search

cs-au-dk / jelly

JavaScript/TypeScript static analyzer for call graph construction, library usage pattern matching, and vulnerability exposure analysis
MIT License
317 stars 22 forks source link

Loop call? Maybe it is a mistake #18

Closed Hellozaq closed 4 months ago

Hellozaq commented 4 months ago

Hello, I had just found that there is a loop call in the output callgraph webpage. Afterwards, I checked the code and found that it did not exist.

The analyzed package is openbadges-issuer@0.4.0.

For example, here is one of the non-existent call edges, which is from createCache to choices.js: image

And this is the source code of 'lodash@2.4.2:dist/lodash.js:292:3:createCache':

function createCache(array) {
    var index = -1,
        length = array.length,
        first = array[0],
        mid = array[(length / 2) | 0],
        last = array[length - 1];

    if (first && typeof first == 'object' &&
        mid && typeof mid == 'object' && last && typeof last == 'object') {
      return false;
    }
    var cache = getObject();
    cache['false'] = cache['null'] = cache['true'] = cache['undefined'] = false;

    var result = getObject();
    result.array = array;
    result.cache = cache;
    result.push = cachePush;

    while (++index < length) {
      result.push(array[index]);
    }
    return result;
  }
amoeller commented 4 months ago

Running Jelly with --callgraph does show some (possibly spurious) call edges from createCache to choices.js:

node_modules/lodash/dist/lodash.js:294:18:294:30 -> node_modules/inquirer/lib/objects/choices.js:39:10
node_modules/lodash/dist/lodash.js:312:7:312:32 -> node_modules/inquirer/lib/objects/choices.js:25:34
node_modules/lodash/dist/lodash.js:312:7:312:32 -> node_modules/inquirer/lib/objects/choices.js:120:32
node_modules/lodash/dist/lodash.js:312:7:312:32 -> node_modules/inquirer/lib/objects/choices.js:119:26
Hellozaq commented 4 months ago

Running Jelly with --callgraph does show some (possibly spurious) call edges from createCache to choices.js:

node_modules/lodash/dist/lodash.js:294:18:294:30 -> node_modules/inquirer/lib/objects/choices.js:39:10
node_modules/lodash/dist/lodash.js:312:7:312:32 -> node_modules/inquirer/lib/objects/choices.js:25:34
node_modules/lodash/dist/lodash.js:312:7:312:32 -> node_modules/inquirer/lib/objects/choices.js:120:32
node_modules/lodash/dist/lodash.js:312:7:312:32 -> node_modules/inquirer/lib/objects/choices.js:119:26

Sorry, I don't understand what you meant by "spurious". So is it a bug? Here is the source code in node_modules/lodash/dist/lodash.js. In 294:18:294:30, it just get the length of the input array. image

amoeller commented 4 months ago

No, it's not a bug. Some amount of imprecision is unavoidable - determining the exact call graphs is undecidable.