Computation that returns the value stored in an array at a given index or an exception.
Computation that returns the value stored in an array at a given index or an
exception. The exceptions that may be thrown are: NullPointerException
and
ArrayIndexOutOfBoundsException
.
Computation that succeeds (updates the value stored in the array at the given index) or that throws an exception.
Computation that succeeds (updates the value stored in the array at the given
index) or that throws an exception. The exceptions that may be thrown are:
NullPointerException
, ArrayIndexOutOfBoundsException
and ArrayStoreException
.
All values (Class<...> c
) that represent the same type (e.g.
All values (Class<...> c
) that represent the same type (e.g. java.lang.String
)
are actually represented by the same class (object) value at runtime.
Abstracts over the concrete type of IllegalValue
.
Abstracts over the concrete type of IllegalValue
.
This type needs to be refined whenever the class IllegalValue
is refined or the type DomainValue
is refined.
Abstracts over the concrete type of ReturnAddressValue
.
Abstracts over the concrete type of ReturnAddressValue
. Needs to be fixed
by some sub-trait/sub-class. In the simplest case (i.e., when neither the
Value
trait nor the ReturnAddressValue
trait was refined) it is sufficient
to write:
type DomainReturnAddressValue = ReturnAddressValue
Abstracts over the concrete type of Value
.
Abstracts over the concrete type of Value
. Needs to be refined by traits that
inherit from Domain
and which extend Domain
's Value
trait.
A simple type alias of the type DomainValue
; used to facilitate comprehension.
A simple type alias of the type DomainValue
; used to facilitate comprehension.
A type alias for Iterable
s of ExceptionValue
s; used to facilitate comprehension.
A type alias for Iterable
s of ExceptionValue
s; used to facilitate comprehension.
Represents a value that has no well defined state/type.
Represents a value that has no well defined state/type. Such values are the result of a join of two incompatible values and are generally only found in registers (in the locals) and then identify a value that is dead.
org.opalj.ai.Domain.Value for further details.
An instruction's current register values/locals are represented using an array.
An instruction's current register values/locals are represented using an array.
Should be mixed in by Value
classes that capture information about all origins
of a value.
Should be mixed in by Value
classes that capture information about all origins
of a value.
A MultipleReferenceValues
tracks multiple reference values (of type NullValue
,
ArrayValue
, SObjectValue
and MObjectValue
) that have different
origins.
A MultipleReferenceValues
tracks multiple reference values (of type NullValue
,
ArrayValue
, SObjectValue
and MObjectValue
) that have different
origins. I.e., per value origin one domain value is used
to abstract over the properties of that respective value.
An instruction's operands are represented using a list where the first element of the list represents the top level operand stack value.
An instruction's operands are represented using a list where the first element of the list represents the top level operand stack value.
Representation of some reference value; this includes Object
, Array
and Null
values.
Representation of some reference value; this includes Object
, Array
and Null
values.
This trait defines the additional methods needed for the refinement of the new properties.
A map that contains the refined values (the map's values) of some old values (the map's keys).
A map that contains the refined values (the map's values) of some old values (the map's keys).
Stores a single return address (i.e., a program counter/index into the code array).
Stores a single return address (i.e., a program counter/index into the code array).
Though the framework completely handles all aspects related to return address
values, it is nevertheless necessary that this class inherits from Value
as return addresses are stored on the stack/in the registers. However,
if the Value
trait should be refined, all additional methods may – from
the point-of-view of OPAL-AI - just throw an OperationNotSupportedException
as these additional methods will never be called by OPAL-AI.
A collection of (not furhter stored) return address values.
A collection of (not furhter stored) return address values. Primarily used when we join the executions of subroutines.
A reference value with a single (upper) type (bound).
A reference value with a single (upper) type (bound).
Represents all DomainReferenceValue
s that represent a reference value where
– in the current analysis context – the value has a single origin.
Represents all DomainReferenceValue
s that represent a reference value where
– in the current analysis context – the value has a single origin.
To make it possible to store SingleOriginReferenceValue
s in UIDSets -
which in particular provide fast filter
and tail
methods compared to the
standard sets - the UID trait is implemented.
Should be mixed in by Value
s that have a single origin.
Should be mixed in by Value
s that have a single origin.
The timestamp enables us to distinguish two values created/returned by the same instruction (two values with the same origin) but at a different point in time.
The timestamp enables us to distinguish two values created/returned by the same instruction (two values with the same origin) but at a different point in time.
Such values may or may not be different (i.e., those value may or may not refer to the same object on the heap/stack).
However, two domain values that have the same timestamp are guaranteed to refer to the same object at runtime (must-alias).
Timestamps are required to determine changes in the memory layout. I.e., to determine if two values created by the same instruction are aliases or "just" maybe aliases. This information is particularly relevant if two values - stored in registers - are no longer guaranteed to be aliases!
Abstracts over a concrete operand stack value or a value stored in one of the local variables/registers.
Abstracts over a concrete operand stack value or a value stored in one of the local variables/registers.
In general, subclasses and users of a Domain
should not have/declare
a direct dependency on Value
. Instead they should use DomainValue
as otherwise
extensibility of a Domain
may be hampered or even be impossible. The only
exceptions are, of course, classes that directly inherit from this class.
If you directly extend/refine this trait (i.e., in a subclass of the Domain
trait
you write something like trait Value extends super.Value
), make sure that
you also extend all classes/traits that inherit from this type
(this may require a deep mixin composition and that you refine the type
DomainType
accordingly).
However, OPAL was designed such that extending this class should – in general
– not be necessary. It may also be easier to encode the desired semantics – as
far as possible – as part of the domain.
Standard inheritance from this trait is always supported and is the primary mechanism to model an abstract domain's lattice w.r.t. some special type of value. In general, the implementation should try to avoid creating new instances of values unless strictly required to model the domain's semantics. This will greatly improve the overall performance as this framework heavily uses reference-based equality checks to speed up the evaluation.
OPAL does not rely on any special equality semantics w.r.t. values and
never directly or indirectly calls a Value
's equals
or eq
method. Hence,
a domain can encode equality such that it best fits its need.
However, some of the provided domains rely on the following semantics for equals:
Two domain values have to be equal (==
) iff they represent the same
information. This includes additional information, such as, the value of
the origin.
E.g., a value (AnIntegerValue
) that represents an arbitrary Integer
value
has to return true
if the domain value with which it is compared also
represents an arbitrary Integer
value (AnIntegerValue
). However,
it may still be necessary to use multiple objects to represent an arbitrary
integer value if, e.g., constraints should be attached to specific values.
For example, after a comparison of an integer value with a predefined
value (e.g., AnIntegerValue < 4
) it is possible to constrain the respective
value on the subsequent paths (< 4 on one path and >= 4 on the other path).
To make that possible, it is however necessary to distinguish the
AnIntegervalue
from some other AnIntegerValue
to avoid constraining
unrelated values.
public void foo(int a,int b) { if(a < 4) { z = a - 2 // here a is constrained (< 4), b and z are unconstrained } else { z = a + 2 // here a is constrained (>= 4), b and z are unconstrained } }
In general, equals
is only defined for values belonging to the same
domain. If values need to be compared across domains, they need to be adapted
to a target domain first.
Creates a non-null object that represent a ArithmeticException
and that has the
given origin
.
Creates a non-null object that represent a ArithmeticException
and that has the
given origin
.
If the ArithmeticException
was created by the VM while evaluating an instruction
with the program counter pc
you use the method ValueOriginForVMLevelValue to
translate that pc
to the appropriate ValueOrigin.
Creates a non-null object that represent a ArrayIndexOutOfBoundsException
and that has the
given origin
.
Creates a non-null object that represent a ArrayIndexOutOfBoundsException
and that has the
given origin
.
If the ArrayIndexOutOfBoundsException
was created by the VM while evaluating an instruction
with the program counter pc
you use the method ValueOriginForVMLevelValue to
translate that pc
to the appropriate ValueOrigin.
Creates a non-null object that represent a ArrayStoreException
and that has the
given origin
.
Creates a non-null object that represent a ArrayStoreException
and that has the
given origin
.
If the ArrayStoreException
was created by the VM while evaluating an instruction
with the program counter pc
you use the method ValueOriginForVMLevelValue to
translate that pc
to the appropriate ValueOrigin.
Creates a non-null object that represent a ClassCastException
and that has the
given origin
.
Creates a non-null object that represent a ClassCastException
and that has the
given origin
.
If the ClassCastException
was created by the VM while evaluating an instruction
with the program counter pc
you use the method ValueOriginForVMLevelValue to
translate that pc
to the appropriate ValueOrigin.
The class tag can be used to create type safe arrays or to extract the concrete type of the domain value.
The class tag can be used to create type safe arrays or to extract the concrete type of the domain value.
val DomainReferenceValue(v) = value // of type "DomainValue" // v is now of the type DomainReferenceValue
Creates a non-null object that represent an IllegalMonitorStateException
and that has the
given origin
.
Creates a non-null object that represent an IllegalMonitorStateException
and that has the
given origin
.
If the IllegalMonitorStateException
was created by the VM while evaluating an instruction
with the program counter pc
you should use the method ValueOriginForVMLevelValue to
translate that pc
to the appropriate ValueOrigin.
Creates a non-null object that represent a NegativeArraySizeException
and that has the
given origin
.
Creates a non-null object that represent a NegativeArraySizeException
and that has the
given origin
.
If the NegativeArraySizeException
was created by the VM while evaluating an instruction
with the program counter pc
you use the method ValueOriginForVMLevelValue to
translate that pc
to the appropriate ValueOrigin.
Creates a non-null object that represent a NullPointerException
and that has the
given origin
.
Creates a non-null object that represent a NullPointerException
and that has the
given origin
.
If the NullPointerException
was created by the VM while evaluating an instruction
with the program counter pc
you should use the method ValueOriginForVMLevelValue to
translate that pc
to the appropriate ValueOrigin.
Factory method to create a DomainValue
that represents value null
and
and that was created (explicitly or implicitly) by the instruction
with the specified program counter.
Factory method to create a DomainValue
that represents value null
and
and that was created (explicitly or implicitly) by the instruction
with the specified program counter.
The domain may ignore the information about the value and the origin (pc
).
The properties of the domain value are:
Creates a non-null object that represent a Throwable
object and that has the
given origin
.
Creates a non-null object that represent a Throwable
object and that has the
given origin
.
If the Throwable
was created by the VM while evaluating an instruction with
the program counter pc
you should use the method ValueOriginForVMLevelValue
to translate that pc
to the appropriate ValueOrigin.
Returns the field's value and/or a new NullPointerException
if the given
objectref
represents the value null
.
Returns the field's value and/or a new NullPointerException
if the given
objectref
represents the value null
.
The field's value or a new NullPointerException
.
Tries to determine if the type referred to as subtype
is a subtype of the
specified reference type supertype
.
Tries to determine if the type referred to as subtype
is a subtype of the
specified reference type supertype
. If the class hierarchy is not complete
the answer may be Unknown.
Sets the field's value if the given objectref
is not null
(in the Domain).
Sets the field's value if the given objectref
is not null
(in the Domain).
In the latter case a NullPointerException
is thrown.
Sets the field's value.
Sets the field's value.
Creates a new DomainValue
that represents an array value with unknown
values and where the specified type may also just be an upper type bound
(unless the component type is a primitive type or an array of primitives.)
Creates a new DomainValue
that represents an array value with unknown
values and where the specified type may also just be an upper type bound
(unless the component type is a primitive type or an array of primitives.)
This factory method is (typically) used to create a domain value that represents an array if we know nothing specific about the array. E.g., if you want to analyze a method that takes an array as a parameter.
The properties of the value are:
Java's arrays are co-variant. I.e., Object[] a = new Serializable[100];
is valid.
Enables matching of DomainValue
s that are array values.
Enables matching of DomainValue
s that are array values.
Factory method to create a DomainValue
that represents a runtime value of
type "Class<T>
" and that was created by the instruction with the
specified program counter.
Factory method to create a DomainValue
that represents a runtime value of
type "Class<T>
" and that was created by the instruction with the
specified program counter.
This function is called by OPAL when a class constant (LDC(_W)
instruction) is
put on the stack.
The domain may ignore the information about the value and the origin (vo
).
The properties of the domain value are:
Defines a total order on reference values with a single origin by subtracting both origins.
Defines a total order on reference values with a single origin by subtracting both origins.
The class tag for the type DomainValue
.
The class tag for the type DomainValue
.
Required to generate instances of arrays in which values of type
DomainValue
can be stored in a type-safe manner.
In the sub-trait or class that fixes the type of DomainValue
it is necessary
to implement this abstract val
using:
val DomainValueTag : ClassTag[DomainValue] = implicitly
(As of Scala 2.10 it is necessary that you do not use implicit
in the subclass -
it will compile, but fail at runtime.)
Factory method to create a DomainValue
that represents an array
that was successfully created and which has the given type.
Factory method to create a DomainValue
that represents an array
that was successfully created and which has the given type.
The domain may ignore the information about the origin (pc
) and
the precise size of each dimension.
The properties of the domain value are:
The size of each dimension if available. counts
may not be empty but
may not contain information about all dimensions; the
following condition always has to hold: counts.length <= arrayType.dimensions
.
Factory method to create a DomainValue
that represents an initialized
reference value of the given type and that was created (explicitly or implicitly)
by the instruction with the specified program counter.
Factory method to create a DomainValue
that represents an initialized
reference value of the given type and that was created (explicitly or implicitly)
by the instruction with the specified program counter.
The given type usually identifies a class type (not an interface type) that is
not abstract, but in some cases (e.g. consider java.awt.Toolkit()
)
it may be useful/meaningful to relax this requirement and to state that the
class precisely represents the runtime type – even
so the class is abstract. However, such decisions need to be made by the domain.
This method is used by the OPAL framework to create reference values that are normally
internally created by the JVM (in particular exceptions such as
NullPointExeception
and ClassCastException
). However, it can generally
be used to create initialized objects/arrays.
The properties of the domain value are:
null
.)
The result of the merge of two incompatible values has
to be reported as a MetaInformationUpdate[DomainIllegalValue]
.
The result of the merge of two incompatible values has
to be reported as a MetaInformationUpdate[DomainIllegalValue]
.
Called by the AI framework for each load constant method handle (org.opalj.br.instructions.LoadMethodHandle) instruction to get a representation of/a DomainValue that represents the handle.
Called by the AI framework for each load constant method handle (org.opalj.br.instructions.LoadMethodHandle) instruction to get a representation of/a DomainValue that represents the handle.
A valid method handle.
An InitializedObjectValue(ObjectType.MethodHandle)
.
Hence, this method needs to be overridden
if resolution of MethodHandle based method calls should be performed.
Called by the framework for each load constant method type
(org.opalj.br.instructions.LoadMethodType) instruction to
get a domain-specific representation of the method descriptor as a MethodType
.
Called by the framework for each load constant method type
(org.opalj.br.instructions.LoadMethodType) instruction to
get a domain-specific representation of the method descriptor as a MethodType
.
A valid method descriptor.
An InitializedObjectValue(ObjectType.MethodType)
.
Hence, this method needs to be overridden
if resolution of MethodType based method calls should be performed.
Factory method to create a new domain value that represents a newly created array (non-null) with the size determined by count that is empty.
Factory method to create a new domain value that represents a newly created array (non-null) with the size determined by count that is empty.
This factory method is (implicitly) used, e.g., by OPAL when a
multianewarray
instruction is found.
The properties of the value are:
counts
Factory method to create a new domain value that represents a newly created array (non-null) with the size determined by count that is empty.
Factory method to create a new domain value that represents a newly created array (non-null) with the size determined by count that is empty.
This factory method is (implicitly) used, e.g., by OPAL when a newarray
instruction is found.
The properties of the value are:
Creates a new DomainValue
that represents a new,
uninitialized instance of an object of the given type.
Creates a new DomainValue
that represents a new,
uninitialized instance of an object of the given type. The object was
created by the (NEW
) instruction with the specified program counter.
OPAL calls this method when it evaluates newobject
instructions.
If the bytecode is valid a call of one of the object's constructors will
subsequently initialize the object.
The properties of the domain value are:
null
.)
Instances of arrays are created by the newarray
and
multianewarray
instructions and in both cases an exception may be thrown
(e.g., NegativeArraySizeException
).
Represents a non-null reference value with the given type as an upper type bound.
Represents a non-null reference value with the given type as an upper type bound.
The domain may ignore the information about the value and the origin (vo
).
The properties of the domain value are:
null
.)
Factory method to create a DomainValue
that represents either an class-/interface
value that has the given types as an upper bound or the value null
.
Factory method to create a DomainValue
that represents either an class-/interface
value that has the given types as an upper bound or the value null
. However, the
information whether the value is null
or not is not available. Furthermore, the
type may also just be an upper bound and it is not known if the value is
properly initialized.
The properties of the domain value are:
Factory method to create a DomainValue
that represents either an class-/interface
value that has the given type or the value null
.
Factory method to create a DomainValue
that represents either an class-/interface
value that has the given type or the value null
. However, the
information whether the value is null
or not is not available. Furthermore, the
type may also just be an upper bound and it is not known if the value is
properly initialized.
The properties of the domain value are:
Factory method to create a DomainValue
that represents either a reference
value that has the given type and is initialized or the value null
.
Factory method to create a DomainValue
that represents either a reference
value that has the given type and is initialized or the value null
. However, the
information whether the value is null
or not is not available. Furthermore, the
type may also just be an upper bound.
The domain may ignore the information about the value and the origin, but it has to remain possible for the domain to identify the component type of an array.
The properties of the domain value are:
Factory method to create an instance of a ReturnAddressValue
.
Factory method to create an instance of a ReturnAddressValue
.
Factory method to create a DomainValue
that represents the given string value
and that was created by the instruction with the specified program counter.
Factory method to create a DomainValue
that represents the given string value
and that was created by the instruction with the specified program counter.
This function is called by OPAL-AI when a string constant (LDC(_W)
instruction) is
put on the stack.
The domain may ignore the information about the value and the origin (vo
).
The properties of the domain value are:
null
.A non-null string. (The string may be empty, though.)
The result of merging two values should never be reported as a
StructuralUpdate
if the computed value is an IllegalValue
.
The result of merging two values should never be reported as a
StructuralUpdate
if the computed value is an IllegalValue
. The JVM semantics guarantee
that the value will not be used and, hence, continuing the interpretation is meaningless.
This method is solely defined for documentation purposes and to catch implementation errors early on.
Extractor for timestamps.
Extractor for timestamps.
The singleton instance of the IllegalValue
.
The singleton instance of the IllegalValue
.
The singleton instance of ReturnAddressValues
The singleton instance of ReturnAddressValues
Creates an update object that characterizes a timestamp update.
Creates an update object that characterizes a timestamp update.
Basically, just a wrapper for a MetaInformationUpdate
; the purpose is to
better communicate the underlying purpose.
Called by the abstract interpreter when the abstract interpretation of a method has ended.
Called by the abstract interpreter when the abstract interpretation of a method has ended. The abstract interpretation of a method ends if either the fixpoint is reached or the interpretation was aborted.
By default this method does nothing.
Domains that override this method are expected to also call
super.abstractInterpretationEnded(aiResult)
.
This method is called after all values which differ have been joined, but before
joinPostProcessing
will be called.
This method is called after all values which differ have been joined, but before
joinPostProcessing
will be called.
This methods is called after the evaluation of the instruction with
the given pc
with respect to targetPC
, but before the values are propagated
(joined) and before it is checked whether the interpretation needs to be continued.
This methods is called after the evaluation of the instruction with
the given pc
with respect to targetPC
, but before the values are propagated
(joined) and before it is checked whether the interpretation needs to be continued.
I.e., if the operands (newOperands
) or locals (newLocals
) are further refined
then the refined operands and locals are joined (if necessary).
During the evaluation of the instruction it is possible that this method
is called multiple times with different targetPC
s. The latter is not only
true for control flow instructions, but also for those instructions
that may raise an exception.
This method can and is intended to be overridden to further refine the operand
stack/the locals. However, the overriding method should always forward the (possibly
refined) operands and locals to the super
method (stackable traits
).
Returns the array's length or throws a NullPointerException
if the given
reference is null
.
Returns the array's length or throws a NullPointerException
if the given
reference is null
.
It is in general not necessary to override this method. If you need
some special handling refine the trait ArrayValue
.
Loads the value stored in the array at the given index or throws an
exception (NullPointerException
or IndexOutOfBoundsException
).
Loads the value stored in the array at the given index or throws an
exception (NullPointerException
or IndexOutOfBoundsException
).
It is in general not necessary to override this method. If you need
some special handling refine the load
method defined by the trait
ArrayValue
.
Stores the given value in the array at the given index or throws an exception
(NullPointerException
, ArrayStoreException
or IndexOutOfBoundsException
).
Stores the given value in the array at the given index or throws an exception
(NullPointerException
, ArrayStoreException
or IndexOutOfBoundsException
).
It is in general not necessary to override this method. If you need
some special handling refine the store
method defined by the trait
ArrayValue
.
Returns the given value as a DomainReferenceValue.
Returns the given value as a DomainReferenceValue. Basically just performs a type cast and is intended to be used to communicate that the value has to be a reference value (if the underlying byte code is valid.)
This method is called immediately before a join operation with regard
to the specified pc
is performed.
This method is called immediately before a join operation with regard
to the specified pc
is performed.
This method is intended to be overwritten by clients to perform custom operations.
Called by the framework after evaluating the instruction with the given pc.
Called by the framework after evaluating the instruction with the given pc. I.e., the state of all potential successor instructions was updated and the flow method was called – potentially multiple times – accordingly.
By default this method does nothing.
Called by the framework after performing a computation to inform the domain about the result.
Called by the framework after performing a computation to inform the domain
about the result.
That is, after evaluating the effect of the instruction with currentPC
on the current
stack and register and (if necessary) joining the updated stack and registers with the stack
and registers associated with the instruction successorPC
. (Hence, this method
is ONLY called for return
instructions if the return instruction throws an
IllegalMonitorStateException
.)
This function basically informs the domain about the instruction that
may be evaluated next. The flow function is called for every possible
successor of the instruction with currentPC
. This includes all branch
targets as well as those instructions that handle exceptions.
In some cases it will even be the case that flow
is called multiple times with
the same pair of program counters: (currentPC
, successorPC
). This may happen,
e.g., in case of a switch instruction where multiple values have the same
body/target instruction and we do not have precise information about the switch value.
E.g., as in the following snippet:
switch (i) { // pc: X => Y (for "1"), Y (for "2"), Y (for "3") case 1: case 2: case 3: System.out.println("Great."); // pc: Y default: System.out.println("Not So Great."); // pc: Z }
The flow function is also called after instructions that are domain independent
such as dup
and load
instructions which just manipulate the registers
and stack in a generic way.
This enables the domain to precisely follow the evaluation
progress and in particular to perform control-flow dependent analyses.
The program counter of the instruction that is currently evaluated by the abstract interpreter.
The current operands. I.e., the operand stack before the instruction is evaluated.
The current locals. I.e., the locals before the instruction is evaluated.
The program counter of an instruction that is a potential
successor of the instruction with currentPC
. In general the AI framework
adds the pc of the successor instruction to the beginning of the worklist
unless it is a join instruction. In this case the pc is added to the end – in
the context of the current (sub)routine. Hence, the AI framework first evaluates
all paths leading to a join instruction before the join instruction will
be evaluated.
Yes
if the successor instruction is or was scheduled.
I.e., Yes
is returned if the worklist contains successorPC
, No
if the
worklist does not contain successorPC
. Unknown
is returned if the AI
framework did not process the worklist and doesn't know anything about
the scheduled successors. Note that this value is independent of the
subroutine in which the value may be scheduled. If an implementation schedules
successorPC
the the super call has to set isSuccessorScheduled
to Yes
.
true
if and only if the evaluation of
the instruction with the program counter currentPC
threw an exception;
false
otherwise. Hence, if this parameter is true
the instruction
with successorPC
is the first instruction of the handler.
> 0
if and only if we have an exceptional
control flow that terminates one or more subroutines.
In this case the successor instruction is scheduled (if at all) after all
subroutines that will be terminated by the exception.
true
if a join was performed. I.e., the successor
instruction is an instruction (Code.cfJoins
) that was already
previously evaluated and where multiple paths potentially join.
The current list of instructions that will be evaluated next.
If you want to force the evaluation of the instruction
with the program counter successorPC
it is sufficient to test whether
the list already contains successorPC
and – if not – to prepend it.
If the worklist already contains successorPC
then the domain is allowed
to move the PC to the beginning of the worklist.
If the PC does not belong to the same (current) (sub)routine, it is not allowed to be moved to the beginning of the worklist. (Subroutines can only be found in code generated by old Java compilers; before Java 6. Subroutines are identified by jsr/ret instructions. A subroutine can be identified by going back in the worklist and by looking for specific "program counters" (e.g., SUBROUTINE_START, SUBROUTINE_END). These program counters mark the beginning of a subroutine. In other words, an instruction can be freely moved around unless a special program counter value is found. All special program counters use negative values. Additionally, neither the negative values nor the positive values between two negative values should be changed. Furthermore, no value (PC) should be put between negative values that capture subroutine information. If the domain updates the worklist, it is the responsibility of the domain to call the tracer and to inform it about the changes. Note that the worklist is not allowed to contain duplicates related to the evaluation of the current (sub-)routine.
The array that associates every instruction with its
operand stack that is in effect. Note, that only those elements of the
array contain values that are related to instructions that were
evaluated in the past; the other elements are null
. Furthermore,
it identifies the operandsArray
of the subroutine that will execute the
instruction with successorPC
.
The operandsArray may be null
for the current instruction (not the successor
instruction) if the execution of the current instruction leads to the termination
of the current subroutine. In this case the information about the operands
and locals associated with all instructions belonging to the subroutine is
reset.
The array that associates every instruction with its current
register values. Note, that only those elements of the
array contain values that are related to instructions that were evaluated in
the past. The other elements are null
. Furthermore,
it identifies the localsArray
of the subroutine that will execute the
instruction with successorPC
.
The localsArray may be null
for the current instruction (not the successor
instruction) if the execution of the current instruction leads to the termination
of the current subroutine. In this case the information about the operands
and locals associated with all instructions belonging to the subroutine is
reset.
The updated worklist. In most cases this is simply the given worklist
.
The default case is also to return the given worklist
.
A method that overrides this method must always call the super method to ensure that every domain that uses this hook gets informed about a flow.
,The domain is allowed to modify the worklist
, operandsArray
and
localsArray
. However, the AI will not perform any checks. In case of
updates of the operandsArray
or localsArray
it is necessary to first
create a shallow copy before updating it.
If this is not done, it may happen that the locals associated
with other instructions are also updated.
Returns the field's value.
Returns the field's value.
Determines the common null-ness property of the given reference values.
Determines the common null-ness property of the given reference values.
Determines if the runtime object type referred to by the given values
is always
the same.
Determines if the runtime object type referred to by the given values
is always
the same. I.e., it determines if all values are precise and have the same upperTypeBound
.
Null
values are ignored when determining the precision.
Tries to determine – under the assumption that the given value
is not
null
– if the runtime type of the given reference value could be a
subtype of the specified reference type supertype
.
Tries to determine – under the assumption that the given value
is not
null
– if the runtime type of the given reference value could be a
subtype of the specified reference type supertype
. I.e., if the type of the
value is not precisely known, then all subtypes of the value
's type are also
taken into consideration when analyzing the subtype relation and only if we
can guarantee that none is a subtype of the given supertype
the answer will be
No
.
The returned value is only meaningful if value
does not represent
the runtime value null
.
Joins the given operand stacks and local variables.
Joins the given operand stacks and local variables.
In general there should be no need to refine this method. Overriding this method should only be done for analysis purposes.
This method heavily relies on reference comparisons to speed up the overall process of performing an abstract interpretation of a method. Hence, a computation should – whenever possible – return (one of) the original object(s) if that value has the same abstract state as the result. Furthermore, if all original values capture the same abstract state as the result of the computation, the "left" value/the value that was already used in the past should be returned.
The joined operand stack and registers.
Returns NoUpdate
if this memory layout already subsumes the
other memory layout.
The operand stacks are guaranteed to contain compatible values w.r.t. the
computational type (unless the bytecode is not valid or OPAL contains
an error). I.e., if the result of joining two operand stack values is an
IllegalValue
we assume that the domain implementation is incorrect.
However, the joining of two register values can result in an illegal value -
which identifies the value as being dead.
The size of the operands stacks that are to be joined and the number of registers/locals that are to be joined can be expected to be identical under the assumption that the bytecode is valid and the framework contains no bugs.
Enables the customization of the behavior of the base join method.
Enables the customization of the behavior of the base join method.
This method in particular enables, in case of a MetaInformationUpdate, to raise the update type to force the continuation of the abstract interpretation process.
Methods should always override
this method and should call the super method.
The current update type. The level can be raised. It is an error to lower the update level.
The old operands, before the join. Should not be changed.
The old locals, before the join. Should not be changed.
The new operands; may be updated.
The new locals; may be updated.
The pc of the jsr(w) instruction.
Merges two computations that both resulted in at most one DomainValue
or
at most one ExceptionValue
.
Merges two computations that both resulted in at most one DomainValue
or
at most one ExceptionValue
.
If values are merged the merged value will use the specified pc
.
Merges two computations that both return some DomainValue
and some
ExceptionValues
.
Merges two computations that both return some DomainValue
and some
ExceptionValues
. If values are merged the merged value will use the
specified pc
.
Merges the given domain value v1
with the domain value v2
and returns
the merged value which is v1
if v1
is an abstraction of v2
, v2
if v2
is an abstraction of v1
or some other value if a new value is computed that
abstracts over both values.
Merges the given domain value v1
with the domain value v2
and returns
the merged value which is v1
if v1
is an abstraction of v2
, v2
if v2
is an abstraction of v1
or some other value if a new value is computed that
abstracts over both values.
This operation is commutative.
Merges two computations that both resulted in at most one ExceptionValue
each.
Merges two computations that both resulted in at most one ExceptionValue
each.
If values are merged the merged value will use the specified pc
.
Merges those exceptions that have the same upper type bound.
Merges those exceptions that have the same upper type bound. This ensures
that per upper type bound only one ValuesDomain.DomainValue (which may be a
MultipleReferenceValues
) is used. For those values that are merged, the
given pc
is used.
Creates a multi-dimensional array.
Creates a multi-dimensional array.
It is generally not necessary to override this method as it handles all cases in a generic manner.
,The componentType may be (again) an array type.
Creates a new array.
Creates a new array.
It is generally not necessary to override this method as it handles all cases in a generic manner.
Returns the next unused time stamp.
Returns the next unused time stamp.
Returns the origin(s) of the given value if the information is available.
Returns the origin(s) of the given value if the information is available.
The source(s) of the given value if the information is available.
Whether the information is available depends on the concrete domains.
This trait only defines a general contract how to get access to a
value's origin (I.e., the origin of the instruction which created the
respective value.)
By default this method returns an empty Iterable
.
Returns a string representation of the properties associated with the instruction with the respective program counter.
Returns a string representation of the properties associated with the instruction with the respective program counter.
Associating properties with an instruction and maintaining those properties
is, however, at the sole responsibility of the Domain
.
This method is predefined to facilitate the development of support tools and is not used by the abstract interpretation framework.
Domain
s that define (additional) properties should (abstract
) override
this method and should return a textual representation of the property.
Returns Yes
if both DomainReferenceValues
definitively identify
the same object at runtime.
Returns Yes
if both DomainReferenceValues
definitively identify
the same object at runtime.
Using this domain, it is in general not possible to determine that two values are definitively not reference equal unless they are type incompatible.
Compares the given values for reference inequality.
Compares the given values for reference inequality. Returns No
if both values
point to the same instance and returns Yes
if both objects are known not to
point to the same instance. The latter is, e.g., trivially the case when both
values have a different concrete type. Otherwise Unknown
is returned.
If both values are representing the null
value the org.opalj.Answer is Yes
.
A value of computational type reference.
A value of computational type reference.
Called by OPAL when two values were compared for reference equality and we are going to analyze the branch where the comparison succeeded.
Called by OPAL when two values were compared for reference equality and we are going to analyze the branch where the comparison succeeded.
Called by OPAL when two values were compared for reference equality and we are going to analyze the branch where the comparison failed.
Called by OPAL when two values were compared for reference equality and we are going to analyze the branch where the comparison failed.
Refines the "null"ness property (isNull == No
) of the given value.
Refines the "null"ness property (isNull == No
) of the given value.
Calls refineIsNull
on the given ReferenceValue
and replaces every occurrence
on the stack/in a register with the updated value.
A ReferenceValue
that does not represent the value null
.
Updates the "null"ness property (isNull == Yes
) of the given value.
Updates the "null"ness property (isNull == Yes
) of the given value.
Calls refineIsNull
on the given ReferenceValue
and replaces every occurrence
on the stack/in a register with the updated value.
A ReferenceValue
.
Returns Yes
if given value is never null
, Unknown
if the values is maybe
null
and No
otherwise.
Returns Yes
if given value is never null
, Unknown
if the values is maybe
null
and No
otherwise.
A value of computational type reference.
Determines the nullness-property of the given value.
Determines the nullness-property of the given value.
A value of type ReferenceValue
.
Called by the abstract interpreter when the type bound of the top most stack value needs to be refined.
Called by the abstract interpreter when the type bound of the top most stack
value needs to be refined. This method is only called by the abstract
interpreter iff an immediately preceding subtype query (typeOf(value) <: bound)
returned Unknown
. This method must not be ignored – w.r.t. refining the top-most
stack value; it is e.g., used by org.opalj.br.instructions.CHECKCAST
instructions.
A domain that is able to identify aliases can use this information to propagate the information to the other aliases.
Sets the is null
property of the top-most stack value to Yes
.
Sets the is null
property of the top-most stack value to Yes
. This method is
called by the framework when the top-most operand stack value has to be null, but
a previous isNull
check returned Unknown.
E.g., after a org.opalj.br.instructions.CHECKCAST that fails unless the
value is "null".
This method can be ignored; i.e., the return value can be (operands,locals)
.
However, a domain that is able to identify aliases can use this information to propagate
the information to the other aliases.
The pc of the ret instruction.
This function can be called when the instruction successorPC
needs to be
scheduled.
This function can be called when the instruction successorPC
needs to be
scheduled. The function will test if the instruction is already scheduled and
– if so – returns the given worklist. Otherwise the instruction
is scheduled in the correct (subroutine-)context.
Creates a summary of the given domain values by summarizing and
joining the given values
.
Creates a summary of the given domain values by summarizing and
joining the given values
. For the precise details
regarding the calculation of a summary see Value.summarize(...)
.
The program counter that will be used for the summary value if a new value is returned that abstracts over/summarizes the given values.
An Iterable
over one or more values.
The current algorithm is generic and should satisfy most needs, but it is not very efficient. However, it should be easy to tailor it for a specific domain/domain values, if need be.
Converts the given Java object to a corresponding
DomainValue
.
Converts the given Java object to a corresponding
DomainValue
. By creating an DomainValue
that represents an initialized
(array/object) value.
The program counter of the instruction that was responsible for creating the respective value. (This is in – in general – not the instruction where the transformation is performed.)
The object.
A DomainReferenceValue
.
Converts – if possible – a given DomainValue
to a Java object that is
appropriately initialized.
Converts – if possible – a given DomainValue
to a Java object that is
appropriately initialized.
Every domain that supports the creation of a Java object's based on a domain value is expected to implement this method and to test if it can create a precise representation of the given value. If not, the implementation has to delegate the responsibility to the super method to creat an abstract representation.
abstract override def toJavaObject(value : DomainValue): Option[Object] = { if(value...) // create and return Java object else super.toJavaObject(value) }
Some(Object) is returned if it was possible to create a compatible
corresponding Java object; otherwise None
is returned.
Default: None
unless the value
is null. In the latter case Some(null)
is returned.
This operation is generally only possible if the domain value maintains enough state information to completely initialize the Java object.
Returns the type(type bounds) of the given value.
Returns the type(type bounds) of the given value.
In general a single value can have multiple type bounds which depend on the
control flow.
However, all types that the value represents must belong to the same
computational type category. I.e., it is possible that the value either has the
type "NullPointerException
or IllegalArgumentException
", but it will never have
– at the same time – the (Java) types int
and long
. Furthermore,
it is possible that the returned type(s) is(are) only an upper bound of the
real type unless the type is a primitive type.
This default implementation always returns org.opalj.ai.UnknownType.
typeOfValue
This method is typically not implemented by a single Domain
trait/object, but is
instead implemented collaboratively by all domains that implement the semantics
of certain values. To achieve that, other Domain
traits that implement a
concrete domain's semantics have to abstract override
this method and only
return the value's type if the domain knows anything about the type. If a method
that overrides this method has no knowledge about the given value, it should
delegate this call to its super method.
Example
trait FloatValues extends Domain[...] { ... abstract override def typeOfValue(value: DomainValue): TypesAnswer = value match { case r: FloatValue ⇒ IsFloatValue case _ ⇒ super.typeOfValue(value) } }
Replaces all occurrences of oldValue
(using reference-quality) with newValue
.
Replaces all occurrences of oldValue
(using reference-quality) with newValue
. If no
occurrences are found, the original operands and locals data structures
are returned.
Calculates the most specific common upper type bound of the upper type bounds of all values.
Calculates the most specific common upper type bound of the upper type bounds of
all values. NullValue
s are ignored.
Enables the tracking of concrete
Class
values.This class overrides
invokestatic
and only delegates to the default implementation if it cannot successfully handle the call. Hence, this trait needs to be mixed in after the trait that handles the default case but before all other traits that "just" analyze invokestatic calls.