From 081455278d9abd1e30c531679f98343202d4a388 Mon Sep 17 00:00:00 2001 From: Josh Berdine Date: Wed, 16 Oct 2019 05:22:34 -0700 Subject: [PATCH] [sledge] Do not explore exceptional control flow by default Summary: The frontend translation of exceptional control flow is untrusted enough that it makes sense to disable it by default. Reviewed By: bennostein Differential Revision: D16061018 fbshipit-source-id: 65dca36ae --- sledge/sledge-help.txt | 6 +++--- sledge/src/sledge.ml | 7 ++++--- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/sledge/sledge-help.txt b/sledge/sledge-help.txt index 9001591a0..0e2d76e39 100644 --- a/sledge/sledge-help.txt +++ b/sledge/sledge-help.txt @@ -50,6 +50,7 @@ Analyze code in a buck target. This is a convenience wrapper for the sequence `s [-domain ] select abstract domain; must be one of "sh" (default, symbolic heap domain), "globals" (used-globals domain), or "unit" (unit domain) + [-exceptions] explore executions that throw and handle exceptions [-function-summaries] use function summaries (in development) [-fuzzer] add a harness for libFuzzer targets [-llair-output ] write generated LLAIR to @@ -61,7 +62,6 @@ Analyze code in a buck target. This is a convenience wrapper for the sequence `s [-no-models] do not add models for C/C++ runtime and standard libraries [-preanalyze-globals] pre-analyze global variables used by each function - [-skip-throw] do not explore past throwing an exception [-trace ] enable debug tracing [-help] print this help text and exit (alias: -?) @@ -137,6 +137,7 @@ Analyze code in one or more LLVM bitcode files. This is a convenience wrapper fo [-domain ] select abstract domain; must be one of "sh" (default, symbolic heap domain), "globals" (used-globals domain), or "unit" (unit domain) + [-exceptions] explore executions that throw and handle exceptions [-function-summaries] use function summaries (in development) [-fuzzer] add a harness for libFuzzer targets [-llair-output ] write generated LLAIR to @@ -146,7 +147,6 @@ Analyze code in one or more LLVM bitcode files. This is a convenience wrapper fo [-no-models] do not add models for C/C++ runtime and standard libraries [-preanalyze-globals] pre-analyze global variables used by each function - [-skip-throw] do not explore past throwing an exception [-trace ] enable debug tracing [-help] print this help text and exit (alias: -?) @@ -190,10 +190,10 @@ The file must be binary LLAIR, such as produced by `sledge translate`. [-domain ] select abstract domain; must be one of "sh" (default, symbolic heap domain), "globals" (used-globals domain), or "unit" (unit domain) + [-exceptions] explore executions that throw and handle exceptions [-function-summaries] use function summaries (in development) [-margin ] wrap debug tracing at columns [-preanalyze-globals] pre-analyze global variables used by each function - [-skip-throw] do not explore past throwing an exception [-trace ] enable debug tracing [-help] print this help text and exit (alias: -?) diff --git a/sledge/src/sledge.ml b/sledge/src/sledge.ml index cd6d50e86..32bf67fcf 100644 --- a/sledge/src/sledge.ml +++ b/sledge/src/sledge.ml @@ -90,9 +90,9 @@ let analyze = flag "bound" (optional_with_default 1 int) ~doc:" stop execution exploration at depth " - and skip_throw = - flag "skip-throw" no_arg - ~doc:"do not explore past throwing an exception" + and exceptions = + flag "exceptions" no_arg + ~doc:"explore executions that throw and handle exceptions" and function_summaries = flag "function-summaries" no_arg ~doc:"use function summaries (in development)" @@ -114,6 +114,7 @@ let analyze = fun program () -> let pgm = program () in let globals = used_globals pgm preanalyze_globals in + let skip_throw = not exceptions in exec {bound; skip_throw; function_summaries; globals} pgm let analyze_cmd =