RecordDefUse
Related Doc:
package domain
Abstracts over the concrete type of IllegalValue.
Abstracts over the concrete type of IllegalValue.
This type needs to be refined whenever the class IllegalValue
is refined or the type DomainValue is refined.
Abstracts over the concrete type of ReturnAddressValue.
Abstracts over the concrete type of ReturnAddressValue. Needs to be fixed
by some sub-trait/sub-class. In the simplest case (i.e., when neither the
Value trait nor the ReturnAddressValue trait was refined) it is sufficient
to write:
type DomainReturnAddressValue = ReturnAddressValue
Abstracts over the concrete type of Value.
Abstracts over the concrete type of Value. Needs to be refined by traits that
inherit from Domain and which extend Domain's Value trait.
A simple type alias of the type DomainValue.
A simple type alias of the type DomainValue.
Used to facilitate comprehension.
A type alias for Iterables of ExceptionValues.
A type alias for Iterables of ExceptionValues.
Primarily used to facilitate comprehension.
Represents a value that has no well defined state/type.
Represents a value that has no well defined state/type. Such values are the result of a join of two incompatible values and are generally only found in registers (in the locals) and then identify a value that is dead.
org.opalj.ai.Domain.Value for further details.
An instruction's current register values/locals are represented using an array.
An instruction's current register values/locals are represented using an array.
An instruction's operands are represented using a list where the first element of the list represents the top level operand stack value.
An instruction's operands are represented using a list where the first element of the list represents the top level operand stack value.
Stores a single return address (i.e., a program counter/index into the code array).
Stores a single return address (i.e., a program counter/index into the code array).
Though the framework completely handles all aspects related to return address
values, it is nevertheless necessary that this class inherits from Value
as return addresses are stored on the stack/in the registers. However,
if the Value trait should be refined, all additional methods may – from
the point-of-view of OPAL-AI - just throw an OperationNotSupportedException
as these additional methods will never be called by OPAL-AI.
Abstracts over a concrete operand stack value or a value stored in one of the local variables/registers.
Abstracts over a concrete operand stack value or a value stored in one of the local variables/registers.
In general, subclasses and users of a Domain should not have/declare
a direct dependency on Value. Instead they should use DomainValue as otherwise
extensibility of a Domain may be hampered or even be impossible. The only
exceptions are, of course, classes that directly inherit from this class.
If you directly extend/refine this trait (i.e., in a subclass of the Domain trait
you write something like trait Value extends super.Value), make sure that
you also extend all classes/traits that inherit from this type
(this may require a deep mixin composition and that you refine the type
DomainType accordingly).
However, OPAL was designed such that extending this class should – in general
– not be necessary. It may also be easier to encode the desired semantics – as
far as possible – as part of the domain.
Standard inheritance from this trait is always supported and is the primary mechanism to model an abstract domain's lattice w.r.t. some special type of value. In general, the implementation should try to avoid creating new instances of values unless strictly required to model the domain's semantics. This will greatly improve the overall performance as this framework heavily uses reference-based equality checks to speed up the evaluation.
OPAL does not rely on any special equality semantics w.r.t. values and
never directly or indirectly calls a Value's equals or eq method. Hence,
a domain can encode equality such that it best fits its need.
However, some of the provided domains rely on the following semantics for equals:
Two domain values have to be equal (==) iff they represent the same
information. This includes additional information, such as, the value of
the origin.
E.g., a value (AnIntegerValue) that represents an arbitrary Integer value
has to return true if the domain value with which it is compared also
represents an arbitrary Integer value (AnIntegerValue). However,
it may still be necessary to use multiple objects to represent an arbitrary
integer value if, e.g., constraints should be attached to specific values.
For example, after a comparison of an integer value with a predefined
value (e.g., AnIntegerValue < 4) it is possible to constrain the respective
value on the subsequent paths (< 4 on one path and >= 4 on the other path).
To make that possible, it is however necessary to distinguish the
AnIntegervalue from some other AnIntegerValue to avoid constraining
unrelated values.
public void foo(int a,int b) {
if(a < 4) {
z = a - 2 // here a is constrained (< 4), b and z are unconstrained
}
else {
z = a + 2 // here a is constrained (>= 4), b and z are unconstrained
}
} In general, equals is only defined for values belonging to the same
domain. If values need to be compared across domains, they need to be adapted
to a target domain first.
The class tag for the type DomainValue.
The class tag for the type DomainValue.
Required to generate instances of arrays in which values of type
DomainValue can be stored in a type-safe manner.
In the sub-trait or class that fixes the type of DomainValue it is necessary
to implement this abstract val using:
val DomainValueTag : ClassTag[DomainValue] = implicitly(As of Scala 2.10 it is necessary that you do not use implicit in the subclass -
it will compile, but fail at runtime.)
The result of the merge of two incompatible values has
to be reported as a MetaInformationUpdate[DomainIllegalValue].
The result of the merge of two incompatible values has
to be reported as a MetaInformationUpdate[DomainIllegalValue].
Factory method to create an instance of a ReturnAddressValue.
Factory method to create an instance of a ReturnAddressValue.
The singleton instance of the IllegalValue.
The singleton instance of the IllegalValue.
The singleton instance of ReturnAddressValues
The singleton instance of ReturnAddressValues
The result of merging two values should never be reported as a
StructuralUpdate if the computed value is an IllegalValue.
The result of merging two values should never be reported as a
StructuralUpdate if the computed value is an IllegalValue. The JVM semantics
guarantee that the value was not used in the first case and, hence, continuing
the interpretation is meaningless.
This method is solely defined for documentation purposes and to catch implementation errors early on.
Called by the abstract interpreter when an exception is thrown that is not (guaranteed to be) handled within the same method.
Called by the abstract interpreter when an exception is thrown that is not (guaranteed to be) handled within the same method.
This method is only intended to be called by the AI framework.
Extracts the definition/use information by using the recorded cfg.
Extracts the definition/use information by using the recorded cfg.
This methods is called by OPAL after the evaluation of the instruction with
the given pc with respect to targetPC, but before the values are propagated
(joined) and before it is checked whether the interpretation needs to be continued.
This methods is called by OPAL after the evaluation of the instruction with
the given pc with respect to targetPC, but before the values are propagated
(joined) and before it is checked whether the interpretation needs to be continued.
I.e., if the operands (newOperands) or locals (newLocals) are further refined
then the refined operands and locals are joined (if necessary).
During the evaluation of the instruction it is possible that this method
is called multiple times with different targetPCs. The latter is not only
true for control flow instructions, but also for those instructions
that may raise an exception.
This method can and is intended to be overridden to further refine the operand
stack/the locals. However, the overriding method should always forward the (possibly
refined) operands and locals to the super method (stackable traits).
Returns all PCs that may lead to the ab(normal) termination of the method.
Returns all PCs that may lead to the ab(normal) termination of the method. I.e., those instructions (in particular method call instructions) that may throw some unhandled exceptions will also be returned; even if the instruction may also have regular and also exception handlers!
This information is lazily computed.
Returns the PCs of the first instruction of all subroutines.
Returns the PCs of the first instruction of all subroutines.
Returns the set of all instructions executed after the instruction with the
given pc.
Returns the set of all instructions executed after the instruction with the
given pc. If this set is empty, either the instruction belongs to dead code,
the instruction is a return instruction or the instruction throws an exception
that is never handled internally.
The set is recalculated on demand.
The given value, which is a value with computational type reference, is returned
by the return instruction with the given pc.
The given value, which is a value with computational type reference, is returned
by the return instruction with the given pc.
This method is only intended to be called by the AI framework.
This method is called immediately before a join operation with regard
to the specified pc is performed.
This method is called immediately before a join operation with regard
to the specified pc is performed.
This method is intended to be overwritten by clients to perform custom operations.
Creates a graph representation of the CFG.
Creates a graph representation of the CFG.
This implementation is for debugging purposes only. It is NOT performance optimized!
,The returned graph is recomputed whenever this method is called.
Creates a multi-graph that represents the method's def-use information.
Creates a multi-graph that represents the method's def-use information. I.e., in which way a certain value is used by other instructions and where the derived values are then used by further instructions.
Returns the dominator tree.
Returns the dominator tree.
To get the list of all evaluated instructions and their dominators.
val result = AI(...,...,...) val evaluated = result.evaluatedInstructions
The given value, which is a value with computational type double, is returned
by the return instruction with the given pc.
The given value, which is a value with computational type double, is returned
by the return instruction with the given pc.
This method is only intended to be called by the AI framework.
Creates an XHTML document that contains information about the def-/use information.
Creates an XHTML table node which contains the def/use information.
Called by the framework after evaluating the instruction with the given pc.
Called by the framework after evaluating the instruction with the given pc. I.e., the state of all potential successor instructions was updated and the flow method was called – potentially multiple times – accordingly.
By default this method does nothing.
Returns the program counter(s) of the instruction(s) that is(are) executed next if the evaluation of this instruction may raise an exception.
Returns the program counter(s) of the instruction(s) that is(are) executed next if the evaluation of this instruction may raise an exception.
The returned set is always empty for instructions that cannot raise exceptions,
such as the StackManagementInstructions.
The successor instructions are necessarily the handlers of catch blocks.
,The org.opalj.br.instructions.ATHROW has successors if and only if the thrown exception is directly handled inside this code block.
Called by the framework after performing a computation to inform the domain about the result.
Called by the framework after performing a computation to inform the domain
about the result.
That is, after evaluating the effect of the instruction with currentPC on the current
stack and register and (if necessary) joining the updated stack and registers with the stack
and registers associated with the instruction successorPC. (Hence, this method
is ONLY called for return instructions if the return instruction throws an
IllegalMonitorStateException.)
This function basically informs the domain about the instruction that
may be evaluated next. The flow function is called for every possible
successor of the instruction with currentPC. This includes all branch
targets as well as those instructions that handle exceptions.
In some cases it will even be the case that flow is called multiple times with
the same pair of program counters: (currentPC, successorPC). This may happen,
e.g., in case of a switch instruction where multiple values have the same
body/target instruction and we do not have precise information about the switch value.
E.g., as in the following snippet:
switch (i) { // pc: X => Y (for "1"), Y (for "2"), Y (for "3")
case 1:
case 2:
case 3: System.out.println("Great."); // pc: Y
default: System.out.println("Not So Great."); // pc: Z
}The flow function is also called after instructions that are domain independent
such as dup and load instructions which just manipulate the registers
and stack in a generic way.
This enables the domain to precisely follow the evaluation
progress and in particular to perform control-flow dependent analyses.
The program counter of the instruction that is currently evaluated by the abstract interpreter.
The current operands. I.e., the operand stack before the instruction is evaluated.
The current locals. I.e., the locals before the instruction is evaluated.
The program counter of an instruction that is a potential
successor of the instruction with currentPC. In general the AI framework
adds the pc of the successor instruction to the beginning of the worklist
unless it is a join instruction. In this case the pc is added to the end – in
the context of the current (sub)routine. Hence, the AI framework first evaluates
all paths leading to a join instruction before the join instruction will
be evaluated.
true if and only if the evaluation of
the instruction with the program counter currentPC threw an exception;
false otherwise. Hence, if this parameter is true the instruction
with successorPC is the first instruction of the handler.
> 0 if and only if we have an exceptional
control flow that terminates one or more subroutines.
In this case the successor instruction is scheduled (if at all) after all
subroutines that will be terminated by the exception.
true if a join was performed. I.e., the successor
instruction is an instruction (Code.cfJoins) that was already
previously evaluated and where multiple paths potentially join.
The current list of instructions that will be evaluated next.
If you want to force the evaluation of the instruction
with the program counter successorPC it is sufficient to test whether
the list already contains successorPC and – if not – to prepend it.
If the worklist already contains successorPC then the domain is allowed
to move the PC to the beginning of the worklist.
If the PC does not belong to the same (current) (sub)routine, it is not allowed to be moved to the beginning of the worklist. (Subroutines can only be found in code generated by old Java compilers; before Java 6. Subroutines are identified by jsr/ret instructions. A subroutine can be identified by going back in the worklist and by looking for specific "program counters" (e.g., SUBROUTINE_START, SUBROUTINE_END). These program counters mark the beginning of a subroutine. In other words, an instruction can be freely moved around unless a special program counter value is found. All special program counters use negative values. Additionally, neither the negative values nor the positive values between two negative values should be changed. Furthermore, no value (PC) should be put between negative values that capture subroutine information. If the domain updates the worklist, it is the responsibility of the domain to call the tracer and to inform it about the changes. Note that the worklist is not allowed to contain duplicates related to the evaluation of the current (sub-)routine.
The array that associates every instruction with its
operand stack that is in effect. Note, that only those elements of the
array contain values that are related to instructions that were
evaluated in the past; the other elements are null. Furthermore,
it identifies the operandsArray of the subroutine that will execute the
instruction with successorPC.
The operandsArray may be null for the current instruction (not the successor
instruction) if the execution of the current instruction leads to the termination
of the current subroutine. In this case the information about the operands
and locals associated with all instructions belonging to the subroutine is
reset.
The array that associates every instruction with its current
register values. Note, that only those elements of the
array contain values that are related to instructions that were evaluated in
the past. The other elements are null. Furthermore,
it identifies the localsArray of the subroutine that will execute the
instruction with successorPC.
The localsArray may be null for the current instruction (not the successor
instruction) if the execution of the current instruction leads to the termination
of the current subroutine. In this case the information about the operands
and locals associated with all instructions belonging to the subroutine is
reset.
The updated worklist. In most cases this is simply the given worklist.
The default case is also to return the given worklist.
This method is called by the abstract interpretation framework.
The given value, which is a value with computational type float, is returned
by the return instruction with the given pc.
The given value, which is a value with computational type float, is returned
by the return instruction with the given pc.
This method is only intended to be called by the AI framework.
Returns true if the exception handler may handle at least one exception thrown by an instruction in the try block.
Returns true if the exception handler may handle at least one exception thrown by an instruction in the try block.
Returns true if the instruction with the given pc has multiple direct
predecessors (more than one).
Returns true if the instruction with the given pc has multiple direct
predecessors (more than one).
Tests if the instruction with the given pc has a successor instruction with
a pc' that satisfies the given predicate p.
Tests if the instruction with the given pc has a successor instruction with
a pc' that satisfies the given predicate p.
Override this method to perform custom initialization steps.
Override this method to perform custom initialization steps.
Always use abstract override and call the super method; it is recommended
to complete the initialization of this domain before calling the super method.
The given value, which is a value with computational type integer, is returned
by the return instruction with the given pc.
The given value, which is a value with computational type integer, is returned
by the return instruction with the given pc.
This method is only intended to be called by the AI framework.
Tests if the instruction with the given pc is a direct or indirect predecessor of the given successor instruction.
Tests if the instruction with the given pc is a direct or indirect predecessor of the given successor instruction.
Joins the given operand stacks and local variables.
Joins the given operand stacks and local variables.
In general there should be no need to refine this method. Overriding this method should only be done for analysis purposes.
This method heavily relies on reference comparisons to speed up the overall process of performing an abstract interpretation of a method. Hence, a computation should – whenever possible – return (one of) the original object(s) if that value has the same abstract state as the result. Furthermore, if all original values capture the same abstract state as the result of the computation, the "left" value/the value that was already used in the past should be returned.
The joined operand stack and registers.
Returns NoUpdate if this memory layout already subsumes the
other memory layout.
The operand stacks are guaranteed to contain compatible values w.r.t. the
computational type (unless the bytecode is not valid or OPAL contains
an error). I.e., if the result of joining two operand stack values is an
IllegalValue we assume that the domain implementation is incorrect.
However, the joining of two register values can result in an illegal value
which identifies the value is dead.
The size of the operands stacks that are to be joined and the number of registers/locals that are to be joined can be expected to be identical under the assumption that the bytecode is valid and the framework contains no bugs.
Enables the customization of the behavior of the base join method.
Enables the customization of the behavior of the base join method.
This method in particular enables, in case of a MetaInformationUpdate, to raise the update type to force the continuation of the abstract interpretation process.
Methods should always override this method and should call the super method.
The current update type. The level can be raised. It is an error to lower the update level.
The old operands, before the join. Should not be changed.
The old locals, before the join. Should not be changed.
The new operands; may be updated.
The new locals; may be updated.
The pc of the jsr(w) instruction.
Returns the instruction(s) which define the value found in the register variable with
index registerIndex and the program counter pc.
The given value, which is a value with computational type long, is returned
by the return instruction with the given pc.
The given value, which is a value with computational type long, is returned
by the return instruction with the given pc.
This method is only intended to be called by the AI framework.
Merges the given domain value v1 with the domain value v2 and returns
the merged value which is v1 if v1 is an abstraction of v2, v2 if v2
is an abstraction of v1 or some other value if a new value is computed that
abstracts over both values.
Merges the given domain value v1 with the domain value v2 and returns
the merged value which is v1 if v1 is an abstraction of v2, v2 if v2
is an abstraction of v1 or some other value if a new value is computed that
abstracts over both values.
This operation is commutative.
Returns the instruction(s) which defined the value used by the instruction with the given pc
and which is stored at the stack position with the given stackIndex.
Returns the instruction(s) which defined the value used by the instruction with the given pc
and which is stored at the stack position with the given stackIndex. The first/top value on
the stack has index 0 and the second value - if it exists - has index two; independent of
the category of the values.
Returns the program counter(s) of the instruction(s) that is(are) executed before the instruction with the given pc.
Returns the program counter(s) of the instruction(s) that is(are) executed before the instruction with the given pc.
If the instruction with the given pc was never executed an empty set is
returned.
A valid program counter.
Prints out the information by which values the current values are used.
Prints out the information by which values the current values are used.
Returns a string representation of the properties associated with the instruction with the respective program counter.
Associating properties with an instruction and maintaining those properties
is, however, at the sole responsibility of the Domain.
This method is predefined to facilitate the development of support tools and is not used by the abstract interpretation framework.
Domains that define (additional) properties should (abstract) override
this method and should return a textual representation of the property.
Returns the program counter(s) of the instruction(s) that is(are) executed next if the evaluation of this instruction may succeed without raising an exception.
Returns the program counter(s) of the instruction(s) that is(are) executed next if the evaluation of this instruction may succeed without raising an exception.
The returned set is always empty for return instructions. It is also empty for
instructions that always throw an exception (e.g., an integer value that is divided
by zero will always result in a NullPointException.)
The org.opalj.br.instructions.ATHROW instruction will never have a
regularSuccessor. The return instructions will never have any successors.
The pc of the ret instruction.
Called when a return instruction with the given pc is reached.
Called when a return instruction with the given pc is reached.
In other words, when the method returns normally.
This method is only intended to be called by the AI framework.
This function can be called when the instruction successorPC needs to be
scheduled.
This function can be called when the instruction successorPC needs to be
scheduled. The function will test if the instruction is already scheduled and
– if so – returns the given worklist. Otherwise the instruction
is scheduled in the correct (subroutine-)context.
Creates a summary of the given domain values by summarizing and
joining the given values.
Creates a summary of the given domain values by summarizing and
joining the given values. For the precise details
regarding the calculation of a summary see Value.summarize(...).
The program counter that will be used for the summary value if a new value is returned that abstracts over/summarizes the given values.
An Iterable over one or more values.
The current algorithm is generic and should satisfy most needs, but it is not very efficient. However, it should be easy to tailor it for a specific domain/domain values, if need be.
Returns the type(type bounds) of the given value.
Returns the type(type bounds) of the given value.
In general a single value can have multiple type bounds which depend on the
control flow.
However, all types that the value represents must belong to the same
computational type category. I.e., it is possible that the value either has the
type "NullPointerException or IllegalArgumentException", but it will never have
– at the same time – the (Java) types int and long. Furthermore,
it is possible that the returned type(s) is(are) only an upper bound of the
real type unless the type is a primitive type.
This default implementation always returns org.opalj.ai.TypeUnknown.
typeOfValueThis method is typically not implemented by a single Domain trait/object, but is
instead implemented collaboratively by all domains that implement the semantics
of certain values. To achieve that, other Domain traits that implement a
concrete domain's semantics have to abstract override this method and only
return the value's type if the domain knows anything about the type. If a method
that overrides this method has no knowledge about the given value, it should
delegate this call to its super method.
Example
trait FloatValues extends Domain[...] { ... abstract override def typeOfValue(value: DomainValue): TypesAnswer = value match { case r: FloatValue ⇒ IsFloatValue case _ ⇒ super.typeOfValue(value) } }
Returns the union of the set of unused parameters and the set of all instructions which compute a value that is not used in the following.
Replaces all occurrences of oldValue (using reference-quality) with newValue.
Replaces all occurrences of oldValue (using reference-quality) with newValue. If no
occurrences are found, the original operands and locals data structures
are returned.
Returns the instructions which use the value with the given value origin.
Collects the abstract interpretation time definition/use information. I.e., makes the information available which value is accessed where/where a used value is defined. In general, all regular values are identified using
Intvalues where theIntvalue identifies the instruction or parameter responsible for the value. In case of exception values theIntvalue identifies the exception handlers that caught the respective exception. This information can then be used – in combination with the AICFG - to identify the origin instruction that caused the exception.General Usage
This trait collects the def/use information after the abstract interpretation has successfully completed and the control-flow graph is available. The information is automatically made available, when this plug-in is mixed in.
Special Values
Parameters
The parameters given to a method have negative
intvalues (the first parameter has the value -1, the second -2 if the first one is a value of computational type category one and -3 if the first value is of computational type category two and so forth).Core Properties
Reusability
An instance of this domain can be reused to successively perform abstract interpretations of different methods. The domain's inherited
initPropertiesmethod – which is always called by the AI framework – resets the entire state related to the method.