Releases: Guardsquare/proguard-core
Releases · Guardsquare/proguard-core
9.1.10
9.1.9
Improved
- Improve performance of
MethodLinker
in situations with large number of linked methods in a chain.
9.1.8
Improved
- Improve runtime of
BamTransferRelation
. - Add a method signature and descriptor parser in the new package
proguard.classfile.attribute.signature
.
Kotlin support
- Add support for processing Kotlin 2.1 metadata.
API changes for the dataflow analysis code
This is a continuation of the API changes started in release 9.1.7.
- Remove
JvmValueBamCpaRun
in order to simplify the utility code to run the analysis.ValueAnalyzer
is the direct replacement, this class has the same behavior asJvmValueBamCpaRun
, as long asanalyze
is called only once. - Remove
JvmTaintMemoryLocationBamCpaRun
in order to simplify the utility code to run the analysis.TaintAnalyzer
is the direct replacement, this class has the same behavior asJvmTaintMemoryLocationBamCpaRun
, as long asanalyze
is called only once. - Remove the
CpaRun
infrastructure. - Remove
MapAbstractStateFactory
,WrapperTransferRelation
, and other classes that were only used with the tree heap model. - Remove
StateNames
andgetStateByName
. - Refactor several classes taking generic parameters for
CfaEdge
,CfaNode
, andSignature
, to not use the generic parameters anymore. They now default toJvmCfaEdge
,JvmCfaNode
, andMethodSignature
. - Refactor CPA reached set, waitlist, operators, and all their dependant classes to be parametrized by the type of abstract states of the dataflow analysis. This allows to make the code safe at compile time and avoid unnecessary casts.
- Move
AbortOperator
from being a parameter ofCpaAlgorithm#run
to theConfigurableProgramAnalysis
interface. - Move functionalities of
LatticeAbstractState
toAbstractState
. RemoveAbstractDomain
since the abstract states can now perform directly theisLessOrEqual
andjoin
operations without the need of delegation.
Bugfixes
- Fix semi-lattice properties of
MultiTypedReferenceValue
'sgeneralize()
method - Fix integers potentially being used as reference identifier during interprocedural value analysis. This could result in the analysis not reaching a fixed point.
- Fix
JvmTaintTransferRelation#propagateExtraTaints
propagating taint incorrectly if the stack contains more than one element.
9.1.7
Bugfixes
- Make sure injected initialization methods in interfaces have the correct access flags.
Improved
InstructionSequenceMatcher
now supports matching of primitive array constants.- Support propagation of extra specified taints in
JvmTaintTransferRelation
. - Introduce
ReflectiveModel
andReflectiveModelExecutor
to simplify the creation and analysis ofModel
s.
API improvements
- Rename
CallVisitor
toCallHandler
and add extra parameters to handle calls accounting for more data. - Add
ClassUtil.isClassInitializer(String)
andClassUtil.isInstanceInitializer(String)
. - Extend
MemberCollectionFilter
to accept aSet
of any subtype ofMember
.
API changes
- Move classes related to
Model
to theproguard.evaluation.value.object.model
package. StringSharer
now uses a string pool to share strings, instead of traversing references.
API changes for the dataflow analysis code
There are several changes to the dataflow analysis code with the objective of eliminating unnecessary abstraction and
make its usage easier. This includes:
- Remove
MemoryLocation
, useJvmMemoryLocation
instead. - Make
JvmMemoryLocation
independent of the type of value contained in the analysis' state. The type of the value now needs only to be provided when callingextractValueOrDefault
. - Remove all code related to the tree heap model for taint analysis.
9.1.6
Java support
- Update maximum supported Java class version to 67.65535 (Java 23).
API changes
- Make
CallGraph
reconstruction/traversal methods generic in that they now take aSet<MethodSignature>
to determine when to stop exploration - Delete
EntryPoint
class
Bugfixes
- Fix incorrect traversal direction in
predecessorsContain
.
9.1.5
Bugfixes
- Prevent
unknown enum value for KmVersionRequirementVersionKind
exception when processing code compiled with an outdated Kotlin version. - Fix
UnknownReferenceValue
return wrong string format ingetType
. - Fix
ReflectionExecutor
not updating instance ofStringBuilder
s in fallback result.
API changes
Executor
s do not supportMethodSignature
wildcards anymore. The assumption fromExecutorLookup
is now that all the signatures supported by the executor are declared explicitly ingetSupportedMethodSignatures
.StringExecutor
,ExecutingInvocationUnit
, andJvmValueBamCpaRun
now need the library class pool as parameter.- Calls to
InstructionSequenceBuilder.ldc
now optionally accept aConstantVisitor
. The visitor will visit the constant that is referenced by the added instruction.
9.1.4
Version 9.1.4
Improved
- Add support for dynamic dispatch in
ExecutorInvocationUnit
. This makes it possible to execute methods based on statically observed types of objects, not only based on the type of the used variables.
API changes
- Remove
ExecutorMatcher
and change theExecutor
interface so that it declares supported methods byMethodSignature
wildcards instead. - Add
@Nullable
annotations toMethodSignature
.
Kotlin support
- Update Kotlin dependency to 2.0.0 final release version.
Bugfixes
- Prevent potential
NullPointerException
when Kotlin property metadataisVar
flag does not correctly indicate the presence of a setter.
9.1.3
Version 9.1.3
Kotlin support
- Add support for processing Kotlin 2.0 metadata.
- Update to stable version of the Kotlin metadata library.
9.1.2
Java support
- Update maximum supported Java class version to 66.65535 (Java 22). (#127)
API changes
- Remove deprecated
ReferenceValueFactory
,ParticularReferenceValueFactory
should be used instead. - Deprecate methods in
ValueFactory
taking anObject
as parameter. The alternatives usingParticularObject
should be used instead.
Improved
- Add support for selective parameter reconstruction to define which methods should have their calls evaluated.
- Refactor
ExecutingInvocationUnit
to be customizable using executors. Improve checking whether method instance should be replaced in stack and variables. - Support execution of methods that operate on 1D arrays of all primitive and reference types with
ReflectionExecutor
. - Use runtime type instead of static type when possible in
ExecutingInvocationUnit
. - Introduce
ParticularObject
as the value tracked byParticularReferenceValue
. This makes explicit which kind of values can be tracked during the analysis, and introduces the possibility of tracking a model of the values that differ from the actual tracked object.
Bug fixes
- Improve Kotlin MultiFileFacade metadata assertions to detect uninitialized references.
- Fix handling of category 2 values in
JvmValueTransferRelation
to work correctly withExecutingInvocationUnit
. - Fix concurrency problems in CallGraph and ValueFactory ids.
- Fix a bug in
ReturnClassExtractor
returning the last parameter type instead of null for primitive return values. - Fix
ExecutorMethodSignatureMatcher
trying to mutate an immutable map. - Fix
TypedReferenceValue.cast()
not handling null values correctly.
9.1.1
Version 9.1.1
Bugfixes
- Enable fix previously behind system property: fix
TypedReferenceValue.generalize()
not settingmayBeExtension
to true when generalizing to common parent type. - Avoid printing
PartialEvaluator
messages when anExcessiveComplexityException
occurs. - Fix incorrect writing of flags for type parameters with name annotations.
- Fix incorrect writing of flags for reified type parameters.
- Fix model for types and type parameters, removing the incorrect
HAS_ANNOTATION
common flag.
Improved
- Enable new
PartialEvaluator
error message format by default. - Add the ability to implement a custom renaming strategy for
ClassReferenceFixer
. - Add new
MaxStackSizeComputer
to compute the maximum stack size of a code attribute which is more memory efficient than the existingStackSizeComputer
. - Add
IdentifiedArrayReferenceValue.generalize()
to maintainID
when applied to two instances with sameID
.