private static boolean predHoldsForPk(PointerKey curPk, Predicate<InstanceKey> pred, PointerAnalysis<InstanceKey> pa) { PointerKey curPkForPAHeapModel = convertToHeapModel(curPk, pa.getHeapModel()); OrdinalSet<InstanceKey> pointsToSet = pa.getPointsToSet(curPkForPAHeapModel); for (InstanceKey ik : pointsToSet) { if (!pred.test(ik)) { return false; } } return true; }
private void initDataStructures(PointerAnalysis<InstanceKey> pa) { HeapGraph<InstanceKey> heapGraph = pa.getHeapGraph(); OrdinalSetMapping<InstanceKey> instanceKeyMapping = pa.getInstanceKeyMapping(); for (Object n : heapGraph){ if (heapGraph.getPredNodeCount(n) == 0){ if (n instanceof PointerKey){ if (n instanceof ObjectPropertyCatalogKey){ ObjectPropertyCatalogKey opck = (ObjectPropertyCatalogKey) n; InstanceKey instanceKey = opck.getObject(); int instanceKeyId = instanceKeyMapping.getMappedIndex(instanceKey); mapUsingMutableMapping(instanceKeyIdToObjectPropertyCatalogKey, instanceKeyId, opck); } else if (n instanceof AstGlobalPointerKey){ globalsPointerKeys.add((AstGlobalPointerKey) n); } } else { System.err.println("Non Pointer key root: " + n); } } } }
public GlobalReturnToNodeFunction(IFDSTaintDomain<E> domain, PointerAnalysis<InstanceKey> pa, CGNode node) { this.domain = domain; this.ikMap = HashMapFactory.make(); for (PointerKey pk : pa.getPointerKeys()) { if (!(pk instanceof LocalPointerKey)) { continue; } LocalPointerKey lpk = (LocalPointerKey) pk; if (!lpk.getNode().equals(node)) { continue; } for (InstanceKey ik : pa.getPointsToSet(lpk)) { Set<CodeElement> elts = ikMap.get(ik); if (null == elts) { elts = HashSetFactory.make(); ikMap.put(ik, elts); } elts.add(new LocalElement(lpk.getValueNumber())); } } }
@Override public Collection<MemoryAccess> getFieldReads(PointerKey baseRef, IField field) { Collection<MemoryAccess> memAccesses = new ArrayList<>(); for (InstanceKey ik : pa.getPointsToSet(baseRef)) { PointerKey ifk = heapModel.getPointerKeyForInstanceField(ik, field); convertStmtsToMemoryAccess(invRef.get(ifk), memAccesses); } return memAccesses; }
private Set<CodeElement> getArrayRefCodeElts(CGNode node, SSAArrayReferenceInstruction inst) { Set<CodeElement> elts = HashSetFactory.make(); final PointerKey pk = pa.getHeapModel().getPointerKeyForLocal(node, inst.getArrayRef()); final OrdinalSet<InstanceKey> pointsToSet = pa.getPointsToSet(pk); if (pointsToSet.isEmpty()) { TypeReference arrayType = TypeReference.findOrCreateArrayOf(inst .getElementType()); InstanceKey ik = new ConcreteTypeKey(pa.getClassHierarchy() .lookupClass(arrayType)); elts.add(new InstanceKeyElement(ik)); } else { for (InstanceKey ik : pointsToSet) { elts.add(new InstanceKeyElement(ik)); } } return elts; }
/** * @return the heap model used in this pointer analysis. */ @Override public HeapModel getHeapModel() { return pa.getHeapModel(); }
@Override public void visitPut(SSAPutInstruction instruction) { IField f = pa.getClassHierarchy().resolveField(instruction.getDeclaredField()); if (f != null) { if (instruction.isStatic()) { result.add(h.getPointerKeyForStaticField(f)); } else { PointerKey ref = h.getPointerKeyForLocal(n, instruction.getRef()); if (ref != null) { for (InstanceKey i : pa.getPointsToSet(ref)) { result.add(h.getPointerKeyForInstanceField(i, f)); } } } } } }
protected void test(Predicate<MethodReference> filter, Predicate<Pair<Set<Pair<CGNode, NewSiteReference>>, Set<Pair<CGNode, NewSiteReference>>>> test, CallGraph fbCG, PointerAnalysis<ObjectVertex> fbPA, CallGraph propCG, PointerAnalysis<InstanceKey> propPA) { HeapGraph<ObjectVertex> hg = fbPA.getHeapGraph(); PointerKey objKey = fbPA.getHeapModel().getPointerKeyForLocal(node, obj); OrdinalSet<ObjectVertex> objPtrs = fbPA.getPointsToSet(objKey); for(ObjectVertex o : objPtrs) { PointerKey propKey = fbPA.getHeapModel().getPointerKeyForInstanceField(o, new AstDynamicField(false, o.getConcreteType(), Atom.findOrCreateUnicodeAtom(p), JavaScriptTypes.Root)); Assert.assertTrue("object " + o + " should have field " + propKey, hg.hasEdge(o, propKey)); PointerKey valKey = fbPA.getHeapModel().getPointerKeyForLocal(node, val); OrdinalSet<ObjectVertex> valPtrs = fbPA.getPointsToSet(valKey); for(ObjectVertex v : valPtrs) { Assert.assertTrue("field " + propKey + " should point to object " + valKey + "(" + v + ")", hg.hasEdge(propKey, v)); String propName = ((AstGlobalWrite) inst).getGlobalName(); propName = propName.substring("global ".length()); PointerKey propKey = fbPA.getHeapModel().getPointerKeyForInstanceField(null, new AstDynamicField(false, null, Atom.findOrCreateUnicodeAtom(propName), JavaScriptTypes.Root)); Assert.assertTrue("global " + propName + " should exist", hg.hasEdge(GlobalVertex.instance(), propKey)); for(InstanceKey k : fbPA.getInstanceKeys()) { k.getCreationSites(fbCG); for(String f : new String[]{ "__proto__", "prototype" }) { boolean dump = false; PointerKey pointerKeyForInstanceField = fbPA.getHeapModel().getPointerKeyForInstanceField(k, new AstDynamicField(false, k.getConcreteType(), Atom.findOrCreateUnicodeAtom(f), JavaScriptTypes.Root)); if (! hg.containsNode(pointerKeyForInstanceField)) { dump = true;
public InstanceKeySite getNode(final CallSiteReference csr, final InstanceKey k) { final ISSABasicBlock bbs[] = node.getIR().getBasicBlocksForCall(csr); final OrdinalSetMapping<InstanceKey> mapping = pa.getInstanceKeyMapping(); final HashSet<ISSABasicBlock> blocksSeen = new HashSet<>(); final ArrayList<Integer> concatenatedInstanceKeys = new ArrayList<>(); final LocalPointerKey lpk = new LocalPointerKey(node, iNext.getUse(1)); for (final InstanceKey ikey: pa.getPointsToSet(lpk)) { if (isNonNullConstant(ikey)) { concatenatedInstanceKeys.add(0, mapping.getMappedIndex(ikey)); final LocalPointerKey lpk = new LocalPointerKey(node, iNext.getUse(1)); for (final InstanceKey ikey: pa.getPointsToSet(lpk)) { if (isNonNullConstant(ikey)) { concatenatedInstanceKeys.add(0, mapping.getMappedIndex(ikey));
/** * Collects all exceptions, which could be dispatched by the throw * instruction, using the pointer analysis. Adds the collected exceptions to * addTo. * * @param addTo * set to add the result * @param instruction * the throw instruction */ private void addThrown(LinkedHashSet<TypeReference> addTo, SSAThrowInstruction instruction) { int exceptionVariable = instruction.getException(); if (pointerAnalysis != null) { PointerKey pointerKey = pointerAnalysis.getHeapModel().getPointerKeyForLocal(node, exceptionVariable); Iterator<Object> it = pointerAnalysis.getHeapGraph().getSuccNodes(pointerKey); while (it.hasNext()) { Object next = it.next(); if (next instanceof InstanceKey) { InstanceKey instanceKey = (InstanceKey) next; IClass iclass = instanceKey.getConcreteType(); addTo.add(iclass.getReference()); } else { throw new IllegalStateException("Internal error: Expected InstanceKey, got " + next.getClass().getName()); } } } }
@Override public int getNumberOfNodes() { return pointerKeys.getSize() + P.getInstanceKeyMapping().getSize(); }
public UriPrefixTransferGraph(final PointerAnalysis<InstanceKey> pa) { final Map<InstanceKeySite, Set<InstanceKey>> unresolvedDependencies = new HashMap<>(); final OrdinalSetMapping<InstanceKey> mapping = pa.getInstanceKeyMapping(); final Collection<InstanceKey> instanceKeys = pa.getInstanceKeys(); for (final PointerKey pk : pa.getPointerKeys()) { if (pk instanceof LocalPointerKey) { final LocalPointerKey lpk = (LocalPointerKey) pk;
public PrefixTransferGraph(PointerAnalysis<InstanceKey> pa) ArrayList<InstanceKey> instanceKeys = new ArrayList<>(pa.getInstanceKeys()); for(InstanceKey k:instanceKeys) node = new ConstantString(pa.getInstanceKeyMapping().getMappedIndex(k), (String)((ConstantKey<?>)k).getValue()); addNode(node); nodeMap.put(k, node); HashSet<InstanceKey> iks = new HashSet<>(); for (Integer i: ((StringBuilderToStringInstanceKeySite) node).concatenatedInstanceKeys) { iks.add(pa.getInstanceKeyMapping().getMappedObject(i));
private OrdinalSetMapping<PointerKey> getPointerKeys() { MutableMapping<PointerKey> result = MutableMapping.make(); for (PointerKey p : getPointerAnalysis().getPointerKeys()) { result.add(p); } return result; }
public IUnaryFlowFunction makeStaticFieldTaints( BasicBlockInContext<E> dest, SSAInstruction inst, final PairBasedFlowFunction<E> flowFunction) { final Set<DomainElement> elts = HashSetFactory.make(); for (CodeElement ce : getStaticFieldAccessCodeElts((SSAGetInstruction) inst)) { StaticFieldElement sfe = (StaticFieldElement) ce; IField field = pa.getClassHierarchy().resolveField(sfe.getRef()); if (field.isFinal()) { continue; } final StaticFieldFlow<E> taintSource = new StaticFieldFlow<>(dest, field, true); elts.add(new DomainElement(ce, taintSource)); } IUnaryFlowFunction newTaints = new ConstantFlowFunction<>(domain, elts); return compose(flowFunction, newTaints); }
@Override public Collection<MemoryAccess> getFieldWrites(PointerKey baseRef, IField field) { Collection<MemoryAccess> memAccesses = new ArrayList<>(); for (InstanceKey ik : pa.getPointsToSet(baseRef)) { PointerKey ifk = heapModel.getPointerKeyForInstanceField(ik, field); convertStmtsToMemoryAccess(invMod.get(ifk), memAccesses); } return memAccesses; }
pa.getPointsToSet(pa.getHeapModel().getPointerKeyForArrayContents(ik)); if (pointsToSet.isEmpty()) { final IClass contentsClass = pa.getClassHierarchy().lookupClass(typeRef.getArrayElementType()); if (contentsClass.isInterface()) { for (IClass implementor : analysisContext.concreteClassesForInterface(contentsClass)) { continue; } else if (fieldTypeRef.isArrayType()) { PointerKey pk = pa.getHeapModel().getPointerKeyForInstanceField(ik, field); final OrdinalSet<InstanceKey> pointsToSet = pa.getPointsToSet(pk); if (pointsToSet.isEmpty()) { InstanceKey fieldIK = new ConcreteTypeKey(pa.getClassHierarchy().lookupClass(fieldTypeRef)); final InstanceKeyElement elt = new InstanceKeyElement(fieldIK); if (elts.add(elt)) { PointerKey pk = pa.getHeapModel().getPointerKeyForInstanceField(ik, field); final OrdinalSet<InstanceKey> pointsToSet = pa.getPointsToSet(pk); if (pointsToSet.isEmpty() && !analysisContext.getClassHierarchy().isInterface(fieldTypeRef)) {
/** * @return the heap model used in this pointer analysis. */ @Override public HeapModel getHeapModel() { return pa.getHeapModel(); }
@Override public void visitPut(SSAPutInstruction instruction) { IField f = pa.getClassHierarchy().resolveField(instruction.getDeclaredField()); if (f != null) { if (instruction.isStatic()) { result.add(h.getPointerKeyForStaticField(f)); } else { PointerKey ref = h.getPointerKeyForLocal(n, instruction.getRef()); if (ref != null) { for (InstanceKey i : pa.getPointsToSet(ref)) { result.add(h.getPointerKeyForInstanceField(i, f)); } } } } } }
/** * Collects all exceptions, which could be dispatched by the throw * instruction, using the pointer analysis. Adds the collected exceptions to * addTo. * * @param addTo * set to add the result * @param instruction * the throw instruction */ private void addThrown(LinkedHashSet<TypeReference> addTo, SSAThrowInstruction instruction) { int exceptionVariable = instruction.getException(); if (pointerAnalysis != null) { PointerKey pointerKey = pointerAnalysis.getHeapModel().getPointerKeyForLocal(node, exceptionVariable); Iterator<Object> it = pointerAnalysis.getHeapGraph().getSuccNodes(pointerKey); while (it.hasNext()) { Object next = it.next(); if (next instanceof InstanceKey) { InstanceKey instanceKey = (InstanceKey) next; IClass iclass = instanceKey.getConcreteType(); addTo.add(iclass.getReference()); } else { throw new IllegalStateException("Internal error: Expected InstanceKey, got " + next.getClass().getName()); } } } }