[topl] Parser for temporal properties

Summary: TOPL properties are essentially automata, which specify a bad pattern. This commit is just a parser for them. Reviewed By: jvillard Differential Revision: D14477671 fbshipit-source-id: c38a8ef37
6 years ago · 8bf65086e3
parent 0a9c77e779
commit 8bf65086e3
16 changed files with 320 additions and 2 deletions
--- a/1
+++ b/1
@ -141,6 +141,7 @@ DIRECT_TESTS += \
  java_quandary \
  java_racerd \
  java_starvation \
+  java_topl \
  java_tracing \

 ifneq ($(ANT),no)
--- a/infer/man/man1/infer-full.txt
+++ b/infer/man/man1/infer-full.txt
@ -1485,6 +1485,13 @@ INTERNAL OPTIONS
           Activates: Mode for testing, where no headers are translated, and
           dot files are created (clang only) (Conversely: --no-testing-mode)

+       --topl-properties +path
+           [EXPERIMENTAL] Specify a file containing a temporal property
+           definition (e.g., jdk.topl).
+
+       --topl-properties-reset
+           Set --topl-properties to the empty list.
+
       --trace-error
           Activates: Detailed tracing information during error explanation
           (Conversely: --no-trace-error)
--- a/infer/src/base/Config.ml
+++ b/infer/src/base/Config.ml
@ -2136,6 +2136,11 @@ and test_filtering =
    "List all the files Infer can report on (should be called from the root of the project)"


+and topl_properties =
+  CLOpt.mk_path_list ~default:[] ~long:"topl-properties"
+    "[EXPERIMENTAL] Specify a file containing a temporal property definition (e.g., jdk.topl)."
+
+
 and profiler_samples =
  CLOpt.mk_path_opt ~long:"profiler-samples"
    "File containing the profiler samples when Infer is run Test Determinator mode with \
@ -2989,6 +2994,8 @@ and testing_mode = !testing_mode

 and threadsafe_aliases = !threadsafe_aliases

+and topl_properties = !topl_properties
+
 and trace_error = !trace_error

 and trace_events = !trace_events
--- a/infer/src/base/Config.mli
+++ b/infer/src/base/Config.mli
@ -654,6 +654,8 @@ val racerd : bool

 val threadsafe_aliases : Yojson.Basic.json

+val topl_properties : string list
+
 val trace_error : bool

 val trace_events : bool
--- a/infer/src/biabduction/interproc.ml
+++ b/infer/src/biabduction/interproc.ml
@ -1257,6 +1257,7 @@ let analyze_procedure_aux summary exe_env tenv proc_desc : Summary.t =
 let analyze_procedure {Callbacks.summary; proc_desc; tenv; exe_env} : Summary.t =
  (* make sure models have been registered *)
  BuiltinDefn.init () ;
+  if not (List.is_empty Config.topl_properties) then Topl.init () ;
  try analyze_procedure_aux summary exe_env tenv proc_desc with exn ->
    IExn.reraise_if exn ~f:(fun () -> not (Exceptions.handle_exception exn)) ;
    Reporting.log_error_using_state summary exn ;
--- a/infer/src/deadcode/Makefile
+++ b/infer/src/deadcode/Makefile
@ -46,7 +46,7 @@ depend:
 	ocamldep -native \
 	  -I IR -I absint -I atd -I backend -I base -I biabduction -I bufferoverrun -I checkers \
 	  -I clang -I concurrency -I facebook -I integration -I istd -I java \
-	  -I labs -I nullsafe -I quandary -I unit -I unit/clang -I deadcode \
+	  -I labs -I nullsafe -I quandary -I topl -I unit -I unit/clang -I deadcode \
 	   $(ml_src_files) > deadcode/.depend

 # circular dependency... not sure how to fix properly
--- a/infer/src/dune.in
+++ b/infer/src/dune.in
@ -23,6 +23,7 @@ let source_dirs =
       ; "labs"
       ; "nullsafe"
       ; "quandary"
+       ; "topl"
       ; "unit" ] )


@ -50,7 +51,9 @@ let infer_cflags =
 let stanzas =
  ( if clang then ["(ocamllex types_lexer ctl_lexer)"; "(menhir (modules types_parser ctl_parser))"]
  else [] )
-  @ [ Format.sprintf
+  @ [ "(ocamllex ToplLexer)"
+    ; "(menhir (flags --unused-token INDENT) (modules ToplParser))"
+    ; Format.sprintf
        {|
 (library
 (name InferModules)
--- a/infer/src/topl/Topl.ml
+++ b/infer/src/topl/Topl.ml
@ -0,0 +1,30 @@
+(*
+ * Copyright (c) 2019-present, Facebook, Inc.
+ *
+ * This source code is licensed under the MIT license found in the
+ * LICENSE file in the root directory of this source tree.
+ *)
+
+open! IStd
+module L = Logging
+
+let initialized = ref false
+
+let properties = ref []
+
+let parse topl_file =
+  let f ch =
+    let lexbuf = Lexing.from_channel ch in
+    try ToplParser.properties (ToplLexer.token ()) lexbuf with ToplParser.Error ->
+      let Lexing.({pos_lnum; pos_bol; pos_cnum; _}) = Lexing.lexeme_start_p lexbuf in
+      let col = pos_cnum - pos_bol + 1 in
+      L.(die UserError) "@[%s:%d:%d: topl parse error@]@\n@?" topl_file pos_lnum col
+  in
+  try In_channel.with_file topl_file ~f with Sys_error msg ->
+    L.(die UserError) "@[topl:%s: %s@]@\n@?" topl_file msg
+
+
+let init () =
+  if not !initialized then (
+    properties := List.concat_map ~f:parse Config.topl_properties ;
+    initialized := true )
--- a/infer/src/topl/Topl.mli
+++ b/infer/src/topl/Topl.mli
@ -0,0 +1,11 @@
+(*
+ * Copyright (c) 2019-present, Facebook, Inc.
+ *
+ * This source code is licensed under the MIT license found in the
+ * LICENSE file in the root directory of this source tree.
+ *)
+
+open! IStd
+
+val init : unit -> unit
+(** Parse properties, mentioned by [Config.topl_properties]. Does this only once. *)
--- a/infer/src/topl/ToplAst.ml
+++ b/infer/src/topl/ToplAst.ml
@ -0,0 +1,33 @@
+(*
+ * Copyright (c) 2019-present, Facebook, Inc.
+ *
+ * This source code is licensed under the MIT license found in the
+ * LICENSE file in the root directory of this source tree.
+ *)
+
+open! IStd
+
+type register_name = string
+
+(** TODO: use Const.t *)
+type constant = string
+
+type value_pattern =
+  | Ignore
+  | SaveInRegister of register_name
+  | EqualToRegister of register_name
+  | EqualToConstant of constant
+
+(** a regular expression *)
+type procedure_name_pattern = string
+
+type label =
+  { return: value_pattern
+  ; procedure_name: procedure_name_pattern
+  ; arguments: value_pattern list option }
+
+type vertex = string
+
+type transition = {source: vertex; target: vertex; label: label}
+
+type t = {name: string; message: string option; prefixes: string list; transitions: transition list}
--- a/infer/src/topl/ToplLexer.mll
+++ b/infer/src/topl/ToplLexer.mll
@ -0,0 +1,76 @@
+(*
+ * Copyright (c) 2019-present, Facebook, Inc.
+ *
+ * This source code is licensed under the MIT license found in the
+ * LICENSE file in the root directory of this source tree.
+ *)
+{
+  open !IStd
+  open ToplParser
+
+  module L = Logging
+
+  let new_line x y lexbuf =
+    let m = x |> String.filter ~f:(Char.equal '\n') |> String.length in
+    let n = y |> String.length in
+    let open Lexing in
+    let lcp = lexbuf.lex_curr_p in
+    lexbuf.lex_curr_p <-
+      { lcp with pos_lnum = lcp.pos_lnum + m ; pos_bol = lcp.pos_cnum - n } ;
+    (INDENT n)
+
+  let quoted = Str.regexp "\\\\\\(.\\)"
+  let unquote x = Str.global_replace quoted "\\1" x
+
+  (* We open Caml, because ocamllex generates code that uses Array.make,
+  which is not available in Core. Ideally, this should go away. *)
+  open! Caml
+}
+
+let id_head = ['a'-'z' 'A'-'Z']
+let id_tail = ['a'-'z' 'A'-'Z' '0'-'9']*
+
+rule raw_token = parse
+  | '\t' { raise Error }
+  | ((' '* ("//" [^ '\n']*)? '\n')+ as x) (' '* as y) { new_line x y lexbuf }
+  | ' '+ { raw_token lexbuf }
+  | "->" { ARROW }
+  | '='  { ASGN }
+  | ':'  { COLON }
+  | ','  { COMMA }
+  | '('  { LP }
+  | ')'  { RP }
+  | '*'  { STAR }
+  | '<'  (([^ '<' '>' '\n' '\\'] | ('\\' _))* as x) '>' { CONSTANT (unquote x) }
+  | '"' ([^ '"' '\n']* as x) '"' { STRING x }
+  | "prefix" { PREFIX }
+  | "property" { PROPERTY }
+  | "message" { MESSAGE }
+  | id_head id_tail as id { ID id }
+  | eof { EOF }
+  | _ { raise Error }
+
+{
+  let token () =
+    let indents = ref [0] in
+    let scheduled_rc = ref 0 in
+    let last_indent () = match !indents with
+      | x :: _ -> x
+      | [] -> L.(die InternalError) "ToplLexer.indents should be nonempty"
+    in
+    let add_indent n = indents := n :: !indents in
+    let rec drop_to_indent n = match !indents with
+      | x :: xs when x > n -> (incr scheduled_rc; indents := xs; drop_to_indent n)
+      | x :: _  when x < n -> raise Error (* bad indentation *)
+      | _ -> ()
+    in
+    let rec step lexbuf =
+      if !scheduled_rc > 0 then (decr scheduled_rc; RC)
+      else match raw_token lexbuf with
+        | INDENT n when n > last_indent () -> (add_indent n; LC)
+        | INDENT n when n < last_indent () -> (drop_to_indent n; step lexbuf)
+        | INDENT _ -> step lexbuf
+        | t -> t
+    in
+    step
+}
--- a/infer/src/topl/ToplParser.mly
+++ b/infer/src/topl/ToplParser.mly
@ -0,0 +1,76 @@
+/*
+ * Copyright (c) 2019-present, Facebook, Inc.
+ *
+ * This source code is licensed under the MIT license found in the
+ * LICENSE file in the root directory of this source tree.
+ */
+%{
+  open !IStd
+
+  let is_guard i = Char.is_lowercase i.[0]
+
+  let normalize_id i = String.uncapitalize i
+
+  let value_pattern_of_id i =
+    assert (String.length i > 0) ;
+    let j = normalize_id i in
+    if is_guard i then ToplAst.EqualToRegister j else ToplAst.SaveInRegister j
+%}
+
+%token <int> INDENT (* The lexer uses this token only internally. *)
+%token <string> CONSTANT
+%token <string> ID
+%token <string> STRING
+%token ARROW
+%token ASGN
+%token COLON
+%token COMMA
+%token EOF
+%token LC
+%token LP
+%token MESSAGE
+%token PREFIX
+%token PROPERTY
+%token RC
+%token RP
+%token STAR
+
+%start <ToplAst.t list> properties
+
+%%
+
+properties: ps=one_property* EOF { ps }
+
+one_property:
+    PROPERTY name=ID LC message=message? prefixes=prefix* transitions=transition* RC
+    { ToplAst.{name; message; prefixes; transitions} }
+
+message: MESSAGE s=STRING { s }
+
+prefix: PREFIX c=CONSTANT { c }
+
+transition:
+    source=ID ARROW target=ID COLON label=label
+    { ToplAst.{source; target; label} }
+
+label:
+    return=value_pattern ASGN c=call_pattern
+    { let procedure_name, arguments = c in ToplAst.{return; procedure_name; arguments} }
+  | c=call_pattern
+    { let procedure_name, arguments = c in ToplAst.{return=Ignore; procedure_name; arguments} }
+
+call_pattern: p=procedure_pattern a=arguments_pattern? { (p, a) }
+
+procedure_pattern:
+    i=ID { i }
+  | c=CONSTANT { c }
+  | STAR { ".*" }
+
+arguments_pattern: LP a=separated_list(COMMA, value_pattern) RP { a }
+
+value_pattern:
+    i=ID { value_pattern_of_id i }
+  | c=CONSTANT { ToplAst.EqualToConstant c }
+  | STAR { ToplAst.Ignore }
+
+%%
--- a/infer/tests/codetoanalyze/java/topl/Makefile
+++ b/infer/tests/codetoanalyze/java/topl/Makefile
@ -0,0 +1,13 @@
+# Copyright (c) 2019-present, Facebook, Inc.
+#
+# This source code is licensed under the MIT license found in the
+# LICENSE file in the root directory of this source tree.
+
+TESTS_DIR = ../../..
+
+INFER_OPTIONS = --topl-properties tomcat.topl --biabduction-only
+INFERPRINT_OPTIONS = --issues-tests
+
+SOURCES = $(wildcard *.java)
+
+include $(TESTS_DIR)/javac.make
--- a/infer/tests/codetoanalyze/java/topl/TomcatFail.java
+++ b/infer/tests/codetoanalyze/java/topl/TomcatFail.java
@ -0,0 +1,9 @@
+/*
+ * Copyright (c) 2019-present, Facebook, Inc.
+ *
+ * This source code is licensed under the MIT license found in the
+ * LICENSE file in the root directory of this source tree.
+ */
+class TomcatFail {
+  void f() {}
+}
--- a/infer/tests/codetoanalyze/java/topl/issues.exp
+++ b/infer/tests/codetoanalyze/java/topl/issues.exp
--- a/infer/tests/codetoanalyze/java/topl/tomcat.topl
+++ b/infer/tests/codetoanalyze/java/topl/tomcat.topl
@ -0,0 +1,49 @@
+property ForwardUncommitted
+  message "A ServletResponse was forwarded before being committed."
+  // TODO assume InterleavedResponse_Weak
+  prefix <javax.servlet>
+  prefix <javax.servlet.{ServletOutputStream,ServletResponse}>
+  prefix <java.io.PrintWriter>
+  start -> start: *
+  start -> tracking: R = <ServletResponse.\<init\>>
+  tracking -> ok: flushBuffer(r)
+  tracking -> gotWriter: W = getWriter(r)
+  gotWriter -> ok: flush(w)
+  gotWrite -> ok: flushBuffer(r)
+  tracking -> gotStream: S = getOutputStream(r)
+  gotStream -> ok: flush(s)
+  gotStream -> ok: flushBuffer(r)
+  tracking -> error: <RequestDispatcher.forward>(*, *, r)
+  gotWriter -> error: <RequestDispatcher.forward>(*, *, r)
+  gotStream -> error: <RequestDispatcher.forward>(*, *, r)
+
+// The documentation of ServletResponse.getOutputStream says that "either this
+// method getWriter may be called to write to the body, not both." So,
+// technically, the property is InterleavedResponse1. However, this property is
+// broken, which is why we also have the weaker version InterleavedResponse2.
+property InterleavedResponse1
+  message "A ServletResponse was asked for both a writer and a stream."
+  prefix <javax.servlet.ServletResponse>
+  start -> start: *
+  start -> gotWriter: W = getWriter(R)
+  start -> gotStream: S = getOutputStream(R)
+  gotWriter -> error: getOutputStream(r)
+  gotStream -> error: getWriter(r)
+
+property InterleavedResponse2
+  // vertex names: w = got writer; W = used writer; similarly for s, S
+  message "Incompatible methods for putting data into a response were used."
+  prefix <javax.servlet.ServletResponse>
+  start -> start: *
+  start -> w: W = getWriter(R)
+  start -> s: S = getOutputStream(R)
+  w -> sw: S = getOutputStream(r)
+  s -> sw: W = getWriter(r)
+  w -> W: *(w)
+  sw -> sW: *(w)
+  s -> S: *(s)
+  sw -> Sw: *(s)
+  W -> sW: S = getOutputStream(r)
+  S -> Sw: W = getWriter(r)
+  sW -> error: *(s)
+  Sw -> error: *(w)