infer_clone/infer/src/pulse/PulseDiagnostic.ml

(*
 * Copyright (c) 2018-present, Facebook, Inc.
 *
 * This source code is licensed under the MIT license found in the
 * LICENSE file in the root directory of this source tree.
 *)

open! IStd
module F = Format

type t =
  | AccessToInvalidAddress of
      { invalidated_by: PulseInvalidation.t PulseTrace.action
      ; accessed_by: HilExp.AccessExpression.t PulseTrace.action
      ; trace: PulseTrace.t }
  | StackVariableAddressEscape of {variable: Var.t; location: Location.t}

let describe_access = PulseTrace.pp_action HilExp.AccessExpression.pp

let describe_invalidation = PulseTrace.pp_action PulseInvalidation.describe

let get_location = function
  | AccessToInvalidAddress {accessed_by} ->
      PulseTrace.outer_location_of_action accessed_by
  | StackVariableAddressEscape {location} ->
      location


let get_message = function
  | AccessToInvalidAddress {accessed_by; invalidated_by; _} ->
      F.asprintf "%a accesses address invalidated by %a past its lifetime" describe_access
        accessed_by describe_invalidation invalidated_by
  | StackVariableAddressEscape {variable} ->
      let pp_var f var =
        if Var.is_cpp_temporary var then F.pp_print_string f "C++ temporary"
        else F.fprintf f "stack variable `%a`" Var.pp var
      in
      F.asprintf "address of %a is returned by the function" pp_var variable


let add_errlog_header ~title location errlog =
  let depth = 0 in
  let tags = [] in
  Errlog.make_trace_element depth location title tags :: errlog


let get_trace = function
  | AccessToInvalidAddress {accessed_by; invalidated_by; trace} ->
      let add_header_if_some ~title location_opt errlog =
        match location_opt with
        | None ->
            errlog
        | Some location ->
            add_errlog_header ~title location errlog
      in
      add_errlog_header ~title:"start of end of lifetime trace"
        (PulseTrace.location_of_action_start invalidated_by)
      @@ PulseTrace.add_errlog_of_action ~nesting:1 ~action_name:"invalidated by"
           PulseInvalidation.describe invalidated_by
      @@ add_errlog_header ~title:"start of use after lifetime trace"
           (PulseTrace.location_of_action_start accessed_by)
      @@ PulseTrace.add_errlog_of_action ~nesting:1 ~action_name:"accessed"
           (Pp.in_backticks HilExp.AccessExpression.pp)
           accessed_by
      @@ add_header_if_some ~title:"start of value trace" (PulseTrace.get_start_location trace)
      @@ PulseTrace.add_errlog_of_trace ~nesting:1 trace
      @@ []
  | StackVariableAddressEscape _ ->
      []


let get_issue_type = function
  | AccessToInvalidAddress {invalidated_by} ->
      PulseTrace.immediate_of_action invalidated_by |> PulseInvalidation.issue_type_of_cause
  | StackVariableAddressEscape _ ->
      IssueType.stack_variable_address_escape
[pulse] split PulseDomain.ml Summary: Split into: - `PulseDiagnostic`, formerly `PulseDomain.Diagnostic` - `PulseOperations`, formerly `PulseDomain.Operations` This breaks down the now quite large and complex PulseDomain.ml into more manageable pieces. More importantly, it will allow us to build a bigger pulse domain later, where elements of the domain are pairs of the base domain that include a biabductive "footprint". What's not as nice is that more of the interface of `PulseDomain` is exposed, in particular `PulseDomain.Memory` and `PulseDomain.Stack`. We'll have to be careful not to break abstraction barriers and prefer `PulseOperations` to `PulseDomain` outside of the domain implementation. OCaml forces us to do that because of the multi-file approach. It could be solved by introducing pulse domains as a library but who has time for that... Sending early because rebasing that diff is painful. Reviewed By: ngorogiannis Differential Revision: D13537602 fbshipit-source-id: d211d6e84 6 years ago			`(*`
			`* Copyright (c) 2018-present, Facebook, Inc.`
			`*`
			`* This source code is licensed under the MIT license found in the`
			`* LICENSE file in the root directory of this source tree.`
			`*)`

			`open! IStd`
			`module F = Format`

			`type t =`
			`\| AccessToInvalidAddress of`
[pulse][interproc 3/3] interproc call Summary: biggest_diff Reviewed By: jberdine Differential Revision: D14387150 fbshipit-source-id: 6d6ddeffc 6 years ago			`{ invalidated_by: PulseInvalidation.t PulseTrace.action`
			`; accessed_by: HilExp.AccessExpression.t PulseTrace.action`
[pulse][minor] do not record abstract address in diagnostics Summary: This is basically unused except for debugging and is going to cause issues later. Reviewed By: mbouaziz Differential Revision: D14258490 fbshipit-source-id: b2800990e 6 years ago			`; trace: PulseTrace.t }`
[pulse] split PulseDomain.ml Summary: Split into: - `PulseDiagnostic`, formerly `PulseDomain.Diagnostic` - `PulseOperations`, formerly `PulseDomain.Operations` This breaks down the now quite large and complex PulseDomain.ml into more manageable pieces. More importantly, it will allow us to build a bigger pulse domain later, where elements of the domain are pairs of the base domain that include a biabductive "footprint". What's not as nice is that more of the interface of `PulseDomain` is exposed, in particular `PulseDomain.Memory` and `PulseDomain.Stack`. We'll have to be careful not to break abstraction barriers and prefer `PulseOperations` to `PulseDomain` outside of the domain implementation. OCaml forces us to do that because of the multi-file approach. It could be solved by introducing pulse domains as a library but who has time for that... Sending early because rebasing that diff is painful. Reviewed By: ngorogiannis Differential Revision: D13537602 fbshipit-source-id: d211d6e84 6 years ago			`\| StackVariableAddressEscape of {variable: Var.t; location: Location.t}`

[pulse] improve error messages and traces Summary: The previous message formatting had regressed and produced non-sensical messages. More importantly, remove template parameters from error messages to trigger the heuristic in `InferPrint` that deduplicates errors that are on the same line with the same error type and message. Without this we get hundreds of reports that correspond to as many instantiations of the same code. Reviewed By: ngorogiannis Differential Revision: D14747979 fbshipit-source-id: 3c4aad2b1 6 years ago			`let describe_access = PulseTrace.pp_action HilExp.AccessExpression.pp`
[pulse][interproc 3/3] interproc call Summary: biggest_diff Reviewed By: jberdine Differential Revision: D14387150 fbshipit-source-id: 6d6ddeffc 6 years ago
[pulse] improve error messages and traces Summary: The previous message formatting had regressed and produced non-sensical messages. More importantly, remove template parameters from error messages to trigger the heuristic in `InferPrint` that deduplicates errors that are on the same line with the same error type and message. Without this we get hundreds of reports that correspond to as many instantiations of the same code. Reviewed By: ngorogiannis Differential Revision: D14747979 fbshipit-source-id: 3c4aad2b1 6 years ago			`let describe_invalidation = PulseTrace.pp_action PulseInvalidation.describe`
[pulse][interproc 3/3] interproc call Summary: biggest_diff Reviewed By: jberdine Differential Revision: D14387150 fbshipit-source-id: 6d6ddeffc 6 years ago
[pulse] split PulseDomain.ml Summary: Split into: - `PulseDiagnostic`, formerly `PulseDomain.Diagnostic` - `PulseOperations`, formerly `PulseDomain.Operations` This breaks down the now quite large and complex PulseDomain.ml into more manageable pieces. More importantly, it will allow us to build a bigger pulse domain later, where elements of the domain are pairs of the base domain that include a biabductive "footprint". What's not as nice is that more of the interface of `PulseDomain` is exposed, in particular `PulseDomain.Memory` and `PulseDomain.Stack`. We'll have to be careful not to break abstraction barriers and prefer `PulseOperations` to `PulseDomain` outside of the domain implementation. OCaml forces us to do that because of the multi-file approach. It could be solved by introducing pulse domains as a library but who has time for that... Sending early because rebasing that diff is painful. Reviewed By: ngorogiannis Differential Revision: D13537602 fbshipit-source-id: d211d6e84 6 years ago			`let get_location = function`
[pulse][interproc 3/3] interproc call Summary: biggest_diff Reviewed By: jberdine Differential Revision: D14387150 fbshipit-source-id: 6d6ddeffc 6 years ago			`\| AccessToInvalidAddress {accessed_by} ->`
			`PulseTrace.outer_location_of_action accessed_by`
			`\| StackVariableAddressEscape {location} ->`
[pulse] split PulseDomain.ml Summary: Split into: - `PulseDiagnostic`, formerly `PulseDomain.Diagnostic` - `PulseOperations`, formerly `PulseDomain.Operations` This breaks down the now quite large and complex PulseDomain.ml into more manageable pieces. More importantly, it will allow us to build a bigger pulse domain later, where elements of the domain are pairs of the base domain that include a biabductive "footprint". What's not as nice is that more of the interface of `PulseDomain` is exposed, in particular `PulseDomain.Memory` and `PulseDomain.Stack`. We'll have to be careful not to break abstraction barriers and prefer `PulseOperations` to `PulseDomain` outside of the domain implementation. OCaml forces us to do that because of the multi-file approach. It could be solved by introducing pulse domains as a library but who has time for that... Sending early because rebasing that diff is painful. Reviewed By: ngorogiannis Differential Revision: D13537602 fbshipit-source-id: d211d6e84 6 years ago			`location`


			`let get_message = function`
[pulse] improve error messages and traces Summary: The previous message formatting had regressed and produced non-sensical messages. More importantly, remove template parameters from error messages to trigger the heuristic in `InferPrint` that deduplicates errors that are on the same line with the same error type and message. Without this we get hundreds of reports that correspond to as many instantiations of the same code. Reviewed By: ngorogiannis Differential Revision: D14747979 fbshipit-source-id: 3c4aad2b1 6 years ago			`\| AccessToInvalidAddress {accessed_by; invalidated_by; _} ->`
			`F.asprintf "%a accesses address invalidated by %a past its lifetime" describe_access`
			`accessed_by describe_invalidation invalidated_by`
[pulse] split PulseDomain.ml Summary: Split into: - `PulseDiagnostic`, formerly `PulseDomain.Diagnostic` - `PulseOperations`, formerly `PulseDomain.Operations` This breaks down the now quite large and complex PulseDomain.ml into more manageable pieces. More importantly, it will allow us to build a bigger pulse domain later, where elements of the domain are pairs of the base domain that include a biabductive "footprint". What's not as nice is that more of the interface of `PulseDomain` is exposed, in particular `PulseDomain.Memory` and `PulseDomain.Stack`. We'll have to be careful not to break abstraction barriers and prefer `PulseOperations` to `PulseDomain` outside of the domain implementation. OCaml forces us to do that because of the multi-file approach. It could be solved by introducing pulse domains as a library but who has time for that... Sending early because rebasing that diff is painful. Reviewed By: ngorogiannis Differential Revision: D13537602 fbshipit-source-id: d211d6e84 6 years ago			`\| StackVariableAddressEscape {variable} ->`
			`let pp_var f var =`
			`if Var.is_cpp_temporary var then F.pp_print_string f "C++ temporary"`
			else F.fprintf f "stack variable `%a`" Var.pp var
			`in`
			`F.asprintf "address of %a is returned by the function" pp_var variable`


[pulse] improve error messages and traces Summary: The previous message formatting had regressed and produced non-sensical messages. More importantly, remove template parameters from error messages to trigger the heuristic in `InferPrint` that deduplicates errors that are on the same line with the same error type and message. Without this we get hundreds of reports that correspond to as many instantiations of the same code. Reviewed By: ngorogiannis Differential Revision: D14747979 fbshipit-source-id: 3c4aad2b1 6 years ago			`let add_errlog_header ~title location errlog =`
			`let depth = 0 in`
			`let tags = [] in`
			`Errlog.make_trace_element depth location title tags :: errlog`


[pulse] split PulseDomain.ml Summary: Split into: - `PulseDiagnostic`, formerly `PulseDomain.Diagnostic` - `PulseOperations`, formerly `PulseDomain.Operations` This breaks down the now quite large and complex PulseDomain.ml into more manageable pieces. More importantly, it will allow us to build a bigger pulse domain later, where elements of the domain are pairs of the base domain that include a biabductive "footprint". What's not as nice is that more of the interface of `PulseDomain` is exposed, in particular `PulseDomain.Memory` and `PulseDomain.Stack`. We'll have to be careful not to break abstraction barriers and prefer `PulseOperations` to `PulseDomain` outside of the domain implementation. OCaml forces us to do that because of the multi-file approach. It could be solved by introducing pulse domains as a library but who has time for that... Sending early because rebasing that diff is painful. Reviewed By: ngorogiannis Differential Revision: D13537602 fbshipit-source-id: d211d6e84 6 years ago			`let get_trace = function`
			`\| AccessToInvalidAddress {accessed_by; invalidated_by; trace} ->`
[pulse] improve error messages and traces Summary: The previous message formatting had regressed and produced non-sensical messages. More importantly, remove template parameters from error messages to trigger the heuristic in `InferPrint` that deduplicates errors that are on the same line with the same error type and message. Without this we get hundreds of reports that correspond to as many instantiations of the same code. Reviewed By: ngorogiannis Differential Revision: D14747979 fbshipit-source-id: 3c4aad2b1 6 years ago			`let add_header_if_some ~title location_opt errlog =`
			`match location_opt with`
			`\| None ->`
			`errlog`
			`\| Some location ->`
			`add_errlog_header ~title location errlog`
			`in`
			`add_errlog_header ~title:"start of end of lifetime trace"`
			`(PulseTrace.location_of_action_start invalidated_by)`
			`@@ PulseTrace.add_errlog_of_action ~nesting:1 ~action_name:"invalidated by"`
			`PulseInvalidation.describe invalidated_by`
			`@@ add_errlog_header ~title:"start of use after lifetime trace"`
			`(PulseTrace.location_of_action_start accessed_by)`
			`@@ PulseTrace.add_errlog_of_action ~nesting:1 ~action_name:"accessed"`
			`(Pp.in_backticks HilExp.AccessExpression.pp)`
			`accessed_by`
			`@@ add_header_if_some ~title:"start of value trace" (PulseTrace.get_start_location trace)`
			`@@ PulseTrace.add_errlog_of_trace ~nesting:1 trace`
			`@@ []`
[pulse] split PulseDomain.ml Summary: Split into: - `PulseDiagnostic`, formerly `PulseDomain.Diagnostic` - `PulseOperations`, formerly `PulseDomain.Operations` This breaks down the now quite large and complex PulseDomain.ml into more manageable pieces. More importantly, it will allow us to build a bigger pulse domain later, where elements of the domain are pairs of the base domain that include a biabductive "footprint". What's not as nice is that more of the interface of `PulseDomain` is exposed, in particular `PulseDomain.Memory` and `PulseDomain.Stack`. We'll have to be careful not to break abstraction barriers and prefer `PulseOperations` to `PulseDomain` outside of the domain implementation. OCaml forces us to do that because of the multi-file approach. It could be solved by introducing pulse domains as a library but who has time for that... Sending early because rebasing that diff is painful. Reviewed By: ngorogiannis Differential Revision: D13537602 fbshipit-source-id: d211d6e84 6 years ago			`\| StackVariableAddressEscape _ ->`
			`[]`


			`let get_issue_type = function`
			`\| AccessToInvalidAddress {invalidated_by} ->`
[pulse][interproc 3/3] interproc call Summary: biggest_diff Reviewed By: jberdine Differential Revision: D14387150 fbshipit-source-id: 6d6ddeffc 6 years ago			`PulseTrace.immediate_of_action invalidated_by \|> PulseInvalidation.issue_type_of_cause`
[pulse] split PulseDomain.ml Summary: Split into: - `PulseDiagnostic`, formerly `PulseDomain.Diagnostic` - `PulseOperations`, formerly `PulseDomain.Operations` This breaks down the now quite large and complex PulseDomain.ml into more manageable pieces. More importantly, it will allow us to build a bigger pulse domain later, where elements of the domain are pairs of the base domain that include a biabductive "footprint". What's not as nice is that more of the interface of `PulseDomain` is exposed, in particular `PulseDomain.Memory` and `PulseDomain.Stack`. We'll have to be careful not to break abstraction barriers and prefer `PulseOperations` to `PulseDomain` outside of the domain implementation. OCaml forces us to do that because of the multi-file approach. It could be solved by introducing pulse domains as a library but who has time for that... Sending early because rebasing that diff is painful. Reviewed By: ngorogiannis Differential Revision: D13537602 fbshipit-source-id: d211d6e84 6 years ago			`\| StackVariableAddressEscape _ ->`
			`IssueType.stack_variable_address_escape`