Module AbstractValues
Provides classes for working with abstract values.
Abstract values are a finite representation of the potentially infinite set of concrete values observed at runtime.
Some abstract values directly correspond to concrete values:
for example, there is an abstract null value that represents
the concrete null value.
Most abstract values, however, represent a set of concrete
values: for example, there is an abstract value nonzero
representing the set of all non-zero numbers.
The flow analysis uses abstract values of the latter kind to finitely overapproximate the infinite set of potential program executions. This entails imprecision of two kinds:
-
sometimes we deliberately forget information about a concrete value because we are not interested in it: for example, the concrete value
42is mapped to the abstract valuenonzero; -
at other times, the analysis does not have enough information to precisely model the behavior of certain program elements: for example, the current flow analysis is intra-procedural, so it does not model parameter passing or return values, and hence has to make worst-case assumptions about the possible values of parameters or function calls.
We use two categories of abstract values to represent these different sources of imprecision: definite abstract values are deliberate overapproximations, while indefinite abstract values are overapproximations arising from incompleteness.
Both kinds of abstract values keep track of which concrete objects they represent; additionally, indefinite abstract values record the source of imprecision that caused them to arise.
Import path
import semmle.javascript.dataflow.AbstractValuesClasses
| AbstractArguments | An abstract value representing an |
| AbstractBoolean | An abstract value representing a Boolean value. |
| AbstractCallable | An abstract value representing a function or class. |
| AbstractClass | An abstract value representing an individual class. |
| AbstractDate | An abstract value representing a |
| AbstractEmpty | An abstract value representing the empty string. |
| AbstractExportsObject | An abstract value representing a CommonJS |
| AbstractFunction | An abstract value representing an individual function. |
| AbstractGlobalObject | An abstract value representing the global object. |
| AbstractInstance | An abstract value representing all instances of a class or function |
| AbstractModuleObject | An abstract value representing a CommonJS |
| AbstractNonZero | An abstract value representing a non-zero number. |
| AbstractNull | An abstract value representing |
| AbstractNumString | An abstract value representing a numeric string, that is, a string |
| AbstractObjectLiteral | An abstract value representing all objects arising from an object literal expression (allocation site abstraction). |
| AbstractOtherObject | An abstract value representing an object not covered by the other abstract values. |
| AbstractOtherString | An abstract value representing a non-empty, non-numeric string. |
| AbstractRegExp | An abstract value representing a regular expression. |
| AbstractUndefined | An abstract value representing |
| AbstractValue | An abstract value inferred by the flow analysis, representing a set of concrete values. |
| AbstractZero | An abstract value representing the number zero. |
| CustomAbstractValue | A custom abstract value corresponding to an abstract value tag. |
| CustomAbstractValueTag | A string tag corresponding to a custom abstract value. |
| DefiniteAbstractValue | A definite abstract value, that is, an abstract value that is not affected by analysis incompleteness. |
| IndefiniteAbstractValue | An indefinite abstract value representing an unknown value. |
| IndefiniteFunctionOrClass | An indefinite abstract value representing an unknown function or class. |
| IndefiniteObject | An indefinite abstract value representing an unknown object. |
| PrimitiveAbstractValue | A definite abstract value that represents only primitive concrete values. |