Warn about call graph imprecision if an unlikely use of
Function.prototype.call is detected. git-svn-id: https://wala.svn.sourceforge.net/svnroot/wala/trunk@4380 f5eafffb-2e1d-0410-98e4-8ec43c5233c4
This commit is contained in:
parent
5608a3ce73
commit
0486cea6bb
89
com.ibm.wala.cast.js/source/com/ibm/wala/cast/js/ipa/callgraph/JavaScriptFunctionDotCallTargetSelector.java
Normal file → Executable file
89
com.ibm.wala.cast.js/source/com/ibm/wala/cast/js/ipa/callgraph/JavaScriptFunctionDotCallTargetSelector.java
Normal file → Executable file
|
@ -38,9 +38,17 @@ import com.ibm.wala.cast.tree.CAstSourcePositionMap.Position;
|
|||
*
|
||||
*/
|
||||
public class JavaScriptFunctionDotCallTargetSelector implements MethodTargetSelector {
|
||||
// whether to warn about what looks like constructor invocations of Function.prototype.call
|
||||
// while not impossible, such invocations always result in a TypeError and thus are likely due to imprecise call graph information
|
||||
public static final boolean WARN_ABOUT_NEW_CALL = true;
|
||||
/*
|
||||
* Call graph imprecision often leads to spurious invocations of Function.prototype.call; two common
|
||||
* patterns are invocations of "new" on Function.prototype.call (which in reality would lead to a
|
||||
* type error), and self-applications of Function.prototype.call.
|
||||
*
|
||||
* While neither of these situations is a priori impossible, they are most likely due to analysis
|
||||
* imprecision. If this flag is set to true, we emit a warning when seeing them.
|
||||
*/
|
||||
public static final boolean WARN_ABOUT_IMPRECISE_CALLGRAPH = true;
|
||||
|
||||
public static final boolean DEBUG_SYNTHETIC_CALL_METHODS = false;
|
||||
|
||||
private final MethodTargetSelector base;
|
||||
|
||||
|
@ -59,42 +67,39 @@ public class JavaScriptFunctionDotCallTargetSelector implements MethodTargetSele
|
|||
*/
|
||||
@Override
|
||||
public IMethod getCalleeTarget(CGNode caller, CallSiteReference site, IClass receiver) {
|
||||
<<<<<<< HEAD
|
||||
IMethod method = receiver.getMethod(AstMethodReference.fnSelector);
|
||||
if (method != null) {
|
||||
String s = method.getReference().getDeclaringClass().getName().toString();
|
||||
if (s.equals("Lprologue.js/functionCall")) {
|
||||
return getFunctionCallTarget(caller, site, receiver);
|
||||
=======
|
||||
if (cha.isSubclassOf(receiver, cha.lookupClass(JavaScriptTypes.CodeBody))) {
|
||||
// TODO better way to do this test?
|
||||
String s = receiver.toString();
|
||||
if (s.equals("function Lprologue.js/functionCall")) {
|
||||
/* invoking Function.prototype.call as a constructor results in a TypeError
|
||||
* see ECMA-262 5.1, 15: "None of the built-in functions described in this clause that
|
||||
* are not constructors shall implement the [[Construct]] internal method unless otherwise
|
||||
* specified" */
|
||||
if(!site.getDeclaredTarget().equals(JavaScriptMethods.ctorReference)) {
|
||||
return getFunctionCallTarget(caller, site, receiver);
|
||||
} else {
|
||||
// TODO: we know that this invocation would lead to a type error; how do we express this as a call target?
|
||||
if(WARN_ABOUT_NEW_CALL) {
|
||||
IntIterator indices = caller.getIR().getCallInstructionIndices(site).intIterator();
|
||||
IMethod callerMethod = caller.getMethod();
|
||||
Position pos = null;
|
||||
if(indices.hasNext() && callerMethod instanceof AstMethod) {
|
||||
pos = ((AstMethod)callerMethod).getSourcePosition(indices.next());
|
||||
}
|
||||
System.err.println("Detected constructor call to Function.prototype.call " +
|
||||
(pos == null ? "" : "at position " + pos) +
|
||||
"; this is likely caused by call graph imprecision.");
|
||||
}
|
||||
IMethod target = getFunctionCallTarget(caller, site, receiver);
|
||||
if(target != null)
|
||||
return target;
|
||||
}
|
||||
>>>>>>> Improved target selector for Function.prototype.call to handle cases
|
||||
// if we get here, we either saw an invocation of "call" as a constructor, or an invocation
|
||||
// without receiver object; in either case, this is likely due to bad call graph info
|
||||
if(WARN_ABOUT_IMPRECISE_CALLGRAPH)
|
||||
warnAboutImpreciseCallGraph(caller, site);
|
||||
}
|
||||
}
|
||||
return base.getCalleeTarget(caller, site, receiver);
|
||||
}
|
||||
|
||||
protected void warnAboutImpreciseCallGraph(CGNode caller, CallSiteReference site) {
|
||||
IntIterator indices = caller.getIR().getCallInstructionIndices(site).intIterator();
|
||||
IMethod callerMethod = caller.getMethod();
|
||||
Position pos = null;
|
||||
if(indices.hasNext() && callerMethod instanceof AstMethod) {
|
||||
pos = ((AstMethod)callerMethod).getSourcePosition(indices.next());
|
||||
}
|
||||
System.err.println("Detected improbable call to Function.prototype.call " +
|
||||
(pos == null ? "in function " + caller.getMethod() : "at position " + pos) +
|
||||
"; this is likely caused by call graph imprecision.");
|
||||
}
|
||||
|
||||
private static final boolean SEPARATE_SYNTHETIC_METHOD_PER_SITE = true;
|
||||
|
||||
|
@ -115,14 +120,28 @@ public class JavaScriptFunctionDotCallTargetSelector implements MethodTargetSele
|
|||
private IMethod getFunctionCallTarget(CGNode caller, CallSiteReference site, IClass receiver) {
|
||||
int nargs = getNumberOfArgsPassed(caller, site);
|
||||
if(nargs < 2)
|
||||
Assertions.UNREACHABLE("Call to Function.prototype.call without receiver; this shouldn't be possible.");
|
||||
Object key = getKey(nargs, caller, site);
|
||||
return null;
|
||||
String key = getKey(nargs, caller, site);
|
||||
if (callModels.containsKey(key)) {
|
||||
return callModels.get(key);
|
||||
}
|
||||
JSInstructionFactory insts = (JSInstructionFactory) receiver.getClassLoader().getInstructionFactory();
|
||||
MethodReference ref = genSyntheticMethodRef(receiver, nargs, key);
|
||||
JavaScriptSummary S = new JavaScriptSummary(ref, nargs);
|
||||
|
||||
if(WARN_ABOUT_IMPRECISE_CALLGRAPH && caller.getMethod().getName().toString().contains(SYNTHETIC_CALL_METHOD_PREFIX))
|
||||
warnAboutImpreciseCallGraph(caller, site);
|
||||
|
||||
// print information about where the method was created if desired
|
||||
if(DEBUG_SYNTHETIC_CALL_METHODS) {
|
||||
IMethod method = caller.getMethod();
|
||||
if(method instanceof AstMethod) {
|
||||
int line = ((AstMethod)method).getLineNumber(caller.getIR().getCallInstructionIndices(site).intIterator().next());
|
||||
System.err.println("creating " + ref.getName() + " at line " + line + " in " + caller);
|
||||
} else {
|
||||
System.err.println("creating " + ref.getName() + " in " + method.getName());
|
||||
}
|
||||
}
|
||||
|
||||
// generate invocation instruction for the real method being invoked
|
||||
int resultVal = nargs + 2;
|
||||
|
@ -147,24 +166,18 @@ public class JavaScriptFunctionDotCallTargetSelector implements MethodTargetSele
|
|||
|
||||
public static final String SYNTHETIC_CALL_METHOD_PREFIX = "$$ call_";
|
||||
|
||||
private MethodReference genSyntheticMethodRef(IClass receiver, int nargs, Object key) {
|
||||
Atom atom = null;
|
||||
if (key instanceof Pair) {
|
||||
Pair p = (Pair) key;
|
||||
atom = Atom.findOrCreateUnicodeAtom(SYNTHETIC_CALL_METHOD_PREFIX + p.fst + "_" + p.snd);
|
||||
} else {
|
||||
atom = Atom.findOrCreateUnicodeAtom(SYNTHETIC_CALL_METHOD_PREFIX + nargs);
|
||||
}
|
||||
private MethodReference genSyntheticMethodRef(IClass receiver, int nargs, String key) {
|
||||
Atom atom = Atom.findOrCreateUnicodeAtom(SYNTHETIC_CALL_METHOD_PREFIX + key);
|
||||
Descriptor desc = Descriptor.findOrCreateUTF8(JavaScriptLoader.JS, "()LRoot;");
|
||||
MethodReference ref = MethodReference.findOrCreate(receiver.getReference(), atom, desc);
|
||||
return ref;
|
||||
}
|
||||
|
||||
private Object getKey(int nargs, CGNode caller, CallSiteReference site) {
|
||||
private String getKey(int nargs, CGNode caller, CallSiteReference site) {
|
||||
if (SEPARATE_SYNTHETIC_METHOD_PER_SITE) {
|
||||
return Pair.make(caller.getGraphNodeId(), site.getProgramCounter());
|
||||
return Util.getShortName(caller) + "_" + caller.getGraphNodeId() + "_" + site.getProgramCounter();
|
||||
} else {
|
||||
return nargs;
|
||||
return ""+nargs;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue