pghs975uc
/
infer_clone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '43d6c17f29'
${ noResults }
infer_clone/infer/src/checkers/Siof.ml

288 lines
11 KiB
Raw Normal View History Unescape

[siof] check origin of globals and complain if potential siof Summary: Checker for the Static Initialization Order Fiasco pattern: https://isocpp.org/wiki/faq/ctors#static-init-order 1. Collect all globals (transitively) accessed in any given procedure. 2. Once the interprocedural analysis has finished, look at globals accessed in initializers that do not belong to the current translation unit. Reviewed By: sblackshear Differential Revision: D3780266 fbshipit-source-id: 1d07161
8 years ago
(*
* Copyright (c) 2016 - present Facebook, Inc.
* All rights reserved.
*
* This source code is licensed under the BSD style license found in the
* LICENSE file in the root directory of this source tree. An additional grant
* of patent rights can be found in the PATENTS file in the same directory.
*)
Divide Utils into Utils, Pp, and IStd Summary: Utils contains definitions intended to be in the global namespace for all of the infer code-base, as well as pretty-printing functions, and assorted utility functions mostly for dealing with files and processes. This diff changes the module opened into the global namespace to IStd (Std conflict with extlib), and moves the pretty-printing definitions from Utils to Pp. Reviewed By: jvillard Differential Revision: D4232457 fbshipit-source-id: 1e070e0
8 years ago
open! IStd
[ai] No need to create a domain for a bottom_lifted type Summary: Makes `type 'astate bottom_lifted` accessible without invoking `BottomLifted` Reviewed By: jvillard, sblackshear Differential Revision: D5920660 fbshipit-source-id: 40fca97
7 years ago
open! AbstractDomain.Types
[siof] check origin of globals and complain if potential siof Summary: Checker for the Static Initialization Order Fiasco pattern: https://isocpp.org/wiki/faq/ctors#static-init-order 1. Collect all globals (transitively) accessed in any given procedure. 2. Once the interprocedural analysis has finished, look at globals accessed in initializers that do not belong to the current translation unit. Reviewed By: sblackshear Differential Revision: D3780266 fbshipit-source-id: 1d07161
8 years ago
module F = Format
module L = Logging
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
module GlobalVar = SiofTrace.GlobalVar
module GlobalVarSet = SiofTrace.GlobalVarSet
[siof] collate multiple reports at the same line into one Summary: Change the domain of SIOF to be based on sets of pvar * location instead of single pvars. This allows us to group several accesses together. However, we still get different trace elems for different instructions in a proc. We do two things to get around this limitation and get a trace where all accesses within the same proc are grouped together, instead of one trace for each access: 1. A post-processing phase at the end of the analysis of one proc collects all the globals directly accessed in the proc into a single trace elem. 2. When creating the error trace, unpack this set into several trace elements to see each access (at its correct location) separately in the trace. This is a bit hacky and another way would be to extend the API of traces to handle in-procedure accesses natively instead of shoe-horning them. However since SIOF is the only one to use this, it introduces less boilerplate to do it that way for now. Also, a few .mlis for good measure. Reviewed By: sblackshear Differential Revision: D4299070 fbshipit-source-id: 3bbb5c2
8 years ago
[IR] Make qualified names type safe Summary: Add `QualifiedCppName.t` and some functions to manipulate it. More places will start using this type (such as `Procnames` or `Typ.Name`) in later diff Reviewed By: jberdine Differential Revision: D4738991 fbshipit-source-id: 8f20dd6
8 years ago
let methods_whitelist = QualifiedCppName.Match.of_fuzzy_qual_names Config.siof_safe_methods
[siof] add --siof-safe-methods whitelisting option Summary: This gives a way for users to flag safe methods regarding SIOF, for instance if the problematic paths in the method cannot happen before `main()` has started. Reviewed By: akotulski Differential Revision: D4578700 fbshipit-source-id: 6542dcf
8 years ago
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
let is_whitelisted (pname: Typ.Procname.t) =
Typ.Procname.get_qualifiers pname |> QualifiedCppName.Match.match_qualifiers methods_whitelist
[siof] add --siof-safe-methods whitelisting option Summary: This gives a way for users to flag safe methods regarding SIOF, for instance if the problematic paths in the method cannot happen before `main()` has started. Reviewed By: akotulski Differential Revision: D4578700 fbshipit-source-id: 6542dcf
8 years ago
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
type siof_model =
{ qual_name: string (** (fuzzy) name of the method, eg "std::ios_base::Init::Init" *)
; initialized_globals: string list
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
(** names of variables that are guaranteed to be initialized once the method is executed,
eg ["std::cerr"] *)
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
}
[siof] generic model of std::ios_base::Init that prevents SIOF Summary: Enrich the domain of SIOF to contain, as well as the globals needed by a procedure, the globals that the procedure initializes. Also add the possibility to model some procedures as initializing some variables. Use that mechanism to teach the checker about `std::ios_base::Init`. Reviewed By: mbouaziz Differential Revision: D4588284 fbshipit-source-id: d72fc87
8 years ago
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
let parse_siof_model (qual_name, initialized_globals) = {qual_name; initialized_globals}
[siof] generic model of std::ios_base::Init that prevents SIOF Summary: Enrich the domain of SIOF to contain, as well as the globals needed by a procedure, the globals that the procedure initializes. Also add the possibility to model some procedures as initializing some variables. Use that mechanism to teach the checker about `std::ios_base::Init`. Reviewed By: mbouaziz Differential Revision: D4588284 fbshipit-source-id: d72fc87
8 years ago
[siof] understand that <iostream> initialises streams Summary: Inject a marker using a global variable in <iostream>, and whitelist it so that the frontend translates it. Use the marker in the SIOF checker to tell whether a file includes <iostream>. If so, start the analysis of its methods assuming that the standard streams are initialised. Reviewed By: sblackshear Differential Revision: D5941343 fbshipit-source-id: 3388d55
7 years ago
let standard_streams =
[ "std::cerr"
; "std::wcerr"
; "std::cin"
; "std::wcin"
; "std::clog"
; "std::wclog"
; "std::cout"
; "std::wcout" ]
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
[siof] understand that <iostream> initialises streams Summary: Inject a marker using a global variable in <iostream>, and whitelist it so that the frontend translates it. Use the marker in the SIOF checker to tell whether a file includes <iostream>. If so, start the analysis of its methods assuming that the standard streams are initialised. Reviewed By: sblackshear Differential Revision: D5941343 fbshipit-source-id: 3388d55
7 years ago
let models = List.map ~f:parse_siof_model [("std::ios_base::Init::Init", standard_streams)]
[siof] generic model of std::ios_base::Init that prevents SIOF Summary: Enrich the domain of SIOF to contain, as well as the globals needed by a procedure, the globals that the procedure initializes. Also add the possibility to model some procedures as initializing some variables. Use that mechanism to teach the checker about `std::ios_base::Init`. Reviewed By: mbouaziz Differential Revision: D4588284 fbshipit-source-id: d72fc87
8 years ago
let is_modelled =
let models_matcher =
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
List.map models ~f:(fun {qual_name} -> qual_name) |> QualifiedCppName.Match.of_fuzzy_qual_names
in
[siof] generic model of std::ios_base::Init that prevents SIOF Summary: Enrich the domain of SIOF to contain, as well as the globals needed by a procedure, the globals that the procedure initializes. Also add the possibility to model some procedures as initializing some variables. Use that mechanism to teach the checker about `std::ios_base::Init`. Reviewed By: mbouaziz Differential Revision: D4588284 fbshipit-source-id: d72fc87
8 years ago
fun pname ->
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
Typ.Procname.get_qualifiers pname |> QualifiedCppName.Match.match_qualifiers models_matcher
[siof] generic model of std::ios_base::Init that prevents SIOF Summary: Enrich the domain of SIOF to contain, as well as the globals needed by a procedure, the globals that the procedure initializes. Also add the possibility to model some procedures as initializing some variables. Use that mechanism to teach the checker about `std::ios_base::Init`. Reviewed By: mbouaziz Differential Revision: D4588284 fbshipit-source-id: d72fc87
8 years ago
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
[siof] check origin of globals and complain if potential siof Summary: Checker for the Static Initialization Order Fiasco pattern: https://isocpp.org/wiki/faq/ctors#static-init-order 1. Collect all globals (transitively) accessed in any given procedure. 2. Once the interprocedural analysis has finished, look at globals accessed in initializers that do not belong to the current translation unit. Reviewed By: sblackshear Differential Revision: D3780266 fbshipit-source-id: 1d07161
8 years ago
module Summary = Summary.Make (struct
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
type payload = SiofDomain.astate
[siof] check origin of globals and complain if potential siof Summary: Checker for the Static Initialization Order Fiasco pattern: https://isocpp.org/wiki/faq/ctors#static-init-order 1. Collect all globals (transitively) accessed in any given procedure. 2. Once the interprocedural analysis has finished, look at globals accessed in initializers that do not belong to the current translation unit. Reviewed By: sblackshear Differential Revision: D3780266 fbshipit-source-id: 1d07161
8 years ago
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
let update_payload astate (summary: Specs.summary) =
{summary with payload= {summary.payload with siof= Some astate}}
[siof] check origin of globals and complain if potential siof Summary: Checker for the Static Initialization Order Fiasco pattern: https://isocpp.org/wiki/faq/ctors#static-init-order 1. Collect all globals (transitively) accessed in any given procedure. 2. Once the interprocedural analysis has finished, look at globals accessed in initializers that do not belong to the current translation unit. Reviewed By: sblackshear Differential Revision: D3780266 fbshipit-source-id: 1d07161
8 years ago
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
let read_payload (summary: Specs.summary) = summary.payload.siof
end)
[siof] check origin of globals and complain if potential siof Summary: Checker for the Static Initialization Order Fiasco pattern: https://isocpp.org/wiki/faq/ctors#static-init-order 1. Collect all globals (transitively) accessed in any given procedure. 2. Once the interprocedural analysis has finished, look at globals accessed in initializers that do not belong to the current translation unit. Reviewed By: sblackshear Differential Revision: D3780266 fbshipit-source-id: 1d07161
8 years ago
module TransferFunctions (CFG : ProcCfg.S) = struct
module CFG = CFG
[SIOF] detect which variables need initialization Summary: - do a semantic analysis of each variable initializer to figure out if they need initialization - add a flag to globals that is true when they are `constexpr`. In that case, no analysis is needed as the user + compile guarantee that it is a compile-time constant. Reviewed By: sblackshear Differential Revision: D4081273 fbshipit-source-id: 44dbe29
8 years ago
module Domain = SiofDomain
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
[siof] check origin of globals and complain if potential siof Summary: Checker for the Static Initialization Order Fiasco pattern: https://isocpp.org/wiki/faq/ctors#static-init-order 1. Collect all globals (transitively) accessed in any given procedure. 2. Once the interprocedural analysis has finished, look at globals accessed in initializers that do not belong to the current translation unit. Reviewed By: sblackshear Differential Revision: D3780266 fbshipit-source-id: 1d07161
8 years ago
type extras = ProcData.no_extras
[siof] handle constexpr constructors Summary: Globals that are constexpr-initializable do not participate in SIOF. Reviewed By: sblackshear Differential Revision: D4277216 fbshipit-source-id: fd601c8
8 years ago
let is_compile_time_constructed pdesc pv =
let init_pname = Pvar.get_initializer_pname pv in
update opam deps Summary: Update opam dependencies, in particular core to v0.9. Make corresponding changes to infer. Update opam.lock. Reviewed By: jvillard Differential Revision: D5325770 fbshipit-source-id: 506588c
8 years ago
match Option.bind init_pname ~f:(Summary.read_summary pdesc) with
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| Some (Bottom, _) ->
(* we analyzed the initializer for this global and found that it doesn't require any runtime
[siof] handle constexpr constructors Summary: Globals that are constexpr-initializable do not participate in SIOF. Reviewed By: sblackshear Differential Revision: D4277216 fbshipit-source-id: fd601c8
8 years ago
initialization so cannot participate in SIOF *)
true
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| _ ->
false
[siof] handle constexpr constructors Summary: Globals that are constexpr-initializable do not participate in SIOF. Reviewed By: sblackshear Differential Revision: D4277216 fbshipit-source-id: fd601c8
8 years ago
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
let get_globals pdesc e =
[SIOF] detect which variables need initialization Summary: - do a semantic analysis of each variable initializer to figure out if they need initialization - add a flag to globals that is true when they are `constexpr`. In that case, no analysis is needed as the user + compile guarantee that it is a compile-time constant. Reviewed By: sblackshear Differential Revision: D4081273 fbshipit-source-id: 44dbe29
8 years ago
let is_dangerous_global pv =
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
Pvar.is_global pv && not (Pvar.is_static_local pv) && not (Pvar.is_pod pv)
&& not (Pvar.is_compile_constant pv) && not (is_compile_time_constructed pdesc pv)
in
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
Exp.get_vars e |> snd |> List.filter ~f:is_dangerous_global |> GlobalVarSet.of_list
[siof] collate multiple reports at the same line into one Summary: Change the domain of SIOF to be based on sets of pvar * location instead of single pvars. This allows us to group several accesses together. However, we still get different trace elems for different instructions in a proc. We do two things to get around this limitation and get a trace where all accesses within the same proc are grouped together, instead of one trace for each access: 1. A post-processing phase at the end of the analysis of one proc collects all the globals directly accessed in the proc into a single trace elem. 2. When creating the error trace, unpack this set into several trace elements to see each access (at its correct location) separately in the trace. This is a bit hacky and another way would be to extend the API of traces to handle in-procedure accesses natively instead of shoe-horning them. However since SIOF is the only one to use this, it introduces less boilerplate to do it that way for now. Also, a few .mlis for good measure. Reviewed By: sblackshear Differential Revision: D4299070 fbshipit-source-id: 3bbb5c2
8 years ago
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
let filter_global_accesses initialized =
[siof] generic model of std::ios_base::Init that prevents SIOF Summary: Enrich the domain of SIOF to contain, as well as the globals needed by a procedure, the globals that the procedure initializes. Also add the possibility to model some procedures as initializing some variables. Use that mechanism to teach the checker about `std::ios_base::Init`. Reviewed By: mbouaziz Differential Revision: D4588284 fbshipit-source-id: d72fc87
8 years ago
let initialized_matcher =
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
Domain.VarNames.elements initialized |> QualifiedCppName.Match.of_fuzzy_qual_names
in
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
Staged.stage (fun (* gvar \notin initialized, up to some fuzzing *)
gvar ->
QualifiedCppName.of_qual_string (Pvar.to_string gvar)
|> Fn.non (QualifiedCppName.Match.match_qualifiers initialized_matcher) )
[siof] generic model of std::ios_base::Init that prevents SIOF Summary: Enrich the domain of SIOF to contain, as well as the globals needed by a procedure, the globals that the procedure initializes. Also add the possibility to model some procedures as initializing some variables. Use that mechanism to teach the checker about `std::ios_base::Init`. Reviewed By: mbouaziz Differential Revision: D4588284 fbshipit-source-id: d72fc87
8 years ago
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
let add_globals astate loc globals =
if GlobalVarSet.is_empty globals then astate
[SIOF] detect which variables need initialization Summary: - do a semantic analysis of each variable initializer to figure out if they need initialization - add a flag to globals that is true when they are `constexpr`. In that case, no analysis is needed as the user + compile guarantee that it is a compile-time constant. Reviewed By: sblackshear Differential Revision: D4081273 fbshipit-source-id: 44dbe29
8 years ago
else
[ai] No need to create a domain for a bottom_lifted type Summary: Makes `type 'astate bottom_lifted` accessible without invoking `BottomLifted` Reviewed By: jvillard, sblackshear Differential Revision: D5920660 fbshipit-source-id: 40fca97
7 years ago
let trace = match fst astate with Bottom -> SiofTrace.empty | NonBottom t -> t in
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
let is_dangerous =
(* filter out variables that are known to be already initialized *)
[siof] generic model of std::ios_base::Init that prevents SIOF Summary: Enrich the domain of SIOF to contain, as well as the globals needed by a procedure, the globals that the procedure initializes. Also add the possibility to model some procedures as initializing some variables. Use that mechanism to teach the checker about `std::ios_base::Init`. Reviewed By: mbouaziz Differential Revision: D4588284 fbshipit-source-id: d72fc87
8 years ago
let initialized = snd astate in
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
filter_global_accesses initialized |> Staged.unstage
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
in
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
let trace_with_non_init_globals =
GlobalVarSet.fold
(fun global acc ->
if is_dangerous global then SiofTrace.add_sink (SiofTrace.make_access global loc) acc
[ocamlformat] Upgrade base and ocamlformat Summary: Upgrade ocamlformat to 0.3, and (necessarily) base to v0.10.0. - Fix accumulated mis-formatting - Update opam.lock to unbreak clean build - Update to base v0.10.0 - Update opam.lock for base - Update offline opam repo - Everyone should already have removed their ocamlformat pin - ocamlformat 0.3 supports output to stdout natively - bump version of ocamlformat Reviewed By: jeremydubreil Differential Revision: D6636741 fbshipit-source-id: 41a56a8
7 years ago
else acc )
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
globals trace
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
in
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
(NonBottom trace_with_non_init_globals, snd astate)
[siof] convert domain to sink trace of pvar's Summary: The Quandary-style traces are too general for checkers like SIOF. This diff adds a "suffix abstraction" of the trace for analyses that just care about sinks. To show how to use it, we add it to SIOF. Note: this diff converts the domain, but isn't actually doing the fancier reporting yet. That will come in a future diff. Reviewed By: jvillard Differential Revision: D4124881 fbshipit-source-id: 5b9fd07
8 years ago
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
let add_actuals_globals astate0 pdesc call_loc actuals =
List.fold_left actuals ~init:astate0 ~f:(fun astate (e, _) ->
get_globals pdesc e |> add_globals astate call_loc )
[SIOF] detect which variables need initialization Summary: - do a semantic analysis of each variable initializer to figure out if they need initialization - add a flag to globals that is true when they are `constexpr`. In that case, no analysis is needed as the user + compile guarantee that it is a compile-time constant. Reviewed By: sblackshear Differential Revision: D4081273 fbshipit-source-id: 44dbe29
8 years ago
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
[ai] No need to create a domain for a bottom_lifted type Summary: Makes `type 'astate bottom_lifted` accessible without invoking `BottomLifted` Reviewed By: jvillard, sblackshear Differential Revision: D5920660 fbshipit-source-id: 40fca97
7 years ago
let at_least_nonbottom = Domain.join (NonBottom SiofTrace.empty, Domain.VarNames.empty)
[siof] check origin of globals and complain if potential siof Summary: Checker for the Static Initialization Order Fiasco pattern: https://isocpp.org/wiki/faq/ctors#static-init-order 1. Collect all globals (transitively) accessed in any given procedure. 2. Once the interprocedural analysis has finished, look at globals accessed in initializers that do not belong to the current translation unit. Reviewed By: sblackshear Differential Revision: D3780266 fbshipit-source-id: 1d07161
8 years ago
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
let exec_instr astate {ProcData.pdesc} _ (instr: Sil.instr) =
[siof] collate multiple reports at the same line into one Summary: Change the domain of SIOF to be based on sets of pvar * location instead of single pvars. This allows us to group several accesses together. However, we still get different trace elems for different instructions in a proc. We do two things to get around this limitation and get a trace where all accesses within the same proc are grouped together, instead of one trace for each access: 1. A post-processing phase at the end of the analysis of one proc collects all the globals directly accessed in the proc into a single trace elem. 2. When creating the error trace, unpack this set into several trace elements to see each access (at its correct location) separately in the trace. This is a bit hacky and another way would be to extend the API of traces to handle in-procedure accesses natively instead of shoe-horning them. However since SIOF is the only one to use this, it introduces less boilerplate to do it that way for now. Also, a few .mlis for good measure. Reviewed By: sblackshear Differential Revision: D4299070 fbshipit-source-id: 3bbb5c2
8 years ago
match instr with
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| Load (_, exp, _, loc) | Store (_, _, exp, loc) | Prune (exp, loc, _, _) ->
get_globals pdesc exp |> add_globals astate loc
| Call (_, Const Cfun callee_pname, _, _, _) when is_whitelisted callee_pname ->
at_least_nonbottom astate
| Call (_, Const Cfun callee_pname, _, _, _) when is_modelled callee_pname ->
let init =
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
List.find_map_exn models ~f:(fun {qual_name; initialized_globals} ->
if QualifiedCppName.Match.of_fuzzy_qual_names [qual_name]
|> Fn.flip QualifiedCppName.Match.match_qualifiers
(Typ.Procname.get_qualifiers callee_pname)
then Some initialized_globals
else None )
in
[ai] No need to create a domain for a bottom_lifted type Summary: Makes `type 'astate bottom_lifted` accessible without invoking `BottomLifted` Reviewed By: jvillard, sblackshear Differential Revision: D5920660 fbshipit-source-id: 40fca97
7 years ago
Domain.join astate (NonBottom SiofTrace.empty, Domain.VarNames.of_list init)
[cleanup] Move ObjC/C++-specific Procname functions to dedicated module Summary: Continuing the cleanup started in D6740465. Reviewed By: jeremydubreil, mbouaziz Differential Revision: D6945967 fbshipit-source-id: 23e9d08
7 years ago
| Call (_, Const Cfun (ObjC_Cpp cpp_pname as callee_pname), _ :: actuals_without_self, loc, _)
when Typ.Procname.is_constructor callee_pname && Typ.Procname.ObjC_Cpp.is_constexpr cpp_pname ->
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
add_actuals_globals astate pdesc loc actuals_without_self
| Call (_, Const Cfun callee_pname, actuals, loc, _) ->
let callee_astate =
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
match Summary.read_summary pdesc callee_pname with
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| Some (NonBottom trace, initialized_by_callee) ->
let already_initialized = snd astate in
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
let dangerous_accesses =
SiofTrace.sinks trace
|> SiofTrace.Sinks.filter (fun sink ->
SiofTrace.Sink.kind sink
|> Staged.unstage (filter_global_accesses already_initialized) )
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
in
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
let callsite = CallSite.make callee_pname loc in
let sinks =
SiofTrace.Sinks.map
(fun access -> SiofTrace.Sink.with_callsite access callsite)
dangerous_accesses
in
(NonBottom (SiofTrace.update_sinks trace sinks), initialized_by_callee)
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| Some ((Bottom, _) as callee_astate) ->
callee_astate
| None ->
(Bottom, Domain.VarNames.empty)
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
in
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
add_actuals_globals astate pdesc loc actuals |> Domain.join callee_astate
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
|> (* make sure it's not Bottom: we made a function call so this needs initialization *)
at_least_nonbottom
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| Call (_, _, actuals, loc, _) ->
add_actuals_globals astate pdesc loc actuals
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
|> (* make sure it's not Bottom: we made a function call so this needs initialization *)
at_least_nonbottom
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| Declare_locals _ | Remove_temps _ | Abstract _ | Nullify _ ->
astate
[siof] check origin of globals and complain if potential siof Summary: Checker for the Static Initialization Order Fiasco pattern: https://isocpp.org/wiki/faq/ctors#static-init-order 1. Collect all globals (transitively) accessed in any given procedure. 2. Once the interprocedural analysis has finished, look at globals accessed in initializers that do not belong to the current translation unit. Reviewed By: sblackshear Differential Revision: D3780266 fbshipit-source-id: 1d07161
8 years ago
end
[absint] simplify `AbstractInterpreter.Make` functor by hiding `Scheduler` parameter Summary: At one point I thought we'd want to have lots of different schedulers for things like exploring loops in different orders, but that hasn't materialized. Let's make the common use-case simpler by hiding the `Scheduler` parameter inside the `AbstractInterpreter` module. We can always expose `MakeWithScheduler` later if we want to. Reviewed By: jberdine Differential Revision: D4508095 fbshipit-source-id: 726e051
8 years ago
module Analyzer = AbstractInterpreter.Make (ProcCfg.Normal) (TransferFunctions)
[siof] check origin of globals and complain if potential siof Summary: Checker for the Static Initialization Order Fiasco pattern: https://isocpp.org/wiki/faq/ctors#static-init-order 1. Collect all globals (transitively) accessed in any given procedure. 2. Once the interprocedural analysis has finished, look at globals accessed in initializers that do not belong to the current translation unit. Reviewed By: sblackshear Differential Revision: D3780266 fbshipit-source-id: 1d07161
8 years ago
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
let is_foreign tu_opt v =
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
match (Pvar.get_translation_unit v, tu_opt) with
[infer][PR] Fixed namespace for Java globals. Summary: In Java, static variables are distinguished by package/class: the file where they are defined doesn't matter. Fixes #831. Closes https://github.com/facebook/infer/pull/833 Reviewed By: jeremydubreil Differential Revision: D6661240 Pulled By: sblackshear fbshipit-source-id: beeb2f9
7 years ago
| Some v_tu, Some current_tu ->
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
not (SourceFile.equal current_tu v_tu)
[infer][PR] Fixed namespace for Java globals. Summary: In Java, static variables are distinguished by package/class: the file where they are defined doesn't matter. Fixes #831. Closes https://github.com/facebook/infer/pull/833 Reviewed By: jeremydubreil Differential Revision: D6661240 Pulled By: sblackshear fbshipit-source-id: beeb2f9
7 years ago
| None, Some _ ->
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
true
| _, None ->
L.(die InternalError) "cannot be called with translation unit set to None"
[siof] take POD into account Summary: SIOF is only for interactions between objects of non-POD types. Previously the checker was also reporting for POD types. Reviewed By: akotulski Differential Revision: D4197620 fbshipit-source-id: 7c56571
8 years ago
[infer][checkers] Prevent the race conditions between the summaries passed as parameter to the checkers and the summaries from the specs table Summary: This is step further simplify the code to avoid cases where the summary of the procedure being analyzed can exist in two different versions: # one version is the summary passed as parameter to every checker # the other is a copy of the summary in the in-memory specs table This diff implements: # the analysis always run through the `Ondemand` module (was already the case before) # the summary of the procedure being analyzed is created at the beginning of the on-demand analysis call # all the checkers run in sequence, update their respective part of the payload and log errors to the error table # the summary is store at the end of the on-demand analysis call Reviewed By: sblackshear Differential Revision: D4787414 fbshipit-source-id: 2d115c9
8 years ago
let report_siof summary trace pdesc gname loc =
[siof] add fancy interprocedural reporting Reviewed By: jvillard Differential Revision: D4117594 fbshipit-source-id: c55cff7
8 years ago
let trace_of_pname pname =
[ondemand] simplify API by removing need to pass type environment Summary: Noticed this when I was writing the documentation for the abstract interpretation framework and was curious about why `Ondemand.analyze_proc` needs the type environment. It turns out that the type environment is only used to transform/normalize Infer bi-abduction specs before storing them to disk, but this can be done elsewhere. Doing this normalization elsewhere simplifies the on-demand API, which is a win for all of its clients. Reviewed By: cristianoc Differential Revision: D4241279 fbshipit-source-id: 957b243
8 years ago
match Summary.read_summary pdesc pname with
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| Some (NonBottom summary, _) ->
summary
| _ ->
SiofTrace.empty
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
in
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
let report_one_path ((_, path) as trace) =
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
let description =
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
match path with
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| [] ->
assert false
| (final_sink, _) :: _ ->
F.asprintf
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
"Initializer of %s accesses global variable from a different translation unit: %a"
gname GlobalVar.pp (SiofTrace.Sink.kind final_sink)
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
in
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
let ltr = SiofTrace.trace_of_error loc gname trace in
[infer] simplify the API to report errors Summary: There was a back and forth conversion between `string` and `IssueType.t` which was not necessary. Reviewed By: sblackshear Differential Revision: D6562747 fbshipit-source-id: 70b57a2
7 years ago
let exn =
Exceptions.Checkers
(IssueType.static_initialization_order_fiasco, Localise.verbatim_desc description)
in
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
Reporting.log_error summary ~loc ~ltr exn
in
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
let reportable_paths = SiofTrace.get_reportable_sink_paths trace ~trace_of_pname in
if Config.filtering then List.hd reportable_paths |> Option.iter ~f:report_one_path
else List.iter ~f:report_one_path reportable_paths
[siof] add fancy interprocedural reporting Reviewed By: jvillard Differential Revision: D4117594 fbshipit-source-id: c55cff7
8 years ago
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
let siof_check pdesc gname (summary: Specs.summary) =
[infer][checkers] Prevent the race conditions between the summaries passed as parameter to the checkers and the summaries from the specs table Summary: This is step further simplify the code to avoid cases where the summary of the procedure being analyzed can exist in two different versions: # one version is the summary passed as parameter to every checker # the other is a copy of the summary in the in-memory specs table This diff implements: # the analysis always run through the `Ondemand` module (was already the case before) # the summary of the procedure being analyzed is created at the beginning of the on-demand analysis call # all the checkers run in sequence, update their respective part of the payload and log errors to the error table # the summary is store at the end of the on-demand analysis call Reviewed By: sblackshear Differential Revision: D4787414 fbshipit-source-id: 2d115c9
8 years ago
match summary.payload.siof with
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| Some (NonBottom post, _) ->
let attrs = Procdesc.get_attributes pdesc in
[siof] collate multiple reports at the same line into one Summary: Change the domain of SIOF to be based on sets of pvar * location instead of single pvars. This allows us to group several accesses together. However, we still get different trace elems for different instructions in a proc. We do two things to get around this limitation and get a trace where all accesses within the same proc are grouped together, instead of one trace for each access: 1. A post-processing phase at the end of the analysis of one proc collects all the globals directly accessed in the proc into a single trace elem. 2. When creating the error trace, unpack this set into several trace elements to see each access (at its correct location) separately in the trace. This is a bit hacky and another way would be to extend the API of traces to handle in-procedure accesses natively instead of shoe-horning them. However since SIOF is the only one to use this, it introduces less boilerplate to do it that way for now. Also, a few .mlis for good measure. Reviewed By: sblackshear Differential Revision: D4299070 fbshipit-source-id: 3bbb5c2
8 years ago
let tu_opt =
let attrs = Procdesc.get_attributes pdesc in
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
attrs.ProcAttributes.translation_unit
in
[siof] one access per sink, better report deduplication Summary: The previous domain for SIOF was duplicating some work with the generic Trace domain, and basically was a bit confused and confusing. A sink was a set of global accesses, and a state contains a set of sinks. Then the checker has to needlessly jump through hoops to normalize this set of sets of accesses into a set of accesses. The new domain has one sink = one access, as suggested by sblackshear. This simplifies a few things, and makes the dedup logic much easier: just grab the first report of the list of reports for a function. We only report on the fake procedures generated to initialise a global, and the filtering means that we keep only one report per global. Reviewed By: sblackshear Differential Revision: D5932138 fbshipit-source-id: acb7285
7 years ago
let foreign_sinks =
SiofTrace.Sinks.filter
(fun sink -> SiofTrace.Sink.kind sink |> is_foreign tu_opt)
(SiofTrace.sinks post)
in
if not (SiofTrace.Sinks.is_empty foreign_sinks) then
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
report_siof summary
(SiofTrace.update_sinks post foreign_sinks)
pdesc gname attrs.ProcAttributes.loc
| Some (Bottom, _) | None ->
()
[siof] check origin of globals and complain if potential siof Summary: Checker for the Static Initialization Order Fiasco pattern: https://isocpp.org/wiki/faq/ctors#static-init-order 1. Collect all globals (transitively) accessed in any given procedure. 2. Once the interprocedural analysis has finished, look at globals accessed in initializers that do not belong to the current translation unit. Reviewed By: sblackshear Differential Revision: D3780266 fbshipit-source-id: 1d07161
8 years ago
[siof] understand that <iostream> initialises streams Summary: Inject a marker using a global variable in <iostream>, and whitelist it so that the frontend translates it. Use the marker in the SIOF checker to tell whether a file includes <iostream>. If so, start the analysis of its methods assuming that the standard streams are initialised. Reviewed By: sblackshear Differential Revision: D5941343 fbshipit-source-id: 3388d55
7 years ago
let checker {Callbacks.proc_desc; tenv; summary; get_procs_in_file} : Specs.summary =
[clang] static data members are external globals unless defined in the file Summary: The issue is with classes defining static data members: ``` $ cat foo.h struct A { static int foo; }; $ cat foo.cpp #include "foo.h" int A::foo = 12; int f() { return A::foo; // should see A::foo as defined in this translation unit $ cat bar.cpp #include "foo.h" void g() { return A::foo; // should see A::foo defined externally ``` Previously, both foo.cpp and bar.cpp would see `A::foo` as defined within their translation unit, because it comes from the header. This is wrong, and static data members should be treated as extern unless they're defined in the same file. This doesn't change much except for frontend tests. SIOF FP fix in the next diff. update-submodule: facebook-clang-plugins Reviewed By: da319 Differential Revision: D6221744 fbshipit-source-id: bef88fd
7 years ago
let pname = Procdesc.get_proc_name proc_desc in
[siof] understand that <iostream> initialises streams Summary: Inject a marker using a global variable in <iostream>, and whitelist it so that the frontend translates it. Use the marker in the SIOF checker to tell whether a file includes <iostream>. If so, start the analysis of its methods assuming that the standard streams are initialised. Reviewed By: sblackshear Differential Revision: D5941343 fbshipit-source-id: 3388d55
7 years ago
let standard_streams_initialized_in_tu =
let includes_iostream tu =
let magic_iostream_marker =
(* always [Some _] because we create a global variable with [mk_global] *)
Option.value_exn
[infer][PR] Fixed namespace for Java globals. Summary: In Java, static variables are distinguished by package/class: the file where they are defined doesn't matter. Fixes #831. Closes https://github.com/facebook/infer/pull/833 Reviewed By: jeremydubreil Differential Revision: D6661240 Pulled By: sblackshear fbshipit-source-id: beeb2f9
7 years ago
( Pvar.mk_global ~translation_unit:tu
[siof] understand that <iostream> initialises streams Summary: Inject a marker using a global variable in <iostream>, and whitelist it so that the frontend translates it. Use the marker in the SIOF checker to tell whether a file includes <iostream>. If so, start the analysis of its methods assuming that the standard streams are initialised. Reviewed By: sblackshear Differential Revision: D5941343 fbshipit-source-id: 3388d55
7 years ago
(Mangled.from_string
(* infer's C++ headers define this global variable in <iostream> *)
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
"__infer_translation_unit_init_streams")
[siof] understand that <iostream> initialises streams Summary: Inject a marker using a global variable in <iostream>, and whitelist it so that the frontend translates it. Use the marker in the SIOF checker to tell whether a file includes <iostream>. If so, start the analysis of its methods assuming that the standard streams are initialised. Reviewed By: sblackshear Differential Revision: D5941343 fbshipit-source-id: 3388d55
7 years ago
|> Pvar.get_initializer_pname )
in
[clang] static data members are external globals unless defined in the file Summary: The issue is with classes defining static data members: ``` $ cat foo.h struct A { static int foo; }; $ cat foo.cpp #include "foo.h" int A::foo = 12; int f() { return A::foo; // should see A::foo as defined in this translation unit $ cat bar.cpp #include "foo.h" void g() { return A::foo; // should see A::foo defined externally ``` Previously, both foo.cpp and bar.cpp would see `A::foo` as defined within their translation unit, because it comes from the header. This is wrong, and static data members should be treated as extern unless they're defined in the same file. This doesn't change much except for frontend tests. SIOF FP fix in the next diff. update-submodule: facebook-clang-plugins Reviewed By: da319 Differential Revision: D6221744 fbshipit-source-id: bef88fd
7 years ago
get_procs_in_file pname |> List.exists ~f:(Typ.Procname.equal magic_iostream_marker)
[siof] understand that <iostream> initialises streams Summary: Inject a marker using a global variable in <iostream>, and whitelist it so that the frontend translates it. Use the marker in the SIOF checker to tell whether a file includes <iostream>. If so, start the analysis of its methods assuming that the standard streams are initialised. Reviewed By: sblackshear Differential Revision: D5941343 fbshipit-source-id: 3388d55
7 years ago
in
Option.value_map ~default:false ~f:includes_iostream
(Procdesc.get_attributes proc_desc).ProcAttributes.translation_unit
in
[absint] kill `AbstractInterpreter.Interprocedural` module Summary: After D5245416 I was taking a closer look and decided it's best to get rid of the `Interprocedural` module altogether. Since jeremydubreil's refactoring to pass the summaries around everywhere, this module doesn't do much (it used to make sure the summary actually got stored to disk). Client code is shorter and simpler without this module. Reviewed By: mbouaziz Differential Revision: D5255400 fbshipit-source-id: acd1c00
8 years ago
let proc_data = ProcData.make_default proc_desc tenv in
[siof] understand that <iostream> initialises streams Summary: Inject a marker using a global variable in <iostream>, and whitelist it so that the frontend translates it. Use the marker in the SIOF checker to tell whether a file includes <iostream>. If so, start the analysis of its methods assuming that the standard streams are initialised. Reviewed By: sblackshear Differential Revision: D5941343 fbshipit-source-id: 3388d55
7 years ago
let initial =
( Bottom
, if standard_streams_initialized_in_tu then SiofDomain.VarNames.of_list standard_streams
else SiofDomain.VarNames.empty )
in
[infer][checkers] Prevent the race conditions between the summaries passed as parameter to the checkers and the summaries from the specs table Summary: This is step further simplify the code to avoid cases where the summary of the procedure being analyzed can exist in two different versions: # one version is the summary passed as parameter to every checker # the other is a copy of the summary in the in-memory specs table This diff implements: # the analysis always run through the `Ondemand` module (was already the case before) # the summary of the procedure being analyzed is created at the beginning of the on-demand analysis call # all the checkers run in sequence, update their respective part of the payload and log errors to the error table # the summary is store at the end of the on-demand analysis call Reviewed By: sblackshear Differential Revision: D4787414 fbshipit-source-id: 2d115c9
8 years ago
let updated_summary =
[clang] static data members are external globals unless defined in the file Summary: The issue is with classes defining static data members: ``` $ cat foo.h struct A { static int foo; }; $ cat foo.cpp #include "foo.h" int A::foo = 12; int f() { return A::foo; // should see A::foo as defined in this translation unit $ cat bar.cpp #include "foo.h" void g() { return A::foo; // should see A::foo defined externally ``` Previously, both foo.cpp and bar.cpp would see `A::foo` as defined within their translation unit, because it comes from the header. This is wrong, and static data members should be treated as extern unless they're defined in the same file. This doesn't change much except for frontend tests. SIOF FP fix in the next diff. update-submodule: facebook-clang-plugins Reviewed By: da319 Differential Revision: D6221744 fbshipit-source-id: bef88fd
7 years ago
(* If the function is constexpr then it doesn't participate in SIOF. The checker should be able
to figure this out when analyzing the function, but we might as well use the user's
specification if it's given to us. This also serves as an optimization as this skips the
analysis of the function. *)
[cleanup] Move ObjC/C++-specific Procname functions to dedicated module Summary: Continuing the cleanup started in D6740465. Reviewed By: jeremydubreil, mbouaziz Differential Revision: D6945967 fbshipit-source-id: 23e9d08
7 years ago
if match pname with
| ObjC_Cpp cpp_pname ->
Typ.Procname.ObjC_Cpp.is_constexpr cpp_pname
| _ ->
false
then Summary.update_summary initial summary
[clang] static data members are external globals unless defined in the file Summary: The issue is with classes defining static data members: ``` $ cat foo.h struct A { static int foo; }; $ cat foo.cpp #include "foo.h" int A::foo = 12; int f() { return A::foo; // should see A::foo as defined in this translation unit $ cat bar.cpp #include "foo.h" void g() { return A::foo; // should see A::foo defined externally ``` Previously, both foo.cpp and bar.cpp would see `A::foo` as defined within their translation unit, because it comes from the header. This is wrong, and static data members should be treated as extern unless they're defined in the same file. This doesn't change much except for frontend tests. SIOF FP fix in the next diff. update-submodule: facebook-clang-plugins Reviewed By: da319 Differential Revision: D6221744 fbshipit-source-id: bef88fd
7 years ago
else
match Analyzer.compute_post proc_data ~initial with
| Some post ->
Summary.update_summary post summary
| None ->
summary
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
in
[clang] static data members are external globals unless defined in the file Summary: The issue is with classes defining static data members: ``` $ cat foo.h struct A { static int foo; }; $ cat foo.cpp #include "foo.h" int A::foo = 12; int f() { return A::foo; // should see A::foo as defined in this translation unit $ cat bar.cpp #include "foo.h" void g() { return A::foo; // should see A::foo defined externally ``` Previously, both foo.cpp and bar.cpp would see `A::foo` as defined within their translation unit, because it comes from the header. This is wrong, and static data members should be treated as extern unless they're defined in the same file. This doesn't change much except for frontend tests. SIOF FP fix in the next diff. update-submodule: facebook-clang-plugins Reviewed By: da319 Differential Revision: D6221744 fbshipit-source-id: bef88fd
7 years ago
( match Typ.Procname.get_global_name_of_initializer pname with
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| Some gname ->
siof_check proc_desc gname updated_summary
| None ->
() ) ;
[infer][checkers] Prevent the race conditions between the summaries passed as parameter to the checkers and the summaries from the specs table Summary: This is step further simplify the code to avoid cases where the summary of the procedure being analyzed can exist in two different versions: # one version is the summary passed as parameter to every checker # the other is a copy of the summary in the in-memory specs table This diff implements: # the analysis always run through the `Ondemand` module (was already the case before) # the summary of the procedure being analyzed is created at the beginning of the on-demand analysis call # all the checkers run in sequence, update their respective part of the payload and log errors to the error table # the summary is store at the end of the on-demand analysis call Reviewed By: sblackshear Differential Revision: D4787414 fbshipit-source-id: 2d115c9
8 years ago
updated_summary