infer_clone/infer/src/checkers/ThreadSafetyDomain.ml

(*
 * Copyright (c) 2016 - present Facebook, Inc.
 * All rights reserved.
 *
 * This source code is licensed under the BSD style license found in the
 * LICENSE file in the root directory of this source tree. An additional grant
 * of patent rights can be found in the PATENTS file in the same directory.
 *)

open! IStd

module F = Format

module TraceElem = struct
  module Kind = struct
    type t = AccessPath.raw
    let compare = AccessPath.compare_raw
    let pp = AccessPath.pp_raw
  end

  type t = {
    site : CallSite.t;
    kind : Kind.t;
  } [@@deriving compare]

  let call_site { site; } = site

  let kind { kind; } = kind

  let make kind site = { kind; site; }

  let with_callsite t site = { t with site; }

  let pp fmt { site; kind; } =
    F.fprintf fmt "Unprotected access to %a at %a" Kind.pp kind CallSite.pp site

  module Set = PrettyPrintable.MakePPSet (struct
      type nonrec t = t
      let compare = compare
      let pp_element = pp
    end)
end

let make_access kind loc =
  let site = CallSite.make Procname.empty_block loc in
  TraceElem.make kind site

(** A bool that is true if a lock is definitely held. Note that this is unsound because it assumes
    the existence of one global lock. In the case that a lock is held on the access to a variable,
    but the lock held is the wrong one, we will erroneously say that the access is thread-safe.
    However, this coarse abstraction saves us from the complexity of tracking which locks are held
    and which memory locations correspond to the same lock. *)
module LocksDomain = AbstractDomain.BooleanAnd

module PathDomain = SinkTrace.Make(TraceElem)

module ReadWriteDomain = AbstractDomain.Pair (PathDomain) (PathDomain)

include AbstractDomain.Pair (LocksDomain) (ReadWriteDomain)
(* This is the ThreadSafety abstract domain *)
(* a typical element is (){locked}, {vars and fields})  *)
[threadsafety] interprocedural Summary: Refactoring to make thread safety checker interpocedural. This should not change funcitonality, and will only set things up for making the interprocedural part more serious. Reviewed By: sblackshear Differential Revision: D4124316 fbshipit-source-id: 6721953 8 years ago			`(*`
			`* Copyright (c) 2016 - present Facebook, Inc.`
			`* All rights reserved.`
			`*`
			`* This source code is licensed under the BSD style license found in the`
			`* LICENSE file in the root directory of this source tree. An additional grant`
			`* of patent rights can be found in the PATENTS file in the same directory.`
			`*)`
[thread-safety] Lay the groundwork for interprocedural trace-based reporting Summary: We'll eventually want fancy interprocedural traces. This diff adds the required boilerplate for this and adds the line number of each access to the error message. Real traces will come in a follow-up Reviewed By: peterogithub Differential Revision: D4251985 fbshipit-source-id: c9d9823 8 years ago
Open Core.Std by default, still use Caml Hashtbl, Map, Set Reviewed By: cristianoc Differential Revision: D4232458 fbshipit-source-id: 3d73c69 8 years ago			`open! IStd`
[thread-safety] Lay the groundwork for interprocedural trace-based reporting Summary: We'll eventually want fancy interprocedural traces. This diff adds the required boilerplate for this and adds the line number of each access to the error message. Real traces will come in a follow-up Reviewed By: peterogithub Differential Revision: D4251985 fbshipit-source-id: c9d9823 8 years ago
			`module F = Format`

			`module TraceElem = struct`
			`module Kind = struct`
[threadsafety] interprocedural Summary: Refactoring to make thread safety checker interpocedural. This should not change funcitonality, and will only set things up for making the interprocedural part more serious. Reviewed By: sblackshear Differential Revision: D4124316 fbshipit-source-id: 6721953 8 years ago			`type t = AccessPath.raw`
ppx_compare AccessPath Reviewed By: cristianoc Differential Revision: D4232397 fbshipit-source-id: a72717b 8 years ago			`let compare = AccessPath.compare_raw`
[thread-safety] Lay the groundwork for interprocedural trace-based reporting Summary: We'll eventually want fancy interprocedural traces. This diff adds the required boilerplate for this and adds the line number of each access to the error message. Real traces will come in a follow-up Reviewed By: peterogithub Differential Revision: D4251985 fbshipit-source-id: c9d9823 8 years ago			`let pp = AccessPath.pp_raw`
			`end`

			`type t = {`
			`site : CallSite.t;`
			`kind : Kind.t;`
			`} [@@deriving compare]`

			`let call_site { site; } = site`

			`let kind { kind; } = kind`

			`let make kind site = { kind; site; }`

			`let with_callsite t site = { t with site; }`

			`let pp fmt { site; kind; } =`
			`F.fprintf fmt "Unprotected access to %a at %a" Kind.pp kind CallSite.pp site`

			`module Set = PrettyPrintable.MakePPSet (struct`
			`type nonrec t = t`
			`let compare = compare`
			`let pp_element = pp`
			`end)`
			`end`

			`let make_access kind loc =`
			`let site = CallSite.make Procname.empty_block loc in`
			`TraceElem.make kind site`
[threadsafety] interprocedural Summary: Refactoring to make thread safety checker interpocedural. This should not change funcitonality, and will only set things up for making the interprocedural part more serious. Reviewed By: sblackshear Differential Revision: D4124316 fbshipit-source-id: 6721953 8 years ago
[thread-safety] use boolean domain to track locks Summary: Before, we were using a set domain of strings to model a boolean domain. An explicit boolean domain makes it a bit clear what's going on. There are two things to note here: (1) This actually changed the semantics from the old set domain. The set domain wouldn't warn if the lock is held on only one side of a branch, which isn't what we want. (2) We can't actually test this because the modeling for `Lock.lock()` etc doesn't work :(. The reason is that the models (which do things like adding attributes for `Lock.lock`) are analyzed for Infer, but not for the checkers. We'll have to add separate models for thread safety. Reviewed By: peterogithub Differential Revision: D4242487 fbshipit-source-id: 9fc599d 8 years ago			`(** A bool that is true if a lock is definitely held. Note that this is unsound because it assumes`
			`the existence of one global lock. In the case that a lock is held on the access to a variable,`
			`but the lock held is the wrong one, we will erroneously say that the access is thread-safe.`
			`However, this coarse abstraction saves us from the complexity of tracking which locks are held`
			`and which memory locations correspond to the same lock. *)`
			`module LocksDomain = AbstractDomain.BooleanAnd`
[threadsafety] interprocedural Summary: Refactoring to make thread safety checker interpocedural. This should not change funcitonality, and will only set things up for making the interprocedural part more serious. Reviewed By: sblackshear Differential Revision: D4124316 fbshipit-source-id: 6721953 8 years ago
[thread-safety] Lay the groundwork for interprocedural trace-based reporting Summary: We'll eventually want fancy interprocedural traces. This diff adds the required boilerplate for this and adds the line number of each access to the error message. Real traces will come in a follow-up Reviewed By: peterogithub Differential Revision: D4251985 fbshipit-source-id: c9d9823 8 years ago			`module PathDomain = SinkTrace.Make(TraceElem)`
[threadsafety] interprocedural Summary: Refactoring to make thread safety checker interpocedural. This should not change funcitonality, and will only set things up for making the interprocedural part more serious. Reviewed By: sblackshear Differential Revision: D4124316 fbshipit-source-id: 6721953 8 years ago
			`module ReadWriteDomain = AbstractDomain.Pair (PathDomain) (PathDomain)`

			`include AbstractDomain.Pair (LocksDomain) (ReadWriteDomain)`
			`(* This is the ThreadSafety abstract domain *)`
			`(* a typical element is (){locked}, {vars and fields}) *)`