[annot] Support Erlang

Summary: Add support for Erlang. Wait -- Erlang doesn't have annotations. That's right. But annotation reachability also supports regexps to model methods as if they were annotated, so we can use this checker for callgraph reachability in general. Reviewed By: mmarescotti Differential Revision: D65213665 fbshipit-source-id: 4d7d97b982182d9831a6069edcd682f41452ddbb
facebook · Oct 30, 2024 · 8566303 · 8566303
1 parent 249de1f
commit 8566303
Show file tree

Hide file tree

Showing 10 changed files with 100 additions and 18 deletions.
diff --git a/infer/man/man1/infer-analyze.txt b/infer/man/man1/infer-analyze.txt
@@ -17,8 +17,10 @@ OPTIONS
            indirectly, another method annotated with `@B`. Besides the custom
            pairs, it is also possible to enable some built-in checks, such as
            `@PerformanceCritical` reaching `@Expensive` or `@NoAllocation`
-           reaching `new`. See flags starting with
-           `--annotation-reachability`. (Conversely:
+           reaching `new`. It is also possible to model methods as if they
+           were annotated, using regular expressions. This should also work
+           in languages where there are no annotations. See flags starting
+           with `--annotation-reachability`. (Conversely:
            --no-annotation-reachability)
 
        --annotation-reachability-only

diff --git a/infer/man/man1/infer-full.txt b/infer/man/man1/infer-full.txt
@@ -65,8 +65,10 @@ OPTIONS
            indirectly, another method annotated with `@B`. Besides the custom
            pairs, it is also possible to enable some built-in checks, such as
            `@PerformanceCritical` reaching `@Expensive` or `@NoAllocation`
-           reaching `new`. See flags starting with
-           `--annotation-reachability`. (Conversely:
+           reaching `new`. It is also possible to model methods as if they
+           were annotated, using regular expressions. This should also work
+           in languages where there are no annotations. See flags starting
+           with `--annotation-reachability`. (Conversely:
            --no-annotation-reachability)
            See also infer-analyze(1).
 

diff --git a/infer/man/man1/infer.txt b/infer/man/man1/infer.txt
@@ -65,8 +65,10 @@ OPTIONS
            indirectly, another method annotated with `@B`. Besides the custom
            pairs, it is also possible to enable some built-in checks, such as
            `@PerformanceCritical` reaching `@Expensive` or `@NoAllocation`
-           reaching `new`. See flags starting with
-           `--annotation-reachability`. (Conversely:
+           reaching `new`. It is also possible to model methods as if they
+           were annotated, using regular expressions. This should also work
+           in languages where there are no annotations. See flags starting
+           with `--annotation-reachability`. (Conversely:
            --no-annotation-reachability)
            See also infer-analyze(1).
 

diff --git a/infer/src/backend/registerCheckers.ml b/infer/src/backend/registerCheckers.ml
@@ -202,7 +202,7 @@ let all_checkers =
         (let annot_reach =
            interprocedural Payloads.Fields.annot_map AnnotationReachability.checker
          in
-         [(annot_reach, Java); (annot_reach, Clang)] ) }
+         [(annot_reach, Erlang); (annot_reach, Java)] ) }
   ; { checker= ConfigImpactAnalysis
     ; callbacks=
         (let checker =

diff --git a/infer/src/base/Checker.ml b/infer/src/base/Checker.ml
@@ -84,13 +84,15 @@ let config_unsafe checker =
   | AnnotationReachability ->
       { id= "annotation-reachability"
       ; kind= UserFacing {title= "Annotation Reachability"; markdown_body= ""}
-      ; support= mk_support_func ~java:Support ()
+      ; support= mk_support_func ~erlang:Support ~java:Support ()
       ; short_documentation=
           "Given pairs of source and sink annotations, e.g. `@A` and `@B`, this checker will warn \
            whenever some method annotated with `@A` calls, directly or indirectly, another method \
            annotated with `@B`. Besides the custom pairs, it is also possible to enable some \
            built-in checks, such as `@PerformanceCritical` reaching `@Expensive` or \
-           `@NoAllocation` reaching `new`. See flags starting with `--annotation-reachability`."
+           `@NoAllocation` reaching `new`. It is also possible to model methods as if they were \
+           annotated, using regular expressions. This should also work in languages where there \
+           are no annotations. See flags starting with `--annotation-reachability`."
       ; cli_flags= Some {deprecated= []; show_in_help= true}
       ; enabled_by_default= false
       ; activates= [] }

diff --git a/infer/src/checkers/annotationReachability.ml b/infer/src/checkers/annotationReachability.ml
@@ -93,18 +93,24 @@ let parse_custom_models () =
 
 
 let check_attributes check tenv pname =
-  let proc_has_attribute = Annotations.pname_has_return_annot pname check in
-  let class_has_attribute =
-    ( if Config.annotation_reachability_apply_superclass_annotations then
-        PatternMatch.Java.check_class_attributes
-      else PatternMatch.Java.check_current_class_attributes )
-      check tenv pname
-  in
-  class_has_attribute || proc_has_attribute
+  match pname with
+  | Procname.Java _ ->
+      let proc_has_attribute = Annotations.pname_has_return_annot pname check in
+      let class_has_attribute =
+        ( if Config.annotation_reachability_apply_superclass_annotations then
+            PatternMatch.Java.check_class_attributes
+          else PatternMatch.Java.check_current_class_attributes )
+          check tenv pname
+      in
+      class_has_attribute || proc_has_attribute
+  | _ ->
+      false
 
 
 let check_modeled_annotation models annot pname =
-  let method_name = Procname.to_string ~verbosity:FullNameOnly pname in
+  let method_name =
+    Procname.to_string ~verbosity:(if Procname.is_erlang pname then Verbose else FullNameOnly) pname
+  in
   Option.exists (String.Map.find models annot.Annot.class_name) ~f:(fun methods ->
       List.exists methods ~f:(fun r -> Str.string_match r method_name 0) )
 

diff --git a/infer/tests/codetoanalyze/erlang/annotreach/.inferconfig b/infer/tests/codetoanalyze/erlang/annotreach/.inferconfig
@@ -0,0 +1,15 @@
+{
+  "annotation-reachability": true,
+  "annotation-reachability-custom-pairs": [
+    {
+      "sources": ["Source"],
+      "sinks": ["Sink"],
+      "sanitizers": ["Sanitizer"]
+    }
+  ],
+  "annotation-reachability-custom-models": {
+    "Source": [".*:.*source.*/0"],
+    "Sink": [".*:.*sink.*/0"],
+    "Sanitizer": [".*:.*sanitizer.*/0"]
+  }
+}
diff --git a/infer/tests/codetoanalyze/erlang/annotreach/Makefile b/infer/tests/codetoanalyze/erlang/annotreach/Makefile
@@ -0,0 +1,18 @@
+# Copyright (c) Facebook, Inc. and its affiliates.
+#
+# This source code is licensed under the MIT license found in the
+# LICENSE file in the root directory of this source tree.
+
+TESTS_DIR = ../../..
+
+INFER_OPTIONS = \
+  --annotation-reachability-only --debug-exceptions \
+  --project-root $(TESTS_DIR) --print-types
+
+INFERPRINT_OPTIONS = --issues-tests
+
+SOURCES = $(wildcard *.erl)
+
+include $(TESTS_DIR)/erlc.make
+
+infer-out/report.json: $(MAKEFILE_LIST)
diff --git a/infer/tests/codetoanalyze/erlang/annotreach/issues.exp b/infer/tests/codetoanalyze/erlang/annotreach/issues.exp
@@ -0,0 +1,2 @@
+codetoanalyze/erlang/annotreach/reach.erl, test_source2_Bad/0, 0, CHECKERS_ANNOTATION_REACHABILITY_ERROR, no_bucket, ERROR, [Method test_source2_Bad/0, marked as source @Source,calls sink/0,sink/0 defined here, marked as sink @Sink]
+codetoanalyze/erlang/annotreach/reach.erl, test_source4_Bad/0, 0, CHECKERS_ANNOTATION_REACHABILITY_ERROR, no_bucket, ERROR, [Method test_source4_Bad/0, marked as source @Source,calls not_sani_tizer/0,not_sani_tizer/0 defined here,calls sink/0,sink/0 defined here, marked as sink @Sink]
diff --git a/infer/tests/codetoanalyze/erlang/annotreach/reach.erl b/infer/tests/codetoanalyze/erlang/annotreach/reach.erl
@@ -0,0 +1,33 @@
+% Copyright (c) Facebook, Inc. and its affiliates.
+%
+% This source code is licensed under the MIT license found in the
+% LICENSE file in the root directory of this source tree.
+
+-module(reach).
+
+-export([
+    test_source1_Ok/0,
+    test_source2_Bad/0,
+    test_source3_Ok/0,
+    test_source4_Bad/0, test_source5_Ok/0
+]).
+
+sink() -> ok.
+
+not_si_nk() -> ok.
+
+not_sink_because_arity(X) -> X.
+
+sanitizer() -> sink().
+
+not_sani_tizer() -> sink().
+
+test_source1_Ok() -> not_si_nk().
+
+test_source2_Bad() -> sink().
+
+test_source3_Ok() -> sanitizer().
+
+test_source4_Bad() -> not_sani_tizer().
+
+test_source5_Ok() -> not_sink_because_arity(1).
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		codetoanalyze/erlang/annotreach/reach.erl, test_source2_Bad/0, 0, CHECKERS_ANNOTATION_REACHABILITY_ERROR, no_bucket, ERROR, [Method test_source2_Bad/0, marked as source @Source,calls sink/0,sink/0 defined here, marked as sink @Sink]
		codetoanalyze/erlang/annotreach/reach.erl, test_source4_Bad/0, 0, CHECKERS_ANNOTATION_REACHABILITY_ERROR, no_bucket, ERROR, [Method test_source4_Bad/0, marked as source @Source,calls not_sani_tizer/0,not_sani_tizer/0 defined here,calls sink/0,sink/0 defined here, marked as sink @Sink]