Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Finding an instance of LCK02J in Tomcat #20

Open
reprogrammer opened this issue Jan 12, 2011 · 6 comments
Open

Finding an instance of LCK02J in Tomcat #20

reprogrammer opened this issue Jan 12, 2011 · 6 comments
Labels
LCK02J
Milestone
Later

Comments

@reprogrammer
Copy link
Owner

No description provided.

@reprogrammer
Copy link
Owner Author

I limited the entry points only to the main method in org.apache.catalina.startup.Bootstrap to get rid of the exception in issue #14.

I ran all the test cases to see which one hits the instance of LCK02J in org.apache.naming.java.javaURLContextFactory.getInitialContext(Hashtable<?, ?>). It turned out that the test org.apache.catalina.startup.TestTomcat.testEnableNamingGlobal() reaches this bug instance.

@reprogrammer
Copy link
Owner Author

We used receiver instance context with only one entry point, i.e. org.apache.catalina.startup.TestTomcat.testEnableNamingGlobal() to avoid the exception in issue #14 (https://github.com/reprogrammer/keshmesh/issues#issue/14/comment/655924).

@reprogrammer
Copy link
Owner Author

Tomcat creates several threads that listen on specific ports, and uses URLs to communicate with these threads. WALA cannot know about this call mechanism. So, we need to find some other entry points. The method org.apache.naming.java.javaURLContextFactory.getInitialContext(Hashtable<?, ?>) contains an instance of LCK02J. When we made this method the entry point of WALA analysis, it successfully detected the bug instance.

@reprogrammer
Copy link
Owner Author

We think that WALA fails to construct the call graph when we use a method of an abstract class as the entry point. The problem with using a method of an abstract class as an entry point is that WALA tries to make an instance of the class in its fake root.

@reprogrammer
Copy link
Owner Author

If you use C2.m as an entry point, WALA fails to construct the call graph because it sees that C2.m is defined in an abstract class C1.

abstract class C1 {
  void m() {}
}

class C2 extends C1 {
}

@reprogrammer
Copy link
Owner Author

We used receiver instance context and the entry point org.apache.catalina.startup.TestTomcat.HelloWorldJndi.doGet(HttpServletRequest, HttpServletResponse). But, WALA call graph didn't include org.apache.naming.java.javaURLContextFactory.getInitialContext(Hashtable<?, ?>), the method that contains an instance of LCK02J. The problem is that in the middle of the call sequence from the doGet to getInitialContext, javax.naming.spi.NamingManager.getInitialContext(Hashtable<?, ?>) makes a reflective call. It first sets the variable factory to (InitialContextFactory) helper.loadClass(className).newInstance();. Then, it executes factory.getInitialContext(env);. javaURLContextFactory is a subclass of InitialContextFactory, but, WALA won't include methods of any implementations of the interface InitialContextFactory in its call graph.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
LCK02J
Projects
None yet
Milestone
Later
Development

No branches or pull requests
1 participant
@reprogrammer