Packages

  • package root
    Definition Classes
    root
  • package org
    Definition Classes
    root
  • package opalj

    OPAL is a Scala-based framework for the static analysis, manipulation and creation of Java bytecode.

    OPAL is a Scala-based framework for the static analysis, manipulation and creation of Java bytecode. OPAL is designed with performance, scalability and adaptability in mind.

    Its main components are:

    • a library (Common) which provides generally useful data-structures and algorithms for static analyses.
    • a framework for implementing lattice based static analyses (Static Analysis Infrastructure)
    • a framework for parsing Java bytecode (Bytecode Infrastructure) that can be used to create arbitrary representations.
    • a library to create a one-to-one in-memory representation of Java bytecode (Bytecode Disassembler).
    • a library to create a representation of Java bytecode that facilitates writing simple static analyses (Bytecode Representation - org.opalj.br).
    • a scalable, easily customizable framework for the abstract interpretation of Java bytecode (Abstract Interpretation Framework - org.opalj.ai).
    • a library to extract dependencies between code elements and to facilitate checking architecture definitions.
    • a library for the lightweight manipulation and creation of Java bytecode (Bytecode Assembler).

    General Design Decisions

    Thread Safety

    Unless explicitly noted, OPAL is thread safe. I.e., the classes defined by OPAL can be considered to be thread safe unless otherwise stated. (For example, it is possible to read and process class files concurrently without explicit synchronization on the client side.)

    No null Values

    Unless explicitly noted, OPAL does not null values I.e., fields that are accessible will never contain null values and methods will never return null. If a method accepts null as a value for a parameter or returns a null value it is always explicitly documented. In general, the behavior of methods that are passed null values is undefined unless explicitly documented.

    No Typecasts for Collections

    For efficiency reasons, OPAL sometimes uses mutable data-structures internally. After construction time, these data-structures are generally represented using their generic interfaces (e.g., scala.collection.{Set,Map}). However, a downcast (e.g., to add/remove elements) is always forbidden as it would effectively prevent thread-safety. Furthermore, the concrete data-structure is always considered an implementation detail and may change at any time.

    Assertions

    OPAL makes heavy use of Scala's Assertion Facility to facilitate writing correct code. Hence, for production builds (after thorough testing(!)) it is highly recommend to build OPAL again using -Xdisable-assertions.

    Definition Classes
    org
  • package ai

    Implementation of an abstract interpretation (ai) framework – also referred to as OPAL.

    Implementation of an abstract interpretation (ai) framework – also referred to as OPAL.

    Please note that OPAL/the abstract interpreter just refers to the classes and traits defined in this package (ai). The classes and traits defined in the sub-packages (in particular in domain) are not considered to be part of the core of OPAL/the abstract interpreter.

    Definition Classes
    opalj
    Note

    This framework assumes that the analyzed bytecode is valid; i.e., the JVM's bytecode verifier would be able to verify the code. Furthermore, load-time errors (e.g., LinkageErrors) are – by default – completely ignored to facilitate the analysis of parts of a project. In general, if the presented bytecode is not valid, the result is undefined (i.e., OPAL may report meaningless results, crash or run indefinitely).

    See also

    org.opalj.ai.AI - Implements the abstract interpreter that processes a methods code and uses an analysis-specific domain to perform the abstract computations.

    org.opalj.ai.Domain - The core interface between the abstract interpretation framework and the abstract domain that is responsible for performing the abstract computations.

  • package common
    Definition Classes
    ai
  • package dataflow

    Supports the specification and solving of data-flow problems.

    Supports the specification and solving of data-flow problems.

    Goal

    To be able to express data-flow problems at a very high-level of abstraction. I.e., that some information flows or not-flows from a well-identified source to a well-identified sink.

    Usage Scenario

    • We want to avoid that information is stored in the database/processed by the backend without being sanitized.
    • We want to specify that certain information is not allowed to flow from one module to another module.

    Concept

    1. Select sources
      1. Sources are parameters passed to methods (e.g., doPost(session : Session) (This covers the main method as well as typical callback methods.)
      2. Values returned by methods (e.g., System.in.read) (here, we identify the call site)
    2. Select sinks
      1. A sink is either a field (in which the value is stored)
      2. a method (parameter) which is passed the value
    3. Filtering (Terminating) data-flows
      1. If a specific operation was performed, e.g.,
      2. If a comparison (e.g., against null, > 0 , ...)
      3. An instanceOf/a checkcast
      4. A mathematical operation (e.g. +.-,...)
      5. [OPTIMIZATION] If the value was passed to a specific method (e.g., check(x : X) - throws Exception if the check fails)
      6. [OPTIMIZATION] If the value was returned by a well-identified method (e.g., String sanitized = s.replace(...,...))

    4. Extending data-flows (Side Channels)

    • OPEN: What would be the general strategy if a value influences another value?
    • [SIDE CHANNELS?] What happens if the value is stored in a field of an object and that object is used?
    • [SIDE CHANNELS?] What happens if the value is used during the computation, but does not (directly) influence the output. (e.g., if(x == 0) 1; else 2;

    Furthermore, the framework will automatically handle taint propagation and aliasing. I.e., a tainted value that is stored in a field automatically marks the respective field as tainted.

    Definition Classes
    ai
  • package domain

    This package contains definitions of common domains that can be used for the implementation of analyses.

    This package contains definitions of common domains that can be used for the implementation of analyses.

    Types of Domains

    In general, we distinguish two types of domains. First, domains that define a general interface (on top of the one defined by Domain), but do not directly provide an implementation. Hence, whenever you develop a new Domain you should consider implementing/using these domains to maximize reusability. Second, Domains that implement a specific interface (trait). In this case, we further distinguish between domains that provide a default implementation (per interface only one of these Domains can be used to create a final Domain) and those that can be stacked and basically refine the overall functionality.

    Examples

    • Domains That Define a General Interface
      • Origin defines two types which domains that provide information abou the origin of a value should consider to implement.
      • TheProject defines a standard mechanism how a domain can access the current project.
      • TheClassHierarchy defines a standard mechanism how to get the project's class hierarchy.
      • ...
    • Domains That Provide a Default Implementation
    • Domains That Implement Stackable Functionality
      • org.opalj.ai.domain.RecordThrownExceptions records information about all uncaught exceptions by intercepting a Domain's respective methods. However, it does provide a default implementation. Hence, a typical pattern is:
    class MyDomain extends Domain with ...
        with DefaultHandlingOfMethodResults with RecordThrownExceptions

    Thread Safety

    Unless explicitly documented, a domain is never thread-safe. The general programming model is to use one Domain object per code block/method and therefore, thread-safety is not required for Domains that are used for the evaluation of methods. However domains that are used to adapt/transfer values should be thread safe (see org.opalj.ai.domain.ValuesCoordinatingDomain for further details).

    Definition Classes
    ai
  • package jdkbug

    Contains definitions that are used by the elements specified in JDKBugs

    Contains definitions that are used by the elements specified in JDKBugs

    Definition Classes
    ai
  • package project
    Definition Classes
    ai
  • package tutorial
    Definition Classes
    ai
  • package util

    Common utility functionality.

    Common utility functionality.

    Definition Classes
    ai
  • AI
  • AIAborted
  • AICompleted
  • AIException
  • AIResult
  • AIResultBuilder
  • AITracer
  • BaseAI
  • BoundedInterruptableAI
  • CTC1
  • CTC2
  • CipherGetInstanceStringUsage
  • Computation
  • ComputationFailed
  • ComputationWithException
  • ComputationWithResult
  • ComputationWithResultAndException
  • ComputationWithSideEffectOnly
  • ComputationWithSideEffectOrException
  • ComputedValue
  • ComputedValueOrException
  • Configuration
  • CoreDomainFunctionality
  • CorrelationalDomain
  • CorrelationalDomainSupport
  • CountingAI
  • CustomInitialization
  • Domain
  • DomainException
  • DoubleValuesDomain
  • DoubleValuesFactory
  • ExceptionUsage
  • ExceptionUsageAnalysisDomain
  • ExceptionsFactory
  • ExceptionsRaisedByCalledMethods
  • FieldAccessesDomain
  • FloatValuesDomain
  • FloatValuesFactory
  • GlobalLogContextProvider
  • IdentityBasedCorrelationChangeDetection
  • InfiniteRecursion
  • InfiniteRecursions
  • InfiniteRecursionsDomain
  • InstructionCountBoundedAI
  • IntegerRangeValuesFactory
  • IntegerValuesDomain
  • IntegerValuesFactory
  • InterpretationFailedException
  • InterruptableAI
  • JoinStabilization
  • LogContextProvider
  • LongValuesDomain
  • LongValuesFactory
  • MetaInformationUpdate
  • MetaInformationUpdateType
  • MethodCallInformation
  • MethodCallsDomain
  • MethodsThatAlwaysReturnAPassedParameter
  • MonitorInstructionsDomain
  • MultiTracer
  • NoUpdate
  • NoUpdateType
  • PrimitiveValuesConversionsDomain
  • ReferenceValuesDomain
  • ReferenceValuesFactory
  • ReturnInstructionsDomain
  • SomeUpdate
  • StructuralUpdate
  • StructuralUpdateType
  • SubroutinesDomain
  • TheAI
  • TheClassHierarchy
  • TheCodeStructure
  • TheMemoryLayout
  • ThrowsException
  • TimeBoundedAI
  • TypedValuesFactory
  • Update
  • UpdateType
  • UsageKind
  • UselessComputation
  • UselessComputations
  • UselessComputationsMinimal
  • ValuesDomain
t

org.opalj.ai

AITracer

trait AITracer extends AnyRef

Defines the interface between the abstract interpreter and a module for tracing and debugging the interpreter's progress. In general, a tracer is first registered with an abstract interpreter. After that, when a method is analyzed, the AI calls the tracer's methods at the respective points in time.

A tracer is registered with an abstract interpreter by creating a new subclass of AI and overriding the method AI.tracer.

Source
AITracer.scala
Note

All data structures passed to the tracer are the original data structures used by the abstract interpreter. Hence, if a value is mutated (e.g., for debugging purposes) it has to be guaranteed that the state remains meaningful. Hence, using the AITracer it is possible to develop a debugger for OPAL and to enable the user to perform certain mutations.

Linear Supertypes
AnyRef, Any
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. AITracer
  2. AnyRef
  3. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. All

Abstract Value Members

  1. abstract def abruptMethodExecution(domain: Domain)(pc: Int, exception: Domain.ExceptionValue): Unit

    Called when the analyzed method throws an exception that is not caught within the method.

    Called when the analyzed method throws an exception that is not caught within the method. I.e., the interpreter evaluates an athrow instruction or some other instruction that throws an exception.

  2. abstract def abruptSubroutineTermination(domain: Domain)(details: String, sourcePC: Int, targetPC: Int, jumpToSubroutineId: Int, terminatedSubroutinesCount: Int, forceScheduling: Boolean, oldWorklist: Chain[Int], newWorklist: Chain[Int]): Unit

    Called when the evaluation of a subroutine terminated abruptly due to an unhandled exception.

    Called when the evaluation of a subroutine terminated abruptly due to an unhandled exception.

    jumpToSubroutineId

    The subroutine that will be continued. The id is the pc of the first instruction of the subroutine. It is 0 if it is the method as such.

    terminatedSubroutinesCount

    The number of subroutines that are terminated.

  3. abstract def continuingInterpretation(code: Code, domain: Domain)(initialWorkList: Chain[Int], alreadyEvaluatedPCs: IntArrayStack, operandsArray: Domain.OperandsArray, localsArray: Domain.LocalsArray, memoryLayoutBeforeSubroutineCall: Chain[(Int, Domain.OperandsArray, Domain.LocalsArray)]): Unit

    Called immediately before the abstract interpretation of the specified code is performed.

    Called immediately before the abstract interpretation of the specified code is performed.

    If the tracer changes the operandsArray and/or localsArray, it is the responsibility of the tracer to ensure that the data structures are still valid afterwards.

  4. abstract def deadLocalVariable(domain: Domain)(pc: Int, lvIndex: Int): Unit

    Called by the interpret when a local variable with the given index (lvIndex) was set to a new value and, therefore, the reference stored in the local variable previously was useless/dead.

  5. abstract def domainMessage(domain: Domain, source: Class[_], typeID: String, pc: Option[Int], message: ⇒ String): Unit

    Called by the domain if something noteworthy was determined.

    Called by the domain if something noteworthy was determined.

    domain

    The domain.

    source

    The class (typically the (partial) domain) that generated the message.

    typeID

    A String that identifies the message. This value must not be null, but it can be the empty string.

    message

    The message; a non-null String that is formatted for the console.

  6. abstract def establishedConstraint(domain: Domain)(pc: Int, effectivePC: Int, operands: Domain.Operands, locals: Domain.Locals, newOperands: Domain.Operands, newLocals: Domain.Locals): Unit

    Called by the framework if a constraint is established.

    Called by the framework if a constraint is established. Constraints are generally established whenever a conditional jump is performed and the evaluation of the condition wasn't definitive. In this case a constraint will be established for each branch. In general the constraint will be applied before the join of the stack and locals with the successor instruction is done.

  7. abstract def flow(domain: Domain)(currentPC: Int, targetPC: Int, isExceptionalControlFlow: Boolean): Unit

    Called by the interpreter after an instruction (currentPC) was evaluated and before the instruction with the program counter targetPC may be evaluated.

    Called by the interpreter after an instruction (currentPC) was evaluated and before the instruction with the program counter targetPC may be evaluated.

    This method is only called if the instruction with the program counter targetPC will be evaluated in the future and was not yet scheduled. I.e., when the abstract interpreter determines that the evaluation of an instruction does not change the abstract state (associated with the successor instruction) and, therefore, will not schedule the successor instruction this method is not called.

    In case of if or switch instructions flow may be called multiple times (even with the same targetPC) before the method instructionEvaluation is called again.

    Note

    OPAL performs a depth-first exploration. However, subroutines are always first finished analyzing before an exception handler - that handles abrupt executions of the subroutine - is evaluated.

  8. abstract def initialLocals(domain: Domain)(locals: Domain.Locals): Unit

    The set of initial locals computed when the method is interpreted for the first time.

  9. abstract def instructionEvalution(domain: Domain)(pc: Int, instruction: Instruction, operands: Domain.Operands, locals: Domain.Locals): Unit

    Called before an instruction is evaluated.

    Called before an instruction is evaluated.

    This enables the tracer to precisely log the behavior of the abstract interpreter, but also enables the tracer to interrupt the evaluation to, e.g., enable stepping through a program.

    operands

    The operand stack before the execution of the instruction.

    locals

    The registers before the execution of the instruction.

  10. abstract def join(domain: Domain)(pc: Int, thisOperands: Domain.Operands, thisLocals: Domain.Locals, otherOperands: Domain.Operands, otherLocals: Domain.Locals, result: Update[(Domain.Operands, Domain.Locals)]): Unit

    Called by the abstract interpreter whenever two paths converge and the values on the operand stack and the registers are joined.

    Called by the abstract interpreter whenever two paths converge and the values on the operand stack and the registers are joined.

    thisOperands

    The operand stack as it was used the last time when the instruction with the given program counter was evaluated.

    thisLocals

    The registers as they were used the last time when the instruction with the given program counter was evaluated.

    otherOperands

    The current operand stack when we re-reach the instruction

    otherLocals

    The current registers.

    result

    The result of joining the operand stacks and register assignment.

  11. abstract def jumpToSubroutine(domain: Domain)(pc: Int, target: Int, nestingLevel: Int): Unit

    Called before a jump to a subroutine.

  12. abstract def noFlow(domain: Domain)(currentPC: Int, targetPC: Int): Unit

    Called by the interpreter if a successor instruction is NOT scheduled, because the abstract state didn't change.

  13. abstract def rescheduled(domain: Domain)(sourcePC: Int, targetPC: Int, isExceptionalControlFlow: Boolean, worklist: Chain[Int]): Unit

    Called if the instruction with the targetPC was already scheduled.

    Called if the instruction with the targetPC was already scheduled. I.e., the instruction was already scheduled for evaluation, but is now moved to the first position in the list of all instructions to be executed (related to the specific subroutine). A rescheduled event is also issued if the instruction was the the first in the list of instructions executed next. However, further instructions may be appended to the list before the next instructionEvaluation takes place.

    Note

    OPAL performs a depth-first exploration.

  14. abstract def result(result: AIResult): Unit

    Called when the abstract interpretation of a method has completed/was interrupted.

  15. abstract def ret(domain: Domain)(pc: Int, returnAddressPC: Int, oldWorklist: Chain[Int], newWorklist: Chain[Int]): Unit

    Called when a RET instruction is encountered.

    Called when a RET instruction is encountered. (That does not necessary imply that the evaluation of the subroutine as such has finished. It is possible that other paths still need to be pursued.)

  16. abstract def returnFromSubroutine(domain: Domain)(pc: Int, returnAddressPC: Int, subroutinePCs: Chain[Int]): Unit

    Called when the evaluation of a subroutine (JSR/RET) as a whole is completed.

    Called when the evaluation of a subroutine (JSR/RET) as a whole is completed. I.e., all possible paths are analyzed and the fixpoint is reached.

Concrete Value Members

  1. final def !=(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  2. final def ##(): Int
    Definition Classes
    AnyRef → Any
  3. final def ==(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  4. final def asInstanceOf[T0]: T0
    Definition Classes
    Any
  5. def clone(): AnyRef
    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @native() @throws( ... )
  6. final def eq(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  7. def equals(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  8. def finalize(): Unit
    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @throws( classOf[java.lang.Throwable] )
  9. final def getClass(): Class[_]
    Definition Classes
    AnyRef → Any
    Annotations
    @native()
  10. def hashCode(): Int
    Definition Classes
    AnyRef → Any
    Annotations
    @native()
  11. final def isInstanceOf[T0]: Boolean
    Definition Classes
    Any
  12. final def ne(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  13. final def notify(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native()
  14. final def notifyAll(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native()
  15. final def synchronized[T0](arg0: ⇒ T0): T0
    Definition Classes
    AnyRef
  16. def toString(): String
    Definition Classes
    AnyRef → Any
  17. final def wait(): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  18. final def wait(arg0: Long, arg1: Int): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  19. final def wait(arg0: Long): Unit
    Definition Classes
    AnyRef
    Annotations
    @native() @throws( ... )

Inherited from AnyRef

Inherited from Any

Ungrouped