profile
viewpoint
Herman Venter hermanventer Facebook

hermanventer/libra 0

Libra’s mission is to enable a simple global currency and financial infrastructure that empowers billions of people.

mimoo/mirai-bot 0

This is a github action to run MIRAI on libra/libra pull requests

pull request commentfacebookexperimental/MIRAI

Simplify *& in Path factory, make &str thin

Not really, but this is not currently a check-in gate. Errors like these are often latent and masked by other errors. Fixing everything at once is not feasible or desirable.

hermanventer

comment created time in 4 hours

PR opened facebookexperimental/MIRAI

Add stubs for OS calls used in crypto code.

Description

Add stubs for some OS calls used in the libra-crypto crate so that the calling functions can be analyzed in strict mode.

Type of change

  • [ ] Bug fix (non-breaking change which fixes an issue)
  • [x] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] API change with a documentation update
  • [ ] Additional test coverage
  • [ ] Code cleanup or just keeping up with the latest Rustc nightly

How Has This Been Tested?

./validate.sh ran MIRAI over Libra

+29 -0

0 comment

3 changed files

pr created time in 5 hours

create barnchfacebookexperimental/MIRAI

branch : contracts

created branch time in 6 hours

delete branch facebookexperimental/MIRAI

delete branch : ref_deref

delete time in 6 hours

push eventfacebookexperimental/MIRAI

Herman Venter

commit sha 368ab347ee537b81d307ea5917fc98495378edf0

Simplify *& in Path factory, make &str thin

view details

push time in 6 hours

PR merged facebookexperimental/MIRAI

Reviewers
Simplify *& in Path factory, make &str thin CLA Signed

Description

Make path refinement less hacky by moving most *& elimination into the Path::new_qualified factory function.

Also model &str pointers, correctly, as thin pointers rather than as slice pointers. Deal with the fall out from this change.

Type of change

  • [ ] Bug fix (non-breaking change which fixes an issue)
  • [ ] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] API change with a documentation update
  • [ ] Additional test coverage
  • [x] Code cleanup or just keeping up with the latest Rustc nightly

How Has This Been Tested?

./validate.sh ran MIRAI over Libra

+317 -257

0 comment

12 changed files

hermanventer

pr closed time in 6 hours

push eventfacebookexperimental/MIRAI

Herman Venter

commit sha 21070a3934d56d1c12dbbf695298398141741325

Simplify *& in Path factory, make &str thin

view details

push time in 7 hours

Pull request review commentfacebookexperimental/MIRAI

Simplify *& in Path factory, make &str thin

 impl AbstractValueTrait for Rc<AbstractValue> {         self.expression.record_heap_blocks(result);     } +    /// True if the value is derived from one or more memory locations whose addresses were not known+    /// when the value was constructed. Refining such values in the current environment could+    /// resolve them to particular locations and those locations may have more useful associated values.+    #[logfn_inputs(TRACE)]+    fn refers_to_unknown_location(&self) -> bool {+        match &self.expression {+            Expression::Cast { operand, .. } => operand.refers_to_unknown_location(),+            Expression::ConditionalExpression {+                consequent,+                alternate,+                ..+            } => consequent.refers_to_unknown_location() || alternate.refers_to_unknown_location(),+            Expression::Reference(..) => true,+            Expression::UninterpretedCall { path, .. }+            | Expression::Variable { path, .. }+            | Expression::Widen { path, .. } => {+                if let PathEnum::Alias { value } = &path.value {+                    return value.refers_to_unknown_location();+                }+                false+            }+            _ => false,

Excellent question. I think the answer is yes.

hermanventer

comment created time in 7 hours

PR opened facebookexperimental/MIRAI

Simplify *& in Path factory, make &str thin

Description

Make path refinement less hacky by moving *& elimination into the Path::new_qualified factory function (in MIRAI all simplifications ought to be done in factory functions).

Also model &str pointers, correctly, as thin pointers rather than as slice pointers. Deal with the fall out from this change.

Type of change

  • [ ] Bug fix (non-breaking change which fixes an issue)
  • [ ] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] API change with a documentation update
  • [ ] Additional test coverage
  • [x] Code cleanup or just keeping up with the latest Rustc nightly

How Has This Been Tested?

./validate.sh ran MIRAI over Libra

+287 -251

0 comment

12 changed files

pr created time in 8 hours

create barnchfacebookexperimental/MIRAI

branch : ref_deref

created branch time in 8 hours

delete branch facebookexperimental/MIRAI

delete branch : timeout

delete time in 4 days

push eventfacebookexperimental/MIRAI

Herman Venter

commit sha 7140a4f4481df70a1e951c3a0fca2382b853a976

Do not decrement a call count that already 0

view details

push time in 4 days

PR merged facebookexperimental/MIRAI

Do not decrement a call count that already 0 CLA Signed

Description

Running a debug build of MIRAI over Libra found a case where a zero counter is decremented. Now guard against this.

Also tweak the validate script to not install MIRAI into cargo just for building the persitent summary store.

Type of change

  • [x] Bug fix (non-breaking change which fixes an issue)
  • [ ] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] API change with a documentation update
  • [ ] Additional test coverage
  • [ ] Code cleanup or just keeping up with the latest Rustc nightly

How Has This Been Tested?

./validate.sh ran MIRAI over Libra

+14 -13

0 comment

3 changed files

hermanventer

pr closed time in 4 days

PR opened facebookexperimental/MIRAI

Do not decrement a call count that already 0

Description

Running a debug build of MIRAI over Libra found a case where a zero counter is decremented. Now guard against this.

Also tweak the validate script to not install MIRAI into cargo just for building the persitent summary store.

Type of change

  • [x] Bug fix (non-breaking change which fixes an issue)
  • [ ] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] API change with a documentation update
  • [ ] Additional test coverage
  • [ ] Code cleanup or just keeping up with the latest Rustc nightly

How Has This Been Tested?

./validate.sh ran MIRAI over Libra

+14 -13

0 comment

3 changed files

pr created time in 4 days

push eventfacebookexperimental/MIRAI

Di Wang

commit sha a563e65b1abb4f251b6ffce42247fb1feb07c8fb

Clarify how to run a locally built mirai.

view details

Herman Venter

commit sha 83c1278cfb79654fdef445e6832a3f8a292526f8

Do not decrement a call count that already 0

view details

push time in 4 days

create barnchfacebookexperimental/MIRAI

branch : timeout

created branch time in 4 days

push eventfacebookexperimental/MIRAI

Di Wang

commit sha a563e65b1abb4f251b6ffce42247fb1feb07c8fb

Clarify how to run a locally built mirai.

view details

push time in 4 days

PR merged facebookexperimental/MIRAI

Clarify how to run a locally built mirai. CLA Signed

Description

The "Running" section of the developer guide has mixed instructions for using both a locally built binary and a globally installed binary, on both a single file (as rustc) and a crate (via cargo). It also seems unnecessary to have instructions for globally installed binary, because they are covered somewhere else, and a developer just needs the locally built one during development.

This commit separates the instructions for single files from those for crates, updates all the commands to use a locally built binary, and tweaks the indentation in debug configurations.

Type of change

  • [ ] Bug fix (non-breaking change which fixes an issue)
  • [ ] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] API change with a documentation update
  • [ ] Additional test coverage
  • [ ] Code cleanup or just keeping up with the latest Rustc nightly

None of the above: only documentation change.

How Has This Been Tested?

Followed the instructions to build and run locally built mirai on both single files and crates.

+22 -18

2 comments

1 changed file

stonebuddha

pr closed time in 4 days

delete branch facebookexperimental/MIRAI

delete branch : heap_path_type

delete time in 4 days

pull request commentfacebookexperimental/MIRAI

Clarify how to run a locally built mirai.

I presume that you have actually carried out the process documented by this. If so, that is your test plan. If not, please do so.

stonebuddha

comment created time in 4 days

push eventfacebookexperimental/MIRAI

Herman Venter

commit sha 71f20c2bee7942982caabfcbe600b1c5562c96a8

Keep better track of the rustc type of the value expected at a heap path

view details

push time in 4 days

PR merged facebookexperimental/MIRAI

Reviewers
Keep better track of the rustc type of the value expected at a heap path CLA Signed

Description

It is sometimes necessary to know the Rustc type of a value located at a path that has been constructed from composing paths obtained from summaries with paths obtained from MIR. Such paths can contain heap addresses and there is currently no case to handle that. Add such a case. Also populate the path type cache, which accounts for most of the changes in this PR.

Type of change

  • [x] Bug fix (non-breaking change which fixes an issue)
  • [ ] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] API change with a documentation update
  • [ ] Additional test coverage
  • [ ] Code cleanup or just keeping up with the latest Rustc nightly

How Has This Been Tested?

./validate.sh ran MIRAI over Libra

+84 -22

0 comment

4 changed files

hermanventer

pr closed time in 4 days

PR opened facebookexperimental/MIRAI

Keep better track of the rustc type of the value expected at a heap path

Description

It is sometimes necessary to know the Rustc type of a value located at a path that has been constructed from composing paths obtained from summaries with paths obtained from MIR. Such paths can contain heap addresses and there is currently no case to handle that. Add such a case. Also populate the path type cache, which accounts for most of the changes in this PR.

Type of change

  • [x] Bug fix (non-breaking change which fixes an issue)
  • [ ] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] API change with a documentation update
  • [ ] Additional test coverage
  • [ ] Code cleanup or just keeping up with the latest Rustc nightly

How Has This Been Tested?

./validate.sh ran MIRAI over Libra

+84 -22

0 comment

4 changed files

pr created time in 5 days

create barnchfacebookexperimental/MIRAI

branch : heap_path_type

created branch time in 5 days

delete branch facebookexperimental/MIRAI

delete branch : bad_preconditions

delete time in 5 days

push eventfacebookexperimental/MIRAI

Herman Venter

commit sha 6139bef42089ea0ceb3bac4bbd4612fe7a460a82

Do not infer unsatisfiable preconditions

view details

push time in 5 days

PR merged facebookexperimental/MIRAI

Reviewers
Do not infer unsatisfiable preconditions CLA Signed

Description

Do not require public constant functions to have explicit preconditions because this introduces control flow and calls to helper functions and because they should be simple enough for inferred preconditions to be sufficient.

Also, do not create preconditions that refer to local variables, since the caller cannot satisfy such preconditions. Of course, this is a source of unsoundness and a by product of imprecise, faulty reasoning by the analyzer, so eventually such case will be banished (and logged), but for now they are just a source of annoying false positives.

Finally, if the analyzer finds a (real or false) issue in code that is called by the crate being analyzed, but not part of the the crate, there is no point in providing the programmer of the crate being analyzed with a message about code they are probably not able to fix. (If the diagnostic level is set to paranoid, the diagnostic is retained.)

Type of change

  • [x] Bug fix (non-breaking change which fixes an issue)
  • [ ] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] API change with a documentation update
  • [ ] Additional test coverage
  • [ ] Code cleanup or just keeping up with the latest Rustc nightly

How Has This Been Tested?

./validate.sh ran MIRAI over Libra

+203 -52

0 comment

9 changed files

hermanventer

pr closed time in 5 days

PR opened facebookexperimental/MIRAI

Do not infer unsatisfiable preconditions

Description

Do not require public constant functions to have explicit preconditions because this introduces control flow and calls to helper functions and because they should be simple enough for inferred preconditions to be sufficient.

Also, do not create preconditions that refer to local variables, since the caller cannot satisfy such preconditions. Of course, this is a source of unsoundness and a by product of imprecise, faulty reasoning by the analyzer, so eventually such case will be banished (and logged), but for now they are just a source of annoying false positives.

Finally, if the analyzer finds a (real or false) issue in code that is called by the crate being analyzed, but not part of the the crate, there is no point in providing the programmer of the crate being analyzed with a message about code they are probably not able to fix. (If the diagnostic level is set to paranoid, the diagnostic is retained.)

Type of change

  • [x] Bug fix (non-breaking change which fixes an issue)
  • [ ] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] API change with a documentation update
  • [ ] Additional test coverage
  • [ ] Code cleanup or just keeping up with the latest Rustc nightly

How Has This Been Tested?

./validate.sh ran MIRAI over Libra

+203 -52

0 comment

9 changed files

pr created time in 5 days

push eventfacebookexperimental/MIRAI

Herman Venter

commit sha 4ff32c1ae063aa2957aa8f6fd1d1d48ed29df819

Do not infer unsatisfiable preconditions

view details

push time in 5 days

push eventfacebookexperimental/MIRAI

Herman Venter

commit sha 812065b8035922d601ef43ba679c8512ad2ceac2

Do not infer unsatisfiable preconditions

view details

push time in 5 days

create barnchfacebookexperimental/MIRAI

branch : bad_preconditions

created branch time in 5 days

delete branch facebookexperimental/MIRAI

delete branch : fat_ptr_copy

delete time in 5 days

push eventfacebookexperimental/MIRAI

Herman Venter

commit sha c8dadb37723a5f61c68a46e434c8c22850bda340

More work on fat pointers

view details

push time in 5 days

PR merged facebookexperimental/MIRAI

Reviewers
More work on fat pointers CLA Signed

Description

Slice pointers are "fat", which means that the pointer is a tuple: (thin_pointer, length).

Until this PR, fat pointers were actually modeled as thin pointers that have a special "length" field in addition to anything else they point to. This worked rather well, since slices do not point to arbitrary structures and their index elements and the length field do not clash.

Things do not quite work out, however, when fat pointers are constructed via unions and when they are the first (leaf) field of a structure. In such cases, the tuple representation is required and the hacks that tried make things work for the current representation failed in important edge cases.

Unfortunately, changing the current representation to the tuple representation required major surgery to the heap model, hence this PR is rather large and obtuse, and took several weeks to prepare, although the overall code is probably a bit easier to understand now.

There are several outstanding issues that have been uncovered by the more correct behavior introduced by this PR. They will be addressed in separate PRs to keep this one as small as possible.

Type of change

  • [x] Bug fix (non-breaking change which fixes an issue)
  • [ ] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] API change with a documentation update
  • [ ] Additional test coverage
  • [ ] Code cleanup or just keeping up with the latest Rustc nightly

How Has This Been Tested?

./validate.sh ran MIRAI over Libra

+1149 -589

0 comment

30 changed files

hermanventer

pr closed time in 5 days

PR opened facebookexperimental/MIRAI

Reviewers
More work on fat pointers

Description

Slice pointers are "fat", which means that the pointer is a tuple: (thin_pointer, length).

Until this PR, fat pointers were actually modeled as thin pointers that have a special "length" field in addition to anything else they point to. This worked rather well, since slices do not point to arbitrary structures and their index elements and the length field do not clash.

Things do not quite work out, however, when fat pointers are constructed via unions and when they are the first (leaf) field of a structure. In such cases, the tuple representation is required and the hacks that tried make things work for the current representation failed in important edge cases.

Unfortunately, changing the current representation to the tuple representation required major surgery to the heap model, hence this PR is rather large and obtuse, and took several weeks to prepare, although the overall code is probably a bit easier to understand now.

There are several outstanding issues that have been uncovered by the more correct behavior introduced by this PR. They will be addressed in separate PRs to keep this one as small as possible.

Type of change

  • [x] Bug fix (non-breaking change which fixes an issue)
  • [ ] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] API change with a documentation update
  • [ ] Additional test coverage
  • [ ] Code cleanup or just keeping up with the latest Rustc nightly

How Has This Been Tested?

./validate.sh ran MIRAI over Libra

+1149 -589

0 comment

30 changed files

pr created time in 6 days

create barnchfacebookexperimental/MIRAI

branch : fat_ptr_copy

created branch time in 6 days

delete branch facebookexperimental/MIRAI

delete branch : fat_ptr_copy

delete time in 6 days

delete branch facebookexperimental/MIRAI

delete branch : heap_block_path_type

delete time in 6 days

delete branch facebookexperimental/MIRAI

delete branch : specialize_locals

delete time in 6 days

create barnchfacebookexperimental/MIRAI

branch : fat_ptr_copy

created branch time in 6 days

push eventfacebookexperimental/MIRAI

Herman Venter

commit sha fecfa18647f7a38a682e636cf5cb9ffccc4fe973

Specialize generic types of local variables

view details

push time in 10 days

PR merged facebookexperimental/MIRAI

Specialize generic types of local variables CLA Signed

Description

Local variables types retrieved via mir.locals need to get specialized with actual generic argument types before being used.

Type of change

  • [x] Bug fix (non-breaking change which fixes an issue)
  • [ ] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] API change with a documentation update
  • [ ] Additional test coverage
  • [ ] Code cleanup or just keeping up with the latest Rustc nightly

How Has This Been Tested?

./validate.sh ran MIRAI over Libra

+52 -62

0 comment

8 changed files

hermanventer

pr closed time in 10 days

PR opened facebookexperimental/MIRAI

Specialize generic types of local variables

Description

Local variables types retrieved via mir.locals need to get specialized with actual generic argument types before being used.

Type of change

  • [x] Bug fix (non-breaking change which fixes an issue)
  • [ ] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] API change with a documentation update
  • [ ] Additional test coverage
  • [ ] Code cleanup or just keeping up with the latest Rustc nightly

How Has This Been Tested?

./validate.sh ran MIRAI over Libra

+52 -62

0 comment

8 changed files

pr created time in 11 days

create barnchfacebookexperimental/MIRAI

branch : specialize_locals

created branch time in 11 days

delete branch facebookexperimental/MIRAI

delete branch : pointers

delete time in 11 days

push eventfacebookexperimental/MIRAI

Herman Venter

commit sha 81eea879b7f3b6f8b5f2e312227c7e9200a84727

Add builtin support for pointer swapping. Additional contracts.

view details

push time in 11 days

PR merged facebookexperimental/MIRAI

Add builtin support for pointer swapping. Additional contracts. CLA Signed

Description

Lift the level of abstraction of some basic pointer operations away from the byte level to make life easier for the heap model.

Type of change

  • [ ] Bug fix (non-breaking change which fixes an issue)
  • [x] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] API change with a documentation update
  • [ ] Additional test coverage
  • [ ] Code cleanup or just keeping up with the latest Rustc nightly

How Has This Been Tested?

./validate.sh ran MIRAI over Libra

+136 -3

0 comment

4 changed files

hermanventer

pr closed time in 11 days

PR opened facebookexperimental/MIRAI

Add builtin support for pointer swapping. Additional contracts.

Description

Lift the level of abstraction of some basic pointer operations away from the byte level to make life easier for the heap model.

Type of change

  • [ ] Bug fix (non-breaking change which fixes an issue)
  • [x] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] API change with a documentation update
  • [ ] Additional test coverage
  • [ ] Code cleanup or just keeping up with the latest Rustc nightly

How Has This Been Tested?

./validate.sh ran MIRAI over Libra

+136 -3

0 comment

4 changed files

pr created time in 12 days

create barnchfacebookexperimental/MIRAI

branch : pointers

created branch time in 12 days

delete branch facebookexperimental/MIRAI

delete branch : func_const_args

delete time in 18 days

push eventfacebookexperimental/MIRAI

Herman Venter

commit sha f79a91bef5f6bac822c935cfc5b085d9d3ecb01b

Remove duplicate of get_function_constant_args

view details

push time in 18 days

PR merged facebookexperimental/MIRAI

Remove duplicate of get_function_constant_args CLA Signed

Description

Remove duplicate of get_function_constant_args

Type of change

  • [ ] Bug fix (non-breaking change which fixes an issue)
  • [ ] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] API change with a documentation update
  • [ ] Additional test coverage
  • [x] Code cleanup or just keeping up with the latest Rustc nightly

How Has This Been Tested?

./validate.sh ran MIRAI over Libra

+3 -49

0 comment

3 changed files

hermanventer

pr closed time in 18 days

PR opened facebookexperimental/MIRAI

Remove duplicate of get_function_constant_args

Description

Remove duplicate of get_function_constant_args

Type of change

  • [ ] Bug fix (non-breaking change which fixes an issue)
  • [ ] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] API change with a documentation update
  • [ ] Additional test coverage
  • [x] Code cleanup or just keeping up with the latest Rustc nightly

How Has This Been Tested?

./validate.sh ran MIRAI over Libra

+3 -49

0 comment

3 changed files

pr created time in 19 days

create barnchfacebookexperimental/MIRAI

branch : func_const_args

created branch time in 19 days

push eventfacebookexperimental/MIRAI

Herman Venter

commit sha bc7369797146b33f85f2f2c2d5af4a3a137f6bfd

Git rid of ExpressionType::Reference

view details

push time in 19 days

delete branch facebookexperimental/MIRAI

delete branch : noref

delete time in 19 days

PR merged facebookexperimental/MIRAI

Git rid of ExpressionType::Reference CLA Signed

Description

There are actually two kinds of references:

  1. Thin references that point directly the referenced data
  2. Fat references that are structs of the form { thin_ref, length }

The two kinds of references need to be treated differently when copying/moving them and when dereferencing them. Having a single type value for both kinds does not help and it is not always feasible to fall back on the rustc types.

This PR renames ExpressionType::Reference to ExpressionType::ThinPointer and now uses ExpressionType::NonPrimitive for fat pointers. It also does more work to make the heap model accurately track fat pointers as structs.

Type of change

  • [x] Bug fix (non-breaking change which fixes an issue)
  • [ ] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] API change with a documentation update
  • [ ] Additional test coverage
  • [ ] Code cleanup or just keeping up with the latest Rustc nightly

How Has This Been Tested?

./validate.sh ran MIRAI over Libra

+171 -129

0 comment

9 changed files

hermanventer

pr closed time in 19 days

PR opened facebookexperimental/MIRAI

Reviewers
Git rid of ExpressionType::Reference

Description

There are actually two kinds of references:

  1. Thin references that point directly the referenced data
  2. Fat references that are structs of the form { thin_ref, length }

The two kinds of references need to be treated differently when copying/moving them and when dereferencing them. Having a single type value for both kinds does not help and it is not always feasible to fall back on the rustc types.

This PR renames ExpressionType::Reference to ExpressionType::ThinPointer and now uses ExpressionType::NonPrimitive for fat pointers. It also does more work to make the heap model accurately track fat pointers as structs.

Type of change

  • [x] Bug fix (non-breaking change which fixes an issue)
  • [ ] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] API change with a documentation update
  • [ ] Additional test coverage
  • [ ] Code cleanup or just keeping up with the latest Rustc nightly

How Has This Been Tested?

./validate.sh ran MIRAI over Libra

+171 -129

0 comment

9 changed files

pr created time in 20 days

push eventfacebookexperimental/MIRAI

Herman Venter

commit sha 213d1a3e4af54a9e167238f7ae8881e894a384c2

Git rid of ExpressionType::Reference

view details

push time in 20 days

create barnchfacebookexperimental/MIRAI

branch : noref

created branch time in 20 days

delete branch facebookexperimental/MIRAI

delete branch : more_contracts

delete time in 20 days

push eventfacebookexperimental/MIRAI

Herman Venter

commit sha 1d9417fc66e3dc5d54c9a15043ea4e0625567650

Add some more substance to foreign contracts.

view details

push time in 20 days

PR merged facebookexperimental/MIRAI

Add some more substance to foreign contracts. CLA Signed

Description

Make a bunch of the intrinsic contracts a little bit less trivial in foreign_contracts.

Type of change

  • [ ] Bug fix (non-breaking change which fixes an issue)
  • [x] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] API change with a documentation update
  • [ ] Additional test coverage
  • [ ] Code cleanup or just keeping up with the latest Rustc nightly

How Has This Been Tested?

./validate.sh ran MIRAI over Libra

+656 -163

0 comment

3 changed files

hermanventer

pr closed time in 20 days

PR opened facebookexperimental/MIRAI

Add some more substance to foreign contracts.

Description

Make a bunch of the intrinsic contracts a little bit less trivial in foreign_contracts.

Type of change

  • [ ] Bug fix (non-breaking change which fixes an issue)
  • [x] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] API change with a documentation update
  • [ ] Additional test coverage
  • [ ] Code cleanup or just keeping up with the latest Rustc nightly

How Has This Been Tested?

./validate.sh ran MIRAI over Libra

+656 -163

0 comment

3 changed files

pr created time in 21 days

create barnchfacebookexperimental/MIRAI

branch : more_contracts

created branch time in 21 days

create barnchfacebookexperimental/MIRAI

branch : heap_block_path_type

created branch time in 21 days

delete branch facebookexperimental/MIRAI

delete branch : recursive_loops

delete time in 21 days

push eventfacebookexperimental/MIRAI

Herman Venter

commit sha 5f45f4029f47f68aebe444a073a5b1b119dd2d1c

Recursive loops

view details

push time in 21 days

PR merged facebookexperimental/MIRAI

Reviewers
Recursive loops CLA Signed

Description

Allow self recursive functions to descend several calls deep before terminating the recursive loop (which may carry on forever if the base case condition is abstract).

The result of termination is that the caller of a terminated call sees BOTTOM for the result of the recursive call, and hence eliminates all branches that include such calls, effectively computing a summary for the base case. It the next caller up then get's to analyze both the base case and the recursive case using the base case summary. The next caller up from that does it again, but produces a summary where all outputs are widened. The next caller up does it again and then things stop.

The widening means that analysis of self recursive functions are now sound, rather than unsoundly assuming that only the base case ever happens. There is still work to be done to reason usefully about the widened values.

Type of change

  • [ ] Bug fix (non-breaking change which fixes an issue)
  • [x] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] API change with a documentation update
  • [ ] Additional test coverage
  • [ ] Code cleanup or just keeping up with the latest Rustc nightly

How Has This Been Tested?

./validate.sh ran MIRAI over Libra

+32 -56

0 comment

3 changed files

hermanventer

pr closed time in 21 days

PR opened facebookexperimental/MIRAI

Reviewers
Recursive loops

Description

Allow self recursive functions to descend several calls deep before terminating the recursive loop (which may carry on forever if the base case condition is abstract).

The result of termination is that the caller of a terminated call sees BOTTOM for the result of the recursive call, and hence eliminates all branches that include such calls, effectively computing a summary for the base case. It the next caller up then get's to analyze both the base case and the recursive case using the base case summary. The next caller up from that does it again, but produces a summary where all outputs are widened. The next caller up does it again and then things stop.

The widening means that analysis of self recursive functions are now sound, rather than unsoundly assuming that only the base case ever happens. There is still work to be done to reason usefully about the widened values.

Type of change

  • [ ] Bug fix (non-breaking change which fixes an issue)
  • [x] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] API change with a documentation update
  • [ ] Additional test coverage
  • [ ] Code cleanup or just keeping up with the latest Rustc nightly

How Has This Been Tested?

./validate.sh ran MIRAI over Libra

+32 -56

0 comment

3 changed files

pr created time in 24 days

create barnchfacebookexperimental/MIRAI

branch : recursive_loops

created branch time in 24 days

delete branch facebookexperimental/MIRAI

delete branch : noref

delete time in 24 days

create barnchfacebookexperimental/MIRAI

branch : noref

created branch time in 24 days

delete branch facebookexperimental/MIRAI

delete branch : join_with_bottom

delete time in 24 days

push eventfacebookexperimental/MIRAI

Herman Venter

commit sha 73c54e1fbe3e234b7dbc3cad2a8afee0551c59b0

Clarify code for joining with bottom.

view details

push time in 24 days

PR merged facebookexperimental/MIRAI

Reviewers
Clarify code for joining with bottom. CLA Signed

Description

BOTTOM has not been much used up to now, but needs to work properly for analysis of self recursive functions to be sound. This PR cleans up things related to BOTTOM.

One of the chief things to bear in mind when reading this code is that the absence of (path, value) pair in an environment has multiple causes.

If the path is a local variable, it means the local has not been initialized and thus that references to its value are forbidden and thus that the result of looking up the local should be BOTTOM. While code generated by the compiler will never cause such lookups to happen, self recursion can have this effect because we need to force the recursion to always terminate statically and for the leaf recursive call to analyze only the base (non-recursive) case.

For other kinds of paths, however, the absence of a (path, value) entry in an environment means that the value is unknown (TOP, but with known location and type),

Type of change

  • [ ] Bug fix (non-breaking change which fixes an issue)
  • [x] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] API change with a documentation update
  • [ ] Additional test coverage
  • [ ] Code cleanup or just keeping up with the latest Rustc nightly

How Has This Been Tested?

./validate.sh ran MIRAI over Libra

+142 -112

0 comment

5 changed files

hermanventer

pr closed time in 24 days

delete branch facebookexperimental/MIRAI

delete branch : remove_dups

delete time in 24 days

push eventfacebookexperimental/MIRAI

Herman Venter

commit sha b4d0888c48210ce608d5e82f1d777cc9662e7934

Remove duplicate functions

view details

Herman Venter

commit sha d11feab625cbb0bf2c9c0f7149f4a2e84ff29753

Clarify code for joining with bottom.

view details

push time in 24 days

push eventfacebookexperimental/MIRAI

Herman Venter

commit sha b4d0888c48210ce608d5e82f1d777cc9662e7934

Remove duplicate functions

view details

push time in 24 days

PR merged facebookexperimental/MIRAI

Remove duplicate functions CLA Signed

Description

Remove duplicate functions that were inadvertently introduced during recent major code movements.

Also undo changes to shopping cart toml to avoid updating dependencies because the newer versions cause MIRAI to crash when running on itself.

Type of change

  • [ ] Bug fix (non-breaking change which fixes an issue)
  • [ ] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] API change with a documentation update
  • [ ] Additional test coverage
  • [x] Code cleanup or just keeping up with the latest Rustc nightly

How Has This Been Tested?

./validate.sh

+40 -430

0 comment

5 changed files

hermanventer

pr closed time in 24 days

push eventfacebookexperimental/MIRAI

Herman Venter

commit sha f4aa9861c38dff19d3f620b79abb9d14830a3a04

Add annotations to tag values with types.

view details

Herman Venter

commit sha 4dcf89d2441cd81de49ff8308824b64a6aafc5b0

Make the shopping cart example self contained.

view details

Herman Venter

commit sha 7732954f006db7d492a5bb4abb5f5731d576e4a3

Remove duplicate functions

view details

Herman Venter

commit sha db35a083aa41021d5b1b0d91fc61fb20eb2dfd89

Clarify code for joining with bottom.

view details

push time in 25 days

PR opened facebookexperimental/MIRAI

Remove duplicate functions

Description

Remove duplicate functions that were inadvertently introduced during recent major code movements.

Also undo changes to shopping cart toml to avoid updating dependencies because the newer versions cause MIRAI to crash when running on itself.

Type of change

  • [ ] Bug fix (non-breaking change which fixes an issue)
  • [ ] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] API change with a documentation update
  • [ ] Additional test coverage
  • [x] Code cleanup or just keeping up with the latest Rustc nightly

How Has This Been Tested?

./validate.sh

+40 -430

0 comment

5 changed files

pr created time in 25 days

create barnchfacebookexperimental/MIRAI

branch : remove_dups

created branch time in 25 days

delete branch facebookexperimental/MIRAI

delete branch : shopping_cart_toml

delete time in 25 days

push eventfacebookexperimental/MIRAI

Herman Venter

commit sha 4dcf89d2441cd81de49ff8308824b64a6aafc5b0

Make the shopping cart example self contained.

view details

push time in 25 days

PR merged facebookexperimental/MIRAI

Reviewers
Make the shopping cart example self contained. CLA Signed

Description

Get the dependencies from crates.io

Type of change

  • [ ] Bug fix (non-breaking change which fixes an issue)
  • [ ] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] API change with a documentation update
  • [ ] Additional test coverage
  • [x] Code cleanup or just keeping up with the latest Rustc nightly

How Has This Been Tested?

cargo test

+21 -5

0 comment

2 changed files

hermanventer

pr closed time in 25 days

PR opened facebookexperimental/MIRAI

Make the shopping cart example self contained.

Description

Get the dependencies from crates.io

Type of change

  • [ ] Bug fix (non-breaking change which fixes an issue)
  • [ ] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] API change with a documentation update
  • [ ] Additional test coverage
  • [x] Code cleanup or just keeping up with the latest Rustc nightly

How Has This Been Tested?

cargo test

+21 -5

0 comment

2 changed files

pr created time in a month

create barnchfacebookexperimental/MIRAI

branch : shopping_cart_toml

created branch time in a month

delete branch facebookexperimental/MIRAI

delete branch : tags

delete time in a month

push eventfacebookexperimental/MIRAI

Herman Venter

commit sha f4aa9861c38dff19d3f620b79abb9d14830a3a04

Add annotations to tag values with types.

view details

push time in a month

PR merged facebookexperimental/MIRAI

Add annotations to tag values with types. CLA Signed

Description

Provide a way to add and track type tags on arbitrary values. For example taint sources can add a "this value is tainted in this way" tag and taint sanitizers can add "this value has been sanitized from this kind of taint".

Once added a tag cannot be removed and it is illegal to modify the value (lest the tag becomes meaningless).

Still to be designed and provided is a way to to control the behavior of transfer functions. I.e. if a value is constructed from an argument that is tagged, does it get tagged? Clearly that depends on the kind of tag. I intend to use marker traits to control this, pending further design and implementation work.

Type of change

  • [ ] Bug fix (non-breaking change which fixes an issue)
  • [x] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] API change with a documentation update
  • [ ] Additional test coverage
  • [ ] Code cleanup or just keeping up with the latest Rustc nightly

How Has This Been Tested?

Not testable right now.

+45 -6

0 comment

3 changed files

hermanventer

pr closed time in a month

PR opened facebookexperimental/MIRAI

Add annotations to tag values with types.

Description

Provide a way to add and track type tags on arbitrary values. For example taint sources can add a "this value is tainted in this way" tag and taint sanitizers can add "this value has been sanitized from this kind of taint".

Once added a tag cannot be removed and it is illegal to modify the value (lest the tag becomes meaningless).

Still to be designed and provided is a way to to control the behavior of transfer functions. I.e. if a value is constructed from an argument that is tagged, does it get tagged? Clearly that depends on the kind of tag. I intend to use marker traits to control this, pending further design and implementation work.

Type of change

  • [ ] Bug fix (non-breaking change which fixes an issue)
  • [x] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] API change with a documentation update
  • [ ] Additional test coverage
  • [ ] Code cleanup or just keeping up with the latest Rustc nightly

How Has This Been Tested?

Not testable right now.

+45 -6

0 comment

3 changed files

pr created time in a month

create barnchfacebookexperimental/MIRAI

branch : tags

created branch time in a month

PR opened facebookexperimental/MIRAI

Clarify code for joining with bottom.

Description

BOTTOM has not been much used up to now, but needs to work properly for analysis of self recursive functions to be sound. This PR cleans up things related to BOTTOM.

One of the chief things to bear in mind when reading this code is that the absence of (path, value) pair in an environment has multiple causes.

If the path is a local variable, it means the local has not been initialized and thus that references to its value are forbidden and thus that the result of looking up the local should be BOTTOM. While code generated by the compiler will never cause such lookups to happen, self recursion can have this effect because we need to force the recursion to always terminate statically and for the leaf recursive call to analyze only the base (non-recursive) case.

For other kinds of paths, however, the absence of a (path, value) entry in an environment means that the value is unknown (TOP, but with known location and type),

Type of change

  • [ ] Bug fix (non-breaking change which fixes an issue)
  • [x] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] API change with a documentation update
  • [ ] Additional test coverage
  • [ ] Code cleanup or just keeping up with the latest Rustc nightly

How Has This Been Tested?

./validate.sh ran MIRAI over Libra

+142 -112

0 comment

5 changed files

pr created time in a month

create barnchfacebookexperimental/MIRAI

branch : join_with_bottom

created branch time in a month

delete branch facebookexperimental/MIRAI

delete branch : uninterpreted_function

delete time in a month

push eventfacebookexperimental/MIRAI

Herman Venter

commit sha 3ecaf973197a9e3f8ecfabdaf36e577227947ba7

Fill out the implementation of uninterpreted call.

view details

push time in a month

PR merged facebookexperimental/MIRAI

Fill out the implementation of uninterpreted call. CLA Signed

Description

Use a factory and properly refine the values. Not important now, perhaps never, but better clean code than not.

Type of change

  • [ ] Bug fix (non-breaking change which fixes an issue)
  • [ ] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] API change with a documentation update
  • [ ] Additional test coverage
  • [x] Code cleanup or just keeping up with the latest Rustc nightly

How Has This Been Tested?

./validate.sh ran MIRAI over Libra

+108 -23

0 comment

4 changed files

hermanventer

pr closed time in a month

PR opened facebookexperimental/MIRAI

Fill out the implementation of uninterpreted call.

Description

Use a factory and properly refine the values. Not important now, perhaps never, but better clean code than not.

Type of change

  • [ ] Bug fix (non-breaking change which fixes an issue)
  • [ ] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] API change with a documentation update
  • [ ] Additional test coverage
  • [x] Code cleanup or just keeping up with the latest Rustc nightly

How Has This Been Tested?

./validate.sh ran MIRAI over Libra

+108 -23

0 comment

4 changed files

pr created time in a month

create barnchfacebookexperimental/MIRAI

branch : uninterpreted_function

created branch time in a month

more