Abstracts over the concrete type of IllegalValue
.
Abstracts over the concrete type of IllegalValue
.
This type needs to be refined whenever the class IllegalValue
is refined or the type DomainValue
is refined.
Abstracts over the concrete type of ReturnAddressValue
.
Abstracts over the concrete type of ReturnAddressValue
. Needs to be fixed
by some sub-trait/sub-class. In the simplest case (i.e., when neither the
Value
trait nor the ReturnAddressValue
trait was refined) it is sufficient
to write:
type DomainReturnAddressValue = ReturnAddressValue
Abstracts over the concrete type of Value
.
Abstracts over the concrete type of Value
. Needs to be refined by traits that
inherit from Domain
and which extend Domain
's Value
trait.
A simple type alias of the type DomainValue
; used to facilitate comprehension.
A simple type alias of the type DomainValue
; used to facilitate comprehension.
A type alias for Iterable
s of ExceptionValue
s; used to facilitate comprehension.
A type alias for Iterable
s of ExceptionValue
s; used to facilitate comprehension.
Represents a value that has no well defined state/type.
Represents a value that has no well defined state/type. Such values are the result of a join of two incompatible values and are generally only found in registers (in the locals) and then identify a value that is dead.
org.opalj.ai.Domain.Value for further details.
Computation that returns a numeric value or an ObjectType.ArithmeticException
.
An instruction's current register values/locals are represented using an array.
An instruction's current register values/locals are represented using an array.
An instruction's operands are represented using a list where the first element of the list represents the top level operand stack value.
An instruction's operands are represented using a list where the first element of the list represents the top level operand stack value.
Stores a single return address (i.e., a program counter/index into the code array).
Stores a single return address (i.e., a program counter/index into the code array).
Though the framework completely handles all aspects related to return address
values, it is nevertheless necessary that this class inherits from Value
as return addresses are stored on the stack/in the registers. However,
if the Value
trait should be refined, all additional methods may – from
the point-of-view of OPAL-AI - just throw an OperationNotSupportedException
as these additional methods will never be called by OPAL-AI.
A collection of (not furhter stored) return address values.
A collection of (not furhter stored) return address values. Primarily used when we join the executions of subroutines.
Abstracts over a concrete operand stack value or a value stored in one of the local variables/registers.
Abstracts over a concrete operand stack value or a value stored in one of the local variables/registers.
In general, subclasses and users of a Domain
should not have/declare
a direct dependency on Value
. Instead they should use DomainValue
as otherwise
extensibility of a Domain
may be hampered or even be impossible. The only
exceptions are, of course, classes that directly inherit from this class.
If you directly extend/refine this trait (i.e., in a subclass of the Domain
trait
you write something like trait Value extends super.Value
), make sure that
you also extend all classes/traits that inherit from this type
(this may require a deep mixin composition and that you refine the type
DomainType
accordingly).
However, OPAL was designed such that extending this class should – in general
– not be necessary. It may also be easier to encode the desired semantics – as
far as possible – as part of the domain.
Standard inheritance from this trait is always supported and is the primary mechanism to model an abstract domain's lattice w.r.t. some special type of value. In general, the implementation should try to avoid creating new instances of values unless strictly required to model the domain's semantics. This will greatly improve the overall performance as this framework heavily uses reference-based equality checks to speed up the evaluation.
OPAL does not rely on any special equality semantics w.r.t. values and
never directly or indirectly calls a Value
's equals
or eq
method. Hence,
a domain can encode equality such that it best fits its need.
However, some of the provided domains rely on the following semantics for equals:
Two domain values have to be equal (==
) iff they represent the same
information. This includes additional information, such as, the value of
the origin.
E.g., a value (AnIntegerValue
) that represents an arbitrary Integer
value
has to return true
if the domain value with which it is compared also
represents an arbitrary Integer
value (AnIntegerValue
). However,
it may still be necessary to use multiple objects to represent an arbitrary
integer value if, e.g., constraints should be attached to specific values.
For example, after a comparison of an integer value with a predefined
value (e.g., AnIntegerValue < 4
) it is possible to constrain the respective
value on the subsequent paths (< 4 on one path and >= 4 on the other path).
To make that possible, it is however necessary to distinguish the
AnIntegervalue
from some other AnIntegerValue
to avoid constraining
unrelated values.
public void foo(int a,int b) { if(a < 4) { z = a - 2 // here a is constrained (< 4), b and z are unconstrained } else { z = a + 2 // here a is constrained (>= 4), b and z are unconstrained } }
In general, equals
is only defined for values belonging to the same
domain. If values need to be compared across domains, they need to be adapted
to a target domain first.
Factory method to create a representation of a boolean value with the given initial value and origin.
Factory method to create a representation of a boolean value with the given initial value and origin.
The domain may ignore the information about the value and the origin (origin
).
Factory method to create a representation of a boolean value if we know the origin of the value.
Factory method to create a representation of a boolean value if we know the origin of the value.
The domain may ignore the information about the origin (origin
).
Factory method to create a DomainValue
that represents the given byte value
and that was created (explicitly or implicitly) by the instruction with the
specified program counter.
Factory method to create a DomainValue
that represents the given byte value
and that was created (explicitly or implicitly) by the instruction with the
specified program counter.
The domain may ignore the information about the value and the origin (origin
).
Factory method to create a DomainValue
that was created (explicitly or
implicitly) by the instruction with the specified program counter.
Factory method to create a DomainValue
that was created (explicitly or
implicitly) by the instruction with the specified program counter.
The domain may ignore the information about the origin (origin
).
Factory method to create a DomainValue
that represents the given char value
and that was created (explicitly or implicitly) by the instruction with the
specified program counter.
Factory method to create a DomainValue
that represents the given char value
and that was created (explicitly or implicitly) by the instruction with the
specified program counter.
Factory method to create a DomainValue
that was created (explicitly or
implicitly) by the instruction with the specified program counter.
Factory method to create a DomainValue
that was created (explicitly or
implicitly) by the instruction with the specified program counter.
The domain may ignore the information about the origin (origin
).
The class tag can be used to create type safe arrays or to extract the concrete type of the domain value.
The class tag can be used to create type safe arrays or to extract the concrete type of the domain value.
val DomainReferenceValue(v) = value // of type "DomainValue" // v is now of the type DomainReferenceValue
The class tag for the type DomainValue
.
The class tag for the type DomainValue
.
Required to generate instances of arrays in which values of type
DomainValue
can be stored in a type-safe manner.
In the sub-trait or class that fixes the type of DomainValue
it is necessary
to implement this abstract val
using:
val DomainValueTag : ClassTag[DomainValue] = implicitly
(As of Scala 2.10 it is necessary that you do not use implicit
in the subclass -
it will compile, but fail at runtime.)
Factory method to create a DomainValue
that represents the given integer value
and that was created (explicitly or implicitly) by the instruction with the
specified program counter.
Factory method to create a DomainValue
that represents the given integer value
and that was created (explicitly or implicitly) by the instruction with the
specified program counter.
The domain may ignore the information about the value and the origin (origin
).
Factory method to create a DomainValue
that was created (explicitly or
implicitly) by the instruction with the specified program counter.
Factory method to create a DomainValue
that was created (explicitly or
implicitly) by the instruction with the specified program counter.
The domain may ignore the information about the origin (origin
).
The result of the merge of two incompatible values has
to be reported as a MetaInformationUpdate[DomainIllegalValue]
.
The result of the merge of two incompatible values has
to be reported as a MetaInformationUpdate[DomainIllegalValue]
.
Factory method to create an instance of a ReturnAddressValue
.
Factory method to create an instance of a ReturnAddressValue
.
Factory method to create a DomainValue
that represents the given short value
and that was created (explicitly or implicitly) by the instruction with the
specified program counter.
Factory method to create a DomainValue
that represents the given short value
and that was created (explicitly or implicitly) by the instruction with the
specified program counter.
Factory method to create a DomainValue
that was created (explicitly or
implicitly) by the instruction with the specified program counter.
Factory method to create a DomainValue
that was created (explicitly or
implicitly) by the instruction with the specified program counter.
The domain may ignore the information about the origin (origin
).
The singleton instance of the IllegalValue
.
The singleton instance of the IllegalValue
.
The singleton instance of ReturnAddressValues
The singleton instance of ReturnAddressValues
Tests if the two given integer values are equal.
Tests if the two given integer values are equal.
A value with computational type integer.
A value with computational type integer.
Tests if the first integer value is smaller than the second value.
Tests if the first integer value is smaller than the second value.
A value with computational type integer.
A value with computational type integer.
Tests if the first integer value is less than or equal to the second value.
Tests if the first integer value is less than or equal to the second value.
A value with computational type integer.
A value with computational type integer.
Returns Yes
iff at least one possible extension of the given
value
is in the specified range; that is, if the intersection of the range of
values captured by the given value
and the specified range is non-empty.
Returns Yes
iff at least one possible extension of the given
value
is in the specified range; that is, if the intersection of the range of
values captured by the given value
and the specified range is non-empty.
For example, if the given value captures all positive integer values and the
specified range is [-1,1] then the answer has to be Yes
. If we know nothing
about the potential extension of the given value the answer will be Unknown
.
The answer is No
iff both ranges are non-overlapping.
A value that has to be of computational type integer.
The range's lower bound (inclusive).
The range's upper bound (inclusive).
Returns Yes
iff at least one (possible) extension of a given value is
not in the specified range; that is, if the set difference of the range of
values captured by the given value
and the specified range is non-empty.
Returns Yes
iff at least one (possible) extension of a given value is
not in the specified range; that is, if the set difference of the range of
values captured by the given value
and the specified range is non-empty.
For example, if the given value
has the integer value 10
and the
specified range is [0,Integer.MAX_VALUE] then the answer has to be No
. But,
if the given value
represents the range [-5,Integer.MAX_VALUE] and the specified
range is again [0,Integer.MAX_VALUE] then the answer has to be Yes
.
The answer is Yes
iff the analysis determined that at runtime value
will have
a value that is not in the specified range. If the analysis(domain) is not able
to determine whether the value is or is not in the given range then the answer
has to be Unknown
.
A value that has to be of computational type integer.
The range's lower bound (inclusive).
The range's upper bound (inclusive).
Factory method to create a representation of the integer constant value 0.
Factory method to create a representation of the integer constant value 0.
OPAL in particular uses this special value for performing subsequent computations against the fixed value 0 (e.g., for if_XX instructions).
(The origin (ValueOrigin) that is used is the ConstantValueOrigin to signify that this value was not created by the program.)
The domain may ignore the information about the value.
The result of merging two values should never be reported as a
StructuralUpdate
if the computed value is an IllegalValue
.
The result of merging two values should never be reported as a
StructuralUpdate
if the computed value is an IllegalValue
. The JVM semantics guarantee
that the value will not be used and, hence, continuing the interpretation is meaningless.
This method is solely defined for documentation purposes and to catch implementation errors early on.
Tests if the two given integer values are not equal.
Tests if the two given integer values are not equal.
A value with computational type integer.
A value with computational type integer.
This function is ONLY defined if a corresponding test (value1 == value2
)
returned org.opalj.Unknown. I.e., this method is only allowed to be
called if there is something to establish!
I.e., the domain values are real ranges (not single values, e.g., [1,1]
)
that overlap.
This function is ONLY defined if a corresponding test (value1 != value2
)
returned org.opalj.Unknown. I.e., this method is only allowed to be
called if there is something to establish!
I.e., the domain values are real ranges (not single values, e.g., [1,1]
)
that overlap.
This function is ONLY defined if a corresponding test (value1 < value2
)
returned org.opalj.Unknown. I.e., this method is only allowed to be
called if there is something to establish!
I.e., the domain values are real ranges (not single values, e.g., [1,1]
)
that overlap.
This function is ONLY defined if a corresponding test (value1 <= value2
)
returned org.opalj.Unknown. I.e., this method is only allowed to be
called if there is something to establish!
I.e., the domain values are real ranges (not single values, e.g., [1,1]
)
that overlap.
Sets the given domain value to theValue
.
Sets the given domain value to theValue
.
This function is called by OPAL before it starts to explore the branch where this condition has to hold. (This function is, e.g., called whenever we explore the branches of a switch-case statement.) I.e., the constraint is established before a potential join operation.
An integer domain value that does also, but not exclusively represents
theValue
.
Tests if the given integer value is 0 or maybe 0.
Tests if the given integer value is 0 or maybe 0.
A value with computational type integer.
Tests if the first integer value is larger than the second value.
Tests if the first integer value is larger than the second value.
A value with computational type integer.
A value with computational type integer.
Tests if the given integer value is > 0 or maybe > 0.
Tests if the given integer value is > 0 or maybe > 0.
A value with computational type integer.
Tests if the first integer value is larger than or equal to the second value.
Tests if the first integer value is larger than or equal to the second value.
A value with computational type integer.
A value with computational type integer.
Tests if the given value is greater than or equal to 0 or maybe greater than or equal to 0.
Tests if the given value is greater than or equal to 0 or maybe greater than or equal to 0.
A value with computational type integer.
Tests if the given integer value is < 0 or maybe < 0.
Tests if the given integer value is < 0 or maybe < 0.
A value with computational type integer.
Tests if the given integer value is less than or equal to 0 or maybe less than or equal to 0.
Tests if the given integer value is less than or equal to 0 or maybe less than or equal to 0.
A value with computational type integer.
Tests if the given integer value is not 0 or maybe not 0.
Tests if the given integer value is not 0 or maybe not 0.
A value with computational type integer.
Merges the given domain value v1
with the domain value v2
and returns
the merged value which is v1
if v1
is an abstraction of v2
, v2
if v2
is an abstraction of v1
or some other value if a new value is computed that
abstracts over both values.
Merges the given domain value v1
with the domain value v2
and returns
the merged value which is v1
if v1
is an abstraction of v2
, v2
if v2
is an abstraction of v1
or some other value if a new value is computed that
abstracts over both values.
This operation is commutative.
Returns a string representation of the properties associated with the instruction with the respective program counter.
Returns a string representation of the properties associated with the instruction with the respective program counter.
Associating properties with an instruction and maintaining those properties
is, however, at the sole responsibility of the Domain
.
This method is predefined to facilitate the development of support tools and is not used by the abstract interpretation framework.
Domain
s that define (additional) properties should (abstract
) override
this method and should return a textual representation of the property.
Creates a summary of the given domain values by summarizing and
joining the given values
.
Creates a summary of the given domain values by summarizing and
joining the given values
. For the precise details
regarding the calculation of a summary see Value.summarize(...)
.
The program counter that will be used for the summary value if a new value is returned that abstracts over/summarizes the given values.
An Iterable
over one or more values.
The current algorithm is generic and should satisfy most needs, but it is not very efficient. However, it should be easy to tailor it for a specific domain/domain values, if need be.
Returns the type(type bounds) of the given value.
Returns the type(type bounds) of the given value.
In general a single value can have multiple type bounds which depend on the
control flow.
However, all types that the value represents must belong to the same
computational type category. I.e., it is possible that the value either has the
type "NullPointerException
or IllegalArgumentException
", but it will never have
– at the same time – the (Java) types int
and long
. Furthermore,
it is possible that the returned type(s) is(are) only an upper bound of the
real type unless the type is a primitive type.
This default implementation always returns org.opalj.ai.UnknownType.
typeOfValue
This method is typically not implemented by a single Domain
trait/object, but is
instead implemented collaboratively by all domains that implement the semantics
of certain values. To achieve that, other Domain
traits that implement a
concrete domain's semantics have to abstract override
this method and only
return the value's type if the domain knows anything about the type. If a method
that overrides this method has no knowledge about the given value, it should
delegate this call to its super method.
Example
trait FloatValues extends Domain[...] { ... abstract override def typeOfValue(value: DomainValue): TypesAnswer = value match { case r: FloatValue ⇒ IsFloatValue case _ ⇒ super.typeOfValue(value) } }
Defines the public interface between the abstract interpreter and the domain that implements the functionality related to the handling of
int
eger values.