search

CodeShield-Security / SPDS

Efficient and Precise Pointer-Tracking Data-Flow Framework
Eclipse Public License 2.0
66 stars 12 forks source link

AllocationSites and Aliases not found when there is a call to an empty method #32

Open kadirayk opened 2 years ago

kadirayk commented 2 years ago

For the following target program:

public final class V {

  static Vector v;

  public static void main(String[] args) {
    Vector x = new Vector();
    v = x;
    foo();
    v.firstElement();
  }

  public static void foo() {
  }
}

I create an alias query at v.firstElement():

BackwardQuery: 

($stack3 (target.typestate.microbenchmark.vector.V.<target.typestate.microbenchmark.vector.V: void main(java.lang.String[])>),
$stack3.firstElement() -> return)

After query solving I get:

getAllocationSites:
{}

getAllAliases:
[]

But if I remove the empty method call, it works as expected:

public final class V {

  static Vector v;

  public static void main(String[] args) {
    Vector x = new Vector();
    v = x;
    //foo();
    v.firstElement();
  }

  public static void foo() {
  }
}

I create an alias query at v.firstElement():

The Same BackwardQuery: 

($stack3 (target.typestate.microbenchmark.vector.V.<target.typestate.microbenchmark.vector.V: void main(java.lang.String[])>),
$stack3.firstElement() -> return)

After query solving I get:

getAllocationSites:
{ForwardQuery: ($stack2 (target.typestate.microbenchmark.vector.V.<target.typestate.microbenchmark.vector.V: void main(java.lang.String[])>),
$stack2 = new Vector -> $stack2.<init>())=boomerang.results.AbstractBoomerangResults$Context@e307c342}

getAllAliases:
[$stack3 (target.typestate.microbenchmark.vector.V.<target.typestate.microbenchmark.vector.V: void main(java.lang.String[])>), 
$stack2 (target.typestate.microbenchmark.vector.V.<target.typestate.microbenchmark.vector.V: void main(java.lang.String[])>), 
x (target.typestate.microbenchmark.vector.V.<target.typestate.microbenchmark.vector.V: void main(java.lang.String[])>),
StaticField: v<target.typestate.microbenchmark.vector.V: void main(java.lang.String[])>]

I am not sure if my configuration is wrong. I use the following bomerang options:

static class BoomerangOptions extends DefaultBoomerangOptions{
    @Override
    public boolean onTheFlyCallGraph() {
        return false;
    }

    public StaticFieldStrategy getStaticFieldStrategy() {
        return StaticFieldStrategy.FLOW_SENSITIVE;
    };

    @Override
    public boolean allowMultipleQueries() {
        return true;
    }

    @Override
    public boolean throwFlows() {
        return true;
    }

    @Override
    public boolean trackAnySubclassOfThrowable() {
        return true;
    }
}