Skip to content

Nullpointer dereference#256

Merged
sim642 merged 80 commits intogoblint:masterfrom
vandah:nullpointer-dereference
Aug 24, 2021
Merged

Nullpointer dereference#256
sim642 merged 80 commits intogoblint:masterfrom
vandah:nullpointer-dereference

Conversation

@EdinCitaku
Copy link
Copy Markdown
Contributor

@EdinCitaku EdinCitaku commented Jun 17, 2021

Fixes #199
In this PR we add detection for nullpointer dereference and add regression tests for this.
We differentiate between may and must, the detection happens inside of the base analysis and it is under the flag dbg.warn.behavior.
The detection happens inside of eval_lv.
The must warning gets printed when there exists at least one path and context where the nullpointer dereferenciation must happen when reaching the program point it in the corresponding context and with a value described by the predecessor.
The may warning gets printed when we are not sure that the pointer is not null.

EdinCitaku and others added 30 commits June 2, 2021 10:17
@EdinCitaku
added regression tests
c43acba
@EdinCitaku
firs try, not working sadly
a779187
@EdinCitaku
nullpointer dereferencing is now being detected
15fea07
@Wherekonshade
Added flag
b43002e
@Wherekonshade
run failed. Debugging
80bb6b1
@Wherekonshade
Indentation fix
74cca69
@Wherekonshade
added regression tests
696636a
@Wherekonshade
regression fix 1
0bf9fbe
@Wherekonshade
regression fix 2
fca84f4
@Wherekonshade
fix regression 3
3493ff2
@Wherekonshade
regression fix 4
1ecc9ca
@Wherekonshade
warns back in regression tests
afddb6d
@Wherekonshade
removed warns in 11+12
566f649
@vandah
types + functions for new warning system
97f8006
@EdinCitaku
minor changes
2283241
@EdinCitaku
Added differentiate between must and may
b2d2534
@EdinCitaku
minor fix
5d3dd04
@EdinCitaku
Merge branch 'warnings_rework' of github.com:vandah/analyzer into nul…
df14b3f 
…lpointer-dereference
@EdinCitaku
made may prettier
5f3184f
@Wherekonshade
pray for us
da2714d
@vandah
fix warning type
9bf11a2
@vandah
Merge branch 'master' into warnings_rework
0a85be6
@EdinCitaku
lval dereference will now also be detected
cd9bedc
@EdinCitaku
minor change
0a1d1ed
@EdinCitaku
Merge branch 'warnings_rework' of github.com:vandah/analyzer into nul…
fc06a06 
…lpointer-dereference
@EdinCitaku
now use new way of warning
5e80897
@EdinCitaku
fix
b8bc226
@Wherekonshade
Added flags for all warning categories
6be69b6
@vandah
remove redundant M.EventType.Unknown
059ea08
@vandah
fix goblint parameters in regtests
ec53252
@EdinCitaku
Copy link
Copy Markdown
Contributor Author

EdinCitaku commented Jul 1, 2021

Maybe you can add some test cases where a possible NULL-pointer is dereferenced when it is passed as an argument to a function call? (E.g.: foo(*p))

Created a new regression test for that!

@EdinCitaku
Copy link
Copy Markdown
Contributor Author

EdinCitaku commented Jul 4, 2021

One way it's called is from invalidate, which is used when a library function, which modifies its arguments, is passed some pointers. For example in this case:

@sim642 We had a discussion with the tutors (@michael-schwarz and @jerhard) and came to the conclusion that this would be out of scope for the PR. Hope that's ok for you!

jerhard
jerhard reviewed Jul 5, 2021
View reviewed changes
EdinCitaku and others added 20 commits July 5, 2021 17:10
@EdinCitaku
added brackets to make it more readable
578577d
@vandah
remove commented out code from messages.ml
049337b
@vandah
make certainty an optional parameter
19c29cc 
also renames Warning -> WarningWithCertainty and WarnType -> Warning
@vandah
really nested warning types
ac256d7
@vandah
add create functions to submodules
7f4088a 
also remove the array type because arrayoob is under UB
@vandah
complete the removal of the Array type of warning
4403b56
@vandah
Merge branch 'master' into warnings_rework
0617b88
@vandah
use parameters of Integer and Cast
2b23f15 
also uses concatenation instead of redundant sprintf
@vandah
remove testing warning
c8b7097
@vandah
move to_string inside should_warn
c4eb3ad 
and replace unused parameters with `_`
@vandah
M.report -> M.warn_each
3132fc8 
also adds optional location to warn_each
@vandah
add [Warning] tag to all warnings
4bc586f 
this eliminates the need to specify the regexes separately in
update_suite.rb
later it would probably be nice if the categories were parsed and
checked there

also changes formatting of the warning tags
@vandah
remove [Warning] tag from Debug
a58eac7
@vandah
parse warning types from spec analysis
b57e08f
@vandah
make warning an optional argument
6cc42d2 
also adds optional msg argument and removes string params from unknown
and debug
@vandah
try to fix warn calls also in comments
92b8d73
@vandah
revert irrelevant change in regtests
830bb9c
@vandah
remove category string from spec warns
73cec78
@vandah
warnings documentation
843ed01
@vandah
Merge branch 'warnings_rework' into nullpointer-dereference
917b814
@sim642 sim642 merged commit 4afde7a into goblint:master Aug 24, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sim642 sim642 sim642 left review comments

@jerhard jerhard jerhard left review comments

@michael-schwarz michael-schwarz michael-schwarz left review comments

@felihong felihong Awaiting requested review from felihong

@hydrogenoxide hydrogenoxide Awaiting requested review from hydrogenoxide

@nicokn nicokn Awaiting requested review from nicokn

+1 more reviewer

@MartinWehking MartinWehking MartinWehking left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

practical-course Practical Course at TUM student-job

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Detect Null-Pointer Dereferencation

7 participants

@EdinCitaku @sim642 @jerhard @MartinWehking @michael-schwarz @Wherekonshade @vandah