All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.ibm.wala.cast.js.ipa.callgraph.JavaScriptFunctionDotCallTargetSelector Maven / Gradle / Ivy

There is a newer version: 1.6.7
Show newest version
/*
 * Copyright (c) 2013 IBM Corporation.
 * All rights reserved. This program and the accompanying materials
 * are made available under the terms of the Eclipse Public License v1.0
 * which accompanies this distribution, and is available at
 * http://www.eclipse.org/legal/epl-v10.html
 *
 * Contributors:
 *     IBM Corporation - initial API and implementation
 */
package com.ibm.wala.cast.js.ipa.callgraph;

import com.ibm.wala.cast.ipa.callgraph.CAstCallGraphUtil;
import com.ibm.wala.cast.js.ipa.summaries.JavaScriptSummarizedFunction;
import com.ibm.wala.cast.js.ipa.summaries.JavaScriptSummary;
import com.ibm.wala.cast.js.loader.JavaScriptLoader;
import com.ibm.wala.cast.js.ssa.JSInstructionFactory;
import com.ibm.wala.cast.js.types.JavaScriptMethods;
import com.ibm.wala.cast.js.types.JavaScriptTypes;
import com.ibm.wala.cast.loader.AstMethod;
import com.ibm.wala.cast.loader.DynamicCallSiteReference;
import com.ibm.wala.cast.tree.CAstSourcePositionMap.Position;
import com.ibm.wala.cast.types.AstMethodReference;
import com.ibm.wala.classLoader.CallSiteReference;
import com.ibm.wala.classLoader.IClass;
import com.ibm.wala.classLoader.IMethod;
import com.ibm.wala.core.util.strings.Atom;
import com.ibm.wala.ipa.callgraph.CGNode;
import com.ibm.wala.ipa.callgraph.MethodTargetSelector;
import com.ibm.wala.ssa.IR;
import com.ibm.wala.ssa.SSAAbstractInvokeInstruction;
import com.ibm.wala.types.Descriptor;
import com.ibm.wala.types.MethodReference;
import com.ibm.wala.types.TypeName;
import com.ibm.wala.util.collections.HashMapFactory;
import com.ibm.wala.util.intset.IntIterator;
import java.util.Map;

/**
 * Generate IR to model Function.call()
 *
 * @see MDN
 *     Function.call() docs
 * @author manu
 */
public class JavaScriptFunctionDotCallTargetSelector implements MethodTargetSelector {
  /*
   * Call graph imprecision often leads to spurious invocations of Function.prototype.call; two common
   * patterns are invocations of "new" on Function.prototype.call (which in reality would lead to a
   * type error), and self-applications of Function.prototype.call.
   *
   * While neither of these situations is a priori impossible, they are most likely due to analysis
   * imprecision. If this flag is set to true, we emit a warning when seeing them.
   */
  public static boolean WARN_ABOUT_IMPRECISE_CALLGRAPH = true;

  public static final boolean DEBUG_SYNTHETIC_CALL_METHODS = false;

  private static final TypeName CALL_TYPE_NAME =
      TypeName.findOrCreate("Lprologue.js/Function_prototype_call");
  private final MethodTargetSelector base;

  public JavaScriptFunctionDotCallTargetSelector(MethodTargetSelector base) {
    this.base = base;
  }

  /*
   * (non-Javadoc)
   *
   * @see
   * com.ibm.wala.ipa.callgraph.MethodTargetSelector#getCalleeTarget(com.ibm
   * .wala.ipa.callgraph.CGNode, com.ibm.wala.classLoader.CallSiteReference,
   * com.ibm.wala.classLoader.IClass)
   */
  @Override
  public IMethod getCalleeTarget(CGNode caller, CallSiteReference site, IClass receiver) {
    IMethod method = receiver.getMethod(AstMethodReference.fnSelector);
    if (method != null) {
      TypeName tn = method.getReference().getDeclaringClass().getName();
      if (tn.equals(CALL_TYPE_NAME)) {
        /* invoking Function.prototype.call as a constructor results in a TypeError
         * see ECMA-262 5.1, 15: "None of the built-in functions described in this clause that
         *   are not constructors shall implement the [[Construct]] internal method unless otherwise
         *   specified" */
        if (!site.getDeclaredTarget().equals(JavaScriptMethods.ctorReference)) {
          IMethod target = getFunctionCallTarget(caller, site, receiver);
          if (target != null) return target;
        }
        // if we get here, we either saw an invocation of "call" as a constructor, or an invocation
        // without receiver object; in either case, this is likely due to bad call graph info
        if (WARN_ABOUT_IMPRECISE_CALLGRAPH) warnAboutImpreciseCallGraph(caller, site);
      }
    }
    return base.getCalleeTarget(caller, site, receiver);
  }

  protected void warnAboutImpreciseCallGraph(CGNode caller, CallSiteReference site) {
    IntIterator indices = caller.getIR().getCallInstructionIndices(site).intIterator();
    IMethod callerMethod = caller.getMethod();
    Position pos = null;
    if (indices.hasNext() && callerMethod instanceof AstMethod) {
      pos = ((AstMethod) callerMethod).getSourcePosition(indices.next());
    }
    System.err.println(
        "Detected improbable call to Function.prototype.call "
            + (pos == null ? "in function " + caller : "at position " + pos)
            + "; this is likely caused by call graph imprecision.");
  }

  private static final boolean SEPARATE_SYNTHETIC_METHOD_PER_SITE = false;

  /** cache synthetic method for each arity of Function.call() invocation */
  private final Map callModels = HashMapFactory.make();

  /** generate a synthetic method modeling the invocation of Function.call() at the site */
  private IMethod getFunctionCallTarget(CGNode caller, CallSiteReference site, IClass receiver) {
    int nargs = getNumberOfArgsPassed(caller, site);
    if (nargs < 2) return null;
    String key = getKey(nargs, caller, site);
    if (callModels.containsKey(key)) {
      return callModels.get(key);
    }
    JSInstructionFactory insts =
        (JSInstructionFactory) receiver.getClassLoader().getInstructionFactory();
    MethodReference ref = genSyntheticMethodRef(receiver, key);
    JavaScriptSummary S = new JavaScriptSummary(ref, nargs);

    if (WARN_ABOUT_IMPRECISE_CALLGRAPH
        && caller.getMethod().getName().toString().contains(SYNTHETIC_CALL_METHOD_PREFIX))
      warnAboutImpreciseCallGraph(caller, site);

    // print information about where the method was created if desired
    if (DEBUG_SYNTHETIC_CALL_METHODS) {
      IMethod method = caller.getMethod();
      if (method instanceof AstMethod) {
        int line =
            ((AstMethod) method)
                .getLineNumber(caller.getIR().getCallInstructionIndices(site).intIterator().next());
        System.err.println("creating " + ref.getName() + " at line " + line + " in " + caller);
      } else {
        System.err.println("creating " + ref.getName() + " in " + method.getName());
      }
    }

    // generate invocation instruction for the real method being invoked
    int resultVal = nargs + 2;
    CallSiteReference cs =
        new DynamicCallSiteReference(JavaScriptTypes.CodeBody, S.getNumberOfStatements());
    int[] params = new int[nargs - 2];
    // add 3 to skip v1 (which points to Function.call() itself) and v2 (the
    // real function being invoked)
    for (int i = 0; i < params.length; i++) {
      params[i] = i + 3;
    }
    // function being invoked is in v2
    S.addStatement(
        insts.Invoke(S.getNumberOfStatements(), 2, resultVal, params, resultVal + 1, cs));
    S.getNumberOfStatements();

    S.addStatement(insts.ReturnInstruction(S.getNumberOfStatements(), resultVal, false));
    S.getNumberOfStatements();

    JavaScriptSummarizedFunction t = new JavaScriptSummarizedFunction(ref, S, receiver);
    callModels.put(key, t);
    return t;
  }

  public static final String SYNTHETIC_CALL_METHOD_PREFIX = "$$ call_";

  private static MethodReference genSyntheticMethodRef(IClass receiver, String key) {
    Atom atom = Atom.findOrCreateUnicodeAtom(SYNTHETIC_CALL_METHOD_PREFIX + key);
    Descriptor desc = Descriptor.findOrCreateUTF8(JavaScriptLoader.JS, "()LRoot;");
    MethodReference ref = MethodReference.findOrCreate(receiver.getReference(), atom, desc);
    return ref;
  }

  private static String getKey(int nargs, CGNode caller, CallSiteReference site) {
    if (SEPARATE_SYNTHETIC_METHOD_PER_SITE) {
      return CAstCallGraphUtil.getShortName(caller)
          + '_'
          + caller.getGraphNodeId()
          + '_'
          + site.getProgramCounter();
    } else {
      return String.valueOf(nargs);
    }
  }

  private static int getNumberOfArgsPassed(CGNode caller, CallSiteReference site) {
    IR callerIR = caller.getIR();
    SSAAbstractInvokeInstruction callStmts[] = callerIR.getCalls(site);
    assert callStmts.length == 1;
    int nargs = callStmts[0].getNumberOfPositionalParameters();
    return nargs;
  }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy