cpg-analysis/de.fraunhofer.aisec.cpg.analysis.fsm/DFAOrderEvaluator

DFAOrderEvaluator

open class DFAOrderEvaluator(    var consideredBases: Set<Long>,     var nodeToRelevantMethod: Map<Node, String>,     var thisPositionOfNode: Map<Node, Int> = mapOf(),     var eliminateUnreachableCode: Boolean = true)
Content copied to clipboard

This class uses a DFA to evaluate if the order of statements in the CPG is correct. It needs the following inputs:

  • consideredBases: A set of the IDs of nodes (typically the VariableDeclaration) which are considered.

  • nodeToRelevantMethod: A mapping between CPG nodes and their operators used by the respective edges in the DFA. Currently, we only consider CallExpressions. If a node is not contained in this list, it is not considered by the evaluation as we assume that the method is not relevant.

  • thisPositionOfNode: If a non-object oriented language was used, this is a map from CPG nodes (i.e., the CallExpression) to the argument position serving as base of the operation.

To improve the results, it is useful to run de.fraunhofer.aisec.cpg.passes.UnreachableEOGPass prior to running the analysis and set the flag eliminateUnreachableCode to true. This removes results which may occur in unreachable code.

Constructors

Link copied to clipboard
fun DFAOrderEvaluator(    consideredBases: Set<Long>,     nodeToRelevantMethod: Map<Node, String>,     thisPositionOfNode: Map<Node, Int> = mapOf(),     eliminateUnreachableCode: Boolean = true)
Content copied to clipboard

Functions

Link copied to clipboard
open fun actionAcceptingTermination(    base: String,     fsm: DFA,     interproceduralFlow: Boolean)
Content copied to clipboard

Contains the functionality which is executed if the DFA terminated in an accepting state for the given base. This means that all required statements have been executed for base so far. The fsm holds the execution trace found by the analysis.

Link copied to clipboard
open fun actionMissingTransitionForNode(    node: Node,     fsm: DFA,     interproceduralFlow: Boolean)
Content copied to clipboard

Contains the functionality which is executed if the DFA does not contain a suitable transition for the given node. The evaluation ensures that the node is relevant, i.e., its operator is considered by the DFA and its base is subject to analysis. This means that the order is broken at node.

Link copied to clipboard
open fun actionNonAcceptingTermination(    base: String,     fsm: DFA,     interproceduralFlow: Boolean)
Content copied to clipboard

Contains the functionality which is executed if the DFA did not terminate in an accepting state for the given base. This means that not all required statements have been executed for base so far. The fsm holds the execution trace found by the analysis.

Link copied to clipboard
fun evaluateOrder(    dfa: DFA,     startNode: Node,     stopOnWrongBase: Boolean = true): Boolean
Content copied to clipboard

Checks if a sequence of Nodes/statemets starting from startNode follows the sequence given by the dfa. If the sequence of statements violates the rules, the method returns false, if it is correct, the method returns true. The flag stopOnWrongBase makes the FSM stop evaluation of a base if an unexpected operation was observed for that base.

Link copied to clipboard
fun getBaseOfNode(node: CallExpression): Node?
Content copied to clipboard

Returns the "base" node belonging to node, on which the DFA is based on. Ideally, this is a variable declaration in the end.

Properties

Link copied to clipboard
var consideredBases: Set<Long>
Content copied to clipboard
Link copied to clipboard
var eliminateUnreachableCode: Boolean = true
Content copied to clipboard
Link copied to clipboard
var nodeToRelevantMethod: Map<Node, String>
Content copied to clipboard
Link copied to clipboard
var thisPositionOfNode: Map<Node, Int>
Content copied to clipboard