pghs975uc
/
infer_clone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'f4e9975783'
${ noResults }
infer_clone/infer/src/concurrency/RacerDDomain.mli

243 lines
8.3 KiB
Raw Normal View History Unescape

[thread-safety][cleanup] add mli for ThreadSafetyDomain Reviewed By: peterogithub Differential Revision: D4452608 fbshipit-source-id: 1761045
8 years ago
(*
Change license to MIT Summary: Change the license of the source code from BSD + PATENTS to MIT. Change `checkCopyright` to reflect the new license and learn some new file types. Generated with: ``` git grep BSD | xargs -n 1 ./scripts/checkCopyright -i ``` Reviewed By: jeremydubreil, mbouaziz, jberdine Differential Revision: D8071249 fbshipit-source-id: 97ca23a
7 years ago
* Copyright (c) 2017-present, Facebook, Inc.
[thread-safety][cleanup] add mli for ThreadSafetyDomain Reviewed By: peterogithub Differential Revision: D4452608 fbshipit-source-id: 1761045
8 years ago
*
Change license to MIT Summary: Change the license of the source code from BSD + PATENTS to MIT. Change `checkCopyright` to reflect the new license and learn some new file types. Generated with: ``` git grep BSD | xargs -n 1 ./scripts/checkCopyright -i ``` Reviewed By: jeremydubreil, mbouaziz, jberdine Differential Revision: D8071249 fbshipit-source-id: 97ca23a
7 years ago
* This source code is licensed under the MIT license found in the
* LICENSE file in the root directory of this source tree.
[thread-safety][cleanup] add mli for ThreadSafetyDomain Reviewed By: peterogithub Differential Revision: D4452608 fbshipit-source-id: 1761045
8 years ago
*)
open! IStd
module F = Format
[thread-safety] unify reads and writes into accesses Summary: This cleans up the domain/transfer functions, and it also means that we can now track reads that occur under synchronization. Reviewed By: peterogithub Differential Revision: D4674243 fbshipit-source-id: 8e13656
8 years ago
module Access : sig
[racerd] make nontrivial domain types private Reviewed By: da319 Differential Revision: D6348769 fbshipit-source-id: dd76eb7
7 years ago
type t = private
[access paths] make raw access paths the default, move abstraction into AccessPath.Abs module Summary: It's nice to have "raw" as the default kind of access path, since it's used much more often than the abstraction. This is also a prereq for supporting index expressions in access paths, since we'll need mutual recursion between accesses and access paths. Reviewed By: jeremydubreil Differential Revision: D5529807 fbshipit-source-id: cb3f521
8 years ago
| Read of AccessPath.t (** Field or array read *)
| Write of AccessPath.t (** Field or array write *)
| ContainerRead of AccessPath.t * Typ.Procname.t (** Read of container object *)
| ContainerWrite of AccessPath.t * Typ.Procname.t (** Write to container object *)
[thread-safety] warning when interface method is called from thread-safe context without annotation Reviewed By: ngorogiannis Differential Revision: D5445971 fbshipit-source-id: a3a7dd3
8 years ago
| InterfaceCall of Typ.Procname.t
(** Call to method of interface not annotated with @ThreadSafe *)
[racerd] reorg domain module Summary: - Reorder modules in mli for readability. - Match mli module order in the implementation. - Move some functions that operate on domains from RacerD.ml to the domain file. - Kill some module type invocation. - Use standard module signatures. Reviewed By: mbouaziz Differential Revision: D8026386 fbshipit-source-id: ee2af22
7 years ago
include PrettyPrintable.PrintableOrderedType with type t := t
[thread-safety] unify reads and writes into accesses Summary: This cleans up the domain/transfer functions, and it also means that we can now track reads that occur under synchronization. Reviewed By: peterogithub Differential Revision: D4674243 fbshipit-source-id: 8e13656
8 years ago
[traces] add matches function for extra flexibility in expanding traces Summary: Expanding traces currently works in the following way: Given a `TraceElem.Kind` `k` we want to report in `foo`, we look for a callee `C` of `foo` that has a `TraceElem.Kind` equal to `k` in its summary, grab the summary for `C`, then repeat until we bottom out. This isn't very flexible: it insists on equality between `TraceElem.Kind`'s as the criteria for expanding a trace. This diff introduces a new `matches` function for deciding when to expand a trace from a caller into a callee. Clients that don't want strict equality can implement a fuzzier kind of equality inside this function. I've gone ahead and done this for the trace elemes of thread-safety. In the near future, equivalent access paths won't always compare equal from caller to callee, so we want to match their suffixes instead. Reviewed By: jvillard Differential Revision: D5914118 fbshipit-source-id: 233c603
8 years ago
val matches : caller:t -> callee:t -> bool
(** returns true if the caller access matches the callee access after accounting for mismatch
between the formals and actuals *)
[access paths] make raw access paths the default, move abstraction into AccessPath.Abs module Summary: It's nice to have "raw" as the default kind of access path, since it's used much more often than the abstraction. This is also a prereq for supporting index expressions in access paths, since we'll need mutual recursion between accesses and access paths. Reviewed By: jeremydubreil Differential Revision: D5529807 fbshipit-source-id: cb3f521
8 years ago
val get_access_path : t -> AccessPath.t option
[thread-safety] unify reads and writes into accesses Summary: This cleans up the domain/transfer functions, and it also means that we can now track reads that occur under synchronization. Reviewed By: peterogithub Differential Revision: D4674243 fbshipit-source-id: 8e13656
8 years ago
end
module TraceElem : sig
include TraceElem.S with module Kind = Access
val is_write : t -> bool
[thread-safety] make a distinguished access kind for container writes Summary: The way we represented container writes before was pretty hacky: just use a dummy field for the name of the method that performs the container write. This diff introduces a new access kind for container writes that is much more structured. This will make it easier to soundly handle aliasing between containers and support container reads in the near future. Reviewed By: da319 Differential Revision: D5465747 fbshipit-source-id: e021ec2
8 years ago
val is_container_write : t -> bool
[thread-safety] Rebase accesses in callees onto variables of the caller, where possible. Reviewed By: sblackshear Differential Revision: D5911083 fbshipit-source-id: 2dae717
8 years ago
val map : f:(AccessPath.t -> AccessPath.t) -> t -> t
[thread-safety] skip reporting on truncated traces Summary: Due to limitations in our Buck integration, the thread-safety analysis cannot create a trace that bottoms out in a Buck target that is not a direct dependency of the current target. These truncated traces are confusing and tough to act on. Until we can address these limitations, let's avoid reporting on truncated traces. Reviewed By: jeremydubreil Differential Revision: D5969840 fbshipit-source-id: 877b9de
7 years ago
val is_direct : t -> bool
(** return true if the given trace elem represents a direct access, not a call that eventually
leads to an access *)
val make_container_access : AccessPath.t -> Typ.Procname.t -> is_write:bool -> Location.t -> t
val make_field_access : AccessPath.t -> is_write:bool -> Location.t -> t
val make_unannotated_call_access : Typ.Procname.t -> Location.t -> t
[thread-safety] unify reads and writes into accesses Summary: This cleans up the domain/transfer functions, and it also means that we can now track reads that occur under synchronization. Reviewed By: peterogithub Differential Revision: D4674243 fbshipit-source-id: 8e13656
8 years ago
end
[thread-safety][cleanup] add mli for ThreadSafetyDomain Reviewed By: peterogithub Differential Revision: D4452608 fbshipit-source-id: 1761045
8 years ago
[racerd] reorg domain module Summary: - Reorder modules in mli for readability. - Match mli module order in the implementation. - Move some functions that operate on domains from RacerD.ml to the domain file. - Kill some module type invocation. - Use standard module signatures. Reviewed By: mbouaziz Differential Revision: D8026386 fbshipit-source-id: ee2af22
7 years ago
module PathDomain :
SinkTrace.S with module Source = Source.Dummy and module Sink = SinkTrace.MakeSink(TraceElem)
[racerd] new lock domain Summary: The boolean lock domain is simple and surprisingly effective. But it's starting to cause false positives in the case where locks are nested. Releasing the inner lock also releases the outer lock. This diff introduces a new locks domain: a map of locks (access paths) to a bounded count representing an underapproximation of the number of times the lock has been acquired. For now, we just use a single dummy access path to represent all locks (and thus a count actually would have been sufficiently expressive; we don't need the map yet). But I'm planning to remove this limitation in a follow-up by refactoring the lock models to give us an access path. Knowing the names of locks could be useful for error messages and suggesting fixes. Reviewed By: jberdine Differential Revision: D6182006 fbshipit-source-id: 6624971
7 years ago
(** Overapproximation of number of locks that are currently held *)
module LocksDomain : sig
include AbstractDomain.WithBottom
[racerd] reorg domain module Summary: - Reorder modules in mli for readability. - Match mli module order in the implementation. - Move some functions that operate on domains from RacerD.ml to the domain file. - Kill some module type invocation. - Use standard module signatures. Reviewed By: mbouaziz Differential Revision: D8026386 fbshipit-source-id: ee2af22
7 years ago
val acquire_lock : astate -> astate
[racerd] new lock domain Summary: The boolean lock domain is simple and surprisingly effective. But it's starting to cause false positives in the case where locks are nested. Releasing the inner lock also releases the outer lock. This diff introduces a new locks domain: a map of locks (access paths) to a bounded count representing an underapproximation of the number of times the lock has been acquired. For now, we just use a single dummy access path to represent all locks (and thus a count actually would have been sufficiently expressive; we don't need the map yet). But I'm planning to remove this limitation in a follow-up by refactoring the lock models to give us an access path. Knowing the names of locks could be useful for error messages and suggesting fixes. Reviewed By: jberdine Differential Revision: D6182006 fbshipit-source-id: 6624971
7 years ago
(** record acquisition of a lock *)
[racerd] reorg domain module Summary: - Reorder modules in mli for readability. - Match mli module order in the implementation. - Move some functions that operate on domains from RacerD.ml to the domain file. - Kill some module type invocation. - Use standard module signatures. Reviewed By: mbouaziz Differential Revision: D8026386 fbshipit-source-id: ee2af22
7 years ago
val release_lock : astate -> astate
[racerd] new lock domain Summary: The boolean lock domain is simple and surprisingly effective. But it's starting to cause false positives in the case where locks are nested. Releasing the inner lock also releases the outer lock. This diff introduces a new locks domain: a map of locks (access paths) to a bounded count representing an underapproximation of the number of times the lock has been acquired. For now, we just use a single dummy access path to represent all locks (and thus a count actually would have been sufficiently expressive; we don't need the map yet). But I'm planning to remove this limitation in a follow-up by refactoring the lock models to give us an access path. Knowing the names of locks could be useful for error messages and suggesting fixes. Reviewed By: jberdine Differential Revision: D6182006 fbshipit-source-id: 6624971
7 years ago
(** record release of a lock *)
[racerd] fix lock count treatment at method calls Reviewed By: sblackshear Differential Revision: D7055465 fbshipit-source-id: a6dffe0
7 years ago
val integrate_summary : caller_astate:astate -> callee_astate:astate -> astate
(** integrate current state with a callee summary *)
[racerd] new lock domain Summary: The boolean lock domain is simple and surprisingly effective. But it's starting to cause false positives in the case where locks are nested. Releasing the inner lock also releases the outer lock. This diff introduces a new locks domain: a map of locks (access paths) to a bounded count representing an underapproximation of the number of times the lock has been acquired. For now, we just use a single dummy access path to represent all locks (and thus a count actually would have been sufficiently expressive; we don't need the map yet). But I'm planning to remove this limitation in a follow-up by refactoring the lock models to give us an access path. Knowing the names of locks could be useful for error messages and suggesting fixes. Reviewed By: jberdine Differential Revision: D6182006 fbshipit-source-id: 6624971
7 years ago
end
[thread-safety][cleanup] add mli for ThreadSafetyDomain Reviewed By: peterogithub Differential Revision: D4452608 fbshipit-source-id: 1761045
8 years ago
[thread-safety] Change meaning of @ThreadSafe to "can run in parallel with any thread including itself" Summary: Previously, annotating something ThreadSafe meant "check that it is safe to run all of this procedure's methods in parallel with each other" (including self-parallelization). This makes sense, but it means that if the user writes no annotations, we do no checking. I'm moving toward a model of inferring when an access might happen on a thread that can run concurrently with other threads, then automatically checking that it is thread-safe w.r.t to all other accesses to the same memory (on or off the current thread thread). This will let us report even when there are no `ThreadSafe` annotations. Any method that is known to run on a new thread (e.g., `Runnable.run`) will be modeled as running on a thread that can run in parallel with other threads, and so will any method that is `synchronized` or acquires a lock. In this setup, adding `ThreadSafe` to a method just means: "assume that the current method can run in parallel with any thread, including another thread that includes a different invocation of the same method (a self race) unless you see evidence to the contrary" (e.g., calling `assertMainThread` or annotating with `UiThread`). The key step in this diff is changing the threads domain to abstract *what threads the current thread may run in parallel with* rather than *what the current thread* is. This makes things much simpler. Reviewed By: jberdine Differential Revision: D5895242 fbshipit-source-id: 2e23d1e
8 years ago
(** Abstraction of threads that may run in parallel with the current thread.
NoThread < AnyThreadExceptSelf < AnyThread *)
[thread-safety] new threads domain Summary: Previously, we just tracked a boolean representing whether we were possibly on the main thread (true) or definitely not on the main thread (false). In order to start supporting `Thread.start`, `Runnable.run`, etc., we'll need something more expressive. This diff introduces a lattice: ``` Any / \ Main Background \ / Unknown ``` as the new threads domain. The initial value is `Unknown`, and we introduce `Main` in situations where we would have introduced `true` before. This (mostly) preserves behavior: the main difference is that before code like ``` if (*) { assertMainThread() } else { x.f = ... } ``` would have recorded that the access to `x.f` was on the main thread, whereas now we'll say that it's on an unknown thread. Reviewed By: peterogithub Differential Revision: D5860256 fbshipit-source-id: efee330
8 years ago
module ThreadsDomain : sig
type astate =
[thread-safety] Change meaning of @ThreadSafe to "can run in parallel with any thread including itself" Summary: Previously, annotating something ThreadSafe meant "check that it is safe to run all of this procedure's methods in parallel with each other" (including self-parallelization). This makes sense, but it means that if the user writes no annotations, we do no checking. I'm moving toward a model of inferring when an access might happen on a thread that can run concurrently with other threads, then automatically checking that it is thread-safe w.r.t to all other accesses to the same memory (on or off the current thread thread). This will let us report even when there are no `ThreadSafe` annotations. Any method that is known to run on a new thread (e.g., `Runnable.run`) will be modeled as running on a thread that can run in parallel with other threads, and so will any method that is `synchronized` or acquires a lock. In this setup, adding `ThreadSafe` to a method just means: "assume that the current method can run in parallel with any thread, including another thread that includes a different invocation of the same method (a self race) unless you see evidence to the contrary" (e.g., calling `assertMainThread` or annotating with `UiThread`). The key step in this diff is changing the threads domain to abstract *what threads the current thread may run in parallel with* rather than *what the current thread* is. This makes things much simpler. Reviewed By: jberdine Differential Revision: D5895242 fbshipit-source-id: 2e23d1e
8 years ago
| NoThread
(** No threads can run in parallel with the current thread (concretization: empty set). We
assume this by default unless we see evidence to the contrary (annotations, use of locks,
etc.) *)
| AnyThreadButSelf
[racerd] `Precondition` -> `OwnershipPrecondition` Reviewed By: jeremydubreil Differential Revision: D7718403 fbshipit-source-id: 73c5cee
7 years ago
(** Current thread can run in parallel with other threads, but not with a copy of itself.
[doc] Fix some invalid/suspicious docstrings Summary: The upcoming ocamlformat has the ability to parse and format docstrings. This requires that the docstrings conform to the ocamldoc spec a bit more strongly. If a docstring does not parse, it is left alone, but if it is morally ill-formed but parses by chance, it can be reformatted incorrectly. This patch fixes the existing instances of this problem. Reviewed By: mbouaziz Differential Revision: D12911937 fbshipit-source-id: 1c2eb590b
6 years ago
(concretization : {% \{ t | t \in TIDs ^ t != t_cur \} %} ) *)
[thread-safety] Change meaning of @ThreadSafe to "can run in parallel with any thread including itself" Summary: Previously, annotating something ThreadSafe meant "check that it is safe to run all of this procedure's methods in parallel with each other" (including self-parallelization). This makes sense, but it means that if the user writes no annotations, we do no checking. I'm moving toward a model of inferring when an access might happen on a thread that can run concurrently with other threads, then automatically checking that it is thread-safe w.r.t to all other accesses to the same memory (on or off the current thread thread). This will let us report even when there are no `ThreadSafe` annotations. Any method that is known to run on a new thread (e.g., `Runnable.run`) will be modeled as running on a thread that can run in parallel with other threads, and so will any method that is `synchronized` or acquires a lock. In this setup, adding `ThreadSafe` to a method just means: "assume that the current method can run in parallel with any thread, including another thread that includes a different invocation of the same method (a self race) unless you see evidence to the contrary" (e.g., calling `assertMainThread` or annotating with `UiThread`). The key step in this diff is changing the threads domain to abstract *what threads the current thread may run in parallel with* rather than *what the current thread* is. This makes things much simpler. Reviewed By: jberdine Differential Revision: D5895242 fbshipit-source-id: 2e23d1e
8 years ago
| AnyThread
[racerd] reorg domain module Summary: - Reorder modules in mli for readability. - Match mli module order in the implementation. - Move some functions that operate on domains from RacerD.ml to the domain file. - Kill some module type invocation. - Use standard module signatures. Reviewed By: mbouaziz Differential Revision: D8026386 fbshipit-source-id: ee2af22
7 years ago
(** Current thread can run in parallel with any thread, including itself (concretization:
[racerd] `Precondition` -> `OwnershipPrecondition` Reviewed By: jeremydubreil Differential Revision: D7718403 fbshipit-source-id: 73c5cee
7 years ago
set of all TIDs ) *)
[thread-safety] new threads domain Summary: Previously, we just tracked a boolean representing whether we were possibly on the main thread (true) or definitely not on the main thread (false). In order to start supporting `Thread.start`, `Runnable.run`, etc., we'll need something more expressive. This diff introduces a lattice: ``` Any / \ Main Background \ / Unknown ``` as the new threads domain. The initial value is `Unknown`, and we introduce `Main` in situations where we would have introduced `true` before. This (mostly) preserves behavior: the main difference is that before code like ``` if (*) { assertMainThread() } else { x.f = ... } ``` would have recorded that the access to `x.f` was on the main thread, whereas now we'll say that it's on an unknown thread. Reviewed By: peterogithub Differential Revision: D5860256 fbshipit-source-id: efee330
8 years ago
include AbstractDomain.WithBottom with type astate := astate
[racerd] use `ThreadsDomain.astate` instead of bool in `AccessData` Reviewed By: ngorogiannis Differential Revision: D7423167 fbshipit-source-id: 79daa3a
7 years ago
val can_conflict : astate -> astate -> bool
(** return true if two accesses with these thread values can run concurrently *)
[thread-safety] Change meaning of @ThreadSafe to "can run in parallel with any thread including itself" Summary: Previously, annotating something ThreadSafe meant "check that it is safe to run all of this procedure's methods in parallel with each other" (including self-parallelization). This makes sense, but it means that if the user writes no annotations, we do no checking. I'm moving toward a model of inferring when an access might happen on a thread that can run concurrently with other threads, then automatically checking that it is thread-safe w.r.t to all other accesses to the same memory (on or off the current thread thread). This will let us report even when there are no `ThreadSafe` annotations. Any method that is known to run on a new thread (e.g., `Runnable.run`) will be modeled as running on a thread that can run in parallel with other threads, and so will any method that is `synchronized` or acquires a lock. In this setup, adding `ThreadSafe` to a method just means: "assume that the current method can run in parallel with any thread, including another thread that includes a different invocation of the same method (a self race) unless you see evidence to the contrary" (e.g., calling `assertMainThread` or annotating with `UiThread`). The key step in this diff is changing the threads domain to abstract *what threads the current thread may run in parallel with* rather than *what the current thread* is. This makes things much simpler. Reviewed By: jberdine Differential Revision: D5895242 fbshipit-source-id: 2e23d1e
8 years ago
val is_any : astate -> bool
[racerd] use `ThreadsDomain.astate` instead of bool in `AccessData` Reviewed By: ngorogiannis Differential Revision: D7423167 fbshipit-source-id: 79daa3a
7 years ago
val integrate_summary : caller_astate:astate -> callee_astate:astate -> astate
(** integrate current state with a callee summary *)
[thread-safety] new threads domain Summary: Previously, we just tracked a boolean representing whether we were possibly on the main thread (true) or definitely not on the main thread (false). In order to start supporting `Thread.start`, `Runnable.run`, etc., we'll need something more expressive. This diff introduces a lattice: ``` Any / \ Main Background \ / Unknown ``` as the new threads domain. The initial value is `Unknown`, and we introduce `Main` in situations where we would have introduced `true` before. This (mostly) preserves behavior: the main difference is that before code like ``` if (*) { assertMainThread() } else { x.f = ... } ``` would have recorded that the access to `x.f` was on the main thread, whereas now we'll say that it's on an unknown thread. Reviewed By: peterogithub Differential Revision: D5860256 fbshipit-source-id: efee330
8 years ago
end
[thread-safety] Model assertManThread and assertHoldsLock Reviewed By: sblackshear Differential Revision: D4706409 fbshipit-source-id: c822c74
8 years ago
[racerd] reorg domain module Summary: - Reorder modules in mli for readability. - Match mli module order in the implementation. - Move some functions that operate on domains from RacerD.ml to the domain file. - Kill some module type invocation. - Use standard module signatures. Reviewed By: mbouaziz Differential Revision: D8026386 fbshipit-source-id: ee2af22
7 years ago
(** snapshot of the relevant state at the time of a heap access: concurrent thread(s), lock(s) held,
ownership precondition *)
module AccessSnapshot : sig
(** precondition for owned access; access is owned if it evaluates to true *)
module OwnershipPrecondition : sig
type t =
| Conjunction of IntSet.t
(** Conjunction of "formal index must be owned" predicates.
true if empty *)
| False
include PrettyPrintable.PrintableOrderedType with type t := t
val is_true : t -> bool
(** return [true] if the precondition evaluates to true *)
end
[thread-safety][cleanup] add mli for ThreadSafetyDomain Reviewed By: peterogithub Differential Revision: D4452608 fbshipit-source-id: 1761045
8 years ago
[racerd] reorg domain module Summary: - Reorder modules in mli for readability. - Match mli module order in the implementation. - Move some functions that operate on domains from RacerD.ml to the domain file. - Kill some module type invocation. - Use standard module signatures. Reviewed By: mbouaziz Differential Revision: D8026386 fbshipit-source-id: ee2af22
7 years ago
type t = private
{ access: PathDomain.Sink.t
; thread: ThreadsDomain.astate
; lock: bool
; ownership_precondition: OwnershipPrecondition.t }
include PrettyPrintable.PrintableOrderedType with type t := t
val make :
[ocamlformat] upgrade to ocamlformat 0.7 Reviewed By: mbouaziz Differential Revision: D9496601 fbshipit-source-id: 83c6fd241
7 years ago
PathDomain.Sink.t
-> LocksDomain.astate
-> ThreadsDomain.astate
-> OwnershipPrecondition.t
-> Procdesc.t
-> t
[racerd] reorg domain module Summary: - Reorder modules in mli for readability. - Match mli module order in the implementation. - Move some functions that operate on domains from RacerD.ml to the domain file. - Kill some module type invocation. - Use standard module signatures. Reviewed By: mbouaziz Differential Revision: D8026386 fbshipit-source-id: ee2af22
7 years ago
val make_from_snapshot : PathDomain.Sink.t -> t -> t
val is_unprotected : t -> bool
(** return true if not protected by lock, thread, or ownership *)
end
(** map of access metadata |-> set of accesses. the map should hold all accesses to a
possibly-unowned access path *)
module AccessDomain : module type of AbstractDomain.FiniteSet (AccessSnapshot)
(** Powerset domain on the formal indexes in OwnedIf with a distinguished bottom element (Owned)
and top element (Unowned) *)
[thread-safety] add ownership domain: map of access paths to a lattice of ownership predicates Summary: Stepping stone to a more precise ownership domain. Reviewed By: jberdine Differential Revision: D5589834 fbshipit-source-id: 4f6c24a
8 years ago
module OwnershipAbstractValue : sig
type astate = private
| Owned (** Owned value; bottom of the lattice *)
| OwnedIf of IntSet.t (** Owned if the formals at the given indexes are owned in the caller *)
| Unowned (** Unowned value; top of the lattice *)
[ocamlformat] Upgrade to ocamlformat 0.5 Summary: Upgrade ocamlformat, and base which needs to be done in sync in order to build ocamlformat, and the other deps can come for the ride. Reviewed By: jvillard Differential Revision: D7663537 fbshipit-source-id: 3e90970
7 years ago
[@@deriving compare]
[thread-safety] add ownership domain: map of access paths to a lattice of ownership predicates Summary: Stepping stone to a more precise ownership domain. Reviewed By: jberdine Differential Revision: D5589834 fbshipit-source-id: 4f6c24a
8 years ago
val owned : astate
val unowned : astate
val make_owned_if : int -> astate
include AbstractDomain.S with type astate := astate
end
module OwnershipDomain : sig
include module type of AbstractDomain.Map (AccessPath) (OwnershipAbstractValue)
val get_owned : AccessPath.t -> astate -> OwnershipAbstractValue.astate
val is_owned : AccessPath.t -> astate -> bool
[ocamlformat] upgrade to ocamlformat 0.7 Reviewed By: mbouaziz Differential Revision: D9496601 fbshipit-source-id: 83c6fd241
7 years ago
val find : [`Use_get_owned_instead] [@@warning "-32"]
[racerd] reorg domain module Summary: - Reorder modules in mli for readability. - Match mli module order in the implementation. - Move some functions that operate on domains from RacerD.ml to the domain file. - Kill some module type invocation. - Use standard module signatures. Reviewed By: mbouaziz Differential Revision: D8026386 fbshipit-source-id: ee2af22
7 years ago
val propagate_assignment : AccessPath.t -> HilExp.t -> astate -> astate
[racerd] don't replicate existing logic in `propagate_return` Summary: `ownership_of_expr` is already doing some of the work in `propagate_return`. Also, split and move into abstract domain, where it belongs. Reviewed By: jeremydubreil Differential Revision: D8855257 fbshipit-source-id: 7756552d8
7 years ago
val propagate_return :
AccessPath.t -> OwnershipAbstractValue.astate -> HilExp.t list -> astate -> astate
[thread-safety] add ownership domain: map of access paths to a lattice of ownership predicates Summary: Stepping stone to a more precise ownership domain. Reviewed By: jberdine Differential Revision: D5589834 fbshipit-source-id: 4f6c24a
8 years ago
end
[thread-safety] add choice variables to support partial path-sensitivity Reviewed By: peterogithub Differential Revision: D4712228 fbshipit-source-id: 50a9188
8 years ago
(** attribute attached to a boolean variable specifying what it means when the boolean is true *)
module Choice : sig
type t =
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
| OnMainThread (** the current procedure is running on the main thread *)
| LockHeld (** a lock is currently held *)
[racerd] reorg domain module Summary: - Reorder modules in mli for readability. - Match mli module order in the implementation. - Move some functions that operate on domains from RacerD.ml to the domain file. - Kill some module type invocation. - Use standard module signatures. Reviewed By: mbouaziz Differential Revision: D8026386 fbshipit-source-id: ee2af22
7 years ago
include PrettyPrintable.PrintableOrderedType with type t := t
[thread-safety] add choice variables to support partial path-sensitivity Reviewed By: peterogithub Differential Revision: D4712228 fbshipit-source-id: 50a9188
8 years ago
end
[thread-safety] use map of access paths to attributes rather than multiple sets of access paths Summary: This will make it a cinch to track new "attributes" of memory locations, and to propagate more complex attributes such as conditional ownership (coming in a future diff). Reviewed By: peterogithub Differential Revision: D4523143 fbshipit-source-id: 57aa133
8 years ago
module Attribute : sig
type t =
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
| Functional (** holds a value returned from a callee marked @Functional *)
| Choice of Choice.t (** holds a boolean choice variable *)
[thread-safety] use map of access paths to attributes rather than multiple sets of access paths Summary: This will make it a cinch to track new "attributes" of memory locations, and to propagate more complex attributes such as conditional ownership (coming in a future diff). Reviewed By: peterogithub Differential Revision: D4523143 fbshipit-source-id: 57aa133
8 years ago
[racerd] reorg domain module Summary: - Reorder modules in mli for readability. - Match mli module order in the implementation. - Move some functions that operate on domains from RacerD.ml to the domain file. - Kill some module type invocation. - Use standard module signatures. Reviewed By: mbouaziz Differential Revision: D8026386 fbshipit-source-id: ee2af22
7 years ago
include PrettyPrintable.PrintableOrderedType with type t := t
[thread-safety] use map of access paths to attributes rather than multiple sets of access paths Summary: This will make it a cinch to track new "attributes" of memory locations, and to propagate more complex attributes such as conditional ownership (coming in a future diff). Reviewed By: peterogithub Differential Revision: D4523143 fbshipit-source-id: 57aa133
8 years ago
end
[absint] make InvertedSet/InvertedMap functors consistent non-inverted versions Reviewed By: mbouaziz Differential Revision: D5879318 fbshipit-source-id: 278e5ad
8 years ago
module AttributeSetDomain : module type of AbstractDomain.InvertedSet (Attribute)
[thread-safety] use map of access paths to attributes rather than multiple sets of access paths Summary: This will make it a cinch to track new "attributes" of memory locations, and to propagate more complex attributes such as conditional ownership (coming in a future diff). Reviewed By: peterogithub Differential Revision: D4523143 fbshipit-source-id: 57aa133
8 years ago
module AttributeMapDomain : sig
[absint] make InvertedSet/InvertedMap functors consistent non-inverted versions Reviewed By: mbouaziz Differential Revision: D5879318 fbshipit-source-id: 278e5ad
8 years ago
include module type of AbstractDomain.InvertedMap (AccessPath) (AttributeSetDomain)
[thread-safety] use map of access paths to attributes rather than multiple sets of access paths Summary: This will make it a cinch to track new "attributes" of memory locations, and to propagate more complex attributes such as conditional ownership (coming in a future diff). Reviewed By: peterogithub Differential Revision: D4523143 fbshipit-source-id: 57aa133
8 years ago
[thread-safety] more precise ownership domain Summary: We previously lumped ownership predicates in with all other predicates. That limited us to a flat ownership domain. This diff separates out the ownership predicates so we can have a richer lattice of predicates with each access path. This lets us be more precise; for example, we can now show that ``` needToOwnBothParams(Obj o1, Obj o2) { Obj alias; if (*) { alias = o1; } else { alias = o2; } alias.f = ... // both o1 and o2 need to be owned for this to be safe } void ownBothParamsOk() { needToOwnBothParams(new Obj(), new Obj()); // ok, would have complained before } ``` is safe. Reviewed By: jberdine Differential Revision: D5589898 fbshipit-source-id: 9606a46
8 years ago
val add : AccessPath.t -> AttributeSetDomain.astate -> astate -> astate
[thread-safety] use map of access paths to attributes rather than multiple sets of access paths Summary: This will make it a cinch to track new "attributes" of memory locations, and to propagate more complex attributes such as conditional ownership (coming in a future diff). Reviewed By: peterogithub Differential Revision: D4523143 fbshipit-source-id: 57aa133
8 years ago
[thread-safety] more precise ownership domain Summary: We previously lumped ownership predicates in with all other predicates. That limited us to a flat ownership domain. This diff separates out the ownership predicates so we can have a richer lattice of predicates with each access path. This lets us be more precise; for example, we can now show that ``` needToOwnBothParams(Obj o1, Obj o2) { Obj alias; if (*) { alias = o1; } else { alias = o2; } alias.f = ... // both o1 and o2 need to be owned for this to be safe } void ownBothParamsOk() { needToOwnBothParams(new Obj(), new Obj()); // ok, would have complained before } ``` is safe. Reviewed By: jberdine Differential Revision: D5589898 fbshipit-source-id: 9606a46
8 years ago
val has_attribute : AccessPath.t -> Attribute.t -> astate -> bool
[thread-safety] add callee write as protected-if if it's conditionally owned in caller Reviewed By: peterogithub Differential Revision: D4660606 fbshipit-source-id: 8e523c9
8 years ago
[access paths] make raw access paths the default, move abstraction into AccessPath.Abs module Summary: It's nice to have "raw" as the default kind of access path, since it's used much more often than the abstraction. This is also a prereq for supporting index expressions in access paths, since we'll need mutual recursion between accesses and access paths. Reviewed By: jeremydubreil Differential Revision: D5529807 fbshipit-source-id: cb3f521
8 years ago
val get_choices : AccessPath.t -> astate -> Choice.t list
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
(** get the choice attributes associated with the given access path *)
[thread-safety] add choice variables to support partial path-sensitivity Reviewed By: peterogithub Differential Revision: D4712228 fbshipit-source-id: 50a9188
8 years ago
[access paths] make raw access paths the default, move abstraction into AccessPath.Abs module Summary: It's nice to have "raw" as the default kind of access path, since it's used much more often than the abstraction. This is also a prereq for supporting index expressions in access paths, since we'll need mutual recursion between accesses and access paths. Reviewed By: jeremydubreil Differential Revision: D5529807 fbshipit-source-id: cb3f521
8 years ago
val add_attribute : AccessPath.t -> Attribute.t -> astate -> astate
[threadsafety] record threaded information alongside accesses and use disjunction for thread join Summary: Using Conjunction for thread join has known false negatives. Finer grained recording of threading information fixes this. Reviewed By: sblackshear Differential Revision: D5111161 fbshipit-source-id: aab483c
8 years ago
[racerd] reorg domain module Summary: - Reorder modules in mli for readability. - Match mli module order in the implementation. - Move some functions that operate on domains from RacerD.ml to the domain file. - Kill some module type invocation. - Use standard module signatures. Reviewed By: mbouaziz Differential Revision: D8026386 fbshipit-source-id: ee2af22
7 years ago
val propagate_assignment : AccessPath.t -> HilExp.t -> astate -> astate
(** propagate attributes from the leaves to the root of an RHS Hil expression *)
[thread-safety] AccessDomain for better tracking of writes Summary: In order to be able to report races like ``` synchronized write() { this.f = ... } read() { return this.f; } ``` , we need to track writes that happen inside of synchronization as well as writes that happen outside of synchronization. This diff takes a step toward making that possible by defining an "AccessDomain" mapping a precondition for the safety of a write ( {Safe, SafeIf i, Unsafe} =~ {true, owned(i), false} ) to a set of writes that are safe if the precondition will hold. We're not actually tracking safe writes yet, but this domain will make it easy to do so. This also lets us kill the conditional writes/unconditional writes combo, which was a bit clumsy Reviewed By: peterogithub Differential Revision: D4620153 fbshipit-source-id: 2d9c5ef
8 years ago
end
[racerd] Instrumenting the concurrency analysis with tracking of access path stability. Reviewed By: sblackshear Differential Revision: D6414244 fbshipit-source-id: d2acc16
7 years ago
module StabilityDomain : sig
[RacerD] Fix stability implementation Summary: - Do not add actuals of a call as unstable. - Replace access trie with simple set of paths, which is easier to debug/argue correct. - Fix bug where a prefix path was searched, as opposed to a *proper* prefix. - Restrict interface to the minimum so that alternative implementations are easier. Reviewed By: ilyasergey Differential Revision: D8573792 fbshipit-source-id: 4c4e174
7 years ago
include AbstractDomain.WithBottom
[racerd] Instrumenting the concurrency analysis with tracking of access path stability. Reviewed By: sblackshear Differential Revision: D6414244 fbshipit-source-id: d2acc16
7 years ago
[RacerD] Fix stability implementation Summary: - Do not add actuals of a call as unstable. - Replace access trie with simple set of paths, which is easier to debug/argue correct. - Fix bug where a prefix path was searched, as opposed to a *proper* prefix. - Restrict interface to the minimum so that alternative implementations are easier. Reviewed By: ilyasergey Differential Revision: D8573792 fbshipit-source-id: 4c4e174
7 years ago
val add_assign : AccessPath.t -> HilExp.t -> astate -> astate
[racerd] Instrumenting the concurrency analysis with tracking of access path stability. Reviewed By: sblackshear Differential Revision: D6414244 fbshipit-source-id: d2acc16
7 years ago
[RacerD] Fix stability implementation Summary: - Do not add actuals of a call as unstable. - Replace access trie with simple set of paths, which is easier to debug/argue correct. - Fix bug where a prefix path was searched, as opposed to a *proper* prefix. - Restrict interface to the minimum so that alternative implementations are easier. Reviewed By: ilyasergey Differential Revision: D8573792 fbshipit-source-id: 4c4e174
7 years ago
val add_path : AccessPath.t -> astate -> astate
[racerd] Instrumenting the concurrency analysis with tracking of access path stability. Reviewed By: sblackshear Differential Revision: D6414244 fbshipit-source-id: d2acc16
7 years ago
[RacerD] Fix stability implementation Summary: - Do not add actuals of a call as unstable. - Replace access trie with simple set of paths, which is easier to debug/argue correct. - Fix bug where a prefix path was searched, as opposed to a *proper* prefix. - Restrict interface to the minimum so that alternative implementations are easier. Reviewed By: ilyasergey Differential Revision: D8573792 fbshipit-source-id: 4c4e174
7 years ago
val exists_proper_prefix : AccessPath.t -> astate -> bool
[racerd] More precise traking of LHS when calling a method for stability checking in RacerD. Reviewed By: ngorogiannis Differential Revision: D7043348 fbshipit-source-id: a9de063
7 years ago
[RacerD] Fix stability implementation Summary: - Do not add actuals of a call as unstable. - Replace access trie with simple set of paths, which is easier to debug/argue correct. - Fix bug where a prefix path was searched, as opposed to a *proper* prefix. - Restrict interface to the minimum so that alternative implementations are easier. Reviewed By: ilyasergey Differential Revision: D8573792 fbshipit-source-id: 4c4e174
7 years ago
val integrate_summary :
HilExp.t list -> Procdesc.t option -> callee:astate -> caller:astate -> astate
[racerd] Instrumenting the concurrency analysis with tracking of access path stability. Reviewed By: sblackshear Differential Revision: D6414244 fbshipit-source-id: d2acc16
7 years ago
end
[thread-safety][cleanup] add mli for ThreadSafetyDomain Reviewed By: peterogithub Differential Revision: D4452608 fbshipit-source-id: 1761045
8 years ago
type astate =
[thread-safety][cleanup] get rid of thumbs_up Summary: Not using this for now, and it seems good to simplify the complex domain as much as we can. Reviewed By: jberdine Differential Revision: D5970233 fbshipit-source-id: a451503
8 years ago
{ threads: ThreadsDomain.astate (** current thread: main, background, or unknown *)
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
; locks: LocksDomain.astate (** boolean that is true if a lock must currently be held *)
; accesses: AccessDomain.astate
(** read and writes accesses performed without ownership permissions *)
[thread-safety] more precise ownership domain Summary: We previously lumped ownership predicates in with all other predicates. That limited us to a flat ownership domain. This diff separates out the ownership predicates so we can have a richer lattice of predicates with each access path. This lets us be more precise; for example, we can now show that ``` needToOwnBothParams(Obj o1, Obj o2) { Obj alias; if (*) { alias = o1; } else { alias = o2; } alias.f = ... // both o1 and o2 need to be owned for this to be safe } void ownBothParamsOk() { needToOwnBothParams(new Obj(), new Obj()); // ok, would have complained before } ``` is safe. Reviewed By: jberdine Differential Revision: D5589898 fbshipit-source-id: 9606a46
8 years ago
; ownership: OwnershipDomain.astate (** map of access paths to ownership predicates *)
Convert Reason to OCaml, and auto-format OCaml Summary: Conversion and reformat of infer source using ocamlformat auto-formatting tool. Current status: - Because Reason does not handle docstrings, the output of the conversion is not 'Warning 50'-clean, meaning that there are docstrings with ambiguous placement. I'll need to manually fix them just before landing. Reviewed By: jvillard Differential Revision: D5225546 fbshipit-source-id: 3bd2786
8 years ago
; attribute_map: AttributeMapDomain.astate
[racerd] Instrumenting the concurrency analysis with tracking of access path stability. Reviewed By: sblackshear Differential Revision: D6414244 fbshipit-source-id: d2acc16
7 years ago
(** map of access paths to attributes such as owned, functional, ... *)
; wobbly_paths: StabilityDomain.astate
(** Record the "touched" paths that can compromise the race detection **) }
[thread-safety][cleanup] add mli for ThreadSafetyDomain Reviewed By: peterogithub Differential Revision: D4452608 fbshipit-source-id: 1761045
8 years ago
[thread-safety][cleanup] use record for summary type Reviewed By: peterogithub Differential Revision: D5636060 fbshipit-source-id: 5e25a28
8 years ago
(** same as astate, but without [attribute_map] (since these involve locals) and with the addition
of the ownership/attributes associated with the return value as well as the set of formals which
may escape *)
[hil] functor for easily creating HIL analyses Summary: Last step for converting thread-safety and quandary to HIL. Push the logic for managing the id map and converting the instructions into a functor. This way, client analyses can simply write HIL transfer functions and call the functor. Reviewed By: jberdine Differential Revision: D4989987 fbshipit-source-id: 485169e
8 years ago
type summary =
[thread-safety][cleanup] get rid of thumbs_up Summary: Not using this for now, and it seems good to simplify the complex domain as much as we can. Reviewed By: jberdine Differential Revision: D5970233 fbshipit-source-id: a451503
8 years ago
{ threads: ThreadsDomain.astate
[thread-safety][cleanup] use record for summary type Reviewed By: peterogithub Differential Revision: D5636060 fbshipit-source-id: 5e25a28
8 years ago
; locks: LocksDomain.astate
; accesses: AccessDomain.astate
; return_ownership: OwnershipAbstractValue.astate
[racerd] Instrumenting the concurrency analysis with tracking of access path stability. Reviewed By: sblackshear Differential Revision: D6414244 fbshipit-source-id: d2acc16
7 years ago
; return_attributes: AttributeSetDomain.astate
; wobbly_paths: StabilityDomain.astate }
[thread-safety][cleanup] add mli for ThreadSafetyDomain Reviewed By: peterogithub Differential Revision: D4452608 fbshipit-source-id: 1761045
8 years ago
[racerd] detect ObjC "private" methods Summary: To avoid reporting on private methods, ignore those starting with underscore. Other cleanups. Reviewed By: jvillard Differential Revision: D10558970 fbshipit-source-id: 0572f1e70
6 years ago
val empty_summary : summary
[thread-safety][cleanup] add mli for ThreadSafetyDomain Reviewed By: peterogithub Differential Revision: D4452608 fbshipit-source-id: 1761045
8 years ago
include AbstractDomain.WithBottom with type astate := astate
val pp_summary : F.formatter -> summary -> unit