public Stream createStream(Location location, ObjectType type, ConstantPoolGen cpg, RepositoryLookupFailureCallback lookupFailureCallback) { Instruction ins = location.getHandle().getInstruction(); if (ins.getOpcode() != Constants.GETSTATIC) return null; GETSTATIC getstatic = (GETSTATIC) ins; if (!className.equals(getstatic.getClassName(cpg)) || !fieldName.equals(getstatic.getName(cpg)) || !fieldSig.equals(getstatic.getSignature(cpg))) return null; return new Stream(location, type.getClassName(), streamBaseClass) .setIgnoreImplicitExceptions(true) .setIsOpenOnCreation(true); }
private boolean isSafeValue(Location location, ConstantPoolGen cpg) throws CFGBuilderException { Instruction prevIns = location.getHandle().getInstruction(); if (prevIns instanceof LDC || prevIns instanceof GETSTATIC) return true; if (prevIns instanceof InvokeInstruction) { String methodName = ((InvokeInstruction) prevIns).getMethodName(cpg); if (methodName.startsWith("to") && methodName.endsWith("String") && methodName.length() > 8) return true; } if (prevIns instanceof AALOAD) { CFG cfg = classContext.getCFG(method); Location prev = getPreviousLocation(cfg, location, true); if (prev != null) { Location prev2 = getPreviousLocation(cfg, prev, true); if (prev2 != null && prev2.getHandle().getInstruction() instanceof GETSTATIC) { GETSTATIC getStatic = (GETSTATIC) prev2.getHandle().getInstruction(); if (getStatic.getSignature(cpg).equals("[Ljava/lang/String;")) return true; } } } return false; }
/** * Does the given instruction refer to a likely assertion method? * * @param ins * the instruction * @return true if the instruction likely refers to an assertion, false if * not */ public boolean isAssertionInstruction(Instruction ins, ConstantPoolGen cpg) { if (ins instanceof InvokeInstruction) return isAssertionCall((InvokeInstruction) ins); if (ins instanceof GETSTATIC) { GETSTATIC getStatic = (GETSTATIC) ins; String className = getStatic.getClassName(cpg); String fieldName = getStatic.getFieldName(cpg); if (className.equals("java.util.logging.Level") && fieldName.equals("SEVERE")) return true; if (className.equals("org.apache.log4j.Level") && (fieldName.equals("ERROR") || fieldName.equals("FATAL"))) return true; return false; } return false; }
/** * Return whether or not the given instruction can throw exceptions. * * @param handle * the instruction * @return true if the instruction can throw an exception, false otherwise */ private boolean isPEI(InstructionHandle handle) { Instruction ins = handle.getInstruction(); if (!(ins instanceof ExceptionThrower)) return false; if (ins instanceof NEW) return false; // if (ins instanceof ATHROW) return false; if (ins instanceof GETSTATIC) return false; if (ins instanceof PUTSTATIC) return false; if (ins instanceof ReturnInstruction) return false; if (ins instanceof INSTANCEOF) return false; if (ins instanceof MONITOREXIT) return false; if (ins instanceof LDC) return false; return true; }
/** Checks if the constraints of operands of the said instruction(s) are satisfied. */ public void visitGETSTATIC(GETSTATIC o){ try { String field_name = o.getFieldName(cpg); JavaClass jc = Repository.lookupClass(o.getClassType(cpg).getClassName()); Field[] fields = jc.getFields(); Field f = null; for (int i=0; i<fields.length; i++){ if (fields[i].getName().equals(field_name)){ f = fields[i]; break; } } if (f == null){ throw new AssertionViolatedException("Field not found?!?"); } if (! (f.isStatic())){ constraintViolated(o, "Referenced field '"+f+"' is not static which it should be."); } } catch (ClassNotFoundException e) { // FIXME: maybe not the best way to handle this throw new AssertionViolatedException("Missing class: " + e.toString()); } }
/** * @param aInstruction * @param aPoolGen */ public GETSTATICReference( GETSTATIC aInstruction, ConstantPoolGen aPoolGen) { super(aInstruction, aPoolGen); }
@Override public void visitGETSTATIC(GETSTATIC obj) { // Scala uses some classes to represent null instances of objects // If we find one of them, we will handle it as a Java Null if (obj.getLoadClassType(getCPG()).getSignature().equals("Lscala/collection/immutable/Nil$;")) { if (FindSecBugsGlobalConfig.getInstance().isDebugTaintState()) { getFrame().pushValue(new Taint(Taint.State.NULL).setDebugInfo("NULL")); } else { getFrame().pushValue(new Taint(Taint.State.NULL)); } } else { super.visitGETSTATIC(obj); } }
private ArrayList<InstructionHandle> getAllObjectLoadInstructions(InstructionList il) { ArrayList<InstructionHandle> objectLoadInstructions = new ArrayList<InstructionHandle>(); InstructionHandle current = il.getStart(); while(current != null) { Instruction instruction = current.getInstruction(); if (instruction instanceof ALOAD || instruction instanceof GETSTATIC) { objectLoadInstructions.add(current); } current = current.getNext(); } return objectLoadInstructions; }
@Override public boolean prescreen(Method method, ClassContext classContext) { if (method.getName().equals("<clinit>")) return false; Code code = method.getCode(); if (code.getCode().length > 5000) return false; BitSet bytecodeSet = classContext.getBytecodeSet(method); if (bytecodeSet == null) return false; // The pattern requires a get/put pair accessing the same field. boolean hasGetStatic = bytecodeSet.get(Constants.GETSTATIC); boolean hasPutStatic = bytecodeSet.get(Constants.PUTSTATIC); if (!hasGetStatic || !hasPutStatic) return false; // If the method is synchronized, then we'll assume that // things are properly synchronized if (method.isSynchronized()) return false; reported.clear(); return true; }
public Stream createStream(Location location, ObjectType type, ConstantPoolGen cpg, RepositoryLookupFailureCallback lookupFailureCallback) { Instruction ins = location.getHandle().getInstruction(); if (ins.getOpcode() != Constants.GETSTATIC) return null; GETSTATIC getstatic = (GETSTATIC) ins; if (!className.equals(getstatic.getClassName(cpg)) || !fieldName.equals(getstatic.getName(cpg)) || !fieldSig.equals(getstatic.getSignature(cpg))) return null; return new Stream(location, type.getClassName(), streamBaseClass).setIgnoreImplicitExceptions(true).setIsOpenOnCreation( true); }
@Override public void visitGETSTATIC(GETSTATIC obj) { Type type = obj.getType(getCPG()); XField xf = XFactory.createXField(obj, cpg); if (xf.isFinal()) { FieldSummary fieldSummary = AnalysisContext.currentAnalysisContext().getFieldSummary(); Item summary = fieldSummary.getSummary(xf); if (summary.isNull()) { pushValue(TypeFrame.getNullType()); return; } String slashedClassName = ClassName.fromFieldSignature(type.getSignature()); if (slashedClassName != null) { String dottedClassName = ClassName.toDottedClassName(slashedClassName); if (DEFAULT_SUSPICIOUS_SET.contains(dottedClassName)) { type = new FinalConstant(dottedClassName, xf); consumeStack(obj); pushValue(type); return; } } } if (type.getSignature().equals(STRING_SIGNATURE)) { handleLoad(obj); } else super.visitGETSTATIC(obj); }
@Override public void visitGETSTATIC(GETSTATIC obj) { ConstantPoolGen cpg = getCPG(); String fieldName = obj.getName(cpg); String fieldSig = obj.getSignature(cpg); ValueNumberFrame frame = getFrame(); if (RLE_DEBUG) { System.out.println("GETSTATIC of " + fieldName + " : " + fieldSig); } // Is this an access of a Class object? if (fieldName.startsWith("class$") && fieldSig.equals("Ljava/lang/Class;")) { String className = fieldName.substring("class$".length()).replace('$', '.'); if (RLE_DEBUG) System.out.println("[found load of class object " + className + "]"); ValueNumber value = factory.getClassObjectValue(className); frame.pushValue(value); return; } XField xfield = Hierarchy.findXField(obj, getCPG()); if (xfield != null) { if (xfield.isVolatile()) getFrame().killAllLoads(); if (doRedundantLoadElimination()) { loadStaticField(xfield, obj); return; } } handleNormalInstruction(obj); }
@Override public void visitGETSTATIC(GETSTATIC obj) { if (getNumWordsProduced(obj) != 1) { super.visitGETSTATIC(obj); return; } if (checkForKnownValue(obj)) { return; } XField field = XFactory.createXField(obj, cpg); if (field.isFinal()) { Item summary = AnalysisContext.currentAnalysisContext().getFieldSummary().getSummary(field); if (summary.isNull()) { produce(IsNullValue.nullValue()); return; } } if (field.getClassName().equals("java.util.logging.Level") && field.getName().equals("SEVERE") || field.getClassName().equals("org.apache.log4j.Level") && (field.getName().equals("ERROR") || field.getName().equals("FATAL"))) getFrame().toExceptionValues(); if (field.getName().startsWith("class$")) { produce(IsNullValue.nonNullValue()); return; } NullnessAnnotation annotation = AnalysisContext.currentAnalysisContext().getNullnessAnnotationDatabase() .getResolvedAnnotation(field, false); if (annotation == NullnessAnnotation.NONNULL) { modelNormalInstruction(obj, getNumWordsConsumed(obj), 0); produce(IsNullValue.nonNullValue()); } else if (annotation == NullnessAnnotation.CHECK_FOR_NULL) { modelNormalInstruction(obj, getNumWordsConsumed(obj), 0); produce(IsNullValue.nullOnSimplePathValue().markInformationAsComingFromFieldValue(field)); } else { super.visitGETSTATIC(obj); } }
/** @see org.apache.bcel.generic.Visitor */ public void visitGETSTATIC(GETSTATIC aGETSTATIC) { addFieldReference( new GETSTATICReference(aGETSTATIC, mCurrentPoolGen)); }
/** * Is the given instruction a read of a field? * * @param ins * the Instruction to check * @param cpg * ConstantPoolGen of the method containing the instruction * @return the Field if the instruction is a read of a field, null otherwise */ public static FieldAnnotation isRead(Instruction ins, ConstantPoolGen cpg) { if (ins instanceof GETFIELD || ins instanceof GETSTATIC) { FieldInstruction fins = (FieldInstruction) ins; String className = fins.getClassName(cpg); return new FieldAnnotation(className, fins.getName(cpg), fins.getSignature(cpg), fins instanceof GETSTATIC); } else return null; }
