-
Notifications
You must be signed in to change notification settings - Fork 123
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Type inference #14
Type inference #14
Conversation
First of all: it already looks very nice! 👍 Some general issues:
|
Once again, let's switch now to BAP testing in this branch, this implies using Core 0.11.0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Another thing: there is not integration/acceptance test for type inference. Let's discuss whether to try dune for this as well or continue with pytest.
@@ -0,0 +1,14 @@ | |||
open Bap.Std |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was just wondering if we can wrap bap -d somehow and add the type information. This would be brilliant! Is this with little work possible?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As far as I can see, the -d option prints only terms, not attributes of terms. Also, it does not look like the output of -d is meant to be modified by plugins. So I suppose it would be easier to implement our own version of -d. This should not be too hard, but I would still wait with that until type inference is feature complete.
match mem_region with | ||
| [] -> new_node :: [] | ||
| head :: tail -> | ||
if head.pos + head.size <= pos then |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
extract a function from the begin end block (line 46 - 59). This would make the function more readable.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I couldn't think of a useful way to extract a function there. I added some comments to improve readability instead.
None | ||
else if head.pos = pos then | ||
match head.data with | ||
| Ok(x) -> Some(Ok(x, head.size)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see this Some(Ok()) wrapping all the time. Is that really idiomatic OCaml?
[@@deriving bin_io, compare, sexp] | ||
|
||
let merge reg1 reg2 = | ||
if reg1 = reg2 then Some(Ok(reg1)) else Some(Error(())) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This Some(Ok()) wrapping again.
end | ||
| _ -> None | ||
|
||
let parse_dyn_syms project = |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This function could be in module Symbol_utils
let line = ref (String.strip line) in | ||
let str_list = ref [] in | ||
while Option.is_some (String.rsplit2 !line ~on:' ') do | ||
let (left, right) = Option.value_exn (String.rsplit2 !line ~on:' ') in |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That is a general concern and should be applied to the whole pull request (!): there are many Option.value_exn. I think they are never caught when they blow up. To honor the type system, we should unpack them correctly.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, in this particular case I would like to keep the value_exn, since I checked in the previous line that it cannot throw an exception. There is a way of writing this without the value_exn using functional programming style, but I think this would be more verbose and less readable in this case.
let x = Mem_region.add x "Five" ~pos:(bv 3) ~size:(bv 5) in | ||
let x = Mem_region.add x "Seven" ~pos:(bv 9) ~size:(bv 7) in | ||
let x = Mem_region.add x "Three" ~pos:(bv 0) ~size:(bv 3) in | ||
check "add_ok" (Some(Ok("Five", bv 5)) = (Mem_region.get x (bv 3))); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some(Ok()) and Some(Error()), I am really not sure what to think about it. Yet I've never seen it in other OCaml projects.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See #14 (comment)
|
||
let test_remove () = | ||
let bv num = Bitvector.of_int num ~width:32 in | ||
let x = Mem_region.empty () in |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
these let x = look were tedious. Cann't you use the |> operator??
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I cannot use |> here, because x is not the last argument in the Mem_region.add calls. I could write an add_list function for Mem_region for nicer looking code. But I actually like the current version more, because this way it is very explicit in which order the elements get added.
This pull request is HUGE, let's start with the first couple of comments. I will do another iteration once they are fixed. |
One more thing: we should prefix EVERY plugin with cwe_checker, i.e. cwe_checker_type_inference for instance! |
And another thing: please adjust the Dockerfile to build everything (all the new plugins) for Travis CI! |
|
Regarding the
Unless you think we should define a new wrapper type for this I don't know a more idiomatic way. Regarding Codacy: Didn't we already fix that space problem in changes.md? Did codacy change its mind? |
TODO: Update readme for use of core 0.11 |
Contains pass that checks which registers hold pointers and which hold data other than pointers. Also tracks values on the stack. Stack access may get reworked when adding pointer target tracking, i.e. tracking to what heap object/function stack frame a pointer is pointing to.
Oh, also contains some unit tests. :-)