ControlFlowGraph.java

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
 */
package org.apache.bcel.verifier.structurals;


import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

import org.apache.bcel.generic.ATHROW;
import org.apache.bcel.generic.BranchInstruction;
import org.apache.bcel.generic.GotoInstruction;
import org.apache.bcel.generic.Instruction;
import org.apache.bcel.generic.InstructionHandle;
import org.apache.bcel.generic.JsrInstruction;
import org.apache.bcel.generic.MethodGen;
import org.apache.bcel.generic.RET;
import org.apache.bcel.generic.ReturnInstruction;
import org.apache.bcel.generic.Select;
import org.apache.bcel.verifier.exc.AssertionViolatedException;
import org.apache.bcel.verifier.exc.StructuralCodeConstraintException;

/**
 * This class represents a control flow graph of a method.
 *
 * @version $Id: ControlFlowGraph.java 1806200 2017-08-25 16:33:06Z ggregory $
 */
public class ControlFlowGraph{

    /**
     * Objects of this class represent a node in a ControlFlowGraph.
     * These nodes are instructions, not basic blocks.
     */
    private class InstructionContextImpl implements InstructionContext{

        /**
         * The TAG field is here for external temporary flagging, such
         * as graph colouring.
         *
         * @see #getTag()
         * @see #setTag(int)
         */
        private int TAG;

        /**
         * The InstructionHandle this InstructionContext is wrapped around.
         */
        private final InstructionHandle instruction;

        /**
         * The 'incoming' execution Frames.
         */
        private final Map<InstructionContext, Frame> inFrames;    // key: the last-executed JSR

        /**
         * The 'outgoing' execution Frames.
         */
        private final Map<InstructionContext, Frame> outFrames; // key: the last-executed JSR

        /**
         * The 'execution predecessors' - a list of type InstructionContext
         * of those instances that have been execute()d before in that order.
         */
        private List<InstructionContext> executionPredecessors = null; // Type: InstructionContext

        /**
         * Creates an InstructionHandleImpl object from an InstructionHandle.
         * Creation of one per InstructionHandle suffices. Don't create more.
         */
        public InstructionContextImpl(final InstructionHandle inst) {
            if (inst == null) {
                throw new AssertionViolatedException("Cannot instantiate InstructionContextImpl from NULL.");
            }

            instruction = inst;
            inFrames = new HashMap<>();
            outFrames = new HashMap<>();
        }

        /* Satisfies InstructionContext.getTag(). */
        @Override
        public int getTag() {
            return TAG;
        }

        /* Satisfies InstructionContext.setTag(int). */
        @Override
        public void setTag(final int tag) { // part of InstructionContext interface
            TAG = tag;
        }

        /**
         * Returns the exception handlers of this instruction.
         */
        @Override
        public ExceptionHandler[] getExceptionHandlers() {
            return exceptionhandlers.getExceptionHandlers(getInstruction());
        }

        /**
         * Returns a clone of the "outgoing" frame situation with respect to the given ExecutionChain.
         */
        @Override
        public Frame getOutFrame(final ArrayList<InstructionContext> execChain) {
            executionPredecessors = execChain;

            Frame org;

            final InstructionContext jsr = lastExecutionJSR();

            org = outFrames.get(jsr);

            if (org == null) {
                throw new AssertionViolatedException(
                    "outFrame not set! This:\n"+this+"\nExecutionChain: "+getExecutionChain()+"\nOutFrames: '"+outFrames+"'.");
            }
            return org.getClone();
        }

    @Override
    public Frame getInFrame() {
          Frame org;

            final InstructionContext jsr = lastExecutionJSR();

            org = inFrames.get(jsr);

            if (org == null) {
                throw new AssertionViolatedException("inFrame not set! This:\n"+this+"\nInFrames: '"+inFrames+"'.");
      }
      return org.getClone();
    }

        /**
         * "Merges in" (vmspec2, page 146) the "incoming" frame situation;
         * executes the instructions symbolically
         * and therefore calculates the "outgoing" frame situation.
         * Returns: True iff the "incoming" frame situation changed after
         * merging with "inFrame".
         * The execPreds ArrayList must contain the InstructionContext
         * objects executed so far in the correct order. This is just
         * one execution path [out of many]. This is needed to correctly
         * "merge" in the special case of a RET's successor.
         * <B>The InstConstraintVisitor and ExecutionVisitor instances
         * must be set up correctly.</B>
         * @return true - if and only if the "outgoing" frame situation
         * changed from the one before execute()ing.
         */
        @Override
        public boolean execute(final Frame inFrame, final ArrayList<InstructionContext> execPreds, final InstConstraintVisitor icv, final ExecutionVisitor ev) {

            @SuppressWarnings("unchecked") // OK because execPreds is compatible type
            final List<InstructionContext> clone = (List<InstructionContext>) execPreds.clone();
            executionPredecessors = clone;

            //sanity check
            if ( (lastExecutionJSR() == null) && (subroutines.subroutineOf(getInstruction()) != subroutines.getTopLevel() ) ) {
                throw new AssertionViolatedException("Huh?! Am I '"+this+"' part of a subroutine or not?");
            }
            if ( (lastExecutionJSR() != null) && (subroutines.subroutineOf(getInstruction()) == subroutines.getTopLevel() ) ) {
                throw new AssertionViolatedException("Huh?! Am I '"+this+"' part of a subroutine or not?");
            }

            Frame inF = inFrames.get(lastExecutionJSR());
            if (inF == null) {// no incoming frame was set, so set it.
                inFrames.put(lastExecutionJSR(), inFrame);
                inF = inFrame;
            }
            else{// if there was an "old" inFrame
                if (inF.equals(inFrame)) { //shortcut: no need to merge equal frames.
                    return false;
                }
                if (! mergeInFrames(inFrame)) {
                    return false;
                }
            }

            // Now we're sure the inFrame has changed!

            // new inFrame is already merged in, see above.
            final Frame workingFrame = inF.getClone();

            try{
                // This verifies the InstructionConstraint for the current
                // instruction, but does not modify the workingFrame object.
//InstConstraintVisitor icv = InstConstraintVisitor.getInstance(VerifierFactory.getVerifier(method_gen.getClassName()));
                icv.setFrame(workingFrame);
                getInstruction().accept(icv);
            }
            catch(final StructuralCodeConstraintException ce) {
                ce.extendMessage("","\nInstructionHandle: "+getInstruction()+"\n");
                ce.extendMessage("","\nExecution Frame:\n"+workingFrame);
                extendMessageWithFlow(ce);
                throw ce;
            }

            // This executes the Instruction.
            // Therefore the workingFrame object is modified.
//ExecutionVisitor ev = ExecutionVisitor.getInstance(VerifierFactory.getVerifier(method_gen.getClassName()));
            ev.setFrame(workingFrame);
            getInstruction().accept(ev);
            //getInstruction().accept(ExecutionVisitor.withFrame(workingFrame));
            outFrames.put(lastExecutionJSR(), workingFrame);

            return true;    // new inFrame was different from old inFrame so merging them
                                        // yielded a different this.inFrame.
        }

        /**
         * Returns a simple String representation of this InstructionContext.
         */
        @Override
        public String toString() {
        //TODO: Put information in the brackets, e.g.
        //      Is this an ExceptionHandler? Is this a RET? Is this the start of
        //      a subroutine?
            final String ret = getInstruction().toString(false)+"\t[InstructionContext]";
            return ret;
        }

        /**
         * Does the actual merging (vmspec2, page 146).
         * Returns true IFF this.inFrame was changed in course of merging with inFrame.
         */
        private boolean mergeInFrames(final Frame inFrame) {
            // TODO: Can be performance-improved.
            final Frame inF = inFrames.get(lastExecutionJSR());
            final OperandStack oldstack = inF.getStack().getClone();
            final LocalVariables oldlocals = inF.getLocals().getClone();
            try {
                inF.getStack().merge(inFrame.getStack());
                inF.getLocals().merge(inFrame.getLocals());
            } catch (final StructuralCodeConstraintException sce) {
                extendMessageWithFlow(sce);
                throw sce;
            }
            return !(oldstack.equals(inF.getStack()) && oldlocals.equals(inF.getLocals()));
        }

        /**
         * Returns the control flow execution chain. This is built
         * while execute(Frame, ArrayList)-ing the code represented
         * by the surrounding ControlFlowGraph.
         */
        private String getExecutionChain() {
            String s = this.toString();
            for (int i=executionPredecessors.size()-1; i>=0; i--) {
                s = executionPredecessors.get(i)+"\n" + s;
            }
            return s;
        }


        /**
         * Extends the StructuralCodeConstraintException ("e") object with an at-the-end-extended message.
         * This extended message will then reflect the execution flow needed to get to the constraint
         * violation that triggered the throwing of the "e" object.
         */
        private void extendMessageWithFlow(final StructuralCodeConstraintException e) {
            final String s = "Execution flow:\n";
            e.extendMessage("", s+getExecutionChain());
        }

        /*
         * Fulfils the contract of InstructionContext.getInstruction().
         */
        @Override
        public InstructionHandle getInstruction() {
            return instruction;
        }

        /**
         * Returns the InstructionContextImpl with an JSR/JSR_W
         * that was last in the ExecutionChain, without
         * a corresponding RET, i.e.
         * we were called by this one.
         * Returns null if we were called from the top level.
         */
        private InstructionContextImpl lastExecutionJSR() {

            final int size = executionPredecessors.size();
            int retcount = 0;

            for (int i=size-1; i>=0; i--) {
                final InstructionContextImpl current = (InstructionContextImpl) (executionPredecessors.get(i));
                final Instruction currentlast = current.getInstruction().getInstruction();
                if (currentlast instanceof RET) {
                    retcount++;
                }
                if (currentlast instanceof JsrInstruction) {
                    retcount--;
                    if (retcount == -1) {
                        return current;
                    }
                }
            }
            return null;
        }

        /* Satisfies InstructionContext.getSuccessors(). */
        @Override
        public InstructionContext[] getSuccessors() {
            return contextsOf(_getSuccessors());
        }

        /**
         * A utility method that calculates the successors of a given InstructionHandle
         * That means, a RET does have successors as defined here.
         * A JsrInstruction has its target as its successor
         * (opposed to its physical successor) as defined here.
         */
// TODO: implement caching!
        private InstructionHandle[] _getSuccessors() {
            final InstructionHandle[] empty = new InstructionHandle[0];
            final InstructionHandle[] single = new InstructionHandle[1];

            final Instruction inst = getInstruction().getInstruction();

            if (inst instanceof RET) {
                final Subroutine s = subroutines.subroutineOf(getInstruction());
                if (s==null) { //return empty;
                    // RET in dead code. "empty" would be the correct answer, but we know something about the surrounding project...
                    throw new AssertionViolatedException("Asking for successors of a RET in dead code?!");
                }

//TODO: remove. Only JustIce must not use it, but foreign users of the ControlFlowGraph
//      will want it. Thanks Johannes Wust.
//throw new AssertionViolatedException("DID YOU REALLY WANT TO ASK FOR RET'S SUCCS?");

                final InstructionHandle[] jsrs = s.getEnteringJsrInstructions();
                final InstructionHandle[] ret = new InstructionHandle[jsrs.length];
                for (int i=0; i<jsrs.length; i++) {
                    ret[i] = jsrs[i].getNext();
                }
                return ret;
            }

            // Terminates method normally.
            if (inst instanceof ReturnInstruction) {
                return empty;
            }

            // Terminates method abnormally, because JustIce mandates
            // subroutines not to be protected by exception handlers.
            if (inst instanceof ATHROW) {
                return empty;
            }

            // See method comment.
            if (inst instanceof JsrInstruction) {
                single[0] = ((JsrInstruction) inst).getTarget();
                return single;
            }

            if (inst instanceof GotoInstruction) {
                single[0] = ((GotoInstruction) inst).getTarget();
                return single;
            }

            if (inst instanceof BranchInstruction) {
                if (inst instanceof Select) {
                    // BCEL's getTargets() returns only the non-default targets,
                    // thanks to Eli Tilevich for reporting.
                    final InstructionHandle[] matchTargets = ((Select) inst).getTargets();
                    final InstructionHandle[] ret = new InstructionHandle[matchTargets.length+1];
                    ret[0] = ((Select) inst).getTarget();
                    System.arraycopy(matchTargets, 0, ret, 1, matchTargets.length);
                    return ret;
                }
                final InstructionHandle[] pair = new InstructionHandle[2];
                pair[0] = getInstruction().getNext();
                pair[1] = ((BranchInstruction) inst).getTarget();
                return pair;
            }

            // default case: Fall through.
            single[0] = getInstruction().getNext();
            return single;
        }

    } // End Inner InstructionContextImpl Class.

    ///** The MethodGen object we're working on. */
    //private final MethodGen method_gen;

    /** The Subroutines object for the method whose control flow is represented by this ControlFlowGraph. */
    private final Subroutines subroutines;

    /** The ExceptionHandlers object for the method whose control flow is represented by this ControlFlowGraph. */
    private final ExceptionHandlers exceptionhandlers;

    /** All InstructionContext instances of this ControlFlowGraph. */
    private final Map<InstructionHandle, InstructionContext> instructionContexts = new HashMap<>();

    /**
     * A Control Flow Graph; with additional JustIce checks
     * @param  method_gen the method generator instance
     */
    public ControlFlowGraph(final MethodGen method_gen) {
        this(method_gen, true);
    }

    /**
     * A Control Flow Graph.
     * @param  method_gen the method generator instance
     * @param enableJustIceCheck if true, additional JustIce checks are performed
     * @since 6.0
     */
    public ControlFlowGraph(final MethodGen method_gen, final boolean enableJustIceCheck) {
        subroutines = new Subroutines(method_gen, enableJustIceCheck);
        exceptionhandlers = new ExceptionHandlers(method_gen);

        final InstructionHandle[] instructionhandles = method_gen.getInstructionList().getInstructionHandles();
        for (final InstructionHandle instructionhandle : instructionhandles) {
            instructionContexts.put(instructionhandle, new InstructionContextImpl(instructionhandle));
        }

        //this.method_gen = method_gen;
    }

    /**
     * Returns the InstructionContext of a given instruction.
     */
    public InstructionContext contextOf(final InstructionHandle inst) {
        final InstructionContext ic = instructionContexts.get(inst);
        if (ic == null) {
            throw new AssertionViolatedException("InstructionContext requested for an InstructionHandle that's not known!");
        }
        return ic;
    }

    /**
     * Returns the InstructionContext[] of a given InstructionHandle[],
     * in a naturally ordered manner.
     */
    public InstructionContext[] contextsOf(final InstructionHandle[] insts) {
        final InstructionContext[] ret = new InstructionContext[insts.length];
        for (int i=0; i<insts.length; i++) {
            ret[i] = contextOf(insts[i]);
        }
        return ret;
    }

    /**
     * Returns an InstructionContext[] with all the InstructionContext instances
     * for the method whose control flow is represented by this ControlFlowGraph
     * <B>(NOT ORDERED!)</B>.
     */
    public InstructionContext[] getInstructionContexts() {
        final InstructionContext[] ret = new InstructionContext[instructionContexts.values().size()];
        return instructionContexts.values().toArray(ret);
    }

    /**
     * Returns true, if and only if the said instruction is not reachable; that means,
     * if it is not part of this ControlFlowGraph.
     */
    public boolean isDead(final InstructionHandle i) {
        return subroutines.subroutineOf(i) == null;
    }
}