Releases: Guardsquare/proguard-core
Releases · Guardsquare/proguard-core
9.1.10
9.1.9
Improved
- Improve performance of
MethodLinkerin situations with large number of linked methods in a chain.
9.1.8
Improved
- Improve runtime of
BamTransferRelation. - Add a method signature and descriptor parser in the new package
proguard.classfile.attribute.signature.
Kotlin support
- Add support for processing Kotlin 2.1 metadata.
API changes for the dataflow analysis code
This is a continuation of the API changes started in release 9.1.7.
- Remove
JvmValueBamCpaRunin order to simplify the utility code to run the analysis.ValueAnalyzeris the direct replacement, this class has the same behavior asJvmValueBamCpaRun, as long asanalyzeis called only once. - Remove
JvmTaintMemoryLocationBamCpaRunin order to simplify the utility code to run the analysis.TaintAnalyzeris the direct replacement, this class has the same behavior asJvmTaintMemoryLocationBamCpaRun, as long asanalyzeis called only once. - Remove the
CpaRuninfrastructure. - Remove
MapAbstractStateFactory,WrapperTransferRelation, and other classes that were only used with the tree heap model. - Remove
StateNamesandgetStateByName. - Refactor several classes taking generic parameters for
CfaEdge,CfaNode, andSignature, to not use the generic parameters anymore. They now default toJvmCfaEdge,JvmCfaNode, and MethodSignature. - Refactor CPA reached set, waitlist, operators, and all their dependant classes to be parametrized by the type of abstract states of the dataflow analysis. This allows to make the code safe at compile time and avoid unnecessary casts.
- Move
AbortOperatorfrom being a parameter ofCpaAlgorithm#runto theConfigurableProgramAnalysisinterface. - Move functionalities of
LatticeAbstractStatetoAbstractState. RemoveAbstractDomainsince the abstract states can now perform directly theisLessOrEqualandjoinoperations without the need of delegation.
Bugfixes
- Fix semi-lattice properties of
MultiTypedReferenceValue'sgeneralize()method - Fix integers potentially being used as reference identifier during interprocedural value analysis. This could result in the analysis not reaching a fixed point.
- Fix
JvmTaintTransferRelation#propagateExtraTaintspropagating taint incorrectly if the stack contains more than one element.
9.1.7
Bugfixes
- Make sure injected initialization methods in interfaces have the correct access flags.
Improved
InstructionSequenceMatchernow supports matching of primitive array constants.- Support propagation of extra specified taints in
JvmTaintTransferRelation. - Introduce
ReflectiveModelandReflectiveModelExecutorto simplify the creation and analysis ofModels.
API improvements
- Rename
CallVisitortoCallHandlerand add extra parameters to handle calls accounting for more data. - Add
ClassUtil.isClassInitializer(String)andClassUtil.isInstanceInitializer(String). - Extend
MemberCollectionFilterto accept aSetof any subtype ofMember.
API changes
- Move classes related to
Modelto theproguard.evaluation.value.object.modelpackage. StringSharernow uses a string pool to share strings, instead of traversing references.
API changes for the dataflow analysis code
There are several changes to the dataflow analysis code with the objective of eliminating unnecessary abstraction and
make its usage easier. This includes:
- Remove
MemoryLocation, useJvmMemoryLocationinstead. - Make
JvmMemoryLocationindependent of the type of value contained in the analysis' state. The type of the value now needs only to be provided when callingextractValueOrDefault. - Remove all code related to the tree heap model for taint analysis.
9.1.6
Java support
- Update maximum supported Java class version to 67.65535 (Java 23).
API changes
- Make
CallGraphreconstruction/traversal methods generic in that they now take aSet<MethodSignature>to determine when to stop exploration - Delete
EntryPointclass
Bugfixes
- Fix incorrect traversal direction in
predecessorsContain.
9.1.5
Bugfixes
- Prevent
unknown enum value for KmVersionRequirementVersionKindexception when processing code compiled with an outdated Kotlin version. - Fix
UnknownReferenceValuereturn wrong string format ingetType. - Fix
ReflectionExecutornot updating instance ofStringBuilders in fallback result.
API changes
Executors do not supportMethodSignaturewildcards anymore. The assumption fromExecutorLookupis now that all the signatures supported by the executor are declared explicitly ingetSupportedMethodSignatures.StringExecutor,ExecutingInvocationUnit, andJvmValueBamCpaRunnow need the library class pool as parameter.- Calls to
InstructionSequenceBuilder.ldcnow optionally accept aConstantVisitor. The visitor will visit the constant that is referenced by the added instruction.
9.1.4
Version 9.1.4
Improved
- Add support for dynamic dispatch in
ExecutorInvocationUnit. This makes it possible to execute methods based on statically observed types of objects, not only based on the type of the used variables.
API changes
- Remove
ExecutorMatcherand change theExecutorinterface so that it declares supported methods byMethodSignaturewildcards instead. - Add
@Nullableannotations toMethodSignature.
Kotlin support
- Update Kotlin dependency to 2.0.0 final release version.
Bugfixes
- Prevent potential
NullPointerExceptionwhen Kotlin property metadataisVarflag does not correctly indicate the presence of a setter.
9.1.3
Version 9.1.3
Kotlin support
- Add support for processing Kotlin 2.0 metadata.
- Update to stable version of the Kotlin metadata library.
9.1.2
Java support
- Update maximum supported Java class version to 66.65535 (Java 22). (#127)
API changes
- Remove deprecated
ReferenceValueFactory,ParticularReferenceValueFactoryshould be used instead. - Deprecate methods in
ValueFactorytaking anObjectas parameter. The alternatives usingParticularObjectshould be used instead.
Improved
- Add support for selective parameter reconstruction to define which methods should have their calls evaluated.
- Refactor
ExecutingInvocationUnitto be customizable using executors. Improve checking whether method instance should be replaced in stack and variables. - Support execution of methods that operate on 1D arrays of all primitive and reference types with
ReflectionExecutor. - Use runtime type instead of static type when possible in
ExecutingInvocationUnit. - Introduce
ParticularObjectas the value tracked byParticularReferenceValue. This makes explicit which kind of values can be tracked during the analysis, and introduces the possibility of tracking a model of the values that differ from the actual tracked object.
Bug fixes
- Improve Kotlin MultiFileFacade metadata assertions to detect uninitialized references.
- Fix handling of category 2 values in
JvmValueTransferRelationto work correctly withExecutingInvocationUnit. - Fix concurrency problems in CallGraph and ValueFactory ids.
- Fix a bug in
ReturnClassExtractorreturning the last parameter type instead of null for primitive return values. - Fix
ExecutorMethodSignatureMatchertrying to mutate an immutable map. - Fix
TypedReferenceValue.cast()not handling null values correctly.
9.1.1
Version 9.1.1
Bugfixes
- Enable fix previously behind system property: fix
TypedReferenceValue.generalize()not settingmayBeExtensionto true when generalizing to common parent type. - Avoid printing
PartialEvaluatormessages when anExcessiveComplexityExceptionoccurs. - Fix incorrect writing of flags for type parameters with name annotations.
- Fix incorrect writing of flags for reified type parameters.
- Fix model for types and type parameters, removing the incorrect
HAS_ANNOTATIONcommon flag.
Improved
- Enable new
PartialEvaluatorerror message format by default. - Add the ability to implement a custom renaming strategy for
ClassReferenceFixer. - Add new
MaxStackSizeComputerto compute the maximum stack size of a code attribute which is more memory efficient than the existingStackSizeComputer. - Add
IdentifiedArrayReferenceValue.generalize()to maintainIDwhen applied to two instances with sameID.