From 949aae560baaf8bc930abb1862b59e0ad20c9e2f Mon Sep 17 00:00:00 2001 From: Julian Sutherland Date: Tue, 18 Sep 2018 07:35:21 -0700 Subject: [PATCH] Added traces to QuandaryBO errors Reviewed By: ngorogiannis Differential Revision: D9861351 fbshipit-source-id: f6e416834 --- infer/src/IR/Errlog.ml | 12 ++++++++++-- infer/src/IR/Errlog.mli | 9 +++++++++ infer/tests/codetoanalyze/cpp/quandaryBO/issues.exp | 4 ++-- 3 files changed, 21 insertions(+), 4 deletions(-) diff --git a/infer/src/IR/Errlog.ml b/infer/src/IR/Errlog.ml index 92d0c3d38..10a9bb5db 100644 --- a/infer/src/IR/Errlog.ml +++ b/infer/src/IR/Errlog.ml @@ -95,13 +95,21 @@ type err_data = let compare_err_data err_data1 err_data2 = Location.compare err_data1.loc err_data2.loc -let merge_err_data err_data1 _ = +let merge_err_data err_data1 err_data2 = { node_id= 0 ; node_key= None ; session= 0 ; loc= {err_data1.loc with col= -1} ; loc_in_ml_source= None - ; loc_trace= [] + ; loc_trace= + ( match (err_data1.loc_trace, err_data2.loc_trace) with + | [], _ -> + err_data2.loc_trace + | _, [] -> + err_data1.loc_trace + | te :: _, _ -> + err_data1.loc_trace + @ (make_trace_element 0 te.lt_loc "-----------" [] :: err_data2.loc_trace) ) ; err_class= Exceptions.Checker ; visibility= Exceptions.Exn_user ; linters_def_file= None diff --git a/infer/src/IR/Errlog.mli b/infer/src/IR/Errlog.mli index e1b939572..1f2b0fa7b 100644 --- a/infer/src/IR/Errlog.mli +++ b/infer/src/IR/Errlog.mli @@ -43,6 +43,11 @@ type err_key = private {severity: Exceptions.severity; err_name: IssueType.t; err_desc: Localise.error_desc} [@@deriving compare] +(* Merges two error keys, setting the result's severity to the maximum + of that of the two arguments and giving the user the opportunity + to pass a function to merge the IssueTypes and descriptions + of the two. *) + val merge_err_key : err_key -> err_key @@ -65,6 +70,10 @@ type err_data = private ; access: string option ; extras: Jsonbug_t.extra option } +(* Merges two err_datas, throwing out most information and setting the trace of the + result to the concatenation of the traces of the two arguments with a + separator in between. Used specifically for QuandaryBO. *) + val merge_err_data : err_data -> err_data -> err_data (** Type of the error log *) diff --git a/infer/tests/codetoanalyze/cpp/quandaryBO/issues.exp b/infer/tests/codetoanalyze/cpp/quandaryBO/issues.exp index 864542147..a198393ff 100644 --- a/infer/tests/codetoanalyze/cpp/quandaryBO/issues.exp +++ b/infer/tests/codetoanalyze/cpp/quandaryBO/issues.exp @@ -1,6 +1,6 @@ codetoanalyze/cpp/quandaryBO/tainted_index.cpp, basic_bad, 3, BUFFER_OVERRUN_U5, no_bucket, ERROR, [ArrayDeclaration,Unknown value from: __infer_taint_source,Assignment,ArrayAccess: Offset: [-oo, +oo] Size: 10] -codetoanalyze/cpp/quandaryBO/tainted_index.cpp, basic_bad, 3, TAINTED_BUFFER_ACCESS, no_bucket, ERROR, [] +codetoanalyze/cpp/quandaryBO/tainted_index.cpp, basic_bad, 3, TAINTED_BUFFER_ACCESS, no_bucket, ERROR, [Return from __infer_taint_source,Call to __array_access with tainted index 0,-----------,ArrayDeclaration,Unknown value from: __infer_taint_source,Assignment,ArrayAccess: Offset: [-oo, +oo] Size: 10] codetoanalyze/cpp/quandaryBO/tainted_index.cpp, basic_bad, 3, UNTRUSTED_BUFFER_ACCESS, no_bucket, ERROR, [Return from __infer_taint_source,Call to __array_access with tainted index 0] codetoanalyze/cpp/quandaryBO/tainted_index.cpp, multi_level_bad, 2, BUFFER_OVERRUN_U5, no_bucket, ERROR, [Call,Unknown value from: __infer_taint_source,Assignment,Return,Assignment,Call,ArrayDeclaration,Parameter: i,ArrayAccess: Offset: [1, +oo] Size: 10 by call to `multi_level_sink_bad` ] -codetoanalyze/cpp/quandaryBO/tainted_index.cpp, multi_level_bad, 2, TAINTED_BUFFER_ACCESS, no_bucket, ERROR, [] +codetoanalyze/cpp/quandaryBO/tainted_index.cpp, multi_level_bad, 2, TAINTED_BUFFER_ACCESS, no_bucket, ERROR, [Return from __infer_taint_source with tainted data return*,Return from multi_level_source_bad,Call to multi_level_sink_bad with tainted index 0,Call to __array_access with tainted index 0,-----------,Call,Unknown value from: __infer_taint_source,Assignment,Return,Assignment,Call,ArrayDeclaration,Parameter: i,ArrayAccess: Offset: [1, +oo] Size: 10 by call to `multi_level_sink_bad` ] codetoanalyze/cpp/quandaryBO/tainted_index.cpp, multi_level_bad, 2, UNTRUSTED_BUFFER_ACCESS, no_bucket, ERROR, [Return from __infer_taint_source with tainted data return*,Return from multi_level_source_bad,Call to multi_level_sink_bad with tainted index 0,Call to __array_access with tainted index 0]