pghs975uc
/
infer_clone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '07cef38d1f'
${ noResults }
infer_clone/infer/src/quandary/ClangTaintAnalysis.ml

105 lines
4.1 KiB
Raw Normal View History Unescape

[quandary] skeleton for C++ analysis Differential Revision: D3998518 fbshipit-source-id: e90c46d
8 years ago
(*
[copyright] Remove years Reviewed By: jvillard Differential Revision: D15771884 fbshipit-source-id: e2997e3a3
6 years ago
* Copyright (c) Facebook, Inc. and its affiliates.
[quandary] skeleton for C++ analysis Differential Revision: D3998518 fbshipit-source-id: e90c46d
8 years ago
*
Change license to MIT Summary: Change the license of the source code from BSD + PATENTS to MIT. Change `checkCopyright` to reflect the new license and learn some new file types. Generated with: ``` git grep BSD | xargs -n 1 ./scripts/checkCopyright -i ``` Reviewed By: jeremydubreil, mbouaziz, jberdine Differential Revision: D8071249 fbshipit-source-id: 97ca23a
7 years ago
* This source code is licensed under the MIT license found in the
* LICENSE file in the root directory of this source tree.
[quandary] skeleton for C++ analysis Differential Revision: D3998518 fbshipit-source-id: e90c46d
8 years ago
*)
Divide Utils into Utils, Pp, and IStd Summary: Utils contains definitions intended to be in the global namespace for all of the infer code-base, as well as pretty-printing functions, and assorted utility functions mostly for dealing with files and processes. This diff changes the module opened into the global namespace to IStd (Std conflict with extlib), and moves the pretty-printing definitions from Utils to Pp. Reviewed By: jvillard Differential Revision: D4232457 fbshipit-source-id: 1e070e0
8 years ago
open! IStd
[quandary] skeleton for C++ analysis Differential Revision: D3998518 fbshipit-source-id: e90c46d
8 years ago
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
include TaintAnalysis.Make (struct
module Trace = ClangTrace
[access trie] make max depth configurable Reviewed By: jberdine Differential Revision: D5689923 fbshipit-source-id: 471363d
8 years ago
module AccessTree = AccessTree.Make (Trace) (AccessTree.DefaultConfig)
[quandary] skeleton for C++ analysis Differential Revision: D3998518 fbshipit-source-id: e90c46d
8 years ago
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
let to_summary_access_tree tree = QuandarySummary.AccessTree.Clang tree
[quandary] skeleton for C++ analysis Differential Revision: D3998518 fbshipit-source-id: e90c46d
8 years ago
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
let of_summary_access_tree = function
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| QuandarySummary.AccessTree.Clang tree ->
tree
| _ ->
assert false
[quandary] skeleton for C++ analysis Differential Revision: D3998518 fbshipit-source-id: e90c46d
8 years ago
[sil] make return value and type mandatory Summary: This simplifies the frontends and backends in most cases. Before this diff, returning `void` could be modelled either with a `None` return, or a dummy return variable with type `Tvoid`. Now it's always the latter. Reviewed By: sblackshear, dulmarod Differential Revision: D7832938 fbshipit-source-id: 0a403d1
7 years ago
let handle_unknown_call pname ret_typ actuals _ =
let handle_generic_unknown ret_typ actuals =
[infer] Translate casting expressions of integer pointers Summary: It enables the translation of casting expression. As of now, it translates only the castings of pointers to integer types, in order to avoid too much of change, which may mess the checkers up. Reviewed By: jvillard Differential Revision: D12920568 fbshipit-source-id: a5489df24
6 years ago
match ((ret_typ.Typ.desc : Typ.desc), List.rev_map actuals ~f:HilExp.ignore_cast) with
[sil] make return value and type mandatory Summary: This simplifies the frontends and backends in most cases. Before this diff, returning `void` could be modelled either with a `None` return, or a dummy return variable with type `Tvoid`. Now it's always the latter. Reviewed By: sblackshear, dulmarod Differential Revision: D7832938 fbshipit-source-id: 0a403d1
7 years ago
(* everything but Tvoid*)
[IR] kill never-true "no_return" flag of Tfun type desc Summary: Another dead flag that one could mistakenly think is accurate. Reviewed By: dulmarod Differential Revision: D18573925 fbshipit-source-id: 129a9cff5
5 years ago
| (Tint _ | Tfloat _ | Tfun | Tptr _ | Tstruct _ | TVar _ | Tarray _), _ ->
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
(* propagate taint from actuals to return value *)
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
[TaintSpec.Propagate_to_return]
[sil] make return value and type mandatory Summary: This simplifies the frontends and backends in most cases. Before this diff, returning `void` could be modelled either with a `None` return, or a dummy return variable with type `Tvoid`. Now it's always the latter. Reviewed By: sblackshear, dulmarod Differential Revision: D7832938 fbshipit-source-id: 0a403d1
7 years ago
| Tvoid, [] ->
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
[]
[sil] make return value and type mandatory Summary: This simplifies the frontends and backends in most cases. Before this diff, returning `void` could be modelled either with a `None` return, or a dummy return variable with type `Tvoid`. Now it's always the latter. Reviewed By: sblackshear, dulmarod Differential Revision: D7832938 fbshipit-source-id: 0a403d1
7 years ago
| Tvoid, _ when Typ.Procname.is_constructor pname ->
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
(* "this" is always the first arg of a constructor; propagate taint there *)
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
[TaintSpec.Propagate_to_receiver]
[sil] make return value and type mandatory Summary: This simplifies the frontends and backends in most cases. Before this diff, returning `void` could be modelled either with a `None` return, or a dummy return variable with type `Tvoid`. Now it's always the latter. Reviewed By: sblackshear, dulmarod Differential Revision: D7832938 fbshipit-source-id: 0a403d1
7 years ago
| Tvoid, HilExp.AccessExpression access_expr :: _ -> (
[HIL][3/4] remove compatibility AccessExpression.ml Summary: `AccessExpression.t` and `HilExp.t` are about to become mutually recursive, this will help distinguish the actual changes from the moving of code around. This deletes the file left around in the previous commit to preserve callers of `AccessExpression`. Reviewed By: mbouaziz Differential Revision: D13377645 fbshipit-source-id: 71338d1f3
6 years ago
match HilExp.AccessExpression.to_access_path access_expr with
[HIL] Access expression Summary: Preparing to extend HIL with Dereference and AddressOf expressions. Next steps: (1) change SIL -> HIL translation to preserve address of and dereference; (2) adapt analyses based on HIL to make use access expressions. Reviewed By: jeremydubreil Differential Revision: D6961928 fbshipit-source-id: 51da919
7 years ago
| (Var.ProgramVar pvar, {desc= Typ.Tptr (_, Typ.Pk_pointer)}), []
when Pvar.is_frontend_tmp pvar ->
(* no return value, but the frontend has introduced a dummy return variable and will
[quandary] tests for string functionality Summary: String are very important for taint analysis, have to make sure that we have the right models/the right behaviors for unknown code. Reviewed By: jvillard Differential Revision: D5054832 fbshipit-source-id: 7e7ee07
8 years ago
assign the return value to this variable. So propagate taint to the dummy return
variable *)
[HIL] Access expression Summary: Preparing to extend HIL with Dereference and AddressOf expressions. Next steps: (1) change SIL -> HIL translation to preserve address of and dereference; (2) adapt analyses based on HIL to make use access expressions. Reviewed By: jeremydubreil Differential Revision: D6961928 fbshipit-source-id: 51da919
7 years ago
let actual_index = List.length actuals - 1 in
[TaintSpec.Propagate_to_actual actual_index]
| _ ->
[TaintSpec.Propagate_to_receiver] )
[sil] make return value and type mandatory Summary: This simplifies the frontends and backends in most cases. Before this diff, returning `void` could be modelled either with a `None` return, or a dummy return variable with type `Tvoid`. Now it's always the latter. Reviewed By: sblackshear, dulmarod Differential Revision: D7832938 fbshipit-source-id: 0a403d1
7 years ago
| Tvoid, _ ->
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
(* no return value; propagate taint from actuals to receiver *)
[quandary] handle return value passed by reference in sources Summary: Needed because this is how the Clang frontend translates returns of non-POD, non pointer values (I think)? Will handle the more general case of pass by reference soon. Reviewed By: jvillard Differential Revision: D5017653 fbshipit-source-id: 1fbcea5
8 years ago
[TaintSpec.Propagate_to_receiver]
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
in
(* if we have a specific model for a procedure, use that. otherwise, use the generic
[ocamlformat] Upgrade ocamlformat version Reviewed By: jvillard Differential Revision: D18162727 fbshipit-source-id: ffb9f7541
5 years ago
heuristics for dealing with unknown code *)
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
match Typ.Procname.get_method pname with
| "operator+="
| "operator-="
| "operator*="
| "operator/="
| "operator%="
| "operator<<="
| "operator>>="
| "operator&="
| "operator^="
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| "operator|=" ->
[TaintSpec.Propagate_to_receiver; TaintSpec.Propagate_to_return]
| "memcpy" | "memmove" | "strcpy" | "strncpy" ->
[TaintSpec.Propagate_to_receiver; TaintSpec.Propagate_to_return]
| "sprintf" ->
[TaintSpec.Propagate_to_receiver]
| "strlen" ->
(* don't propagate taint for strlen *)
[quandary] add memcpy, memset, and similar as sinks Reviewed By: jeremydubreil Differential Revision: D5676226 fbshipit-source-id: 52a20d1
8 years ago
[]
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| _ ->
[sil] make return value and type mandatory Summary: This simplifies the frontends and backends in most cases. Before this diff, returning `void` could be modelled either with a `None` return, or a dummy return variable with type `Tvoid`. Now it's always the latter. Reviewed By: sblackshear, dulmarod Differential Revision: D7832938 fbshipit-source-id: 0a403d1
7 years ago
handle_generic_unknown ret_typ actuals
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
[quandary] optimize handling of unknown code by adding notion of 'taintable types' Reviewed By: jeremydubreil Differential Revision: D4846886 fbshipit-source-id: d8364cc
8 years ago
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
(* treat folly functions as unknown library code. we often specify folly functions as sinks,
[ocamlformat] Upgrade ocamlformat version Reviewed By: jvillard Differential Revision: D18162727 fbshipit-source-id: ffb9f7541
5 years ago
and we don't want to double-report if these functions eventually call other sinks (e.g.,
when folly::Subprocess calls exec), in addition some folly functions are heavily optimized in
a way that obscures what they're actually doing (e.g., they use assembly code). it's better
to write models for these functions or treat them as unknown *)
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
let models_matcher = QualifiedCppName.Match.of_fuzzy_qual_names ["folly"]
[quandary] make it possible to specify code that should be modeled even if we have a summary Summary: Have found this useful in Quandary for fbcode, where we want to do this for folly due to its use of assembly (details in comments). Reviewed By: mbouaziz Differential Revision: D5167564 fbshipit-source-id: bf6d7e0
8 years ago
[sil] make return value and type mandatory Summary: This simplifies the frontends and backends in most cases. Before this diff, returning `void` could be modelled either with a `None` return, or a dummy return variable with type `Tvoid`. Now it's always the latter. Reviewed By: sblackshear, dulmarod Differential Revision: D7832938 fbshipit-source-id: 0a403d1
7 years ago
let get_model pname ret_typ actuals tenv summary =
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
(* hack for default C++ constructors, which get translated as an empty body (and will thus
[ocamlformat] Upgrade ocamlformat version Reviewed By: jvillard Differential Revision: D18162727 fbshipit-source-id: ffb9f7541
5 years ago
have an empty summary). We don't want that because we want to be able to propagate taint
from comstructor parameters to the constructed object. so we treat the empty constructor
as a skip function instead *)
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
let is_default_constructor pname =
Typ.Procname.is_c_method pname && Typ.Procname.is_constructor pname
&& AccessTree.BaseMap.is_empty summary
in
match pname with
| Typ.Procname.ObjC_Cpp _
when is_default_constructor pname
|| QualifiedCppName.Match.match_qualifiers models_matcher
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
(Typ.Procname.get_qualifiers pname) ->
[sil] make return value and type mandatory Summary: This simplifies the frontends and backends in most cases. Before this diff, returning `void` could be modelled either with a `None` return, or a dummy return variable with type `Tvoid`. Now it's always the latter. Reviewed By: sblackshear, dulmarod Differential Revision: D7832938 fbshipit-source-id: 0a403d1
7 years ago
Some (handle_unknown_call pname ret_typ actuals tenv)
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| _ ->
None
[ocamlformat] Upgrade base and ocamlformat Summary: Upgrade ocamlformat to 0.3, and (necessarily) base to v0.10.0. - Fix accumulated mis-formatting - Update opam.lock to unbreak clean build - Update to base v0.10.0 - Update opam.lock for base - Update offline opam repo - Everyone should already have removed their ocamlformat pin - ocamlformat 0.3 supports output to stdout natively - bump version of ocamlformat Reviewed By: jeremydubreil Differential Revision: D6636741 fbshipit-source-id: 41a56a8
7 years ago
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
let is_taintable_type _ = true
Debug: session name Summary: Now that everything can run at the same time and we have preanalyses, it can be quite hard to read debug sessions. Here come session names! Depends on D7607336 Reviewed By: sblackshear Differential Revision: D7607481 fbshipit-source-id: 676af86
7 years ago
let name = "clang"
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
end)