Extract and expose JVM method access flags

gfs · gfs · commit 83e123634b29 · 2026-01-05T17:42:20.000-08:00
Adds extraction of raw JVM method access flags to the database and exposes them in QL via predicates for each flag. Updates the schema, extractor, and QL libraries to support querying method visibility and modifiers. Also improves error logging for constant pool extraction failures.
diff --git a/binary/extractor/jvm/Semmle.Extraction.Java.ByteCode/JvmExtractor.cs b/binary/extractor/jvm/Semmle.Extraction.Java.ByteCode/JvmExtractor.cs
@@ -139,6 +139,9 @@ private void ExtractMethod(Method method, int typeId, ClassFile classFile, strin
 
         trap.WriteTuple("methods", methodId, methodName, signature, typeId);
 
+        // Extract access flags as raw bitmask
+        trap.WriteTuple("jvm_method_access_flags", methodId, (int)method.AccessFlags);
+
         // Check if this is a static method (for parameter indexing)
         bool isStatic = (method.AccessFlags & AccessFlag.Static) != 0;
 
@@ -588,9 +591,10 @@ private void ExtractFieldRef(Instruction instr, int instrId, ClassFile classFile
                 fieldRef.Name ?? "",
                 fieldRef.Descriptor ?? "");
         }
-        catch
+        catch (Exception ex)
         {
-            // Ignore constant pool resolution errors
+            // Log but continue - malformed constant pool entries shouldn't stop extraction
+            Console.Error.WriteLine($"    Warning: Failed to extract field reference: {ex.Message}");
         }
     }
 
@@ -648,9 +652,10 @@ private void ExtractMethodRef(Instruction instr, int instrId, ClassFile classFil
                 trap.WriteTuple("jvm_call_has_return_value", instrId);
             }
         }
-        catch
+        catch (Exception ex)
         {
-            // Ignore constant pool resolution errors
+            // Log but continue - malformed constant pool entries shouldn't stop extraction
+            Console.Error.WriteLine($"    Warning: Failed to extract method reference: {ex.Message}");
         }
     }
 
@@ -664,9 +669,10 @@ private void ExtractTypeRef(ConstantHandle constHandle, int instrId, ClassFile c
             var classConst = classFile.Constants.Get(new ClassConstantHandle(constHandle.Slot));
             trap.WriteTuple("jvm_type_operand", instrId, classConst.Name?.Replace('/', '.') ?? "");
         }
-        catch
+        catch (Exception ex)
         {
-            // Ignore constant pool resolution errors
+            // Log but continue - malformed constant pool entries shouldn't stop extraction
+            Console.Error.WriteLine($"    Warning: Failed to extract type reference: {ex.Message}");
         }
     }
 
diff --git a/binary/extractor/jvm/semmlecode.binary.dbscheme b/binary/extractor/jvm/semmlecode.binary.dbscheme
@@ -2921,3 +2921,25 @@ jvm_parameter(
   string name: string ref,
   string descriptor: string ref
 );
+
+/**
+ * JVM method access flags.
+ * Stores the raw JVM access_flags bitmask for a method.
+ * See JVM spec §4.6 for flag definitions:
+ *   0x0001 = ACC_PUBLIC
+ *   0x0002 = ACC_PRIVATE
+ *   0x0004 = ACC_PROTECTED
+ *   0x0008 = ACC_STATIC
+ *   0x0010 = ACC_FINAL
+ *   0x0020 = ACC_SYNCHRONIZED
+ *   0x0040 = ACC_BRIDGE
+ *   0x0080 = ACC_VARARGS
+ *   0x0100 = ACC_NATIVE
+ *   0x0400 = ACC_ABSTRACT
+ *   0x0800 = ACC_STRICT
+ *   0x1000 = ACC_SYNTHETIC
+ */
+jvm_method_access_flags(
+  unique int method: @method ref,
+  int flags: int ref
+);
diff --git a/binary/ql/lib/semmle/code/binary/ast/internal/JvmInstructions.qll b/binary/ql/lib/semmle/code/binary/ast/internal/JvmInstructions.qll
@@ -82,6 +82,45 @@ class JvmMethod extends @method {
   JvmType getDeclaringType() { methods(this, _, _, result) }
 
   Location getLocation() { none() }
+
+  /** Gets the raw JVM access flags bitmask for this method. */
+  int getAccessFlags() { jvm_method_access_flags(this, result) }
+
+  /** Holds if this method is public. */
+  predicate isPublic() { this.getAccessFlags().bitAnd(1) != 0 }
+
+  /** Holds if this method is private. */
+  predicate isPrivate() { this.getAccessFlags().bitAnd(2) != 0 }
+
+  /** Holds if this method is protected. */
+  predicate isProtected() { this.getAccessFlags().bitAnd(4) != 0 }
+
+  /** Holds if this method is static. */
+  predicate isStatic() { this.getAccessFlags().bitAnd(8) != 0 }
+
+  /** Holds if this method is final. */
+  predicate isFinal() { this.getAccessFlags().bitAnd(16) != 0 }
+
+  /** Holds if this method is synchronized. */
+  predicate isSynchronized() { this.getAccessFlags().bitAnd(32) != 0 }
+
+  /** Holds if this method is a bridge method. */
+  predicate isBridge() { this.getAccessFlags().bitAnd(64) != 0 }
+
+  /** Holds if this method accepts variable arguments. */
+  predicate isVarArgs() { this.getAccessFlags().bitAnd(128) != 0 }
+
+  /** Holds if this method is native. */
+  predicate isNative() { this.getAccessFlags().bitAnd(256) != 0 }
+
+  /** Holds if this method is abstract. */
+  predicate isAbstract() { this.getAccessFlags().bitAnd(1024) != 0 }
+
+  /** Holds if this method uses strict floating-point. */
+  predicate isStrict() { this.getAccessFlags().bitAnd(2048) != 0 }
+
+  /** Holds if this method is synthetic (compiler-generated). */
+  predicate isSynthetic() { this.getAccessFlags().bitAnd(4096) != 0 }
 }
 
 pragma[nomagic]
diff --git a/binary/ql/lib/semmle/code/binary/ast/ir/internal/Instruction0/TranslatedFunction.qll b/binary/ql/lib/semmle/code/binary/ast/ir/internal/Instruction0/TranslatedFunction.qll
@@ -322,7 +322,7 @@ class TranslatedJvmMethod extends TranslatedFunction, TTranslatedJvmMethod {
 
   override predicate isProgramEntryPoint() { none() }
 
-  override predicate isPublic() { any() } // TODO: Extract access modifiers
+  override predicate isPublic() { method.isPublic() }
 
   override Instruction getBodyEntry() {
     result = this.getParameter(0).getEntry()
diff --git a/binary/ql/lib/semmlecode.binary.dbscheme b/binary/ql/lib/semmlecode.binary.dbscheme
@@ -2921,3 +2921,25 @@ jvm_parameter(
   string name: string ref,
   string descriptor: string ref
 );
+
+/**
+ * JVM method access flags.
+ * Stores the raw JVM access_flags bitmask for a method.
+ * See JVM spec §4.6 for flag definitions:
+ *   0x0001 = ACC_PUBLIC
+ *   0x0002 = ACC_PRIVATE
+ *   0x0004 = ACC_PROTECTED
+ *   0x0008 = ACC_STATIC
+ *   0x0010 = ACC_FINAL
+ *   0x0020 = ACC_SYNCHRONIZED
+ *   0x0040 = ACC_BRIDGE
+ *   0x0080 = ACC_VARARGS
+ *   0x0100 = ACC_NATIVE
+ *   0x0400 = ACC_ABSTRACT
+ *   0x0800 = ACC_STRICT
+ *   0x1000 = ACC_SYNTHETIC
+ */
+jvm_method_access_flags(
+  unique int method: @method ref,
+  int flags: int ref
+);

Original file line number	Diff line number	Diff line change
`@@ -139,6 +139,9 @@ private void ExtractMethod(Method method, int typeId, ClassFile classFile, strin`
`139`	`139`
`140`	`140`	`trap.WriteTuple("methods", methodId, methodName, signature, typeId);`
`141`	`141`
	`142`	`+ // Extract access flags as raw bitmask`
	`143`	`+ trap.WriteTuple("jvm_method_access_flags", methodId, (int)method.AccessFlags);`
	`144`	`+`
`142`	`145`	`// Check if this is a static method (for parameter indexing)`
`143`	`146`	`bool isStatic = (method.AccessFlags & AccessFlag.Static) != 0;`
`144`	`147`
`@@ -588,9 +591,10 @@ private void ExtractFieldRef(Instruction instr, int instrId, ClassFile classFile`
`588`	`591`	`fieldRef.Name ?? "",`
`589`	`592`	`fieldRef.Descriptor ?? "");`
`590`	`593`	`}`
`591`		`- catch`
	`594`	`+ catch (Exception ex)`
`592`	`595`	`{`
`593`		`- // Ignore constant pool resolution errors`
	`596`	`+ // Log but continue - malformed constant pool entries shouldn't stop extraction`
	`597`	`+ Console.Error.WriteLine($" Warning: Failed to extract field reference: {ex.Message}");`
`594`	`598`	`}`
`595`	`599`	`}`
`596`	`600`
`@@ -648,9 +652,10 @@ private void ExtractMethodRef(Instruction instr, int instrId, ClassFile classFil`
`648`	`652`	`trap.WriteTuple("jvm_call_has_return_value", instrId);`
`649`	`653`	`}`
`650`	`654`	`}`
`651`		`- catch`
	`655`	`+ catch (Exception ex)`
`652`	`656`	`{`
`653`		`- // Ignore constant pool resolution errors`
	`657`	`+ // Log but continue - malformed constant pool entries shouldn't stop extraction`
	`658`	`+ Console.Error.WriteLine($" Warning: Failed to extract method reference: {ex.Message}");`
`654`	`659`	`}`
`655`	`660`	`}`
`656`	`661`
`@@ -664,9 +669,10 @@ private void ExtractTypeRef(ConstantHandle constHandle, int instrId, ClassFile c`
`664`	`669`	`var classConst = classFile.Constants.Get(new ClassConstantHandle(constHandle.Slot));`
`665`	`670`	`trap.WriteTuple("jvm_type_operand", instrId, classConst.Name?.Replace('/', '.') ?? "");`
`666`	`671`	`}`
`667`		`- catch`
	`672`	`+ catch (Exception ex)`
`668`	`673`	`{`
`669`		`- // Ignore constant pool resolution errors`
	`674`	`+ // Log but continue - malformed constant pool entries shouldn't stop extraction`
	`675`	`+ Console.Error.WriteLine($" Warning: Failed to extract type reference: {ex.Message}");`
`670`	`676`	`}`
`671`	`677`	`}`
`672`	`678`