aurore54f / static-pdg-js Goto Github PK
View Code? Open in Web Editor NEWStatic JavaScript Analysis: AST, Control Flow, Data Flow, & Pointer Analysis
License: GNU Affero General Public License v3.0
Static JavaScript Analysis: AST, Control Flow, Data Flow, & Pointer Analysis
License: GNU Affero General Public License v3.0
Hi Aurore,
I notice there may be a bug leading to insufficient data flow relations. Here is an example:
1 function demo(flag){
2 if(flag){
3 return true;
4 }
5 else{
6 return false;
7 }
8 }
9 var this_flag = "1".toString(); // this_flag could be anything, we don't know its value when statically analyzing
10 var test_var;
11 if(demo(this_flag)){
12 console.log(test_var);
13 }
14 else{
15 console.log(test_var);
16 }
The variable test_var in line 10 has two data dependency children in line 12 and line 15. However, in the output dfg there is only one of them, which is the child test_var in line 15.
I suppose the problems comes from line 880 in data_flow.py
return_value = None
if function_def.fun_return:
return_value = get_node_value(function_def.fun_return[-1], initial_node=node) #Here
# Last in, only one out
# Beware, NOT get_node_computed_value because we want to compute the value again: the
# previously stored value is the returned value hard coded in the function def before exec
logging.debug('The function %s returns %s', function_name, return_value)
node.set_value(return_value)
where you aggressively pop the last return value. However, the function demo may return two different values(true or false) according to parameter flag.
When we don't know the actual value of this parameter, the return value of demo(this_flag) in line 11 should be set to None instead of false. As the program always fetches the last value (i.e. false) in the func_return, code in true branch(line 12 in this case) would never be analyzed.
Thank you for your time and attention, and for providing such a valuable tool to the community. I look forward to hearing back from you soon.
Best regards,
Yifan
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.