCall(Stmt call) {
-		return call.containsInvokeExpr() && call.getInvokeExpr().getMethod().getSignature().equals(SIG_ARRAYCOPY);
+		if (!call.containsInvokeExpr())
+			return false;
+		String sig = call.getInvokeExpr().getMethod().getSignature();
+		switch (sig) {
+		case SIG_ARRAYCOPY:
+		case SIG_COMPARE_AND_SWAP_OBJECT:
+		case SIG_NEW_ARRAY:
+			return true;
+
+		default:
+			return false;
+		}
 	}
 
 }

soot-infoflow/src/soot/jimple/infoflow/problems/InfoflowProblem.java

@@ -501,6 +501,7 @@ public FlowFunction<Abstraction> getReturnFlowFunction(final Unit callSite, fina
 					public Set<Abstraction> computeTargets(Abstraction source, Abstraction d1,
 							Collection<Abstraction> callerD1s) {
 						Set<Abstraction> res = computeTargetsInternal(source, d1, callerD1s);
+
 						return notifyOutFlowHandlers(exitStmt, d1, source, res, FlowFunctionType.ReturnFlowFunction);
 					}
 
@@ -511,9 +512,6 @@ private Set<Abstraction> computeTargetsInternal(Abstraction source, Abstraction
 						if (source == getZeroValue())
 							return null;
 
-						if (callee.getName().equals("sendMessage"))
-							System.out.println("x");
-
 						// Notify the handler if we have one
 						if (taintPropagationHandler != null)
 							taintPropagationHandler.notifyFlowIn(exitStmt, source, manager,

soot-infoflow/src/soot/jimple/infoflow/solver/cfg/InfoflowCFG.java

@@ -284,7 +284,7 @@ public boolean isStaticFieldUsed(SootMethod method, SootField variable) {
 		return use == StaticFieldUse.Write || use == StaticFieldUse.ReadWrite || use == StaticFieldUse.Unknown;
 	}
 
-	protected synchronized StaticFieldUse checkStaticFieldUsed(SootMethod smethod, SootField variable) {
+	protected StaticFieldUse checkStaticFieldUsed(SootMethod smethod, SootField variable) {
 		// Skip over phantom methods
 		if (!smethod.isConcrete() || !smethod.hasActiveBody())
 			return StaticFieldUse.Unused;
@@ -383,8 +383,10 @@ else if (writes)
 		}
 
 		// Merge the temporary results into the global cache
-		for (Entry<SootMethod, StaticFieldUse> tempEntry : tempUses.entrySet()) {
-			registerStaticVariableUse(tempEntry.getKey(), variable, tempEntry.getValue());
+		synchronized (tempUses) {
+			for (Entry<SootMethod, StaticFieldUse> tempEntry : tempUses.entrySet()) {
+				registerStaticVariableUse(tempEntry.getKey(), variable, tempEntry.getValue());
+			}
 		}
 
 		StaticFieldUse outerUse = tempUses.get(smethod);

soot-infoflow/src/soot/jimple/infoflow/solver/fastSolver/IFDSSolver.java

@@ -65,6 +65,18 @@
 public class IFDSSolver<N, D extends FastSolverLinkedNode<D, N>, I extends BiDiInterproceduralCFG<N, SootMethod>>
 		implements IMemoryBoundedSolver {
 
+	public enum ScheduleTarget {
+		/**
+		 * Try to run on the same thread within the executor
+		 */
+		LOCAL,
+
+		/**
+		 * Run possibly on another executor
+		 */
+		EXECUTOR;
+	}
+
 	public static CacheBuilder<Object, Object> DEFAULT_CACHE_BUILDER = CacheBuilder.newBuilder()
 			.concurrencyLevel(Runtime.getRuntime().availableProcessors()).initialCapacity(10000).softValues();
 
@@ -200,7 +212,7 @@ protected void submitInitialSeeds() {
 		for (Entry<N, Set<D>> seed : initialSeeds.entrySet()) {
 			N startPoint = seed.getKey();
 			for (D val : seed.getValue())
-				propagate(zeroValue, startPoint, val, null, false);
+				propagate(zeroValue, startPoint, val, null, false, ScheduleTarget.EXECUTOR);
 			addFunction(new PathEdge<N, D>(zeroValue, startPoint, zeroValue));
 		}
 	}
@@ -253,15 +265,21 @@ private void runExecutorAndAwaitCompletion() {
 	 * Dispatch the processing of a given edge. It may be executed in a different
 	 * thread.
 	 * 
-	 * @param edge the edge to process
+	 * @param edge           the edge to process
+	 * @param scheduleTarget
 	 */
-	protected void scheduleEdgeProcessing(PathEdge<N, D> edge) {
+	protected void scheduleEdgeProcessing(PathEdge<N, D> edge, ScheduleTarget scheduleTarget) {
 		// If the executor has been killed, there is little point
 		// in submitting new tasks
 		if (killFlag != null || executor.isTerminating() || executor.isTerminated())
 			return;
 
-		executor.execute(new PathEdgeProcessingTask(edge, solverId));
+		IFDSSolver<N, D, I>.PathEdgeProcessingTask task = new PathEdgeProcessingTask(edge, solverId);
+		if (scheduleTarget == ScheduleTarget.EXECUTOR)
+			executor.execute(task);
+		else {
+			LocalWorklistTask.scheduleLocal(task);
+		}
 		propagationCount++;
 	}
 
@@ -309,7 +327,7 @@ public void accept(SootMethod sCalledProcN) {
 								// for each callee's start point(s)
 								for (N sP : startPointsOf) {
 									// create initial self-loop
-									propagate(d3, sP, d3, n, false); // line 15
+									propagate(d3, sP, d3, n, false, ScheduleTarget.EXECUTOR); // line 15
 								}
 
 								// register the fact that <sp,d3> has an incoming edge from
@@ -337,7 +355,7 @@ public void accept(SootMethod sCalledProcN) {
 					if (memoryManager != null)
 						d3 = memoryManager.handleGeneratedMemoryObject(d2, d3);
 					if (d3 != null)
-						propagate(d1, returnSiteN, d3, n, false);
+						propagate(d1, returnSiteN, d3, n, false, ScheduleTarget.EXECUTOR);
 				}
 			}
 		}
@@ -401,7 +419,7 @@ protected void applyEndSummaryOnCall(final D d1, final N n, final D d2, Collecti
 									d5p = d2;
 								break;
 							}
-							propagate(d1, retSiteN, d5p, n, false);
+							propagate(d1, retSiteN, d5p, n, false, ScheduleTarget.EXECUTOR);
 						}
 					}
 				}
@@ -503,7 +521,7 @@ protected void processExit(PathEdge<N, D> edge) {
 										d5p = predVal;
 									break;
 								}
-								propagate(d4, retSiteC, d5p, c, false);
+								propagate(d4, retSiteC, d5p, c, false, ScheduleTarget.EXECUTOR);
 							}
 						}
 					}
@@ -528,7 +546,7 @@ protected void processExit(PathEdge<N, D> edge) {
 							if (memoryManager != null)
 								d5 = memoryManager.handleGeneratedMemoryObject(d2, d5);
 							if (d5 != null)
-								propagate(zeroValue, retSiteC, d5, c, true);
+								propagate(zeroValue, retSiteC, d5, c, true, ScheduleTarget.EXECUTOR);
 						}
 					}
 				}
@@ -585,7 +603,7 @@ private void processNormalFlow(PathEdge<N, D> edge) {
 					if (memoryManager != null && d2 != d3)
 						d3 = memoryManager.handleGeneratedMemoryObject(d2, d3);
 					if (d3 != null)
-						propagate(d1, m, d3, null, false);
+						propagate(d1, m, d3, null, false, ScheduleTarget.LOCAL);
 				}
 			}
 		}
@@ -618,10 +636,11 @@ protected Set<D> computeNormalFlowFunction(FlowFunction<D> flowFunction, D d1, D
 	 *                           unbalanced return (this value is not used within
 	 *                           this implementation but may be useful for
 	 *                           subclasses of {@link IFDSSolver})
+	 * @param local
 	 */
 	protected void propagate(D sourceVal, N target, D targetVal,
 			/* deliberately exposed to clients */ N relatedCallSite,
-			/* deliberately exposed to clients */ boolean isUnbalancedReturn) {
+			/* deliberately exposed to clients */ boolean isUnbalancedReturn, ScheduleTarget scheduleTarget) {
 		// Let the memory manager run
 		if (memoryManager != null) {
 			sourceVal = memoryManager.handleMemoryObject(sourceVal);
@@ -651,7 +670,7 @@ protected void propagate(D sourceVal, N target, D targetVal,
 				}
 			}
 		} else {
-			scheduleEdgeProcessing(edge);
+			scheduleEdgeProcessing(edge, scheduleTarget);
 		}
 	}
 
@@ -733,7 +752,7 @@ public void printStats() {
 		}
 	}
 
-	private class PathEdgeProcessingTask implements Runnable {
+	private class PathEdgeProcessingTask extends LocalWorklistTask {
 
 		private final PathEdge<N, D> edge;
 		private final boolean solverId;
@@ -743,7 +762,7 @@ public PathEdgeProcessingTask(PathEdge<N, D> edge, boolean solverId) {
 			this.solverId = solverId;
 		}
 
-		public void run() {
+		public void runInternal() {
 			final N target = edge.getTarget();
 			if (icfg.isCallStmt(target)) {
 				processCall(edge);