@Override public SinkSpec[] getSinkSpecs() { List<SinkSpec> specs = new ArrayList<>(); Collection<IMethod> methods = cha.getPossibleTargets(StringStuff.makeMethodReference(methodSignature)); for (IField field : fields) { if (!field.isFinal()) { for (IMethod method : methods) { specs.add(new StaticFieldSinkSpec(field, method)); } } } return specs.toArray(new SinkSpec[] {}); }
public IUnaryFlowFunction makeStaticFieldTaints( BasicBlockInContext<E> dest, SSAInstruction inst, final PairBasedFlowFunction<E> flowFunction) { final Set<DomainElement> elts = HashSetFactory.make(); for (CodeElement ce : getStaticFieldAccessCodeElts((SSAGetInstruction) inst)) { StaticFieldElement sfe = (StaticFieldElement) ce; IField field = pa.getClassHierarchy().resolveField(sfe.getRef()); if (field.isFinal()) { continue; } final StaticFieldFlow<E> taintSource = new StaticFieldFlow<>(dest, field, true); elts.add(new DomainElement(ce, taintSource)); } IUnaryFlowFunction newTaints = new ConstantFlowFunction<>(domain, elts); return compose(flowFunction, newTaints); }
/** * This main program shows one example use of thread escape analysis: producing a set of fields to be monitored for a * dynamic race detector. The idea is that any field might have a race with two exceptions: final fields do not have * races since there are no writes to them, and volatile fields have atomic read and write semantics provided by the * VM. Hence, this piece of code produces a list of all other fields. */ public static void main(String[] args) throws IOException, IllegalArgumentException, CancelException { String mainClassName = args[0]; Set<JarFile> jars = HashSetFactory.make(); for (int i = 1; i < args.length; i++) { jars.add(new JarFile(args[i], false)); } Set<IClass> escapingTypes = (new SimpleThreadEscapeAnalysis(jars, mainClassName)).gatherThreadEscapingClasses(); for (IClass cls : escapingTypes) { if (!cls.isArrayClass()) { for (IField f : cls.getAllFields()) { if (!f.isVolatile() && !f.isFinal()) { System.err.println(f.getReference()); } } } } } }