implementing the c core
play

Implementing the C++ Core Guidelines Lifetime Safety Profile in - PowerPoint PPT Presentation

Apr 07, 2024 •381 likes •697 views

Implementing the C++ Core Guidelines Lifetime Safety Profile in Clang Matthias Gehre Gbor Horvth gehre@silexica.com xazax.hun@gmail.com 1 Agenda Motivation Whirlwind tour of lifetime analysis See the following talks for

  1. Implementing the C++ Core Guidelines’ Lifetime Safety Profile in Clang Matthias Gehre Gábor Horváth gehre@silexica.com xazax.hun@gmail.com 1

  2. Agenda • Motivation • Whirlwind tour of lifetime analysis • See the following talks for details: • https://youtu.be/80BZxujhY38?t=1096 • https://youtu.be/sjnp3P9x5jA • Highlight some implementation details • Evaluation • Upstreaming • Conclusions 2

  3. Motivation • Microsoft: 70 percent of security patches are fixing memory errors • https://youtu.be/PjbGojjnBZQ • C++ has many sources of errors: • Manual memory management, temporary objects, Pointer- like objects, … • Dynamic tools • Few false positives, not every arch is supported, coverage is important • Static tools • Arch independent, the earlier a bug is found the cheaper the fix • Works without good test coverage 3

  4. Motivation #2 int *p; string_view sv; { { int x; string s{"EuroLLVM"}; p = &x; sv = s; } } *p = 5; sv [0] = ‘c’; Many static tools warn for the left snippet but not for the right, even though they are fundamentally similar. 4

  5. A Tour of Herb’s Lifetime Analysis • Intends to catch common errors (not a verification tool) • Classify types into categories • Owners: never dangle, implementation assumed to be correct • Pointers: might dangle, tracking points-to sets • Aggregates: handled member-wise • Values: everything else • Analysis is function local • Two implementations • We implemented it in a Clang fork • Kyle Reed and Neil MacIntosh implemented the MSVC version 5

  6. A Tour of Herb’s Lifetime Analysis #2 • Flow-sensitive analysis • We only need annotations for misclassifications (rare) • Maps each Pointer at each program point to a points-to set • Elements of a points-to set: • Null • Invalid • Static (lives longer than the pointer or we cannot reason about it) • Local variable/parameter • Aggregate member • Owned memory of an Owner 6

  7. Analysis Within 2: {x} 2: x a Basic Block 3: {x} 3: &[B1.2] 4: pset(p)={x} 4: int *p = &x; int x; 5: {p} 5: p int *p = &x; 6: {x} 6: [B1.5] (LValToRVal) int *q = p; 7: pset(q)={x} 7: int *q = p; • Basic blocks contain subexprs in an eval order, no AST traversal required • End of full expression is not marked (apart from DeclStmt ) • When to invalidate Pointers to temporaries? • Modified the CFG to include ExprWithCleanup AST nodes • Clang Static Analyzer is another user 7

  8. Analysis Within 2: {x} 2: x a Basic Block 3: {x} 3: &[B1.2] 4: pset(p)={x} 4: int *p = &x; int x; 5: {p} 5: p int *p = &x; 6: {x} 6: [B1.5] (LValToRVal) int *q = p; 7: pset(q)={x} 7: int *q = p; • Basic blocks contain subexprs in an eval order, no AST traversal required • End of full expression is not marked (apart from DeclStmt ) • When to invalidate Pointers to temporaries? • Modified the CFG to include ExprWithCleanup AST nodes • Clang Static Analyzer is another user 8

  9. Analysis Within 2: {x} 2: x a Basic Block 3: {x} 3: &[B1.2] 4: pset(p)={x} 4: int *p = &x; int x; 5: {p} 5: p int *p = &x; 6: {x} 6: [B1.5] (LValToRVal) int *q = p; 7: pset(q)={x} 7: int *q = p; • Basic blocks contain subexprs in an eval order, no AST traversal required • End of full expression is not marked (apart from DeclStmt ) • When to invalidate Pointers to temporaries? • Modified the CFG to include ExprWithCleanup AST nodes • Clang Static Analyzer is another user 9

  10. Analysis Within 2: {x} 2: x a Basic Block 3: {x} 3: &[B1.2] 4: pset(p)={x} 4: int *p = &x; int x; 5: {p} 5: p int *p = &x; 6: {x} 6: [B1.5] (LValToRVal) int *q = p; 7: pset(q)={x} 7: int *q = p; • Basic blocks contain subexprs in an eval order, no AST traversal required • End of full expression is not marked (apart from DeclStmt ) • When to invalidate Pointers to temporaries? • Modified the CFG to include ExprWithCleanup AST nodes • Clang Static Analyzer is another user 10

  11. Analysis Within 2: {x} 2: x a Basic Block 3: {x} 3: &[B1.2] 4: pset(p)={x} 4: int *p = &x; int x; 5: {p} 5: p int *p = &x; 6: {x} 6: [B1.5] (LValToRVal) int *q = p; 7: pset(q)={x} 7: int *q = p; • Basic blocks contain subexprs in an eval order, no AST traversal required • End of full expression is not marked (apart from DeclStmt ) • When to invalidate Pointers to temporaries? • Modified the CFG to include ExprWithCleanup AST nodes • Clang Static Analyzer is another user 11

  12. Analysis Within 2: {x} 2: x a Basic Block 3: {x} 3: &[B1.2] 4: pset(p)={x} 4: int *p = &x; int x; 5: {p} 5: p int *p = &x; 6: {x} 6: [B1.5] (LValToRVal) int *q = p; 7: pset(q)={x} 7: int *q = p; • Basic blocks contain subexprs in an eval order, no AST traversal required • End of full expression is not marked (apart from DeclStmt ) • When to invalidate Pointers to temporaries? • Modified the CFG to include ExprWithCleanup AST nodes • Clang Static Analyzer is another user 12

  13. Analysis Within 2: {x} 2: x a Basic Block 3: {x} 3: &[B1.2] 4: pset(p)={x} 4: int *p = &x; int x; 5: {p} 5: p int *p = &x; 6: {x} 6: [B1.5] (LValToRVal) int *q = p; 7: pset(q)={x} 7: int *q = p; • Basic blocks contain subexprs in an eval order, no AST traversal required • End of full expression is not marked (apart from DeclStmt ) • When to invalidate Pointers to temporaries? • Modified the CFG to include ExprWithCleanup AST nodes • Clang Static Analyzer is another user 13

  14. Analysis Within 2: {x} 2: x a Basic Block 3: {x} 3: &[B1.2] 4: pset(p)={x} 4: int *p = &x; int x; 5: {p} 5: p int *p = &x; 6: {x} 6: [B1.5] (LValToRVal) int *q = p; 7: pset(q)={x} 7: int *q = p; • Basic blocks contain subexprs in an eval order, no AST traversal required • End of full expression is not marked (apart from DeclStmt ) • When to invalidate Pointers to temporaries? • Modified the CFG to include ExprWithCleanup AST nodes • Clang Static Analyzer is another user 14

  15. Analysis Within 2: {x} 2: x a Basic Block 3: {x} 3: &[B1.2] 4: pset(p)={x} 4: int *p = &x; int x; 5: {p} 5: p int *p = &x; 6: {x} 6: [B1.5] (LValToRVal) int *q = p; 7: pset(q)={x} 7: int *q = p; • Basic blocks contain subexprs in an eval order, no AST traversal required • End of full expression is not marked (apart from DeclStmt ) • When to invalidate Pointers to temporaries? • Modified the CFG to include ExprWithCleanup AST nodes • Clang Static Analyzer is another user 15

  16. Analysis on the CFG Level – Merging Points-to Sets • Calculate points-to sets int* p; within each basic block // pset(p) = {(invalid)} if (cond) { • Merge incoming points-to p = &i; sets on basic block entry // pset(p) = {i} • Fixed-point iteration } else { p = nullptr; • Loops // pset(p) = {(null)} } // pset(p) = {i, (null)} 16

  17. Analysis on the CFG Level – Dealing with Forks void f(int* a) { {0, *a} // pset(a) = {(null), *a) if (a) { a != 0 a = 0 // pset(a) = {*a} } else { *a 0 // pset(a) = {(null)} } a != 0 a = 0 // pset(a) = {(null), *a) } {0, *a} 17

  18. Tracking Null Pointers – Logical operators if (a && b) { a a != 0 *a; } b *a; a != 0 b != 0 if (a) { a = 0 b = 0 *a if (b) { *a; // OK a != 0 } b != 0 } *a; // warning *a 18

  19. Tracking Null Pointers – The Role of noreturn a = 0 a (a && b)? … : noreturn(); a != 0 *a; b = 0 b a != 0 b != 0 noreturn … a != 0 b != 0 *a 19

  20. Tracking Null Pointers – Merging Too Early a != 0 a bool c = a && b; c ? … : noreturn(); *a; // false positive b a = 0 a != 0 b = 0 b != 0 c c != 0 c = 0 … noreturn *a 20

  21. Tracking Null Pointers – Challenges with Assertions a != 0 a void f(int* a, int *b) { assert(a && b); *b; b } a = 0 a != 0 b = 0 b != 0 cast void f(int* a, int *b) { (bool)(a && b)? … : noreturn(); *b; // false positive *b noreturn } 21

  22. Summary of Flow-Sensitive Lifetime Analysis • The performance overhead of the prototype is less than 10% of -fsyntax-only • 3 sources of false positives: • Infeasible paths • Miscategorizations • Function modelling 22

  23. Typical Lifetime Issues reference_wrapper<int> data() { int i = 3; S& V = *get(); return {i}; } auto add(int a) { return o->name().c_str(); return [&a](int b) { return a + b; }; string_view sv = "test"s; } 23

  24. Goal: Enable a Subset of Lifetime Warnings with No False Positives Clang warnings exist for: int *data() { struct Y { int i = 3; int *p; return &i; Y(int i) : p(&i) {} } }; new initializer_list<int>{1, 2, 3}; Let ’ s generalize them! 24

  25. Evaluation of the Statement Local Analysis • No false positives or true positives for LLVM and Clang head • Few FPs if we categorize every user defined type • FPs could be fixed with annotating llvm::ValueHandleBase • Sample of 22 lifetime related fixes • Faulty commits passed the reviews • 11 would have been caught before breaking the bots • 1 false negative due to Path not being automatically categorized as owner • 3 are missed due to assignments not being checked • Less than 1% performance overhead 25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Guide for States implementing both National Core Indicators (NCI) and National Core Indicators

Guide for States implementing both National Core Indicators (NCI) and National Core Indicators

Guide for States implementing both National Core Indicators (NCI) and National Core Indicators for Aging and Disability (NCI-AD) The NCI and NCI-AD survey projects are separate projects with multiple parallels that can be useful to states

208 views • 3 slides
Steady Progress in Implementing Measures to Steady Progress in Implementing Measures to Improve

Steady Progress in Implementing Measures to Steady Progress in Implementing Measures to Improve

Interim Results Briefing November 2, 2006 Steady Progress in Implementing Measures to Steady Progress in Implementing Measures to Improve Profits in Core Business Improve Profits in Core Business ~ Business S Strategy Progress Report for

618 views • 20 slides
Implementing an AAC Device in the Schools Teaching AAC Core AND Dolch Sight Words What are the

Implementing an AAC Device in the Schools Teaching AAC Core AND Dolch Sight Words What are the

TWIN POWERS UNITE READING PROJECT! Implementing an AAC Device in the Schools Teaching AAC Core AND Dolch Sight Words What are the Challenges?????? Challenge: Where do I start? What is the focus? Challenge: Training Multiple People

86 views • 8 slides
Successful Strategies for Implementing the CMS Psychiatric Core Measures Presented by Nola

Successful Strategies for Implementing the CMS Psychiatric Core Measures Presented by Nola

Successful Strategies for Implementing the CMS Psychiatric Core Measures Presented by Nola Harrison, LCSW St. Anthony Hospital, Oklahoma City Bob Moon, LMSW New York City Heath and Hospitals Corporation 5/7/2013 Successful Strategies for

843 views • 36 slides
Implementing the Common Core State Standards for Mathematics Bradford R. Findell, PhD National

Implementing the Common Core State Standards for Mathematics Bradford R. Findell, PhD National

Implementing the Common Core State Standards for Mathematics Bradford R. Findell, PhD National Conference on Student Assessment June 21-22, 2011 Brad.Findell@ode.state.oh.us Whats New with the CCSS? Internationally benchmarked

503 views • 46 slides
Implementing Polymorphic Callbacks for Ada/C++ Bindings Maciej Sobczak YAMI4 Multilanguage

Implementing Polymorphic Callbacks for Ada/C++ Bindings Maciej Sobczak YAMI4 Multilanguage

Implementing Polymorphic Callbacks for Ada/C++ Bindings Maciej Sobczak YAMI4 Multilanguage Asynchronous Messaging Library User Programs Ada General-Purpose C++ General-Purpose Ada Core C++ Core Operating System But this is a common

315 views • 10 slides
Implementing the Human Rights Core Value in ICANNs Bylaws 6 November 2019 8:30 a.m - 9:30

Implementing the Human Rights Core Value in ICANNs Bylaws 6 November 2019 8:30 a.m - 9:30

Implementing the Human Rights Core Value in ICANNs Bylaws 6 November 2019 8:30 a.m - 9:30 a.m Jorge Cancio (HRIL WG Co-Chair) Suada Hadzovic (HRIL WG Co-Chair) Akriti Bopanna (CCWP HR) ICANN66 HRIL WG Plenary with CCWP HR Agenda Item 27

328 views • 10 slides
THE WHAT, WHY &amp; HOW OF IMPLEMENTING THE NEW LEASE ACCOUNTING STANDARDS SEPTEMBER 18, 2018

THE WHAT, WHY &amp; HOW OF IMPLEMENTING THE NEW LEASE ACCOUNTING STANDARDS SEPTEMBER 18, 2018

THE WHAT, WHY &amp; HOW OF IMPLEMENTING THE NEW LEASE ACCOUNTING STANDARDS SEPTEMBER 18, 2018 PREPARED BY: MEDI ABBIS MARC MAIONA JEFF MANLEY TAYLOR WOOD 1 WHAT IS IT? Core Principle An entity should recognize ROU assets and Lease

511 views • 33 slides
Biopreparedness assistance to implementing the BWC Centre for Biosecurity and Biopreparedness

Biopreparedness assistance to implementing the BWC Centre for Biosecurity and Biopreparedness

Danish Centre for Biosecurity and Biopreparedness assistance to implementing the BWC Centre for Biosecurity and Biopreparedness Established in 2001 under the Ministry of Health. Core responsibilities include issuing licenses,

175 views • 14 slides
Implementing Perl 6 Jonathan Worthington Dutch Perl Workshop 2008 Implementing Perl 6 I

Implementing Perl 6 Jonathan Worthington Dutch Perl Workshop 2008 Implementing Perl 6 I

Implementing Perl 6 Jonathan Worthington Dutch Perl Workshop 2008 Implementing Perl 6 I didnt know I was giving this talk until yesterday. Implementing Perl 6 I could have written my slides last night, but Implementing Perl 6

537 views • 52 slides
Implementing Generalised Alt Gavin Lowe Implementing Generalised Alt 02 CSO for dummies

Implementing Generalised Alt Gavin Lowe Implementing Generalised Alt 02 CSO for dummies

Implementing Generalised Alt 01 Implementing Generalised Alt Gavin Lowe Implementing Generalised Alt 02 CSO for dummies Communicating Scala Objects (CSO) is a library of CSP-like communication primitives for the Scala programming language,

724 views • 34 slides
Motivation Memory is a shared resource Core Core Memory Core Core Threads requests

Motivation Memory is a shared resource Core Core Memory Core Core Threads requests

Thread Cluster Memory Scheduling : Exploiting Differences in Memory Access Behavior Yoongu Kim Michael Papamichael Onur Mutlu Mor Harchol-Balter Motivation Memory is a shared resource Core Core Memory Core Core Threads requests

738 views • 48 slides
Implementing an X-ray Implementing an X-ray reverberation model in XSPEC reverberation model in

Implementing an X-ray Implementing an X-ray reverberation model in XSPEC reverberation model in

Implementing an X-ray Implementing an X-ray reverberation model in XSPEC reverberation model in XSPEC M. D. Caballero-Garcia, M. Dovciak (ASU CAS Praha 4, Prague), A. Epitropakis (D. of Physics - U. of Crete, Heraklion) Contents 1. The

435 views • 19 slides
The Elective Options 7 th Grade Core &amp; Electives Core Choose Core &amp; Elective

The Elective Options 7 th Grade Core &amp; Electives Core Choose Core &amp; Elective

Co Cours rse e Info format mation ion Co Conve vers rsati ation on th 8 th th Grade 7 th ade Understanding The Core Requirements And The Elective Options 7 th Grade Core &amp; Electives Core Choose Core &amp; Elective

252 views • 13 slides
Welcome Welcome Core: Core A Regional Destination Core: Core UL Core: Core Downtown

Welcome Welcome Core: Core A Regional Destination Core: Core UL Core: Core Downtown

Welcome Welcome Core: Core A Regional Destination Core: Core UL Core: Core Downtown Core: Core Oil Center Center Core: Core Horse Farm Aspects: Bertrand Bertrand Aspects: Bertrand Bertrand Aspects: Bertrand Bertrand

200 views • 17 slides
RPS 205 Core Values Importance in Adopting Organizational Core Values The core values are the

RPS 205 Core Values Importance in Adopting Organizational Core Values The core values are the

RPS 205 Core Values Importance in Adopting Organizational Core Values The core values are the guiding principles that dictate behavior and action. Support our vision Shape the culture Redefine our identity Clarify the expectations

590 views • 16 slides
SEISMIC: A Self-Exciting Point Process Model for Predicting Tweet Popularity Qingyuan Zhao 1 ,

SEISMIC: A Self-Exciting Point Process Model for Predicting Tweet Popularity Qingyuan Zhao 1 ,

SEISMIC: A Self-Exciting Point Process Model for Predicting Tweet Popularity Qingyuan Zhao 1 , Murat A. Erdogdu 1 , Hera Y. He 1 , Anand Rajaraman 2 , Jure Leskovec 2 Department of Statistics 1 and Computer Science 2 , Stanford University

460 views • 33 slides
Two-level checkpointing and partial verifications for linear task graphs Anne Benoit, Aur

Two-level checkpointing and partial verifications for linear task graphs Anne Benoit, Aur

Problem statement Theoretical analysis Performance evaluation Conclusion Two-level checkpointing and partial verifications for linear task graphs Anne Benoit, Aur elien Cavelan, Yves Robert and Hongyang Sun ENS Lyon, France

399 views • 25 slides
T h e T MD p d f d e t e r m i n a t i o n a t N L O u s i n g p a

T h e T MD p d f d e t e r m i n a t i o n a t N L O u s i n g p a

T h e T MD p d f d e t e r m i n a t i o n a t N L O u s i n g p a r t o n b r a n c h i n g m e t h o d R a d e k l e b k 1 O l a L e l e k 1 , F r a n c e s

421 views • 22 slides
Application-level &amp; Server-side Content Adaptation CWI Amsterdam Philips Research Eindhoven

Application-level &amp; Server-side Content Adaptation CWI Amsterdam Philips Research Eindhoven

Application-level &amp; Server-side Content Adaptation CWI Amsterdam Philips Research Eindhoven Technical University Eindhoven Hypermedia presentation adaptation Adaptation to address differences in Network, platform, user

376 views • 19 slides
Texinfo Visits a Garden Joe Hogg TUG 2014, Portland, OR July 2830, 2014 Outline The

Texinfo Visits a Garden Joe Hogg TUG 2014, Portland, OR July 2830, 2014 Outline The

Texinfo Visits a Garden Joe Hogg TUG 2014, Portland, OR July 2830, 2014 Outline The Huntington Who uses a plant list? Plant List Guidelines Herb Garden View Remembering Arabella Herb Garden Stalwarts Herb Garden Map Liqueur, south Bed

323 views • 13 slides
Computing Twisted Kazhdan-Lusztig-Vogan polynomials Jeffrey Adams Conference for Becky Herbs

Computing Twisted Kazhdan-Lusztig-Vogan polynomials Jeffrey Adams Conference for Becky Herbs

Computing Twisted Kazhdan-Lusztig-Vogan polynomials Jeffrey Adams Conference for Becky Herbs 65 th birthday and in honor of Paul Sally Chicago, September 6, 2014 Some terminology Kazhdan-Lusztig polynomials: (KL 1979) Hecke algebras of

458 views • 28 slides
1 I nterim Measures 9 Property not meeting applicable standards prior to issuing an NFA

1 I nterim Measures 9 Property not meeting applicable standards prior to issuing an NFA

Remediation 1 OAC 3745-300-11 Certified Professional 8-Hour Training Overview 2 VAP remediation requirements Complete pathways to off-property receptors Types of remedies Documentation of remedies Changes to remedies

271 views • 6 slides
Lead Safe Housing Rule Amendment Training For TBRA Participants September 2019 Welcome

Lead Safe Housing Rule Amendment Training For TBRA Participants September 2019 Welcome

Lead Safe Housing Rule Amendment Training For TBRA Participants September 2019 Welcome Trainers Phil Jones, ICF Kris Richmond, ICF Questions Written Questions: Enter your question into the Q&amp;A text box at any time

948 views • 65 slides

More recommend