[biabduction] Rename use_after_free to avoid name clash with Pulse

Summary: Use_after_free was used both for biabduction and pulse, and the biabduction version is blacklisted by default. As a result, the Pulse version was also disabled unintentionally. This changes the name of the old use_after_free so that now we can get use_after_free bugs whenever pulse is enabled.

Reviewed By: skcho

Differential Revision: D17182687

fbshipit-source-id: 539ca69de
master
Dulma Churchill 5 years ago committed by Facebook Github Bot
parent 5ee59cea23
commit 27ea5d041b

@ -333,6 +333,7 @@ OPTIONS
Abduction_case_not_implemented (enabled by default), Abduction_case_not_implemented (enabled by default),
Array_of_pointsto (enabled by default), Array_of_pointsto (enabled by default),
Assert_failure (enabled by default), Assert_failure (enabled by default),
BIABD_USE_AFTER_FREE (enabled by default),
BUFFER_OVERRUN_L1 (enabled by default), BUFFER_OVERRUN_L1 (enabled by default),
BUFFER_OVERRUN_L2 (enabled by default), BUFFER_OVERRUN_L2 (enabled by default),
BUFFER_OVERRUN_L3 (enabled by default), BUFFER_OVERRUN_L3 (enabled by default),

@ -82,6 +82,7 @@ OPTIONS
Abduction_case_not_implemented (enabled by default), Abduction_case_not_implemented (enabled by default),
Array_of_pointsto (enabled by default), Array_of_pointsto (enabled by default),
Assert_failure (enabled by default), Assert_failure (enabled by default),
BIABD_USE_AFTER_FREE (enabled by default),
BUFFER_OVERRUN_L1 (enabled by default), BUFFER_OVERRUN_L1 (enabled by default),
BUFFER_OVERRUN_L2 (enabled by default), BUFFER_OVERRUN_L2 (enabled by default),
BUFFER_OVERRUN_L3 (enabled by default), BUFFER_OVERRUN_L3 (enabled by default),

@ -333,6 +333,7 @@ OPTIONS
Abduction_case_not_implemented (enabled by default), Abduction_case_not_implemented (enabled by default),
Array_of_pointsto (enabled by default), Array_of_pointsto (enabled by default),
Assert_failure (enabled by default), Assert_failure (enabled by default),
BIABD_USE_AFTER_FREE (enabled by default),
BUFFER_OVERRUN_L1 (enabled by default), BUFFER_OVERRUN_L1 (enabled by default),
BUFFER_OVERRUN_L2 (enabled by default), BUFFER_OVERRUN_L2 (enabled by default),
BUFFER_OVERRUN_L3 (enabled by default), BUFFER_OVERRUN_L3 (enabled by default),

@ -43,6 +43,8 @@ exception Array_of_pointsto of L.ocaml_pos
exception Bad_footprint of L.ocaml_pos exception Bad_footprint of L.ocaml_pos
exception Biabd_use_after_free of Localise.error_desc * L.ocaml_pos
exception Cannot_star of L.ocaml_pos exception Cannot_star of L.ocaml_pos
exception Class_cast_exception of Localise.error_desc * L.ocaml_pos exception Class_cast_exception of Localise.error_desc * L.ocaml_pos
@ -128,8 +130,6 @@ exception Unknown_proc
exception Unsafe_guarded_by_access of Localise.error_desc * L.ocaml_pos exception Unsafe_guarded_by_access of Localise.error_desc * L.ocaml_pos
exception Use_after_free of Localise.error_desc * L.ocaml_pos
exception Wrong_argument_number of L.ocaml_pos exception Wrong_argument_number of L.ocaml_pos
type t = type t =
@ -201,6 +201,13 @@ let recognize_exception exn =
; visibility= Exn_developer ; visibility= Exn_developer
; severity= None ; severity= None
; category= Nocat } ; category= Nocat }
| Biabd_use_after_free (desc, ocaml_pos) ->
{ name= IssueType.biabd_use_after_free
; description= desc
; ocaml_pos= Some ocaml_pos
; visibility= Exn_user
; severity= None
; category= Prover }
| Cannot_star ocaml_pos -> | Cannot_star ocaml_pos ->
{ name= IssueType.cannot_star { name= IssueType.cannot_star
; description= Localise.no_desc ; description= Localise.no_desc
@ -533,13 +540,6 @@ let recognize_exception exn =
; visibility= Exn_user ; visibility= Exn_user
; severity= None ; severity= None
; category= Prover } ; category= Prover }
| Use_after_free (desc, ocaml_pos) ->
{ name= IssueType.use_after_free
; description= desc
; ocaml_pos= Some ocaml_pos
; visibility= Exn_user
; severity= None
; category= Prover }
| Wrong_argument_number ocaml_pos -> | Wrong_argument_number ocaml_pos ->
{ name= IssueType.wrong_argument_number { name= IssueType.wrong_argument_number
; description= Localise.no_desc ; description= Localise.no_desc

@ -43,6 +43,8 @@ exception Array_out_of_bounds_l3 of Localise.error_desc * Logging.ocaml_pos
exception Bad_footprint of Logging.ocaml_pos exception Bad_footprint of Logging.ocaml_pos
exception Biabd_use_after_free of Localise.error_desc * Logging.ocaml_pos
exception Cannot_star of Logging.ocaml_pos exception Cannot_star of Logging.ocaml_pos
exception Class_cast_exception of Localise.error_desc * Logging.ocaml_pos exception Class_cast_exception of Localise.error_desc * Logging.ocaml_pos
@ -134,8 +136,6 @@ exception Unknown_proc
exception Unsafe_guarded_by_access of Localise.error_desc * Logging.ocaml_pos exception Unsafe_guarded_by_access of Localise.error_desc * Logging.ocaml_pos
exception Use_after_free of Localise.error_desc * Logging.ocaml_pos
exception Wrong_argument_number of Logging.ocaml_pos exception Wrong_argument_number of Logging.ocaml_pos
val severity_string : severity -> string val severity_string : severity -> string

@ -152,7 +152,7 @@ let should_report (issue_kind : Exceptions.severity) issue_type error_desc eclas
; parameter_not_null_checked ; parameter_not_null_checked
; premature_nil_termination ; premature_nil_termination
; empty_vector_access ; empty_vector_access
; use_after_free ] ; biabd_use_after_free ]
in in
List.mem ~equal:IssueType.equal null_deref_issue_types issue_type List.mem ~equal:IssueType.equal null_deref_issue_types issue_type
in in

@ -442,6 +442,8 @@ let use_after_delete = register_from_string "USE_AFTER_DELETE"
let use_after_free = register_from_string "USE_AFTER_FREE" let use_after_free = register_from_string "USE_AFTER_FREE"
let biabd_use_after_free = register_from_string "BIABD_USE_AFTER_FREE"
let use_after_lifetime = register_from_string "USE_AFTER_LIFETIME" let use_after_lifetime = register_from_string "USE_AFTER_LIFETIME"
let user_controlled_sql_risk = register_from_string "USER_CONTROLLED_SQL_RISK" let user_controlled_sql_risk = register_from_string "USER_CONTROLLED_SQL_RISK"

@ -53,6 +53,8 @@ val assert_failure : t
val bad_footprint : t val bad_footprint : t
val biabd_use_after_free : t
val buffer_overrun_l1 : t val buffer_overrun_l1 : t
val buffer_overrun_l2 : t val buffer_overrun_l2 : t

@ -1633,7 +1633,7 @@ let check_dereference_error tenv pdesc (prop : Prop.normal Prop.t) lexp loc =
| Some (Apred (Aresource ({ra_kind= Rrelease} as ra), _)) -> | Some (Apred (Aresource ({ra_kind= Rrelease} as ra), _)) ->
let deref_str = Localise.deref_str_freed ra in let deref_str = Localise.deref_str_freed ra in
let err_desc = Errdesc.explain_dereference pname tenv ~use_buckets:true deref_str prop loc in let err_desc = Errdesc.explain_dereference pname tenv ~use_buckets:true deref_str prop loc in
raise (Exceptions.Use_after_free (err_desc, __POS__)) raise (Exceptions.Biabd_use_after_free (err_desc, __POS__))
| _ -> | _ ->
if Prover.check_equal tenv Prop.prop_emp (Exp.root_of_lexp root) Exp.minus_one then if Prover.check_equal tenv Prop.prop_emp (Exp.root_of_lexp root) Exp.minus_one then
let deref_str = Localise.deref_str_dangling None in let deref_str = Localise.deref_str_dangling None in

@ -1359,7 +1359,7 @@ let exe_call_postprocess tenv ret_id trace_call callee_pname callee_attrs loc re
| Dereference_error (Deref_freed _, desc, path_opt) -> | Dereference_error (Deref_freed _, desc, path_opt) ->
trace_call CR_not_met ; trace_call CR_not_met ;
extend_path path_opt None ; extend_path path_opt None ;
raise (Exceptions.Use_after_free (desc, __POS__)) raise (Exceptions.Biabd_use_after_free (desc, __POS__))
| Dereference_error (Deref_undef (_, _, pos), desc, path_opt) -> | Dereference_error (Deref_undef (_, _, pos), desc, path_opt) ->
trace_call CR_not_met ; trace_call CR_not_met ;
extend_path path_opt (Some pos) ; extend_path path_opt (Some pos) ;

@ -135,9 +135,9 @@ codetoanalyze/cpp/errors/types/typeid_expr.cpp, person_typeid_name, 8, DIVIDE_BY
codetoanalyze/cpp/errors/types/typeid_expr.cpp, template_type_id_person, 2, MEMORY_LEAK, CPP, ERROR, [start of procedure template_type_id_person(),start of procedure Person,return from a call to Person::Person,Skipping template_typeid<Person>(): empty list of specs] codetoanalyze/cpp/errors/types/typeid_expr.cpp, template_type_id_person, 2, MEMORY_LEAK, CPP, ERROR, [start of procedure template_type_id_person(),start of procedure Person,return from a call to Person::Person,Skipping template_typeid<Person>(): empty list of specs]
codetoanalyze/cpp/errors/types/typeid_expr.cpp, template_type_id_person, 5, DIVIDE_BY_ZERO, no_bucket, ERROR, [start of procedure template_type_id_person(),start of procedure Person,return from a call to Person::Person,Taking false branch] codetoanalyze/cpp/errors/types/typeid_expr.cpp, template_type_id_person, 5, DIVIDE_BY_ZERO, no_bucket, ERROR, [start of procedure template_type_id_person(),start of procedure Person,return from a call to Person::Person,Taking false branch]
codetoanalyze/cpp/errors/types/typeid_expr.cpp, template_typeid<Person>, 2, MEMORY_LEAK, CPP, ERROR, [start of procedure template_typeid<Person>(),start of procedure Person,return from a call to Person::Person,start of procedure Person,return from a call to Person::Person,start of procedure ~Person,start of procedure __infer_inner_destructor_~Person,return from a call to Person::__infer_inner_destructor_~Person,return from a call to Person::~Person,start of procedure ~Person,start of procedure __infer_inner_destructor_~Person,return from a call to Person::__infer_inner_destructor_~Person,return from a call to Person::~Person] codetoanalyze/cpp/errors/types/typeid_expr.cpp, template_typeid<Person>, 2, MEMORY_LEAK, CPP, ERROR, [start of procedure template_typeid<Person>(),start of procedure Person,return from a call to Person::Person,start of procedure Person,return from a call to Person::Person,start of procedure ~Person,start of procedure __infer_inner_destructor_~Person,return from a call to Person::__infer_inner_destructor_~Person,return from a call to Person::~Person,start of procedure ~Person,start of procedure __infer_inner_destructor_~Person,return from a call to Person::__infer_inner_destructor_~Person,return from a call to Person::~Person]
codetoanalyze/cpp/errors/use_after_free/foreach_map.cpp, use_after_free::Basic::test_double_delete_bad, 3, USE_AFTER_FREE, B1, ERROR, [start of procedure test_double_delete_bad,Skipping Y: method has no implementation] codetoanalyze/cpp/errors/use_after_free/foreach_map.cpp, use_after_free::Basic::test_double_delete_bad, 3, BIABD_USE_AFTER_FREE, B1, ERROR, [start of procedure test_double_delete_bad,Skipping Y: method has no implementation]
codetoanalyze/cpp/errors/use_after_free/foreach_map.cpp, use_after_free::Basic::test_for_map_delete_ok_FP, 2, USE_AFTER_FREE, B5, ERROR, [start of procedure test_for_map_delete_ok_FP,Loop condition is true. Entering loop body,Skipping operator*: method has no implementation,Loop condition is true. Entering loop body,Skipping operator*: method has no implementation] codetoanalyze/cpp/errors/use_after_free/foreach_map.cpp, use_after_free::Basic::test_for_map_delete_ok_FP, 2, BIABD_USE_AFTER_FREE, B5, ERROR, [start of procedure test_for_map_delete_ok_FP,Loop condition is true. Entering loop body,Skipping operator*: method has no implementation,Loop condition is true. Entering loop body,Skipping operator*: method has no implementation]
codetoanalyze/cpp/errors/use_after_free/foreach_map.cpp, use_after_free::Basic::test_for_umap_delete_ok_FP, 2, USE_AFTER_FREE, B5, ERROR, [start of procedure test_for_umap_delete_ok_FP,Loop condition is true. Entering loop body,Skipping operator*: method has no implementation,Loop condition is true. Entering loop body,Skipping operator*: method has no implementation] codetoanalyze/cpp/errors/use_after_free/foreach_map.cpp, use_after_free::Basic::test_for_umap_delete_ok_FP, 2, BIABD_USE_AFTER_FREE, B5, ERROR, [start of procedure test_for_umap_delete_ok_FP,Loop condition is true. Entering loop body,Skipping operator*: method has no implementation,Loop condition is true. Entering loop body,Skipping operator*: method has no implementation]
codetoanalyze/cpp/errors/vector/empty_access.cpp, ERROR_vector_as_param_by_value_clear_ok, 2, Cannot_star, no_bucket, ERROR, [start of procedure ERROR_vector_as_param_by_value_clear_ok(),Skipping vector: method has no implementation,Skipping vector: method has no implementation] codetoanalyze/cpp/errors/vector/empty_access.cpp, ERROR_vector_as_param_by_value_clear_ok, 2, Cannot_star, no_bucket, ERROR, [start of procedure ERROR_vector_as_param_by_value_clear_ok(),Skipping vector: method has no implementation,Skipping vector: method has no implementation]
codetoanalyze/cpp/errors/vector/empty_access.cpp, ERROR_vector_as_param_by_value_empty_bad, 2, Cannot_star, no_bucket, ERROR, [start of procedure ERROR_vector_as_param_by_value_empty_bad(),Skipping vector: method has no implementation,Skipping vector: method has no implementation] codetoanalyze/cpp/errors/vector/empty_access.cpp, ERROR_vector_as_param_by_value_empty_bad, 2, Cannot_star, no_bucket, ERROR, [start of procedure ERROR_vector_as_param_by_value_empty_bad(),Skipping vector: method has no implementation,Skipping vector: method has no implementation]
codetoanalyze/cpp/errors/vector/empty_access.cpp, ERROR_vector_as_param_empty_bad, 2, Cannot_star, no_bucket, ERROR, [start of procedure ERROR_vector_as_param_empty_bad(),Skipping vector: method has no implementation] codetoanalyze/cpp/errors/vector/empty_access.cpp, ERROR_vector_as_param_empty_bad, 2, Cannot_star, no_bucket, ERROR, [start of procedure ERROR_vector_as_param_empty_bad(),Skipping vector: method has no implementation]

Loading…
Cancel
Save