Merge pull request #151 from secure-software-engineering/feature/sootup-test-setup

Add test setup for SootUp

Author: swissiety

.github/workflows/maven.yml

@@ -12,8 +12,9 @@ on:
 jobs:
   BuildAndTest:
     strategy:
+      fail-fast: false
       matrix:
-        framework: [Soot, Opal] # TODO Add SootUp when available
+        framework: [Soot, SootUp, Opal]
     runs-on: ubuntu-latest
     steps:
     - name: Checkout source code

boomerangPDS/src/test/java/test/cases/statics/SimpleSingletonTest.java

@@ -14,13 +14,19 @@
  */
 package test.cases.statics;
 
+import java.util.List;
 import org.junit.Test;
 import test.core.AbstractBoomerangTest;
 
 public class SimpleSingletonTest extends AbstractBoomerangTest {
 
   private final String target = SimpleSingletonTarget.class.getName();
 
+  @Override
+  public List<String> getIncludedPackages() {
+    return List.of("java.lang.Runnable");
+  }
+
   @Test
   public void singletonDirect() {
     analyze(target, testName.getMethodName());

boomerangPDS/src/test/java/test/core/AbstractBoomerangTest.java

@@ -44,6 +44,7 @@
 import java.util.LinkedHashSet;
 import java.util.Set;
 import java.util.stream.Collectors;
+import org.junit.After;
 import org.junit.Assert;
 import org.junit.Rule;
 import org.junit.rules.TestName;
@@ -74,7 +75,7 @@ public class AbstractBoomerangTest extends TestingFramework {
 
   /**
    * Fails the test cases, when Boomerang's result set contains any object that does not inherit
-   * from {@link test.core.selfrunning.AllocatedObject}.
+   * from {@link AllocatedObject}.
    */
   private static final boolean TRACK_IMPLICIT_IMPRECISE = false;
 
@@ -371,4 +372,9 @@ private void checkContainsAllExpectedAccessPath(Set<AccessPath> allAliases) {
       Assert.fail("Did not find all access path! " + expected);
     }
   }
+
+  @After
+  public void cleanUp() {
+    super.cleanUp();
+  }
 }

boomerangScope-Opal/src/main/scala/boomerang/scope/opal/tac/OpalPhantomMethod.scala

@@ -72,7 +72,7 @@ class OpalPhantomMethod private (
     case _ => false
   }
 
-  override def toString: String = s"PHANTOM: ${declaringClassType.toJava} $name"
+  override def toString: String = s"PHANTOM: ${descriptor.toJava}"
 }
 
 object OpalPhantomMethod {

boomerangScope-SootUp/src/main/java/boomerang/scope/sootup/BoomerangPreInterceptor.java

@@ -22,6 +22,7 @@
 import sootup.core.jimple.basic.*;
 import sootup.core.jimple.common.constant.ClassConstant;
 import sootup.core.jimple.common.constant.Constant;
+import sootup.core.jimple.common.constant.NullConstant;
 import sootup.core.jimple.common.expr.AbstractInstanceInvokeExpr;
 import sootup.core.jimple.common.expr.AbstractInvokeExpr;
 import sootup.core.jimple.common.expr.JStaticInvokeExpr;
@@ -30,13 +31,20 @@
 import sootup.core.jimple.common.ref.JStaticFieldRef;
 import sootup.core.jimple.common.stmt.*;
 import sootup.core.model.Body;
+import sootup.core.model.SootClass;
+import sootup.core.model.SootClassMember;
+import sootup.core.model.SootField;
+import sootup.core.signatures.FieldSignature;
 import sootup.core.transform.BodyInterceptor;
+import sootup.core.types.ClassType;
+import sootup.core.types.ReferenceType;
 import sootup.core.views.View;
 
 public class BoomerangPreInterceptor implements BodyInterceptor {
 
   private final boolean TRANSFORM_CONSTANTS_SETTINGS;
 
+  private static final String CONSTRUCTOR = "<init>";
   private static final String LABEL = "varReplacer";
   private int replaceCounter = 0;
 
@@ -52,6 +60,10 @@ public BoomerangPreInterceptor(boolean transformConstantsSettings) {
   public void interceptBody(Body.@NonNull BodyBuilder bodyBuilder, @NonNull View view) {
     addNopStatementsToMethod(bodyBuilder);
 
+    if (bodyBuilder.getMethodSignature().getName().equals(CONSTRUCTOR)) {
+      addNullifiedFields(bodyBuilder, view);
+    }
+
     if (TRANSFORM_CONSTANTS_SETTINGS) {
       transformConstantsAtFieldWrites(bodyBuilder);
     }
@@ -244,4 +256,83 @@ private boolean isFieldRef(Value value) {
         || value instanceof JStaticFieldRef
         || value instanceof JArrayRef;
   }
+
+  private void addNullifiedFields(Body.BodyBuilder bodyBuilder, View view) {
+    ClassType classType = bodyBuilder.getMethodSignature().getDeclClassType();
+    Optional<? extends SootClass> sootClass = view.getClass(classType);
+
+    if (sootClass.isEmpty()) {
+      return;
+    }
+
+    Collection<FieldSignature> allFields =
+        sootClass.get().getFields().stream()
+            .map(SootClassMember::getSignature)
+            .collect(Collectors.toSet());
+    Collection<FieldSignature> definedFields = getDefinedFields(bodyBuilder);
+
+    for (FieldSignature fieldSignature : allFields) {
+      if (definedFields.contains(fieldSignature)) {
+        continue;
+      }
+
+      Optional<? extends SootField> field =
+          sootClass.get().getField(fieldSignature.getSubSignature());
+      if (field.isEmpty()) {
+        continue;
+      }
+
+      if (field.get().isStatic() || field.get().isFinal()) {
+        continue;
+      }
+
+      // TODO Consider only Ref types or all types?
+      if (field.get().getType() instanceof ReferenceType) {
+        JInstanceFieldRef nullifiedFieldRef =
+            Jimple.newInstanceFieldRef(bodyBuilder.build().getThisLocal(), fieldSignature);
+        JAssignStmt nullifiedFieldStmt =
+            Jimple.newAssignStmt(
+                nullifiedFieldRef,
+                NullConstant.getInstance(),
+                StmtPositionInfo.getNoStmtPositionInfo());
+
+        Optional<Stmt> firstNonIdentityStmt = findFirstNonIdentityStmt(bodyBuilder);
+        if (firstNonIdentityStmt.isPresent()) {
+          bodyBuilder.getStmtGraph().insertBefore(firstNonIdentityStmt.get(), nullifiedFieldStmt);
+        } else {
+          bodyBuilder.getStmtGraph().addNode(nullifiedFieldStmt);
+        }
+      }
+    }
+  }
+
+  private Collection<FieldSignature> getDefinedFields(Body.BodyBuilder bodyBuilder) {
+    Collection<FieldSignature> definedFields = new LinkedHashSet<>();
+
+    for (Stmt stmt : bodyBuilder.getStmts()) {
+      if (stmt instanceof JAssignStmt) {
+        LValue leftOp = ((JAssignStmt) stmt).getLeftOp();
+
+        if (leftOp instanceof JInstanceFieldRef) {
+          JInstanceFieldRef fieldRef = (JInstanceFieldRef) leftOp;
+
+          definedFields.add(fieldRef.getFieldSignature());
+        }
+      }
+    }
+
+    return definedFields;
+  }
+
+  private Optional<Stmt> findFirstNonIdentityStmt(Body.BodyBuilder bodyBuilder) {
+    for (Stmt stmt : bodyBuilder.getStmts()) {
+      if (stmt instanceof JIdentityStmt) {
+        continue;
+      }
+
+      return Optional.of(stmt);
+    }
+
+    return Optional.empty();
+  }
 }

boomerangScope-SootUp/src/main/java/boomerang/scope/sootup/SootUpCallGraph.java

@@ -17,9 +17,12 @@
 import boomerang.scope.CallGraph;
 import boomerang.scope.Statement;
 import boomerang.scope.sootup.jimple.JimpleUpMethod;
+import boomerang.scope.sootup.jimple.JimpleUpPhantomMethod;
 import boomerang.scope.sootup.jimple.JimpleUpStatement;
 import java.util.Collection;
 import java.util.Optional;
+import sootup.core.jimple.common.expr.AbstractInvokeExpr;
+import sootup.core.jimple.common.expr.JStaticInvokeExpr;
 import sootup.core.jimple.common.stmt.InvokableStmt;
 import sootup.core.signatures.MethodSignature;
 import sootup.java.core.JavaSootMethod;
@@ -38,17 +41,13 @@ public SootUpCallGraph(
         .flatMap((MethodSignature methodSignature) -> callGraph.callsTo(methodSignature).stream())
         .forEach(
             call -> {
-              // TODO Integrate Phantom methods
               Optional<JavaSootMethod> sourceOpt = view.getMethod(call.getSourceMethodSignature());
-              Optional<JavaSootMethod> targetOpt = view.getMethod(call.getTargetMethodSignature());
-
-              if (sourceOpt.isEmpty() || targetOpt.isEmpty()) {
+              if (sourceOpt.isEmpty()) {
                 return;
               }
 
               JavaSootMethod sourceMethod = sourceOpt.get();
-              JavaSootMethod targetMethod = targetOpt.get();
-              if (!sourceMethod.hasBody() || !targetMethod.hasBody()) {
+              if (!sourceMethod.hasBody()) {
                 return;
               }
 
@@ -59,9 +58,31 @@ public SootUpCallGraph(
 
               Statement callSite =
                   JimpleUpStatement.create(invokableStmt, JimpleUpMethod.of(sourceMethod, view));
-              this.addEdge(new Edge(callSite, JimpleUpMethod.of(targetMethod, view)));
 
-              LOGGER.trace("Added edge {} -> {}", callSite, targetMethod);
+              MethodSignature targetSig = call.getTargetMethodSignature();
+              Optional<JavaSootMethod> targetOpt = view.getMethod(targetSig);
+
+              Optional<AbstractInvokeExpr> invokeExprOpt = invokableStmt.getInvokeExpr();
+              if (invokeExprOpt.isEmpty()) {
+                return;
+              }
+
+              boolean isStaticInvokeExpr = invokeExprOpt.get() instanceof JStaticInvokeExpr;
+              if (targetOpt.isPresent()) {
+                if (targetOpt.get().hasBody()) {
+                  this.addEdge(new Edge(callSite, JimpleUpMethod.of(targetOpt.get(), view)));
+                } else {
+                  this.addEdge(
+                      new Edge(
+                          callSite, JimpleUpPhantomMethod.of(targetSig, view, isStaticInvokeExpr)));
+                }
+              } else {
+                this.addEdge(
+                    new Edge(
+                        callSite, JimpleUpPhantomMethod.of(targetSig, view, isStaticInvokeExpr)));
+              }
+
+              LOGGER.trace("Added edge {} -> {}", callSite, targetSig);
             });
 
     for (JavaSootMethod m : entryPoints) {
@@ -71,7 +92,7 @@ public SootUpCallGraph(
       }
     }
 
-    if (getEdges().isEmpty()) {
+    if (getEdges().isEmpty() && entryPoints.isEmpty()) {
       throw new IllegalStateException("CallGraph is empty!");
     }
   }

boomerangScope-SootUp/src/main/java/boomerang/scope/sootup/jimple/JimpleUpField.java

@@ -60,12 +60,15 @@ public boolean equals(Object o) {
     if (o == null || getClass() != o.getClass()) return false;
     if (!super.equals(o)) return false;
     JimpleUpField that = (JimpleUpField) o;
-    return Objects.equals(delegate, that.delegate);
+    // Important: Do not include the declaring class because subclasses may access the field, too
+    return Objects.equals(delegate.getType(), that.delegate.getType())
+        && Objects.equals(delegate.getName(), that.delegate.getName());
   }
 
   @Override
   public int hashCode() {
-    return Objects.hash(super.hashCode(), delegate);
+    // Important: Do not include the declaring class because subclasses may access the field, too
+    return Objects.hash(super.hashCode(), delegate.getType(), delegate.getName());
   }
 
   @Override

boomerangScope-SootUp/src/main/java/boomerang/scope/sootup/jimple/JimpleUpPhantomMethod.java

@@ -23,30 +23,29 @@
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Objects;
-import sootup.java.core.JavaSootMethod;
+import sootup.core.signatures.MethodSignature;
 import sootup.java.core.views.JavaView;
 
 public class JimpleUpPhantomMethod extends PhantomMethod {
 
   protected static Interner<JimpleUpPhantomMethod> INTERNAL_POOL = Interners.newWeakInterner();
 
-  private final JavaSootMethod delegate;
+  private final MethodSignature delegate;
   private final JavaView view;
+  private final boolean isStatic;
 
-  protected JimpleUpPhantomMethod(JavaSootMethod delegate, JavaView view) {
+  protected JimpleUpPhantomMethod(MethodSignature delegate, JavaView view, boolean isStatic) {
     this.delegate = delegate;
     this.view = view;
-
-    if (delegate.hasBody()) {
-      throw new IllegalArgumentException("Cannot build phantom method from method with body");
-    }
+    this.isStatic = isStatic;
   }
 
-  public static JimpleUpPhantomMethod of(JavaSootMethod delegate, JavaView view) {
-    return INTERNAL_POOL.intern(new JimpleUpPhantomMethod(delegate, view));
+  public static JimpleUpPhantomMethod of(
+      MethodSignature delegate, JavaView view, boolean isStatic) {
+    return INTERNAL_POOL.intern(new JimpleUpPhantomMethod(delegate, view, isStatic));
   }
 
-  public JavaSootMethod getDelegate() {
+  public MethodSignature getDelegate() {
     return delegate;
   }
 
@@ -73,17 +72,17 @@ public Type getParameterType(int index) {
 
   @Override
   public Type getReturnType() {
-    return new JimpleUpType(delegate.getReturnType(), view);
+    return new JimpleUpType(delegate.getType(), view);
   }
 
   @Override
   public boolean isStatic() {
-    return delegate.isStatic();
+    return isStatic;
   }
 
   @Override
   public WrappedClass getDeclaringClass() {
-    return new JimpleUpWrappedClass(delegate.getDeclaringClassType(), view);
+    return new JimpleUpWrappedClass(delegate.getDeclClassType(), view);
   }
 
   @Override
@@ -116,6 +115,6 @@ public int hashCode() {
 
   @Override
   public String toString() {
-    return delegate.toString();
+    return "PHANTOM:" + delegate.toString();
   }
 }

boomerangScope-SootUp/src/main/java/boomerang/scope/sootup/jimple/JimpleUpStaticFieldRef.java

@@ -82,7 +82,11 @@ public boolean equals(Object o) {
     if (o == null || getClass() != o.getClass()) return false;
     if (!super.equals(o)) return false;
     JimpleUpStaticFieldRef that = (JimpleUpStaticFieldRef) o;
-    return Objects.equals(delegate, that.delegate);
+    // TODO
+    //  Wrong equals implementation in SootUp. Once fixed, replace this with
+    //  the commented line
+    return (delegate != null && delegate.equals(that.delegate));
+    // return Objects.equals(delegate, that.delegate);
   }
 
   @Override