Containers

(5)). In case of method invocation, the target object becomes inside the called method, generating the edge and the value returned by method (if any) flows to the left hand side (pair

eLib example

The following invocations, taken from classLibrary (lines 60, 61):

generate the following OFG edges:

Plain assignments (statement (6) in Fig. 2.2) generate an edge that con- nects the right hand side to the left hand side. Thus, the following abstract statements, taken from the constructor of class Loan (lines 137-138):

generate the following edges:

2.3 Containers

Edges in the OFG account for all data flows occurring in a program. While some of them are associated with specific Java instructions, such as the as- signment or the method call, others may be related to the usage of library classes. Each time a library class introduces a data flow from a variable to a variable an edge must be included in the OFG.

A category of library classes that introduces additional, external data flows is represented by containers. In Java, an example is any class implementing the interfaceCollection, such as the classesVector, LinkedList, HashSet,

andTreeSet. Another example is the interfaceMap, implemented by classes

Hashtable, HashMap, and TreeMap.

Classes implementing the Collection interface provide public methods to insert objects into a container and to extract objects from it. One such insertion method is add, while extraction can be achieved by requesting an

Iterator object, that is successively used to sequentially access all objects in the container (methodnext in interfaceIterator).

Classes implementing the Map interface offer similar facilities, with the difference that contained objects are accessed by key. Thus, method put can be used to insert an object and associate it to a given key, while method get

can be used to retrieve the object associated to a given key.

Abstractly, container objects provide two basic operations that alter the data flows in a program: insert, to add an object to a container, and extract, to access an object previously inserted into a container. Thus, for a program with containers, the two basic cases that have to be handled in OFG construc- tion are the following:

(1) (2)

where is a container and is an object. In the first case there is a data flow from the object to the container while in the second case the data flow is reversed. Correspondingly, the following edges are introduced in the OFG:

The same edges would be introduced in the OFG in presence of the fol- lowing assignments:

For this reason, in the abstract program representation we have adopted, insertion and extraction methods associated with container objects are ac- counted for by transforming the related statements into assignment state- ments, such as those given above.

eLib example

Examples of containers used in the eLib program are the attributes

documents, users, and loans of the class Library (lines 4, 5, 6). The at- tribute loans, of type Collection, is initialized with aLinkedList object. Its method addLoan contains the following statement (line 44) :

(1) (2)

(1) (2)

2.3 Containers 29

where loan is the formal parameter of the method. Its abstract syntax repre- sentation is therefore:

The invocation of the insertion method add on the container loans is trans- formed into an assignment that captures the data flow from the inserted object (loan) to the container.

An example of extraction from a container is available from the same class, method printAllLoans (lines 120-122), where the following loop is used to access theLoan objects previously inserted into the loans container:

The related abstract representation, which preserves the data flows be- tween container and contained objects is:

The first assignment accounts for the data flow from the container (loans)

to the iterator (i). The second assignment accounts for the access to a con- tained object by means of the iterator (invocation of method next), and the assignment of this object to the local variable loan.

Another example available from theLibrary class is the attributeusers,

of type Map, initialized by a HashMap. Methods addUser (line 8) and getUser

(line 21) contain respectively insertion and extraction instructions. Specif- ically, a User object is inserted into the container users by means of the following statement, taken from methodaddUser (line 10):

which is transformed into the following abstract statement:

Symmetrically, the following extraction statement, taken from method

getUser (line 22):

30 2 The Object Flow Graph

In OFG construction, this is interpreted as the existence of a data flow from the containerusers to the value returned by the methodgetUser.

Other examples of external data flows possibly affecting the nodes and the edges in the OFG are associated with the usage of dynamic loading (e.g., through Java reflection) and with the access to modules written in other programming languages (e.g., through the Java native interface, JNI). In these cases, a semi-automated analysis of the data flows can still be conducted, provided that the external flows are (manually) modeled in a similar way as done above for the containers. The involvement of the user is required in the specification of the code fragments where such flows take place and of the program locations affected by them. Other language features not addressed explicitly in this section, such as exception handling and multi-threading, require minor extensions (e.g., identifying the throw-catch chains [76]) that can be fully automated.