Skip to content

Use AddressDomain for MayPointTo and ReachableFrom queries #1142

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
sim642 merged 58 commits into from
Sep 18, 2023
Merged

Use AddressDomain for MayPointTo and ReachableFrom queries #1142

sim642 merged 58 commits into from
Sep 18, 2023

Conversation

@karoliineh
Copy link
Member

@karoliineh karoliineh commented Aug 22, 2023
edited
Loading

Changes

  1. Change MayPointTo and ReachableFrom query result from LS to AddressDomain. This has numerous benefits:

    1. Avoid lots of conversions when using these queries, e.g. ADLSAD/Set (Varinfo)/....
    2. LS had two different top representations (one for ToppedSet entirely and another when dummyFundec.svar was a member). The former allows no known pointers along with unknown pointer, the latter is easy to forget/not know about. AD has only one explicit representation by containing UnknownPtr.
    3. NullPtrs are not implicitly excluded from query results, allowing other analyses to know about them at all. For example, now we warn about unlocking NULL pointer.
    4. More precision due to fewer conversions. Addresses have ID indices which were dropped (if not definite) when converting to exp indices in LS. Now interval, etc offsets can be seen by other analyses.

  2. Fix unsoundness in analyses which previously forgot to check for dummyFundec in query results: relation, fileUse, poisonVariables, uninit, var_eq (in special).

TODO

  • Use MayPointToA and ReachableFromA in taintPartialContexts.
  • Remove queries with LS.
  • Add missing Address/Mval/Offset conversion functions.
  • Rename variables to match new type, e.g. lsad, lv → addr.
  • Review added TODOs in code.

karoliineh and others added 23 commits August 22, 2023 11:34
@karoliineh @sim642
Add MayPointTo query with address domain
24c07c4 
Co-authored-by: Simmo Saan <[email protected]>
@karoliineh @sim642
Use MayPointToA in mutexEventAnalysis
0ecf575 
Co-authored-by: Simmo Saan <[email protected]>
@karoliineh @sim642
Use MayPointToA in threadEscape
fb43b5f 
Co-authored-by: Simmo Saan <[email protected]>
@karoliineh
Use MayPointToA in memLeak
e1263bc
@karoliineh
Use MayPointToA in mutexTypeAnalysis
eb951b6
@karoliineh
Use MayPointToA in pthreadSignals
4bd38f5
@karoliineh
Use MayPointToA in useAfterFree
68f5bb2
@karoliineh
Use MayPointToA in relationAnalysis
940a771
@karoliineh @sim642
Add mutex addr to unlock warning
ca39daf 
Co-authored-by: Simmo Saan <[email protected]>
@karoliineh
Use MayPointToA in relationAnalysis cont.
158a450
@karoliineh
Add TODO for removing fold from memLeak
4bfa786
@karoliineh
Use MayPointToA in useAfterFree cont.
71789d1
@karoliineh
Use MayPointToA in varEq
3cbd31f
@karoliineh
Use MayPointToA in uninit
b5f6c4b
@karoliineh
Use MayPointToA in spec
8937455
@karoliineh
Use MayPointToA in mallocFresh
e417443
@karoliineh
Use MayPointToA in malloc_null
16f3500
@karoliineh
Use MayPointToA in fileUse
68d6588
@karoliineh
Use MayPointToA in extractPthread
e697504
@karoliineh @sim642
Use MayPointToA in condVars
076da53 
Co-authored-by: Simmo Saan <[email protected]>
@karoliineh
Use MayPointToA in mvalMapDomain
1c7186c
@karoliineh
Add ReachableFrom query with address domain
f7b38a0
@karoliineh @sim642
Use MayPointToA and ReachableFromA in accessAnalysis
b49f0e0 
Co-authored-by: Simmo Saan <[email protected]>
@karoliineh karoliineh added cleanup Refactoring, clean-up type-safety Type-safety improvements precision labels Aug 22, 2023
@karoliineh karoliineh changed the title Use AddressDomain for queries Use AddressDomain for MayPointTo and ReachableFrom queries Aug 29, 2023
@karoliineh karoliineh mentioned this pull request Sep 1, 2023
Merged
5 tasks
michael-schwarz
michael-schwarz reviewed Sep 11, 2023
View reviewed changes
@sim642 sim642 marked this pull request as ready for review September 11, 2023 14:40
@sim642 sim642 added this to the v2.3.0 milestone Sep 11, 2023
@sim642
Copy link
Member

sim642 commented Sep 15, 2023

@michael-schwarz Do you intend to review this again or was that all?

@michael-schwarz
Copy link
Member

michael-schwarz commented Sep 15, 2023

It all seems reasonable at first glance, anything you would like me to look into in particular?

@sim642
Copy link
Member

sim642 commented Sep 15, 2023

Not really, I just wasn't sure since you left one small comment previously.

@sim642 sim642 merged commit 3666c92 into master Sep 18, 2023
@sim642 sim642 deleted the queries-ad branch September 18, 2023 09:05
@sim642 sim642 mentioned this pull request Sep 19, 2023
Merged
@michael-schwarz michael-schwarz mentioned this pull request Jul 6, 2024
Closed
@sim642 sim642 mentioned this pull request Feb 19, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@michael-schwarz michael-schwarz michael-schwarz left review comments

Assignees

@sim642 sim642

@karoliineh karoliineh

Labels

cleanup Refactoring, clean-up precision type-safety Type-safety improvements unsound

Projects

None yet

Milestone

v2.3.0

Development

Successfully merging this pull request may close these issues.

4 participants

@karoliineh @sim642 @michael-schwarz