Merge pull request #343 from jpstotz/InterprocConstValuePropagator

StevenArzt · web-flow · commit a9d1992c3303 · 2021-05-25T12:25:18.000+02:00
fix: do not propagate constants from synthetic methods
diff --git a/soot-infoflow/src/soot/jimple/infoflow/codeOptimization/InterproceduralConstantValuePropagator.java b/soot-infoflow/src/soot/jimple/infoflow/codeOptimization/InterproceduralConstantValuePropagator.java
@@ -58,6 +58,7 @@
 import soot.jimple.infoflow.entryPointCreators.BaseEntryPointCreator;
 import soot.jimple.infoflow.entryPointCreators.IEntryPointCreator;
 import soot.jimple.infoflow.entryPointCreators.SimulatedCodeElementTag;
+import soot.jimple.infoflow.solver.cfg.IInfoflowCFG;
 import soot.jimple.infoflow.sourcesSinks.manager.ISourceSinkManager;
 import soot.jimple.infoflow.taintWrappers.ITaintPropagationWrapper;
 import soot.jimple.infoflow.util.SystemClassHandler;
@@ -68,6 +69,7 @@
 import soot.jimple.toolkits.scalar.UnconditionalBranchFolder;
 import soot.jimple.toolkits.scalar.UnreachableCodeEliminator;
 import soot.options.Options;
+import soot.tagkit.SyntheticTag;
 import soot.toolkits.exceptions.ThrowAnalysis;
 import soot.toolkits.exceptions.ThrowableSet;
 import soot.toolkits.exceptions.UnitThrowAnalysis;
@@ -127,7 +129,7 @@ public InterproceduralConstantValuePropagator(InfoflowManager manager) {
 	public InterproceduralConstantValuePropagator(InfoflowManager manager, Collection<SootMethod> excludedMethods,
 			ISourceSinkManager sourceSinkManager, ITaintPropagationWrapper taintWrapper) {
 		this.manager = manager;
-		this.excludedMethods = new HashSet<SootMethod>(excludedMethods);
+		this.excludedMethods = new HashSet<>(excludedMethods);
 		this.sourceSinkManager = sourceSinkManager;
 		this.taintWrapper = taintWrapper;
 	}
@@ -256,7 +258,7 @@ protected void internalTransform(String phaseName, Map<String, String> options)
 						continue;
 
 					boolean allCalleesRemoved = true;
-					Set<SootClass> exceptions = new HashSet<SootClass>();
+					Set<SootClass> exceptions = new HashSet<>();
 					for (Iterator<Edge> edgeIt = Scene.v().getCallGraph().edgesOutOf(s); edgeIt.hasNext();) {
 						Edge edge = edgeIt.next();
 						SootMethod callee = edge.tgt();
@@ -392,10 +394,11 @@ private boolean typeSupportsConstants(Type returnType) {
 	 * @param sm The method whose value to propagate
 	 */
 	private void propagateReturnValueIntoCallers(SootMethod sm) {
+		final IInfoflowCFG icfg = manager.getICFG();
 		// We need to make sure that all exit nodes agree on the same
 		// constant value
 		Constant value = null;
-		for (Unit retSite : manager.getICFG().getEndPointsOf(sm)) {
+		for (Unit retSite : icfg.getEndPointsOf(sm)) {
 			// Skip exceptional exits
 			if (!(retSite instanceof ReturnStmt))
 				continue;
@@ -411,7 +414,7 @@ private void propagateReturnValueIntoCallers(SootMethod sm) {
 
 		// Propagate the return value into the callers
 		if (value != null)
-			for (Unit callSite : manager.getICFG().getCallersOf(sm))
+			for (Unit callSite : icfg.getCallersOf(sm))
 				if (callSite instanceof AssignStmt) {
 					AssignStmt assign = (AssignStmt) callSite;
 
@@ -427,13 +430,13 @@ private void propagateReturnValueIntoCallers(SootMethod sm) {
 
 					// Make sure that we don't access anything we have already
 					// removed
-					SootMethod caller = manager.getICFG().getMethodOf(assign);
+					SootMethod caller = icfg.getMethodOf(assign);
 					if (caller == null || !caller.getActiveBody().getUnits().contains(assign))
 						continue;
 
 					// If the call site has multiple callees, we cannot
 					// propagate a single constant
-					Collection<SootMethod> callees = manager.getICFG().getCalleesOfCallAt(callSite);
+					Collection<SootMethod> callees = icfg.getCalleesOfCallAt(callSite);
 					if (callees != null && callees.size() > 1)
 						continue;
 
@@ -794,7 +797,11 @@ private boolean methodIsAndroidStub(SootMethod method) {
 	 * @param sm The method for which to look for call sites.
 	 */
 	private void propagateConstantsIntoCallee(SootMethod sm) {
-		Collection<Unit> callSites = manager.getICFG().getCallersOf(sm);
+
+		// icfg field is final in InfoflowManager, hence it can't change
+		// and we can cache it here so we don't have to retrieve it again and again.
+		final IInfoflowCFG icfg = manager.getICFG();
+		Collection<Unit> callSites = icfg.getCallersOf(sm);
 		if (callSites.isEmpty())
 			return;
 
@@ -807,9 +814,13 @@ private void propagateConstantsIntoCallee(SootMethod sm) {
 		boolean hasCallSites = false;
 		for (Unit callSite : callSites) {
 			// If this call site is in an excluded method, we ignore it
-			if (excludedMethods != null && manager.getICFG().isReachable(callSite)
-					&& excludedMethods.contains(manager.getICFG().getMethodOf(callSite)))
-				continue;
+			if (excludedMethods != null && icfg.isReachable(callSite)) {
+				SootMethod caller = icfg.getMethodOf(callSite);
+				// synthetic methods e.g. created by FlowDroid are excluded by default
+				if (excludedMethods.contains(caller) || caller.hasTag(SyntheticTag.NAME)) {
+					continue;
+				}
+			}
 
 			// We do not support special edges that do not provide a 1:1 argument mapping
 			InvokeExpr iiExpr = ((Stmt) callSite).getInvokeExpr();
@@ -821,7 +832,7 @@ private void propagateConstantsIntoCallee(SootMethod sm) {
 			// If we have a reflective call site, we never have constant
 			// arguments, because
 			// they are always passed in using an array
-			if (manager.getICFG().isReflectiveCallSite(callSite)) {
+			if (icfg.isReflectiveCallSite(callSite)) {
 				for (int i = 0; i < isConstant.length; i++)
 					isConstant[i] = false;
 			} else {
@@ -837,8 +848,9 @@ private void propagateConstantsIntoCallee(SootMethod sm) {
 								isConstant[i] = false;
 							else
 								values[i] = (Constant) argVal;
-						} else
+						} else {
 							isConstant[i] = false;
+						}
 					}
 				}
 			}
@@ -856,7 +868,7 @@ private void propagateConstantsIntoCallee(SootMethod sm) {
 					sm.getActiveBody().getUnits().insertBefore(assignConst, point);
 
 					if (inserted == null)
-						inserted = new ArrayList<Unit>();
+						inserted = new ArrayList<>();
 					inserted.add(assignConst);
 				}
 			}
@@ -869,7 +881,7 @@ private void propagateConstantsIntoCallee(SootMethod sm) {
 
 				// This might lead to more opportunities of constant propagation
 				for (Unit u : sm.getActiveBody().getUnits())
-					for (SootMethod callee : manager.getICFG().getCalleesOfCallAt(u))
+					for (SootMethod callee : icfg.getCalleesOfCallAt(u))
 						checkAndAddMethod(callee);
 			}
 		}
