/// <summary>
        /// Analyzes the ownership of the given-up symbol
        /// in the assignment expression.
        /// </summary>
        /// <param name="givenUpSymbol">GivenUpOwnershipSymbol</param>
        /// <param name="assignment">AssignmentExpressionSyntax</param>
        /// <param name="statement">Statement</param>
        /// <param name="machine">StateMachine</param>
        /// <param name="model">SemanticModel</param>
        /// <param name="trace">TraceInfo</param>
        protected override void AnalyzeOwnershipInAssignment(GivenUpOwnershipSymbol givenUpSymbol,
            AssignmentExpressionSyntax assignment, Statement statement, StateMachine machine,
            SemanticModel model, TraceInfo trace)
        {
            var leftIdentifier = base.AnalysisContext.GetRootIdentifier(assignment.Left);
            ISymbol leftSymbol = model.GetSymbolInfo(leftIdentifier).Symbol;

            if (assignment.Right is IdentifierNameSyntax)
            {
                var rightIdentifier = base.AnalysisContext.GetRootIdentifier(assignment.Right);
                ISymbol rightSymbol = model.GetSymbolInfo(rightIdentifier).Symbol;

                if (statement.Summary.DataFlowAnalysis.FlowsIntoSymbol(rightSymbol,
                    givenUpSymbol.ContainingSymbol, statement, givenUpSymbol.Statement))
                {
                    var type = model.GetTypeInfo(assignment.Right).Type;
                    if (leftSymbol != null && leftSymbol.Kind == SymbolKind.Field &&
                        base.IsFieldAccessedInSuccessor(leftSymbol as IFieldSymbol, statement.Summary, machine) &&
                        !base.AnalysisContext.IsTypePassedByValueOrImmutable(type))
                    {
                        TraceInfo newTrace = new TraceInfo();
                        newTrace.Merge(trace);
                        newTrace.AddErrorTrace(statement.SyntaxNode);

                        AnalysisErrorReporter.ReportGivenUpOwnershipFieldAssignment(newTrace, leftSymbol);
                    }

                    return;
                }
            }
            else if (assignment.Right is MemberAccessExpressionSyntax)
            {
                this.AnalyzeOwnershipInExpression(givenUpSymbol, assignment.Right, statement,
                    machine, model, trace);
            }
            else if (assignment.Right is InvocationExpressionSyntax ||
                assignment.Right is ObjectCreationExpressionSyntax)
            {
                trace.InsertCall(statement.Summary.Method, assignment.Right);
                base.AnalyzeOwnershipInCall(givenUpSymbol, assignment.Right, statement,
                    machine, model, trace);
            }

            if (assignment.Left is MemberAccessExpressionSyntax)
            {
                ISymbol outerLeftMemberSymbol = model.GetSymbolInfo(assignment.Left).Symbol;
                if (!outerLeftMemberSymbol.Equals(leftSymbol) &&
                    statement.Summary.DataFlowAnalysis.FlowsIntoSymbol(givenUpSymbol.ContainingSymbol,
                    leftSymbol, givenUpSymbol.Statement, statement))
                {
                    TraceInfo newTrace = new TraceInfo();
                    newTrace.Merge(trace);
                    newTrace.AddErrorTrace(statement.SyntaxNode);

                    AnalysisErrorReporter.ReportGivenUpOwnershipAccess(newTrace);
                }
            }
        }
        /// <summary>
        /// Analyzes the ownership of the given-up symbol
        /// in the assignment expression.
        /// </summary>
        /// <param name="givenUpSymbol">GivenUpOwnershipSymbol</param>
        /// <param name="assignment">AssignmentExpressionSyntax</param>
        /// <param name="statement">Statement</param>
        /// <param name="machine">StateMachine</param>
        /// <param name="model">SemanticModel</param>
        /// <param name="trace">TraceInfo</param>
        protected override void AnalyzeOwnershipInAssignment(GivenUpOwnershipSymbol givenUpSymbol,
            AssignmentExpressionSyntax assignment, Statement statement, StateMachine machine,
            SemanticModel model, TraceInfo trace)
        {
            IdentifierNameSyntax leftIdentifier = base.AnalysisContext.GetRootIdentifier(assignment.Left);
            ISymbol leftSymbol = model.GetSymbolInfo(leftIdentifier).Symbol;

            this.AnalyzeGivingUpFieldOwnership(givenUpSymbol, leftSymbol, statement, machine, trace);
            this.AnalyzeOwnershipInExpression(givenUpSymbol, assignment.Right,
                statement, machine, model, trace);
        }
Example #3
0
 /// <summary>
 /// Constructor.
 /// </summary>
 /// <param name="classDecl">ClassDeclarationSyntax</param>
 /// <param name="machine">StateMachine</param>
 /// <param name="context">AnalysisContext</param>
 internal MachineState(ClassDeclarationSyntax classDecl, StateMachine machine,
     AnalysisContext context)
 {
     this.AnalysisContext = context;
     this.Machine = machine;
     this.Name = this.AnalysisContext.GetFullClassName(classDecl);
     this.Declaration = classDecl;
     this.StateTransitions = new List<StateTransition>();
     this.MachineActions = new List<MachineAction>();
     this.IsStart = this.IsStartState();
 }
Example #4
0
        /// <summary>
        /// Constructor.
        /// </summary>
        /// <param name="method">BaseMethodDeclarationSyntax</param>
        /// <param name="machine">StateMachine</param>
        /// <param name="state">MachineState</param>
        /// <param name="payload">ISymbol</param>
        internal TraceInfo(BaseMethodDeclarationSyntax method, StateMachine machine,
            MachineState state, ISymbol payload)
        {
            this.ErrorTrace = new List<ErrorTraceStep>();
            this.CallTrace = new List<CallTraceStep>();

            if (method == null)
            {
                this.Method = null;
            }
            else if (method is MethodDeclarationSyntax)
            {
                this.Method = (method as MethodDeclarationSyntax).Identifier.ValueText;
            }
            else if (method is ConstructorDeclarationSyntax)
            {
                this.Method = (method as ConstructorDeclarationSyntax).Identifier.ValueText;
            }

            if (machine == null)
            {
                this.Machine = null;
            }
            else
            {
                this.Machine = machine.Name;
            }

            if (state == null)
            {
                this.State = null;
            }
            else
            {
                this.State = state.Name;
            }

            if (payload == null)
            {
                this.Payload = null;
            }
            else
            {
                this.Payload = payload.Name;
            }
        }
        /// <summary>
        /// Analyzes the ownership of the given-up symbol
        /// in the expression.
        /// </summary>
        /// <param name="givenUpSymbol">GivenUpOwnershipSymbol</param>
        /// <param name="expr">ExpressionSyntax</param>
        /// <param name="statement">Statement</param>
        /// <param name="machine">StateMachine</param>
        /// <param name="model">SemanticModel</param>
        /// <param name="trace">TraceInfo</param>
        private void AnalyzeOwnershipInExpression(GivenUpOwnershipSymbol givenUpSymbol,
            ExpressionSyntax expr, Statement statement, StateMachine machine,
            SemanticModel model, TraceInfo trace)
        {
            if (expr is MemberAccessExpressionSyntax)
            {
                var identifier = base.AnalysisContext.GetRootIdentifier(expr);
                ISymbol symbol = model.GetSymbolInfo(identifier).Symbol;
                if (statement.Summary.DataFlowAnalysis.FlowsIntoSymbol(symbol,
                    givenUpSymbol.ContainingSymbol, statement, givenUpSymbol.Statement))
                {
                    TraceInfo newTrace = new TraceInfo();
                    newTrace.Merge(trace);
                    newTrace.AddErrorTrace(statement.SyntaxNode);

                    AnalysisErrorReporter.ReportGivenUpOwnershipAccess(newTrace);
                }
            }
        }
 /// <summary>
 /// Analyzes the ownership of the given-up symbol
 /// in the variable declaration.
 /// </summary>
 /// <param name="givenUpSymbol">GivenUpOwnershipSymbol</param>
 /// <param name="varDecl">VariableDeclarationSyntax</param>
 /// <param name="statement">Statement</param>
 /// <param name="machine">StateMachine</param>
 /// <param name="model">SemanticModel</param>
 /// <param name="trace">TraceInfo</param>
 protected override void AnalyzeOwnershipInLocalDeclaration(GivenUpOwnershipSymbol givenUpSymbol,
     VariableDeclarationSyntax varDecl, Statement statement, StateMachine machine,
     SemanticModel model, TraceInfo trace)
 {
     foreach (var variable in varDecl.Variables.Where(v => v.Initializer != null))
     {
         var expr = variable.Initializer.Value;
         if (expr is IdentifierNameSyntax ||
             expr is MemberAccessExpressionSyntax)
         {
             this.AnalyzeOwnershipInExpression(givenUpSymbol, expr, statement,
                 machine, model, trace);
         }
         else if (expr is InvocationExpressionSyntax ||
             expr is ObjectCreationExpressionSyntax)
         {
             trace.InsertCall(statement.Summary.Method, expr);
             base.AnalyzeOwnershipInCall(givenUpSymbol, expr, statement,
                 machine, model, trace);
         }
     }
 }
Example #7
0
 /// <summary>
 /// Analyzes the ownership of the given-up symbol
 /// in the variable declaration.
 /// </summary>
 /// <param name="givenUpSymbol">GivenUpOwnershipSymbol</param>
 /// <param name="varDecl">VariableDeclarationSyntax</param>
 /// <param name="statement">Statement</param>
 /// <param name="machine">StateMachine</param>
 /// <param name="model">SemanticModel</param>
 /// <param name="trace">TraceInfo</param>
 protected abstract void AnalyzeOwnershipInLocalDeclaration(GivenUpOwnershipSymbol givenUpSymbol,
                                                            VariableDeclarationSyntax varDecl, Statement statement, StateMachine machine,
                                                            SemanticModel model, TraceInfo trace);
 /// <summary>
 /// Analyzes the ownership of the given-up symbol
 /// in the assignment expression.
 /// </summary>
 /// <param name="givenUpSymbol">GivenUpOwnershipSymbol</param>
 /// <param name="assignment">AssignmentExpressionSyntax</param>
 /// <param name="statement">Statement</param>
 /// <param name="machine">StateMachine</param>
 /// <param name="model">SemanticModel</param>
 /// <param name="trace">TraceInfo</param>
 protected abstract void AnalyzeOwnershipInAssignment(GivenUpOwnershipSymbol givenUpSymbol,
     AssignmentExpressionSyntax assignment, Statement statement, StateMachine machine,
     SemanticModel model, TraceInfo trace);
        /// <summary>
        /// Returns true if the field symbol is being accessed
        /// in a successor summary.
        /// </summary>
        /// <param name="fieldSymbol">IFieldSymbol</param>
        /// <param name="summary">MethodSummary</param>
        /// <param name="machine">StateMachine</param>
        /// <returns>Boolean</returns>
        protected bool IsFieldAccessedInSuccessor(IFieldSymbol fieldSymbol, MethodSummary summary,
            StateMachine machine)
        {
            if (!base.Configuration.DoStateTransitionAnalysis)
            {
                return true;
            }

            var successors = machine.GetSuccessorSummaries(summary);

            foreach (var successor in successors)
            {
                if (successor.SideEffectsInfo.FieldAccesses.ContainsKey(fieldSymbol))
                {
                    return true;
                }
            }

            return false;
        }
Example #10
0
 /// <summary>
 /// Analyzes the ownership of the given-up symbol
 /// in the candidate callee.
 /// </summary>
 /// <param name="givenUpSymbol">GivenUpOwnershipSymbol</param>
 /// <param name="calleeSummary">MethodSummary</param>
 /// <param name="call">ExpressionSyntax</param>
 /// <param name="statement">Statement</param>
 /// <param name="machine">StateMachine</param>
 /// <param name="model">SemanticModel</param>
 /// <param name="trace">TraceInfo</param>
 protected abstract void AnalyzeOwnershipInCandidateCallee(GivenUpOwnershipSymbol givenUpSymbol,
                                                           MethodSummary calleeSummary, ExpressionSyntax call, Statement statement,
                                                           StateMachine machine, SemanticModel model, TraceInfo trace);
Example #11
0
        /// <summary>
        /// Analyzes the ownership of the given-up symbol
        /// in the call.
        /// </summary>
        /// <param name="givenUpSymbol">GivenUpOwnershipSymbol</param>
        /// <param name="call">ExpressionSyntax</param>
        /// <param name="statement">Statement</param>
        /// <param name="machine">StateMachine</param>
        /// <param name="model">SemanticModel</param>
        /// <param name="trace">TraceInfo</param>
        /// <returns>Set of return symbols</returns>
        protected HashSet<ISymbol> AnalyzeOwnershipInCall(GivenUpOwnershipSymbol givenUpSymbol,
            ExpressionSyntax call, Statement statement, StateMachine machine,
            SemanticModel model, TraceInfo trace)
        {
            var potentialReturnSymbols = new HashSet<ISymbol>();

            var invocation = call as InvocationExpressionSyntax;
            var objCreation = call as ObjectCreationExpressionSyntax;
            if ((invocation == null && objCreation == null))
            {
                return potentialReturnSymbols;
            }

            TraceInfo callTrace = new TraceInfo();
            callTrace.Merge(trace);
            callTrace.AddErrorTrace(call);

            var callSymbol = model.GetSymbolInfo(call).Symbol;
            if (callSymbol == null)
            {
                AnalysisErrorReporter.ReportExternalInvocation(callTrace);
                return potentialReturnSymbols;
            }

            if (callSymbol.ContainingType.ToString().Equals("Microsoft.PSharp.Machine"))
            {
                this.AnalyzeOwnershipInGivesUpCall(givenUpSymbol, invocation,
                    statement, machine, model, callTrace);
                return potentialReturnSymbols;
            }

            if (SymbolFinder.FindSourceDefinitionAsync(callSymbol,
                this.AnalysisContext.Solution).Result == null)
            {
                AnalysisErrorReporter.ReportExternalInvocation(callTrace);
                return potentialReturnSymbols;
            }

            var candidateSummaries = MethodSummary.GetCachedSummaries(callSymbol, statement);
            foreach (var candidateSummary in candidateSummaries)
            {
                this.AnalyzeOwnershipInCandidateCallee(givenUpSymbol, candidateSummary,
                    call, statement, machine, model, callTrace);

                if (invocation != null)
                {
                    var resolvedReturnSymbols = candidateSummary.GetResolvedReturnSymbols(invocation, model);
                    foreach (var resolvedReturnSymbol in resolvedReturnSymbols)
                    {
                        potentialReturnSymbols.Add(resolvedReturnSymbol);
                    }
                }
            }

            return potentialReturnSymbols;
        }
        /// <summary>
        /// Analyzes the ownership of the given-up symbol
        /// in the expression.
        /// </summary>
        /// <param name="givenUpSymbol">GivenUpOwnershipSymbol</param>
        /// <param name="expr">ExpressionSyntax</param>
        /// <param name="statement">Statement</param>
        /// <param name="machine">StateMachine</param>
        /// <param name="model">SemanticModel</param>
        /// <param name="trace">TraceInfo</param>
        private void AnalyzeOwnershipInExpression(GivenUpOwnershipSymbol givenUpSymbol,
            ExpressionSyntax expr, Statement statement, StateMachine machine,
            SemanticModel model, TraceInfo trace)
        {
            if (expr is IdentifierNameSyntax ||
                expr is MemberAccessExpressionSyntax)
            {
                IdentifierNameSyntax rightIdentifier = base.AnalysisContext.GetRootIdentifier(expr);
                if (rightIdentifier != null)
                {
                    var rightSymbol = model.GetSymbolInfo(rightIdentifier).Symbol;
                    this.AnalyzeGivingUpFieldOwnership(givenUpSymbol, rightSymbol, statement, machine, trace);
                }
            }
            else if (expr is InvocationExpressionSyntax ||
                expr is ObjectCreationExpressionSyntax)
            {
                trace.InsertCall(statement.Summary.Method, expr);

                HashSet<ISymbol> returnSymbols = base.AnalyzeOwnershipInCall(givenUpSymbol,
                    expr, statement, machine, model, trace);
                foreach (var returnSymbol in returnSymbols)
                {
                    this.AnalyzeGivingUpFieldOwnership(givenUpSymbol, returnSymbol, statement, machine, trace);
                }
            }
        }
        /// <summary>
        /// Analyzes the given-up ownership of fields in the expression.
        /// </summary>
        /// <param name="givenUpSymbol">GivenUpOwnershipSymbol</param>
        /// <param name="symbol">Symbol</param>
        /// <param name="statement">Statement</param>
        /// <param name="machine">StateMachine</param>
        /// <param name="trace">TraceInfo</param>
        private void AnalyzeGivingUpFieldOwnership(GivenUpOwnershipSymbol givenUpSymbol,
            ISymbol symbol, Statement statement, StateMachine machine, TraceInfo trace)
        {
            if (!statement.Summary.DataFlowAnalysis.FlowsIntoSymbol(symbol,
                givenUpSymbol.ContainingSymbol, statement, givenUpSymbol.Statement))
            {
                return;
            }

            if (symbol.Kind == SymbolKind.Field &&
                base.IsFieldAccessedInSuccessor(symbol as IFieldSymbol, statement.Summary, machine))
            {
                TraceInfo newTrace = new TraceInfo();
                newTrace.Merge(trace);
                newTrace.AddErrorTrace(statement.SyntaxNode);

                AnalysisErrorReporter.ReportGivenUpFieldOwnershipError(newTrace, symbol);
            }
        }
        /// <summary>
        /// Analyzes the ownership of the given-up symbol
        /// in the variable declaration.
        /// </summary>
        /// <param name="givenUpSymbol">GivenUpOwnershipSymbol</param>
        /// <param name="varDecl">VariableDeclarationSyntax</param>
        /// <param name="statement">Statement</param>
        /// <param name="machine">StateMachine</param>
        /// <param name="model">SemanticModel</param>
        /// <param name="trace">TraceInfo</param>
        protected override void AnalyzeOwnershipInLocalDeclaration(GivenUpOwnershipSymbol givenUpSymbol,
            VariableDeclarationSyntax varDecl, Statement statement, StateMachine machine,
            SemanticModel model, TraceInfo trace)
        {
            foreach (var variable in varDecl.Variables.Where(v => v.Initializer != null))
            {
                ExpressionSyntax expr = variable.Initializer.Value;
                ISymbol leftSymbol = model.GetDeclaredSymbol(variable);

                this.AnalyzeGivingUpFieldOwnership(givenUpSymbol, leftSymbol, statement, machine, trace);
                this.AnalyzeOwnershipInExpression(givenUpSymbol, expr, statement,
                    machine, model, trace);
            }
        }
 /// <summary>
 /// Analyzes the ownership of the given-up symbol
 /// in the gives-up operation.
 /// </summary>
 /// <param name="givenUpSymbol">GivenUpOwnershipSymbol</param>
 /// <param name="call">Gives-up call</param>
 /// <param name="statement">Statement</param>
 /// <param name="machine">StateMachine</param>
 /// <param name="model">SemanticModel</param>
 /// <param name="trace">TraceInfo</param>
 protected override void AnalyzeOwnershipInGivesUpCall(GivenUpOwnershipSymbol givenUpSymbol,
     InvocationExpressionSyntax call, Statement statement, StateMachine machine,
     SemanticModel model, TraceInfo trace)
 {
     if (givenUpSymbol.Statement.Equals(statement) &&
         givenUpSymbol.ContainingSymbol.Kind == SymbolKind.Field &&
         base.IsFieldAccessedInSuccessor(givenUpSymbol.ContainingSymbol as IFieldSymbol, statement.Summary, machine))
     {
         AnalysisErrorReporter.ReportGivenUpFieldOwnershipError(trace, givenUpSymbol.ContainingSymbol);
     }
 }
Example #16
0
 /// <summary>
 /// Analyzes the ownership of the given-up symbol
 /// in the control-flow graph.
 /// </summary>
 /// <param name="givenUpSymbol">GivenUpOwnershipSymbol</param>
 /// <param name="machine">StateMachine</param>
 /// <param name="model">SemanticModel</param>
 /// <param name="trace">TraceInfo</param>
 protected abstract void AnalyzeOwnershipInControlFlowGraph(GivenUpOwnershipSymbol givenUpSymbol,
                                                            StateMachine machine, SemanticModel model, TraceInfo trace);
Example #17
0
 /// <summary>
 /// Analyzes the ownership of the given-up symbol
 /// in the gives-up operation.
 /// </summary>
 /// <param name="givenUpSymbol">GivenUpOwnershipSymbol</param>
 /// <param name="call">Gives-up call</param>
 /// <param name="statement">Statement</param>
 /// <param name="machine">StateMachine</param>
 /// <param name="model">SemanticModel</param>
 /// <param name="trace">TraceInfo</param>
 protected abstract void AnalyzeOwnershipInGivesUpCall(GivenUpOwnershipSymbol givenUpSymbol,
                                                       InvocationExpressionSyntax call, Statement statement, StateMachine machine,
                                                       SemanticModel model, TraceInfo trace);
Example #18
0
 /// <summary>
 /// Analyzes the ownership of the given-up symbol
 /// in the assignment expression.
 /// </summary>
 /// <param name="givenUpSymbol">GivenUpOwnershipSymbol</param>
 /// <param name="assignment">AssignmentExpressionSyntax</param>
 /// <param name="statement">Statement</param>
 /// <param name="machine">StateMachine</param>
 /// <param name="model">SemanticModel</param>
 /// <param name="trace">TraceInfo</param>
 protected abstract void AnalyzeOwnershipInAssignment(GivenUpOwnershipSymbol givenUpSymbol,
                                                      AssignmentExpressionSyntax assignment, Statement statement, StateMachine machine,
                                                      SemanticModel model, TraceInfo trace);
Example #19
0
 /// <summary>
 /// Analyzes the ownership of the given-up symbol
 /// in the control-flow graph.
 /// </summary>
 /// <param name="givenUpSymbol">GivenUpOwnershipSymbol</param>
 /// <param name="machine">StateMachine</param>
 /// <param name="model">SemanticModel</param>
 /// <param name="trace">TraceInfo</param>
 protected abstract void AnalyzeOwnershipInControlFlowGraph(GivenUpOwnershipSymbol givenUpSymbol,
     StateMachine machine, SemanticModel model, TraceInfo trace);
Example #20
0
 /// <summary>
 /// Analyzes the ownership of the given-up symbol
 /// in the variable declaration.
 /// </summary>
 /// <param name="givenUpSymbol">GivenUpOwnershipSymbol</param>
 /// <param name="varDecl">VariableDeclarationSyntax</param>
 /// <param name="statement">Statement</param>
 /// <param name="machine">StateMachine</param>
 /// <param name="model">SemanticModel</param>
 /// <param name="trace">TraceInfo</param>
 protected abstract void AnalyzeOwnershipInLocalDeclaration(GivenUpOwnershipSymbol givenUpSymbol,
     VariableDeclarationSyntax varDecl, Statement statement, StateMachine machine,
     SemanticModel model, TraceInfo trace);
Example #21
0
 /// <summary>
 /// Analyzes the ownership of the given-up symbol
 /// in the candidate callee.
 /// </summary>
 /// <param name="givenUpSymbol">GivenUpOwnershipSymbol</param>
 /// <param name="calleeSummary">MethodSummary</param>
 /// <param name="call">ExpressionSyntax</param>
 /// <param name="statement">Statement</param>
 /// <param name="machine">StateMachine</param>
 /// <param name="model">SemanticModel</param>
 /// <param name="trace">TraceInfo</param>
 protected abstract void AnalyzeOwnershipInCandidateCallee(GivenUpOwnershipSymbol givenUpSymbol,
     MethodSummary calleeSummary, ExpressionSyntax call, Statement statement,
     StateMachine machine, SemanticModel model, TraceInfo trace);
Example #22
0
        /// <summary>
        /// Analyzes the ownership of the given-up symbol
        /// in the call.
        /// </summary>
        /// <param name="givenUpSymbol">GivenUpOwnershipSymbol</param>
        /// <param name="call">ExpressionSyntax</param>
        /// <param name="statement">Statement</param>
        /// <param name="machine">StateMachine</param>
        /// <param name="model">SemanticModel</param>
        /// <param name="trace">TraceInfo</param>
        /// <returns>Set of return symbols</returns>
        protected HashSet <ISymbol> AnalyzeOwnershipInCall(GivenUpOwnershipSymbol givenUpSymbol,
                                                           ExpressionSyntax call, Statement statement, StateMachine machine,
                                                           SemanticModel model, TraceInfo trace)
        {
            var potentialReturnSymbols = new HashSet <ISymbol>();

            var invocation  = call as InvocationExpressionSyntax;
            var objCreation = call as ObjectCreationExpressionSyntax;

            if ((invocation == null && objCreation == null))
            {
                return(potentialReturnSymbols);
            }

            TraceInfo callTrace = new TraceInfo();

            callTrace.Merge(trace);
            callTrace.AddErrorTrace(call);

            var callSymbol = model.GetSymbolInfo(call).Symbol;

            if (callSymbol == null)
            {
                base.ErrorReporter.ReportExternalInvocation(callTrace);
                return(potentialReturnSymbols);
            }

            if (callSymbol.ContainingType.ToString().Equals("Microsoft.PSharp.Machine"))
            {
                this.AnalyzeOwnershipInGivesUpCall(givenUpSymbol, invocation,
                                                   statement, machine, model, callTrace);
                return(potentialReturnSymbols);
            }

            if (SymbolFinder.FindSourceDefinitionAsync(callSymbol,
                                                       this.AnalysisContext.Solution).Result == null)
            {
                base.ErrorReporter.ReportExternalInvocation(callTrace);
                return(potentialReturnSymbols);
            }

            var candidateSummaries = MethodSummary.GetCachedSummaries(callSymbol, statement);

            foreach (var candidateSummary in candidateSummaries)
            {
                this.AnalyzeOwnershipInCandidateCallee(givenUpSymbol, candidateSummary,
                                                       call, statement, machine, model, callTrace);

                if (invocation != null)
                {
                    var resolvedReturnSymbols = candidateSummary.GetResolvedReturnSymbols(invocation, model);
                    foreach (var resolvedReturnSymbol in resolvedReturnSymbols)
                    {
                        potentialReturnSymbols.Add(resolvedReturnSymbol);
                    }
                }
            }

            return(potentialReturnSymbols);
        }
Example #23
0
 /// <summary>
 /// Analyzes the ownership of the given-up symbol
 /// in the gives-up operation.
 /// </summary>
 /// <param name="givenUpSymbol">GivenUpOwnershipSymbol</param>
 /// <param name="call">Gives-up call</param>
 /// <param name="statement">Statement</param>
 /// <param name="machine">StateMachine</param>
 /// <param name="model">SemanticModel</param>
 /// <param name="trace">TraceInfo</param>
 protected abstract void AnalyzeOwnershipInGivesUpCall(GivenUpOwnershipSymbol givenUpSymbol,
     InvocationExpressionSyntax call, Statement statement, StateMachine machine,
     SemanticModel model, TraceInfo trace);
        /// <summary>
        /// Analyzes the ownership of the given-up symbol
        /// in the candidate callee.
        /// </summary>
        /// <param name="givenUpSymbol">GivenUpOwnershipSymbol</param>
        /// <param name="calleeSummary">MethodSummary</param>
        /// <param name="call">ExpressionSyntax</param>
        /// <param name="statement">Statement</param>
        /// <param name="machine">StateMachine</param>
        /// <param name="model">SemanticModel</param>
        /// <param name="trace">TraceInfo</param>
        protected override void AnalyzeOwnershipInCandidateCallee(GivenUpOwnershipSymbol givenUpSymbol,
            MethodSummary calleeSummary, ExpressionSyntax call, Statement statement,
            StateMachine machine, SemanticModel model, TraceInfo trace)
        {
            ArgumentListSyntax argumentList = base.AnalysisContext.GetArgumentList(call);
            if (argumentList == null)
            {
                return;
            }

            for (int idx = 0; idx < argumentList.Arguments.Count; idx++)
            {
                var argIdentifier = base.AnalysisContext.GetRootIdentifier(
                    argumentList.Arguments[idx].Expression);
                if (argIdentifier == null)
                {
                    continue;
                }

                ISymbol argSymbol = model.GetSymbolInfo(argIdentifier).Symbol;
                if (statement.Summary.DataFlowAnalysis.FlowsIntoSymbol(argSymbol,
                    givenUpSymbol.ContainingSymbol, statement, givenUpSymbol.Statement))
                {
                    if (calleeSummary.SideEffectsInfo.FieldFlowParamIndexes.Any(v => v.Value.Contains(idx) &&
                        base.IsFieldAccessedInSuccessor(v.Key, statement.Summary, machine)))
                    {
                        AnalysisErrorReporter.ReportGivenUpFieldOwnershipError(trace, argSymbol);
                    }
                }
            }
        }
Example #25
0
        /// <summary>
        /// Analyzes the ownership of the given-up symbol
        /// in the control-flow graph node.
        /// </summary>
        /// <param name="givenUpSymbol">GivenUpOwnershipSymbol</param>
        /// <param name="statement">Statement</param>
        /// <param name="machine">StateMachine</param>
        /// <param name="model">SemanticModel</param>
        /// <param name="trace">TraceInfo</param>
        protected void AnalyzeOwnershipInStatement(GivenUpOwnershipSymbol givenUpSymbol,
            Statement statement, StateMachine machine, SemanticModel model,
            TraceInfo trace)
        {
            var localDecl = statement.SyntaxNode.DescendantNodesAndSelf().
                OfType<LocalDeclarationStatementSyntax>().FirstOrDefault();
            var expr = statement.SyntaxNode.DescendantNodesAndSelf().
                OfType<ExpressionStatementSyntax>().FirstOrDefault();

            if (localDecl != null)
            {
                var varDecl = localDecl.Declaration;
                this.AnalyzeOwnershipInLocalDeclaration(givenUpSymbol, varDecl,
                    statement, machine, model, trace);
            }
            else if (expr != null)
            {
                if (expr.Expression is AssignmentExpressionSyntax)
                {
                    var assignment = expr.Expression as AssignmentExpressionSyntax;
                    this.AnalyzeOwnershipInAssignment(givenUpSymbol, assignment,
                        statement, machine, model, trace);
                }
                else if (expr.Expression is InvocationExpressionSyntax ||
                    expr.Expression is ObjectCreationExpressionSyntax)
                {
                    trace.InsertCall(statement.Summary.Method, expr.Expression);
                    this.AnalyzeOwnershipInCall(givenUpSymbol, expr.Expression,
                        statement, machine, model, trace);
                }
            }
        }
        /// <summary>
        /// Analyzes the ownership of the given-up symbol
        /// in the candidate callee.
        /// </summary>
        /// <param name="givenUpSymbol">GivenUpOwnershipSymbol</param>
        /// <param name="calleeSummary">MethodSummary</param>
        /// <param name="call">ExpressionSyntax</param>
        /// <param name="statement">Statement</param>
        /// <param name="machine">StateMachine</param>
        /// <param name="model">SemanticModel</param>
        /// <param name="trace">TraceInfo</param>
        protected override void AnalyzeOwnershipInCandidateCallee(GivenUpOwnershipSymbol givenUpSymbol,
            MethodSummary calleeSummary, ExpressionSyntax call, Statement statement,
            StateMachine machine, SemanticModel model, TraceInfo trace)
        {
            if (statement.Equals(givenUpSymbol.Statement) &&
                !statement.ControlFlowNode.IsSuccessorOf(
                    givenUpSymbol.Statement.ControlFlowNode))
            {
                return;
            }

            var invocation = call as InvocationExpressionSyntax;
            if (invocation != null)
            {
                this.AnalyzeOwnershipInExpression(givenUpSymbol, invocation.Expression, statement,
                    machine, model, trace);
            }

            ArgumentListSyntax argumentList = base.AnalysisContext.GetArgumentList(call);
            if (argumentList != null)
            {
                for (int idx = 0; idx < argumentList.Arguments.Count; idx++)
                {
                    var argType = model.GetTypeInfo(argumentList.Arguments[idx].Expression).Type;
                    if (base.AnalysisContext.IsTypePassedByValueOrImmutable(argType))
                    {
                        continue;
                    }

                    var argIdentifier = base.AnalysisContext.GetRootIdentifier(
                        argumentList.Arguments[idx].Expression);
                    ISymbol argSymbol = model.GetSymbolInfo(argIdentifier).Symbol;

                    if (statement.Summary.DataFlowAnalysis.FlowsIntoSymbol(argSymbol,
                        givenUpSymbol.ContainingSymbol, statement, givenUpSymbol.Statement))
                    {
                        if (calleeSummary.SideEffectsInfo.ParameterAccesses.ContainsKey(idx))
                        {
                            foreach (var access in calleeSummary.SideEffectsInfo.ParameterAccesses[idx])
                            {
                                TraceInfo newTrace = new TraceInfo();
                                newTrace.Merge(trace);
                                newTrace.AddErrorTrace(access.SyntaxNode);

                                AnalysisErrorReporter.ReportGivenUpOwnershipAccess(newTrace);
                            }
                        }

                        var fieldSymbols = calleeSummary.SideEffectsInfo.FieldFlowParamIndexes.Where(
                            v => v.Value.Contains(idx)).Select(v => v.Key);
                        foreach (var fieldSymbol in fieldSymbols)
                        {
                            if (base.IsFieldAccessedInSuccessor(fieldSymbol, statement.Summary, machine))
                            {
                                AnalysisErrorReporter.ReportGivenUpOwnershipFieldAssignment(trace, fieldSymbol);
                            }
                        }

                        if (calleeSummary.SideEffectsInfo.GivesUpOwnershipParamIndexes.Contains(idx))
                        {
                            AnalysisErrorReporter.ReportGivenUpOwnershipSending(trace, argSymbol);
                        }
                    }
                }
            }

            foreach (var fieldAccess in calleeSummary.SideEffectsInfo.FieldAccesses)
            {
                foreach (var access in fieldAccess.Value)
                {
                    if (statement.Summary.DataFlowAnalysis.FlowsIntoSymbol(givenUpSymbol.ContainingSymbol,
                        fieldAccess.Key, givenUpSymbol.Statement, statement))
                    {
                        TraceInfo newTrace = new TraceInfo();
                        newTrace.Merge(trace);
                        newTrace.AddErrorTrace(access.SyntaxNode);

                        AnalysisErrorReporter.ReportGivenUpOwnershipFieldAccess(newTrace, fieldAccess.Key);
                    }
                }
            }
        }
Example #27
0
        /// <summary>
        /// Analyzes the method summaries of the machine to check if
        /// each summary respects given-up ownerships.
        /// </summary>
        /// <param name="machine">StateMachine</param>
        private void AnalyzeMethodSummariesInMachine(StateMachine machine)
        {
            foreach (var summary in machine.MethodSummaries.Values)
            {
                foreach (var givenUpSymbol in summary.GetSymbolsWithGivenUpOwnership())
                {
                    TraceInfo trace = new TraceInfo(summary.Method, machine, null, givenUpSymbol.ContainingSymbol);
                    trace.AddErrorTrace(givenUpSymbol.Statement.SyntaxNode);

                    var model = this.AnalysisContext.Compilation.GetSemanticModel(
                        givenUpSymbol.Statement.SyntaxNode.SyntaxTree);
                    this.AnalyzeOwnershipInControlFlowGraph(givenUpSymbol, machine, model, trace);
                }
            }
        }
        /// <summary>
        /// Analyzes the ownership of the given-up symbol
        /// in the control-flow graph.
        /// </summary>
        /// <param name="givenUpSymbol">GivenUpOwnershipSymbol</param>
        /// <param name="machine">StateMachine</param>
        /// <param name="model">SemanticModel</param>
        /// <param name="trace">TraceInfo</param>
        protected override void AnalyzeOwnershipInControlFlowGraph(GivenUpOwnershipSymbol givenUpSymbol,
            StateMachine machine, SemanticModel model, TraceInfo trace)
        {
            var queue = new Queue<IControlFlowNode>();
            queue.Enqueue(givenUpSymbol.Statement.ControlFlowNode);

            var visitedNodes = new HashSet<IControlFlowNode>();
            visitedNodes.Add(givenUpSymbol.Statement.ControlFlowNode);

            bool repeatGivesUpNode = false;
            while (queue.Count > 0)
            {
                IControlFlowNode node = queue.Dequeue();

                var statements = new List<Statement>();
                if (!repeatGivesUpNode &&
                    node.Equals(givenUpSymbol.Statement.ControlFlowNode))
                {
                    statements.AddRange(node.Statements.SkipWhile(
                        val => !val.Equals(givenUpSymbol.Statement)));
                }
                else if (repeatGivesUpNode &&
                    node.Equals(givenUpSymbol.Statement.ControlFlowNode))
                {
                    statements.AddRange(node.Statements.TakeWhile(
                        val => !val.Equals(givenUpSymbol.Statement)));
                    statements.Add(givenUpSymbol.Statement);
                }
                else
                {
                    statements.AddRange(node.Statements);
                }

                foreach (var statement in statements)
                {
                    base.AnalyzeOwnershipInStatement(givenUpSymbol, statement,
                        machine, model, trace);
                }

                foreach (var successor in node.ISuccessors)
                {
                    if (!repeatGivesUpNode &&
                        successor.Equals(givenUpSymbol.Statement.ControlFlowNode))
                    {
                        repeatGivesUpNode = true;
                        visitedNodes.Remove(givenUpSymbol.Statement.ControlFlowNode);
                    }

                    if (!visitedNodes.Contains(successor))
                    {
                        queue.Enqueue(successor);
                        visitedNodes.Add(successor);
                    }
                }
            }
        }
        /// <summary>
        /// Summarizes the state-machines in the project.
        /// </summary>
        /// <param name="machines">StateMachines</param>
        private void SummarizeStateMachines(ISet<StateMachine> machines)
        {
            // Iterate the syntax trees for each project file.
            foreach (var tree in base.AnalysisContext.Compilation.SyntaxTrees)
            {
                // Get the tree's semantic model.
                var model = base.AnalysisContext.Compilation.GetSemanticModel(tree);

                // Get the tree's root node compilation unit.
                var root = (CompilationUnitSyntax)tree.GetRoot();

                // Iterate the class declerations only if they are machines.
                foreach (var classDecl in root.DescendantNodes().OfType<ClassDeclarationSyntax>())
                {
                    if (Querying.IsMachine(base.AnalysisContext.Compilation, classDecl))
                    {
                        StateMachine stateMachine = new StateMachine(classDecl, base.AnalysisContext);
                        if (this.Configuration.AnalyzeDataFlow)
                        {
                            stateMachine.Summarize();
                        }

                        machines.Add(stateMachine);
                    }
                }
            }
        }
        /// <summary>
        /// Analyzes the ownership of the given-up symbol
        /// in the gives-up operation.
        /// </summary>
        /// <param name="givenUpSymbol">GivenUpOwnershipSymbol</param>
        /// <param name="call">Gives-up call</param>
        /// <param name="statement">Statement</param>
        /// <param name="machine">StateMachine</param>
        /// <param name="model">SemanticModel</param>
        /// <param name="trace">TraceInfo</param>
        protected override void AnalyzeOwnershipInGivesUpCall(GivenUpOwnershipSymbol givenUpSymbol,
            InvocationExpressionSyntax call, Statement statement, StateMachine machine,
            SemanticModel model, TraceInfo trace)
        {
            if (statement.Equals(givenUpSymbol.Statement) &&
                !statement.ControlFlowNode.IsSuccessorOf(
                    givenUpSymbol.Statement.ControlFlowNode))
            {
                return;
            }

            var opSymbol = model.GetSymbolInfo(call).Symbol;
            if ((!opSymbol.Name.Equals("Send") &&
                !opSymbol.Name.Equals("CreateMachine")) ||
                (opSymbol.Name.Equals("CreateMachine") &&
                call.ArgumentList.Arguments.Count != 2))
            {
                return;
            }

            ExpressionSyntax argExpr = call.ArgumentList.Arguments[1].Expression;
            var arguments = new List<ExpressionSyntax>();

            if (argExpr is ObjectCreationExpressionSyntax)
            {
                var objCreation = argExpr as ObjectCreationExpressionSyntax;
                foreach (var arg in objCreation.ArgumentList.Arguments)
                {
                    arguments.Add(arg.Expression);
                }
            }
            else if (argExpr is BinaryExpressionSyntax &&
                argExpr.IsKind(SyntaxKind.AsExpression))
            {
                var binExpr = argExpr as BinaryExpressionSyntax;
                if (binExpr.Left is IdentifierNameSyntax ||
                    binExpr.Left is MemberAccessExpressionSyntax)
                {
                    arguments.Add(binExpr.Left);
                }
                else if (binExpr.Left is InvocationExpressionSyntax)
                {
                    var invocation = binExpr.Left as InvocationExpressionSyntax;
                    for (int i = 1; i < invocation.ArgumentList.Arguments.Count; i++)
                    {
                        arguments.Add(invocation.ArgumentList.Arguments[i].Expression);
                    }
                }
            }
            else if (argExpr is IdentifierNameSyntax ||
                argExpr is MemberAccessExpressionSyntax)
            {
                arguments.Add(argExpr);
            }

            var extractedArgs = base.ExtractArguments(arguments);
            foreach (var arg in extractedArgs)
            {
                IdentifierNameSyntax argIdentifier = base.AnalysisContext.GetRootIdentifier(arg);
                ITypeSymbol argType = model.GetTypeInfo(argIdentifier).Type;
                if (base.AnalysisContext.IsTypePassedByValueOrImmutable(argType))
                {
                    continue;
                }

                ISymbol argSymbol = model.GetSymbolInfo(argIdentifier).Symbol;
                if (statement.Summary.DataFlowAnalysis.FlowsIntoSymbol(argSymbol,
                    givenUpSymbol.ContainingSymbol, statement, givenUpSymbol.Statement))
                {
                    AnalysisErrorReporter.ReportGivenUpOwnershipSending(trace, argSymbol);
                    return;
                }
            }
        }