Packages

  • package root
    Definition Classes
    root
  • package org
    Definition Classes
    root
  • package opalj

    OPAL is a Scala-based framework for the static analysis, manipulation and creation of Java bytecode.

    OPAL is a Scala-based framework for the static analysis, manipulation and creation of Java bytecode. OPAL is designed with performance, scalability and adaptability in mind.

    Its main components are:

    • a library (Common) which provides generally useful data-structures and algorithms for static analyses.
    • a framework for parsing Java bytecode (Bytecode Infrastructure) that can be used to create arbitrary representations.
    • a library to create a one-to-one in-memory representation of Java bytecode (Bytecode Disassembler).
    • a library to create a representation of Java bytecode that facilitates writing simple static analyses (Bytecode Representation - org.opalj.br).
    • a scalable, easily customizable framework for the abstract interpretation of Java bytecode (Abstract Interpretation Framework - org.opalj.ai).
    • a library to extract dependencies between code elements and to facilitate checking architecture definitions.
    • a library for the lightweight manipulation and creation of Java bytecode.

    General Design Decisions

    Thread Safety

    Unless explicitly noted, OPAL is thread safe. I.e., the classes defined by OPAL can be considered to be thread safe unless otherwise stated. (For example, it is possible to read and process class files concurrently without explicit synchronization on the client side.)

    No null Values

    Unless explicitly noted, OPAL does not null values I.e., fields that are accessible will never contain null values and methods will never return null. If a method accepts null as a value for a parameter or returns a null value it is always explicitly documented. In general, the behavior of methods that are passed null values is undefined unless explicitly documented.

    No Typecasts for Collections

    For efficiency reasons, OPAL sometimes uses mutable data-structures internally. After construction time, these data-structures are generally represented using their generic interfaces (e.g., scala.collection.{Set,Map}). However, a downcast (e.g., to add/remove elements) is always forbidden as it would effectively prevent thread-safety. Furthermore, the concrete data-structure is always considered an implementation detail and may change at any time.

    Assertions

    OPAL makes heavy use of Scala's Assertion Facility to facilitate writing correct code. Hence, for production builds (after thorough testing(!)) it is highly recommend to build OPAL again using -Xdisable-assertions.

    Definition Classes
    org
  • package ai

    Implementation of an abstract interpretation (ai) framework – also referred to as OPAL.

    Implementation of an abstract interpretation (ai) framework – also referred to as OPAL.

    Please note, that OPAL/the abstract interpreter just refers to the classes and traits defined in this package (ai). The classes and traits defined in the sub-packages (in particular in domain) are not considered to be part of the core of OPAL/the abstract interpreter.

    Definition Classes
    opalj
    Note

    This framework assumes that the analyzed bytecode is valid; i.e., the JVM's bytecode verifier would be able to verify the code. Furthermore, load-time errors (e.g., LinkageErrors) are – by default – completely ignored to facilitate the analysis of parts of a project. In general, if the presented bytecode is not valid, the result is undefined (i.e., OPAL may report meaningless results, crash or run indefinitely).

    See also

    org.opalj.ai.Domain - The core interface between the abstract interpretation framework and the abstract domain that is responsible for performing the abstract computations.

    org.opalj.ai.AI - Implements the abstract interpreter that processes a methods code and uses an analysis-specific domain to perform the abstract computations.

  • package dataflow

    Supports the specification and solving of data-flow problems.

    Supports the specification and solving of data-flow problems.

    Goal

    To be able to express data-flow problems at a very high-level of abstraction. I.e., that some information flows or not-flows from a well-identified source to a well-identified sink.

    Usage Scenario

    • We want to avoid that information is stored in the database/processed by the backend without being sanitized.
    • We want to specify that certain information is not allowed to flow from one module to another module

    Concept

    1. Select sources
      1. Sources are parameters passed to methods (e.g., doPost(session : Session) (This covers the main method as well as typical callback methods.)
      2. Values returned by methods (e.g., System.in.read) (here, we identify the call site)
    2. Select sinks
      1. A sink is either a field (in which the value is stored)
      2. a method (parameter) which is passed the value
    3. Filtering (Terminating) data-flows
      1. If a specific operation was performed, e.g.,
      2. If a comparison (e.g., against null, > 0 , ...)
      3. An instanceOf/a checkcast
      4. A mathematical operation (e.g. +.-,...)
      5. [OPTIMIZATION] If the value was passed to a specific method (e.g., check(x : X) - throws Exception if the check fails)
      6. [OPTIMIZATION] If the value was returned by a well-identified method (e.g., String sanitized = s.replace(...,...))

    4. Extending data-flows (Side Channels)

    • OPEN: What would be the general strategy if a value influences another value?
    • [SIDE CHANNELS?] What happens if the value is stored in a field of an object and that object is used?
    • [SIDE CHANNELS?] What happens if the value is used during the computation, but does not (directly) influence the output. (e.g., if(x == 0) 1; else 2;

    Furthermore, the framework will automatically handle taint propagation and aliasing. I.e., a tainted value that is stored in a field automatically marks the respective field as tainted.

    Definition Classes
    ai
  • package spec
    Definition Classes
    dataflow
  • Calls
  • DataFlowProblemSpecification
  • MethodsMatcher
  • SourcesAndSinks
  • ValueLocationMatcher

case class Calls(properties: PartialFunction[(ReferenceType, String, MethodDescriptor), Boolean]) extends ValueLocationMatcher with Product with Serializable

Source
ValueLocationMatcher.scala
Linear Supertypes
Serializable, Serializable, Product, Equals, ValueLocationMatcher, (SomeProject) ⇒ Map[Method, Set[ValueOrigin]], AnyRef, Any
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. Calls
  2. Serializable
  3. Serializable
  4. Product
  5. Equals
  6. ValueLocationMatcher
  7. Function1
  8. AnyRef
  9. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. All

Instance Constructors

  1. new Calls(properties: PartialFunction[(ReferenceType, String, MethodDescriptor), Boolean])

Value Members

  1. final def !=(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  2. final def ##(): Int
    Definition Classes
    AnyRef → Any
  3. final def ==(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  4. def andThen[A](g: (Map[Method, Set[ValueOrigin]]) ⇒ A): (SomeProject) ⇒ A
    Definition Classes
    Function1
    Annotations
    @unspecialized()
  5. def apply(project: SomeProject): Map[Method, Set[br.PC]]
    Definition Classes
    CallsValueLocationMatcher → Function1
  6. final def asInstanceOf[T0]: T0
    Definition Classes
    Any
  7. def clone(): AnyRef
    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @native() @throws( ... )
  8. def compose[A](g: (A) ⇒ SomeProject): (A) ⇒ Map[Method, Set[ValueOrigin]]
    Definition Classes
    Function1
    Annotations
    @unspecialized()
  9. final def eq(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  10. def finalize(): Unit
    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @throws( classOf[java.lang.Throwable] )
  11. final def getClass(): Class[_]
    Definition Classes
    AnyRef → Any
    Annotations
    @native()
  12. final def isInstanceOf[T0]: Boolean
    Definition Classes
    Any
  13. final def ne(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  14. final def notify(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native()
  15. final def notifyAll(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native()
  16. val properties: PartialFunction[(ReferenceType, String, MethodDescriptor), Boolean]
  17. final def synchronized[T0](arg0: ⇒ T0): T0
    Definition Classes
    AnyRef
  18. def toString(): String
    Definition Classes
    Function1 → AnyRef → Any
  19. final def wait(): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  20. final def wait(arg0: Long, arg1: Int): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  21. final def wait(arg0: Long): Unit
    Definition Classes
    AnyRef
    Annotations
    @native() @throws( ... )

Inherited from Serializable

Inherited from Serializable

Inherited from Product

Inherited from Equals

Inherited from ValueLocationMatcher

Inherited from (SomeProject) ⇒ Map[Method, Set[ValueOrigin]]

Inherited from AnyRef

Inherited from Any

Ungrouped