implementing the c core
play

Implementing the C++ Core Guidelines Lifetime Safety Profile in - PowerPoint PPT Presentation

Apr 07, 2024 •381 likes •697 views

Implementing the C++ Core Guidelines Lifetime Safety Profile in Clang Matthias Gehre Gbor Horvth gehre@silexica.com xazax.hun@gmail.com 1 Agenda Motivation Whirlwind tour of lifetime analysis See the following talks for

  1. Implementing the C++ Core Guidelines’ Lifetime Safety Profile in Clang Matthias Gehre Gábor Horváth gehre@silexica.com xazax.hun@gmail.com 1

  2. Agenda • Motivation • Whirlwind tour of lifetime analysis • See the following talks for details: • https://youtu.be/80BZxujhY38?t=1096 • https://youtu.be/sjnp3P9x5jA • Highlight some implementation details • Evaluation • Upstreaming • Conclusions 2

  3. Motivation • Microsoft: 70 percent of security patches are fixing memory errors • https://youtu.be/PjbGojjnBZQ • C++ has many sources of errors: • Manual memory management, temporary objects, Pointer- like objects, … • Dynamic tools • Few false positives, not every arch is supported, coverage is important • Static tools • Arch independent, the earlier a bug is found the cheaper the fix • Works without good test coverage 3

  4. Motivation #2 int *p; string_view sv; { { int x; string s{"EuroLLVM"}; p = &x; sv = s; } } *p = 5; sv [0] = ‘c’; Many static tools warn for the left snippet but not for the right, even though they are fundamentally similar. 4

  5. A Tour of Herb’s Lifetime Analysis • Intends to catch common errors (not a verification tool) • Classify types into categories • Owners: never dangle, implementation assumed to be correct • Pointers: might dangle, tracking points-to sets • Aggregates: handled member-wise • Values: everything else • Analysis is function local • Two implementations • We implemented it in a Clang fork • Kyle Reed and Neil MacIntosh implemented the MSVC version 5

  6. A Tour of Herb’s Lifetime Analysis #2 • Flow-sensitive analysis • We only need annotations for misclassifications (rare) • Maps each Pointer at each program point to a points-to set • Elements of a points-to set: • Null • Invalid • Static (lives longer than the pointer or we cannot reason about it) • Local variable/parameter • Aggregate member • Owned memory of an Owner 6

  7. Analysis Within 2: {x} 2: x a Basic Block 3: {x} 3: &[B1.2] 4: pset(p)={x} 4: int *p = &x; int x; 5: {p} 5: p int *p = &x; 6: {x} 6: [B1.5] (LValToRVal) int *q = p; 7: pset(q)={x} 7: int *q = p; • Basic blocks contain subexprs in an eval order, no AST traversal required • End of full expression is not marked (apart from DeclStmt ) • When to invalidate Pointers to temporaries? • Modified the CFG to include ExprWithCleanup AST nodes • Clang Static Analyzer is another user 7

  8. Analysis Within 2: {x} 2: x a Basic Block 3: {x} 3: &[B1.2] 4: pset(p)={x} 4: int *p = &x; int x; 5: {p} 5: p int *p = &x; 6: {x} 6: [B1.5] (LValToRVal) int *q = p; 7: pset(q)={x} 7: int *q = p; • Basic blocks contain subexprs in an eval order, no AST traversal required • End of full expression is not marked (apart from DeclStmt ) • When to invalidate Pointers to temporaries? • Modified the CFG to include ExprWithCleanup AST nodes • Clang Static Analyzer is another user 8

  9. Analysis Within 2: {x} 2: x a Basic Block 3: {x} 3: &[B1.2] 4: pset(p)={x} 4: int *p = &x; int x; 5: {p} 5: p int *p = &x; 6: {x} 6: [B1.5] (LValToRVal) int *q = p; 7: pset(q)={x} 7: int *q = p; • Basic blocks contain subexprs in an eval order, no AST traversal required • End of full expression is not marked (apart from DeclStmt ) • When to invalidate Pointers to temporaries? • Modified the CFG to include ExprWithCleanup AST nodes • Clang Static Analyzer is another user 9

  10. Analysis Within 2: {x} 2: x a Basic Block 3: {x} 3: &[B1.2] 4: pset(p)={x} 4: int *p = &x; int x; 5: {p} 5: p int *p = &x; 6: {x} 6: [B1.5] (LValToRVal) int *q = p; 7: pset(q)={x} 7: int *q = p; • Basic blocks contain subexprs in an eval order, no AST traversal required • End of full expression is not marked (apart from DeclStmt ) • When to invalidate Pointers to temporaries? • Modified the CFG to include ExprWithCleanup AST nodes • Clang Static Analyzer is another user 10

  11. Analysis Within 2: {x} 2: x a Basic Block 3: {x} 3: &[B1.2] 4: pset(p)={x} 4: int *p = &x; int x; 5: {p} 5: p int *p = &x; 6: {x} 6: [B1.5] (LValToRVal) int *q = p; 7: pset(q)={x} 7: int *q = p; • Basic blocks contain subexprs in an eval order, no AST traversal required • End of full expression is not marked (apart from DeclStmt ) • When to invalidate Pointers to temporaries? • Modified the CFG to include ExprWithCleanup AST nodes • Clang Static Analyzer is another user 11

  12. Analysis Within 2: {x} 2: x a Basic Block 3: {x} 3: &[B1.2] 4: pset(p)={x} 4: int *p = &x; int x; 5: {p} 5: p int *p = &x; 6: {x} 6: [B1.5] (LValToRVal) int *q = p; 7: pset(q)={x} 7: int *q = p; • Basic blocks contain subexprs in an eval order, no AST traversal required • End of full expression is not marked (apart from DeclStmt ) • When to invalidate Pointers to temporaries? • Modified the CFG to include ExprWithCleanup AST nodes • Clang Static Analyzer is another user 12

  13. Analysis Within 2: {x} 2: x a Basic Block 3: {x} 3: &[B1.2] 4: pset(p)={x} 4: int *p = &x; int x; 5: {p} 5: p int *p = &x; 6: {x} 6: [B1.5] (LValToRVal) int *q = p; 7: pset(q)={x} 7: int *q = p; • Basic blocks contain subexprs in an eval order, no AST traversal required • End of full expression is not marked (apart from DeclStmt ) • When to invalidate Pointers to temporaries? • Modified the CFG to include ExprWithCleanup AST nodes • Clang Static Analyzer is another user 13

  14. Analysis Within 2: {x} 2: x a Basic Block 3: {x} 3: &[B1.2] 4: pset(p)={x} 4: int *p = &x; int x; 5: {p} 5: p int *p = &x; 6: {x} 6: [B1.5] (LValToRVal) int *q = p; 7: pset(q)={x} 7: int *q = p; • Basic blocks contain subexprs in an eval order, no AST traversal required • End of full expression is not marked (apart from DeclStmt ) • When to invalidate Pointers to temporaries? • Modified the CFG to include ExprWithCleanup AST nodes • Clang Static Analyzer is another user 14

  15. Analysis Within 2: {x} 2: x a Basic Block 3: {x} 3: &[B1.2] 4: pset(p)={x} 4: int *p = &x; int x; 5: {p} 5: p int *p = &x; 6: {x} 6: [B1.5] (LValToRVal) int *q = p; 7: pset(q)={x} 7: int *q = p; • Basic blocks contain subexprs in an eval order, no AST traversal required • End of full expression is not marked (apart from DeclStmt ) • When to invalidate Pointers to temporaries? • Modified the CFG to include ExprWithCleanup AST nodes • Clang Static Analyzer is another user 15

  16. Analysis on the CFG Level – Merging Points-to Sets • Calculate points-to sets int* p; within each basic block // pset(p) = {(invalid)} if (cond) { • Merge incoming points-to p = &i; sets on basic block entry // pset(p) = {i} • Fixed-point iteration } else { p = nullptr; • Loops // pset(p) = {(null)} } // pset(p) = {i, (null)} 16

  17. Analysis on the CFG Level – Dealing with Forks void f(int* a) { {0, *a} // pset(a) = {(null), *a) if (a) { a != 0 a = 0 // pset(a) = {*a} } else { *a 0 // pset(a) = {(null)} } a != 0 a = 0 // pset(a) = {(null), *a) } {0, *a} 17

  18. Tracking Null Pointers – Logical operators if (a && b) { a a != 0 *a; } b *a; a != 0 b != 0 if (a) { a = 0 b = 0 *a if (b) { *a; // OK a != 0 } b != 0 } *a; // warning *a 18

  19. Tracking Null Pointers – The Role of noreturn a = 0 a (a && b)? … : noreturn(); a != 0 *a; b = 0 b a != 0 b != 0 noreturn … a != 0 b != 0 *a 19

  20. Tracking Null Pointers – Merging Too Early a != 0 a bool c = a && b; c ? … : noreturn(); *a; // false positive b a = 0 a != 0 b = 0 b != 0 c c != 0 c = 0 … noreturn *a 20

  21. Tracking Null Pointers – Challenges with Assertions a != 0 a void f(int* a, int *b) { assert(a && b); *b; b } a = 0 a != 0 b = 0 b != 0 cast void f(int* a, int *b) { (bool)(a && b)? … : noreturn(); *b; // false positive *b noreturn } 21

  22. Summary of Flow-Sensitive Lifetime Analysis • The performance overhead of the prototype is less than 10% of -fsyntax-only • 3 sources of false positives: • Infeasible paths • Miscategorizations • Function modelling 22

  23. Typical Lifetime Issues reference_wrapper<int> data() { int i = 3; S& V = *get(); return {i}; } auto add(int a) { return o->name().c_str(); return [&a](int b) { return a + b; }; string_view sv = "test"s; } 23

  24. Goal: Enable a Subset of Lifetime Warnings with No False Positives Clang warnings exist for: int *data() { struct Y { int i = 3; int *p; return &i; Y(int i) : p(&i) {} } }; new initializer_list<int>{1, 2, 3}; Let ’ s generalize them! 24

  25. Evaluation of the Statement Local Analysis • No false positives or true positives for LLVM and Clang head • Few FPs if we categorize every user defined type • FPs could be fixed with annotating llvm::ValueHandleBase • Sample of 22 lifetime related fixes • Faulty commits passed the reviews • 11 would have been caught before breaking the bots • 1 false negative due to Path not being automatically categorized as owner • 3 are missed due to assignments not being checked • Less than 1% performance overhead 25

Recommend

Guide for States implementing both National Core Indicators (NCI) and National Core Indicators

Guide for States implementing both National Core Indicators (NCI) and National Core Indicators

Guide for States implementing both National Core Indicators (NCI) and National Core Indicators for Aging and Disability (NCI-AD) The NCI and NCI-AD survey projects are separate projects with multiple parallels that can be useful to states

208 views • 3 slides
Steady Progress in Implementing Measures to Steady Progress in Implementing Measures to Improve

Steady Progress in Implementing Measures to Steady Progress in Implementing Measures to Improve

Interim Results Briefing November 2, 2006 Steady Progress in Implementing Measures to Steady Progress in Implementing Measures to Improve Profits in Core Business Improve Profits in Core Business ~ Business S Strategy Progress Report for

618 views • 20 slides
Implementing an AAC Device in the Schools Teaching AAC Core AND Dolch Sight Words What are the

Implementing an AAC Device in the Schools Teaching AAC Core AND Dolch Sight Words What are the

TWIN POWERS UNITE READING PROJECT! Implementing an AAC Device in the Schools Teaching AAC Core AND Dolch Sight Words What are the Challenges?????? Challenge: Where do I start? What is the focus? Challenge: Training Multiple People

86 views • 8 slides
Successful Strategies for Implementing the CMS Psychiatric Core Measures Presented by Nola

Successful Strategies for Implementing the CMS Psychiatric Core Measures Presented by Nola

Successful Strategies for Implementing the CMS Psychiatric Core Measures Presented by Nola Harrison, LCSW St. Anthony Hospital, Oklahoma City Bob Moon, LMSW New York City Heath and Hospitals Corporation 5/7/2013 Successful Strategies for

843 views • 36 slides
Implementing the Common Core State Standards for Mathematics Bradford R. Findell, PhD National

Implementing the Common Core State Standards for Mathematics Bradford R. Findell, PhD National

Implementing the Common Core State Standards for Mathematics Bradford R. Findell, PhD National Conference on Student Assessment June 21-22, 2011 Brad.Findell@ode.state.oh.us Whats New with the CCSS? Internationally benchmarked

503 views • 46 slides
Implementing Polymorphic Callbacks for Ada/C++ Bindings Maciej Sobczak YAMI4 Multilanguage

Implementing Polymorphic Callbacks for Ada/C++ Bindings Maciej Sobczak YAMI4 Multilanguage

Implementing Polymorphic Callbacks for Ada/C++ Bindings Maciej Sobczak YAMI4 Multilanguage Asynchronous Messaging Library User Programs Ada General-Purpose C++ General-Purpose Ada Core C++ Core Operating System But this is a common

315 views • 10 slides
Implementing the Human Rights Core Value in ICANNs Bylaws 6 November 2019 8:30 a.m - 9:30

Implementing the Human Rights Core Value in ICANNs Bylaws 6 November 2019 8:30 a.m - 9:30

Implementing the Human Rights Core Value in ICANNs Bylaws 6 November 2019 8:30 a.m - 9:30 a.m Jorge Cancio (HRIL WG Co-Chair) Suada Hadzovic (HRIL WG Co-Chair) Akriti Bopanna (CCWP HR) ICANN66 HRIL WG Plenary with CCWP HR Agenda Item 27

328 views • 10 slides
THE WHAT, WHY &amp; HOW OF IMPLEMENTING THE NEW LEASE ACCOUNTING STANDARDS SEPTEMBER 18, 2018

THE WHAT, WHY &amp; HOW OF IMPLEMENTING THE NEW LEASE ACCOUNTING STANDARDS SEPTEMBER 18, 2018

THE WHAT, WHY &amp; HOW OF IMPLEMENTING THE NEW LEASE ACCOUNTING STANDARDS SEPTEMBER 18, 2018 PREPARED BY: MEDI ABBIS MARC MAIONA JEFF MANLEY TAYLOR WOOD 1 WHAT IS IT? Core Principle An entity should recognize ROU assets and Lease

511 views • 33 slides
Biopreparedness assistance to implementing the BWC Centre for Biosecurity and Biopreparedness

Biopreparedness assistance to implementing the BWC Centre for Biosecurity and Biopreparedness

Danish Centre for Biosecurity and Biopreparedness assistance to implementing the BWC Centre for Biosecurity and Biopreparedness Established in 2001 under the Ministry of Health. Core responsibilities include issuing licenses,

175 views • 14 slides
Implementing Perl 6 Jonathan Worthington Dutch Perl Workshop 2008 Implementing Perl 6 I

Implementing Perl 6 Jonathan Worthington Dutch Perl Workshop 2008 Implementing Perl 6 I

Implementing Perl 6 Jonathan Worthington Dutch Perl Workshop 2008 Implementing Perl 6 I didnt know I was giving this talk until yesterday. Implementing Perl 6 I could have written my slides last night, but Implementing Perl 6

537 views • 52 slides
Implementing Generalised Alt Gavin Lowe Implementing Generalised Alt 02 CSO for dummies

Implementing Generalised Alt Gavin Lowe Implementing Generalised Alt 02 CSO for dummies

Implementing Generalised Alt 01 Implementing Generalised Alt Gavin Lowe Implementing Generalised Alt 02 CSO for dummies Communicating Scala Objects (CSO) is a library of CSP-like communication primitives for the Scala programming language,

724 views • 34 slides
Motivation Memory is a shared resource Core Core Memory Core Core Threads requests

Motivation Memory is a shared resource Core Core Memory Core Core Threads requests

Thread Cluster Memory Scheduling : Exploiting Differences in Memory Access Behavior Yoongu Kim Michael Papamichael Onur Mutlu Mor Harchol-Balter Motivation Memory is a shared resource Core Core Memory Core Core Threads requests

738 views • 48 slides
Implementing an X-ray Implementing an X-ray reverberation model in XSPEC reverberation model in

Implementing an X-ray Implementing an X-ray reverberation model in XSPEC reverberation model in

Implementing an X-ray Implementing an X-ray reverberation model in XSPEC reverberation model in XSPEC M. D. Caballero-Garcia, M. Dovciak (ASU CAS Praha 4, Prague), A. Epitropakis (D. of Physics - U. of Crete, Heraklion) Contents 1. The

435 views • 19 slides
The Elective Options 7 th Grade Core &amp; Electives Core Choose Core &amp; Elective

The Elective Options 7 th Grade Core &amp; Electives Core Choose Core &amp; Elective

Co Cours rse e Info format mation ion Co Conve vers rsati ation on th 8 th th Grade 7 th ade Understanding The Core Requirements And The Elective Options 7 th Grade Core &amp; Electives Core Choose Core &amp; Elective

252 views • 13 slides
Welcome Welcome Core: Core A Regional Destination Core: Core UL Core: Core Downtown

Welcome Welcome Core: Core A Regional Destination Core: Core UL Core: Core Downtown

Welcome Welcome Core: Core A Regional Destination Core: Core UL Core: Core Downtown Core: Core Oil Center Center Core: Core Horse Farm Aspects: Bertrand Bertrand Aspects: Bertrand Bertrand Aspects: Bertrand Bertrand

200 views • 17 slides
RPS 205 Core Values Importance in Adopting Organizational Core Values The core values are the

RPS 205 Core Values Importance in Adopting Organizational Core Values The core values are the

RPS 205 Core Values Importance in Adopting Organizational Core Values The core values are the guiding principles that dictate behavior and action. Support our vision Shape the culture Redefine our identity Clarify the expectations

590 views • 16 slides
What is This Iowa Core and Common Core Curriculum? And where are we in the implementation

What is This Iowa Core and Common Core Curriculum? And where are we in the implementation

What is This Iowa Core and Common Core Curriculum? And where are we in the implementation process? What is the Common Core? The Common Core State Standards Initiative is sponsored by the National Governors Association (NGA) and the Council of

567 views • 21 slides
Implementing Processes Implementing Processes Review: Threads vs vs. Processes . Processes

Implementing Processes Implementing Processes Review: Threads vs vs. Processes . Processes

Implementing Processes Implementing Processes Review: Threads vs vs. Processes . Processes Review: Threads 1. The process is a kernel abstraction for an independent executing program. includes at least one thread of control data also

416 views • 12 slides
What is core training? The core is the platform for movement. Chop off the head, legs and

What is core training? The core is the platform for movement. Chop off the head, legs and

What is core training? The core is the platform for movement. Chop off the head, legs and arms and you are left with the core. Upper Back/ Postural Muscles are often overlooked. Rounded backs during planks or other core

277 views • 12 slides
Potential Impact of Implementing Research Findings: Modeling Approach Implementing PCOR Results to

Potential Impact of Implementing Research Findings: Modeling Approach Implementing PCOR Results to

Potential Impact of Implementing Research Findings: Modeling Approach Implementing PCOR Results to Inform Choices and ANIRBAN BASU Improve Healthcare Delivery basua@uw.edu Monday, June 25 th @basucally Academy Health, Seattle 2018

790 views • 32 slides
Implementing a Sentient Implementing a Sentient Computing System Computing System Mike

Implementing a Sentient Implementing a Sentient Computing System Computing System Mike

Implementing a Sentient Implementing a Sentient Computing System Computing System Mike Addlesee, Rupert Curwen, Steve Hodges, Joe Newman, Pete Steggles, Andy Ward and Andy Hopper AT&amp;T Labs, Cambridge Presented by: Kurt Partridge and Jeff

337 views • 9 slides
Complementarity of Implementing the Biological Complementarity of Implementing the Biological

Complementarity of Implementing the Biological Complementarity of Implementing the Biological

Regional Workshop on National Implementation of the Biological Weapons Convention in East Asia and the Pacific Complementarity of Implementing the Biological Complementarity of Implementing the Biological Weapons Convention and UN Security

252 views • 23 slides
Implementing Object-Oriented Languages Implementing single inheritance Key features: Key idea:

Implementing Object-Oriented Languages Implementing single inheritance Key features: Key idea:

Implementing Object-Oriented Languages Implementing single inheritance Key features: Key idea: prefixing inheritance (possibly multiple) layout of superclass is a prefix of layout of subclass + instance variable access is just a load or

218 views • 9 slides
Caching, Parallelism, Fault Tolerance Marco Serafini COMPSCI 532 Lectures 2-3 Memory Hierarchy

Caching, Parallelism, Fault Tolerance Marco Serafini COMPSCI 532 Lectures 2-3 Memory Hierarchy

Caching, Parallelism, Fault Tolerance Marco Serafini COMPSCI 532 Lectures 2-3 Memory Hierarchy Multi-Core Processors Processor (chip) Processor (chip) Processor (chip) core core core core core core core core core core core

1.04k views • 53 slides

More recommend