Home | History | Annotate | Download | only in mutators 
      1 /*
      2  * Copyright (C) 2017 The Android Open Source Project
      3  *
      4  * Licensed under the Apache License, Version 2.0 (the "License");
      5  * you may not use this file except in compliance with the License.
      6  * You may obtain a copy of the License at
      7  *
      8  *      http://www.apache.org/licenses/LICENSE-2.0
      9  *
     10  * Unless required by applicable law or agreed to in writing, software
     11  * distributed under the License is distributed on an "AS IS" BASIS,
     12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13  * See the License for the specific language governing permissions and
     14  * limitations under the License.
     15  */
     16 
     17 package dexfuzz.program.mutators;
     18 
     19 import dexfuzz.Log;
     20 import dexfuzz.MutationStats;
     21 import dexfuzz.program.MInsn;
     22 import dexfuzz.program.MutatableCode;
     23 import dexfuzz.program.Mutation;
     24 import dexfuzz.rawdex.Instruction;
     25 import dexfuzz.rawdex.Opcode;
     26 
     27 import java.util.ArrayList;
     28 import java.util.List;
     29 import java.util.Random;
     30 
     31 // This mutation might change the length of an array but can also change the
     32 // value of the register in every place it is used.
     33 public class NewArrayLengthChanger extends CodeMutator {
     34   /**
     35    * Every CodeMutator has an AssociatedMutation, representing the
     36    * mutation that this CodeMutator can perform, to allow separate
     37    * generateMutation() and applyMutation() phases, allowing serialization.
     38    */
     39   public static class AssociatedMutation extends Mutation {
     40     public int newArrayToChangeIdx;
     41 
     42     @Override
     43     public String getString() {
     44       return Integer.toString(newArrayToChangeIdx);
     45     }
     46 
     47     @Override
     48     public void parseString(String[] elements) {
     49       newArrayToChangeIdx = Integer.parseInt(elements[2]);
     50     }
     51   }
     52 
     53   // The following two methods are here for the benefit of MutationSerializer,
     54   // so it can create a CodeMutator and get the correct associated Mutation, as it
     55   // reads in mutations from a dump of mutations.
     56   @Override
     57   public Mutation getNewMutation() {
     58     return new AssociatedMutation();
     59   }
     60 
     61   public NewArrayLengthChanger() { }
     62 
     63   public NewArrayLengthChanger(Random rng, MutationStats stats, List<Mutation> mutations) {
     64     super(rng, stats, mutations);
     65     likelihood = 50;
     66   }
     67 
     68   // A cache that should only exist between generateMutation() and applyMutation(),
     69   // or be created at the start of applyMutation(), if we're reading in mutations from
     70   // a file.
     71   private List<MInsn> newArrayLengthInsns = null;
     72 
     73   private void generateCachedArrayLengthInsns(MutatableCode mutatableCode) {
     74     if (newArrayLengthInsns != null) {
     75       return;
     76     }
     77 
     78     newArrayLengthInsns = new ArrayList<MInsn>();
     79 
     80     for (MInsn mInsn : mutatableCode.getInstructions()) {
     81       if (isNewArray(mInsn)) {
     82         newArrayLengthInsns.add(mInsn);
     83       }
     84     }
     85   }
     86 
     87   @Override
     88   protected boolean canMutate(MutatableCode mutatableCode) {
     89     for (MInsn mInsn : mutatableCode.getInstructions()) {
     90       // TODO: Add filled-new-array and filled-new-array/range with their respective
     91       // positions of registers and also proper encoding.
     92       if (isNewArray(mInsn)) {
     93         return true;
     94       }
     95     }
     96     Log.debug("No New Array instruction in method, skipping...");
     97     return false;
     98   }
     99 
    100   @Override
    101   protected Mutation generateMutation(MutatableCode mutatableCode) {
    102     generateCachedArrayLengthInsns(mutatableCode);
    103 
    104     int newArrayIdx = rng.nextInt(newArrayLengthInsns.size());
    105 
    106     AssociatedMutation mutation = new AssociatedMutation();
    107     mutation.setup(this.getClass(), mutatableCode);
    108     mutation.newArrayToChangeIdx = newArrayIdx;
    109     return mutation;
    110   }
    111 
    112   @Override
    113   protected void applyMutation(Mutation uncastMutation) {
    114     // Cast the Mutation to our AssociatedMutation, so we can access its fields.
    115     AssociatedMutation mutation = (AssociatedMutation) uncastMutation;
    116     MutatableCode mutatableCode = mutation.mutatableCode;
    117     MInsn newArrayInsn = newArrayLengthInsns.get(mutation.newArrayToChangeIdx);
    118     int newArrayInsnIdx = mutatableCode.getInstructionIndex(newArrayInsn);
    119 
    120     MInsn newInsn = new MInsn();
    121     newInsn.insn = new Instruction();
    122     newInsn.insn.info = Instruction.getOpcodeInfo(Opcode.CONST_16);
    123     newInsn.insn.vregA = (int) newArrayInsn.insn.vregB;
    124     // New length chosen randomly between 1 to 100.
    125     newInsn.insn.vregB = rng.nextInt(100);
    126     mutatableCode.insertInstructionAt(newInsn, newArrayInsnIdx);
    127     Log.info("Changed the length of the array to " + newInsn.insn.vregB);
    128     stats.incrementStat("Changed length of new array");
    129   }
    130 
    131   private boolean isNewArray(MInsn mInsn) {
    132     Opcode opcode = mInsn.insn.info.opcode;
    133     return opcode == Opcode.NEW_ARRAY;
    134   }
    135 }