Skip to content

CPP: Allocation and Deallocation libraries#2463

Merged
jbj merged 33 commits intogithub:masterfrom
geoffw0:overflowcalc
Dec 19, 2019
Merged

CPP: Allocation and Deallocation libraries#2463
jbj merged 33 commits intogithub:masterfrom
geoffw0:overflowcalc

Conversation

@geoffw0
Copy link
Contributor

@geoffw0 geoffw0 commented Nov 27, 2019

There's quite a lot going on here, but the core of it is taking the functionality from commons/Alloc.qll, cleaning it up a lot, and repackaging it as models/interfaces/Allocation.qll and models/interfaces/Deallocation.qll. This allows us to reason about allocations and their sizes consistently regardless of whether they are malloc, realloc, new, new [] etc. Alloc.qll is now a legacy wrapper for the new library.

I've updated the NoSpaceForZeroTerminator.ql and OverflowCalculated.ql queries to use the new library, which improves their results since they were previously looking for calls to malloc only.

There is quite a lot of existing query test coverage, I have extended it in a few places.

geoffw0 added 19 commits November 22, 2019 15:16
@geoffw0
CPP: Tests: Add a test of NewArrayExpr.getAllocatedType() and NewArra…
5014432 
…yExpr.getExtent().
@geoffw0
CPP: Tests: Rearrange a test prior to changes.
7190dd2
@geoffw0
CPP: Tests: AV Rule 79 test cases for calloc, realloc and new.
d67ea4d
@geoffw0
CPP: Tests: CWE-120 test cases for calloc, realloc and new.
a2c0532
@geoffw0
CPP: Tests: NoSpaceForZeroTerminator test cases for calloc and realloc.
5f79831
@geoffw0
CPP: Libraries: Add MallocFunction and AllocationExpr to malloc.qll.
376ef2f
@geoffw0
CPP: Libraries: Update uses of the Alloc.qll library.
5dab91c
@geoffw0
CPP: Libraries: Add FreeFunction and DeallocationExpr to malloc.qll.
64ed97b
@geoffw0
CPP: Libraries: Move interfaces into the models directory.
0d01ea6
@geoffw0
CPP: Libraries: Overridable classes.
356356f
@geoffw0
CPP: Libraries: Split into interface and implementation.
a51da53
@geoffw0
CPP: Libraries: Separate deallocation libraries.
1fa3030
@geoffw0
CPP: Queries: Similar dataflow simplification in OverflowCalculated.q…
1e7bd9e 
…l to that made recently in NoSpaceForZeroTerminator.ql.
@geoffw0
CPP: Queries: Improve OverflowCalculated query.
3c9432d
@geoffw0
CPP: Queries: Improve NoSpaceForZeroTerminator query.
3895a7e
@geoffw0
CPP: Change notes for the library.
6200859
@geoffw0
CPP: Change notes for the queries.
1d233f2
@geoffw0
CPP: Pre-autoformat.
c73d3eb
@geoffw0
CPP: Autoformat.
6fc4154
@geoffw0 geoffw0 added the C++ label Nov 27, 2019
@geoffw0 geoffw0 requested a review from a team as a code owner November 27, 2019 16:26
jbj
jbj reviewed Nov 28, 2019
View reviewed changes
Copy link
Contributor

@jbj jbj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great! It would have been easier to review if more of the Library commits had been squashed together.

@geoffw0
Copy link
Contributor Author

geoffw0 commented Nov 28, 2019

Added alloca to the model (this fixes a failing internal test).

@geoffw0 @jbj
Update cpp/ql/src/semmle/code/cpp/commons/Alloc.qll
3477c4a 
Co-Authored-By: Jonas Jensen <jbj@github.com>
@jbj
Copy link
Contributor

jbj commented Nov 28, 2019

qlformat failed

@geoffw0
Copy link
Contributor Author

geoffw0 commented Dec 3, 2019

Formatting fixed.

jbj
jbj reviewed Dec 4, 2019
View reviewed changes
Copy link
Contributor

@jbj jbj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's now a test failure and merge conflicts.

@geoffw0 geoffw0 mentioned this pull request Dec 16, 2019
Merged
@geoffw0
Copy link
Contributor Author

geoffw0 commented Dec 16, 2019

There's now a test failure and merge conflicts.

The merge conflicts should now be fixed. I'll have to wait for the tests to finish again before I can see why it failed.

@geoffw0
Copy link
Contributor Author

geoffw0 commented Dec 17, 2019

I've just fixed the failing test - the model needed to account for alloca so that the MemoryNeverFreed.ql and MemoryMayNotBeFreed.ql can make a suitable exception, as allocas do not need to be freed.

I've also modernized these two queries as it's something I'd been meaning to do and doing so makes the exception cleaner.

(latest four commits are new and should be reviewed)

jbj
jbj reviewed Dec 17, 2019
View reviewed changes
cpp/ql/src/Critical/MemoryNeverFreed.ql
where
alloc.requiresDealloc() and
not exists(alloc.(NewOrNewArrayExpr).getPlacementPointer()) and
not allocMayBeFreed(alloc)
Copy link
Contributor

@jbj jbj Dec 17, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't requiresDealloc be false for a placement-new expression? It's hard to use this library if the caller must know about the special cases of alloc that are possible.

Copy link
Contributor Author

@geoffw0 geoffw0 Dec 17, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I considered that, but wasn't sure because we also don't know that a placement new expression doesn't require a dealloc either. I'd imagine it often does, but sometimes the entire pool is expected to be destroyed instead.

In the interest of avoiding false positives I think I'll make this change...

Copy link
Contributor Author

@geoffw0 geoffw0 Dec 17, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

@jbj jbj merged commit 18d4772 into github:master Dec 19, 2019
@geoffw0 geoffw0 deleted the overflowcalc branch May 9, 2024 12:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jbj jbj jbj approved these changes

Assignees

No one assigned

Labels

C++

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@geoffw0 @jbj