pghs975uc
/
infer_clone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '794c8677fd'
${ noResults }
infer_clone/infer/src/concurrency/RacerDDomain.ml

477 lines
14 KiB
Raw Normal View History Unescape

[threadsafety] interprocedural Summary: Refactoring to make thread safety checker interpocedural. This should not change funcitonality, and will only set things up for making the interprocedural part more serious. Reviewed By: sblackshear Differential Revision: D4124316 fbshipit-source-id: 6721953
8 years ago
(*
* Copyright (c) 2016 - present Facebook, Inc.
* All rights reserved.
*
* This source code is licensed under the BSD style license found in the
* LICENSE file in the root directory of this source tree. An additional grant
* of patent rights can be found in the PATENTS file in the same directory.
*)
[thread-safety] Lay the groundwork for interprocedural trace-based reporting Summary: We'll eventually want fancy interprocedural traces. This diff adds the required boilerplate for this and adds the line number of each access to the error message. Real traces will come in a follow-up Reviewed By: peterogithub Differential Revision: D4251985 fbshipit-source-id: c9d9823
8 years ago
Open Core.Std by default, still use Caml Hashtbl, Map, Set Reviewed By: cristianoc Differential Revision: D4232458 fbshipit-source-id: 3d73c69
8 years ago
open! IStd
[thread-safety] Lay the groundwork for interprocedural trace-based reporting Summary: We'll eventually want fancy interprocedural traces. This diff adds the required boilerplate for this and adds the line number of each access to the error message. Real traces will come in a follow-up Reviewed By: peterogithub Differential Revision: D4251985 fbshipit-source-id: c9d9823
8 years ago
module F = Format
[thread-safety] unify reads and writes into accesses Summary: This cleans up the domain/transfer functions, and it also means that we can now track reads that occur under synchronization. Reviewed By: peterogithub Differential Revision: D4674243 fbshipit-source-id: 8e13656
8 years ago
module Access = struct
[thread-safety] warning when interface method is called from thread-safe context without annotation Reviewed By: ngorogiannis Differential Revision: D5445971 fbshipit-source-id: a3a7dd3
8 years ago
type t =
[access paths] make raw access paths the default, move abstraction into AccessPath.Abs module Summary: It's nice to have "raw" as the default kind of access path, since it's used much more often than the abstraction. This is also a prereq for supporting index expressions in access paths, since we'll need mutual recursion between accesses and access paths. Reviewed By: jeremydubreil Differential Revision: D5529807 fbshipit-source-id: cb3f521
8 years ago
| Read of AccessPath.t
| Write of AccessPath.t
| ContainerRead of AccessPath.t * Typ.Procname.t
| ContainerWrite of AccessPath.t * Typ.Procname.t
[thread-safety] warning when interface method is called from thread-safe context without annotation Reviewed By: ngorogiannis Differential Revision: D5445971 fbshipit-source-id: a3a7dd3
8 years ago
| InterfaceCall of Typ.Procname.t
[@@deriving compare]
[thread-safety] unify reads and writes into accesses Summary: This cleans up the domain/transfer functions, and it also means that we can now track reads that occur under synchronization. Reviewed By: peterogithub Differential Revision: D4674243 fbshipit-source-id: 8e13656
8 years ago
[traces] add matches function for extra flexibility in expanding traces Summary: Expanding traces currently works in the following way: Given a `TraceElem.Kind` `k` we want to report in `foo`, we look for a callee `C` of `foo` that has a `TraceElem.Kind` equal to `k` in its summary, grab the summary for `C`, then repeat until we bottom out. This isn't very flexible: it insists on equality between `TraceElem.Kind`'s as the criteria for expanding a trace. This diff introduces a new `matches` function for deciding when to expand a trace from a caller into a callee. Clients that don't want strict equality can implement a fuzzier kind of equality inside this function. I've gone ahead and done this for the trace elemes of thread-safety. In the near future, equivalent access paths won't always compare equal from caller to callee, so we want to match their suffixes instead. Reviewed By: jvillard Differential Revision: D5914118 fbshipit-source-id: 233c603
8 years ago
let suffix_matches (_, accesses1) (_, accesses2) =
match (List.rev accesses1, List.rev accesses2) with
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| access1 :: _, access2 :: _ ->
AccessPath.equal_access access1 access2
| _ ->
false
[traces] add matches function for extra flexibility in expanding traces Summary: Expanding traces currently works in the following way: Given a `TraceElem.Kind` `k` we want to report in `foo`, we look for a callee `C` of `foo` that has a `TraceElem.Kind` equal to `k` in its summary, grab the summary for `C`, then repeat until we bottom out. This isn't very flexible: it insists on equality between `TraceElem.Kind`'s as the criteria for expanding a trace. This diff introduces a new `matches` function for deciding when to expand a trace from a caller into a callee. Clients that don't want strict equality can implement a fuzzier kind of equality inside this function. I've gone ahead and done this for the trace elemes of thread-safety. In the near future, equivalent access paths won't always compare equal from caller to callee, so we want to match their suffixes instead. Reviewed By: jvillard Differential Revision: D5914118 fbshipit-source-id: 233c603
8 years ago
let matches ~caller ~callee =
match (caller, callee) with
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| Read ap1, Read ap2 | Write ap1, Write ap2 ->
suffix_matches ap1 ap2
[traces] add matches function for extra flexibility in expanding traces Summary: Expanding traces currently works in the following way: Given a `TraceElem.Kind` `k` we want to report in `foo`, we look for a callee `C` of `foo` that has a `TraceElem.Kind` equal to `k` in its summary, grab the summary for `C`, then repeat until we bottom out. This isn't very flexible: it insists on equality between `TraceElem.Kind`'s as the criteria for expanding a trace. This diff introduces a new `matches` function for deciding when to expand a trace from a caller into a callee. Clients that don't want strict equality can implement a fuzzier kind of equality inside this function. I've gone ahead and done this for the trace elemes of thread-safety. In the near future, equivalent access paths won't always compare equal from caller to callee, so we want to match their suffixes instead. Reviewed By: jvillard Differential Revision: D5914118 fbshipit-source-id: 233c603
8 years ago
| ContainerRead (ap1, pname1), ContainerRead (ap2, pname2)
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| ContainerWrite (ap1, pname1), ContainerWrite (ap2, pname2) ->
Typ.Procname.equal pname1 pname2 && suffix_matches ap1 ap2
| InterfaceCall pname1, InterfaceCall pname2 ->
Typ.Procname.equal pname1 pname2
| _ ->
false
[traces] add matches function for extra flexibility in expanding traces Summary: Expanding traces currently works in the following way: Given a `TraceElem.Kind` `k` we want to report in `foo`, we look for a callee `C` of `foo` that has a `TraceElem.Kind` equal to `k` in its summary, grab the summary for `C`, then repeat until we bottom out. This isn't very flexible: it insists on equality between `TraceElem.Kind`'s as the criteria for expanding a trace. This diff introduces a new `matches` function for deciding when to expand a trace from a caller into a callee. Clients that don't want strict equality can implement a fuzzier kind of equality inside this function. I've gone ahead and done this for the trace elemes of thread-safety. In the near future, equivalent access paths won't always compare equal from caller to callee, so we want to match their suffixes instead. Reviewed By: jvillard Differential Revision: D5914118 fbshipit-source-id: 233c603
8 years ago
[thread-safety] warning when interface method is called from thread-safe context without annotation Reviewed By: ngorogiannis Differential Revision: D5445971 fbshipit-source-id: a3a7dd3
8 years ago
let make_field_access access_path ~is_write =
if is_write then Write access_path else Read access_path
[thread-safety] unify reads and writes into accesses Summary: This cleans up the domain/transfer functions, and it also means that we can now track reads that occur under synchronization. Reviewed By: peterogithub Differential Revision: D4674243 fbshipit-source-id: 8e13656
8 years ago
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
[thread-safety] warning when interface method is called from thread-safe context without annotation Reviewed By: ngorogiannis Differential Revision: D5445971 fbshipit-source-id: a3a7dd3
8 years ago
let get_access_path = function
[thread-safety] refactoring to make it easier to add container reads Summary: Adding new ContainerRead access kind + utilities for creating it. Reviewed By: da319 Differential Revision: D5493322 fbshipit-source-id: 4ce6704
8 years ago
| Read access_path
| Write access_path
| ContainerWrite (access_path, _)
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| ContainerRead (access_path, _) ->
Some access_path
| InterfaceCall _ ->
None
[thread-safety] refactor ThreadSafetyDomain.Access to make it easier to add new access kinds Summary: Making it simple to add a new access type for "un-annotated interface call" in an upcoming diff. Reviewed By: da319 Differential Revision: D5445914 fbshipit-source-id: f29e342
8 years ago
[thread-safety] Rebase accesses in callees onto variables of the caller, where possible. Reviewed By: sblackshear Differential Revision: D5911083 fbshipit-source-id: 2dae717
8 years ago
let map ~f = function
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| Read access_path ->
Read (f access_path)
| Write access_path ->
Write (f access_path)
| ContainerWrite (access_path, pname) ->
ContainerWrite (f access_path, pname)
| ContainerRead (access_path, pname) ->
ContainerRead (f access_path, pname)
| InterfaceCall _ as intfcall ->
intfcall
[thread-safety] Rebase accesses in callees onto variables of the caller, where possible. Reviewed By: sblackshear Differential Revision: D5911083 fbshipit-source-id: 2dae717
8 years ago
[thread-safety] make a distinguished access kind for container writes Summary: The way we represented container writes before was pretty hacky: just use a dummy field for the name of the method that performs the container write. This diff introduces a new access kind for container writes that is much more structured. This will make it easier to soundly handle aliasing between containers and support container reads in the near future. Reviewed By: da319 Differential Revision: D5465747 fbshipit-source-id: e021ec2
8 years ago
let equal t1 t2 = Int.equal (compare t1 t2) 0
[thread-safety] refactor ThreadSafetyDomain.Access to make it easier to add new access kinds Summary: Making it simple to add a new access type for "un-annotated interface call" in an upcoming diff. Reviewed By: da319 Differential Revision: D5445914 fbshipit-source-id: f29e342
8 years ago
let pp fmt = function
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| Read access_path ->
F.fprintf fmt "Read of %a" AccessPath.pp access_path
| Write access_path ->
F.fprintf fmt "Write to %a" AccessPath.pp access_path
| ContainerRead (access_path, pname) ->
F.fprintf fmt "Read of container %a via %a" AccessPath.pp access_path Typ.Procname.pp pname
| ContainerWrite (access_path, pname) ->
F.fprintf fmt "Write to container %a via %a" AccessPath.pp access_path Typ.Procname.pp
[thread-safety] make a distinguished access kind for container writes Summary: The way we represented container writes before was pretty hacky: just use a dummy field for the name of the method that performs the container write. This diff introduces a new access kind for container writes that is much more structured. This will make it easier to soundly handle aliasing between containers and support container reads in the near future. Reviewed By: da319 Differential Revision: D5465747 fbshipit-source-id: e021ec2
8 years ago
pname
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| InterfaceCall pname ->
F.fprintf fmt "Call to un-annotated interface method %a" Typ.Procname.pp pname
[thread-safety] unify reads and writes into accesses Summary: This cleans up the domain/transfer functions, and it also means that we can now track reads that occur under synchronization. Reviewed By: peterogithub Differential Revision: D4674243 fbshipit-source-id: 8e13656
8 years ago
end
[thread-safety] Lay the groundwork for interprocedural trace-based reporting Summary: We'll eventually want fancy interprocedural traces. This diff adds the required boilerplate for this and adds the line number of each access to the error message. Real traces will come in a follow-up Reviewed By: peterogithub Differential Revision: D4251985 fbshipit-source-id: c9d9823
8 years ago
module TraceElem = struct
[thread-safety] unify reads and writes into accesses Summary: This cleans up the domain/transfer functions, and it also means that we can now track reads that occur under synchronization. Reviewed By: peterogithub Differential Revision: D4674243 fbshipit-source-id: 8e13656
8 years ago
module Kind = Access
[thread-safety] Lay the groundwork for interprocedural trace-based reporting Summary: We'll eventually want fancy interprocedural traces. This diff adds the required boilerplate for this and adds the line number of each access to the error message. Real traces will come in a follow-up Reviewed By: peterogithub Differential Revision: D4251985 fbshipit-source-id: c9d9823
8 years ago
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
type t = {site: CallSite.t; kind: Kind.t} [@@deriving compare]
[thread-safety] Lay the groundwork for interprocedural trace-based reporting Summary: We'll eventually want fancy interprocedural traces. This diff adds the required boilerplate for this and adds the line number of each access to the error message. Real traces will come in a follow-up Reviewed By: peterogithub Differential Revision: D4251985 fbshipit-source-id: c9d9823
8 years ago
[thread-safety] make a distinguished access kind for container writes Summary: The way we represented container writes before was pretty hacky: just use a dummy field for the name of the method that performs the container write. This diff introduces a new access kind for container writes that is much more structured. This will make it easier to soundly handle aliasing between containers and support container reads in the near future. Reviewed By: da319 Differential Revision: D5465747 fbshipit-source-id: e021ec2
8 years ago
let is_write {kind} =
[thread-safety] refactoring to make it easier to add container reads Summary: Adding new ContainerRead access kind + utilities for creating it. Reviewed By: da319 Differential Revision: D5493322 fbshipit-source-id: 4ce6704
8 years ago
match kind with
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| InterfaceCall _ | Read _ | ContainerRead _ ->
false
| ContainerWrite _ | Write _ ->
true
[thread-safety] warning when interface method is called from thread-safe context without annotation Reviewed By: ngorogiannis Differential Revision: D5445971 fbshipit-source-id: a3a7dd3
8 years ago
[thread-safety] make a distinguished access kind for container writes Summary: The way we represented container writes before was pretty hacky: just use a dummy field for the name of the method that performs the container write. This diff introduces a new access kind for container writes that is much more structured. This will make it easier to soundly handle aliasing between containers and support container reads in the near future. Reviewed By: da319 Differential Revision: D5465747 fbshipit-source-id: e021ec2
8 years ago
let is_container_write {kind} =
[thread-safety] refactoring to make it easier to add container reads Summary: Adding new ContainerRead access kind + utilities for creating it. Reviewed By: da319 Differential Revision: D5493322 fbshipit-source-id: 4ce6704
8 years ago
match kind with
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| InterfaceCall _ | Read _ | Write _ | ContainerRead _ ->
false
| ContainerWrite _ ->
true
[thread-safety] unify reads and writes into accesses Summary: This cleans up the domain/transfer functions, and it also means that we can now track reads that occur under synchronization. Reviewed By: peterogithub Differential Revision: D4674243 fbshipit-source-id: 8e13656
8 years ago
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
let call_site {site} = site
[thread-safety] Lay the groundwork for interprocedural trace-based reporting Summary: We'll eventually want fancy interprocedural traces. This diff adds the required boilerplate for this and adds the line number of each access to the error message. Real traces will come in a follow-up Reviewed By: peterogithub Differential Revision: D4251985 fbshipit-source-id: c9d9823
8 years ago
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
let kind {kind} = kind
[thread-safety] Lay the groundwork for interprocedural trace-based reporting Summary: We'll eventually want fancy interprocedural traces. This diff adds the required boilerplate for this and adds the line number of each access to the error message. Real traces will come in a follow-up Reviewed By: peterogithub Differential Revision: D4251985 fbshipit-source-id: c9d9823
8 years ago
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
let make ?indexes:_ kind site = {kind; site}
[thread-safety] Lay the groundwork for interprocedural trace-based reporting Summary: We'll eventually want fancy interprocedural traces. This diff adds the required boilerplate for this and adds the line number of each access to the error message. Real traces will come in a follow-up Reviewed By: peterogithub Differential Revision: D4251985 fbshipit-source-id: c9d9823
8 years ago
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
let with_callsite t site = {t with site}
[thread-safety] Lay the groundwork for interprocedural trace-based reporting Summary: We'll eventually want fancy interprocedural traces. This diff adds the required boilerplate for this and adds the line number of each access to the error message. Real traces will come in a follow-up Reviewed By: peterogithub Differential Revision: D4251985 fbshipit-source-id: c9d9823
8 years ago
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
let pp fmt {site; kind} = F.fprintf fmt "%a at %a" Access.pp kind CallSite.pp site
[thread-safety] Lay the groundwork for interprocedural trace-based reporting Summary: We'll eventually want fancy interprocedural traces. This diff adds the required boilerplate for this and adds the line number of each access to the error message. Real traces will come in a follow-up Reviewed By: peterogithub Differential Revision: D4251985 fbshipit-source-id: c9d9823
8 years ago
[thread-safety] Rebase accesses in callees onto variables of the caller, where possible. Reviewed By: sblackshear Differential Revision: D5911083 fbshipit-source-id: 2dae717
8 years ago
let map ~f {site; kind} = {site; kind= Access.map ~f kind}
[thread-safety] Lay the groundwork for interprocedural trace-based reporting Summary: We'll eventually want fancy interprocedural traces. This diff adds the required boilerplate for this and adds the line number of each access to the error message. Real traces will come in a follow-up Reviewed By: peterogithub Differential Revision: D4251985 fbshipit-source-id: c9d9823
8 years ago
module Set = PrettyPrintable.MakePPSet (struct
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
type nonrec t = t
let compare = compare
let pp = pp
end)
[thread-safety] Lay the groundwork for interprocedural trace-based reporting Summary: We'll eventually want fancy interprocedural traces. This diff adds the required boilerplate for this and adds the line number of each access to the error message. Real traces will come in a follow-up Reviewed By: peterogithub Differential Revision: D4251985 fbshipit-source-id: c9d9823
8 years ago
[thread-safety] skip reporting on truncated traces Summary: Due to limitations in our Buck integration, the thread-safety analysis cannot create a trace that bottoms out in a Buck target that is not a direct dependency of the current target. These truncated traces are confusing and tough to act on. Until we can address these limitations, let's avoid reporting on truncated traces. Reviewed By: jeremydubreil Differential Revision: D5969840 fbshipit-source-id: 877b9de
7 years ago
let dummy_pname = Typ.Procname.empty_block
let make_dummy_site = CallSite.make dummy_pname
(* all trace elems are created with a dummy call site. any trace elem without a dummy call site
represents a call that leads to an access rather than a direct access *)
let is_direct {site} = Typ.Procname.equal (CallSite.pname site) dummy_pname
[thread-safety] make a distinguished access kind for container writes Summary: The way we represented container writes before was pretty hacky: just use a dummy field for the name of the method that performs the container write. This diff introduces a new access kind for container writes that is much more structured. This will make it easier to soundly handle aliasing between containers and support container reads in the near future. Reviewed By: da319 Differential Revision: D5465747 fbshipit-source-id: e021ec2
8 years ago
[thread-safety] skip reporting on truncated traces Summary: Due to limitations in our Buck integration, the thread-safety analysis cannot create a trace that bottoms out in a Buck target that is not a direct dependency of the current target. These truncated traces are confusing and tough to act on. Until we can address these limitations, let's avoid reporting on truncated traces. Reviewed By: jeremydubreil Differential Revision: D5969840 fbshipit-source-id: 877b9de
7 years ago
let make_container_access access_path pname ~is_write loc =
let site = make_dummy_site loc in
let access =
if is_write then Access.ContainerWrite (access_path, pname)
else Access.ContainerRead (access_path, pname)
in
make access site
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
[thread-safety] warning when interface method is called from thread-safe context without annotation Reviewed By: ngorogiannis Differential Revision: D5445971 fbshipit-source-id: a3a7dd3
8 years ago
[thread-safety] skip reporting on truncated traces Summary: Due to limitations in our Buck integration, the thread-safety analysis cannot create a trace that bottoms out in a Buck target that is not a direct dependency of the current target. These truncated traces are confusing and tough to act on. Until we can address these limitations, let's avoid reporting on truncated traces. Reviewed By: jeremydubreil Differential Revision: D5969840 fbshipit-source-id: 877b9de
7 years ago
let make_field_access access_path ~is_write loc =
let site = make_dummy_site loc in
make (Access.make_field_access access_path ~is_write) site
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
[threadsafety] interprocedural Summary: Refactoring to make thread safety checker interpocedural. This should not change funcitonality, and will only set things up for making the interprocedural part more serious. Reviewed By: sblackshear Differential Revision: D4124316 fbshipit-source-id: 6721953
8 years ago
[thread-safety] skip reporting on truncated traces Summary: Due to limitations in our Buck integration, the thread-safety analysis cannot create a trace that bottoms out in a Buck target that is not a direct dependency of the current target. These truncated traces are confusing and tough to act on. Until we can address these limitations, let's avoid reporting on truncated traces. Reviewed By: jeremydubreil Differential Revision: D5969840 fbshipit-source-id: 877b9de
7 years ago
let make_unannotated_call_access pname loc =
let site = make_dummy_site loc in
make (Access.InterfaceCall pname) site
end
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
[infer][threadsafety] Use disjunction in the join for threaded Summary: There are false positives in the current analysis due to the use of conjunction in the treatment of threaded. Changing conjunction to disjunction removes these false positives. Some new false negatives arise, but all the old tests pass. This is a stopgap towards a better solution being planned. Reviewed By: sblackshear Differential Revision: D4883280 fbshipit-source-id: c2a7e6e
8 years ago
(* In this domain true<=false. The intended denotations [[.]] are
[[true]] = the set of all states where we know according, to annotations
or assertions or lock instructions, that some lock is held.
[[false]] = the empty set
The use of && for join in this domain enforces that, to know a lock is held, one must hold in
all branches.
*)
[thread-safety] use boolean domain to track locks Summary: Before, we were using a set domain of strings to model a boolean domain. An explicit boolean domain makes it a bit clear what's going on. There are two things to note here: (1) This actually changed the semantics from the old set domain. The set domain wouldn't warn if the lock is held on only one side of a branch, which isn't what we want. (2) We can't actually test this because the modeling for `Lock.lock()` etc doesn't work :(. The reason is that the models (which do things like adding attributes for `Lock.lock`) are analyzed for Infer, but not for the checkers. We'll have to add separate models for thread safety. Reviewed By: peterogithub Differential Revision: D4242487 fbshipit-source-id: 9fc599d
8 years ago
module LocksDomain = AbstractDomain.BooleanAnd
[thread-safety] new threads domain Summary: Previously, we just tracked a boolean representing whether we were possibly on the main thread (true) or definitely not on the main thread (false). In order to start supporting `Thread.start`, `Runnable.run`, etc., we'll need something more expressive. This diff introduces a lattice: ``` Any / \ Main Background \ / Unknown ``` as the new threads domain. The initial value is `Unknown`, and we introduce `Main` in situations where we would have introduced `true` before. This (mostly) preserves behavior: the main difference is that before code like ``` if (*) { assertMainThread() } else { x.f = ... } ``` would have recorded that the access to `x.f` was on the main thread, whereas now we'll say that it's on an unknown thread. Reviewed By: peterogithub Differential Revision: D5860256 fbshipit-source-id: efee330
8 years ago
module ThreadsDomain = struct
[thread-safety] Change meaning of @ThreadSafe to "can run in parallel with any thread including itself" Summary: Previously, annotating something ThreadSafe meant "check that it is safe to run all of this procedure's methods in parallel with each other" (including self-parallelization). This makes sense, but it means that if the user writes no annotations, we do no checking. I'm moving toward a model of inferring when an access might happen on a thread that can run concurrently with other threads, then automatically checking that it is thread-safe w.r.t to all other accesses to the same memory (on or off the current thread thread). This will let us report even when there are no `ThreadSafe` annotations. Any method that is known to run on a new thread (e.g., `Runnable.run`) will be modeled as running on a thread that can run in parallel with other threads, and so will any method that is `synchronized` or acquires a lock. In this setup, adding `ThreadSafe` to a method just means: "assume that the current method can run in parallel with any thread, including another thread that includes a different invocation of the same method (a self race) unless you see evidence to the contrary" (e.g., calling `assertMainThread` or annotating with `UiThread`). The key step in this diff is changing the threads domain to abstract *what threads the current thread may run in parallel with* rather than *what the current thread* is. This makes things much simpler. Reviewed By: jberdine Differential Revision: D5895242 fbshipit-source-id: 2e23d1e
8 years ago
type astate = NoThread | AnyThreadButSelf | AnyThread [@@deriving compare]
[thread-safety] new threads domain Summary: Previously, we just tracked a boolean representing whether we were possibly on the main thread (true) or definitely not on the main thread (false). In order to start supporting `Thread.start`, `Runnable.run`, etc., we'll need something more expressive. This diff introduces a lattice: ``` Any / \ Main Background \ / Unknown ``` as the new threads domain. The initial value is `Unknown`, and we introduce `Main` in situations where we would have introduced `true` before. This (mostly) preserves behavior: the main difference is that before code like ``` if (*) { assertMainThread() } else { x.f = ... } ``` would have recorded that the access to `x.f` was on the main thread, whereas now we'll say that it's on an unknown thread. Reviewed By: peterogithub Differential Revision: D5860256 fbshipit-source-id: efee330
8 years ago
[thread-safety] Change meaning of @ThreadSafe to "can run in parallel with any thread including itself" Summary: Previously, annotating something ThreadSafe meant "check that it is safe to run all of this procedure's methods in parallel with each other" (including self-parallelization). This makes sense, but it means that if the user writes no annotations, we do no checking. I'm moving toward a model of inferring when an access might happen on a thread that can run concurrently with other threads, then automatically checking that it is thread-safe w.r.t to all other accesses to the same memory (on or off the current thread thread). This will let us report even when there are no `ThreadSafe` annotations. Any method that is known to run on a new thread (e.g., `Runnable.run`) will be modeled as running on a thread that can run in parallel with other threads, and so will any method that is `synchronized` or acquires a lock. In this setup, adding `ThreadSafe` to a method just means: "assume that the current method can run in parallel with any thread, including another thread that includes a different invocation of the same method (a self race) unless you see evidence to the contrary" (e.g., calling `assertMainThread` or annotating with `UiThread`). The key step in this diff is changing the threads domain to abstract *what threads the current thread may run in parallel with* rather than *what the current thread* is. This makes things much simpler. Reviewed By: jberdine Differential Revision: D5895242 fbshipit-source-id: 2e23d1e
8 years ago
let empty = NoThread
[thread-safety] new threads domain Summary: Previously, we just tracked a boolean representing whether we were possibly on the main thread (true) or definitely not on the main thread (false). In order to start supporting `Thread.start`, `Runnable.run`, etc., we'll need something more expressive. This diff introduces a lattice: ``` Any / \ Main Background \ / Unknown ``` as the new threads domain. The initial value is `Unknown`, and we introduce `Main` in situations where we would have introduced `true` before. This (mostly) preserves behavior: the main difference is that before code like ``` if (*) { assertMainThread() } else { x.f = ... } ``` would have recorded that the access to `x.f` was on the main thread, whereas now we'll say that it's on an unknown thread. Reviewed By: peterogithub Differential Revision: D5860256 fbshipit-source-id: efee330
8 years ago
[thread-safety] Change meaning of @ThreadSafe to "can run in parallel with any thread including itself" Summary: Previously, annotating something ThreadSafe meant "check that it is safe to run all of this procedure's methods in parallel with each other" (including self-parallelization). This makes sense, but it means that if the user writes no annotations, we do no checking. I'm moving toward a model of inferring when an access might happen on a thread that can run concurrently with other threads, then automatically checking that it is thread-safe w.r.t to all other accesses to the same memory (on or off the current thread thread). This will let us report even when there are no `ThreadSafe` annotations. Any method that is known to run on a new thread (e.g., `Runnable.run`) will be modeled as running on a thread that can run in parallel with other threads, and so will any method that is `synchronized` or acquires a lock. In this setup, adding `ThreadSafe` to a method just means: "assume that the current method can run in parallel with any thread, including another thread that includes a different invocation of the same method (a self race) unless you see evidence to the contrary" (e.g., calling `assertMainThread` or annotating with `UiThread`). The key step in this diff is changing the threads domain to abstract *what threads the current thread may run in parallel with* rather than *what the current thread* is. This makes things much simpler. Reviewed By: jberdine Differential Revision: D5895242 fbshipit-source-id: 2e23d1e
8 years ago
(* NoThread < AnyThreadButSelf < Any *)
[thread-safety] new threads domain Summary: Previously, we just tracked a boolean representing whether we were possibly on the main thread (true) or definitely not on the main thread (false). In order to start supporting `Thread.start`, `Runnable.run`, etc., we'll need something more expressive. This diff introduces a lattice: ``` Any / \ Main Background \ / Unknown ``` as the new threads domain. The initial value is `Unknown`, and we introduce `Main` in situations where we would have introduced `true` before. This (mostly) preserves behavior: the main difference is that before code like ``` if (*) { assertMainThread() } else { x.f = ... } ``` would have recorded that the access to `x.f` was on the main thread, whereas now we'll say that it's on an unknown thread. Reviewed By: peterogithub Differential Revision: D5860256 fbshipit-source-id: efee330
8 years ago
let ( <= ) ~lhs ~rhs =
match (lhs, rhs) with
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| NoThread, _ ->
true
| _, NoThread ->
false
| _, AnyThread ->
true
| AnyThread, _ ->
false
| _ ->
Int.equal 0 (compare_astate lhs rhs)
[thread-safety] new threads domain Summary: Previously, we just tracked a boolean representing whether we were possibly on the main thread (true) or definitely not on the main thread (false). In order to start supporting `Thread.start`, `Runnable.run`, etc., we'll need something more expressive. This diff introduces a lattice: ``` Any / \ Main Background \ / Unknown ``` as the new threads domain. The initial value is `Unknown`, and we introduce `Main` in situations where we would have introduced `true` before. This (mostly) preserves behavior: the main difference is that before code like ``` if (*) { assertMainThread() } else { x.f = ... } ``` would have recorded that the access to `x.f` was on the main thread, whereas now we'll say that it's on an unknown thread. Reviewed By: peterogithub Differential Revision: D5860256 fbshipit-source-id: efee330
8 years ago
let join astate1 astate2 =
match (astate1, astate2) with
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| NoThread, astate | astate, NoThread ->
astate
| AnyThread, _ | _, AnyThread ->
AnyThread
| AnyThreadButSelf, AnyThreadButSelf ->
AnyThreadButSelf
[thread-safety] new threads domain Summary: Previously, we just tracked a boolean representing whether we were possibly on the main thread (true) or definitely not on the main thread (false). In order to start supporting `Thread.start`, `Runnable.run`, etc., we'll need something more expressive. This diff introduces a lattice: ``` Any / \ Main Background \ / Unknown ``` as the new threads domain. The initial value is `Unknown`, and we introduce `Main` in situations where we would have introduced `true` before. This (mostly) preserves behavior: the main difference is that before code like ``` if (*) { assertMainThread() } else { x.f = ... } ``` would have recorded that the access to `x.f` was on the main thread, whereas now we'll say that it's on an unknown thread. Reviewed By: peterogithub Differential Revision: D5860256 fbshipit-source-id: efee330
8 years ago
let widen ~prev ~next ~num_iters:_ = join prev next
let pp fmt astate =
F.fprintf fmt
( match astate with
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| NoThread ->
"NoThread"
| AnyThreadButSelf ->
"AnyThreadButSelf"
| AnyThread ->
"AnyThread" )
[thread-safety] new threads domain Summary: Previously, we just tracked a boolean representing whether we were possibly on the main thread (true) or definitely not on the main thread (false). In order to start supporting `Thread.start`, `Runnable.run`, etc., we'll need something more expressive. This diff introduces a lattice: ``` Any / \ Main Background \ / Unknown ``` as the new threads domain. The initial value is `Unknown`, and we introduce `Main` in situations where we would have introduced `true` before. This (mostly) preserves behavior: the main difference is that before code like ``` if (*) { assertMainThread() } else { x.f = ... } ``` would have recorded that the access to `x.f` was on the main thread, whereas now we'll say that it's on an unknown thread. Reviewed By: peterogithub Differential Revision: D5860256 fbshipit-source-id: efee330
8 years ago
[thread-safety] Change meaning of @ThreadSafe to "can run in parallel with any thread including itself" Summary: Previously, annotating something ThreadSafe meant "check that it is safe to run all of this procedure's methods in parallel with each other" (including self-parallelization). This makes sense, but it means that if the user writes no annotations, we do no checking. I'm moving toward a model of inferring when an access might happen on a thread that can run concurrently with other threads, then automatically checking that it is thread-safe w.r.t to all other accesses to the same memory (on or off the current thread thread). This will let us report even when there are no `ThreadSafe` annotations. Any method that is known to run on a new thread (e.g., `Runnable.run`) will be modeled as running on a thread that can run in parallel with other threads, and so will any method that is `synchronized` or acquires a lock. In this setup, adding `ThreadSafe` to a method just means: "assume that the current method can run in parallel with any thread, including another thread that includes a different invocation of the same method (a self race) unless you see evidence to the contrary" (e.g., calling `assertMainThread` or annotating with `UiThread`). The key step in this diff is changing the threads domain to abstract *what threads the current thread may run in parallel with* rather than *what the current thread* is. This makes things much simpler. Reviewed By: jberdine Differential Revision: D5895242 fbshipit-source-id: 2e23d1e
8 years ago
let is_empty = function NoThread -> true | _ -> false
[thread-safety] new threads domain Summary: Previously, we just tracked a boolean representing whether we were possibly on the main thread (true) or definitely not on the main thread (false). In order to start supporting `Thread.start`, `Runnable.run`, etc., we'll need something more expressive. This diff introduces a lattice: ``` Any / \ Main Background \ / Unknown ``` as the new threads domain. The initial value is `Unknown`, and we introduce `Main` in situations where we would have introduced `true` before. This (mostly) preserves behavior: the main difference is that before code like ``` if (*) { assertMainThread() } else { x.f = ... } ``` would have recorded that the access to `x.f` was on the main thread, whereas now we'll say that it's on an unknown thread. Reviewed By: peterogithub Differential Revision: D5860256 fbshipit-source-id: efee330
8 years ago
[thread-safety] Change meaning of @ThreadSafe to "can run in parallel with any thread including itself" Summary: Previously, annotating something ThreadSafe meant "check that it is safe to run all of this procedure's methods in parallel with each other" (including self-parallelization). This makes sense, but it means that if the user writes no annotations, we do no checking. I'm moving toward a model of inferring when an access might happen on a thread that can run concurrently with other threads, then automatically checking that it is thread-safe w.r.t to all other accesses to the same memory (on or off the current thread thread). This will let us report even when there are no `ThreadSafe` annotations. Any method that is known to run on a new thread (e.g., `Runnable.run`) will be modeled as running on a thread that can run in parallel with other threads, and so will any method that is `synchronized` or acquires a lock. In this setup, adding `ThreadSafe` to a method just means: "assume that the current method can run in parallel with any thread, including another thread that includes a different invocation of the same method (a self race) unless you see evidence to the contrary" (e.g., calling `assertMainThread` or annotating with `UiThread`). The key step in this diff is changing the threads domain to abstract *what threads the current thread may run in parallel with* rather than *what the current thread* is. This makes things much simpler. Reviewed By: jberdine Differential Revision: D5895242 fbshipit-source-id: 2e23d1e
8 years ago
let is_any_but_self = function AnyThreadButSelf -> true | _ -> false
[thread-safety] new threads domain Summary: Previously, we just tracked a boolean representing whether we were possibly on the main thread (true) or definitely not on the main thread (false). In order to start supporting `Thread.start`, `Runnable.run`, etc., we'll need something more expressive. This diff introduces a lattice: ``` Any / \ Main Background \ / Unknown ``` as the new threads domain. The initial value is `Unknown`, and we introduce `Main` in situations where we would have introduced `true` before. This (mostly) preserves behavior: the main difference is that before code like ``` if (*) { assertMainThread() } else { x.f = ... } ``` would have recorded that the access to `x.f` was on the main thread, whereas now we'll say that it's on an unknown thread. Reviewed By: peterogithub Differential Revision: D5860256 fbshipit-source-id: efee330
8 years ago
[thread-safety] Change meaning of @ThreadSafe to "can run in parallel with any thread including itself" Summary: Previously, annotating something ThreadSafe meant "check that it is safe to run all of this procedure's methods in parallel with each other" (including self-parallelization). This makes sense, but it means that if the user writes no annotations, we do no checking. I'm moving toward a model of inferring when an access might happen on a thread that can run concurrently with other threads, then automatically checking that it is thread-safe w.r.t to all other accesses to the same memory (on or off the current thread thread). This will let us report even when there are no `ThreadSafe` annotations. Any method that is known to run on a new thread (e.g., `Runnable.run`) will be modeled as running on a thread that can run in parallel with other threads, and so will any method that is `synchronized` or acquires a lock. In this setup, adding `ThreadSafe` to a method just means: "assume that the current method can run in parallel with any thread, including another thread that includes a different invocation of the same method (a self race) unless you see evidence to the contrary" (e.g., calling `assertMainThread` or annotating with `UiThread`). The key step in this diff is changing the threads domain to abstract *what threads the current thread may run in parallel with* rather than *what the current thread* is. This makes things much simpler. Reviewed By: jberdine Differential Revision: D5895242 fbshipit-source-id: 2e23d1e
8 years ago
let is_any = function AnyThread -> true | _ -> false
[thread-safety] new threads domain Summary: Previously, we just tracked a boolean representing whether we were possibly on the main thread (true) or definitely not on the main thread (false). In order to start supporting `Thread.start`, `Runnable.run`, etc., we'll need something more expressive. This diff introduces a lattice: ``` Any / \ Main Background \ / Unknown ``` as the new threads domain. The initial value is `Unknown`, and we introduce `Main` in situations where we would have introduced `true` before. This (mostly) preserves behavior: the main difference is that before code like ``` if (*) { assertMainThread() } else { x.f = ... } ``` would have recorded that the access to `x.f` was on the main thread, whereas now we'll say that it's on an unknown thread. Reviewed By: peterogithub Differential Revision: D5860256 fbshipit-source-id: efee330
8 years ago
end
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
module PathDomain = SinkTrace.Make (TraceElem)
[threadsafety] interprocedural Summary: Refactoring to make thread safety checker interpocedural. This should not change funcitonality, and will only set things up for making the interprocedural part more serious. Reviewed By: sblackshear Differential Revision: D4124316 fbshipit-source-id: 6721953
8 years ago
[thread-safety] add choice variables to support partial path-sensitivity Reviewed By: peterogithub Differential Revision: D4712228 fbshipit-source-id: 50a9188
8 years ago
module Choice = struct
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
type t = OnMainThread | LockHeld [@@deriving compare]
[thread-safety] add choice variables to support partial path-sensitivity Reviewed By: peterogithub Differential Revision: D4712228 fbshipit-source-id: 50a9188
8 years ago
let pp fmt = function
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| OnMainThread ->
F.fprintf fmt "OnMainThread"
| LockHeld ->
F.fprintf fmt "LockHeld"
[thread-safety] add choice variables to support partial path-sensitivity Reviewed By: peterogithub Differential Revision: D4712228 fbshipit-source-id: 50a9188
8 years ago
end
[thread-safety] use map of access paths to attributes rather than multiple sets of access paths Summary: This will make it a cinch to track new "attributes" of memory locations, and to propagate more complex attributes such as conditional ownership (coming in a future diff). Reviewed By: peterogithub Differential Revision: D4523143 fbshipit-source-id: 57aa133
8 years ago
module Attribute = struct
[thread-safety] more precise ownership domain Summary: We previously lumped ownership predicates in with all other predicates. That limited us to a flat ownership domain. This diff separates out the ownership predicates so we can have a richer lattice of predicates with each access path. This lets us be more precise; for example, we can now show that ``` needToOwnBothParams(Obj o1, Obj o2) { Obj alias; if (*) { alias = o1; } else { alias = o2; } alias.f = ... // both o1 and o2 need to be owned for this to be safe } void ownBothParamsOk() { needToOwnBothParams(new Obj(), new Obj()); // ok, would have complained before } ``` is safe. Reviewed By: jberdine Differential Revision: D5589898 fbshipit-source-id: 9606a46
8 years ago
type t = Functional | Choice of Choice.t [@@deriving compare]
[thread-safety] use map of access paths to attributes rather than multiple sets of access paths Summary: This will make it a cinch to track new "attributes" of memory locations, and to propagate more complex attributes such as conditional ownership (coming in a future diff). Reviewed By: peterogithub Differential Revision: D4523143 fbshipit-source-id: 57aa133
8 years ago
let pp fmt = function
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| Functional ->
F.fprintf fmt "Functional"
| Choice choice ->
Choice.pp fmt choice
[thread-safety] use map of access paths to attributes rather than multiple sets of access paths Summary: This will make it a cinch to track new "attributes" of memory locations, and to propagate more complex attributes such as conditional ownership (coming in a future diff). Reviewed By: peterogithub Differential Revision: D4523143 fbshipit-source-id: 57aa133
8 years ago
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
module Set = PrettyPrintable.MakePPSet (struct
type nonrec t = t
let compare = compare
let pp = pp
end)
[thread-safety] use map of access paths to attributes rather than multiple sets of access paths Summary: This will make it a cinch to track new "attributes" of memory locations, and to propagate more complex attributes such as conditional ownership (coming in a future diff). Reviewed By: peterogithub Differential Revision: D4523143 fbshipit-source-id: 57aa133
8 years ago
end
[absint] make InvertedSet/InvertedMap functors consistent non-inverted versions Reviewed By: mbouaziz Differential Revision: D5879318 fbshipit-source-id: 278e5ad
8 years ago
module AttributeSetDomain = AbstractDomain.InvertedSet (Attribute)
[thread-safety] use map of access paths to attributes rather than multiple sets of access paths Summary: This will make it a cinch to track new "attributes" of memory locations, and to propagate more complex attributes such as conditional ownership (coming in a future diff). Reviewed By: peterogithub Differential Revision: D4523143 fbshipit-source-id: 57aa133
8 years ago
[thread-safety] add ownership domain: map of access paths to a lattice of ownership predicates Summary: Stepping stone to a more precise ownership domain. Reviewed By: jberdine Differential Revision: D5589834 fbshipit-source-id: 4f6c24a
8 years ago
module OwnershipAbstractValue = struct
type astate = Owned | OwnedIf of IntSet.t | Unowned [@@deriving compare]
let owned = Owned
let unowned = Unowned
let make_owned_if formal_index = OwnedIf (IntSet.singleton formal_index)
let ( <= ) ~lhs ~rhs =
if phys_equal lhs rhs then true
else
match (lhs, rhs) with
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| _, Unowned ->
true (* Unowned is top *)
| Unowned, _ ->
false
| Owned, _ ->
true (* Owned is bottom *)
| OwnedIf s1, OwnedIf s2 ->
IntSet.subset s1 s2
| OwnedIf _, Owned ->
false
[thread-safety] add ownership domain: map of access paths to a lattice of ownership predicates Summary: Stepping stone to a more precise ownership domain. Reviewed By: jberdine Differential Revision: D5589834 fbshipit-source-id: 4f6c24a
8 years ago
let join astate1 astate2 =
if phys_equal astate1 astate2 then astate1
else
match (astate1, astate2) with
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| _, Unowned | Unowned, _ ->
Unowned
| astate, Owned | Owned, astate ->
astate
| OwnedIf s1, OwnedIf s2 ->
OwnedIf (IntSet.union s1 s2)
[thread-safety] add ownership domain: map of access paths to a lattice of ownership predicates Summary: Stepping stone to a more precise ownership domain. Reviewed By: jberdine Differential Revision: D5589834 fbshipit-source-id: 4f6c24a
8 years ago
let widen ~prev ~next ~num_iters:_ = join prev next
let pp fmt = function
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| Unowned ->
F.fprintf fmt "Unowned"
| OwnedIf s ->
F.fprintf fmt "OwnedIf%a"
(PrettyPrintable.pp_collection ~pp_item:Int.pp)
[thread-safety] add ownership domain: map of access paths to a lattice of ownership predicates Summary: Stepping stone to a more precise ownership domain. Reviewed By: jberdine Differential Revision: D5589834 fbshipit-source-id: 4f6c24a
8 years ago
(IntSet.elements s)
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| Owned ->
F.fprintf fmt "Owned"
[thread-safety] add ownership domain: map of access paths to a lattice of ownership predicates Summary: Stepping stone to a more precise ownership domain. Reviewed By: jberdine Differential Revision: D5589834 fbshipit-source-id: 4f6c24a
8 years ago
end
module OwnershipDomain = struct
include AbstractDomain.Map (AccessPath) (OwnershipAbstractValue)
let get_owned access_path astate =
try find access_path astate
with Not_found -> OwnershipAbstractValue.Unowned
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
[thread-safety] add ownership domain: map of access paths to a lattice of ownership predicates Summary: Stepping stone to a more precise ownership domain. Reviewed By: jberdine Differential Revision: D5589834 fbshipit-source-id: 4f6c24a
8 years ago
let is_owned access_path astate =
match get_owned access_path astate with OwnershipAbstractValue.Owned -> true | _ -> false
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
[thread-safety] add ownership domain: map of access paths to a lattice of ownership predicates Summary: Stepping stone to a more precise ownership domain. Reviewed By: jberdine Differential Revision: D5589834 fbshipit-source-id: 4f6c24a
8 years ago
let find = `Use_get_owned_instead
end
[thread-safety] use map of access paths to attributes rather than multiple sets of access paths Summary: This will make it a cinch to track new "attributes" of memory locations, and to propagate more complex attributes such as conditional ownership (coming in a future diff). Reviewed By: peterogithub Differential Revision: D4523143 fbshipit-source-id: 57aa133
8 years ago
module AttributeMapDomain = struct
[absint] make InvertedSet/InvertedMap functors consistent non-inverted versions Reviewed By: mbouaziz Differential Revision: D5879318 fbshipit-source-id: 278e5ad
8 years ago
include AbstractDomain.InvertedMap (AccessPath) (AttributeSetDomain)
[thread-safety] use map of access paths to attributes rather than multiple sets of access paths Summary: This will make it a cinch to track new "attributes" of memory locations, and to propagate more complex attributes such as conditional ownership (coming in a future diff). Reviewed By: peterogithub Differential Revision: D4523143 fbshipit-source-id: 57aa133
8 years ago
[thread-safety] more precise ownership domain Summary: We previously lumped ownership predicates in with all other predicates. That limited us to a flat ownership domain. This diff separates out the ownership predicates so we can have a richer lattice of predicates with each access path. This lets us be more precise; for example, we can now show that ``` needToOwnBothParams(Obj o1, Obj o2) { Obj alias; if (*) { alias = o1; } else { alias = o2; } alias.f = ... // both o1 and o2 need to be owned for this to be safe } void ownBothParamsOk() { needToOwnBothParams(new Obj(), new Obj()); // ok, would have complained before } ``` is safe. Reviewed By: jberdine Differential Revision: D5589898 fbshipit-source-id: 9606a46
8 years ago
let add access_path attribute_set t =
if AttributeSetDomain.is_empty attribute_set then t else add access_path attribute_set t
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
[thread-safety] use map of access paths to attributes rather than multiple sets of access paths Summary: This will make it a cinch to track new "attributes" of memory locations, and to propagate more complex attributes such as conditional ownership (coming in a future diff). Reviewed By: peterogithub Differential Revision: D4523143 fbshipit-source-id: 57aa133
8 years ago
let has_attribute access_path attribute t =
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
try find access_path t |> AttributeSetDomain.mem attribute
with Not_found -> false
[thread-safety] use map of access paths to attributes rather than multiple sets of access paths Summary: This will make it a cinch to track new "attributes" of memory locations, and to propagate more complex attributes such as conditional ownership (coming in a future diff). Reviewed By: peterogithub Differential Revision: D4523143 fbshipit-source-id: 57aa133
8 years ago
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
[thread-safety] add choice variables to support partial path-sensitivity Reviewed By: peterogithub Differential Revision: D4712228 fbshipit-source-id: 50a9188
8 years ago
let get_choices access_path t =
try
let attributes = find access_path t in
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
List.filter_map
~f:(function Attribute.Choice c -> Some c | _ -> None)
(AttributeSetDomain.elements attributes)
with Not_found -> []
[thread-safety] add choice variables to support partial path-sensitivity Reviewed By: peterogithub Differential Revision: D4712228 fbshipit-source-id: 50a9188
8 years ago
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
[thread-safety] use map of access paths to attributes rather than multiple sets of access paths Summary: This will make it a cinch to track new "attributes" of memory locations, and to propagate more complex attributes such as conditional ownership (coming in a future diff). Reviewed By: peterogithub Differential Revision: D4523143 fbshipit-source-id: 57aa133
8 years ago
let add_attribute access_path attribute t =
let attribute_set =
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
( try find access_path t
with Not_found -> AttributeSetDomain.empty )
|> AttributeSetDomain.add attribute
in
[thread-safety] use map of access paths to attributes rather than multiple sets of access paths Summary: This will make it a cinch to track new "attributes" of memory locations, and to propagate more complex attributes such as conditional ownership (coming in a future diff). Reviewed By: peterogithub Differential Revision: D4523143 fbshipit-source-id: 57aa133
8 years ago
add access_path attribute_set t
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
[thread-safety] use map of access paths to attributes rather than multiple sets of access paths Summary: This will make it a cinch to track new "attributes" of memory locations, and to propagate more complex attributes such as conditional ownership (coming in a future diff). Reviewed By: peterogithub Differential Revision: D4523143 fbshipit-source-id: 57aa133
8 years ago
end
[threadsafety] record threaded information alongside accesses and use disjunction for thread join Summary: Using Conjunction for thread join has known false negatives. Finer grained recording of threading information fixes this. Reviewed By: sblackshear Differential Revision: D5111161 fbshipit-source-id: aab483c
8 years ago
module Excluder = struct
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
type t = Thread | Lock | Both [@@deriving compare]
let pp fmt = function
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| Thread ->
F.fprintf fmt "Thread"
| Lock ->
F.fprintf fmt "Lock"
| Both ->
F.fprintf fmt "both Thread and Lock"
[threadsafety] record threaded information alongside accesses and use disjunction for thread join Summary: Using Conjunction for thread join has known false negatives. Finer grained recording of threading information fixes this. Reviewed By: sblackshear Differential Revision: D5111161 fbshipit-source-id: aab483c
8 years ago
end
[thread-safety] AccessDomain for better tracking of writes Summary: In order to be able to report races like ``` synchronized write() { this.f = ... } read() { return this.f; } ``` , we need to track writes that happen inside of synchronization as well as writes that happen outside of synchronization. This diff takes a step toward making that possible by defining an "AccessDomain" mapping a precondition for the safety of a write ( {Safe, SafeIf i, Unsafe} =~ {true, owned(i), false} ) to a set of writes that are safe if the precondition will hold. We're not actually tracking safe writes yet, but this domain will make it easy to do so. This also lets us kill the conditional writes/unconditional writes combo, which was a bit clumsy Reviewed By: peterogithub Differential Revision: D4620153 fbshipit-source-id: 2d9c5ef
8 years ago
module AccessPrecondition = struct
[thread-safety] more precise ownership domain Summary: We previously lumped ownership predicates in with all other predicates. That limited us to a flat ownership domain. This diff separates out the ownership predicates so we can have a richer lattice of predicates with each access path. This lets us be more precise; for example, we can now show that ``` needToOwnBothParams(Obj o1, Obj o2) { Obj alias; if (*) { alias = o1; } else { alias = o2; } alias.f = ... // both o1 and o2 need to be owned for this to be safe } void ownBothParamsOk() { needToOwnBothParams(new Obj(), new Obj()); // ok, would have complained before } ``` is safe. Reviewed By: jberdine Differential Revision: D5589898 fbshipit-source-id: 9606a46
8 years ago
type t =
| Protected of Excluder.t
| Unprotected of IntSet.t
| TotallyUnprotected
[@@deriving compare]
[thread-safety] AccessDomain for better tracking of writes Summary: In order to be able to report races like ``` synchronized write() { this.f = ... } read() { return this.f; } ``` , we need to track writes that happen inside of synchronization as well as writes that happen outside of synchronization. This diff takes a step toward making that possible by defining an "AccessDomain" mapping a precondition for the safety of a write ( {Safe, SafeIf i, Unsafe} =~ {true, owned(i), false} ) to a set of writes that are safe if the precondition will hold. We're not actually tracking safe writes yet, but this domain will make it easy to do so. This also lets us kill the conditional writes/unconditional writes combo, which was a bit clumsy Reviewed By: peterogithub Differential Revision: D4620153 fbshipit-source-id: 2d9c5ef
8 years ago
let pp fmt = function
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
| Protected excl ->
F.fprintf fmt "ProtectedBy(%a)" Excluder.pp excl
| TotallyUnprotected ->
F.fprintf fmt "TotallyUnprotected"
| Unprotected indexes ->
F.fprintf fmt "Unprotected(%a)"
(PrettyPrintable.pp_collection ~pp_item:Int.pp)
[thread-safety] more precise ownership domain Summary: We previously lumped ownership predicates in with all other predicates. That limited us to a flat ownership domain. This diff separates out the ownership predicates so we can have a richer lattice of predicates with each access path. This lets us be more precise; for example, we can now show that ``` needToOwnBothParams(Obj o1, Obj o2) { Obj alias; if (*) { alias = o1; } else { alias = o2; } alias.f = ... // both o1 and o2 need to be owned for this to be safe } void ownBothParamsOk() { needToOwnBothParams(new Obj(), new Obj()); // ok, would have complained before } ``` is safe. Reviewed By: jberdine Differential Revision: D5589898 fbshipit-source-id: 9606a46
8 years ago
(IntSet.elements indexes)
[threadsafety] Fix make-excluder uses which potentially incorrectly assume a lock is held. Reviewed By: sblackshear Differential Revision: D5931811 fbshipit-source-id: d51dd6b
8 years ago
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
[threadsafety] Fix make-excluder uses which potentially incorrectly assume a lock is held. Reviewed By: sblackshear Differential Revision: D5931811 fbshipit-source-id: d51dd6b
8 years ago
let make locks thread pdesc =
let is_main_thread = ThreadsDomain.is_any_but_self thread in
let locked = locks || Procdesc.is_java_synchronized pdesc in
if not locked && not is_main_thread then TotallyUnprotected
else if locked && is_main_thread then Protected Excluder.Both
else if locked then Protected Excluder.Lock
else Protected Excluder.Thread
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
[thread-safety] AccessDomain for better tracking of writes Summary: In order to be able to report races like ``` synchronized write() { this.f = ... } read() { return this.f; } ``` , we need to track writes that happen inside of synchronization as well as writes that happen outside of synchronization. This diff takes a step toward making that possible by defining an "AccessDomain" mapping a precondition for the safety of a write ( {Safe, SafeIf i, Unsafe} =~ {true, owned(i), false} ) to a set of writes that are safe if the precondition will hold. We're not actually tracking safe writes yet, but this domain will make it easy to do so. This also lets us kill the conditional writes/unconditional writes combo, which was a bit clumsy Reviewed By: peterogithub Differential Revision: D4620153 fbshipit-source-id: 2d9c5ef
8 years ago
end
module AccessDomain = struct
[absint] make Set and Map functors take an ordered type Reviewed By: jeremydubreil Differential Revision: D5080742 fbshipit-source-id: 19245a8
8 years ago
include AbstractDomain.Map (AccessPrecondition) (PathDomain)
[thread-safety] AccessDomain for better tracking of writes Summary: In order to be able to report races like ``` synchronized write() { this.f = ... } read() { return this.f; } ``` , we need to track writes that happen inside of synchronization as well as writes that happen outside of synchronization. This diff takes a step toward making that possible by defining an "AccessDomain" mapping a precondition for the safety of a write ( {Safe, SafeIf i, Unsafe} =~ {true, owned(i), false} ) to a set of writes that are safe if the precondition will hold. We're not actually tracking safe writes yet, but this domain will make it easy to do so. This also lets us kill the conditional writes/unconditional writes combo, which was a bit clumsy Reviewed By: peterogithub Differential Revision: D4620153 fbshipit-source-id: 2d9c5ef
8 years ago
let add_access precondition access_path t =
let precondition_accesses =
try find precondition t
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
with Not_found -> PathDomain.empty
in
[thread-safety] AccessDomain for better tracking of writes Summary: In order to be able to report races like ``` synchronized write() { this.f = ... } read() { return this.f; } ``` , we need to track writes that happen inside of synchronization as well as writes that happen outside of synchronization. This diff takes a step toward making that possible by defining an "AccessDomain" mapping a precondition for the safety of a write ( {Safe, SafeIf i, Unsafe} =~ {true, owned(i), false} ) to a set of writes that are safe if the precondition will hold. We're not actually tracking safe writes yet, but this domain will make it easy to do so. This also lets us kill the conditional writes/unconditional writes combo, which was a bit clumsy Reviewed By: peterogithub Differential Revision: D4620153 fbshipit-source-id: 2d9c5ef
8 years ago
let precondition_accesses' = PathDomain.add_sink access_path precondition_accesses in
add precondition precondition_accesses' t
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
[thread-safety] AccessDomain for better tracking of writes Summary: In order to be able to report races like ``` synchronized write() { this.f = ... } read() { return this.f; } ``` , we need to track writes that happen inside of synchronization as well as writes that happen outside of synchronization. This diff takes a step toward making that possible by defining an "AccessDomain" mapping a precondition for the safety of a write ( {Safe, SafeIf i, Unsafe} =~ {true, owned(i), false} ) to a set of writes that are safe if the precondition will hold. We're not actually tracking safe writes yet, but this domain will make it easy to do so. This also lets us kill the conditional writes/unconditional writes combo, which was a bit clumsy Reviewed By: peterogithub Differential Revision: D4620153 fbshipit-source-id: 2d9c5ef
8 years ago
let get_accesses precondition t =
try find precondition t
with Not_found -> PathDomain.empty
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
[thread-safety] AccessDomain for better tracking of writes Summary: In order to be able to report races like ``` synchronized write() { this.f = ... } read() { return this.f; } ``` , we need to track writes that happen inside of synchronization as well as writes that happen outside of synchronization. This diff takes a step toward making that possible by defining an "AccessDomain" mapping a precondition for the safety of a write ( {Safe, SafeIf i, Unsafe} =~ {true, owned(i), false} ) to a set of writes that are safe if the precondition will hold. We're not actually tracking safe writes yet, but this domain will make it easy to do so. This also lets us kill the conditional writes/unconditional writes combo, which was a bit clumsy Reviewed By: peterogithub Differential Revision: D4620153 fbshipit-source-id: 2d9c5ef
8 years ago
end
[thread-safety] use record type in domain Summary: We're about to add another element to the abstract domain, and a 4-tuple is a bit too cumbersome to work with. Reviewed By: jberdine Differential Revision: D4315292 fbshipit-source-id: d04699f
8 years ago
type astate =
[thread-safety][cleanup] get rid of thumbs_up Summary: Not using this for now, and it seems good to simplify the complex domain as much as we can. Reviewed By: jberdine Differential Revision: D5970233 fbshipit-source-id: a451503
8 years ago
{ threads: ThreadsDomain.astate
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
; locks: LocksDomain.astate
; accesses: AccessDomain.astate
[thread-safety] more precise ownership domain Summary: We previously lumped ownership predicates in with all other predicates. That limited us to a flat ownership domain. This diff separates out the ownership predicates so we can have a richer lattice of predicates with each access path. This lets us be more precise; for example, we can now show that ``` needToOwnBothParams(Obj o1, Obj o2) { Obj alias; if (*) { alias = o1; } else { alias = o2; } alias.f = ... // both o1 and o2 need to be owned for this to be safe } void ownBothParamsOk() { needToOwnBothParams(new Obj(), new Obj()); // ok, would have complained before } ``` is safe. Reviewed By: jberdine Differential Revision: D5589898 fbshipit-source-id: 9606a46
8 years ago
; ownership: OwnershipDomain.astate
[thread-safety] eliminate escape analysis Reviewed By: ngorogiannis Differential Revision: D5946570 fbshipit-source-id: 9cd3509
8 years ago
; attribute_map: AttributeMapDomain.astate }
[threadsafety] interprocedural Summary: Refactoring to make thread safety checker interpocedural. This should not change funcitonality, and will only set things up for making the interprocedural part more serious. Reviewed By: sblackshear Differential Revision: D4124316 fbshipit-source-id: 6721953
8 years ago
[absint] don't require domains to define their initial state Summary: A domain should not definite its initial state, since distinct users of the domain may want to choose different initial values. For example, one user might want to bind all of the formals to some special values, and one user might want the initial domain to be an empty map This diff makes this distinction clear in the types by (a) requiring the initial state to be passed to the abstract interpreter and (b) lifting the requirement that abstract domains define `initial`. Reviewed By: jberdine Differential Revision: D4359629 fbshipit-source-id: cbcee28
8 years ago
let empty =
[thread-safety] Change meaning of @ThreadSafe to "can run in parallel with any thread including itself" Summary: Previously, annotating something ThreadSafe meant "check that it is safe to run all of this procedure's methods in parallel with each other" (including self-parallelization). This makes sense, but it means that if the user writes no annotations, we do no checking. I'm moving toward a model of inferring when an access might happen on a thread that can run concurrently with other threads, then automatically checking that it is thread-safe w.r.t to all other accesses to the same memory (on or off the current thread thread). This will let us report even when there are no `ThreadSafe` annotations. Any method that is known to run on a new thread (e.g., `Runnable.run`) will be modeled as running on a thread that can run in parallel with other threads, and so will any method that is `synchronized` or acquires a lock. In this setup, adding `ThreadSafe` to a method just means: "assume that the current method can run in parallel with any thread, including another thread that includes a different invocation of the same method (a self race) unless you see evidence to the contrary" (e.g., calling `assertMainThread` or annotating with `UiThread`). The key step in this diff is changing the threads domain to abstract *what threads the current thread may run in parallel with* rather than *what the current thread* is. This makes things much simpler. Reviewed By: jberdine Differential Revision: D5895242 fbshipit-source-id: 2e23d1e
8 years ago
let threads = ThreadsDomain.empty in
[absint] don't require domains to define their initial state Summary: A domain should not definite its initial state, since distinct users of the domain may want to choose different initial values. For example, one user might want to bind all of the formals to some special values, and one user might want the initial domain to be an empty map This diff makes this distinction clear in the types by (a) requiring the initial state to be passed to the abstract interpreter and (b) lifting the requirement that abstract domains define `initial`. Reviewed By: jberdine Differential Revision: D4359629 fbshipit-source-id: cbcee28
8 years ago
let locks = false in
[thread-safety] unify reads and writes into accesses Summary: This cleans up the domain/transfer functions, and it also means that we can now track reads that occur under synchronization. Reviewed By: peterogithub Differential Revision: D4674243 fbshipit-source-id: 8e13656
8 years ago
let accesses = AccessDomain.empty in
[thread-safety] more precise ownership domain Summary: We previously lumped ownership predicates in with all other predicates. That limited us to a flat ownership domain. This diff separates out the ownership predicates so we can have a richer lattice of predicates with each access path. This lets us be more precise; for example, we can now show that ``` needToOwnBothParams(Obj o1, Obj o2) { Obj alias; if (*) { alias = o1; } else { alias = o2; } alias.f = ... // both o1 and o2 need to be owned for this to be safe } void ownBothParamsOk() { needToOwnBothParams(new Obj(), new Obj()); // ok, would have complained before } ``` is safe. Reviewed By: jberdine Differential Revision: D5589898 fbshipit-source-id: 9606a46
8 years ago
let ownership = OwnershipDomain.empty in
[absint] make InvertedSet/InvertedMap functors consistent non-inverted versions Reviewed By: mbouaziz Differential Revision: D5879318 fbshipit-source-id: 278e5ad
8 years ago
let attribute_map = AttributeMapDomain.empty in
[thread-safety][cleanup] get rid of thumbs_up Summary: Not using this for now, and it seems good to simplify the complex domain as much as we can. Reviewed By: jberdine Differential Revision: D5970233 fbshipit-source-id: a451503
8 years ago
{threads; locks; accesses; ownership; attribute_map}
[thread-safety] use record type in domain Summary: We're about to add another element to the abstract domain, and a 4-tuple is a bit too cumbersome to work with. Reviewed By: jberdine Differential Revision: D4315292 fbshipit-source-id: d04699f
8 years ago
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
[thread-safety][cleanup] get rid of thumbs_up Summary: Not using this for now, and it seems good to simplify the complex domain as much as we can. Reviewed By: jberdine Differential Revision: D5970233 fbshipit-source-id: a451503
8 years ago
let is_empty {threads; locks; accesses; ownership; attribute_map} =
[thread-safety] Change meaning of @ThreadSafe to "can run in parallel with any thread including itself" Summary: Previously, annotating something ThreadSafe meant "check that it is safe to run all of this procedure's methods in parallel with each other" (including self-parallelization). This makes sense, but it means that if the user writes no annotations, we do no checking. I'm moving toward a model of inferring when an access might happen on a thread that can run concurrently with other threads, then automatically checking that it is thread-safe w.r.t to all other accesses to the same memory (on or off the current thread thread). This will let us report even when there are no `ThreadSafe` annotations. Any method that is known to run on a new thread (e.g., `Runnable.run`) will be modeled as running on a thread that can run in parallel with other threads, and so will any method that is `synchronized` or acquires a lock. In this setup, adding `ThreadSafe` to a method just means: "assume that the current method can run in parallel with any thread, including another thread that includes a different invocation of the same method (a self race) unless you see evidence to the contrary" (e.g., calling `assertMainThread` or annotating with `UiThread`). The key step in this diff is changing the threads domain to abstract *what threads the current thread may run in parallel with* rather than *what the current thread* is. This makes things much simpler. Reviewed By: jberdine Differential Revision: D5895242 fbshipit-source-id: 2e23d1e
8 years ago
ThreadsDomain.is_empty threads && not locks && AccessDomain.is_empty accesses
[quandary] better printing for access trees Summary: Add `is_empty` to `AbstractDomain.WithBottom` sig and use the empty checks for nicer printing of access trees: don't print empty nodes/traces. This should make it easier to debug Quandary; it's pretty hard to stare at an access tree and see what's going on right now. Reviewed By: jberdine Differential Revision: D5682248 fbshipit-source-id: 56d2a9d
8 years ago
&& OwnershipDomain.is_empty ownership && AttributeMapDomain.is_empty attribute_map
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
let ( <= ) ~lhs ~rhs =
if phys_equal lhs rhs then true
else ThreadsDomain.( <= ) ~lhs:lhs.threads ~rhs:rhs.threads
&& LocksDomain.( <= ) ~lhs:lhs.locks ~rhs:rhs.locks
&& AccessDomain.( <= ) ~lhs:lhs.accesses ~rhs:rhs.accesses
&& AttributeMapDomain.( <= ) ~lhs:lhs.attribute_map ~rhs:rhs.attribute_map
[thread-safety] use record type in domain Summary: We're about to add another element to the abstract domain, and a 4-tuple is a bit too cumbersome to work with. Reviewed By: jberdine Differential Revision: D4315292 fbshipit-source-id: d04699f
8 years ago
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
[thread-safety] use record type in domain Summary: We're about to add another element to the abstract domain, and a 4-tuple is a bit too cumbersome to work with. Reviewed By: jberdine Differential Revision: D4315292 fbshipit-source-id: d04699f
8 years ago
let join astate1 astate2 =
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
if phys_equal astate1 astate2 then astate1
[thread-safety] use record type in domain Summary: We're about to add another element to the abstract domain, and a 4-tuple is a bit too cumbersome to work with. Reviewed By: jberdine Differential Revision: D4315292 fbshipit-source-id: d04699f
8 years ago
else
[thread-safety] Model assertManThread and assertHoldsLock Reviewed By: sblackshear Differential Revision: D4706409 fbshipit-source-id: c822c74
8 years ago
let threads = ThreadsDomain.join astate1.threads astate2.threads in
[thread-safety] use record type in domain Summary: We're about to add another element to the abstract domain, and a 4-tuple is a bit too cumbersome to work with. Reviewed By: jberdine Differential Revision: D4315292 fbshipit-source-id: d04699f
8 years ago
let locks = LocksDomain.join astate1.locks astate2.locks in
[thread-safety] unify reads and writes into accesses Summary: This cleans up the domain/transfer functions, and it also means that we can now track reads that occur under synchronization. Reviewed By: peterogithub Differential Revision: D4674243 fbshipit-source-id: 8e13656
8 years ago
let accesses = AccessDomain.join astate1.accesses astate2.accesses in
[thread-safety] more precise ownership domain Summary: We previously lumped ownership predicates in with all other predicates. That limited us to a flat ownership domain. This diff separates out the ownership predicates so we can have a richer lattice of predicates with each access path. This lets us be more precise; for example, we can now show that ``` needToOwnBothParams(Obj o1, Obj o2) { Obj alias; if (*) { alias = o1; } else { alias = o2; } alias.f = ... // both o1 and o2 need to be owned for this to be safe } void ownBothParamsOk() { needToOwnBothParams(new Obj(), new Obj()); // ok, would have complained before } ``` is safe. Reviewed By: jberdine Differential Revision: D5589898 fbshipit-source-id: 9606a46
8 years ago
let ownership = OwnershipDomain.join astate1.ownership astate2.ownership in
[thread-safety] use map of access paths to attributes rather than multiple sets of access paths Summary: This will make it a cinch to track new "attributes" of memory locations, and to propagate more complex attributes such as conditional ownership (coming in a future diff). Reviewed By: peterogithub Differential Revision: D4523143 fbshipit-source-id: 57aa133
8 years ago
let attribute_map = AttributeMapDomain.join astate1.attribute_map astate2.attribute_map in
[thread-safety][cleanup] get rid of thumbs_up Summary: Not using this for now, and it seems good to simplify the complex domain as much as we can. Reviewed By: jberdine Differential Revision: D5970233 fbshipit-source-id: a451503
8 years ago
{threads; locks; accesses; ownership; attribute_map}
[thread-safety] use record type in domain Summary: We're about to add another element to the abstract domain, and a 4-tuple is a bit too cumbersome to work with. Reviewed By: jberdine Differential Revision: D4315292 fbshipit-source-id: d04699f
8 years ago
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
[thread-safety] use record type in domain Summary: We're about to add another element to the abstract domain, and a 4-tuple is a bit too cumbersome to work with. Reviewed By: jberdine Differential Revision: D4315292 fbshipit-source-id: d04699f
8 years ago
let widen ~prev ~next ~num_iters =
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
if phys_equal prev next then prev
[thread-safety] use record type in domain Summary: We're about to add another element to the abstract domain, and a 4-tuple is a bit too cumbersome to work with. Reviewed By: jberdine Differential Revision: D4315292 fbshipit-source-id: d04699f
8 years ago
else
[thread-safety] Model assertManThread and assertHoldsLock Reviewed By: sblackshear Differential Revision: D4706409 fbshipit-source-id: c822c74
8 years ago
let threads = ThreadsDomain.widen ~prev:prev.threads ~next:next.threads ~num_iters in
[thread-safety] use record type in domain Summary: We're about to add another element to the abstract domain, and a 4-tuple is a bit too cumbersome to work with. Reviewed By: jberdine Differential Revision: D4315292 fbshipit-source-id: d04699f
8 years ago
let locks = LocksDomain.widen ~prev:prev.locks ~next:next.locks ~num_iters in
[thread-safety] unify reads and writes into accesses Summary: This cleans up the domain/transfer functions, and it also means that we can now track reads that occur under synchronization. Reviewed By: peterogithub Differential Revision: D4674243 fbshipit-source-id: 8e13656
8 years ago
let accesses = AccessDomain.widen ~prev:prev.accesses ~next:next.accesses ~num_iters in
[thread-safety] more precise ownership domain Summary: We previously lumped ownership predicates in with all other predicates. That limited us to a flat ownership domain. This diff separates out the ownership predicates so we can have a richer lattice of predicates with each access path. This lets us be more precise; for example, we can now show that ``` needToOwnBothParams(Obj o1, Obj o2) { Obj alias; if (*) { alias = o1; } else { alias = o2; } alias.f = ... // both o1 and o2 need to be owned for this to be safe } void ownBothParamsOk() { needToOwnBothParams(new Obj(), new Obj()); // ok, would have complained before } ``` is safe. Reviewed By: jberdine Differential Revision: D5589898 fbshipit-source-id: 9606a46
8 years ago
let ownership = OwnershipDomain.widen ~prev:prev.ownership ~next:next.ownership ~num_iters in
[thread-safety] use map of access paths to attributes rather than multiple sets of access paths Summary: This will make it a cinch to track new "attributes" of memory locations, and to propagate more complex attributes such as conditional ownership (coming in a future diff). Reviewed By: peterogithub Differential Revision: D4523143 fbshipit-source-id: 57aa133
8 years ago
let attribute_map =
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
AttributeMapDomain.widen ~prev:prev.attribute_map ~next:next.attribute_map ~num_iters
in
[thread-safety][cleanup] get rid of thumbs_up Summary: Not using this for now, and it seems good to simplify the complex domain as much as we can. Reviewed By: jberdine Differential Revision: D5970233 fbshipit-source-id: a451503
8 years ago
{threads; locks; accesses; ownership; attribute_map}
[thread-safety] use id map to decompile tmp vars into access paths Summary: This is required to maintain a set of owned access paths in a subsequent diff. Reviewed By: jberdine Differential Revision: D4318859 fbshipit-source-id: bd1a9fa
8 years ago
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
[thread-safety][cleanup] use record for summary type Reviewed By: peterogithub Differential Revision: D5636060 fbshipit-source-id: 5e25a28
8 years ago
type summary =
[thread-safety][cleanup] get rid of thumbs_up Summary: Not using this for now, and it seems good to simplify the complex domain as much as we can. Reviewed By: jberdine Differential Revision: D5970233 fbshipit-source-id: a451503
8 years ago
{ threads: ThreadsDomain.astate
[thread-safety][cleanup] use record for summary type Reviewed By: peterogithub Differential Revision: D5636060 fbshipit-source-id: 5e25a28
8 years ago
; locks: LocksDomain.astate
; accesses: AccessDomain.astate
; return_ownership: OwnershipAbstractValue.astate
[thread-safety] eliminate escape analysis Reviewed By: ngorogiannis Differential Revision: D5946570 fbshipit-source-id: 9cd3509
8 years ago
; return_attributes: AttributeSetDomain.astate }
[thread-safety][cleanup] use record for summary type Reviewed By: peterogithub Differential Revision: D5636060 fbshipit-source-id: 5e25a28
8 years ago
[thread-safety][cleanup] get rid of thumbs_up Summary: Not using this for now, and it seems good to simplify the complex domain as much as we can. Reviewed By: jberdine Differential Revision: D5970233 fbshipit-source-id: a451503
8 years ago
let pp_summary fmt {threads; locks; accesses; return_ownership; return_attributes} =
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
F.fprintf fmt
[thread-safety][cleanup] get rid of thumbs_up Summary: Not using this for now, and it seems good to simplify the complex domain as much as we can. Reviewed By: jberdine Differential Revision: D5970233 fbshipit-source-id: a451503
8 years ago
"@\nThreads: %a, Locks: %a @\nAccesses %a @\nOwnership: %a @\nReturn Attributes: %a @\n"
ThreadsDomain.pp threads LocksDomain.pp locks AccessDomain.pp accesses
OwnershipAbstractValue.pp return_ownership AttributeSetDomain.pp return_attributes
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago
[thread-safety][cleanup] get rid of thumbs_up Summary: Not using this for now, and it seems good to simplify the complex domain as much as we can. Reviewed By: jberdine Differential Revision: D5970233 fbshipit-source-id: a451503
8 years ago
let pp fmt {threads; locks; accesses; ownership; attribute_map} =
F.fprintf fmt "Threads: %a, Locks: %a @\nAccesses %a @\n Ownership: %a @\nAttributes: %a @\n"
ThreadsDomain.pp threads LocksDomain.pp locks AccessDomain.pp accesses OwnershipDomain.pp
ownership AttributeMapDomain.pp attribute_map
[ocamlformat] Use ocamlformat from github Summary: Install ocamlformat from github as part of `make devsetup`, and use it for formatting OCaml (and jbuild) code. Reviewed By: jvillard Differential Revision: D6092464 fbshipit-source-id: 4ba0845
7 years ago