You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
219 lines
7.8 KiB
219 lines
7.8 KiB
(*
|
|
* Copyright (c) 2013 - present Facebook, Inc.
|
|
* All rights reserved.
|
|
*
|
|
* This source code is licensed under the BSD style license found in the
|
|
* LICENSE file in the root directory of this source tree. An additional grant
|
|
* of patent rights can be found in the PATENTS file in the same directory.
|
|
*)
|
|
|
|
open! Utils
|
|
|
|
(** Module for code queries. *)
|
|
|
|
module L = Logging
|
|
module F = Format
|
|
|
|
let verbose = false
|
|
|
|
let parse_query s =
|
|
let buf = Lexing.from_string s in
|
|
try
|
|
match CodequeryParser.query CodequeryLexer.token buf with
|
|
| None ->
|
|
L.stdout "empty rule@.";
|
|
assert false
|
|
| Some query ->
|
|
if verbose then L.stdout "%a@." CodeQueryAst.pp_query query;
|
|
query
|
|
with
|
|
| Parsing.Parse_error ->
|
|
let lexbuf = Bytes.to_string buf.Lexing.lex_buffer in
|
|
L.stdout "@.parsing stops on line %d: \n\n%s@." !CodequeryLexer.line_number lexbuf;
|
|
assert false
|
|
|
|
let query_ast =
|
|
lazy (match Config.code_query with None -> parse_query "x(y)" | Some s -> parse_query s)
|
|
|
|
module Err = struct
|
|
(** Update the summary with stats from the checker. *)
|
|
let update_summary proc_name proc_desc =
|
|
let old_summ = Specs.get_summary_unsafe "codeQuery" proc_name in
|
|
let nodes = IList.map (fun n -> Cfg.Node.get_id n) (Cfg.Procdesc.get_nodes proc_desc) in
|
|
let specs =
|
|
let spec =
|
|
{ Specs.pre = Specs.Jprop.Prop (1, Prop.prop_emp);
|
|
posts = [];
|
|
visited = Specs.Visitedset.empty
|
|
} in
|
|
[(Specs.spec_normalize spec)] in
|
|
let new_summ = { old_summ with
|
|
Specs.attributes =
|
|
{ old_summ.Specs.attributes with
|
|
ProcAttributes.loc = Cfg.Procdesc.get_loc proc_desc };
|
|
nodes = nodes;
|
|
payload =
|
|
{ old_summ.Specs.payload with
|
|
Specs.preposts = Some specs; }
|
|
} in
|
|
Specs.add_summary proc_name new_summ
|
|
|
|
let add_error_to_spec proc_name s node loc =
|
|
Checkers.ST.pname_add proc_name "codequery" "active"; (* force creation of .specs files *)
|
|
State.set_node node;
|
|
let exn = Exceptions.Codequery (Localise.verbatim_desc s) in
|
|
Reporting.log_error proc_name ~loc: (Some loc) exn
|
|
end
|
|
|
|
(** Matcher for rules. *)
|
|
module Match = struct
|
|
type value =
|
|
| Vfun of Procname.t
|
|
| Vval of Sil.exp
|
|
|
|
let pp_value fmt = function
|
|
| Vval e -> F.fprintf fmt "%a" (Sil.pp_exp pe_text) e
|
|
| Vfun pn -> F.fprintf fmt "%s" (Procname.to_string pn)
|
|
|
|
let value_equal v1 v2 = match v1, v2 with
|
|
| Vval e1, Vval e2 -> Sil.exp_equal e1 e2
|
|
| Vval _, _ -> false
|
|
| _, Vval _ -> false
|
|
| Vfun pn1, Vfun pn2 -> Procname.equal pn1 pn2
|
|
|
|
let init_env () = Hashtbl.create 1
|
|
|
|
let env_copy env = Hashtbl.copy env
|
|
|
|
let env_add env id value =
|
|
try
|
|
let value' = Hashtbl.find env id in
|
|
value_equal value value'
|
|
with Not_found ->
|
|
Hashtbl.add env id value;
|
|
true
|
|
let pp_env fmt env =
|
|
let pp_item id value =
|
|
F.fprintf fmt "%s=%a " id pp_value value in
|
|
Hashtbl.iter pp_item env
|
|
|
|
let exp_match env ae value = match ae, value with
|
|
| CodeQueryAst.Null, Vval e -> Sil.exp_equal e Sil.exp_zero
|
|
| CodeQueryAst.Null, _ -> false
|
|
| CodeQueryAst.ConstString s, (Vfun pn) -> string_contains s (Procname.to_string pn)
|
|
| CodeQueryAst.ConstString _, _ -> false
|
|
| CodeQueryAst.Ident id, x ->
|
|
env_add env id x
|
|
|
|
let rec exp_list_match env ael vl = match ael, vl with
|
|
| [], [] -> true
|
|
| [], _:: _ -> false
|
|
| _:: _, [] -> false
|
|
| ae:: ael', v:: vl' ->
|
|
if exp_match env ae v then exp_list_match env ael' vl'
|
|
else false
|
|
|
|
let opt_match match_elem env x_opt y = match x_opt with
|
|
| None -> true
|
|
| Some x -> match_elem env x y
|
|
|
|
let binop_match op1 op2 = match op1, op2 with
|
|
| Binop.Eq, "==" -> true
|
|
| Binop.Ne, "!=" -> true
|
|
| _ -> false
|
|
|
|
let rec cond_match env idenv cond (ae1, op, ae2) = match cond with
|
|
| Sil.BinOp (bop, _e1, _e2) ->
|
|
let e1 = Idenv.expand_expr idenv _e1 in
|
|
let e2 = Idenv.expand_expr idenv _e2 in
|
|
binop_match bop op && exp_match env ae1 (Vval e1) && exp_match env ae2 (Vval e2)
|
|
| Sil.UnOp (Unop.LNot, (Sil.BinOp (Binop.Eq, e1, e2)), _) ->
|
|
cond_match env idenv (Sil.BinOp (Binop.Ne, e1, e2)) (ae1, op, ae2)
|
|
| Sil.UnOp (Unop.LNot, (Sil.BinOp (Binop.Ne, e1, e2)), _) ->
|
|
cond_match env idenv (Sil.BinOp (Binop.Eq, e1, e2)) (ae1, op, ae2)
|
|
| _ -> false
|
|
|
|
(** Iterate over the instructions of the linearly succ nodes. *)
|
|
let rec iter_succ_nodes node iter =
|
|
match Cfg.Node.get_succs node with
|
|
| [node'] ->
|
|
let instrs = Cfg.Node.get_instrs node in
|
|
IList.iter (fun instr -> iter (node', instr)) instrs;
|
|
iter_succ_nodes node' iter
|
|
| [] -> ()
|
|
| _:: _ -> ()
|
|
|
|
let linereader = Printer.LineReader.create ()
|
|
|
|
let print_action env action proc_name node loc = match action with
|
|
| CodeQueryAst.Noaction ->
|
|
L.stdout "%a@." pp_env env
|
|
| CodeQueryAst.Source source_range_opt ->
|
|
let x, y = match source_range_opt with
|
|
| None -> 10, 10
|
|
| Some (x, y) -> x, y in
|
|
L.stdout "%a@." (Checkers.PP.pp_loc_range linereader x y) loc
|
|
| CodeQueryAst.Error s_opt ->
|
|
let err_name = match s_opt with
|
|
| None -> "codequery"
|
|
| Some s -> s in
|
|
Err.add_error_to_spec proc_name err_name node loc
|
|
|
|
let rec match_query show env idenv caller_pn (rule, action) proc_name node instr =
|
|
match rule, instr with
|
|
| CodeQueryAst.Call (ae1, ae2), Sil.Call (_, Sil.Const (Const.Cfun pn), _, loc, _) ->
|
|
if exp_match env ae1 (Vfun caller_pn) && exp_match env ae2 (Vfun pn) then
|
|
begin
|
|
if show then print_action env action proc_name node loc;
|
|
true
|
|
end
|
|
else false
|
|
| CodeQueryAst.Call _, _ -> false
|
|
| CodeQueryAst.MethodCall (ae1, ae2, ael_opt),
|
|
Sil.Call (_, Sil.Const (Const.Cfun pn), (_e1, _) :: params,
|
|
loc, { CallFlags.cf_virtual = true }) ->
|
|
let e1 = Idenv.expand_expr idenv _e1 in
|
|
let vl = IList.map (function _e, _ -> Vval (Idenv.expand_expr idenv _e)) params in
|
|
if exp_match env ae1 (Vval e1) && exp_match env ae2 (Vfun pn) && opt_match exp_list_match env ael_opt vl then
|
|
begin
|
|
if show then print_action env action proc_name node loc;
|
|
true
|
|
end
|
|
else false
|
|
| CodeQueryAst.MethodCall _, _ -> false
|
|
| CodeQueryAst.If (ae1, op, ae2, body_rule), Sil.Prune (cond, loc, true_branch, _) ->
|
|
if true_branch && cond_match env idenv cond (ae1, op, ae2) then
|
|
begin
|
|
let found = ref false in
|
|
let iter (_, instr') =
|
|
let env' = env_copy env in
|
|
if not !found
|
|
&& match_query false env' idenv caller_pn (body_rule, action) proc_name node instr'
|
|
then found := true in
|
|
iter_succ_nodes node iter;
|
|
let line_contains_null () =
|
|
match Printer.LineReader.from_loc linereader loc with
|
|
| None -> false
|
|
| Some s -> string_contains "null" s in
|
|
if !found && line_contains_null () (* TODO: this replaces lack of typing where null and 0 and false are the same *) then
|
|
begin
|
|
L.stdout "conditional %a@." (Sil.pp_exp pe_text) cond;
|
|
print_action env action proc_name node loc
|
|
end;
|
|
!found
|
|
end
|
|
else false
|
|
| CodeQueryAst.If _, _ -> false
|
|
|
|
end
|
|
|
|
let code_query_callback { Callbacks.proc_desc; idenv; proc_name } =
|
|
let do_instr node instr =
|
|
let env = Match.init_env () in
|
|
let _found =
|
|
Match.match_query true env idenv proc_name (Lazy.force query_ast) proc_name node instr in
|
|
() in
|
|
if verbose then L.stdout "code_query_callback on %a@." Procname.pp proc_name;
|
|
Cfg.Procdesc.iter_instrs do_instr proc_desc;
|
|
Err.update_summary proc_name proc_desc
|