DefaultReferenceValuesBinding
Related Doc:
package l0
Computation that returns the value stored in an array at a given index or an exception.
Computation that returns the value stored in an array at a given index or an
exception. The exceptions that may be thrown are: NullPointerException and
ArrayIndexOutOfBoundsException.
Computation that succeeds (updates the value stored in the array at the given index) or that throws an exception.
Computation that succeeds (updates the value stored in the array at the given
index) or that throws an exception. The exceptions that may be thrown are:
NullPointerException, ArrayIndexOutOfBoundsException and ArrayStoreException.
Abstracts over the concrete type of IllegalValue.
Abstracts over the concrete type of IllegalValue.
This type needs to be refined whenever the class IllegalValue
is refined or the type DomainValue is refined.
Abstracts over the concrete type of ReturnAddressValue.
Abstracts over the concrete type of ReturnAddressValue. Needs to be fixed
by some sub-trait/sub-class. In the simplest case (i.e., when neither the
Value trait nor the ReturnAddressValue trait was refined) it is sufficient
to write:
type DomainReturnAddressValue = ReturnAddressValue
Abstracts over the concrete type of Value.
Abstracts over the concrete type of Value. Needs to be refined by traits that
inherit from Domain and which extend Domain's Value trait.
A simple type alias of the type DomainValue.
A simple type alias of the type DomainValue.
Used to facilitate comprehension.
A type alias for Iterables of ExceptionValues.
A type alias for Iterables of ExceptionValues.
Primarily used to facilitate comprehension.
Represents a value that has no well defined state/type.
Represents a value that has no well defined state/type. Such values are the result of a join of two incompatible values and are generally only found in registers (in the locals) and then identify a value that is dead.
org.opalj.ai.Domain.Value for further details.
An instruction's current register values/locals are represented using an array.
An instruction's current register values/locals are represented using an array.
An instruction's operands are represented using a list where the first element of the list represents the top level operand stack value.
An instruction's operands are represented using a list where the first element of the list represents the top level operand stack value.
Abstracts over all values with computational type reference.
Abstracts over all values with computational type reference. I.e.,
abstracts over class and array values and also the null value.
Stores a single return address (i.e., a program counter/index into the code array).
Stores a single return address (i.e., a program counter/index into the code array).
Though the framework completely handles all aspects related to return address
values, it is nevertheless necessary that this class inherits from Value
as return addresses are stored on the stack/in the registers. However,
if the Value trait should be refined, all additional methods may – from
the point-of-view of OPAL-AI - just throw an OperationNotSupportedException
as these additional methods will never be called by OPAL-AI.
A reference value with a single (upper) type (bound).
A reference value with a single (upper) type (bound).
Abstracts over a concrete operand stack value or a value stored in one of the local variables/registers.
Abstracts over a concrete operand stack value or a value stored in one of the local variables/registers.
In general, subclasses and users of a Domain should not have/declare
a direct dependency on Value. Instead they should use DomainValue as otherwise
extensibility of a Domain may be hampered or even be impossible. The only
exceptions are, of course, classes that directly inherit from this class.
If you directly extend/refine this trait (i.e., in a subclass of the Domain trait
you write something like trait Value extends super.Value), make sure that
you also extend all classes/traits that inherit from this type
(this may require a deep mixin composition and that you refine the type
DomainType accordingly).
However, OPAL was designed such that extending this class should – in general
– not be necessary. It may also be easier to encode the desired semantics – as
far as possible – as part of the domain.
Standard inheritance from this trait is always supported and is the primary mechanism to model an abstract domain's lattice w.r.t. some special type of value. In general, the implementation should try to avoid creating new instances of values unless strictly required to model the domain's semantics. This will greatly improve the overall performance as this framework heavily uses reference-based equality checks to speed up the evaluation.
OPAL does not rely on any special equality semantics w.r.t. values and
never directly or indirectly calls a Value's equals or eq method. Hence,
a domain can encode equality such that it best fits its need.
However, some of the provided domains rely on the following semantics for equals:
Two domain values have to be equal (==) iff they represent the same
information. This includes additional information, such as, the value of
the origin.
E.g., a value (AnIntegerValue) that represents an arbitrary Integer value
has to return true if the domain value with which it is compared also
represents an arbitrary Integer value (AnIntegerValue). However,
it may still be necessary to use multiple objects to represent an arbitrary
integer value if, e.g., constraints should be attached to specific values.
For example, after a comparison of an integer value with a predefined
value (e.g., AnIntegerValue < 4) it is possible to constrain the respective
value on the subsequent paths (< 4 on one path and >= 4 on the other path).
To make that possible, it is however necessary to distinguish the
AnIntegervalue from some other AnIntegerValue to avoid constraining
unrelated values.
public void foo(int a,int b) {
if(a < 4) {
z = a - 2 // here a is constrained (< 4), b and z are unconstrained
}
else {
z = a + 2 // here a is constrained (>= 4), b and z are unconstrained
}
} In general, equals is only defined for values belonging to the same
domain. If values need to be compared across domains, they need to be adapted
to a target domain first.
Tries to determine if the type referred to as subtype is a subtype of the
specified reference type supertype.
Tries to determine if the type referred to as subtype is a subtype of the
specified reference type supertype. If the class hierarchy is not complete
the answer may be Unknown.
Creates a non-null object that represent a ArithmeticException and that has the
given origin.
Creates a non-null object that represent a ArithmeticException and that has the
given origin.
If the ArithmeticException was created by the VM while evaluating an instruction
with the program counter pc you use the method ValueOriginForVMLevelValue to
translate that pc to the appropriate ValueOrigin.
Creates a non-null object that represent a ArrayIndexOutOfBoundsException and that has the
given origin.
Creates a non-null object that represent a ArrayIndexOutOfBoundsException and that has the
given origin.
If the ArrayIndexOutOfBoundsException was created by the VM while evaluating an instruction
with the program counter pc you use the method ValueOriginForVMLevelValue to
translate that pc to the appropriate ValueOrigin.
Creates a non-null object that represent a ArrayStoreException and that has the
given origin.
Creates a non-null object that represent a ArrayStoreException and that has the
given origin.
If the ArrayStoreException was created by the VM while evaluating an instruction
with the program counter pc you use the method ValueOriginForVMLevelValue to
translate that pc to the appropriate ValueOrigin.
Creates a new DomainValue that represents an array value with unknown
values and where the specified type may also just be an upper type bound
(unless the component type is a primitive type or an array of primitives.)
Creates a new DomainValue that represents an array value with unknown
values and where the specified type may also just be an upper type bound
(unless the component type is a primitive type or an array of primitives.)
This factory method is (typically) used to create a domain value that represents an array if we know nothing specific about the array. E.g., if you want to analyze a method that takes an array as a parameter.
The properties of the value are:
Java's arrays are co-variant. I.e., Object[] a = new Serializable[100]; is valid.
Enables matching of DomainValues that are array values.
Enables matching of DomainValues that are array values.
Creates a non-null object that represent a ClassCastException and that has the
given origin.
Creates a non-null object that represent a ClassCastException and that has the
given origin.
If the ClassCastException was created by the VM while evaluating an instruction
with the program counter pc you use the method ValueOriginForVMLevelValue to
translate that pc to the appropriate ValueOrigin.
Factory method to create a DomainValue that represents a runtime value of
type "Class<T>" and that was created by the instruction with the
specified program counter.
Factory method to create a DomainValue that represents a runtime value of
type "Class<T>" and that was created by the instruction with the
specified program counter.
This function is called by OPAL when a class constant (LDC(_W) instruction) is
put on the stack.
The domain may ignore the information about the value and the origin (vo).
The properties of the domain value are:
The class tag for the type DomainValue.
The class tag for the type DomainValue.
Required to generate instances of arrays in which values of type
DomainValue can be stored in a type-safe manner.
In the sub-trait or class that fixes the type of DomainValue it is necessary
to implement this abstract val using:
val DomainValueTag : ClassTag[DomainValue] = implicitly(As of Scala 2.10 it is necessary that you do not use implicit in the subclass -
it will compile, but fail at runtime.)
Creates a non-null object that represent an IllegalMonitorStateException and that has the
given origin.
Creates a non-null object that represent an IllegalMonitorStateException and that has the
given origin.
If the IllegalMonitorStateException was created by the VM while evaluating an instruction
with the program counter pc you should use the method ValueOriginForVMLevelValue to
translate that pc to the appropriate ValueOrigin.
Factory method to create a DomainValue that represents an array
that was successfully created and which has the given type.
Factory method to create a DomainValue that represents an array
that was successfully created and which has the given type.
The domain may ignore the information about the origin (pc) and
the precise size of each dimension.
The properties of the domain value are:
The size of each dimension if available. counts may not be empty but
may not contain information about all dimensions; the
following condition always has to hold: counts.length <= arrayType.dimensions.
Factory method to create a DomainValue that represents an initialized
reference value of the given type and that was created (explicitly or implicitly)
by the instruction with the specified program counter.
Factory method to create a DomainValue that represents an initialized
reference value of the given type and that was created (explicitly or implicitly)
by the instruction with the specified program counter.
The given type usually identifies a class type (not an interface type) that is
not abstract, but in some cases (e.g. consider java.awt.Toolkit())
it may be useful/meaningful to relax this requirement and to state that the
class precisely represents the runtime type – even
so the class is abstract. However, such decisions need to be made by the domain.
This method is used by the OPAL framework to create reference values that are normally
internally created by the JVM (in particular exceptions such as
NullPointExeception and ClassCastException). However, it can generally
be used to create initialized objects/arrays.
The properties of the domain value are:
null.)
The result of the merge of two incompatible values has
to be reported as a MetaInformationUpdate[DomainIllegalValue].
The result of the merge of two incompatible values has
to be reported as a MetaInformationUpdate[DomainIllegalValue].
Called by the AI framework for each load constant method handle (org.opalj.br.instructions.LoadMethodHandle) instruction to get a representation of/a DomainValue that represents the handle.
Called by the AI framework for each load constant method handle (org.opalj.br.instructions.LoadMethodHandle) instruction to get a representation of/a DomainValue that represents the handle.
A valid method handle.
An InitializedObjectValue(ObjectType.MethodHandle).
Hence, this method needs to be overridden
if resolution of MethodHandle based method calls should be performed.
Called by the framework for each load constant method type
(org.opalj.br.instructions.LoadMethodType) instruction to
get a domain-specific representation of the method descriptor as a MethodType.
Called by the framework for each load constant method type
(org.opalj.br.instructions.LoadMethodType) instruction to
get a domain-specific representation of the method descriptor as a MethodType.
A valid method descriptor.
An InitializedObjectValue(ObjectType.MethodType).
Hence, this method needs to be overridden
if resolution of MethodType based method calls should be performed.
Creates a non-null object that represent a NegativeArraySizeException and that has the
given origin.
Creates a non-null object that represent a NegativeArraySizeException and that has the
given origin.
If the NegativeArraySizeException was created by the VM while evaluating an instruction
with the program counter pc you use the method ValueOriginForVMLevelValue to
translate that pc to the appropriate ValueOrigin.
Factory method to create a new domain value that represents a newly created array (non-null) with the size determined by count that is empty.
Factory method to create a new domain value that represents a newly created array (non-null) with the size determined by count that is empty.
This factory method is (implicitly) used, e.g., by OPAL when a
multianewarray instruction is found.
The properties of the value are:
counts
Factory method to create a new domain value that represents a newly created array (non-null) with the size determined by count that is empty.
Factory method to create a new domain value that represents a newly created array (non-null) with the size determined by count that is empty.
This factory method is (implicitly) used, e.g., by OPAL when a newarray
instruction is found.
The properties of the value are:
Creates a new DomainValue that represents a new,
uninitialized instance of an object of the given type.
Creates a new DomainValue that represents a new,
uninitialized instance of an object of the given type. The object was
created by the (NEW) instruction with the specified program counter.
OPAL calls this method when it evaluates newobject instructions.
If the bytecode is valid a call of one of the object's constructors will
subsequently initialize the object.
The properties of the domain value are:
null.)
Instances of arrays are created by the newarray and
multianewarray instructions and in both cases an exception may be thrown
(e.g., NegativeArraySizeException).
Represents a non-null reference value with the given type as an upper type bound.
Represents a non-null reference value with the given type as an upper type bound.
The domain may ignore the information about the value and the origin (vo).
The properties of the domain value are:
null.)
Creates a non-null object that represent a NullPointerException and that has the
given origin.
Creates a non-null object that represent a NullPointerException and that has the
given origin.
If the NullPointerException was created by the VM while evaluating an instruction
with the program counter pc you should use the method ValueOriginForVMLevelValue to
translate that pc to the appropriate ValueOrigin.
Factory method to create a DomainValue that represents value null and
and that was created (explicitly or implicitly) by the instruction
with the specified program counter.
Factory method to create a DomainValue that represents value null and
and that was created (explicitly or implicitly) by the instruction
with the specified program counter.
The domain may ignore the information about the value and the origin (pc).
The properties of the domain value are:
This implementation always returns the singleton instance TheNullValue.
Factory method to create a DomainValue that represents either an class-/interface
value that has the given types as an upper bound or the value null.
Factory method to create a DomainValue that represents either an class-/interface
value that has the given types as an upper bound or the value null. However, the
information whether the value is null or not is not available. Furthermore, the
type may also just be an upper bound and it is not known if the value is
properly initialized.
The properties of the domain value are:
Factory method to create a DomainValue that represents either an class-/interface
value that has the given type or the value null.
Factory method to create a DomainValue that represents either an class-/interface
value that has the given type or the value null. However, the
information whether the value is null or not is not available. Furthermore, the
type may also just be an upper bound and it is not known if the value is
properly initialized.
The properties of the domain value are:
Factory method to create a DomainValue that represents either a reference
value that has the given type and is initialized or the value null.
Factory method to create a DomainValue that represents either a reference
value that has the given type and is initialized or the value null. However, the
information whether the value is null or not is not available. Furthermore, the
type may also just be an upper bound.
The domain may ignore the information about the value and the origin, but it has to remain possible for the domain to identify the component type of an array.
The properties of the domain value are:
Factory method to create an instance of a ReturnAddressValue.
Factory method to create an instance of a ReturnAddressValue.
Factory method to create a DomainValue that represents the given string value
and that was created by the instruction with the specified program counter.
Factory method to create a DomainValue that represents the given string value
and that was created by the instruction with the specified program counter.
This function is called by OPAL-AI when a string constant (LDC(_W) instruction) is
put on the stack.
The domain may ignore the information about the value and the origin (vo).
The properties of the domain value are:
null.A non-null string. (The string may be empty, though.)
The result of merging two values should never be reported as a
StructuralUpdate if the computed value is an IllegalValue.
The result of merging two values should never be reported as a
StructuralUpdate if the computed value is an IllegalValue. The JVM semantics
guarantee that the value was not used in the first case and, hence, continuing
the interpretation is meaningless.
This method is solely defined for documentation purposes and to catch implementation errors early on.
The singleton instance of the IllegalValue.
The singleton instance of the IllegalValue.
The singleton instance of ReturnAddressValues
The singleton instance of ReturnAddressValues
Creates a non-null object that represent a Throwable object and that has the
given origin.
Creates a non-null object that represent a Throwable object and that has the
given origin.
If the Throwable was created by the VM while evaluating an instruction with
the program counter pc you should use the method ValueOriginForVMLevelValue
to translate that pc to the appropriate ValueOrigin.
Returns the array's length or throws a NullPointerException if the given
reference is null.
Returns the array's length or throws a NullPointerException if the given
reference is null.
It is in general not necessary to override this method. If you need
some special handling refine the trait ArrayValue.
Loads the value stored in the array at the given index or throws an
exception (NullPointerException or IndexOutOfBoundsException).
Loads the value stored in the array at the given index or throws an
exception (NullPointerException or IndexOutOfBoundsException).
It is in general not necessary to override this method. If you need
some special handling refine the load method defined by the trait
ArrayValue.
Stores the given value in the array at the given index or throws an exception
(NullPointerException, ArrayStoreException or IndexOutOfBoundsException).
Stores the given value in the array at the given index or throws an exception
(NullPointerException, ArrayStoreException or IndexOutOfBoundsException).
It is in general not necessary to override this method. If you need
some special handling refine the store method defined by the trait
ArrayValue.
Returns the given value as a DomainReferenceValue.
Returns the given value as a DomainReferenceValue. Basically just performs a type cast and is intended to be used to communicate that the value has to be a reference value (if the underlying byte code is valid.)
Tries to determine – under the assumption that the given value is not
null – if the runtime type of the given reference value could be a
subtype of the specified reference type supertype.
Tries to determine – under the assumption that the given value is not
null – if the runtime type of the given reference value could be a
subtype of the specified reference type supertype. I.e., if the type of the
value is not precisely known, then all subtypes of the value's type are also
taken into consideration when analyzing the subtype relation and only if we
can guarantee that none is a subtype of the given supertype the answer will be
No.
The returned value is only meaningful if value does not represent
the runtime value null.
Merges two computations that both resulted in at most one DomainValue or
at most one ExceptionValue.
Merges two computations that both resulted in at most one DomainValue or
at most one ExceptionValue.
If values are merged the merged value will use the specified pc.
Merges two computations that both return some DomainValue and some
ExceptionValues.
Merges two computations that both return some DomainValue and some
ExceptionValues. If values are merged the merged value will use the
specified pc.
Merges the given domain value v1 with the domain value v2 and returns
the merged value which is v1 if v1 is an abstraction of v2, v2 if v2
is an abstraction of v1 or some other value if a new value is computed that
abstracts over both values.
Merges the given domain value v1 with the domain value v2 and returns
the merged value which is v1 if v1 is an abstraction of v2, v2 if v2
is an abstraction of v1 or some other value if a new value is computed that
abstracts over both values.
This operation is commutative.
Merges two computations that both resulted in at most one ExceptionValue each.
Merges two computations that both resulted in at most one ExceptionValue each.
If values are merged the merged value will use the specified pc.
Merges those exceptions that have the same upper type bound.
Merges those exceptions that have the same upper type bound. This ensures
that per upper type bound only one ValuesDomain.DomainValue (which may be a
MultipleReferenceValues) is used. For those values that are merged, the
given pc is used.
Creates a multi-dimensional array.
Creates a multi-dimensional array.
It is generally not necessary to override this method as it handles all cases in a generic manner.
,The componentType may be (again) an array type.
Creates a new array.
Creates a new array.
It is generally not necessary to override this method as it handles all cases in a generic manner.
Returns a string representation of the properties associated with the instruction with the respective program counter.
Returns a string representation of the properties associated with the instruction with the respective program counter.
Associating properties with an instruction and maintaining those properties
is, however, at the sole responsibility of the Domain.
This method is predefined to facilitate the development of support tools and is not used by the abstract interpretation framework.
Domains that define (additional) properties should (abstract) override
this method and should return a textual representation of the property.
Tests if both values refer to the same object instance.
Tests if both values refer to the same object instance.
Though this is in general intractable, there are some cases where a definitive answer is possible.
This implementation completely handles the case where at least one value
definitively represents the null value.
Additionally, if we have precise type information and the types are different,
No is returned. Otherwise, Unknown is returned.
A value of type ReferenceValue.
A value of type ReferenceValue.
This method is intended to be overridden by subclasses and may be the first
one that is called (by means of super) by the overriding method to handle checks
related to null. E.g.
super.areEqualReferences(value1,value2).ifUnknown {
...
}
Compares the given values for reference inequality.
Compares the given values for reference inequality. Returns No if both values
point to the same instance and returns Yes if both objects are known not to
point to the same instance. The latter is, e.g., trivially the case when both
values have a different concrete type. Otherwise Unknown is returned.
If both values are representing the null value the org.opalj.Answer is Yes.
A value of computational type reference.
A value of computational type reference.
Called by OPAL when two values were compared for reference equality and we are going to analyze the branch where the comparison succeeded.
Called by OPAL when two values were compared for reference equality and we are going to analyze the branch where the comparison succeeded.
Called by OPAL when two values were compared for reference equality and we are going to analyze the branch where the comparison failed.
Called by OPAL when two values were compared for reference equality and we are going to analyze the branch where the comparison failed.
Called by OPAL-AI when it establishes that the value is guaranteed not to be null.
Called by OPAL-AI when it establishes that the value is guaranteed not to be null.
E.g., after a comparison with null OPAL can establish that the
value has to be null on one branch and that the value is not null on the
other branch.
Called by the framework when the value is known to be null/has to be null.
Called by the framework when the value is known to be null/has to be null.
E.g., after a comparison with null (IFNULL/IFNONNULL) OPAL-AI knows that the
value has to be null on one branch and that the value is not null on the
other branch.
Returns Yes if given value is never null, Unknown if the values is maybe
null and No otherwise.
Returns Yes if given value is never null, Unknown if the values is maybe
null and No otherwise.
A value of computational type reference.
Determines the nullness-property of the given value.
Determines the nullness-property of the given value.
A value of type ReferenceValue.
Called by the abstract interpreter when the type bound of the top most stack value needs to be refined.
Called by the abstract interpreter when the type bound of the top most stack
value needs to be refined. This method is only called by the abstract
interpreter iff an immediately preceding subtype query (typeOf(value) <: bound)
returned Unknown. This method must not be ignored – w.r.t. refining the top-most
stack value; it is e.g., used by org.opalj.br.instructions.CHECKCAST
instructions.
A domain that is able to identify aliases can use this information to propagate the information to the other aliases.
Sets the is null property of the top-most stack value to Yes.
Sets the is null property of the top-most stack value to Yes. This method is
called by the framework when the top-most operand stack value has to be null, but
a previous isNull check returned Unknown.
E.g., after a org.opalj.br.instructions.CHECKCAST that fails unless the
value is "null".
This method can be ignored; i.e., the return value can be (operands,locals).
However, a domain that is able to identify aliases can use this information to propagate
the information to the other aliases.
Creates a summary of the given domain values by summarizing and
joining the given values.
Creates a summary of the given domain values by summarizing and
joining the given values. For the precise details
regarding the calculation of a summary see Value.summarize(...).
The program counter that will be used for the summary value if a new value is returned that abstracts over/summarizes the given values.
An Iterable over one or more values.
The current algorithm is generic and should satisfy most needs, but it is not very efficient. However, it should be easy to tailor it for a specific domain/domain values, if need be.
Converts – if possible – a given DomainValue to a Java object that is
appropriately initialized.
Converts – if possible – a given DomainValue to a Java object that is
appropriately initialized.
Every domain that supports the creation of a Java object's based on a domain value is expected to implement this method and to test if it can create a precise representation of the given value. If not, the implementation has to delegate the responsibility to the super method to creat an abstract representation.
abstract override def toJavaObject(value : DomainValue): Option[Object] = { if(value...) // create and return Java object else super.toJavaObject(value) }
Some(Object) is returned if it was possible to create a compatible
corresponding Java object; otherwise None is returned.
Default: None unless the value is null. In the latter case Some(null)
is returned.
This operation is generally only possible if the domain value maintains enough state information to completely initialize the Java object.
Returns the type(type bounds) of the given value.
Returns the type(type bounds) of the given value.
In general a single value can have multiple type bounds which depend on the
control flow.
However, all types that the value represents must belong to the same
computational type category. I.e., it is possible that the value either has the
type "NullPointerException or IllegalArgumentException", but it will never have
– at the same time – the (Java) types int and long. Furthermore,
it is possible that the returned type(s) is(are) only an upper bound of the
real type unless the type is a primitive type.
This default implementation always returns org.opalj.ai.TypeUnknown.
typeOfValueThis method is typically not implemented by a single Domain trait/object, but is
instead implemented collaboratively by all domains that implement the semantics
of certain values. To achieve that, other Domain traits that implement a
concrete domain's semantics have to abstract override this method and only
return the value's type if the domain knows anything about the type. If a method
that overrides this method has no knowledge about the given value, it should
delegate this call to its super method.
Example
trait FloatValues extends Domain[...] { ... abstract override def typeOfValue(value: DomainValue): TypesAnswer = value match { case r: FloatValue ⇒ IsFloatValue case _ ⇒ super.typeOfValue(value) } }
Default implementation for handling reference values.