pghs975uc
/
infer_clone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '4283bf2602'
${ noResults }
infer_clone/infer/src/checkers/Siof.ml

279 lines
10 KiB
Raw Normal View History Unescape

[siof] check origin of globals and complain if potential siof Summary: Checker for the Static Initialization Order Fiasco pattern: https://isocpp.org/wiki/faq/ctors#static-init-order 1. Collect all globals (transitively) accessed in any given procedure. 2. Once the interprocedural analysis has finished, look at globals accessed in initializers that do not belong to the current translation unit. Reviewed By: sblackshear Differential Revision: D3780266 fbshipit-source-id: 1d07161
8 years ago
(*
* Copyright (c) 2016 - present Facebook, Inc.
* All rights reserved.
*
* This source code is licensed under the BSD style license found in the
* LICENSE file in the root directory of this source tree. An additional grant
* of patent rights can be found in the PATENTS file in the same directory.
*)
Divide Utils into Utils, Pp, and IStd Summary: Utils contains definitions intended to be in the global namespace for all of the infer code-base, as well as pretty-printing functions, and assorted utility functions mostly for dealing with files and processes. This diff changes the module opened into the global namespace to IStd (Std conflict with extlib), and moves the pretty-printing definitions from Utils to Pp. Reviewed By: jvillard Differential Revision: D4232457 fbshipit-source-id: 1e070e0
8 years ago
open! IStd
[ai] No need to create a domain for a bottom_lifted type Summary: Makes `type 'astate bottom_lifted` accessible without invoking `BottomLifted` Reviewed By: jvillard, sblackshear Differential Revision: D5920660 fbshipit-source-id: 40fca97
7 years ago
open! AbstractDomain.Types
[siof] check origin of globals and complain if potential siof Summary: Checker for the Static Initialization Order Fiasco pattern: https://isocpp.org/wiki/faq/ctors#static-init-order 1. Collect all globals (transitively) accessed in any given procedure. 2. Once the interprocedural analysis has finished, look at globals accessed in initializers that do not belong to the current translation unit. Reviewed By: sblackshear Differential Revision: D3780266 fbshipit-source-id: 1d07161
8 years ago
module F = Format
module L = Logging
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
module GlobalVar = SiofTrace.GlobalVar
module GlobalVarSet = SiofTrace.GlobalVarSet
[siof] collate multiple reports at the same line into one Summary: Change the domain of SIOF to be based on sets of pvar * location instead of single pvars. This allows us to group several accesses together. However, we still get different trace elems for different instructions in a proc. We do two things to get around this limitation and get a trace where all accesses within the same proc are grouped together, instead of one trace for each access: 1. A post-processing phase at the end of the analysis of one proc collects all the globals directly accessed in the proc into a single trace elem. 2. When creating the error trace, unpack this set into several trace elements to see each access (at its correct location) separately in the trace. This is a bit hacky and another way would be to extend the API of traces to handle in-procedure accesses natively instead of shoe-horning them. However since SIOF is the only one to use this, it introduces less boilerplate to do it that way for now. Also, a few .mlis for good measure. Reviewed By: sblackshear Differential Revision: D4299070 fbshipit-source-id: 3bbb5c2
8 years ago
[IR] Make qualified names type safe Summary: Add `QualifiedCppName.t` and some functions to manipulate it. More places will start using this type (such as `Procnames` or `Typ.Name`) in later diff Reviewed By: jberdine Differential Revision: D4738991 fbshipit-source-id: 8f20dd6
8 years ago
let methods_whitelist = QualifiedCppName.Match.of_fuzzy_qual_names Config.siof_safe_methods
[siof] add --siof-safe-methods whitelisting option Summary: This gives a way for users to flag safe methods regarding SIOF, for instance if the problematic paths in the method cannot happen before `main()` has started. Reviewed By: akotulski Differential Revision: D4578700 fbshipit-source-id: 6542dcf
8 years ago
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
let is_whitelisted (pname: Typ.Procname.t) =
Typ.Procname.get_qualifiers pname |> QualifiedCppName.Match.match_qualifiers methods_whitelist
[siof] add --siof-safe-methods whitelisting option Summary: This gives a way for users to flag safe methods regarding SIOF, for instance if the problematic paths in the method cannot happen before `main()` has started. Reviewed By: akotulski Differential Revision: D4578700 fbshipit-source-id: 6542dcf
8 years ago
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
type siof_model =
{ qual_name: string (** (fuzzy) name of the method, eg "std::ios_base::Init::Init" *)
; initialized_globals: string list
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
(** names of variables that are guaranteed to be initialized once the method is executed,
eg ["std::cerr"] *)
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
}
[siof] generic model of std::ios_base::Init that prevents SIOF Summary: Enrich the domain of SIOF to contain, as well as the globals needed by a procedure, the globals that the procedure initializes. Also add the possibility to model some procedures as initializing some variables. Use that mechanism to teach the checker about `std::ios_base::Init`. Reviewed By: mbouaziz Differential Revision: D4588284 fbshipit-source-id: d72fc87
8 years ago
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
let parse_siof_model (qual_name, initialized_globals) = {qual_name; initialized_globals}
[siof] generic model of std::ios_base::Init that prevents SIOF Summary: Enrich the domain of SIOF to contain, as well as the globals needed by a procedure, the globals that the procedure initializes. Also add the possibility to model some procedures as initializing some variables. Use that mechanism to teach the checker about `std::ios_base::Init`. Reviewed By: mbouaziz Differential Revision: D4588284 fbshipit-source-id: d72fc87
8 years ago
[siof] understand that <iostream> initialises streams Summary: Inject a marker using a global variable in <iostream>, and whitelist it so that the frontend translates it. Use the marker in the SIOF checker to tell whether a file includes <iostream>. If so, start the analysis of its methods assuming that the standard streams are initialised. Reviewed By: sblackshear Differential Revision: D5941343 fbshipit-source-id: 3388d55
7 years ago
let standard_streams =
[ "std::cerr"
; "std::wcerr"
; "std::cin"
; "std::wcin"
; "std::clog"
; "std::wclog"
; "std::cout"
; "std::wcout" ]
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
[siof] understand that <iostream> initialises streams Summary: Inject a marker using a global variable in <iostream>, and whitelist it so that the frontend translates it. Use the marker in the SIOF checker to tell whether a file includes <iostream>. If so, start the analysis of its methods assuming that the standard streams are initialised. Reviewed By: sblackshear Differential Revision: D5941343 fbshipit-source-id: 3388d55
7 years ago
let models = List.map ~f:parse_siof_model [("std::ios_base::Init::Init", standard_streams)]
[siof] generic model of std::ios_base::Init that prevents SIOF Summary: Enrich the domain of SIOF to contain, as well as the globals needed by a procedure, the globals that the procedure initializes. Also add the possibility to model some procedures as initializing some variables. Use that mechanism to teach the checker about `std::ios_base::Init`. Reviewed By: mbouaziz Differential Revision: D4588284 fbshipit-source-id: d72fc87
8 years ago
let is_modelled =
let models_matcher =
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
List.map models ~f:(fun {qual_name} -> qual_name) |> QualifiedCppName.Match.of_fuzzy_qual_names
in
[siof] generic model of std::ios_base::Init that prevents SIOF Summary: Enrich the domain of SIOF to contain, as well as the globals needed by a procedure, the globals that the procedure initializes. Also add the possibility to model some procedures as initializing some variables. Use that mechanism to teach the checker about `std::ios_base::Init`. Reviewed By: mbouaziz Differential Revision: D4588284 fbshipit-source-id: d72fc87
8 years ago
fun pname ->
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
Typ.Procname.get_qualifiers pname |> QualifiedCppName.Match.match_qualifiers models_matcher
[siof] generic model of std::ios_base::Init that prevents SIOF Summary: Enrich the domain of SIOF to contain, as well as the globals needed by a procedure, the globals that the procedure initializes. Also add the possibility to model some procedures as initializing some variables. Use that mechanism to teach the checker about `std::ios_base::Init`. Reviewed By: mbouaziz Differential Revision: D4588284 fbshipit-source-id: d72fc87
8 years ago
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
[siof] check origin of globals and complain if potential siof Summary: Checker for the Static Initialization Order Fiasco pattern: https://isocpp.org/wiki/faq/ctors#static-init-order 1. Collect all globals (transitively) accessed in any given procedure. 2. Once the interprocedural analysis has finished, look at globals accessed in initializers that do not belong to the current translation unit. Reviewed By: sblackshear Differential Revision: D3780266 fbshipit-source-id: 1d07161
8 years ago
module Summary = Summary.Make (struct
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
type payload = SiofDomain.astate
[siof] check origin of globals and complain if potential siof Summary: Checker for the Static Initialization Order Fiasco pattern: https://isocpp.org/wiki/faq/ctors#static-init-order 1. Collect all globals (transitively) accessed in any given procedure. 2. Once the interprocedural analysis has finished, look at globals accessed in initializers that do not belong to the current translation unit. Reviewed By: sblackshear Differential Revision: D3780266 fbshipit-source-id: 1d07161
8 years ago
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
let update_payload astate (summary: Specs.summary) =
{summary with payload= {summary.payload with siof= Some astate}}
[siof] check origin of globals and complain if potential siof Summary: Checker for the Static Initialization Order Fiasco pattern: https://isocpp.org/wiki/faq/ctors#static-init-order 1. Collect all globals (transitively) accessed in any given procedure. 2. Once the interprocedural analysis has finished, look at globals accessed in initializers that do not belong to the current translation unit. Reviewed By: sblackshear Differential Revision: D3780266 fbshipit-source-id: 1d07161
8 years ago
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
let read_payload (summary: Specs.summary) = summary.payload.siof
end)
[siof] check origin of globals and complain if potential siof Summary: Checker for the Static Initialization Order Fiasco pattern: https://isocpp.org/wiki/faq/ctors#static-init-order 1. Collect all globals (transitively) accessed in any given procedure. 2. Once the interprocedural analysis has finished, look at globals accessed in initializers that do not belong to the current translation unit. Reviewed By: sblackshear Differential Revision: D3780266 fbshipit-source-id: 1d07161
8 years ago
module TransferFunctions (CFG : ProcCfg.S) = struct
module CFG = CFG
[SIOF] detect which variables need initialization Summary: - do a semantic analysis of each variable initializer to figure out if they need initialization - add a flag to globals that is true when they are `constexpr`. In that case, no analysis is needed as the user + compile guarantee that it is a compile-time constant. Reviewed By: sblackshear Differential Revision: D4081273 fbshipit-source-id: 44dbe29
8 years ago
module Domain = SiofDomain
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
[siof] check origin of globals and complain if potential siof Summary: Checker for the Static Initialization Order Fiasco pattern: https://isocpp.org/wiki/faq/ctors#static-init-order 1. Collect all globals (transitively) accessed in any given procedure. 2. Once the interprocedural analysis has finished, look at globals accessed in initializers that do not belong to the current translation unit. Reviewed By: sblackshear Differential Revision: D3780266 fbshipit-source-id: 1d07161
8 years ago
type extras = ProcData.no_extras
[siof] handle constexpr constructors Summary: Globals that are constexpr-initializable do not participate in SIOF. Reviewed By: sblackshear Differential Revision: D4277216 fbshipit-source-id: fd601c8
8 years ago
let is_compile_time_constructed pdesc pv =
let init_pname = Pvar.get_initializer_pname pv in
update opam deps Summary: Update opam dependencies, in particular core to v0.9. Make corresponding changes to infer. Update opam.lock. Reviewed By: jvillard Differential Revision: D5325770 fbshipit-source-id: 506588c
8 years ago
match Option.bind init_pname ~f:(Summary.read_summary pdesc) with
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| Some (Bottom, _) ->
(* we analyzed the initializer for this global and found that it doesn't require any runtime
[siof] handle constexpr constructors Summary: Globals that are constexpr-initializable do not participate in SIOF. Reviewed By: sblackshear Differential Revision: D4277216 fbshipit-source-id: fd601c8
8 years ago
initialization so cannot participate in SIOF *)
true
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| _ ->
false
[siof] handle constexpr constructors Summary: Globals that are constexpr-initializable do not participate in SIOF. Reviewed By: sblackshear Differential Revision: D4277216 fbshipit-source-id: fd601c8
8 years ago
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
let get_globals pdesc e =
[SIOF] detect which variables need initialization Summary: - do a semantic analysis of each variable initializer to figure out if they need initialization - add a flag to globals that is true when they are `constexpr`. In that case, no analysis is needed as the user + compile guarantee that it is a compile-time constant. Reviewed By: sblackshear Differential Revision: D4081273 fbshipit-source-id: 44dbe29
8 years ago
let is_dangerous_global pv =
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
Pvar.is_global pv && not (Pvar.is_static_local pv) && not (Pvar.is_pod pv)
&& not (Pvar.is_compile_constant pv) && not (is_compile_time_constructed pdesc pv)
in
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
Exp.get_vars e |> snd |> List.filter ~f:is_dangerous_global |> GlobalVarSet.of_list
[siof] collate multiple reports at the same line into one Summary: Change the domain of SIOF to be based on sets of pvar * location instead of single pvars. This allows us to group several accesses together. However, we still get different trace elems for different instructions in a proc. We do two things to get around this limitation and get a trace where all accesses within the same proc are grouped together, instead of one trace for each access: 1. A post-processing phase at the end of the analysis of one proc collects all the globals directly accessed in the proc into a single trace elem. 2. When creating the error trace, unpack this set into several trace elements to see each access (at its correct location) separately in the trace. This is a bit hacky and another way would be to extend the API of traces to handle in-procedure accesses natively instead of shoe-horning them. However since SIOF is the only one to use this, it introduces less boilerplate to do it that way for now. Also, a few .mlis for good measure. Reviewed By: sblackshear Differential Revision: D4299070 fbshipit-source-id: 3bbb5c2
8 years ago
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
let filter_global_accesses initialized =
[siof] generic model of std::ios_base::Init that prevents SIOF Summary: Enrich the domain of SIOF to contain, as well as the globals needed by a procedure, the globals that the procedure initializes. Also add the possibility to model some procedures as initializing some variables. Use that mechanism to teach the checker about `std::ios_base::Init`. Reviewed By: mbouaziz Differential Revision: D4588284 fbshipit-source-id: d72fc87
8 years ago
let initialized_matcher =
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
Domain.VarNames.elements initialized |> QualifiedCppName.Match.of_fuzzy_qual_names
in
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
Staged.stage (fun (* gvar \notin initialized, up to some fuzzing *)
gvar ->
QualifiedCppName.of_qual_string (Pvar.to_string gvar)
|> Fn.non (QualifiedCppName.Match.match_qualifiers initialized_matcher) )
[siof] generic model of std::ios_base::Init that prevents SIOF Summary: Enrich the domain of SIOF to contain, as well as the globals needed by a procedure, the globals that the procedure initializes. Also add the possibility to model some procedures as initializing some variables. Use that mechanism to teach the checker about `std::ios_base::Init`. Reviewed By: mbouaziz Differential Revision: D4588284 fbshipit-source-id: d72fc87
8 years ago
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
let add_globals astate loc globals =
if GlobalVarSet.is_empty globals then astate
[SIOF] detect which variables need initialization Summary: - do a semantic analysis of each variable initializer to figure out if they need initialization - add a flag to globals that is true when they are `constexpr`. In that case, no analysis is needed as the user + compile guarantee that it is a compile-time constant. Reviewed By: sblackshear Differential Revision: D4081273 fbshipit-source-id: 44dbe29
8 years ago
else
[ai] No need to create a domain for a bottom_lifted type Summary: Makes `type 'astate bottom_lifted` accessible without invoking `BottomLifted` Reviewed By: jvillard, sblackshear Differential Revision: D5920660 fbshipit-source-id: 40fca97
7 years ago
let trace = match fst astate with Bottom -> SiofTrace.empty | NonBottom t -> t in
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
let is_dangerous =
(* filter out variables that are known to be already initialized *)
[siof] generic model of std::ios_base::Init that prevents SIOF Summary: Enrich the domain of SIOF to contain, as well as the globals needed by a procedure, the globals that the procedure initializes. Also add the possibility to model some procedures as initializing some variables. Use that mechanism to teach the checker about `std::ios_base::Init`. Reviewed By: mbouaziz Differential Revision: D4588284 fbshipit-source-id: d72fc87
8 years ago
let initialized = snd astate in
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
filter_global_accesses initialized |> Staged.unstage
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
in
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
let trace_with_non_init_globals =
GlobalVarSet.fold
(fun global acc ->
if is_dangerous global then SiofTrace.add_sink (SiofTrace.make_access global loc) acc
else acc)
globals trace
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
in
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
(NonBottom trace_with_non_init_globals, snd astate)
[siof] convert domain to sink trace of pvar's Summary: The Quandary-style traces are too general for checkers like SIOF. This diff adds a "suffix abstraction" of the trace for analyses that just care about sinks. To show how to use it, we add it to SIOF. Note: this diff converts the domain, but isn't actually doing the fancier reporting yet. That will come in a future diff. Reviewed By: jvillard Differential Revision: D4124881 fbshipit-source-id: 5b9fd07
8 years ago
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
let add_actuals_globals astate0 pdesc call_loc actuals =
List.fold_left actuals ~init:astate0 ~f:(fun astate (e, _) ->
get_globals pdesc e |> add_globals astate call_loc )
[SIOF] detect which variables need initialization Summary: - do a semantic analysis of each variable initializer to figure out if they need initialization - add a flag to globals that is true when they are `constexpr`. In that case, no analysis is needed as the user + compile guarantee that it is a compile-time constant. Reviewed By: sblackshear Differential Revision: D4081273 fbshipit-source-id: 44dbe29
8 years ago
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
[ai] No need to create a domain for a bottom_lifted type Summary: Makes `type 'astate bottom_lifted` accessible without invoking `BottomLifted` Reviewed By: jvillard, sblackshear Differential Revision: D5920660 fbshipit-source-id: 40fca97
7 years ago
let at_least_nonbottom = Domain.join (NonBottom SiofTrace.empty, Domain.VarNames.empty)
[siof] check origin of globals and complain if potential siof Summary: Checker for the Static Initialization Order Fiasco pattern: https://isocpp.org/wiki/faq/ctors#static-init-order 1. Collect all globals (transitively) accessed in any given procedure. 2. Once the interprocedural analysis has finished, look at globals accessed in initializers that do not belong to the current translation unit. Reviewed By: sblackshear Differential Revision: D3780266 fbshipit-source-id: 1d07161
8 years ago
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
let exec_instr astate {ProcData.pdesc} _ (instr: Sil.instr) =
[siof] collate multiple reports at the same line into one Summary: Change the domain of SIOF to be based on sets of pvar * location instead of single pvars. This allows us to group several accesses together. However, we still get different trace elems for different instructions in a proc. We do two things to get around this limitation and get a trace where all accesses within the same proc are grouped together, instead of one trace for each access: 1. A post-processing phase at the end of the analysis of one proc collects all the globals directly accessed in the proc into a single trace elem. 2. When creating the error trace, unpack this set into several trace elements to see each access (at its correct location) separately in the trace. This is a bit hacky and another way would be to extend the API of traces to handle in-procedure accesses natively instead of shoe-horning them. However since SIOF is the only one to use this, it introduces less boilerplate to do it that way for now. Also, a few .mlis for good measure. Reviewed By: sblackshear Differential Revision: D4299070 fbshipit-source-id: 3bbb5c2
8 years ago
match instr with
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| Load (_, exp, _, loc) | Store (_, _, exp, loc) | Prune (exp, loc, _, _) ->
get_globals pdesc exp |> add_globals astate loc
| Call (_, Const Cfun callee_pname, _, _, _) when is_whitelisted callee_pname ->
at_least_nonbottom astate
| Call (_, Const Cfun callee_pname, _, _, _) when is_modelled callee_pname ->
let init =
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
List.find_map_exn models ~f:(fun {qual_name; initialized_globals} ->
if QualifiedCppName.Match.of_fuzzy_qual_names [qual_name]
|> Fn.flip QualifiedCppName.Match.match_qualifiers
(Typ.Procname.get_qualifiers callee_pname)
then Some initialized_globals
else None )
in
[ai] No need to create a domain for a bottom_lifted type Summary: Makes `type 'astate bottom_lifted` accessible without invoking `BottomLifted` Reviewed By: jvillard, sblackshear Differential Revision: D5920660 fbshipit-source-id: 40fca97
7 years ago
Domain.join astate (NonBottom SiofTrace.empty, Domain.VarNames.of_list init)
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
| Call (_, Const Cfun callee_pname, _ :: actuals_without_self, loc, _)
[codemod] Move `Procname` into `Typ.Procname` Summary: `Procname` needs to depend on `Typ.t` and `Typ.Struct` depends on `Procname.t`. To resolve this circular dependency issue, move `Procname` into `Typ` steps: 1. Move everything from `Procname` to `Typ.Procname`, remove `Procname.re(i)` 2. search & replace `Procname.` with `Typ.Procname.` 3. fix outstanding compilation issues manually 4. `yes | arc lint` Reviewed By: jberdine Differential Revision: D4681509 fbshipit-source-id: b07af63
8 years ago
when Typ.Procname.is_c_method callee_pname && Typ.Procname.is_constructor callee_pname
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
&& Typ.Procname.is_constexpr callee_pname ->
add_actuals_globals astate pdesc loc actuals_without_self
| Call (_, Const Cfun callee_pname, actuals, loc, _) ->
let callee_astate =
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
match Summary.read_summary pdesc callee_pname with
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| Some (NonBottom trace, initialized_by_callee) ->
let already_initialized = snd astate in
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
let dangerous_accesses =
SiofTrace.sinks trace
|> SiofTrace.Sinks.filter (fun sink ->
SiofTrace.Sink.kind sink
|> Staged.unstage (filter_global_accesses already_initialized) )
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
in
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
let callsite = CallSite.make callee_pname loc in
let sinks =
SiofTrace.Sinks.map
(fun access -> SiofTrace.Sink.with_callsite access callsite)
dangerous_accesses
in
(NonBottom (SiofTrace.update_sinks trace sinks), initialized_by_callee)
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| Some ((Bottom, _) as callee_astate) ->
callee_astate
| None ->
(Bottom, Domain.VarNames.empty)
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
in
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
add_actuals_globals astate pdesc loc actuals |> Domain.join callee_astate
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
|> (* make sure it's not Bottom: we made a function call so this needs initialization *)
at_least_nonbottom
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| Call (_, _, actuals, loc, _) ->
add_actuals_globals astate pdesc loc actuals
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
|> (* make sure it's not Bottom: we made a function call so this needs initialization *)
at_least_nonbottom
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| Declare_locals _ | Remove_temps _ | Abstract _ | Nullify _ ->
astate
[siof] check origin of globals and complain if potential siof Summary: Checker for the Static Initialization Order Fiasco pattern: https://isocpp.org/wiki/faq/ctors#static-init-order 1. Collect all globals (transitively) accessed in any given procedure. 2. Once the interprocedural analysis has finished, look at globals accessed in initializers that do not belong to the current translation unit. Reviewed By: sblackshear Differential Revision: D3780266 fbshipit-source-id: 1d07161
8 years ago
end
[absint] simplify `AbstractInterpreter.Make` functor by hiding `Scheduler` parameter Summary: At one point I thought we'd want to have lots of different schedulers for things like exploring loops in different orders, but that hasn't materialized. Let's make the common use-case simpler by hiding the `Scheduler` parameter inside the `AbstractInterpreter` module. We can always expose `MakeWithScheduler` later if we want to. Reviewed By: jberdine Differential Revision: D4508095 fbshipit-source-id: 726e051
8 years ago
module Analyzer = AbstractInterpreter.Make (ProcCfg.Normal) (TransferFunctions)
[siof] check origin of globals and complain if potential siof Summary: Checker for the Static Initialization Order Fiasco pattern: https://isocpp.org/wiki/faq/ctors#static-init-order 1. Collect all globals (transitively) accessed in any given procedure. 2. Once the interprocedural analysis has finished, look at globals accessed in initializers that do not belong to the current translation unit. Reviewed By: sblackshear Differential Revision: D3780266 fbshipit-source-id: 1d07161
8 years ago
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
let is_foreign tu_opt v =
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
match (Pvar.get_translation_unit v, tu_opt) with
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| TUFile v_tu, Some current_tu ->
not (SourceFile.equal current_tu v_tu)
| TUExtern, Some _ ->
true
| _, None ->
L.(die InternalError) "cannot be called with translation unit set to None"
[siof] take POD into account Summary: SIOF is only for interactions between objects of non-POD types. Previously the checker was also reporting for POD types. Reviewed By: akotulski Differential Revision: D4197620 fbshipit-source-id: 7c56571
8 years ago
[infer][checkers] Prevent the race conditions between the summaries passed as parameter to the checkers and the summaries from the specs table Summary: This is step further simplify the code to avoid cases where the summary of the procedure being analyzed can exist in two different versions: # one version is the summary passed as parameter to every checker # the other is a copy of the summary in the in-memory specs table This diff implements: # the analysis always run through the `Ondemand` module (was already the case before) # the summary of the procedure being analyzed is created at the beginning of the on-demand analysis call # all the checkers run in sequence, update their respective part of the payload and log errors to the error table # the summary is store at the end of the on-demand analysis call Reviewed By: sblackshear Differential Revision: D4787414 fbshipit-source-id: 2d115c9
8 years ago
let report_siof summary trace pdesc gname loc =
[siof] add fancy interprocedural reporting Reviewed By: jvillard Differential Revision: D4117594 fbshipit-source-id: c55cff7
8 years ago
let trace_of_pname pname =
[ondemand] simplify API by removing need to pass type environment Summary: Noticed this when I was writing the documentation for the abstract interpretation framework and was curious about why `Ondemand.analyze_proc` needs the type environment. It turns out that the type environment is only used to transform/normalize Infer bi-abduction specs before storing them to disk, but this can be done elsewhere. Doing this normalization elsewhere simplifies the on-demand API, which is a win for all of its clients. Reviewed By: cristianoc Differential Revision: D4241279 fbshipit-source-id: 957b243
8 years ago
match Summary.read_summary pdesc pname with
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| Some (NonBottom summary, _) ->
summary
| _ ->
SiofTrace.empty
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
in
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
let report_one_path ((_, path) as trace) =
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
let description =
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
match path with
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| [] ->
assert false
| (final_sink, _) :: _ ->
F.asprintf
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
"Initializer of %s accesses global variable from a different translation unit: %a"
gname GlobalVar.pp (SiofTrace.Sink.kind final_sink)
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
in
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
let ltr = SiofTrace.trace_of_error loc gname trace in
[filtering] improve issue type filtering CLI Summary: Instead of a whitelist and blacklist and default issue types and default blacklist and filtering, consider a simpler semantics where 1. checkers can be individually turned on or off on the command line 2. most checkers are on by default 3. `--no-filtering` turns all issue types on, but they can then be turned off again by further arguments This provides a more flexible CLI and is similar to other options in the infer CLI, where "global" behaviour is generally avoided. Dynamically created checkers (eg, AL linters) cause some complications in the implementation but I think the semantics is still clear. Also change the name of the option to mention "issue types" instead of "checks", since the latter can be confused with "checkers". Reviewed By: jberdine Differential Revision: D5583238 fbshipit-source-id: 21de476
7 years ago
let msg = IssueType.static_initialization_order_fiasco.unique_id in
[siof] collate multiple reports at the same line into one Summary: Change the domain of SIOF to be based on sets of pvar * location instead of single pvars. This allows us to group several accesses together. However, we still get different trace elems for different instructions in a proc. We do two things to get around this limitation and get a trace where all accesses within the same proc are grouped together, instead of one trace for each access: 1. A post-processing phase at the end of the analysis of one proc collects all the globals directly accessed in the proc into a single trace elem. 2. When creating the error trace, unpack this set into several trace elements to see each access (at its correct location) separately in the trace. This is a bit hacky and another way would be to extend the API of traces to handle in-procedure accesses natively instead of shoe-horning them. However since SIOF is the only one to use this, it introduces less boilerplate to do it that way for now. Also, a few .mlis for good measure. Reviewed By: sblackshear Differential Revision: D4299070 fbshipit-source-id: 3bbb5c2
8 years ago
let exn = Exceptions.Checkers (msg, Localise.verbatim_desc description) in
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
Reporting.log_error summary ~loc ~ltr exn
in
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
let reportable_paths = SiofTrace.get_reportable_sink_paths trace ~trace_of_pname in
if Config.filtering then List.hd reportable_paths |> Option.iter ~f:report_one_path
else List.iter ~f:report_one_path reportable_paths
[siof] add fancy interprocedural reporting Reviewed By: jvillard Differential Revision: D4117594 fbshipit-source-id: c55cff7
8 years ago
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
let siof_check pdesc gname (summary: Specs.summary) =
[infer][checkers] Prevent the race conditions between the summaries passed as parameter to the checkers and the summaries from the specs table Summary: This is step further simplify the code to avoid cases where the summary of the procedure being analyzed can exist in two different versions: # one version is the summary passed as parameter to every checker # the other is a copy of the summary in the in-memory specs table This diff implements: # the analysis always run through the `Ondemand` module (was already the case before) # the summary of the procedure being analyzed is created at the beginning of the on-demand analysis call # all the checkers run in sequence, update their respective part of the payload and log errors to the error table # the summary is store at the end of the on-demand analysis call Reviewed By: sblackshear Differential Revision: D4787414 fbshipit-source-id: 2d115c9
8 years ago
match summary.payload.siof with
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| Some (NonBottom post, _) ->
let attrs = Procdesc.get_attributes pdesc in
[siof] collate multiple reports at the same line into one Summary: Change the domain of SIOF to be based on sets of pvar * location instead of single pvars. This allows us to group several accesses together. However, we still get different trace elems for different instructions in a proc. We do two things to get around this limitation and get a trace where all accesses within the same proc are grouped together, instead of one trace for each access: 1. A post-processing phase at the end of the analysis of one proc collects all the globals directly accessed in the proc into a single trace elem. 2. When creating the error trace, unpack this set into several trace elements to see each access (at its correct location) separately in the trace. This is a bit hacky and another way would be to extend the API of traces to handle in-procedure accesses natively instead of shoe-horning them. However since SIOF is the only one to use this, it introduces less boilerplate to do it that way for now. Also, a few .mlis for good measure. Reviewed By: sblackshear Differential Revision: D4299070 fbshipit-source-id: 3bbb5c2
8 years ago
let tu_opt =
let attrs = Procdesc.get_attributes pdesc in
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
attrs.ProcAttributes.translation_unit
in
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
let foreign_sinks =
SiofTrace.Sinks.filter
(fun sink -> SiofTrace.Sink.kind sink |> is_foreign tu_opt)
(SiofTrace.sinks post)
in
if not (SiofTrace.Sinks.is_empty foreign_sinks) then
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
report_siof summary
(SiofTrace.update_sinks post foreign_sinks)
pdesc gname attrs.ProcAttributes.loc
| Some (Bottom, _) | None ->
()
[siof] check origin of globals and complain if potential siof Summary: Checker for the Static Initialization Order Fiasco pattern: https://isocpp.org/wiki/faq/ctors#static-init-order 1. Collect all globals (transitively) accessed in any given procedure. 2. Once the interprocedural analysis has finished, look at globals accessed in initializers that do not belong to the current translation unit. Reviewed By: sblackshear Differential Revision: D3780266 fbshipit-source-id: 1d07161
8 years ago
[siof] understand that <iostream> initialises streams Summary: Inject a marker using a global variable in <iostream>, and whitelist it so that the frontend translates it. Use the marker in the SIOF checker to tell whether a file includes <iostream>. If so, start the analysis of its methods assuming that the standard streams are initialised. Reviewed By: sblackshear Differential Revision: D5941343 fbshipit-source-id: 3388d55
7 years ago
let checker {Callbacks.proc_desc; tenv; summary; get_procs_in_file} : Specs.summary =
let standard_streams_initialized_in_tu =
let includes_iostream tu =
let magic_iostream_marker =
(* always [Some _] because we create a global variable with [mk_global] *)
Option.value_exn
( Pvar.mk_global
(Mangled.from_string
(* infer's C++ headers define this global variable in <iostream> *)
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
"__infer_translation_unit_init_streams")
(TUFile tu)
[siof] understand that <iostream> initialises streams Summary: Inject a marker using a global variable in <iostream>, and whitelist it so that the frontend translates it. Use the marker in the SIOF checker to tell whether a file includes <iostream>. If so, start the analysis of its methods assuming that the standard streams are initialised. Reviewed By: sblackshear Differential Revision: D5941343 fbshipit-source-id: 3388d55
7 years ago
|> Pvar.get_initializer_pname )
in
get_procs_in_file (Procdesc.get_proc_name proc_desc)
|> List.exists ~f:(Typ.Procname.equal magic_iostream_marker)
in
Option.value_map ~default:false ~f:includes_iostream
(Procdesc.get_attributes proc_desc).ProcAttributes.translation_unit
in
[absint] kill `AbstractInterpreter.Interprocedural` module Summary: After D5245416 I was taking a closer look and decided it's best to get rid of the `Interprocedural` module altogether. Since jeremydubreil's refactoring to pass the summaries around everywhere, this module doesn't do much (it used to make sure the summary actually got stored to disk). Client code is shorter and simpler without this module. Reviewed By: mbouaziz Differential Revision: D5255400 fbshipit-source-id: acd1c00
8 years ago
let proc_data = ProcData.make_default proc_desc tenv in
[siof] understand that <iostream> initialises streams Summary: Inject a marker using a global variable in <iostream>, and whitelist it so that the frontend translates it. Use the marker in the SIOF checker to tell whether a file includes <iostream>. If so, start the analysis of its methods assuming that the standard streams are initialised. Reviewed By: sblackshear Differential Revision: D5941343 fbshipit-source-id: 3388d55
7 years ago
let initial =
( Bottom
, if standard_streams_initialized_in_tu then SiofDomain.VarNames.of_list standard_streams
else SiofDomain.VarNames.empty )
in
[infer][checkers] Prevent the race conditions between the summaries passed as parameter to the checkers and the summaries from the specs table Summary: This is step further simplify the code to avoid cases where the summary of the procedure being analyzed can exist in two different versions: # one version is the summary passed as parameter to every checker # the other is a copy of the summary in the in-memory specs table This diff implements: # the analysis always run through the `Ondemand` module (was already the case before) # the summary of the procedure being analyzed is created at the beginning of the on-demand analysis call # all the checkers run in sequence, update their respective part of the payload and log errors to the error table # the summary is store at the end of the on-demand analysis call Reviewed By: sblackshear Differential Revision: D4787414 fbshipit-source-id: 2d115c9
8 years ago
let updated_summary =
[absint] kill `AbstractInterpreter.Interprocedural` module Summary: After D5245416 I was taking a closer look and decided it's best to get rid of the `Interprocedural` module altogether. Since jeremydubreil's refactoring to pass the summaries around everywhere, this module doesn't do much (it used to make sure the summary actually got stored to disk). Client code is shorter and simpler without this module. Reviewed By: mbouaziz Differential Revision: D5255400 fbshipit-source-id: acd1c00
8 years ago
match Analyzer.compute_post proc_data ~initial with
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| Some post ->
Summary.update_summary post summary
| None ->
summary
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
in
( match Typ.Procname.get_global_name_of_initializer (Procdesc.get_proc_name proc_desc) with
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| Some gname ->
siof_check proc_desc gname updated_summary
| None ->
() ) ;
[infer][checkers] Prevent the race conditions between the summaries passed as parameter to the checkers and the summaries from the specs table Summary: This is step further simplify the code to avoid cases where the summary of the procedure being analyzed can exist in two different versions: # one version is the summary passed as parameter to every checker # the other is a copy of the summary in the in-memory specs table This diff implements: # the analysis always run through the `Ondemand` module (was already the case before) # the summary of the procedure being analyzed is created at the beginning of the on-demand analysis call # all the checkers run in sequence, update their respective part of the payload and log errors to the error table # the summary is store at the end of the on-demand analysis call Reviewed By: sblackshear Differential Revision: D4787414 fbshipit-source-id: 2d115c9
8 years ago
updated_summary
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago