private boolean matchMethod(InvokeInstruction inv, ConstantPoolGen cpg, String className, String methodName) { return inv.getClassName(cpg).equals(className) && inv.getName(cpg).equals(methodName); }
@CheckForNull Use getUse(ConstantPoolGen cpg, Instruction ins) { if (ins instanceof InvokeInstruction) { InvokeInstruction invoke = (InvokeInstruction) ins; String mName = invoke.getMethodName(cpg); String cName = invoke.getClassName(cpg); if ("setAttribute".equals(mName) && "javax.servlet.http.HttpSession".equals(cName)) { return Use.STORE_INTO_HTTP_SESSION; } if ("writeObject".equals(mName) && ("java.io.ObjectOutput".equals(cName) || "java.io.ObjectOutputStream".equals(cName))) { return Use.PASSED_TO_WRITE_OBJECT; } } return null; } private void analyzeMethod(ClassContext classContext, Method method) throws CFGBuilderException, DataflowAnalysisException {
public boolean matches(Instruction instruction, ConstantPoolGen cpg) { if(instruction != null && instruction instanceof InvokeInstruction) { InvokeInstruction invokeInstruction = (InvokeInstruction) instruction; if (classesNames.size() != 0 && !classesNames.contains(invokeInstruction.getClassName(cpg))) { return false; } else if (methodNames.size() != 0 && !methodNames.contains(invokeInstruction.getMethodName(cpg))) { return false; } else if (argSignatures.size() != 0 && !argSignatures.contains(invokeInstruction.getSignature(cpg))) { return false; } return true; } return false; } }
private static Map<InstructionHandle, Call> buildCallMap(CFG cfg, ConstantPoolGen cpg) { Map<InstructionHandle, Call> callMap = new HashMap<>(); for (Iterator<Location> i = cfg.locationIterator(); i.hasNext();) { InstructionHandle handle = i.next().getHandle(); Instruction ins = handle.getInstruction(); if (ins instanceof InvokeInstruction) { InvokeInstruction inv = (InvokeInstruction) ins; Call call = new Call(inv.getClassName(cpg), inv.getName(cpg), inv.getSignature(cpg)); callMap.put(handle, call); } } return callMap; }
/** * Convenience method for generating a method signature in human readable * form. * * @param inv * an InvokeInstruction * @param cpg * the ConstantPoolGen for the class the instruction belongs to */ public static String convertMethodSignature(InvokeInstruction inv, ConstantPoolGen cpg) { return convertMethodSignature(inv.getClassName(cpg), inv.getName(cpg), inv.getSignature(cpg)); }
public MethodDescriptor(InvokeInstruction iins, ConstantPoolGen cpg) { super(ClassName.toSlashedClassName(iins.getClassName(cpg)), iins.getMethodName(cpg), iins.getSignature(cpg), iins instanceof INVOKESTATIC); }
@Override protected boolean instanceEscapes(InvokeInstruction inv, int instanceArgNum) { ConstantPoolGen cpg = getCPG(); String className = inv.getClassName(cpg);
private void handleInstanceMethod(InvokeInstruction obj) { assert returnsString(obj); consumeStack(obj); String className = obj.getClassName(getCPG()); String methodName = obj.getName(getCPG()); // System.out.println(className + "." + methodName); if ("intern".equals(methodName) && "java.lang.String".equals(className)) { sawStringIntern = true; pushValue(staticStringTypeInstance); } else if ("toString".equals(methodName) || "java.lang.String".equals(className)) { pushValue(dynamicStringTypeInstance); // System.out.println(" dynamic"); } else { pushReturnType(obj); } }
/** * Get a MethodDescriptor describing the method called by given * InvokeInstruction. * * @param inv * the InvokeInstruction * @param cpg * ConstantPoolGen of class containing instruction * @return MethodDescriptor describing the called method */ public static MethodDescriptor getCalledMethodDescriptor(InvokeInstruction inv, ConstantPoolGen cpg) { String calledClassName = inv.getClassName(cpg).replace('.', '/'); String calledMethodName = inv.getMethodName(cpg); String calledMethodSig = inv.getSignature(cpg); boolean isStatic = inv.getOpcode() == Const.INVOKESTATIC; return DescriptorFactory.instance().getMethodDescriptor(calledClassName, calledMethodName, calledMethodSig, isStatic); }
@Override public boolean mightCloseResource(BasicBlock basicBlock, InstructionHandle handle, ConstantPoolGen cpg) throws DataflowAnalysisException { InvokeInstruction inv = toInvokeInstruction(handle.getInstruction()); if (inv == null) { return false; } String className = inv.getClassName(cpg); String methodName = inv.getName(cpg); String methodSig = inv.getSignature(cpg); try { if ("unlock".equals(methodName) && "()V".equals(methodSig) && Hierarchy.isSubtype(className, "java.util.concurrent.locks.Lock")) { return true; } } catch (ClassNotFoundException e) { lookupFailureCallback.reportMissingClass(e); } return false; }
/** * Add a method annotation for the method which is called by given * instruction. * * @param cpg * the constant pool for the method containing the call * @param inv * the InvokeInstruction * @return this object */ @Nonnull public BugInstance addCalledMethod(ConstantPoolGen cpg, InvokeInstruction inv) { String className = inv.getClassName(cpg); String methodName = inv.getMethodName(cpg); String methodSig = inv.getSignature(cpg); addMethod(className, methodName, methodSig, inv.getOpcode() == Const.INVOKESTATIC); describe(MethodAnnotation.METHOD_CALLED); return this; }
return; if(inv instanceof INVOKEVIRTUAL && "cast".equals(inv.getMethodName(cpg)) && "java.lang.Class".equals(inv.getClassName(cpg))) { if (("forName".equals(methodName) && "java.lang.Class".equals(inv.getClassName(cpg)) || "class$".equals(methodName)) && "(Ljava/lang/String;)Ljava/lang/Class;".equals(inv.getSignature(cpg)) || (Hierarchy.isInnerClassAccess((INVOKESTATIC) inv, cpg) && loadedFieldSet.getField(handle) != null)) {
public MethodDescriptor getInvokedMethod(ConstantPoolGen cpg, InvokeInstruction inv) { String invoked = inv.getClassName(cpg); String methodName = inv.getMethodName(cpg); String methodSig = inv.getSignature(cpg); MethodDescriptor invokedMethod = DescriptorFactory.instance().getMethodDescriptor(ClassName.toSlashedClassName(invoked), methodName, methodSig, inv instanceof INVOKESTATIC); return invokedMethod; }
/** * Create an XMethod object from an InvokeInstruction. * * @param invokeInstruction * the InvokeInstruction * @param cpg * ConstantPoolGen from the class containing the instruction * @return XMethod representing the method called by the InvokeInstruction */ public static XMethod createXMethod(InvokeInstruction invokeInstruction, ConstantPoolGen cpg) { String className = invokeInstruction.getClassName(cpg); String methodName = invokeInstruction.getName(cpg); String methodSig = invokeInstruction.getSignature(cpg); if (invokeInstruction instanceof INVOKEDYNAMIC) { // XXX the lambda representation makes no sense for XMethod // "classical" instruction attributes are filled with garbage, causing // the code later to produce crazy errors (looking for non existing types etc) // We should NOT be called here from our code, but 3rd party code still may // use this method. So *at least* provide a valid class name, which is // (don't ask me why) is encoded in the first argument type of the lambda // className = invokeInstruction.getArgumentTypes(cpg)[0].toString(); className = "java.lang.Object"; } return createXMethod(className, methodName, methodSig, invokeInstruction.getOpcode() == Const.INVOKESTATIC); }
/** * Look up the method referenced by given InvokeInstruction. This method * does <em>not</em> look for implementations in super or subclasses * according to the virtual dispatch rules. * * @param inv * the InvokeInstruction * @param cpg * the ConstantPoolGen used by the class the InvokeInstruction * belongs to * @param chooser * JavaClassAndMethodChooser to use to pick the method from among * the candidates * @return the JavaClassAndMethod, or null if no such method is defined in * the class */ public static JavaClassAndMethod findExactMethod(InvokeInstruction inv, ConstantPoolGen cpg, JavaClassAndMethodChooser chooser) throws ClassNotFoundException { String className = inv.getClassName(cpg); String methodName = inv.getName(cpg); String methodSig = inv.getSignature(cpg); JavaClass jclass = Repository.lookupClass(className); return findMethod(jclass, methodName, methodSig, chooser); }
/** * Look up the method referenced by given InvokeInstruction. This method * does <em>not</em> look for implementations in super or subclasses * according to the virtual dispatch rules. * * @param inv * the InvokeInstruction * @param cpg * the ConstantPoolGen used by the class the InvokeInstruction * belongs to * @param chooser * JavaClassAndMethodChooser to use to pick the method from among * the candidates * @return the JavaClassAndMethod, or null if no such method is defined in * the class */ public static XMethod findExactMethod(InvokeInstruction inv, ConstantPoolGen cpg, JavaClassAndMethodChooser chooser) { String className = inv.getClassName(cpg); String methodName = inv.getName(cpg); String methodSig = inv.getSignature(cpg); XMethod result = findMethod(DescriptorFactory.createClassDescriptorFromDottedClassName(className), methodName, methodSig, inv instanceof INVOKESTATIC); return thisOrNothing(result, chooser); }
String classClosed = inv.getClassName(cpg);
@Override public Lock isResourceCreation(BasicBlock basicBlock, InstructionHandle handle, ConstantPoolGen cpg) throws DataflowAnalysisException { InvokeInstruction inv = toInvokeInstruction(handle.getInstruction()); if (inv == null) { return null; } String className = inv.getClassName(cpg); String methodName = inv.getName(cpg); String methodSig = inv.getSignature(cpg); try { if ("lock".equals(methodName) && "()V".equals(methodSig) && Hierarchy.isSubtype(className, "java.util.concurrent.locks.Lock")) { Location location = new Location(handle, basicBlock); ValueNumberFrame frame = vnaDataflow.getFactAtLocation(location); ValueNumber lockValue = frame.getTopValue(); if (DEBUG) { System.out.println("Lock value is " + lockValue.getNumber() + ", frame=" + frame.toString()); } if (DEBUG) { ++numAcquires; } return new Lock(location, className, lockValue); } } catch (ClassNotFoundException e) { lookupFailureCallback.reportMissingClass(e); } return null; }
|| !classNameMatcher.match(inv.getClassName(cpg))) { return null;
private void killLoadsOfObjectsPassed(InvokeInstruction ins) { try { XMethod called = Hierarchy2.findExactMethod(ins, methodGen.getConstantPool(), Hierarchy.ANY_METHOD); if (called != null ) { NoSideEffectMethodsDatabase nse = Global.getAnalysisCache().getOptionalDatabase(NoSideEffectMethodsDatabase.class); if(nse != null && !nse.is(called.getMethodDescriptor(), MethodSideEffectStatus.SE, MethodSideEffectStatus.OBJ)) { return; } } FieldSummary fieldSummary = AnalysisContext.currentAnalysisContext().getFieldSummary(); Set<XField> touched = fieldSummary.getFieldsWritten(called); if (!touched.isEmpty()) { getFrame().killLoadsOf(touched); } int passed = getNumWordsConsumed(ins); ValueNumber[] arguments = allocateValueNumberArray(passed); getFrame().killLoadsWithSimilarName(ins.getClassName(cpg), ins.getMethodName(cpg)); getFrame().getTopStackWords(arguments); for (ValueNumber v : arguments) { getFrame().killAllLoadsOf(v); } // Too many false-positives for primitives without transitive FieldSummary analysis, // so currently we simply kill any writable primitive on any method call // TODO: implement transitive FieldSummary getFrame().killAllLoads(true); } catch (DataflowAnalysisException e) { AnalysisContext.logError("Error in killLoadsOfObjectsPassed", e); } }