From bb6b99847327ab65f6d55ef3fe9d3cf18cc7056c Mon Sep 17 00:00:00 2001 From: Jules Villard Date: Mon, 15 Jun 2020 02:20:50 -0700 Subject: [PATCH] [biabd] remove BIABD_STACK_VARIABLE_ADDRESS_ESCAPE Summary: This issue type was not giving good results and can be replaced by Pulse's version. Reviewed By: ngorogiannis Differential Revision: D22019551 fbshipit-source-id: 5cf3db46d --- infer/man/man1/infer-full.txt | 1 - infer/man/man1/infer-report.txt | 1 - infer/man/man1/infer.txt | 1 - infer/src/absint/Localise.ml | 25 ------------------- infer/src/absint/Localise.mli | 2 -- infer/src/base/IssueType.ml | 5 ---- infer/src/base/IssueType.mli | 2 -- infer/src/biabduction/Exceptions.ml | 6 ----- infer/src/biabduction/Exceptions.mli | 2 -- infer/src/biabduction/errdesc.ml | 15 ----------- infer/src/biabduction/errdesc.mli | 4 --- infer/src/biabduction/interproc.ml | 14 ++--------- .../codetoanalyze/cpp/biabduction/issues.exp | 4 --- 13 files changed, 2 insertions(+), 80 deletions(-) diff --git a/infer/man/man1/infer-full.txt b/infer/man/man1/infer-full.txt index d448a13f8..1e99dd7f5 100644 --- a/infer/man/man1/infer-full.txt +++ b/infer/man/man1/infer-full.txt @@ -365,7 +365,6 @@ OPTIONS BIABD_CONDITION_ALWAYS_TRUE (disabled by default), BIABD_REGISTERED_OBSERVER_BEING_DEALLOCATED (enabled by default), - BIABD_STACK_VARIABLE_ADDRESS_ESCAPE (disabled by default), BIABD_USE_AFTER_FREE (enabled by default), BUFFER_OVERRUN_L1 (enabled by default), BUFFER_OVERRUN_L2 (enabled by default), diff --git a/infer/man/man1/infer-report.txt b/infer/man/man1/infer-report.txt index 830a88fca..885c80250 100644 --- a/infer/man/man1/infer-report.txt +++ b/infer/man/man1/infer-report.txt @@ -95,7 +95,6 @@ OPTIONS BIABD_CONDITION_ALWAYS_TRUE (disabled by default), BIABD_REGISTERED_OBSERVER_BEING_DEALLOCATED (enabled by default), - BIABD_STACK_VARIABLE_ADDRESS_ESCAPE (disabled by default), BIABD_USE_AFTER_FREE (enabled by default), BUFFER_OVERRUN_L1 (enabled by default), BUFFER_OVERRUN_L2 (enabled by default), diff --git a/infer/man/man1/infer.txt b/infer/man/man1/infer.txt index ae3d3dc9e..227fd305c 100644 --- a/infer/man/man1/infer.txt +++ b/infer/man/man1/infer.txt @@ -365,7 +365,6 @@ OPTIONS BIABD_CONDITION_ALWAYS_TRUE (disabled by default), BIABD_REGISTERED_OBSERVER_BEING_DEALLOCATED (enabled by default), - BIABD_STACK_VARIABLE_ADDRESS_ESCAPE (disabled by default), BIABD_USE_AFTER_FREE (enabled by default), BUFFER_OVERRUN_L1 (enabled by default), BUFFER_OVERRUN_L2 (enabled by default), diff --git a/infer/src/absint/Localise.ml b/infer/src/absint/Localise.ml index 8533e4702..1d88febd2 100644 --- a/infer/src/absint/Localise.ml +++ b/infer/src/absint/Localise.ml @@ -20,9 +20,6 @@ module Tags = struct let call_line = "call_line" - (** expression where a value escapes to *) - let escape_to = "escape_to" - let line = "line" (** string describing a C value, e.g. "x.date" *) @@ -682,28 +679,6 @@ let desc_inherently_dangerous_function proc_name = {no_desc with descriptions= [MF.monospaced_to_string proc_name_str]; tags= !tags} -let desc_stack_variable_address_escape pvar addr_dexp_str loc = - let expr_str = Pvar.to_string pvar in - let tags = Tags.create () in - Tags.update tags Tags.value expr_str ; - let escape_to_str = - match addr_dexp_str with - | Some s -> - Tags.update tags Tags.escape_to s ; - "to " ^ s ^ " " - | None -> - "" - in - let variable_str = - if Pvar.is_frontend_tmp pvar then "temporary" - else Format.asprintf "stack variable %a" MF.pp_monospaced expr_str - in - let description = - Format.asprintf "Address of %s escapes %s%s" variable_str escape_to_str (at_line tags loc) - in - {no_desc with descriptions= [description]; tags= !tags} - - let desc_uninitialized_dangling_pointer_deref deref expr_str loc = let tags = Tags.create () in Tags.update tags Tags.value expr_str ; diff --git a/infer/src/absint/Localise.mli b/infer/src/absint/Localise.mli index 49aec5014..3d8c0ef6e 100644 --- a/infer/src/absint/Localise.mli +++ b/infer/src/absint/Localise.mli @@ -146,8 +146,6 @@ val desc_retain_cycle : string -> Location.t -> string option -> error_desc val desc_registered_observer_being_deallocated : Pvar.t -> Location.t -> error_desc -val desc_stack_variable_address_escape : Pvar.t -> string option -> Location.t -> error_desc - val desc_skip_function : Procname.t -> error_desc val desc_inherently_dangerous_function : Procname.t -> error_desc diff --git a/infer/src/base/IssueType.ml b/infer/src/base/IssueType.ml index 90e56b2dd..afd5fe203 100644 --- a/infer/src/base/IssueType.ml +++ b/infer/src/base/IssueType.ml @@ -253,11 +253,6 @@ let biabd_registered_observer_being_deallocated = ~id:"BIABD_REGISTERED_OBSERVER_BEING_DEALLOCATED" Error Biabduction -let biabd_stack_variable_address_escape = - register_from_string ~enabled:false ~hum:"Stack Variable Address Escape" - ~id:"BIABD_STACK_VARIABLE_ADDRESS_ESCAPE" Error Biabduction - - let biabd_use_after_free = register_from_string ~hum:"Use After Free" ~id:"BIABD_USE_AFTER_FREE" Error Biabduction diff --git a/infer/src/base/IssueType.mli b/infer/src/base/IssueType.mli index ba6d1d4fb..7226b5721 100644 --- a/infer/src/base/IssueType.mli +++ b/infer/src/base/IssueType.mli @@ -90,8 +90,6 @@ val biabd_condition_always_true : t val biabd_registered_observer_being_deallocated : t -val biabd_stack_variable_address_escape : t - val biabd_use_after_free : t val buffer_overrun_l1 : t diff --git a/infer/src/biabduction/Exceptions.ml b/infer/src/biabduction/Exceptions.ml index 1fa9cbdce..8637dcbae 100644 --- a/infer/src/biabduction/Exceptions.ml +++ b/infer/src/biabduction/Exceptions.ml @@ -87,8 +87,6 @@ exception Skip_function of Localise.error_desc exception Skip_pointer_dereference of Localise.error_desc * L.ocaml_pos -exception Stack_variable_address_escape of Localise.error_desc * L.ocaml_pos - exception Symexec_memory_error of L.ocaml_pos exception Unary_minus_applied_to_unsigned_expression of Localise.error_desc * L.ocaml_pos @@ -201,10 +199,6 @@ let recognize_exception exn : IssueToReport.t = { issue_type= IssueType.biabd_registered_observer_being_deallocated ; description= desc ; ocaml_pos= Some ocaml_pos } - | Stack_variable_address_escape (desc, ocaml_pos) -> - { issue_type= IssueType.biabd_stack_variable_address_escape - ; description= desc - ; ocaml_pos= Some ocaml_pos } | SymOp.Analysis_failure_exe _ -> {issue_type= IssueType.failure_exe; description= Localise.no_desc; ocaml_pos= None} | Skip_function desc -> diff --git a/infer/src/biabduction/Exceptions.mli b/infer/src/biabduction/Exceptions.mli index 0087770dd..57f60905b 100644 --- a/infer/src/biabduction/Exceptions.mli +++ b/infer/src/biabduction/Exceptions.mli @@ -86,8 +86,6 @@ exception Skip_function of Localise.error_desc exception Skip_pointer_dereference of Localise.error_desc * Logging.ocaml_pos -exception Stack_variable_address_escape of Localise.error_desc * Logging.ocaml_pos - exception Symexec_memory_error of Logging.ocaml_pos exception Unary_minus_applied_to_unsigned_expression of Localise.error_desc * Logging.ocaml_pos diff --git a/infer/src/biabduction/errdesc.ml b/infer/src/biabduction/errdesc.ml index 592cae316..a52cb8064 100644 --- a/infer/src/biabduction/errdesc.ml +++ b/infer/src/biabduction/errdesc.ml @@ -1135,21 +1135,6 @@ let explain_condition_always_true_false tenv i cond node loc = Localise.desc_condition_always_true_false i cond_str_opt loc -(** explain the escape of a stack variable address from its scope *) -let explain_stack_variable_address_escape loc pvar addr_dexp_opt = - let addr_dexp_str = - match addr_dexp_opt with - | Some (DExp.Dpvar pv) - when Pvar.is_local pv && Mangled.equal (Pvar.get_name pv) Ident.name_return -> - Some "the caller via a return" - | Some dexp -> - Some (DExp.to_string dexp) - | None -> - None - in - Localise.desc_stack_variable_address_escape pvar addr_dexp_str loc - - (** explain unary minus applied to unsigned expression *) let explain_unary_minus_applied_to_unsigned_expression tenv exp typ node loc = let exp_str_opt = diff --git a/infer/src/biabduction/errdesc.mli b/infer/src/biabduction/errdesc.mli index b1391c2c4..9b04eaf1c 100644 --- a/infer/src/biabduction/errdesc.mli +++ b/infer/src/biabduction/errdesc.mli @@ -81,10 +81,6 @@ val explain_condition_always_true_false : Tenv.t -> IntLit.t -> Exp.t -> Procdesc.Node.t -> Location.t -> Localise.error_desc (** explain a condition which is always true or false *) -val explain_stack_variable_address_escape : - Location.t -> Pvar.t -> DecompiledExp.t option -> Localise.error_desc -(** explain the escape of a stack variable address from its scope *) - val explain_unary_minus_applied_to_unsigned_expression : Tenv.t -> Exp.t -> Typ.t -> Procdesc.Node.t -> Location.t -> Localise.error_desc (** explain unary minus applied to unsigned expression *) diff --git a/infer/src/biabduction/interproc.ml b/infer/src/biabduction/interproc.ml index 4b47c8491..4f0454405 100644 --- a/infer/src/biabduction/interproc.ml +++ b/infer/src/biabduction/interproc.ml @@ -483,19 +483,9 @@ let forward_tabulate ({InterproceduralAnalysis.proc_desc; err_log; tenv; _} as a (** Remove locals and formals, and check if the address of a stack variable is left in the result *) -let remove_locals_formals_and_check {InterproceduralAnalysis.proc_desc; err_log; tenv; _} proc_cfg p - = +let remove_locals_formals_and_check {InterproceduralAnalysis.tenv; _} proc_cfg p = let pdesc = ProcCfg.Exceptional.proc_desc proc_cfg in - let pvars, p' = PropUtil.remove_locals_formals tenv pdesc p in - let check_pvar pvar = - if not (Pvar.is_frontend_tmp pvar) then - let loc = ProcCfg.Exceptional.Node.loc (ProcCfg.Exceptional.exit_node proc_cfg) in - let dexp_opt, _ = Errdesc.vpath_find tenv p (Exp.Lvar pvar) in - let desc = Errdesc.explain_stack_variable_address_escape loc pvar dexp_opt in - let exn = Exceptions.Stack_variable_address_escape (desc, __POS__) in - BiabductionReporting.log_issue_deprecated_using_state proc_desc err_log exn - in - List.iter ~f:check_pvar pvars ; + let _pvars, p' = PropUtil.remove_locals_formals tenv pdesc p in p' diff --git a/infer/tests/codetoanalyze/cpp/biabduction/issues.exp b/infer/tests/codetoanalyze/cpp/biabduction/issues.exp index 512e906a4..1ca91ee31 100644 --- a/infer/tests/codetoanalyze/cpp/biabduction/issues.exp +++ b/infer/tests/codetoanalyze/cpp/biabduction/issues.exp @@ -100,10 +100,6 @@ codetoanalyze/cpp/biabduction/smart_ptr/unique_ptr_deref.cpp, unique_ptr::FP_res codetoanalyze/cpp/biabduction/smart_ptr/unique_ptr_deref.cpp, unique_ptr::FP_reset_ptr_deref_ok, 2, BIABDUCTION_MEMORY_LEAK, CPP, ERROR, [start of procedure unique_ptr::FP_reset_ptr_deref_ok(),Skipping unique_ptr: method has no implementation,Skipping reset: method has no implementation] codetoanalyze/cpp/biabduction/smart_ptr/unique_ptr_deref.cpp, unique_ptr::FP_unique_ptr_move_deref_ok, 1, BIABDUCTION_MEMORY_LEAK, CPP, ERROR, [start of procedure unique_ptr::FP_unique_ptr_move_deref_ok(),Skipping unique_ptr: method has no implementation] codetoanalyze/cpp/biabduction/smart_ptr/unique_ptr_deref.cpp, unique_ptr::unique_ptr_assign_deref_ok, 1, BIABDUCTION_MEMORY_LEAK, CPP, ERROR, [start of procedure unique_ptr::unique_ptr_assign_deref_ok(),Skipping unique_ptr: method has no implementation] -codetoanalyze/cpp/biabduction/stack_escape/basic.cpp, basic_escape_local_bad, 3, BIABD_STACK_VARIABLE_ADDRESS_ESCAPE, no_bucket, ERROR, [start of procedure basic_escape_local_bad(),return from a call to basic_escape_local_bad] -codetoanalyze/cpp/biabduction/stack_escape/basic.cpp, basic_escape_param_bad, 0, BIABD_STACK_VARIABLE_ADDRESS_ESCAPE, no_bucket, ERROR, [start of procedure basic_escape_param_bad(),return from a call to basic_escape_param_bad] -codetoanalyze/cpp/biabduction/stack_escape/basic.cpp, escape_local_struct_member_bad, 3, BIABD_STACK_VARIABLE_ADDRESS_ESCAPE, no_bucket, ERROR, [start of procedure escape_local_struct_member_bad(),start of procedure EscapeTest,return from a call to EscapeTest::EscapeTest,return from a call to escape_local_struct_member_bad] -codetoanalyze/cpp/biabduction/static_local/nonstatic_local_bad.cpp, nonstatic_local_bad, 3, BIABD_STACK_VARIABLE_ADDRESS_ESCAPE, no_bucket, ERROR, [start of procedure nonstatic_local_bad(),return from a call to nonstatic_local_bad] codetoanalyze/cpp/biabduction/static_local/nonstatic_local_bad.cpp, nonstatic_local_caller, 2, DANGLING_POINTER_DEREFERENCE, no_bucket, ERROR, [start of procedure nonstatic_local_caller(),start of procedure nonstatic_local_bad(),return from a call to nonstatic_local_bad] codetoanalyze/cpp/biabduction/subtyping/cast_with_enforce.cpp, cast_with_enforce::cast_with_npe, 3, NULL_DEREFERENCE, B1, ERROR, [start of procedure cast_with_enforce::cast_with_npe(),start of procedure Base,return from a call to cast_with_enforce::Base::Base] codetoanalyze/cpp/biabduction/subtyping/dynamic_cast.cpp, dynamic__cast::rightPointerCast, 4, BIABDUCTION_MEMORY_LEAK, CPP, ERROR, [start of procedure dynamic__cast::rightPointerCast(),start of procedure Derived,start of procedure Base,return from a call to dynamic__cast::Base::Base,return from a call to dynamic__cast::Derived::Derived,Taking true branch]