Improve how we navigate the stack

 - We are now much better at getting fields used for instance detector.
 - We no longer break when using non-constant keys, but report it.

Author: jsotuyod

pom.xml

@@ -56,7 +56,7 @@
 	</distributionManagement>
 
 	<properties>
-		<android-version>24.4.0-beta1</android-version>
+		<android-version>25.1.0</android-version>
 		<fingbugs-annotations-version>3.0.0</fingbugs-annotations-version>
 		<asm-all-version>5.0.3</asm-all-version>
 		<guava-version>17.0</guava-version>

src/main/java/com/monits/linters/FactoryMethodDetector.java

@@ -31,7 +31,7 @@
 import com.android.tools.lint.detector.api.Issue;
 import com.android.tools.lint.detector.api.Scope;
 import com.android.tools.lint.detector.api.Severity;
-import com.google.common.collect.Sets;
+import com.google.common.collect.ImmutableSet;
 
 public class FactoryMethodDetector extends Detector implements Detector.ClassScanner {
 
@@ -50,7 +50,7 @@ public class FactoryMethodDetector extends Detector implements Detector.ClassSca
 			new Implementation(FactoryMethodDetector.class, Scope.CLASS_FILE_SCOPE));
 
 	private static final Set<String> FRAGMENT_TYPE =
-			Sets.newHashSet("android/support/v4/app/Fragment", "android/app/Fragment");
+			ImmutableSet.of("android/support/v4/app/Fragment", "android/app/Fragment");
 
 	@Override
 	@Nullable

src/main/java/com/monits/linters/InstanceStateDetector.java

@@ -23,6 +23,7 @@
 import java.util.Map.Entry;
 import java.util.Set;
 
+import javax.annotation.CheckForNull;
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
 
@@ -47,7 +48,7 @@
 import com.android.tools.lint.detector.api.Issue;
 import com.android.tools.lint.detector.api.Scope;
 import com.android.tools.lint.detector.api.Severity;
-import com.google.common.collect.Sets;
+import com.google.common.collect.ImmutableSet;
 import com.monits.linters.instancestate.holder.InstanceStateHolder;
 
 /**
@@ -66,6 +67,7 @@ public class InstanceStateDetector extends Detector implements Detector.ClassSca
 			"The method %s expected a %s type, but the field %s is a %s type";
 	public static final String RESTORED_WITH_DIFERENT_TYPES =
 			"The field %s is a %s type, but the method %s is returning a %s type";
+	public static final String NON_CONSTANT_KEY = "The key being used to access the bundle is non-constant";
 
 	public static final Issue MISSING_SAVED_INSTANCE_STATES = Issue.create("missingSavedOrRestoredInstanceState",
 			"Missing saved or restored instance states",
@@ -90,16 +92,23 @@ public class InstanceStateDetector extends Detector implements Detector.ClassSca
 			"Check if the type saved or restored is valid",
 			Category.CORRECTNESS, 6, Severity.ERROR,
 			new Implementation(InstanceStateDetector.class, Scope.CLASS_FILE_SCOPE));
+	
+	public static final Issue KEY_IS_NOT_CONSTANT = Issue.create("instanceStateKeyIsNotConstant",
+			"Key used to access bundle data is not constant",
+			"Non constant keys may lead to inconsistent data persistance / recovery",
+			Category.CORRECTNESS, 6, Severity.WARNING,
+			new Implementation(InstanceStateDetector.class, Scope.CLASS_FILE_SCOPE));
 
-	private static final Set<String> METHOD_SAVE_INSTANCES = Sets.newHashSet("onSaveInstanceState");
+	
+	private static final Set<String> METHOD_SAVE_INSTANCES = ImmutableSet.of("onSaveInstanceState");
 	private static final Set<String> METHOD_RESTORE_INSTANCES =
-			Sets.newHashSet(
-					// Common methods
-					"onCreate",
-					// Activity methods
-					"onPostCreate", "onRestoreInstanceState",
-					// Fragment methods
-					"onActivityCreated", "onCreateView", "onViewCreated");
+			ImmutableSet.of(
+				// Common methods
+				"onCreate",
+				// Activity methods
+				"onPostCreate", "onRestoreInstanceState",
+				// Fragment methods
+				"onActivityCreated", "onCreateView", "onViewCreated");
 
 	private static final String ANDROID_BUNDLE_PATH = "android/os/Bundle";
 
@@ -161,23 +170,24 @@ private Set<MethodNode> checkMethodCall(@Nonnull final ClassContext context, @No
 
 		final AbstractInsnNode[] instructions = methodToIterate.instructions.toArray();
 		for (final AbstractInsnNode abstractInsnNode : instructions) {
-			if (abstractInsnNode instanceof MethodInsnNode
+			if (abstractInsnNode instanceof MethodInsnNode) {
+				final MethodInsnNode methodNode = (MethodInsnNode) abstractInsnNode;
 					// Ignore same method (ej super.onCreate(...))
-					&& !((MethodInsnNode) abstractInsnNode).name.equals(call.name)) {
-				final String descriptor = ((MethodInsnNode) abstractInsnNode).desc;
-				// check if the parameter has a bundle paramenter
-				if (descriptor.substring(descriptor.indexOf('(') + 1, descriptor.indexOf(')'))
-						.contains("Landroid/os/Bundle;")) {
-					for (final MethodNode element : (List<MethodNode>) classNode.methods) {
-						// find the methodNode
-						if (element instanceof MethodNode
-								&& element.name.equals(((MethodInsnNode) abstractInsnNode).name)) {
-							methods.add(element);
+				if (!methodNode.name.equals(call.name)) {
+					final String descriptor = methodNode.desc;
+					// check if the parameter has a bundle parameter
+					if (descriptor.substring(descriptor.indexOf('(') + 1, descriptor.indexOf(')'))
+							.contains("Landroid/os/Bundle;")) {
+						for (final MethodNode element : (List<MethodNode>) classNode.methods) {
+							// find the methodNode
+							if (element instanceof MethodNode && element.name.equals(methodNode.name)) {
+								methods.add(element);
+							}
 						}
+					} else {
+						//we have something that we can pass to checkInstruction
+						checkInstruction(context, classNode, methodToIterate, saveRestoreMethod, methodNode);
 					}
-				} else {
-					//we have something that we can pass to checkInstruction
-					checkInstruction(context, classNode, methodToIterate, saveRestoreMethod, abstractInsnNode);
 				}
 			}
 		}
@@ -195,9 +205,9 @@ private Set<MethodNode> checkMethodCall(@Nonnull final ClassContext context, @No
 	 */
 	public void checkInstruction(@Nonnull final ClassContext context, @Nonnull final ClassNode classNode,
 			@Nonnull final MethodNode currentMethod, @Nonnull final MethodNode originaryMethod,
-			@Nonnull final AbstractInsnNode instruction) {
+			@Nonnull final MethodInsnNode instruction) {
 
-		if (!ANDROID_BUNDLE_PATH.equals(((MethodInsnNode) instruction).owner)
+		if (!ANDROID_BUNDLE_PATH.equals(instruction.owner)
 				|| instruction.getOpcode() != Opcodes.INVOKEVIRTUAL) {
 			return;
 		}
@@ -207,13 +217,13 @@ public void checkInstruction(@Nonnull final ClassContext context, @Nonnull final
 		}
 
 		// ignore those method that no have params
-		final String descriptor = ((MethodInsnNode) instruction).desc;
+		final String descriptor = instruction.desc;
 		if (descriptor.substring(descriptor.indexOf('(') + 1, descriptor.indexOf(')')).isEmpty()) {
 			return;
 		}
 
 		// Ignore containsKey method
-		if ("containsKey".equals(((MethodInsnNode) instruction).name)) {
+		if ("containsKey".equals(instruction.name)) {
 			return;
 		}
 
@@ -223,16 +233,28 @@ public void checkInstruction(@Nonnull final ClassContext context, @Nonnull final
 		}
 
 		if (METHOD_SAVE_INSTANCES.contains(originaryMethod.name)) {
-			final String bundleKey = getBundleKey(instruction);
-			if (savedStates.containsKey(bundleKey)) {
-				context.report(OVERWRITING_INSTANCE_STATES, currentMethod, instruction,
-						context.getLocation(instruction), String.format(ALREADY_SAVED, bundleKey));
+			// TODO : Check call is actually to a save method!
+			final String bundleKey = getBundleKeyForMethodCall(instruction);
+			if (bundleKey == null) {
+				context.report(KEY_IS_NOT_CONSTANT, currentMethod, instruction,
+						context.getLocation(instruction), NON_CONSTANT_KEY);
 			} else {
-				savedStates.put(bundleKey, new InstanceStateHolder(instruction, currentMethod));
+				if (savedStates.containsKey(bundleKey)) {
+					context.report(OVERWRITING_INSTANCE_STATES, currentMethod, instruction,
+							context.getLocation(instruction), String.format(ALREADY_SAVED, bundleKey));
+				} else {
+					savedStates.put(bundleKey, new InstanceStateHolder(instruction, currentMethod));
+				}
 			}
 		} else if (METHOD_RESTORE_INSTANCES.contains(originaryMethod.name)) {
-			final String bundleKey = getBundleKey(instruction);
-			restoredStates.put(bundleKey, new InstanceStateHolder(instruction, currentMethod));
+			// TODO : Check call is actually to a restore method!
+			final String bundleKey = getBundleKeyForMethodCall(instruction);
+			if (bundleKey == null) {
+				context.report(KEY_IS_NOT_CONSTANT, currentMethod, instruction,
+						context.getLocation(instruction), NON_CONSTANT_KEY);
+			} else {
+				restoredStates.put(bundleKey, new InstanceStateHolder(instruction, currentMethod));
+			}
 		}
 	}
 
@@ -303,22 +325,82 @@ private VarInsnNode getOwnerNode(@Nonnull final AbstractInsnNode instruction, fi
 		return (VarInsnNode) varNode;
 	}
 
-	@Nonnull
-	private String getBundleKey(@Nonnull final AbstractInsnNode instruction) {
+	@CheckForNull
+	private String getBundleKeyForMethodCall(@Nonnull final MethodInsnNode instruction) {
+		int expectedArgs = instruction.name.startsWith("put") ? 2 : 1;
 		AbstractInsnNode node = instruction;
-
-		// get the key used
-		while (!(node instanceof LdcInsnNode)) {
+		
+		// Lookup the stack, until we find the first argument, which is always the key
+		while (expectedArgs > 0) {
 			node = node.getPrevious();
+			
+			if (node.getOpcode() > 0 && node.getOpcode() <= 0x2d) {
+				// *const*, ldc*, *push and *load* up to aload_3; all add a single value to the stack
+				expectedArgs--;
+			} else if (node.getOpcode() <= 0x35) {
+				// load form array, consume 2 elements form stack, and pushes one back
+				expectedArgs++;
+			} else if (node.getOpcode() <= 0x4e) {
+				// *store* moves one element form the the stack to the local var table
+				expectedArgs++;
+			} else if (node.getOpcode() <= 0x56) {
+				// *astore* moves one element form the the stack to a local array
+				expectedArgs += 3;
+			} else if (node.getOpcode() <= 0x57) {
+				// pop discards a single value
+				expectedArgs++;
+			} else if (node.getOpcode() <= 0x58) {
+				// pop2 discards 2 values
+				expectedArgs += 2;
+			} else if (node.getOpcode() <= 0x58) {
+				// dup* adds an extra value to the stack
+				expectedArgs += 2;
+			} else if (node.getOpcode() <= 0x5e) {
+				// TODO : dup2* use words, but they may be a single or 2 values...
+			} else if (node.getOpcode() <= 0x5f) {
+				// swap doesn't alter stack size
+			} else if (node.getOpcode() <= 0x73) {
+				// *add, *sub, *mul, *div, *rem takes 2 values, and pushes back 1
+				expectedArgs++;
+			} else if (node.getOpcode() <= 0x77) {
+				// *neg doen't change the stack size
+			} else if (node.getOpcode() <= 0x83) {
+				// *shl, *shr, *and, *or, *xor takes 2 values, and pushes back 1
+				expectedArgs++;
+			} else if (node.getOpcode() <= 0x93) {
+				// iinc, x2y don't modify the stack size
+			} else if (node.getOpcode() <= 0x98) {
+				// *cmp* takes 2 values, and pushes back 1
+				expectedArgs++;
+			} else if (node.getOpcode() <= 0xb1) {
+				// branching, goto, return... none expected here...
+			} else if (node.getOpcode() <= 0xb2) {
+				// getstatic
+				expectedArgs--;
+			} else if (node.getOpcode() <= 0xb3) {
+				// putstatic
+				expectedArgs++;
+			} else if (node.getOpcode() <= 0xb4) {
+				// getfield takes one and puts one back
+			} else if (node.getOpcode() <= 0xb5) {
+				// putfield takes two
+				expectedArgs += 2;
+			} else if (node.getOpcode() <= 0xba) {
+				// TODO : invoke* may take arguments, not sure how to deal with this...
+			} else if (node.getOpcode() <= 0xbb) {
+				// new creates a new object
+				expectedArgs--;
+			} else {
+				// More branching instructions, throws and things we don't expect here
+			}
 		}
-
-		// check if we have local variables
-		if (node.getPrevious() instanceof LdcInsnNode) {
-			// get the previos node to get the key
-			node = node.getPrevious();
+		
+		// We have our instruction!
+		if (node instanceof LdcInsnNode) {
+			return ((LdcInsnNode) node).cst.toString();
 		}
 
-		return ((LdcInsnNode) node).cst.toString();
+		return null;
 	}
 
 	@Override
@@ -386,7 +468,7 @@ private void reportOverwritingFieldsAndInvalidType(@Nonnull final Map<String, In
 				statesToRemove.remove(entry.getKey());
 			}
 
-			final AbstractInsnNode instruction = entry.getValue().getInstruction();
+			final MethodInsnNode instruction = entry.getValue().getInstruction();
 			final FieldInsnNode field = getField(instruction, isRestoring);
 			if (field == null) {
 				// we are restoring or saving a key locally
@@ -402,7 +484,7 @@ private void reportOverwritingFieldsAndInvalidType(@Nonnull final Map<String, In
 				fields.add(nameSaved);
 			}
 
-			final String descriptor = ((MethodInsnNode) instruction).desc;
+			final String descriptor = instruction.desc;
 			String type;
 			if (isRestoring) {
 				type = descriptor.substring(descriptor.indexOf(')') + 1);
@@ -439,10 +521,10 @@ private void reportSaveRestoreWithDifferentTypes(@Nonnull final ClassContext con
 
 		// check the field type with the expected type
 		if (!field.desc.equals(expectedtype)) {
-			final AbstractInsnNode instruction = instanceScopeHolder.getInstruction();
+			final MethodInsnNode instruction = instanceScopeHolder.getInstruction();
 			context.report(INVALID_TYPE, instanceScopeHolder.getMethodNode(), instruction,
 					classContext.getLocation(instruction),
-					String.format(message, ((MethodInsnNode) instruction).name, expectedtype, field.name, field.desc));
+					String.format(message, instruction.name, expectedtype, field.name, field.desc));
 		}
 	}
 
@@ -507,9 +589,9 @@ private void report(@Nonnull final ClassContext context, @Nonnull final Map<Stri
 			@Nonnull final String message) {
 		if (!states.isEmpty()) {
 			for (final Entry<String, InstanceStateHolder> entry : states.entrySet()) {
-				final AbstractInsnNode instruction = entry.getValue().getInstruction();
+				final MethodInsnNode instruction = entry.getValue().getInstruction();
 				context.report(MISSING_SAVED_INSTANCE_STATES, entry.getValue().getMethodNode(), instruction,
-						classContext.getLocation(instruction), String.format(message, getBundleKey(instruction)));
+						classContext.getLocation(instruction), String.format(message, entry.getKey()));
 			}
 		}
 	}

src/main/java/com/monits/linters/MonitsIssueRegistry.java

@@ -31,6 +31,9 @@ public List<Issue> getIssues() {
 			ParcelDetector.MISSING_OR_OUT_OF_ORDER,
 			ParcelDetector.INCOMPATIBLE_READ_WRITE_TYPE,
 			FactoryMethodDetector.USE_FACTORY_METHOD_INSTEAD_NEW_FRAGMENT,
-			InstanceStateDetector.MISSING_SAVED_INSTANCE_STATES);
+			InstanceStateDetector.MISSING_SAVED_INSTANCE_STATES,
+			InstanceStateDetector.KEY_IS_NOT_CONSTANT,
+			InstanceStateDetector.OVERWRITING_FIELDS,
+			InstanceStateDetector.OVERWRITING_INSTANCE_STATES);
 	}
 }

src/main/java/com/monits/linters/instancestate/holder/InstanceStateHolder.java

@@ -15,15 +15,15 @@
 
 import javax.annotation.Nonnull;
 
-import org.objectweb.asm.tree.AbstractInsnNode;
+import org.objectweb.asm.tree.MethodInsnNode;
 import org.objectweb.asm.tree.MethodNode;
 
 /**
  * Class to hold the instruction and the method of the state to be analyzed
  */
 public class InstanceStateHolder {
 
-	private final AbstractInsnNode instruction;
+	private final MethodInsnNode instruction;
 	private final MethodNode methodNode;
 
 	/**
@@ -32,7 +32,7 @@ public class InstanceStateHolder {
 	 * @param instruction The instruction of the state analyzed
 	 * @param methodNode The methodNode of the state analyzed
 	 */
-	public InstanceStateHolder(@Nonnull final AbstractInsnNode instruction, @Nonnull final MethodNode methodNode) {
+	public InstanceStateHolder(@Nonnull final MethodInsnNode instruction, @Nonnull final MethodNode methodNode) {
 		this.instruction = instruction;
 		this.methodNode = methodNode;
 	}
@@ -41,7 +41,7 @@ public InstanceStateHolder(@Nonnull final AbstractInsnNode instruction, @Nonnull
 	 * @return the instruction
 	 */
 	@Nonnull
-	public AbstractInsnNode getInstruction() {
+	public MethodInsnNode getInstruction() {
 		return instruction;
 	}