/// <summary>
/// Analyzes the ownership of the given-up symbol
/// in the call.
/// </summary>
/// <param name="givenUpSymbol">GivenUpOwnershipSymbol</param>
/// <param name="call">ExpressionSyntax</param>
/// <param name="statement">Statement</param>
/// <param name="machine">StateMachine</param>
/// <param name="model">SemanticModel</param>
/// <param name="trace">TraceInfo</param>
/// <returns>Set of return symbols</returns>
protected HashSet <ISymbol> AnalyzeOwnershipInCall(GivenUpOwnershipSymbol givenUpSymbol,
ExpressionSyntax call, Statement statement, StateMachine machine,
SemanticModel model, TraceInfo trace)
{
var potentialReturnSymbols = new HashSet <ISymbol>();
var invocation = call as InvocationExpressionSyntax;
var objCreation = call as ObjectCreationExpressionSyntax;
if ((invocation == null && objCreation == null))
{
return(potentialReturnSymbols);
}
TraceInfo callTrace = new TraceInfo();
callTrace.Merge(trace);
callTrace.AddErrorTrace(call);
var callSymbol = model.GetSymbolInfo(call).Symbol;
if (callSymbol == null)
{
AnalysisErrorReporter.ReportExternalInvocation(callTrace);
return(potentialReturnSymbols);
}
if (callSymbol.ContainingType.ToString().Equals("Microsoft.PSharp.Machine"))
{
this.AnalyzeOwnershipInGivesUpCall(givenUpSymbol, invocation,
statement, machine, model, callTrace);
return(potentialReturnSymbols);
}
if (SymbolFinder.FindSourceDefinitionAsync(callSymbol,
this.AnalysisContext.Solution).Result == null)
{
AnalysisErrorReporter.ReportExternalInvocation(callTrace);
return(potentialReturnSymbols);
}
var candidateSummaries = MethodSummary.GetCachedSummaries(callSymbol, statement);
foreach (var candidateSummary in candidateSummaries)
{
this.AnalyzeOwnershipInCandidateCallee(givenUpSymbol, candidateSummary,
call, statement, machine, model, callTrace);
if (invocation != null)
{
var resolvedReturnSymbols = candidateSummary.GetResolvedReturnSymbols(invocation, model);
foreach (var resolvedReturnSymbol in resolvedReturnSymbols)
{
potentialReturnSymbols.Add(resolvedReturnSymbol);
}
}
}
return(potentialReturnSymbols);
}
/// <summary>
/// Analyzes the ownership of the given-up symbol
/// in the assignment expression.
/// </summary>
/// <param name="givenUpSymbol">GivenUpOwnershipSymbol</param>
/// <param name="assignment">AssignmentExpressionSyntax</param>
/// <param name="statement">Statement</param>
/// <param name="machine">StateMachine</param>
/// <param name="model">SemanticModel</param>
/// <param name="trace">TraceInfo</param>
protected override void AnalyzeOwnershipInAssignment(GivenUpOwnershipSymbol givenUpSymbol,
AssignmentExpressionSyntax assignment, Statement statement, StateMachine machine,
SemanticModel model, TraceInfo trace)
{
var leftIdentifier = base.AnalysisContext.GetRootIdentifier(assignment.Left);
ISymbol leftSymbol = model.GetSymbolInfo(leftIdentifier).Symbol;
if (assignment.Right is IdentifierNameSyntax)
{
var rightIdentifier = base.AnalysisContext.GetRootIdentifier(assignment.Right);
ISymbol rightSymbol = model.GetSymbolInfo(rightIdentifier).Symbol;
if (statement.Summary.DataFlowAnalysis.FlowsIntoSymbol(rightSymbol,
givenUpSymbol.ContainingSymbol, statement, givenUpSymbol.Statement))
{
var type = model.GetTypeInfo(assignment.Right).Type;
if (leftSymbol != null && leftSymbol.Kind == SymbolKind.Field &&
base.IsFieldAccessedInSuccessor(leftSymbol as IFieldSymbol, statement.Summary, machine) &&
!base.AnalysisContext.IsTypePassedByValueOrImmutable(type))
{
TraceInfo newTrace = new TraceInfo();
newTrace.Merge(trace);
newTrace.AddErrorTrace(statement.SyntaxNode);
AnalysisErrorReporter.ReportGivenUpOwnershipFieldAssignment(newTrace, leftSymbol);
}
return;
}
}
else if (assignment.Right is MemberAccessExpressionSyntax)
{
this.AnalyzeOwnershipInExpression(givenUpSymbol, assignment.Right, statement,
machine, model, trace);
}
else if (assignment.Right is InvocationExpressionSyntax ||
assignment.Right is ObjectCreationExpressionSyntax)
{
trace.InsertCall(statement.Summary.Method, assignment.Right);
base.AnalyzeOwnershipInCall(givenUpSymbol, assignment.Right, statement,
machine, model, trace);
}
if (assignment.Left is MemberAccessExpressionSyntax)
{
ISymbol outerLeftMemberSymbol = model.GetSymbolInfo(assignment.Left).Symbol;
if (!outerLeftMemberSymbol.Equals(leftSymbol) &&
statement.Summary.DataFlowAnalysis.FlowsIntoSymbol(givenUpSymbol.ContainingSymbol,
leftSymbol, givenUpSymbol.Statement, statement))
{
TraceInfo newTrace = new TraceInfo();
newTrace.Merge(trace);
newTrace.AddErrorTrace(statement.SyntaxNode);
AnalysisErrorReporter.ReportGivenUpOwnershipAccess(newTrace);
}
}
}
/// <summary>
/// Analyzes the given-up ownership of fields in the expression.
/// </summary>
private void AnalyzeGivingUpFieldOwnership(GivenUpOwnershipSymbol givenUpSymbol, ISymbol symbol, Statement statement,
StateMachine machine, TraceInfo trace)
{
if (!statement.Summary.DataFlowAnalysis.FlowsIntoSymbol(symbol, givenUpSymbol.ContainingSymbol, statement, givenUpSymbol.Statement))
{
return;
}
if (symbol.Kind == SymbolKind.Field &&
this.IsFieldAccessedInSuccessor(symbol as IFieldSymbol, statement.Summary, machine))
{
TraceInfo newTrace = new TraceInfo();
newTrace.Merge(trace);
newTrace.AddErrorTrace(statement.SyntaxNode);
this.ErrorReporter.ReportGivenUpFieldOwnershipError(newTrace, symbol);
}
}
/// <summary>
/// Analyzes the ownership of the given-up symbol in the expression.
/// </summary>
private void AnalyzeOwnershipInExpression(GivenUpOwnershipSymbol givenUpSymbol, ExpressionSyntax expr,
Statement statement, SemanticModel model, TraceInfo trace)
{
if (expr is MemberAccessExpressionSyntax)
{
var identifier = AnalysisContext.GetRootIdentifier(expr);
ISymbol symbol = model.GetSymbolInfo(identifier).Symbol;
if (statement.Summary.DataFlowAnalysis.FlowsIntoSymbol(symbol, givenUpSymbol.ContainingSymbol,
statement, givenUpSymbol.Statement))
{
TraceInfo newTrace = new TraceInfo();
newTrace.Merge(trace);
newTrace.AddErrorTrace(statement.SyntaxNode);
this.ErrorReporter.ReportGivenUpOwnershipAccess(newTrace);
}
}
}
/// <summary>
/// Analyzes the ownership of the given-up symbol
/// in the candidate callee.
/// </summary>
/// <param name="givenUpSymbol">GivenUpOwnershipSymbol</param>
/// <param name="calleeSummary">MethodSummary</param>
/// <param name="call">ExpressionSyntax</param>
/// <param name="statement">Statement</param>
/// <param name="machine">StateMachine</param>
/// <param name="model">SemanticModel</param>
/// <param name="trace">TraceInfo</param>
protected override void AnalyzeOwnershipInCandidateCallee(GivenUpOwnershipSymbol givenUpSymbol,
MethodSummary calleeSummary, ExpressionSyntax call, Statement statement,
StateMachine machine, SemanticModel model, TraceInfo trace)
{
if (statement.Equals(givenUpSymbol.Statement) &&
!statement.ControlFlowNode.IsSuccessorOf(
givenUpSymbol.Statement.ControlFlowNode))
{
return;
}
var invocation = call as InvocationExpressionSyntax;
if (invocation != null)
{
this.AnalyzeOwnershipInExpression(givenUpSymbol, invocation.Expression, statement,
machine, model, trace);
}
ArgumentListSyntax argumentList = base.AnalysisContext.GetArgumentList(call);
if (argumentList != null)
{
for (int idx = 0; idx < argumentList.Arguments.Count; idx++)
{
var argType = model.GetTypeInfo(argumentList.Arguments[idx].Expression).Type;
if (base.AnalysisContext.IsTypePassedByValueOrImmutable(argType))
{
continue;
}
var argIdentifier = base.AnalysisContext.GetRootIdentifier(
argumentList.Arguments[idx].Expression);
ISymbol argSymbol = model.GetSymbolInfo(argIdentifier).Symbol;
if (statement.Summary.DataFlowAnalysis.FlowsIntoSymbol(argSymbol,
givenUpSymbol.ContainingSymbol, statement, givenUpSymbol.Statement))
{
if (calleeSummary.SideEffectsInfo.ParameterAccesses.ContainsKey(idx))
{
foreach (var access in calleeSummary.SideEffectsInfo.ParameterAccesses[idx])
{
TraceInfo newTrace = new TraceInfo();
newTrace.Merge(trace);
newTrace.AddErrorTrace(access.SyntaxNode);
AnalysisErrorReporter.ReportGivenUpOwnershipAccess(newTrace);
}
}
var fieldSymbols = calleeSummary.SideEffectsInfo.FieldFlowParamIndexes.Where(
v => v.Value.Contains(idx)).Select(v => v.Key);
foreach (var fieldSymbol in fieldSymbols)
{
if (base.IsFieldAccessedInSuccessor(fieldSymbol, statement.Summary, machine))
{
AnalysisErrorReporter.ReportGivenUpOwnershipFieldAssignment(trace, fieldSymbol);
}
}
if (calleeSummary.SideEffectsInfo.GivesUpOwnershipParamIndexes.Contains(idx))
{
AnalysisErrorReporter.ReportGivenUpOwnershipSending(trace, argSymbol);
}
}
}
}
foreach (var fieldAccess in calleeSummary.SideEffectsInfo.FieldAccesses)
{
foreach (var access in fieldAccess.Value)
{
if (statement.Summary.DataFlowAnalysis.FlowsIntoSymbol(givenUpSymbol.ContainingSymbol,
fieldAccess.Key, givenUpSymbol.Statement, statement))
{
TraceInfo newTrace = new TraceInfo();
newTrace.Merge(trace);
newTrace.AddErrorTrace(access.SyntaxNode);
AnalysisErrorReporter.ReportGivenUpOwnershipFieldAccess(newTrace, fieldAccess.Key);
}
}
}
}
/// <summary>
/// Analyzes the ownership of the given-up symbol
/// in the call.
/// </summary>
/// <param name="givenUpSymbol">GivenUpOwnershipSymbol</param>
/// <param name="call">ExpressionSyntax</param>
/// <param name="statement">Statement</param>
/// <param name="machine">StateMachine</param>
/// <param name="model">SemanticModel</param>
/// <param name="trace">TraceInfo</param>
/// <returns>Set of return symbols</returns>
protected HashSet<ISymbol> AnalyzeOwnershipInCall(GivenUpOwnershipSymbol givenUpSymbol,
ExpressionSyntax call, Statement statement, StateMachine machine,
SemanticModel model, TraceInfo trace)
{
var potentialReturnSymbols = new HashSet<ISymbol>();
var invocation = call as InvocationExpressionSyntax;
var objCreation = call as ObjectCreationExpressionSyntax;
if ((invocation == null && objCreation == null))
{
return potentialReturnSymbols;
}
TraceInfo callTrace = new TraceInfo();
callTrace.Merge(trace);
callTrace.AddErrorTrace(call);
var callSymbol = model.GetSymbolInfo(call).Symbol;
if (callSymbol == null)
{
AnalysisErrorReporter.ReportExternalInvocation(callTrace);
return potentialReturnSymbols;
}
if (callSymbol.ContainingType.ToString().Equals("Microsoft.PSharp.Machine"))
{
this.AnalyzeOwnershipInGivesUpCall(givenUpSymbol, invocation,
statement, machine, model, callTrace);
return potentialReturnSymbols;
}
if (SymbolFinder.FindSourceDefinitionAsync(callSymbol,
this.AnalysisContext.Solution).Result == null)
{
AnalysisErrorReporter.ReportExternalInvocation(callTrace);
return potentialReturnSymbols;
}
var candidateSummaries = MethodSummary.GetCachedSummaries(callSymbol, statement);
foreach (var candidateSummary in candidateSummaries)
{
this.AnalyzeOwnershipInCandidateCallee(givenUpSymbol, candidateSummary,
call, statement, machine, model, callTrace);
if (invocation != null)
{
var resolvedReturnSymbols = candidateSummary.GetResolvedReturnSymbols(invocation, model);
foreach (var resolvedReturnSymbol in resolvedReturnSymbols)
{
potentialReturnSymbols.Add(resolvedReturnSymbol);
}
}
}
return potentialReturnSymbols;
}
/// <summary>
/// Analyzes the ownership of the given-up symbol
/// in the assignment expression.
/// </summary>
/// <param name="givenUpSymbol">GivenUpOwnershipSymbol</param>
/// <param name="assignment">AssignmentExpressionSyntax</param>
/// <param name="statement">Statement</param>
/// <param name="machine">StateMachine</param>
/// <param name="model">SemanticModel</param>
/// <param name="trace">TraceInfo</param>
protected override void AnalyzeOwnershipInAssignment(GivenUpOwnershipSymbol givenUpSymbol,
AssignmentExpressionSyntax assignment, Statement statement, StateMachine machine,
SemanticModel model, TraceInfo trace)
{
var leftIdentifier = base.AnalysisContext.GetRootIdentifier(assignment.Left);
ISymbol leftSymbol = model.GetSymbolInfo(leftIdentifier).Symbol;
if (assignment.Right is IdentifierNameSyntax)
{
var rightIdentifier = base.AnalysisContext.GetRootIdentifier(assignment.Right);
ISymbol rightSymbol = model.GetSymbolInfo(rightIdentifier).Symbol;
if (statement.Summary.DataFlowAnalysis.FlowsIntoSymbol(rightSymbol,
givenUpSymbol.ContainingSymbol, statement, givenUpSymbol.Statement))
{
var type = model.GetTypeInfo(assignment.Right).Type;
if (leftSymbol != null && leftSymbol.Kind == SymbolKind.Field &&
base.IsFieldAccessedInSuccessor(leftSymbol as IFieldSymbol, statement.Summary, machine) &&
!base.AnalysisContext.IsTypePassedByValueOrImmutable(type))
{
TraceInfo newTrace = new TraceInfo();
newTrace.Merge(trace);
newTrace.AddErrorTrace(statement.SyntaxNode);
AnalysisErrorReporter.ReportGivenUpOwnershipFieldAssignment(newTrace, leftSymbol);
}
return;
}
}
else if (assignment.Right is MemberAccessExpressionSyntax)
{
this.AnalyzeOwnershipInExpression(givenUpSymbol, assignment.Right, statement,
machine, model, trace);
}
else if (assignment.Right is InvocationExpressionSyntax ||
assignment.Right is ObjectCreationExpressionSyntax)
{
trace.InsertCall(statement.Summary.Method, assignment.Right);
base.AnalyzeOwnershipInCall(givenUpSymbol, assignment.Right, statement,
machine, model, trace);
}
if (assignment.Left is MemberAccessExpressionSyntax)
{
ISymbol outerLeftMemberSymbol = model.GetSymbolInfo(assignment.Left).Symbol;
if (!outerLeftMemberSymbol.Equals(leftSymbol) &&
statement.Summary.DataFlowAnalysis.FlowsIntoSymbol(givenUpSymbol.ContainingSymbol,
leftSymbol, givenUpSymbol.Statement, statement))
{
TraceInfo newTrace = new TraceInfo();
newTrace.Merge(trace);
newTrace.AddErrorTrace(statement.SyntaxNode);
AnalysisErrorReporter.ReportGivenUpOwnershipAccess(newTrace);
}
}
}
/// <summary>
/// Analyzes the ownership of the given-up symbol
/// in the expression.
/// </summary>
/// <param name="givenUpSymbol">GivenUpOwnershipSymbol</param>
/// <param name="expr">ExpressionSyntax</param>
/// <param name="statement">Statement</param>
/// <param name="machine">StateMachine</param>
/// <param name="model">SemanticModel</param>
/// <param name="trace">TraceInfo</param>
private void AnalyzeOwnershipInExpression(GivenUpOwnershipSymbol givenUpSymbol,
ExpressionSyntax expr, Statement statement, StateMachine machine,
SemanticModel model, TraceInfo trace)
{
if (expr is MemberAccessExpressionSyntax)
{
var identifier = base.AnalysisContext.GetRootIdentifier(expr);
ISymbol symbol = model.GetSymbolInfo(identifier).Symbol;
if (statement.Summary.DataFlowAnalysis.FlowsIntoSymbol(symbol,
givenUpSymbol.ContainingSymbol, statement, givenUpSymbol.Statement))
{
TraceInfo newTrace = new TraceInfo();
newTrace.Merge(trace);
newTrace.AddErrorTrace(statement.SyntaxNode);
AnalysisErrorReporter.ReportGivenUpOwnershipAccess(newTrace);
}
}
}
/// <summary>
/// Analyzes the ownership of the given-up symbol
/// in the candidate callee.
/// </summary>
/// <param name="givenUpSymbol">GivenUpOwnershipSymbol</param>
/// <param name="calleeSummary">MethodSummary</param>
/// <param name="call">ExpressionSyntax</param>
/// <param name="statement">Statement</param>
/// <param name="machine">StateMachine</param>
/// <param name="model">SemanticModel</param>
/// <param name="trace">TraceInfo</param>
protected override void AnalyzeOwnershipInCandidateCallee(GivenUpOwnershipSymbol givenUpSymbol,
MethodSummary calleeSummary, ExpressionSyntax call, Statement statement,
StateMachine machine, SemanticModel model, TraceInfo trace)
{
if (statement.Equals(givenUpSymbol.Statement) &&
!statement.ControlFlowNode.IsSuccessorOf(
givenUpSymbol.Statement.ControlFlowNode))
{
return;
}
var invocation = call as InvocationExpressionSyntax;
if (invocation != null)
{
this.AnalyzeOwnershipInExpression(givenUpSymbol, invocation.Expression, statement,
machine, model, trace);
}
ArgumentListSyntax argumentList = base.AnalysisContext.GetArgumentList(call);
if (argumentList != null)
{
for (int idx = 0; idx < argumentList.Arguments.Count; idx++)
{
var argType = model.GetTypeInfo(argumentList.Arguments[idx].Expression).Type;
if (base.AnalysisContext.IsTypePassedByValueOrImmutable(argType))
{
continue;
}
var argIdentifier = base.AnalysisContext.GetRootIdentifier(
argumentList.Arguments[idx].Expression);
ISymbol argSymbol = model.GetSymbolInfo(argIdentifier).Symbol;
if (statement.Summary.DataFlowAnalysis.FlowsIntoSymbol(argSymbol,
givenUpSymbol.ContainingSymbol, statement, givenUpSymbol.Statement))
{
if (calleeSummary.SideEffectsInfo.ParameterAccesses.ContainsKey(idx))
{
foreach (var access in calleeSummary.SideEffectsInfo.ParameterAccesses[idx])
{
TraceInfo newTrace = new TraceInfo();
newTrace.Merge(trace);
newTrace.AddErrorTrace(access.SyntaxNode);
AnalysisErrorReporter.ReportGivenUpOwnershipAccess(newTrace);
}
}
var fieldSymbols = calleeSummary.SideEffectsInfo.FieldFlowParamIndexes.Where(
v => v.Value.Contains(idx)).Select(v => v.Key);
foreach (var fieldSymbol in fieldSymbols)
{
if (base.IsFieldAccessedInSuccessor(fieldSymbol, statement.Summary, machine))
{
AnalysisErrorReporter.ReportGivenUpOwnershipFieldAssignment(trace, fieldSymbol);
}
}
if (calleeSummary.SideEffectsInfo.GivesUpOwnershipParamIndexes.Contains(idx))
{
AnalysisErrorReporter.ReportGivenUpOwnershipSending(trace, argSymbol);
}
}
}
}
foreach (var fieldAccess in calleeSummary.SideEffectsInfo.FieldAccesses)
{
foreach (var access in fieldAccess.Value)
{
if (statement.Summary.DataFlowAnalysis.FlowsIntoSymbol(givenUpSymbol.ContainingSymbol,
fieldAccess.Key, givenUpSymbol.Statement, statement))
{
TraceInfo newTrace = new TraceInfo();
newTrace.Merge(trace);
newTrace.AddErrorTrace(access.SyntaxNode);
AnalysisErrorReporter.ReportGivenUpOwnershipFieldAccess(newTrace, fieldAccess.Key);
}
}
}
}
/// <summary>
/// Analyzes the given-up ownership of fields in the expression.
/// </summary>
/// <param name="givenUpSymbol">GivenUpOwnershipSymbol</param>
/// <param name="symbol">Symbol</param>
/// <param name="statement">Statement</param>
/// <param name="machine">StateMachine</param>
/// <param name="trace">TraceInfo</param>
private void AnalyzeGivingUpFieldOwnership(GivenUpOwnershipSymbol givenUpSymbol,
ISymbol symbol, Statement statement, StateMachine machine, TraceInfo trace)
{
if (!statement.Summary.DataFlowAnalysis.FlowsIntoSymbol(symbol,
givenUpSymbol.ContainingSymbol, statement, givenUpSymbol.Statement))
{
return;
}
if (symbol.Kind == SymbolKind.Field &&
base.IsFieldAccessedInSuccessor(symbol as IFieldSymbol, statement.Summary, machine))
{
TraceInfo newTrace = new TraceInfo();
newTrace.Merge(trace);
newTrace.AddErrorTrace(statement.SyntaxNode);
AnalysisErrorReporter.ReportGivenUpFieldOwnershipError(newTrace, symbol);
}
}
