New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Import null pointer information from PDG into static analysis #1086
base: master
Are you sure you want to change the base?
Conversation
ac9abd6
to
0a55190
Compare
I still need to test this on some actual code (maybe lighttpd?) |
0a55190
to
1f4aa09
Compare
if g.is_null { | ||
// TODO: is this enough? | ||
perms.remove(PermissionSet::NON_NULL); | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@spernsteiner If I'm understanding #1088 correctly, the other thing we need to do here is add NON_NULL
to updates_forbidden
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Roughly, yes. Though we might want to experiment a bit - for example, it might be easier to understand the results if we set updates_forbidden
only on function signatures, or only on named variables and not on temporaries.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think there can be two nodes with the same dest
(either in different Graph
s or in the same one), representing two different observations of that dest
during the execution. We want to set NON_NULL
in perms
(and in updates_forbidden
) only if all observations with the same dest
show it containing a non-null pointer. So we need some additional logic beyond just doing perms.insert(NON_NULL); updates_forbidden.insert(NON_NULL);
here.
Mark each PDG graph with a boolean flag that represents whether that graph corresponds to the null pointer or not. The PDG construction algorithm seems to build one unique graph for all null pointers in the entire program.
Add one test where a function argument can be either null or non-null in the recur() function of the analysis/tests/misc example code.
Remove the NON_NULL permission from all nodes in the null graph from the PDG.
Introduce a ProjectionTree data structure in the PDG construction algorithm which keeps track of assignments into projections of locals. This lets us reconstruct the correct source of some events where the direct source is missing.
The Field event instrumentation is broken because it does not distinguish between identical field indices at different depths, e.g., x.1.2 and x.2 will emit an identical Field(&x, 2) event.
1f4aa09
to
2b30b48
Compare
No description provided.