[biabd] remove BIABD_STACK_VARIABLE_ADDRESS_ESCAPE

Summary:
This issue type was not giving good results and can be replaced by
Pulse's version.

Reviewed By: ngorogiannis

Differential Revision: D22019551

fbshipit-source-id: 5cf3db46d
master
Jules Villard 5 years ago committed by Facebook GitHub Bot
parent cb805882c2
commit bb6b998473

@ -365,7 +365,6 @@ OPTIONS
BIABD_CONDITION_ALWAYS_TRUE (disabled by default), BIABD_CONDITION_ALWAYS_TRUE (disabled by default),
BIABD_REGISTERED_OBSERVER_BEING_DEALLOCATED (enabled by BIABD_REGISTERED_OBSERVER_BEING_DEALLOCATED (enabled by
default), default),
BIABD_STACK_VARIABLE_ADDRESS_ESCAPE (disabled by default),
BIABD_USE_AFTER_FREE (enabled by default), BIABD_USE_AFTER_FREE (enabled by default),
BUFFER_OVERRUN_L1 (enabled by default), BUFFER_OVERRUN_L1 (enabled by default),
BUFFER_OVERRUN_L2 (enabled by default), BUFFER_OVERRUN_L2 (enabled by default),

@ -95,7 +95,6 @@ OPTIONS
BIABD_CONDITION_ALWAYS_TRUE (disabled by default), BIABD_CONDITION_ALWAYS_TRUE (disabled by default),
BIABD_REGISTERED_OBSERVER_BEING_DEALLOCATED (enabled by BIABD_REGISTERED_OBSERVER_BEING_DEALLOCATED (enabled by
default), default),
BIABD_STACK_VARIABLE_ADDRESS_ESCAPE (disabled by default),
BIABD_USE_AFTER_FREE (enabled by default), BIABD_USE_AFTER_FREE (enabled by default),
BUFFER_OVERRUN_L1 (enabled by default), BUFFER_OVERRUN_L1 (enabled by default),
BUFFER_OVERRUN_L2 (enabled by default), BUFFER_OVERRUN_L2 (enabled by default),

@ -365,7 +365,6 @@ OPTIONS
BIABD_CONDITION_ALWAYS_TRUE (disabled by default), BIABD_CONDITION_ALWAYS_TRUE (disabled by default),
BIABD_REGISTERED_OBSERVER_BEING_DEALLOCATED (enabled by BIABD_REGISTERED_OBSERVER_BEING_DEALLOCATED (enabled by
default), default),
BIABD_STACK_VARIABLE_ADDRESS_ESCAPE (disabled by default),
BIABD_USE_AFTER_FREE (enabled by default), BIABD_USE_AFTER_FREE (enabled by default),
BUFFER_OVERRUN_L1 (enabled by default), BUFFER_OVERRUN_L1 (enabled by default),
BUFFER_OVERRUN_L2 (enabled by default), BUFFER_OVERRUN_L2 (enabled by default),

@ -20,9 +20,6 @@ module Tags = struct
let call_line = "call_line" let call_line = "call_line"
(** expression where a value escapes to *)
let escape_to = "escape_to"
let line = "line" let line = "line"
(** string describing a C value, e.g. "x.date" *) (** string describing a C value, e.g. "x.date" *)
@ -682,28 +679,6 @@ let desc_inherently_dangerous_function proc_name =
{no_desc with descriptions= [MF.monospaced_to_string proc_name_str]; tags= !tags} {no_desc with descriptions= [MF.monospaced_to_string proc_name_str]; tags= !tags}
let desc_stack_variable_address_escape pvar addr_dexp_str loc =
let expr_str = Pvar.to_string pvar in
let tags = Tags.create () in
Tags.update tags Tags.value expr_str ;
let escape_to_str =
match addr_dexp_str with
| Some s ->
Tags.update tags Tags.escape_to s ;
"to " ^ s ^ " "
| None ->
""
in
let variable_str =
if Pvar.is_frontend_tmp pvar then "temporary"
else Format.asprintf "stack variable %a" MF.pp_monospaced expr_str
in
let description =
Format.asprintf "Address of %s escapes %s%s" variable_str escape_to_str (at_line tags loc)
in
{no_desc with descriptions= [description]; tags= !tags}
let desc_uninitialized_dangling_pointer_deref deref expr_str loc = let desc_uninitialized_dangling_pointer_deref deref expr_str loc =
let tags = Tags.create () in let tags = Tags.create () in
Tags.update tags Tags.value expr_str ; Tags.update tags Tags.value expr_str ;

@ -146,8 +146,6 @@ val desc_retain_cycle : string -> Location.t -> string option -> error_desc
val desc_registered_observer_being_deallocated : Pvar.t -> Location.t -> error_desc val desc_registered_observer_being_deallocated : Pvar.t -> Location.t -> error_desc
val desc_stack_variable_address_escape : Pvar.t -> string option -> Location.t -> error_desc
val desc_skip_function : Procname.t -> error_desc val desc_skip_function : Procname.t -> error_desc
val desc_inherently_dangerous_function : Procname.t -> error_desc val desc_inherently_dangerous_function : Procname.t -> error_desc

@ -253,11 +253,6 @@ let biabd_registered_observer_being_deallocated =
~id:"BIABD_REGISTERED_OBSERVER_BEING_DEALLOCATED" Error Biabduction ~id:"BIABD_REGISTERED_OBSERVER_BEING_DEALLOCATED" Error Biabduction
let biabd_stack_variable_address_escape =
register_from_string ~enabled:false ~hum:"Stack Variable Address Escape"
~id:"BIABD_STACK_VARIABLE_ADDRESS_ESCAPE" Error Biabduction
let biabd_use_after_free = let biabd_use_after_free =
register_from_string ~hum:"Use After Free" ~id:"BIABD_USE_AFTER_FREE" Error Biabduction register_from_string ~hum:"Use After Free" ~id:"BIABD_USE_AFTER_FREE" Error Biabduction

@ -90,8 +90,6 @@ val biabd_condition_always_true : t
val biabd_registered_observer_being_deallocated : t val biabd_registered_observer_being_deallocated : t
val biabd_stack_variable_address_escape : t
val biabd_use_after_free : t val biabd_use_after_free : t
val buffer_overrun_l1 : t val buffer_overrun_l1 : t

@ -87,8 +87,6 @@ exception Skip_function of Localise.error_desc
exception Skip_pointer_dereference of Localise.error_desc * L.ocaml_pos exception Skip_pointer_dereference of Localise.error_desc * L.ocaml_pos
exception Stack_variable_address_escape of Localise.error_desc * L.ocaml_pos
exception Symexec_memory_error of L.ocaml_pos exception Symexec_memory_error of L.ocaml_pos
exception Unary_minus_applied_to_unsigned_expression of Localise.error_desc * L.ocaml_pos exception Unary_minus_applied_to_unsigned_expression of Localise.error_desc * L.ocaml_pos
@ -201,10 +199,6 @@ let recognize_exception exn : IssueToReport.t =
{ issue_type= IssueType.biabd_registered_observer_being_deallocated { issue_type= IssueType.biabd_registered_observer_being_deallocated
; description= desc ; description= desc
; ocaml_pos= Some ocaml_pos } ; ocaml_pos= Some ocaml_pos }
| Stack_variable_address_escape (desc, ocaml_pos) ->
{ issue_type= IssueType.biabd_stack_variable_address_escape
; description= desc
; ocaml_pos= Some ocaml_pos }
| SymOp.Analysis_failure_exe _ -> | SymOp.Analysis_failure_exe _ ->
{issue_type= IssueType.failure_exe; description= Localise.no_desc; ocaml_pos= None} {issue_type= IssueType.failure_exe; description= Localise.no_desc; ocaml_pos= None}
| Skip_function desc -> | Skip_function desc ->

@ -86,8 +86,6 @@ exception Skip_function of Localise.error_desc
exception Skip_pointer_dereference of Localise.error_desc * Logging.ocaml_pos exception Skip_pointer_dereference of Localise.error_desc * Logging.ocaml_pos
exception Stack_variable_address_escape of Localise.error_desc * Logging.ocaml_pos
exception Symexec_memory_error of Logging.ocaml_pos exception Symexec_memory_error of Logging.ocaml_pos
exception Unary_minus_applied_to_unsigned_expression of Localise.error_desc * Logging.ocaml_pos exception Unary_minus_applied_to_unsigned_expression of Localise.error_desc * Logging.ocaml_pos

@ -1135,21 +1135,6 @@ let explain_condition_always_true_false tenv i cond node loc =
Localise.desc_condition_always_true_false i cond_str_opt loc Localise.desc_condition_always_true_false i cond_str_opt loc
(** explain the escape of a stack variable address from its scope *)
let explain_stack_variable_address_escape loc pvar addr_dexp_opt =
let addr_dexp_str =
match addr_dexp_opt with
| Some (DExp.Dpvar pv)
when Pvar.is_local pv && Mangled.equal (Pvar.get_name pv) Ident.name_return ->
Some "the caller via a return"
| Some dexp ->
Some (DExp.to_string dexp)
| None ->
None
in
Localise.desc_stack_variable_address_escape pvar addr_dexp_str loc
(** explain unary minus applied to unsigned expression *) (** explain unary minus applied to unsigned expression *)
let explain_unary_minus_applied_to_unsigned_expression tenv exp typ node loc = let explain_unary_minus_applied_to_unsigned_expression tenv exp typ node loc =
let exp_str_opt = let exp_str_opt =

@ -81,10 +81,6 @@ val explain_condition_always_true_false :
Tenv.t -> IntLit.t -> Exp.t -> Procdesc.Node.t -> Location.t -> Localise.error_desc Tenv.t -> IntLit.t -> Exp.t -> Procdesc.Node.t -> Location.t -> Localise.error_desc
(** explain a condition which is always true or false *) (** explain a condition which is always true or false *)
val explain_stack_variable_address_escape :
Location.t -> Pvar.t -> DecompiledExp.t option -> Localise.error_desc
(** explain the escape of a stack variable address from its scope *)
val explain_unary_minus_applied_to_unsigned_expression : val explain_unary_minus_applied_to_unsigned_expression :
Tenv.t -> Exp.t -> Typ.t -> Procdesc.Node.t -> Location.t -> Localise.error_desc Tenv.t -> Exp.t -> Typ.t -> Procdesc.Node.t -> Location.t -> Localise.error_desc
(** explain unary minus applied to unsigned expression *) (** explain unary minus applied to unsigned expression *)

@ -483,19 +483,9 @@ let forward_tabulate ({InterproceduralAnalysis.proc_desc; err_log; tenv; _} as a
(** Remove locals and formals, and check if the address of a stack variable is left in the result *) (** Remove locals and formals, and check if the address of a stack variable is left in the result *)
let remove_locals_formals_and_check {InterproceduralAnalysis.proc_desc; err_log; tenv; _} proc_cfg p let remove_locals_formals_and_check {InterproceduralAnalysis.tenv; _} proc_cfg p =
=
let pdesc = ProcCfg.Exceptional.proc_desc proc_cfg in let pdesc = ProcCfg.Exceptional.proc_desc proc_cfg in
let pvars, p' = PropUtil.remove_locals_formals tenv pdesc p in let _pvars, p' = PropUtil.remove_locals_formals tenv pdesc p in
let check_pvar pvar =
if not (Pvar.is_frontend_tmp pvar) then
let loc = ProcCfg.Exceptional.Node.loc (ProcCfg.Exceptional.exit_node proc_cfg) in
let dexp_opt, _ = Errdesc.vpath_find tenv p (Exp.Lvar pvar) in
let desc = Errdesc.explain_stack_variable_address_escape loc pvar dexp_opt in
let exn = Exceptions.Stack_variable_address_escape (desc, __POS__) in
BiabductionReporting.log_issue_deprecated_using_state proc_desc err_log exn
in
List.iter ~f:check_pvar pvars ;
p' p'

@ -100,10 +100,6 @@ codetoanalyze/cpp/biabduction/smart_ptr/unique_ptr_deref.cpp, unique_ptr::FP_res
codetoanalyze/cpp/biabduction/smart_ptr/unique_ptr_deref.cpp, unique_ptr::FP_reset_ptr_deref_ok, 2, BIABDUCTION_MEMORY_LEAK, CPP, ERROR, [start of procedure unique_ptr::FP_reset_ptr_deref_ok(),Skipping unique_ptr<true,_void>: method has no implementation,Skipping reset: method has no implementation] codetoanalyze/cpp/biabduction/smart_ptr/unique_ptr_deref.cpp, unique_ptr::FP_reset_ptr_deref_ok, 2, BIABDUCTION_MEMORY_LEAK, CPP, ERROR, [start of procedure unique_ptr::FP_reset_ptr_deref_ok(),Skipping unique_ptr<true,_void>: method has no implementation,Skipping reset: method has no implementation]
codetoanalyze/cpp/biabduction/smart_ptr/unique_ptr_deref.cpp, unique_ptr::FP_unique_ptr_move_deref_ok, 1, BIABDUCTION_MEMORY_LEAK, CPP, ERROR, [start of procedure unique_ptr::FP_unique_ptr_move_deref_ok(),Skipping unique_ptr<true,_void>: method has no implementation] codetoanalyze/cpp/biabduction/smart_ptr/unique_ptr_deref.cpp, unique_ptr::FP_unique_ptr_move_deref_ok, 1, BIABDUCTION_MEMORY_LEAK, CPP, ERROR, [start of procedure unique_ptr::FP_unique_ptr_move_deref_ok(),Skipping unique_ptr<true,_void>: method has no implementation]
codetoanalyze/cpp/biabduction/smart_ptr/unique_ptr_deref.cpp, unique_ptr::unique_ptr_assign_deref_ok, 1, BIABDUCTION_MEMORY_LEAK, CPP, ERROR, [start of procedure unique_ptr::unique_ptr_assign_deref_ok(),Skipping unique_ptr<true,_void>: method has no implementation] codetoanalyze/cpp/biabduction/smart_ptr/unique_ptr_deref.cpp, unique_ptr::unique_ptr_assign_deref_ok, 1, BIABDUCTION_MEMORY_LEAK, CPP, ERROR, [start of procedure unique_ptr::unique_ptr_assign_deref_ok(),Skipping unique_ptr<true,_void>: method has no implementation]
codetoanalyze/cpp/biabduction/stack_escape/basic.cpp, basic_escape_local_bad, 3, BIABD_STACK_VARIABLE_ADDRESS_ESCAPE, no_bucket, ERROR, [start of procedure basic_escape_local_bad(),return from a call to basic_escape_local_bad]
codetoanalyze/cpp/biabduction/stack_escape/basic.cpp, basic_escape_param_bad, 0, BIABD_STACK_VARIABLE_ADDRESS_ESCAPE, no_bucket, ERROR, [start of procedure basic_escape_param_bad(),return from a call to basic_escape_param_bad]
codetoanalyze/cpp/biabduction/stack_escape/basic.cpp, escape_local_struct_member_bad, 3, BIABD_STACK_VARIABLE_ADDRESS_ESCAPE, no_bucket, ERROR, [start of procedure escape_local_struct_member_bad(),start of procedure EscapeTest,return from a call to EscapeTest::EscapeTest,return from a call to escape_local_struct_member_bad]
codetoanalyze/cpp/biabduction/static_local/nonstatic_local_bad.cpp, nonstatic_local_bad, 3, BIABD_STACK_VARIABLE_ADDRESS_ESCAPE, no_bucket, ERROR, [start of procedure nonstatic_local_bad(),return from a call to nonstatic_local_bad]
codetoanalyze/cpp/biabduction/static_local/nonstatic_local_bad.cpp, nonstatic_local_caller, 2, DANGLING_POINTER_DEREFERENCE, no_bucket, ERROR, [start of procedure nonstatic_local_caller(),start of procedure nonstatic_local_bad(),return from a call to nonstatic_local_bad] codetoanalyze/cpp/biabduction/static_local/nonstatic_local_bad.cpp, nonstatic_local_caller, 2, DANGLING_POINTER_DEREFERENCE, no_bucket, ERROR, [start of procedure nonstatic_local_caller(),start of procedure nonstatic_local_bad(),return from a call to nonstatic_local_bad]
codetoanalyze/cpp/biabduction/subtyping/cast_with_enforce.cpp, cast_with_enforce::cast_with_npe, 3, NULL_DEREFERENCE, B1, ERROR, [start of procedure cast_with_enforce::cast_with_npe(),start of procedure Base,return from a call to cast_with_enforce::Base::Base] codetoanalyze/cpp/biabduction/subtyping/cast_with_enforce.cpp, cast_with_enforce::cast_with_npe, 3, NULL_DEREFERENCE, B1, ERROR, [start of procedure cast_with_enforce::cast_with_npe(),start of procedure Base,return from a call to cast_with_enforce::Base::Base]
codetoanalyze/cpp/biabduction/subtyping/dynamic_cast.cpp, dynamic__cast::rightPointerCast, 4, BIABDUCTION_MEMORY_LEAK, CPP, ERROR, [start of procedure dynamic__cast::rightPointerCast(),start of procedure Derived,start of procedure Base,return from a call to dynamic__cast::Base::Base,return from a call to dynamic__cast::Derived::Derived,Taking true branch] codetoanalyze/cpp/biabduction/subtyping/dynamic_cast.cpp, dynamic__cast::rightPointerCast, 4, BIABDUCTION_MEMORY_LEAK, CPP, ERROR, [start of procedure dynamic__cast::rightPointerCast(),start of procedure Derived,start of procedure Base,return from a call to dynamic__cast::Base::Base,return from a call to dynamic__cast::Derived::Derived,Taking true branch]

Loading…
Cancel
Save