Computation that returns the value stored in an array at a given index or an exception.
Computation that returns the value stored in an array at a given index or an
exception. The exceptions that may be thrown are: NullPointerException
and
ArrayIndexOutOfBoundsException
.
Computation that succeeds (updates the value stored in the array at the given index) or that throws an exception.
Computation that succeeds (updates the value stored in the array at the given
index) or that throws an exception. The exceptions that may be thrown are:
NullPointerException
, ArrayIndexOutOfBoundsException
and ArrayStoreException
.
Abstracts over values with computational type integer
.
Abstracts over values with computational type integer
.
Abstracts over the concrete type of IllegalValue
.
Abstracts over the concrete type of IllegalValue
.
This type needs to be refined whenever the class IllegalValue
is refined or the type DomainValue
is refined.
Abstracts over the concrete type of ReturnAddressValue
.
Abstracts over the concrete type of ReturnAddressValue
. Needs to be fixed
by some sub-trait/sub-class. In the simplest case (i.e., when neither the
Value
trait nor the ReturnAddressValue
trait was refined) it is sufficient
to write:
type DomainReturnAddressValue = ReturnAddressValue
Abstracts over the concrete type of Value
.
Abstracts over the concrete type of Value
. Needs to be refined by traits that
inherit from Domain
and which extend Domain
's Value
trait.
Abstracts over double values at the type level.
Abstracts over double values at the type level.
A simple type alias of the type DomainValue
; used to facilitate comprehension.
A simple type alias of the type DomainValue
; used to facilitate comprehension.
A type alias for Iterable
s of ExceptionValue
s; used to facilitate comprehension.
A type alias for Iterable
s of ExceptionValue
s; used to facilitate comprehension.
Abstracts over all values with computational type float
.
Abstracts over all values with computational type float
.
Represents a value that has no well defined state/type.
Represents a value that has no well defined state/type. Such values are the result of a join of two incompatible values and are generally only found in registers (in the locals) and then identify a value that is dead.
org.opalj.ai.Domain.Value for further details.
Computation that returns a numeric value or an ObjectType.ArithmeticException
.
Computation that returns a numeric value or an ObjectType.ArithmeticException
.
An instruction's current register values/locals are represented using an array.
An instruction's current register values/locals are represented using an array.
Common supertrait of all DomainValue
s that represent long values.
Common supertrait of all DomainValue
s that represent long values.
Should be mixed in by Value
classes that capture information about all origins
of a value.
Should be mixed in by Value
classes that capture information about all origins
of a value.
A MultipleReferenceValues
tracks multiple reference values (of type NullValue
,
ArrayValue
, SObjectValue
and MObjectValue
) that have different
origins.
A MultipleReferenceValues
tracks multiple reference values (of type NullValue
,
ArrayValue
, SObjectValue
and MObjectValue
) that have different
origins. I.e., per value origin one domain value is used
to abstract over the properties of that respective value.
An instruction's operands are represented using a list where the first element of the list represents the top level operand stack value.
An instruction's operands are represented using a list where the first element of the list represents the top level operand stack value.
Representation of some reference value; this includes Object
, Array
and Null
values.
Representation of some reference value; this includes Object
, Array
and Null
values.
This trait defines the additional methods needed for the refinement of the new properties.
A map that contains the refined values (the map's values) of some old values (the map's keys).
A map that contains the refined values (the map's values) of some old values (the map's keys).
Stores a single return address (i.e., a program counter/index into the code array).
Stores a single return address (i.e., a program counter/index into the code array).
Though the framework completely handles all aspects related to return address
values, it is nevertheless necessary that this class inherits from Value
as return addresses are stored on the stack/in the registers. However,
if the Value
trait should be refined, all additional methods may – from
the point-of-view of OPAL-AI - just throw an OperationNotSupportedException
as these additional methods will never be called by OPAL-AI.
A collection of (not furhter stored) return address values.
A collection of (not furhter stored) return address values. Primarily used when we join the executions of subroutines.
A reference value with a single (upper) type (bound).
A reference value with a single (upper) type (bound).
Represents all DomainReferenceValue
s that represent a reference value where
– in the current analysis context – the value has a single origin.
Represents all DomainReferenceValue
s that represent a reference value where
– in the current analysis context – the value has a single origin.
To make it possible to store SingleOriginReferenceValue
s in UIDSets -
which in particular provide fast filter
and tail
methods compared to the
standard sets - the UID trait is implemented.
Should be mixed in by Value
s that have a single origin.
Should be mixed in by Value
s that have a single origin.
The timestamp enables us to distinguish two values created/returned by the same instruction (two values with the same origin) but at a different point in time.
The timestamp enables us to distinguish two values created/returned by the same instruction (two values with the same origin) but at a different point in time.
Such values may or may not be different (i.e., those value may or may not refer to the same object on the heap/stack).
However, two domain values that have the same timestamp are guaranteed to refer to the same object at runtime (must-alias).
Timestamps are required to determine changes in the memory layout. I.e., to determine if two values created by the same instruction are aliases or "just" maybe aliases. This information is particularly relevant if two values - stored in registers - are no longer guaranteed to be aliases!
Abstracts over a concrete operand stack value or a value stored in one of the local variables/registers.
Abstracts over a concrete operand stack value or a value stored in one of the local variables/registers.
In general, subclasses and users of a Domain
should not have/declare
a direct dependency on Value
. Instead they should use DomainValue
as otherwise
extensibility of a Domain
may be hampered or even be impossible. The only
exceptions are, of course, classes that directly inherit from this class.
If you directly extend/refine this trait (i.e., in a subclass of the Domain
trait
you write something like trait Value extends super.Value
), make sure that
you also extend all classes/traits that inherit from this type
(this may require a deep mixin composition and that you refine the type
DomainType
accordingly).
However, OPAL was designed such that extending this class should – in general
– not be necessary. It may also be easier to encode the desired semantics – as
far as possible – as part of the domain.
Standard inheritance from this trait is always supported and is the primary mechanism to model an abstract domain's lattice w.r.t. some special type of value. In general, the implementation should try to avoid creating new instances of values unless strictly required to model the domain's semantics. This will greatly improve the overall performance as this framework heavily uses reference-based equality checks to speed up the evaluation.
OPAL does not rely on any special equality semantics w.r.t. values and
never directly or indirectly calls a Value
's equals
or eq
method. Hence,
a domain can encode equality such that it best fits its need.
However, some of the provided domains rely on the following semantics for equals:
Two domain values have to be equal (==
) iff they represent the same
information. This includes additional information, such as, the value of
the origin.
E.g., a value (AnIntegerValue
) that represents an arbitrary Integer
value
has to return true
if the domain value with which it is compared also
represents an arbitrary Integer
value (AnIntegerValue
). However,
it may still be necessary to use multiple objects to represent an arbitrary
integer value if, e.g., constraints should be attached to specific values.
For example, after a comparison of an integer value with a predefined
value (e.g., AnIntegerValue < 4
) it is possible to constrain the respective
value on the subsequent paths (< 4 on one path and >= 4 on the other path).
To make that possible, it is however necessary to distinguish the
AnIntegervalue
from some other AnIntegerValue
to avoid constraining
unrelated values.
public void foo(int a,int b) { if(a < 4) { z = a - 2 // here a is constrained (< 4), b and z are unconstrained } else { z = a + 2 // here a is constrained (>= 4), b and z are unconstrained } }
In general, equals
is only defined for values belonging to the same
domain. If values need to be compared across domains, they need to be adapted
to a target domain first.
Represents an unknown double value.
Represents an unknown double value.
Creates a non-null object that represent a ArithmeticException
and that has the
given origin
.
Creates a non-null object that represent a ArithmeticException
and that has the
given origin
.
If the ArithmeticException
was created by the VM while evaluating an instruction
with the program counter pc
you use the method ValueOriginForVMLevelValue to
translate that pc
to the appropriate ValueOrigin.
Creates a non-null object that represent a ArrayIndexOutOfBoundsException
and that has the
given origin
.
Creates a non-null object that represent a ArrayIndexOutOfBoundsException
and that has the
given origin
.
If the ArrayIndexOutOfBoundsException
was created by the VM while evaluating an instruction
with the program counter pc
you use the method ValueOriginForVMLevelValue to
translate that pc
to the appropriate ValueOrigin.
Creates a non-null object that represent a ArrayStoreException
and that has the
given origin
.
Creates a non-null object that represent a ArrayStoreException
and that has the
given origin
.
If the ArrayStoreException
was created by the VM while evaluating an instruction
with the program counter pc
you use the method ValueOriginForVMLevelValue to
translate that pc
to the appropriate ValueOrigin.
Creates a new DomainValue
that represents an array value with unknown
values and where the specified type may also just be an upper type bound
(unless the component type is a primitive type or an array of primitives.)
Creates a new DomainValue
that represents an array value with unknown
values and where the specified type may also just be an upper type bound
(unless the component type is a primitive type or an array of primitives.)
This factory method is (typically) used to create a domain value that represents an array if we know nothing specific about the array. E.g., if you want to analyze a method that takes an array as a parameter.
The properties of the value are:
Java's arrays are co-variant. I.e., Object[] a = new Serializable[100];
is valid.
Enables matching of DomainValue
s that are array values.
Enables matching of DomainValue
s that are array values.
Factory method to create a representation of a boolean value with the given initial value and origin.
Factory method to create a representation of a boolean value with the given initial value and origin.
The domain may ignore the information about the value and the origin (origin
).
Factory method to create a representation of a boolean value if we know the origin of the value.
Factory method to create a representation of a boolean value if we know the origin of the value.
The domain may ignore the information about the origin (origin
).
Factory method to create a DomainValue
that represents the given byte value
and that was created (explicitly or implicitly) by the instruction with the
specified program counter.
Factory method to create a DomainValue
that represents the given byte value
and that was created (explicitly or implicitly) by the instruction with the
specified program counter.
The domain may ignore the information about the value and the origin (origin
).
Factory method to create a DomainValue
that was created (explicitly or
implicitly) by the instruction with the specified program counter.
Factory method to create a DomainValue
that was created (explicitly or
implicitly) by the instruction with the specified program counter.
The domain may ignore the information about the origin (origin
).
Factory method to create a DomainValue
that represents the given char value
and that was created (explicitly or implicitly) by the instruction with the
specified program counter.
Factory method to create a DomainValue
that represents the given char value
and that was created (explicitly or implicitly) by the instruction with the
specified program counter.
Factory method to create a DomainValue
that was created (explicitly or
implicitly) by the instruction with the specified program counter.
Factory method to create a DomainValue
that was created (explicitly or
implicitly) by the instruction with the specified program counter.
The domain may ignore the information about the origin (origin
).
Creates a non-null object that represent a ClassCastException
and that has the
given origin
.
Creates a non-null object that represent a ClassCastException
and that has the
given origin
.
If the ClassCastException
was created by the VM while evaluating an instruction
with the program counter pc
you use the method ValueOriginForVMLevelValue to
translate that pc
to the appropriate ValueOrigin.
Factory method to create a DomainValue
that represents a runtime value of
type "Class<T>
" and that was created by the instruction with the
specified program counter.
Factory method to create a DomainValue
that represents a runtime value of
type "Class<T>
" and that was created by the instruction with the
specified program counter.
This function is called by OPAL when a class constant (LDC(_W)
instruction) is
put on the stack.
The domain may ignore the information about the value and the origin (vo
).
The properties of the domain value are:
Creates the domain value that represents the constant field value.
Creates the domain value that represents the constant field value.
Creates a DomainValue
that represents a value with the given type
and which is initialized using the JVM's default value for that type.
Creates a DomainValue
that represents a value with the given type
and which is initialized using the JVM's default value for that type.
E.g., for IntegerValue
s the value is set to 0
. In case of a
ReferenceType
the value is the ReferenceValuesFactory#NullValue.
The class tag can be used to create type safe arrays or to extract the concrete type of the domain value.
The class tag can be used to create type safe arrays or to extract the concrete type of the domain value.
val DomainReferenceValue(v) = value // of type "DomainValue" // v is now of the type DomainReferenceValue
Defines a total order on reference values with a single origin by subtracting both origins.
Defines a total order on reference values with a single origin by subtracting both origins.
The class tag for the type DomainValue
.
The class tag for the type DomainValue
.
Required to generate instances of arrays in which values of type
DomainValue
can be stored in a type-safe manner.
In the sub-trait or class that fixes the type of DomainValue
it is necessary
to implement this abstract val
using:
val DomainValueTag : ClassTag[DomainValue] = implicitly
(As of Scala 2.10 it is necessary that you do not use implicit
in the subclass -
it will compile, but fail at runtime.)
Factory method to create a DomainValue
that represents the given double value
and that was created (explicitly or implicitly) by the instruction with the
specified program counter.
Factory method to create a DomainValue
that represents the given double value
and that was created (explicitly or implicitly) by the instruction with the
specified program counter.
The domain may ignore the information about the value and the origin (vo
).
Factory method to create a DomainValue
that was created (explicitly or
implicitly) by the instruction with the specified program counter, but where
we have no knowledge about the precise value.
Factory method to create a DomainValue
that was created (explicitly or
implicitly) by the instruction with the specified program counter, but where
we have no knowledge about the precise value.
The domain may ignore the information about the origin (vo
).
Factory method to create a DomainValue
with the specified origin.
Factory method to create a DomainValue
with the specified origin.
The origin is typically the program counter of the instruction
that created this value/where the value was observed for the first
time.
The domain may ignore the information about the origin (origin
).
Factory method to create a DomainValue
with the specified origin.
Factory method to create a DomainValue
with the specified origin.
The origin is typically the program counter of the instruction
that created this value/where the value was observed for the first
time.
The domain may ignore the information about the origin (origin
).
Creates a non-null object that represent an IllegalMonitorStateException
and that has the
given origin
.
Creates a non-null object that represent an IllegalMonitorStateException
and that has the
given origin
.
If the IllegalMonitorStateException
was created by the VM while evaluating an instruction
with the program counter pc
you should use the method ValueOriginForVMLevelValue to
translate that pc
to the appropriate ValueOrigin.
Factory method to create a DomainValue
that represents an array
that was successfully created and which has the given type.
Factory method to create a DomainValue
that represents an array
that was successfully created and which has the given type.
The domain may ignore the information about the origin (pc
) and
the precise size of each dimension.
The properties of the domain value are:
The size of each dimension if available. counts
may not be empty but
may not contain information about all dimensions; the
following condition always has to hold: counts.length <= arrayType.dimensions
.
Factory method to create a DomainValue
that represents an initialized
reference value of the given type and that was created (explicitly or implicitly)
by the instruction with the specified program counter.
Factory method to create a DomainValue
that represents an initialized
reference value of the given type and that was created (explicitly or implicitly)
by the instruction with the specified program counter.
The given type usually identifies a class type (not an interface type) that is
not abstract, but in some cases (e.g. consider java.awt.Toolkit()
)
it may be useful/meaningful to relax this requirement and to state that the
class precisely represents the runtime type – even
so the class is abstract. However, such decisions need to be made by the domain.
This method is used by the OPAL framework to create reference values that are normally
internally created by the JVM (in particular exceptions such as
NullPointExeception
and ClassCastException
). However, it can generally
be used to create initialized objects/arrays.
The properties of the domain value are:
null
.)
Factory method to create a representation of the integer constant value 0.
Factory method to create a representation of the integer constant value 0.
OPAL in particular uses this special value for performing subsequent computations against the fixed value 0 (e.g., for if_XX instructions).
(The origin (ValueOrigin) that is used is the ConstantValueOrigin to signify that this value was not created by the program.)
The domain may ignore the information about the value.
Factory method to create a DomainValue
that represents the given integer value
and that was created (explicitly or implicitly) by the instruction with the
specified program counter.
Factory method to create a DomainValue
that represents the given integer value
and that was created (explicitly or implicitly) by the instruction with the
specified program counter.
The domain may ignore the information about the value and the origin (origin
).
Factory method to create a DomainValue
that was created (explicitly or
implicitly) by the instruction with the specified program counter.
Factory method to create a DomainValue
that was created (explicitly or
implicitly) by the instruction with the specified program counter.
The domain may ignore the information about the origin (origin
).
Factory method to create a DomainValue
that represents the given long value
and that was created (explicitly or implicitly) by the instruction with the
specified program counter.
Factory method to create a DomainValue
that represents the given long value
and that was created (explicitly or implicitly) by the instruction with the
specified program counter.
The domain may ignore the information about the value and the origin (vo
).
Factory method to create a DomainValue
that was created (explicitly or
implicitly) by the instruction with the specified program counter.
Factory method to create a DomainValue
that was created (explicitly or
implicitly) by the instruction with the specified program counter.
The domain may ignore the information about the origin (vo
).
The result of the merge of two incompatible values has
to be reported as a MetaInformationUpdate[DomainIllegalValue]
.
The result of the merge of two incompatible values has
to be reported as a MetaInformationUpdate[DomainIllegalValue]
.
Called by the AI framework for each load constant method handle (org.opalj.br.instructions.LoadMethodHandle) instruction to get a representation of/a DomainValue that represents the handle.
Called by the AI framework for each load constant method handle (org.opalj.br.instructions.LoadMethodHandle) instruction to get a representation of/a DomainValue that represents the handle.
A valid method handle.
An InitializedObjectValue(ObjectType.MethodHandle)
.
Hence, this method needs to be overridden
if resolution of MethodHandle based method calls should be performed.
Called by the framework for each load constant method type
(org.opalj.br.instructions.LoadMethodType) instruction to
get a domain-specific representation of the method descriptor as a MethodType
.
Called by the framework for each load constant method type
(org.opalj.br.instructions.LoadMethodType) instruction to
get a domain-specific representation of the method descriptor as a MethodType
.
A valid method descriptor.
An InitializedObjectValue(ObjectType.MethodType)
.
Hence, this method needs to be overridden
if resolution of MethodType based method calls should be performed.
Creates a non-null object that represent a NegativeArraySizeException
and that has the
given origin
.
Creates a non-null object that represent a NegativeArraySizeException
and that has the
given origin
.
If the NegativeArraySizeException
was created by the VM while evaluating an instruction
with the program counter pc
you use the method ValueOriginForVMLevelValue to
translate that pc
to the appropriate ValueOrigin.
Factory method to create a new domain value that represents a newly created array (non-null) with the size determined by count that is empty.
Factory method to create a new domain value that represents a newly created array (non-null) with the size determined by count that is empty.
This factory method is (implicitly) used, e.g., by OPAL when a
multianewarray
instruction is found.
The properties of the value are:
counts
Factory method to create a new domain value that represents a newly created array (non-null) with the size determined by count that is empty.
Factory method to create a new domain value that represents a newly created array (non-null) with the size determined by count that is empty.
This factory method is (implicitly) used, e.g., by OPAL when a newarray
instruction is found.
The properties of the value are:
Creates a new DomainValue
that represents a new,
uninitialized instance of an object of the given type.
Creates a new DomainValue
that represents a new,
uninitialized instance of an object of the given type. The object was
created by the (NEW
) instruction with the specified program counter.
OPAL calls this method when it evaluates newobject
instructions.
If the bytecode is valid a call of one of the object's constructors will
subsequently initialize the object.
The properties of the domain value are:
null
.)
Instances of arrays are created by the newarray
and
multianewarray
instructions and in both cases an exception may be thrown
(e.g., NegativeArraySizeException
).
Represents a non-null reference value with the given type as an upper type bound.
Represents a non-null reference value with the given type as an upper type bound.
The domain may ignore the information about the value and the origin (vo
).
The properties of the domain value are:
null
.)
Creates a non-null object that represent a NullPointerException
and that has the
given origin
.
Creates a non-null object that represent a NullPointerException
and that has the
given origin
.
If the NullPointerException
was created by the VM while evaluating an instruction
with the program counter pc
you should use the method ValueOriginForVMLevelValue to
translate that pc
to the appropriate ValueOrigin.
Factory method to create a DomainValue
that represents value null
and
and that was created (explicitly or implicitly) by the instruction
with the specified program counter.
Factory method to create a DomainValue
that represents value null
and
and that was created (explicitly or implicitly) by the instruction
with the specified program counter.
The domain may ignore the information about the value and the origin (pc
).
The properties of the domain value are:
Factory method to create a DomainValue
that represents either an class-/interface
value that has the given types as an upper bound or the value null
.
Factory method to create a DomainValue
that represents either an class-/interface
value that has the given types as an upper bound or the value null
. However, the
information whether the value is null
or not is not available. Furthermore, the
type may also just be an upper bound and it is not known if the value is
properly initialized.
The properties of the domain value are:
Factory method to create a DomainValue
that represents either an class-/interface
value that has the given type or the value null
.
Factory method to create a DomainValue
that represents either an class-/interface
value that has the given type or the value null
. However, the
information whether the value is null
or not is not available. Furthermore, the
type may also just be an upper bound and it is not known if the value is
properly initialized.
The properties of the domain value are:
Factory method to create a DomainValue
that represents either a reference
value that has the given type and is initialized or the value null
.
Factory method to create a DomainValue
that represents either a reference
value that has the given type and is initialized or the value null
. However, the
information whether the value is null
or not is not available. Furthermore, the
type may also just be an upper bound.
The domain may ignore the information about the value and the origin, but it has to remain possible for the domain to identify the component type of an array.
The properties of the domain value are:
Factory method to create an instance of a ReturnAddressValue
.
Factory method to create an instance of a ReturnAddressValue
.
Factory method to create a DomainValue
that represents the given short value
and that was created (explicitly or implicitly) by the instruction with the
specified program counter.
Factory method to create a DomainValue
that represents the given short value
and that was created (explicitly or implicitly) by the instruction with the
specified program counter.
Factory method to create a DomainValue
that was created (explicitly or
implicitly) by the instruction with the specified program counter.
Factory method to create a DomainValue
that was created (explicitly or
implicitly) by the instruction with the specified program counter.
The domain may ignore the information about the origin (origin
).
Factory method to create a DomainValue
that represents the given string value
and that was created by the instruction with the specified program counter.
Factory method to create a DomainValue
that represents the given string value
and that was created by the instruction with the specified program counter.
This function is called by OPAL-AI when a string constant (LDC(_W)
instruction) is
put on the stack.
The domain may ignore the information about the value and the origin (vo
).
The properties of the domain value are:
null
.A non-null string. (The string may be empty, though.)
The result of merging two values should never be reported as a
StructuralUpdate
if the computed value is an IllegalValue
.
The result of merging two values should never be reported as a
StructuralUpdate
if the computed value is an IllegalValue
. The JVM semantics guarantee
that the value will not be used and, hence, continuing the interpretation is meaningless.
This method is solely defined for documentation purposes and to catch implementation errors early on.
Extractor for timestamps.
Extractor for timestamps.
The singleton instance of the IllegalValue
.
The singleton instance of the IllegalValue
.
The singleton instance of ReturnAddressValues
The singleton instance of ReturnAddressValues
Creates a non-null object that represent a Throwable
object and that has the
given origin
.
Creates a non-null object that represent a Throwable
object and that has the
given origin
.
If the Throwable
was created by the VM while evaluating an instruction with
the program counter pc
you should use the method ValueOriginForVMLevelValue
to translate that pc
to the appropriate ValueOrigin.
Creates an update object that characterizes a timestamp update.
Creates an update object that characterizes a timestamp update.
Basically, just a wrapper for a MetaInformationUpdate
; the purpose is to
better communicate the underlying purpose.
Factory method to create domain values with a specific type.
Factory method to create domain values with a specific type. I.e., values for
which we have some type information but no precise value or source information.
However, the value is guaranteed to be null
or properly initialized.
For example, if valueType
is a reference type it may be possible
that the actual value is null
, but such knowledge is not available.
The framework uses this method when a method is to be analyzed, but no parameter values are given and initial values need to be generated. This method is not used elsewhere by the framework.
Called by the abstract interpreter when an exception is thrown that is not (guaranteed to be) handled within the same method.
Called by the abstract interpreter when an exception is thrown that is not (guaranteed to be) handled within the same method.
If the original exception value is null
(/*E.g.*/throw null;
), then
the exception that is actually thrown is a new NullPointerException
. This
situation is, however, completely handled by OPAL and the exception value
is hence never null
.
Called by the abstract interpreter when the abstract interpretation of a method has ended.
Called by the abstract interpreter when the abstract interpretation of a method has ended. The abstract interpretation of a method ends if either the fixpoint is reached or the interpretation was aborted.
By default this method does nothing.
Domains that override this method are expected to also call
super.abstractInterpretationEnded(aiResult)
.
This method is called after all values which differ have been joined, but before
joinPostProcessing
will be called.
This method is called after all values which differ have been joined, but before
joinPostProcessing
will be called.
This methods is called after the evaluation of the instruction with
the given pc
with respect to targetPC
, but before the values are propagated
(joined) and before it is checked whether the interpretation needs to be continued.
This methods is called after the evaluation of the instruction with
the given pc
with respect to targetPC
, but before the values are propagated
(joined) and before it is checked whether the interpretation needs to be continued.
I.e., if the operands (newOperands
) or locals (newLocals
) are further refined
then the refined operands and locals are joined (if necessary).
During the evaluation of the instruction it is possible that this method
is called multiple times with different targetPC
s. The latter is not only
true for control flow instructions, but also for those instructions
that may raise an exception.
This method can and is intended to be overridden to further refine the operand
stack/the locals. However, the overriding method should always forward the (possibly
refined) operands and locals to the super
method (stackable traits
).
The given value
, which is a value with computational type reference, is returned
by the return instruction with the given pc
.
The given value
, which is a value with computational type reference, is returned
by the return instruction with the given pc
.
Returns the array's length or throws a NullPointerException
if the given
reference is null
.
Returns the array's length or throws a NullPointerException
if the given
reference is null
.
It is in general not necessary to override this method. If you need
some special handling refine the trait ArrayValue
.
Loads the value stored in the array at the given index or throws an
exception (NullPointerException
or IndexOutOfBoundsException
).
Loads the value stored in the array at the given index or throws an
exception (NullPointerException
or IndexOutOfBoundsException
).
It is in general not necessary to override this method. If you need
some special handling refine the load
method defined by the trait
ArrayValue
.
Stores the given value in the array at the given index or throws an exception
(NullPointerException
, ArrayStoreException
or IndexOutOfBoundsException
).
Stores the given value in the array at the given index or throws an exception
(NullPointerException
, ArrayStoreException
or IndexOutOfBoundsException
).
It is in general not necessary to override this method. If you need
some special handling refine the store
method defined by the trait
ArrayValue
.
Returns the given value as a DomainReferenceValue.
Returns the given value as a DomainReferenceValue. Basically just performs a type cast and is intended to be used to communicate that the value has to be a reference value (if the underlying byte code is valid.)
This method is called immediately before a join operation with regard
to the specified pc
is performed.
This method is called immediately before a join operation with regard
to the specified pc
is performed.
This method is intended to be overwritten by clients to perform custom operations.
Returns the classFile that is currently analyzed.
Returns the classFile that is currently analyzed.
Returns the project's class hierarchy.
Returns the project's class hierarchy.
Returns the code block that is currently analyzed.
Currently, if we have multiple targets, fallback
is called and that result is
returned.
Currently, if we have multiple targets, fallback
is called and that result is
returned.
The given value
, which is a value with computational type double, is returned
by the return instruction with the given pc
.
The given value
, which is a value with computational type double, is returned
by the return instruction with the given pc
.
Called by the framework after evaluating the instruction with the given pc.
Called by the framework after evaluating the instruction with the given pc. I.e., the state of all potential successor instructions was updated and the flow method was called – potentially multiple times – accordingly.
By default this method does nothing.
Called by the framework after performing a computation to inform the domain about the result.
Called by the framework after performing a computation to inform the domain
about the result.
That is, after evaluating the effect of the instruction with currentPC
on the current
stack and register and (if necessary) joining the updated stack and registers with the stack
and registers associated with the instruction successorPC
. (Hence, this method
is ONLY called for return
instructions if the return instruction throws an
IllegalMonitorStateException
.)
This function basically informs the domain about the instruction that
may be evaluated next. The flow function is called for every possible
successor of the instruction with currentPC
. This includes all branch
targets as well as those instructions that handle exceptions.
In some cases it will even be the case that flow
is called multiple times with
the same pair of program counters: (currentPC
, successorPC
). This may happen,
e.g., in case of a switch instruction where multiple values have the same
body/target instruction and we do not have precise information about the switch value.
E.g., as in the following snippet:
switch (i) { // pc: X => Y (for "1"), Y (for "2"), Y (for "3") case 1: case 2: case 3: System.out.println("Great."); // pc: Y default: System.out.println("Not So Great."); // pc: Z }
The flow function is also called after instructions that are domain independent
such as dup
and load
instructions which just manipulate the registers
and stack in a generic way.
This enables the domain to precisely follow the evaluation
progress and in particular to perform control-flow dependent analyses.
The program counter of the instruction that is currently evaluated by the abstract interpreter.
The current operands. I.e., the operand stack before the instruction is evaluated.
The current locals. I.e., the locals before the instruction is evaluated.
The program counter of an instruction that is a potential
successor of the instruction with currentPC
. In general the AI framework
adds the pc of the successor instruction to the beginning of the worklist
unless it is a join instruction. In this case the pc is added to the end – in
the context of the current (sub)routine. Hence, the AI framework first evaluates
all paths leading to a join instruction before the join instruction will
be evaluated.
Yes
if the successor instruction is or was scheduled.
I.e., Yes
is returned if the worklist contains successorPC
, No
if the
worklist does not contain successorPC
. Unknown
is returned if the AI
framework did not process the worklist and doesn't know anything about
the scheduled successors. Note that this value is independent of the
subroutine in which the value may be scheduled. If an implementation schedules
successorPC
the the super call has to set isSuccessorScheduled
to Yes
.
true
if and only if the evaluation of
the instruction with the program counter currentPC
threw an exception;
false
otherwise. Hence, if this parameter is true
the instruction
with successorPC
is the first instruction of the handler.
> 0
if and only if we have an exceptional
control flow that terminates one or more subroutines.
In this case the successor instruction is scheduled (if at all) after all
subroutines that will be terminated by the exception.
true
if a join was performed. I.e., the successor
instruction is an instruction (Code.cfJoins
) that was already
previously evaluated and where multiple paths potentially join.
The current list of instructions that will be evaluated next.
If you want to force the evaluation of the instruction
with the program counter successorPC
it is sufficient to test whether
the list already contains successorPC
and – if not – to prepend it.
If the worklist already contains successorPC
then the domain is allowed
to move the PC to the beginning of the worklist.
If the PC does not belong to the same (current) (sub)routine, it is not allowed to be moved to the beginning of the worklist. (Subroutines can only be found in code generated by old Java compilers; before Java 6. Subroutines are identified by jsr/ret instructions. A subroutine can be identified by going back in the worklist and by looking for specific "program counters" (e.g., SUBROUTINE_START, SUBROUTINE_END). These program counters mark the beginning of a subroutine. In other words, an instruction can be freely moved around unless a special program counter value is found. All special program counters use negative values. Additionally, neither the negative values nor the positive values between two negative values should be changed. Furthermore, no value (PC) should be put between negative values that capture subroutine information. If the domain updates the worklist, it is the responsibility of the domain to call the tracer and to inform it about the changes. Note that the worklist is not allowed to contain duplicates related to the evaluation of the current (sub-)routine.
The array that associates every instruction with its
operand stack that is in effect. Note, that only those elements of the
array contain values that are related to instructions that were
evaluated in the past; the other elements are null
. Furthermore,
it identifies the operandsArray
of the subroutine that will execute the
instruction with successorPC
.
The operandsArray may be null
for the current instruction (not the successor
instruction) if the execution of the current instruction leads to the termination
of the current subroutine. In this case the information about the operands
and locals associated with all instructions belonging to the subroutine is
reset.
The array that associates every instruction with its current
register values. Note, that only those elements of the
array contain values that are related to instructions that were evaluated in
the past. The other elements are null
. Furthermore,
it identifies the localsArray
of the subroutine that will execute the
instruction with successorPC
.
The localsArray may be null
for the current instruction (not the successor
instruction) if the execution of the current instruction leads to the termination
of the current subroutine. In this case the information about the operands
and locals associated with all instructions belonging to the subroutine is
reset.
The updated worklist. In most cases this is simply the given worklist
.
The default case is also to return the given worklist
.
A method that overrides this method must always call the super method to ensure that every domain that uses this hook gets informed about a flow.
,The domain is allowed to modify the worklist
, operandsArray
and
localsArray
. However, the AI will not perform any checks. In case of
updates of the operandsArray
or localsArray
it is necessary to first
create a shallow copy before updating it.
If this is not done, it may happen that the locals associated
with other instructions are also updated.
The given value
, which is a value with computational type float, is returned
by the return instruction with the given pc
.
The given value
, which is a value with computational type float, is returned
by the return instruction with the given pc
.
Returns the field's value and/or a new NullPointerException
if the given
objectref
represents the value null
.
Returns the field's value and/or a new NullPointerException
if the given
objectref
represents the value null
.
The field's value or a new NullPointerException
.
Returns the field's value.
Returns the field's value.
The method descriptor as specified by the invoke instruction. In case of the invocation of a signature polymorphic method using org.opalj.br.instructions.INVOKEVIRTUAL the descriptor of the invoked method may differ from the descriptor used by the method. Nevertheless, the MethodCallResult has to satisfy the requirements of the caller. In particular regarding the return type.
Tests if the two given integer values are equal.
Tests if the two given integer values are equal.
A value with computational type integer.
A value with computational type integer.
Tests if the two given integer values are not equal.
Tests if the two given integer values are not equal.
A value with computational type integer.
A value with computational type integer.
This function is ONLY defined if a corresponding test (value1 == value2
)
returned org.opalj.Unknown. I.e., this method is only allowed to be
called if there is something to establish!
I.e., the domain values are real ranges (not single values, e.g., [1,1]
)
that overlap.
This function is ONLY defined if a corresponding test (value1 != value2
)
returned org.opalj.Unknown. I.e., this method is only allowed to be
called if there is something to establish!
I.e., the domain values are real ranges (not single values, e.g., [1,1]
)
that overlap.
This function is ONLY defined if a corresponding test (value1 < value2
)
returned org.opalj.Unknown. I.e., this method is only allowed to be
called if there is something to establish!
I.e., the domain values are real ranges (not single values, e.g., [1,1]
)
that overlap.
This function is ONLY defined if a corresponding test (value1 <= value2
)
returned org.opalj.Unknown. I.e., this method is only allowed to be
called if there is something to establish!
I.e., the domain values are real ranges (not single values, e.g., [1,1]
)
that overlap.
Sets the given domain value to theValue
.
Sets the given domain value to theValue
.
This function is called by OPAL before it starts to explore the branch where this condition has to hold. (This function is, e.g., called whenever we explore the branches of a switch-case statement.) I.e., the constraint is established before a potential join operation.
An integer domain value that does also, but not exclusively represents
theValue
.
Tests if the given integer value is 0 or maybe 0.
Tests if the given integer value is 0 or maybe 0.
A value with computational type integer.
Tests if the first integer value is larger than the second value.
Tests if the first integer value is larger than the second value.
A value with computational type integer.
A value with computational type integer.
Tests if the given integer value is > 0 or maybe > 0.
Tests if the given integer value is > 0 or maybe > 0.
A value with computational type integer.
Tests if the first integer value is larger than or equal to the second value.
Tests if the first integer value is larger than or equal to the second value.
A value with computational type integer.
A value with computational type integer.
Tests if the given value is greater than or equal to 0 or maybe greater than or equal to 0.
Tests if the given value is greater than or equal to 0 or maybe greater than or equal to 0.
A value with computational type integer.
Tests if the first integer value is smaller than the second value.
Tests if the first integer value is smaller than the second value.
Tests if the given integer value is < 0 or maybe < 0.
Tests if the given integer value is < 0 or maybe < 0.
A value with computational type integer.
Tests if the first integer value is less than or equal to the second value.
Tests if the first integer value is less than or equal to the second value.
Tests if the given integer value is less than or equal to 0 or maybe less than or equal to 0.
Tests if the given integer value is less than or equal to 0 or maybe less than or equal to 0.
A value with computational type integer.
Tests if the given integer value is not 0 or maybe not 0.
Tests if the given integer value is not 0 or maybe not 0.
A value with computational type integer.
Returns Yes
iff at least one possible extension of the given
value
is in the specified range; that is, if the intersection of the range of
values captured by the given value
and the specified range is non-empty.
Returns Yes
iff at least one possible extension of the given
value
is in the specified range; that is, if the intersection of the range of
values captured by the given value
and the specified range is non-empty.
For example, if the given value captures all positive integer values and the
specified range is [-1,1] then the answer has to be Yes
. If we know nothing
about the potential extension of the given value the answer will be Unknown
.
The answer is No
iff both ranges are non-overlapping.
A value that has to be of computational type integer.
The range's lower bound (inclusive).
The range's upper bound (inclusive).
Returns Yes
iff at least one (possible) extension of a given value is
not in the specified range; that is, if the set difference of the range of
values captured by the given value
and the specified range is non-empty.
Returns Yes
iff at least one (possible) extension of a given value is
not in the specified range; that is, if the set difference of the range of
values captured by the given value
and the specified range is non-empty.
For example, if the given value
has the integer value 10
and the
specified range is [0,Integer.MAX_VALUE] then the answer has to be No
. But,
if the given value
represents the range [-5,Integer.MAX_VALUE] and the specified
range is again [0,Integer.MAX_VALUE] then the answer has to be Yes
.
The answer is Yes
iff the analysis determined that at runtime value
will have
a value that is not in the specified range. If the analysis(domain) is not able
to determine whether the value is or is not in the given range then the answer
has to be Unknown
.
A value that has to be of computational type integer.
The range's lower bound (inclusive).
The range's upper bound (inclusive).
Those invokestatic
calls for which we have no concrete method (e.g.,
the respective class file was never loaded or the method is native) or
if have a recursive invocation are delegated to the super class.
Those invokestatic
calls for which we have no concrete method (e.g.,
the respective class file was never loaded or the method is native) or
if have a recursive invocation are delegated to the super class.
The given value
, which is a value with computational type integer, is returned
by the return instruction with the given pc
.
The given value
, which is a value with computational type integer, is returned
by the return instruction with the given pc
.
Determines the common null-ness property of the given reference values.
Determines the common null-ness property of the given reference values.
Determines if the runtime object type referred to by the given values
is always
the same.
Determines if the runtime object type referred to by the given values
is always
the same. I.e., it determines if all values are precise and have the same upperTypeBound
.
Null
values are ignored when determining the precision.
Delegates to org.opalj.br.ClassHierarchy's isSubtypeOf
method.
Tries to determine – under the assumption that the given value
is not
null
– if the runtime type of the given reference value could be a
subtype of the specified reference type supertype
.
Tries to determine – under the assumption that the given value
is not
null
– if the runtime type of the given reference value could be a
subtype of the specified reference type supertype
. I.e., if the type of the
value is not precisely known, then all subtypes of the value
's type are also
taken into consideration when analyzing the subtype relation and only if we
can guarantee that none is a subtype of the given supertype
the answer will be
No
.
The returned value is only meaningful if value
does not represent
the runtime value null
.
Joins the given operand stacks and local variables.
Joins the given operand stacks and local variables.
In general there should be no need to refine this method. Overriding this method should only be done for analysis purposes.
This method heavily relies on reference comparisons to speed up the overall process of performing an abstract interpretation of a method. Hence, a computation should – whenever possible – return (one of) the original object(s) if that value has the same abstract state as the result. Furthermore, if all original values capture the same abstract state as the result of the computation, the "left" value/the value that was already used in the past should be returned.
The joined operand stack and registers.
Returns NoUpdate
if this memory layout already subsumes the
other memory layout.
The operand stacks are guaranteed to contain compatible values w.r.t. the
computational type (unless the bytecode is not valid or OPAL contains
an error). I.e., if the result of joining two operand stack values is an
IllegalValue
we assume that the domain implementation is incorrect.
However, the joining of two register values can result in an illegal value -
which identifies the value as being dead.
The size of the operands stacks that are to be joined and the number of registers/locals that are to be joined can be expected to be identical under the assumption that the bytecode is valid and the framework contains no bugs.
Enables the customization of the behavior of the base join method.
Enables the customization of the behavior of the base join method.
This method in particular enables, in case of a MetaInformationUpdate, to raise the update type to force the continuation of the abstract interpretation process.
Methods should always override
this method and should call the super method.
The current update type. The level can be raised. It is an error to lower the update level.
The old operands, before the join. Should not be changed.
The old locals, before the join. Should not be changed.
The new operands; may be updated.
The new locals; may be updated.
The pc of the jsr(w) instruction.
Conversion of the given long value to a double value.
Conversion of the given long value to a double value.
The result of calling DoubleValue(pc)
.
Conversion of the given long value to a float value.
Conversion of the given long value to a float value.
The result of calling FloatValue(pc)
.
Conversion of the given long value to an integer value.
Conversion of the given long value to an integer value.
The result of calling IntegerValue(pc)
.
Add of two long values.
Add of two long values.
The pc of the add(+) instruction.
A long value (guaranteed by the JVM's semantics).
A long value (guaranteed by the JVM's semantics).@return The result of calling LongValue(pc)
.
Boolean and of two long values.
Boolean and of two long values.
The pc of the "&" instruction.
A long value (guaranteed by the JVM's semantics).
A long value (guaranteed by the JVM's semantics).@return The result of calling LongValue(pc)
.
Comparison (==) of two long values.
Comparison (==) of two long values.
The pc of the comparison instruction.
The result of calling IntegerValue(pc)
.
Division of two long values.
Division of two long values.
The pc of the div (/) instruction.
Either ComputedValue(LongValue(pc))
if arithmetic exceptions should
not be thrown if nothing is known about the precise value or – if the
policy is to throw an ArithmeticException if in doubt – a
ComputedValueOrException(LongValue(pc), ArithmeticException(pc))
Multiplication of two long values.
Multiplication of two long values.
The pc of the mul (/) instruction.
A long value (guaranteed by the JVM's semantics).
A long value (guaranteed by the JVM's semantics).@return The result of calling LongValue(pc)
.
Negation of a long value.
Negation of a long value.
The pc of the neg instruction.
A long value (guaranteed by the JVM's semantics).@return The result of calling LongValue(pc)
.
Boolean or of two long values.
Boolean or of two long values.
The pc of the "boolean or" (|) instruction.
A long value (guaranteed by the JVM's semantics).
A long value (guaranteed by the JVM's semantics).@return The result of calling LongValue(pc)
.
Remainder of two long values.
Remainder of two long values.
The pc of the div (/) instruction.
Either ComputedValue(LongValue(pc))
if arithmetic exceptions should
not be thrown if nothing is known about the precise value or – if the
policy is to throw an ArithmeticException if in doubt – a
ComputedValueOrException(LongValue(pc), ArithmeticException(pc))
The given value
, which is a value with computational type long, is returned
by the return instruction with the given pc
.
The given value
, which is a value with computational type long, is returned
by the return instruction with the given pc
.
Shift left of a long value.
Shift left of a long value.
The pc of the "shift left" instruction.
A long value (guaranteed by the JVM's semantics).
A int value (guaranteed by the JVM's semantics) that determines
the number of bits to shift.@return The result of calling LongValue(pc)
.
Shift right of a long value.
Shift right of a long value.
The pc of the "shift right" instruction.
A long value (guaranteed by the JVM's semantics).
An int value (guaranteed by the JVM's semantics) that determines
the number of bits to shift.@return The result of calling LongValue(pc)
.
Subtraction of two long values.
Subtraction of two long values.
The pc of the sub(-) instruction.
A long value (guaranteed by the JVM's semantics.)
A long value (guaranteed by the JVM's semantics.)@return The result of calling LongValue(pc)
.
Unsigned shift right of a long value.
Unsigned shift right of a long value.
The pc of the "unsigned shift right" instruction.
A long value (guaranteed by the JVM's semantics).
A int value (guaranteed by the JVM's semantics) that determines
the number of bits to shift.@return The result of calling LongValue(pc)
.
xor of two long values.
xor of two long values.
The pc of the "xor" instruction.
A long value (guaranteed by the JVM's semantics).
A long value (guaranteed by the JVM's semantics).@return The result of calling LongValue(pc)
.
Merges two computations that both resulted in at most one DomainValue
or
at most one ExceptionValue
.
Merges two computations that both resulted in at most one DomainValue
or
at most one ExceptionValue
.
If values are merged the merged value will use the specified pc
.
Merges two computations that both return some DomainValue
and some
ExceptionValues
.
Merges two computations that both return some DomainValue
and some
ExceptionValues
. If values are merged the merged value will use the
specified pc
.
Merges the given domain value v1
with the domain value v2
and returns
the merged value which is v1
if v1
is an abstraction of v2
, v2
if v2
is an abstraction of v1
or some other value if a new value is computed that
abstracts over both values.
Merges the given domain value v1
with the domain value v2
and returns
the merged value which is v1
if v1
is an abstraction of v2
, v2
if v2
is an abstraction of v1
or some other value if a new value is computed that
abstracts over both values.
This operation is commutative.
Merges two computations that both resulted in at most one ExceptionValue
each.
Merges two computations that both resulted in at most one ExceptionValue
each.
If values are merged the merged value will use the specified pc
.
Merges those exceptions that have the same upper type bound.
Merges those exceptions that have the same upper type bound. This ensures
that per upper type bound only one ValuesDomain.DomainValue (which may be a
MultipleReferenceValues
) is used. For those values that are merged, the
given pc
is used.
Returns the method that is currently analyzed.
Returns the method that is currently analyzed.
Handles a monitorenter
instruction.
Handles a monitorenter
instruction.
The default implementation checks if the given value is null
and raises
an exception if it is null
or maybe null
.
Handles a monitorexit
instruction.
Handles a monitorexit
instruction.
The default implementation checks if the given value is null
and raises
an exception if it is null
or maybe null
.
Creates a multi-dimensional array.
Creates a multi-dimensional array.
It is generally not necessary to override this method as it handles all cases in a generic manner.
,The componentType may be (again) an array type.
Creates a new array.
Creates a new array.
It is generally not necessary to override this method as it handles all cases in a generic manner.
Returns the next unused time stamp.
Returns the next unused time stamp.
Returns the origin(s) of the given value if the information is available.
Returns the origin(s) of the given value if the information is available.
The source(s) of the given value if the information is available.
Whether the information is available depends on the concrete domains.
This trait only defines a general contract how to get access to a
value's origin (I.e., the origin of the instruction which created the
respective value.)
By default this method returns an empty Iterable
.
Returns the project that is currently analyzed.
Returns the project that is currently analyzed.
Returns a string representation of the properties associated with the instruction with the respective program counter.
Returns a string representation of the properties associated with the instruction with the respective program counter.
Associating properties with an instruction and maintaining those properties
is, however, at the sole responsibility of the Domain
.
This method is predefined to facilitate the development of support tools and is not used by the abstract interpretation framework.
Domain
s that define (additional) properties should (abstract
) override
this method and should return a textual representation of the property.
Sets the field's value if the given objectref
is not null
(in the Domain).
Sets the field's value if the given objectref
is not null
(in the Domain).
In the latter case a NullPointerException
is thrown.
Sets the field's value.
Sets the field's value.
Returns Yes
if both DomainReferenceValues
definitively identify
the same object at runtime.
Returns Yes
if both DomainReferenceValues
definitively identify
the same object at runtime.
Using this domain, it is in general not possible to determine that two values are definitively not reference equal unless they are type incompatible.
Compares the given values for reference inequality.
Compares the given values for reference inequality. Returns No
if both values
point to the same instance and returns Yes
if both objects are known not to
point to the same instance. The latter is, e.g., trivially the case when both
values have a different concrete type. Otherwise Unknown
is returned.
If both values are representing the null
value the org.opalj.Answer is Yes
.
A value of computational type reference.
A value of computational type reference.
Called by OPAL when two values were compared for reference equality and we are going to analyze the branch where the comparison succeeded.
Called by OPAL when two values were compared for reference equality and we are going to analyze the branch where the comparison succeeded.
Called by OPAL when two values were compared for reference equality and we are going to analyze the branch where the comparison failed.
Called by OPAL when two values were compared for reference equality and we are going to analyze the branch where the comparison failed.
Refines the "null"ness property (isNull == No
) of the given value.
Refines the "null"ness property (isNull == No
) of the given value.
Calls refineIsNull
on the given ReferenceValue
and replaces every occurrence
on the stack/in a register with the updated value.
A ReferenceValue
that does not represent the value null
.
Updates the "null"ness property (isNull == Yes
) of the given value.
Updates the "null"ness property (isNull == Yes
) of the given value.
Calls refineIsNull
on the given ReferenceValue
and replaces every occurrence
on the stack/in a register with the updated value.
A ReferenceValue
.
Returns Yes
if given value is never null
, Unknown
if the values is maybe
null
and No
otherwise.
Returns Yes
if given value is never null
, Unknown
if the values is maybe
null
and No
otherwise.
A value of computational type reference.
Determines the nullness-property of the given value.
Determines the nullness-property of the given value.
A value of type ReferenceValue
.
Called by the abstract interpreter when the type bound of the top most stack value needs to be refined.
Called by the abstract interpreter when the type bound of the top most stack
value needs to be refined. This method is only called by the abstract
interpreter iff an immediately preceding subtype query (typeOf(value) <: bound)
returned Unknown
. This method must not be ignored – w.r.t. refining the top-most
stack value; it is e.g., used by org.opalj.br.instructions.CHECKCAST
instructions.
A domain that is able to identify aliases can use this information to propagate the information to the other aliases.
Sets the is null
property of the top-most stack value to Yes
.
Sets the is null
property of the top-most stack value to Yes
. This method is
called by the framework when the top-most operand stack value has to be null, but
a previous isNull
check returned Unknown.
E.g., after a org.opalj.br.instructions.CHECKCAST that fails unless the
value is "null".
This method can be ignored; i.e., the return value can be (operands,locals)
.
However, a domain that is able to identify aliases can use this information to propagate
the information to the other aliases.
The pc of the ret instruction.
Called when a return instruction with the given pc
is reached.
Called when a return instruction with the given pc
is reached.
In other words, when the method returns normally.
This function can be called when the instruction successorPC
needs to be
scheduled.
This function can be called when the instruction successorPC
needs to be
scheduled. The function will test if the instruction is already scheduled and
– if so – returns the given worklist. Otherwise the instruction
is scheduled in the correct (subroutine-)context.
Creates a summary of the given domain values by summarizing and
joining the given values
.
Creates a summary of the given domain values by summarizing and
joining the given values
. For the precise details
regarding the calculation of a summary see Value.summarize(...)
.
The program counter that will be used for the summary value if a new value is returned that abstracts over/summarizes the given values.
An Iterable
over one or more values.
The current algorithm is generic and should satisfy most needs, but it is not very efficient. However, it should be easy to tailor it for a specific domain/domain values, if need be.
If true
, all instructions that may raise an arithmetic exception (e.g., idiv,
ldiv) should do so if it is impossible to statically determine that no
exception will occur.
If true
, all instructions that may raise an arithmetic exception (e.g., idiv,
ldiv) should do so if it is impossible to statically determine that no
exception will occur. But, if we can statically determine that the operation will
raise an exception then the exception will be thrown – independently of this
setting. Furthermore, if we can statically determine that no exception will be
raised, no exception will be thrown. Hence, this setting only affects computations
with values with incomplete information.
true
If true
an ArrayIndexOutOfBoundsException
is thrown if the index cannot
be verified to be valid.
If true
an ArrayIndexOutOfBoundsException
is thrown if the index cannot
be verified to be valid.
true
If true
an ArrayStoreException
is thrown if it cannot be verified that the
value can be stored in the array.
If true
an ArrayStoreException
is thrown if it cannot be verified that the
value can be stored in the array.
true
If true
a ClassCastException
is thrown by CHECKCAST
instructions if it
cannot be verified that no ClassCastException
will be thrown.
If true
a ClassCastException
is thrown by CHECKCAST
instructions if it
cannot be verified that no ClassCastException
will be thrown.
true
Throw a ClassNotFoundException
if the a specific reference type is not
known in the current context.
Throw a ClassNotFoundException
if the a specific reference type is not
known in the current context. The context is typically a specific Project
.
true
Determines the behavior how method calls are handled where the exceptions that the called method may throw are unknown.
Determines the behavior how method calls are handled where the exceptions that the called method may throw are unknown.
true
If true
then monitorexit
and the (XXX)return
instructions will throw
IllegalMonitorStateException
s unless the analysis is able to determine that
the exception is guaranteed to be raised.
If true
then monitorexit
and the (XXX)return
instructions will throw
IllegalMonitorStateException
s unless the analysis is able to determine that
the exception is guaranteed to be raised.
true
If true
a NegativeArraySizeException
is thrown if the index cannot be
verified to be positive.
If true
a NegativeArraySizeException
is thrown if the index cannot be
verified to be positive.
true
Returns true
if potential NullPointerExceptions
should be thrown and false
if such NullPointerExceptions
should be ignored.
Returns true
if potential NullPointerExceptions
should be thrown and false
if such NullPointerExceptions
should be ignored. However, if the interpreter
identifies a situation in which a NullPointerException
is guaranteed to be
thrown, it will be thrown.
true
Returns true
if potential NullPointerExceptions
should be thrown and false
if such NullPointerExceptions
should be ignored.
Returns true
if potential NullPointerExceptions
should be thrown and false
if such NullPointerExceptions
should be ignored. However, if the interpreter
identifies a situation in which a NullPointerException
is guaranteed to be
thrown, it will be thrown.
true
Returns true
if potential NullPointerExceptions
should be thrown and false
if such NullPointerExceptions
should be ignored.
Returns true
if potential NullPointerExceptions
should be thrown and false
if such NullPointerExceptions
should be ignored. However, if the interpreter
identifies a situation in which a NullPointerException
is guaranteed to be
thrown, it will be thrown. Example:
def demo(o : Object) { o.toString // - If "true", a NullPointerException will ALSO be thrown; // the operation also succeeds. // - If "false" the operation will "just" succeed }
true
Returns true
if potential NullPointerExceptions
should be thrown and false
if such NullPointerExceptions
should be ignored.
Returns true
if potential NullPointerExceptions
should be thrown and false
if such NullPointerExceptions
should be ignored. However, if the interpreter
identifies a situation in which a NullPointerException
is guaranteed to be
thrown, it will be thrown.
true
If true
a NullPointerExceptions
is thrown if the exception that is to be
thrown is not not known to be null.
If true
a NullPointerExceptions
is thrown if the exception that is to be
thrown is not not known to be null.
true
Converts – if possible – a given DomainValue
to a Java object that is
appropriately initialized.
Converts – if possible – a given DomainValue
to a Java object that is
appropriately initialized.
Every domain that supports the creation of a Java object's based on a domain value is expected to implement this method and to test if it can create a precise representation of the given value. If not, the implementation has to delegate the responsibility to the super method to creat an abstract representation.
abstract override def toJavaObject(value : DomainValue): Option[Object] = { if(value...) // create and return Java object else super.toJavaObject(value) }
Some(Object) is returned if it was possible to create a compatible
corresponding Java object; otherwise None
is returned.
Default: None
unless the value
is null. In the latter case Some(null)
is returned.
This operation is generally only possible if the domain value maintains enough state information to completely initialize the Java object.
Returns the type(type bounds) of the given value.
Returns the type(type bounds) of the given value.
In general a single value can have multiple type bounds which depend on the
control flow.
However, all types that the value represents must belong to the same
computational type category. I.e., it is possible that the value either has the
type "NullPointerException
or IllegalArgumentException
", but it will never have
– at the same time – the (Java) types int
and long
. Furthermore,
it is possible that the returned type(s) is(are) only an upper bound of the
real type unless the type is a primitive type.
This default implementation always returns org.opalj.ai.UnknownType.
typeOfValue
This method is typically not implemented by a single Domain
trait/object, but is
instead implemented collaboratively by all domains that implement the semantics
of certain values. To achieve that, other Domain
traits that implement a
concrete domain's semantics have to abstract override
this method and only
return the value's type if the domain knows anything about the type. If a method
that overrides this method has no knowledge about the given value, it should
delegate this call to its super method.
Example
trait FloatValues extends Domain[...] { ... abstract override def typeOfValue(value: DomainValue): TypesAnswer = value match { case r: FloatValue ⇒ IsFloatValue case _ ⇒ super.typeOfValue(value) } }
Replaces all occurrences of oldValue
(using reference-quality) with newValue
.
Replaces all occurrences of oldValue
(using reference-quality) with newValue
. If no
occurrences are found, the original operands and locals data structures
are returned.
Calculates the most specific common upper type bound of the upper type bounds of all values.
Calculates the most specific common upper type bound of the upper type bounds of
all values. NullValue
s are ignored.
Domain object which is used to calculate the call graph using variable type analysis.