0

我使用 soot 为 java 编写了一个小的副作用检测。它为我自己编写的函数提供了预期的输出。但是对于基本类(java.lang. , java.awt.)它不起作用。

我想用 Soot 分析以下函数:

public void testMeWithSoot(){
    Point p = new Point(1,1);
    double q = Math.sqrt(p.getX() + 9);
}

我期望一个输出,它只是从java.awt.Point返回对象的 x 值,但 Soot 为getX-function提供了以下代码:

public double getX(){ 
  java.awt.Point $r0; 
  java.lang.Error $r1; 
  $r0 :=> @this: java.awt.Point; 
  $r1 = new java.lang.Error; 
  specialinvoke $r1.<java.lang.Error: void <init>(java.lang.String)>("Unresolved
  compilation error: Method <java.awt.Point: double getX()> does not exist!");
  throw $r1; 
}

我使用以下代码来检测副作用:

public static boolean hasSideEffects(SootMethod toAnalyse){
    HashSet<SootMethod> visited = new HashSet<>();
    Stack<SootMethod> toVisit = new Stack<>();
    toVisit.add(toAnalyse);
    while (!toVisit.empty()){
        SootMethod current = toVisit.pop();
        if(visited.contains(current)) continue;
        System.out.println(current.retrieveActiveBody());
        visited.add(current);
        List<AssignStmt> assignments = current.retrieveActiveBody().getUnits().stream().filter(it -> it instanceof AssignStmt).map(it -> (AssignStmt) it).collect(Collectors.toList());
        if(assignments.stream().filter( it -> it.getLeftOp() instanceof FieldRef).findAny().orElse(null) != null){
            return true;
        }
        if(assignments.stream().filter( it -> it.getRightOp() instanceof FieldRef).findAny().orElse(null) != null){
            return true;
        }
        List<SootMethodRef> assignMethods = assignments.stream().filter(it -> it.getRightOp() instanceof InvokeExpr).map(it -> ((InvokeExpr) it.getRightOp()).getMethodRef()).collect(Collectors.toList());
        assignMethods.addAll(current.retrieveActiveBody().getUnits().stream().filter(it -> it instanceof InvokeStmt).map(it -> ((InvokeStmt) it).getInvokeExpr().getMethodRef()).collect(Collectors.toList()));


        for (SootMethodRef ref: assignMethods) {
            SootClass sootClass = bringClassToScene(ref.declaringClass().getName());
            sootClass.setApplicationClass();
            toVisit.add(ref.resolve());
        }
    }
    return false;
}

函数调用:

classToAnalyse = Scene.v().loadClassAndSupport("ToAnalyseTest");
SootMethod method = classToAnalyse.getMethod("void testMeWithSoot()");
hasSideEffects(method);

我必须手动加载类吗?如果是,我该怎么做?

4

1 回答 1

0

您是否尝试在相应的 SootMethod 上调用 retrieveActiveBody()?

于 2017-11-05T21:18:29.773 回答