A type system that enforces CERT-FIO08-J rule based on Checker Framework
Constant Value Inference is a type inference for the Constant Value Checker. It supports a subtype of the annotations in the Checker. The annotations are @UnknownVal, @BottomVal, @BoolVal, @IntRange(from, to), and @StringVal. The main annotation is @IntRange. @IntRange takes two arguments — a lower bound and an upper bound. Its meaning is that at run time, the expression evaluates to a value between the bounds (inclusive). For example, an expression of type @IntRange(from=0, to=255) evaluates to 0, 1, 2, …, 254, or 255.
This project is developed based on Checker Framework. To use this checker, below dependencies are required:
- txiang61/checker-framework
- txiang61/checke-framework-inference
- jsr308-langtools
- annotation-tools
I have a setup.sh
to build these dependencies and also the Value Inference. This setup.sh
needs following tools to be ready in your machine before running it:
First, to have a better file structure, you may want to create a root directory called jsr308
.
In jsr308
, clone this project. In the clone, run ./setup.sh
. This script will download and build all neccessary dependencies, followed by building Value Inference and running test suites of Value Inference.
It is suggested to further configure JSR308
environment variable for your convenience:
-
In your bash profile file, export
JSR308
as the absolute path of yourjsr308
directory:export JSR308=<the absolute path of your jsr308 dir in your machine>
This JSR308
environment variable is required for using my version of do-like-javac to run Cast Checker on a project with project's build command, and it also allows running Value Inference with a conciser command.
I have written a simple script value-inference.sh
to make this task easier. You could just passing java files to this script, and this script will check all the java files you passing through.
e.g.
$JSR308/value-inference/value-inference.sh <true?> <your java files>
$JSR308/value-inference/value-inference.sh true aSingleFile.java
$JSR308/value-inference/value-inference.sh true **/*.java
$JSR308/value-inference/value-inference.sh true FileA.java FileB.java ... FileN.java
For the detailers, this script just a wrap-up of below command:
value-inference/../checker-framework/checker/bin-devel/javac -processor value.ValueChecker -cp value-inference/bin:value-inference/lib <your java files>
In your project, just run run-dljc.sh
with the build cmd of your project:
$JSR308/value-inference/run-dljc.sh true <your build cmd, e.g. `ant build` or `mvn install`>
Note:
- using
do-like-javac
needsJSR308
environment variable. - running a Checker by
do-like-javac
on a project needs this project is in a "clean" state. In other words, you should do aclean
command in your project before runnning Cast Checker on it.
Details of do-like-javac
could be find here.