C# Static Analysis, possible values for a variable/parameter

前端 未结 2 823
Happy的楠姐
Happy的楠姐 2021-02-06 03:14

In code similar to each of the following examples, I would like to be able to statically analyze code to determine the list of possible values that are passed into SpecialFuncti

相关标签:
2条回答
  • 2021-02-06 03:32

    There is a project that does what you want (at least very near). It is Pex. Try looking at their docs, also you could decompile the sources and see what they do.

    0 讨论(0)
  • 2021-02-06 03:41

    What you want is a both global data flow analysis ("what value assignments/side effects reach what usage points") [which requires control flow analysis as a precursor] and some kind of range analysis ("summarizing the set of values that can reach a point").

    Computing data flow requires having a full C# front end, local control and data flow analysis, and then stitching those answers together into global data flow analysis.

    Range analysis requires you first define how you intend to encode the set of possible values; what system of specifications is allowed? The simplest, just a set of values, tends to explode. An intermediate specification scheme would be something like the OP's single-relational-to-constant, e.g, "x < 50" . The trouble with any such limited scheme is that the richness of the set of values may cause you to get useless answers especially if there are other predicates of interest (if x is always odd, the single-relational-to-constant can only model this as "x < infinity" which is clearly not helpful. So, you want to choose a specification scheme which is complicated enough to model that kinds of values interest you. However, as your specification scheme gets more sophisticated, the machinery to infer those facts correctly get more complicated, so you can't make it too complicated.

    Mostly the analysis tools available do not have such analyses, let alone exposed for you to you. PEX may indeed have such machinery; if you are lucky it is exposed, too.

    Our DMS Software Reengineering Toolkit has generic parsing, symbol table building, control/data flow analysis and indeed even range analysis machinery (specification: x < k1*a+k2*b where k1 and k2 are constants, a and b are other program variables visibile where x is consumed). DMS has C#, Java, GNU C and COBOL front ends, and we have in fact instantiated this machinery for GNU C and IBM Enterprise COBOL (and partially for Java 7) by collecting (static analysis!) facts specific to those languages and feeding these facts to the generic machinery. We have not instantiated this machinery for C#, yet. But if you can't get a good answer from another source, this is likely pretty close.

    0 讨论(0)
提交回复
热议问题