pghs975uc
/
infer_clone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8a9fcdc43f'
${ noResults }
infer_clone/infer/tests/codetoanalyze/java/racerd/RaceWithMainThread.java

227 lines
4.1 KiB
Raw Normal View History Unescape

[thread-safety] Model assertManThread and assertHoldsLock Reviewed By: sblackshear Differential Revision: D4706409 fbshipit-source-id: c822c74
8 years ago
/*
* Copyright (c) 2016 - present Facebook, Inc.
* All rights reserved.
*
* This source code is licensed under the BSD style license found in the
* LICENSE file in the root directory of this source tree. An additional grant
* of patent rights can be found in the PATENTS file in the same directory.
*/
package codetoanalyze.java.checkers;
import javax.annotation.concurrent.ThreadSafe;
class OurThreadUtils{
[threadsafety] Model more xThreadUtil methods Reviewed By: sblackshear Differential Revision: D5137061 fbshipit-source-id: ffd030c
8 years ago
native static boolean isMainThread();
static void assertMainThread(){}
static void assertHoldsLock(Object lock){}
[thread-safety] Model assertManThread and assertHoldsLock Reviewed By: sblackshear Differential Revision: D4706409 fbshipit-source-id: c822c74
8 years ago
}
[threadsafety] Model more xThreadUtil methods Reviewed By: sblackshear Differential Revision: D5137061 fbshipit-source-id: ffd030c
8 years ago
class OurThreadUtil{ /*This is like AndroidThreadUtil*/
native static boolean isUiThread();
static void assertOnUiThread(){}
[thread-safety] support assertOnBackgroundThread and similar Summary: Handling the utility functions for asserting that we're on background thread. Reviewed By: jberdine Differential Revision: D5863435 fbshipit-source-id: 3ad95b5
7 years ago
static void assertOnBackgroundThread(){}
[threadsafety] Model more xThreadUtil methods Reviewed By: sblackshear Differential Revision: D5137061 fbshipit-source-id: ffd030c
8 years ago
}
[thread-safety] Model assertManThread and assertHoldsLock Reviewed By: sblackshear Differential Revision: D4706409 fbshipit-source-id: c822c74
8 years ago
@ThreadSafe
class RaceWithMainThread{
Integer f;
void main_thread_OK(){
[threadsafety] Model more xThreadUtil methods Reviewed By: sblackshear Differential Revision: D5137061 fbshipit-source-id: ffd030c
8 years ago
OurThreadUtils.assertMainThread();
[thread-safety] Model assertManThread and assertHoldsLock Reviewed By: sblackshear Differential Revision: D4706409 fbshipit-source-id: c822c74
8 years ago
f = 88;
}
[threadsafety] Model more xThreadUtil methods Reviewed By: sblackshear Differential Revision: D5137061 fbshipit-source-id: ffd030c
8 years ago
Integer f1;
void main_thread1_OK(){
OurThreadUtil.assertOnUiThread();
f1 = 88;
}
[thread-safety] Model assertManThread and assertHoldsLock Reviewed By: sblackshear Differential Revision: D4706409 fbshipit-source-id: c822c74
8 years ago
void main_thread_indirect_OK() {
main_thread_OK();
f = 77;
}
[threadsafety] Races and non-races involving assertMainThread(). Reviewed By: sblackshear Differential Revision: D4721971 fbshipit-source-id: c1dfb19
8 years ago
void read_from_main_thread_OK(){
Integer x;
[threadsafety] Model more xThreadUtil methods Reviewed By: sblackshear Differential Revision: D5137061 fbshipit-source-id: ffd030c
8 years ago
OurThreadUtils.assertMainThread();
[threadsafety] Races and non-races involving assertMainThread(). Reviewed By: sblackshear Differential Revision: D4721971 fbshipit-source-id: c1dfb19
8 years ago
x = f;
}
void read_unprotected_unthreaded_Bad(){
Integer x;
x = f;
}
[threadsafety] Model more xThreadUtil methods Reviewed By: sblackshear Differential Revision: D5137061 fbshipit-source-id: ffd030c
8 years ago
void read_unprotected_unthreaded1_Bad(){
Integer x;
x = f1;
}
[threadsafety] unsynched reading from main thread Reviewed By: sblackshear Differential Revision: D4729224 fbshipit-source-id: 576d001
8 years ago
/*There is a particularly subtle idiom which avoids races, where a
variable can be read without protection on the main thread, if
it is written with protection on the main thread and read with
protection off. The next three methods do this safely, and the fourth
unsafely.
*/
Integer i;
void protected_write_on_main_thread_OK() {
[threadsafety] Model more xThreadUtil methods Reviewed By: sblackshear Differential Revision: D5137061 fbshipit-source-id: ffd030c
8 years ago
OurThreadUtils.assertMainThread();
[threadsafety] unsynched reading from main thread Reviewed By: sblackshear Differential Revision: D4729224 fbshipit-source-id: 576d001
8 years ago
synchronized (this) {
i = 99;
}
}
void unprotected_read_on_main_thread_OK() {
Integer x;
[threadsafety] Model more xThreadUtil methods Reviewed By: sblackshear Differential Revision: D5137061 fbshipit-source-id: ffd030c
8 years ago
OurThreadUtils.assertMainThread();
[threadsafety] unsynched reading from main thread Reviewed By: sblackshear Differential Revision: D4729224 fbshipit-source-id: 576d001
8 years ago
x = i;
}
void protected_read_off_main_thread_OK() {
Integer x;
synchronized (this) {
x = i;
}
}
[thread-safety] report on write outside sync, read inside sync races Summary: This was the one type of races we were not yet reporting (besides ones that use the wrong synchronization :)). Wrote new utility function to aggregate all accesses by the memory they access. This makes it easy to say which accesses we should report and what their conflicts are. Eventually, we can simplify the reporting of other kinds of unsafe accesses using this structure. Reviewed By: peterogithub Differential Revision: D4770542 fbshipit-source-id: 96d948e
8 years ago
void readProtectedUnthreadedBad(){
[threadsafety] Races and non-races involving assertMainThread(). Reviewed By: sblackshear Differential Revision: D4721971 fbshipit-source-id: c1dfb19
8 years ago
Integer x;
synchronized (this){
x = f;
}
[thread-safety] report on write outside sync, read inside sync races Summary: This was the one type of races we were not yet reporting (besides ones that use the wrong synchronization :)). Wrote new utility function to aggregate all accesses by the memory they access. This makes it easy to say which accesses we should report and what their conflicts are. Eventually, we can simplify the reporting of other kinds of unsafe accesses using this structure. Reviewed By: peterogithub Differential Revision: D4770542 fbshipit-source-id: 96d948e
8 years ago
}
[threadsafety] Races and non-races involving assertMainThread(). Reviewed By: sblackshear Differential Revision: D4721971 fbshipit-source-id: c1dfb19
8 years ago
Integer g;
[thread-safety] Model assertManThread and assertHoldsLock Reviewed By: sblackshear Differential Revision: D4706409 fbshipit-source-id: c822c74
8 years ago
void holds_lock_OK(){
[threadsafety] Model more xThreadUtil methods Reviewed By: sblackshear Differential Revision: D5137061 fbshipit-source-id: ffd030c
8 years ago
OurThreadUtils.assertHoldsLock(this);
[threadsafety] Races and non-races involving assertMainThread(). Reviewed By: sblackshear Differential Revision: D4721971 fbshipit-source-id: c1dfb19
8 years ago
g = 88;
[thread-safety] Model assertManThread and assertHoldsLock Reviewed By: sblackshear Differential Revision: D4706409 fbshipit-source-id: c822c74
8 years ago
}
void holds_lock_indirect_OK() {
holds_lock_OK();
[threadsafety] Races and non-races involving assertMainThread(). Reviewed By: sblackshear Differential Revision: D4721971 fbshipit-source-id: c1dfb19
8 years ago
g = 77;
[thread-safety] Model assertManThread and assertHoldsLock Reviewed By: sblackshear Differential Revision: D4706409 fbshipit-source-id: c822c74
8 years ago
}
[infer][threadsafety] Use disjunction in the join for threaded Summary: There are false positives in the current analysis due to the use of conjunction in the treatment of threaded. Changing conjunction to disjunction removes these false positives. Some new false negatives arise, but all the old tests pass. This is a stopgap towards a better solution being planned. Reviewed By: sblackshear Differential Revision: D4883280 fbshipit-source-id: c2a7e6e
8 years ago
[thread-safety] new threads domain Summary: Previously, we just tracked a boolean representing whether we were possibly on the main thread (true) or definitely not on the main thread (false). In order to start supporting `Thread.start`, `Runnable.run`, etc., we'll need something more expressive. This diff introduces a lattice: ``` Any / \ Main Background \ / Unknown ``` as the new threads domain. The initial value is `Unknown`, and we introduce `Main` in situations where we would have introduced `true` before. This (mostly) preserves behavior: the main difference is that before code like ``` if (*) { assertMainThread() } else { x.f = ... } ``` would have recorded that the access to `x.f` was on the main thread, whereas now we'll say that it's on an unknown thread. Reviewed By: peterogithub Differential Revision: D5860256 fbshipit-source-id: efee330
7 years ago
Integer ff;
[threadsafety] record threaded information alongside accesses and use disjunction for thread join Summary: Using Conjunction for thread join has known false negatives. Finer grained recording of threading information fixes this. Reviewed By: sblackshear Differential Revision: D5111161 fbshipit-source-id: aab483c
8 years ago
[thread-safety] new threads domain Summary: Previously, we just tracked a boolean representing whether we were possibly on the main thread (true) or definitely not on the main thread (false). In order to start supporting `Thread.start`, `Runnable.run`, etc., we'll need something more expressive. This diff introduces a lattice: ``` Any / \ Main Background \ / Unknown ``` as the new threads domain. The initial value is `Unknown`, and we introduce `Main` in situations where we would have introduced `true` before. This (mostly) preserves behavior: the main difference is that before code like ``` if (*) { assertMainThread() } else { x.f = ... } ``` would have recorded that the access to `x.f` was on the main thread, whereas now we'll say that it's on an unknown thread. Reviewed By: peterogithub Differential Revision: D5860256 fbshipit-source-id: efee330
7 years ago
void conditional1_Ok(boolean b){
[infer][threadsafety] Use disjunction in the join for threaded Summary: There are false positives in the current analysis due to the use of conjunction in the treatment of threaded. Changing conjunction to disjunction removes these false positives. Some new false negatives arise, but all the old tests pass. This is a stopgap towards a better solution being planned. Reviewed By: sblackshear Differential Revision: D4883280 fbshipit-source-id: c2a7e6e
8 years ago
if (b)
{ /*People not literally putting this assert inside if's,
but implicitly by method calls */
[threadsafety] Model more xThreadUtil methods Reviewed By: sblackshear Differential Revision: D5137061 fbshipit-source-id: ffd030c
8 years ago
OurThreadUtils.assertMainThread();
[threadsafety] record threaded information alongside accesses and use disjunction for thread join Summary: Using Conjunction for thread join has known false negatives. Finer grained recording of threading information fixes this. Reviewed By: sblackshear Differential Revision: D5111161 fbshipit-source-id: aab483c
8 years ago
ff = 88;
}
[infer][threadsafety] Use disjunction in the join for threaded Summary: There are false positives in the current analysis due to the use of conjunction in the treatment of threaded. Changing conjunction to disjunction removes these false positives. Some new false negatives arise, but all the old tests pass. This is a stopgap towards a better solution being planned. Reviewed By: sblackshear Differential Revision: D4883280 fbshipit-source-id: c2a7e6e
8 years ago
}
[thread-safety] Change meaning of @ThreadSafe to "can run in parallel with any thread including itself" Summary: Previously, annotating something ThreadSafe meant "check that it is safe to run all of this procedure's methods in parallel with each other" (including self-parallelization). This makes sense, but it means that if the user writes no annotations, we do no checking. I'm moving toward a model of inferring when an access might happen on a thread that can run concurrently with other threads, then automatically checking that it is thread-safe w.r.t to all other accesses to the same memory (on or off the current thread thread). This will let us report even when there are no `ThreadSafe` annotations. Any method that is known to run on a new thread (e.g., `Runnable.run`) will be modeled as running on a thread that can run in parallel with other threads, and so will any method that is `synchronized` or acquires a lock. In this setup, adding `ThreadSafe` to a method just means: "assume that the current method can run in parallel with any thread, including another thread that includes a different invocation of the same method (a self race) unless you see evidence to the contrary" (e.g., calling `assertMainThread` or annotating with `UiThread`). The key step in this diff is changing the threads domain to abstract *what threads the current thread may run in parallel with* rather than *what the current thread* is. This makes things much simpler. Reviewed By: jberdine Differential Revision: D5895242 fbshipit-source-id: 2e23d1e
7 years ago
void conditional2_bad(boolean b){
[infer][threadsafety] Use disjunction in the join for threaded Summary: There are false positives in the current analysis due to the use of conjunction in the treatment of threaded. Changing conjunction to disjunction removes these false positives. Some new false negatives arise, but all the old tests pass. This is a stopgap towards a better solution being planned. Reviewed By: sblackshear Differential Revision: D4883280 fbshipit-source-id: c2a7e6e
8 years ago
if (b)
{
[threadsafety] Model more xThreadUtil methods Reviewed By: sblackshear Differential Revision: D5137061 fbshipit-source-id: ffd030c
8 years ago
OurThreadUtils.assertMainThread();
[threadsafety] record threaded information alongside accesses and use disjunction for thread join Summary: Using Conjunction for thread join has known false negatives. Finer grained recording of threading information fixes this. Reviewed By: sblackshear Differential Revision: D5111161 fbshipit-source-id: aab483c
8 years ago
ff = 88;
[infer][threadsafety] Use disjunction in the join for threaded Summary: There are false positives in the current analysis due to the use of conjunction in the treatment of threaded. Changing conjunction to disjunction removes these false positives. Some new false negatives arise, but all the old tests pass. This is a stopgap towards a better solution being planned. Reviewed By: sblackshear Differential Revision: D4883280 fbshipit-source-id: c2a7e6e
8 years ago
} else {
[thread-safety] Change meaning of @ThreadSafe to "can run in parallel with any thread including itself" Summary: Previously, annotating something ThreadSafe meant "check that it is safe to run all of this procedure's methods in parallel with each other" (including self-parallelization). This makes sense, but it means that if the user writes no annotations, we do no checking. I'm moving toward a model of inferring when an access might happen on a thread that can run concurrently with other threads, then automatically checking that it is thread-safe w.r.t to all other accesses to the same memory (on or off the current thread thread). This will let us report even when there are no `ThreadSafe` annotations. Any method that is known to run on a new thread (e.g., `Runnable.run`) will be modeled as running on a thread that can run in parallel with other threads, and so will any method that is `synchronized` or acquires a lock. In this setup, adding `ThreadSafe` to a method just means: "assume that the current method can run in parallel with any thread, including another thread that includes a different invocation of the same method (a self race) unless you see evidence to the contrary" (e.g., calling `assertMainThread` or annotating with `UiThread`). The key step in this diff is changing the threads domain to abstract *what threads the current thread may run in parallel with* rather than *what the current thread* is. This makes things much simpler. Reviewed By: jberdine Differential Revision: D5895242 fbshipit-source-id: 2e23d1e
7 years ago
ff = 99; // this might or might now run on the main thread; warn
[infer][threadsafety] Use disjunction in the join for threaded Summary: There are false positives in the current analysis due to the use of conjunction in the treatment of threaded. Changing conjunction to disjunction removes these false positives. Some new false negatives arise, but all the old tests pass. This is a stopgap towards a better solution being planned. Reviewed By: sblackshear Differential Revision: D4883280 fbshipit-source-id: c2a7e6e
8 years ago
}
}
[threadsafety] Model isMainThread() Reviewed By: sblackshear Differential Revision: D5129265 fbshipit-source-id: 14a37b1
8 years ago
void conditional_isMainThread_Ok(){
[threadsafety] Model more xThreadUtil methods Reviewed By: sblackshear Differential Revision: D5137061 fbshipit-source-id: ffd030c
8 years ago
if (OurThreadUtils.isMainThread())
{
ff = 88;
}
}
void conditional_isUiThread_Ok(){
if (OurThreadUtil.isUiThread())
[threadsafety] Model isMainThread() Reviewed By: sblackshear Differential Revision: D5129265 fbshipit-source-id: 14a37b1
8 years ago
{
ff = 88;
}
}
[threadsafety] Model more xThreadUtil methods Reviewed By: sblackshear Differential Revision: D5137061 fbshipit-source-id: ffd030c
8 years ago
[threadsafety] Model isMainThread() Reviewed By: sblackshear Differential Revision: D5129265 fbshipit-source-id: 14a37b1
8 years ago
void conditional_isMainThread_ElseBranch_Bad(){
[threadsafety] Model more xThreadUtil methods Reviewed By: sblackshear Differential Revision: D5137061 fbshipit-source-id: ffd030c
8 years ago
if (OurThreadUtils.isMainThread())
[threadsafety] Model isMainThread() Reviewed By: sblackshear Differential Revision: D5129265 fbshipit-source-id: 14a37b1
8 years ago
{
synchronized(this){
ff = 88;
}
} else {
ff = 99;
}
}
[threadsafety] Model more xThreadUtil methods Reviewed By: sblackshear Differential Revision: D5137061 fbshipit-source-id: ffd030c
8 years ago
void conditional_isUiThread_ElseBranch_Bad(){
if (OurThreadUtil.isUiThread())
{
synchronized(this){
ff = 88;
}
} else {
ff = 99;
}
}
[threadsafety] Model isMainThread() Reviewed By: sblackshear Differential Revision: D5129265 fbshipit-source-id: 14a37b1
8 years ago
void conditional_isMainThread_Negation_Bad(){
[threadsafety] Model more xThreadUtil methods Reviewed By: sblackshear Differential Revision: D5137061 fbshipit-source-id: ffd030c
8 years ago
if (!OurThreadUtils.isMainThread())
[threadsafety] Model isMainThread() Reviewed By: sblackshear Differential Revision: D5129265 fbshipit-source-id: 14a37b1
8 years ago
{
ff = 88;
}
}
void conditional_isMainThread_ElseBranch_Ok(){
[threadsafety] Model more xThreadUtil methods Reviewed By: sblackshear Differential Revision: D5137061 fbshipit-source-id: ffd030c
8 years ago
if (!OurThreadUtils.isMainThread())
[threadsafety] Model isMainThread() Reviewed By: sblackshear Differential Revision: D5129265 fbshipit-source-id: 14a37b1
8 years ago
{
synchronized(this){
ff = 88;
}
} else {
ff = 99;
}
}
[thread-safety] support assertOnBackgroundThread and similar Summary: Handling the utility functions for asserting that we're on background thread. Reviewed By: jberdine Differential Revision: D5863435 fbshipit-source-id: 3ad95b5
7 years ago
Object mFld;
public void confusedAssertBad(boolean b) {
if (b) {
OurThreadUtil.assertOnBackgroundThread();
} else {
OurThreadUtil.assertOnUiThread();
}
// not sure if we're on UI or background, should report
mFld = null;
}
[thread-safety] Model assertManThread and assertHoldsLock Reviewed By: sblackshear Differential Revision: D4706409 fbshipit-source-id: c822c74
8 years ago
}
[thread-safety] Change meaning of @ThreadSafe to "can run in parallel with any thread including itself" Summary: Previously, annotating something ThreadSafe meant "check that it is safe to run all of this procedure's methods in parallel with each other" (including self-parallelization). This makes sense, but it means that if the user writes no annotations, we do no checking. I'm moving toward a model of inferring when an access might happen on a thread that can run concurrently with other threads, then automatically checking that it is thread-safe w.r.t to all other accesses to the same memory (on or off the current thread thread). This will let us report even when there are no `ThreadSafe` annotations. Any method that is known to run on a new thread (e.g., `Runnable.run`) will be modeled as running on a thread that can run in parallel with other threads, and so will any method that is `synchronized` or acquires a lock. In this setup, adding `ThreadSafe` to a method just means: "assume that the current method can run in parallel with any thread, including another thread that includes a different invocation of the same method (a self race) unless you see evidence to the contrary" (e.g., calling `assertMainThread` or annotating with `UiThread`). The key step in this diff is changing the threads domain to abstract *what threads the current thread may run in parallel with* rather than *what the current thread* is. This makes things much simpler. Reviewed By: jberdine Differential Revision: D5895242 fbshipit-source-id: 2e23d1e
7 years ago
// not marked thread-safe
class Unmarked {
int mField;
void writeOnUiThreadOk() {
OurThreadUtil.assertOnUiThread();
mField = 7;
}
int readOnUiThreadOk() {
OurThreadUtil.assertOnUiThread();
return mField;
}
int readOffUiThreadOk() {
// even though this read isn't known to be on the UI thread, we shouldn't assume that it occurs
// on a background thread
return mField;
}
}