Is it possible to write symbolic execution rules outside of sonar's package?

cjenr · June 17, 2021, 4:06pm

I’m attempting to write some custom symbolic execution rules using java-symbolic-execution and following the structure from java-custom-rules-example, but I’m running into some issues.

I copied the java-custom-rules-example module, but replaced all the rules with only LocksNotUnlockedCheck. At first, this worked fine (i.e., all the tests passed). However, when I tried to move the package name to one outside of org.sonar, my tests started failing.

At first I thought this was because I couldn’t use SECheckVerifier outside of org.sonar, or because I had to add a getProgramState method to PostStatementVisitor as programState is protected in the superclass. However, I made these changes to a package in the org.sonar namespace and the tests still passed.

I’ve created a GitHub repository with these findings: the “inside” folder shows the rule passing tests while living inside the org.sonar package, while “outside” shows them failing when living outside org.sonar. The code in both folders is exactly the same besides the package.

So my question is: am I doing something incorrectly here, or is it not possible to write SE rules outside of org.sonar?

cjenr · June 24, 2021, 4:52am

After some eye meltingly long debugging I’ve found the issue:

it comes down to NON_DISPOSABLE_CONSTRAINTS in ProgramState.java. Those constraints do not get thrown away, but (almost) all others do. So, the constraints that I’m making just get completely ignored by the symbolic execution engine

So, at the moment (and to the best of my knowledge), it’s impossible to write symbolic execution rules along the lines of LocksNotUnlockedCheck, for example to check locks that don’t implement the built in java interface. Or at least, it’s impossible to implement them as plugins.

Are there any plans to allow us to mark Constraints as non disposable? Or is there some other way to get around this limitation?

Margarita_Nedzelska · June 24, 2021, 7:51am

Hello @cjenr

You are right, currently it’s not possible to write custom rules using symbolic execution engine. And as far as I know, there is no such plans to allow it in the nearest future.

Kind regards,
Margarita

system · July 1, 2021, 7:52am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.