Merge pull request #287 from calumgrant/cs/lock-order

hvitved · web-flow · commit 135271e9adc9 · 2018-10-22T14:11:20.000+02:00
C#: Improvements to cs/inconsistent-lock-sequence
diff --git a/change-notes/1.19/analysis-csharp.md b/change-notes/1.19/analysis-csharp.md
@@ -12,8 +12,8 @@
 
 ## Changes to existing queries
 
-| **Query**                  | **Expected impact**    | **Change**                                                       |
-|----------------------------|------------------------|------------------------------------------------------------------|
+| Inconsistent lock sequence (`cs/inconsistent-lock-sequence`) | More results | This query now finds inconsistent lock sequences globally across calls. |
+
 | *@name of query (Query ID)*| *Impact on results*    | *How/why the query has changed*                                  |
 
 
diff --git a/csharp/ql/src/Concurrency/LockOrder.qhelp b/csharp/ql/src/Concurrency/LockOrder.qhelp
@@ -17,10 +17,10 @@ variables in the same sequence.</p>
 <p>The following example shows a program running two threads, which deadlocks because <code>thread1</code> holds <code>lock1</code> and
 is waiting to acquire <code>lock2</code>, whilst <code>thread2</code> holds <code>lock2</code> and is waiting to acquire <code>lock1</code>.</p>
 
-<sample src="LockOrder.cs" />
+<sample src="LockOrderBad.cs" />
 
 <p>This problem is resolved by reordering the <code>lock</code> variables as shown below.</p>
-<sample src="LockOrderFix.cs" />
+<sample src="LockOrderGood.cs" />
 </example>
 
 <references>
diff --git a/csharp/ql/src/Concurrency/LockOrder.ql b/csharp/ql/src/Concurrency/LockOrder.ql
@@ -13,13 +13,50 @@
 
 import csharp
 
-from LockStmt l1, LockStmt l2, LockStmt l3, LockStmt l4, Variable v1, Variable v2
-where l1.getALockedStmt()=l2
-and l3.getALockedStmt()=l4
-and l1.getLockVariable()=v1
-and l2.getLockVariable()=v2
-and l3.getLockVariable()=v2
-and l4.getLockVariable()=v1
-and v1!=v2
-select l4, "Inconsistent lock sequence. The locks " + v1 + " and " + v2 + " are locked in a different sequence $@.",
-  l2, "here"
+/**
+ * Gets a call target conservatively only when there is
+ * one runtime target.
+ */
+Callable getCallTarget(Call c) {
+  count(c.getARuntimeTarget()) = 1 and
+  result = c.getARuntimeTarget()
+}
+
+/** Gets a lock statement reachable from a callable. */
+LockStmt getAReachableLockStmt(Callable callable) {
+  result.getEnclosingCallable() = callable
+  or
+  exists(Call call | call.getEnclosingCallable() = callable |
+    result = getAReachableLockStmt(getCallTarget(call))
+  )
+}
+
+/**
+ * Holds if there is nested pairs of lock statements, either
+ * inter-procedurally or intra-procedurally.
+ */
+predicate nestedLocks(Variable outerVariable, Variable innerVariable, LockStmt outer, LockStmt inner) {
+  outerVariable = outer.getLockVariable() and
+  innerVariable = inner.getLockVariable() and
+  outerVariable != innerVariable and (
+    inner = outer.getALockedStmt()
+    or
+    exists(Call call | call.getEnclosingStmt() = outer.getALockedStmt() |
+      inner = getAReachableLockStmt(getCallTarget(call))
+    ) and
+    outerVariable.(Modifiable).isStatic() and
+    innerVariable.(Modifiable).isStatic()
+  )
+}
+
+from LockStmt outer1, LockStmt inner1, LockStmt outer2, LockStmt inner2, Variable v1, Variable v2
+where
+  nestedLocks(v1, v2, outer1, inner1) and
+  nestedLocks(v2, v1, outer2, inner2) and
+  v1.getName() <= v2.getName()
+select v1, "Inconsistent lock sequence with $@. Lock sequences $@, $@ and $@, $@ found.",
+  v2, v2.getName(),
+  outer1, v1.getName(),
+  inner1, v2.getName(),
+  outer2, v2.getName(),
+  inner2, v1.getName()
diff --git a/csharp/ql/src/Concurrency/LockOrderBad.cs b/csharp/ql/src/Concurrency/LockOrderBad.cs
@@ -1,3 +1,6 @@
+using System;
+using System.Threading;
+
 class Deadlock
 {
     private readonly Object lock1 = new Object();
diff --git a/csharp/ql/src/Concurrency/LockOrderGood.cs b/csharp/ql/src/Concurrency/LockOrderGood.cs
@@ -1,3 +1,6 @@
+using System;
+using System.Threading;
+
 class DeadlockFixed
 {
     private readonly Object lock1 = new Object();
diff --git a/csharp/ql/test/query-tests/Concurrency/LockOrder/LockOrder.cs b/csharp/ql/test/query-tests/Concurrency/LockOrder/LockOrder.cs
@@ -1,18 +1,66 @@
 using System;
 
-class Foo
+class LocalTest
 {
+    // BAD: b is flagged.
     Object a, b, c;
 
-    void f()
-    {
-        lock (a) lock (b) { }
-        lock (b) lock (a) { }
-        lock (b) lock (a) { }
-        lock (a) lock (b) { }
-        lock (b) lock (c) { }
-        lock (c) lock (b) { }
-        lock (a) lock (a) { }
-        lock (a) lock (a) { }
+    void F()
+    {
+        lock (a) lock (b) lock(c) { }
+    }
+    
+    void G()
+    {
+        lock (a) lock (c) lock(b) { }
+    }  
+
+    void H()
+    {
+        lock (a) lock(c) { }
     }
 }
+
+class GlobalTest
+{
+    // BAD: b is flagged.
+    static Object a, b, c;
+
+    void F()
+    {
+        lock (a) G();
+    }
+    
+    void G()
+    {
+       lock (b) H();
+       lock (c) I();
+    }
+    
+    void H()
+    {
+        lock (c) { }
+    }
+    
+    void I()
+    {
+        lock (b) { }
+    }
+}
+
+class LambdaTest
+{
+    // BAD: a is flagged.
+    static Object a, b;
+    
+    void F()
+    {
+        Action lock_a = () => { lock(a) { } };
+        Action lock_b = () => { lock(b) { } };
+      
+        lock(a) lock_b();
+        lock(b) lock_a();
+    }
+}
+
+// semmle-extractor-options: /r:System.Runtime.Extensions.dll /r:System.Threading.dll /r:System.Threading.Thread.dll
diff --git a/csharp/ql/test/query-tests/Concurrency/LockOrder/LockOrder.expected b/csharp/ql/test/query-tests/Concurrency/LockOrder/LockOrder.expected
@@ -1,10 +1,4 @@
-| LockOrder.cs:9:18:9:29 | lock (...) {...} | Inconsistent lock sequence. The locks b and a are locked in a different sequence $@. | LockOrder.cs:10:18:10:29 | lock (...) {...} | here |
-| LockOrder.cs:9:18:9:29 | lock (...) {...} | Inconsistent lock sequence. The locks b and a are locked in a different sequence $@. | LockOrder.cs:11:18:11:29 | lock (...) {...} | here |
-| LockOrder.cs:10:18:10:29 | lock (...) {...} | Inconsistent lock sequence. The locks a and b are locked in a different sequence $@. | LockOrder.cs:9:18:9:29 | lock (...) {...} | here |
-| LockOrder.cs:10:18:10:29 | lock (...) {...} | Inconsistent lock sequence. The locks a and b are locked in a different sequence $@. | LockOrder.cs:12:18:12:29 | lock (...) {...} | here |
-| LockOrder.cs:11:18:11:29 | lock (...) {...} | Inconsistent lock sequence. The locks a and b are locked in a different sequence $@. | LockOrder.cs:9:18:9:29 | lock (...) {...} | here |
-| LockOrder.cs:11:18:11:29 | lock (...) {...} | Inconsistent lock sequence. The locks a and b are locked in a different sequence $@. | LockOrder.cs:12:18:12:29 | lock (...) {...} | here |
-| LockOrder.cs:12:18:12:29 | lock (...) {...} | Inconsistent lock sequence. The locks b and a are locked in a different sequence $@. | LockOrder.cs:10:18:10:29 | lock (...) {...} | here |
-| LockOrder.cs:12:18:12:29 | lock (...) {...} | Inconsistent lock sequence. The locks b and a are locked in a different sequence $@. | LockOrder.cs:11:18:11:29 | lock (...) {...} | here |
-| LockOrder.cs:13:18:13:29 | lock (...) {...} | Inconsistent lock sequence. The locks c and b are locked in a different sequence $@. | LockOrder.cs:14:18:14:29 | lock (...) {...} | here |
-| LockOrder.cs:14:18:14:29 | lock (...) {...} | Inconsistent lock sequence. The locks b and c are locked in a different sequence $@. | LockOrder.cs:13:18:13:29 | lock (...) {...} | here |
+| LockOrder.cs:6:15:6:15 | b | Inconsistent lock sequence with $@. Lock sequences $@, $@ and $@, $@ found. | LockOrder.cs:6:18:6:18 | c | c | LockOrder.cs:10:18:10:37 | lock (...) {...} | b | LockOrder.cs:10:27:10:37 | lock (...) {...} | c | LockOrder.cs:15:18:15:37 | lock (...) {...} | c | LockOrder.cs:15:27:15:37 | lock (...) {...} | b |
+| LockOrder.cs:27:22:27:22 | b | Inconsistent lock sequence with $@. Lock sequences $@, $@ and $@, $@ found. | LockOrder.cs:27:25:27:25 | c | c | LockOrder.cs:36:8:36:20 | lock (...) {...} | b | LockOrder.cs:42:9:42:20 | lock (...) {...} | c | LockOrder.cs:37:8:37:20 | lock (...) {...} | c | LockOrder.cs:47:9:47:20 | lock (...) {...} | b |
+| LockOrder.cs:54:19:54:19 | a | Inconsistent lock sequence with $@. Lock sequences $@, $@ and $@, $@ found. | LockOrder.cs:54:22:54:22 | b | b | LockOrder.cs:61:9:61:25 | lock (...) {...} | a | LockOrder.cs:59:33:59:43 | lock (...) {...} | b | LockOrder.cs:62:9:62:25 | lock (...) {...} | b | LockOrder.cs:58:33:58:43 | lock (...) {...} | a |
+| LockOrderBad.cs:6:29:6:33 | lock1 | Inconsistent lock sequence with $@. Lock sequences $@, $@ and $@, $@ found. | LockOrderBad.cs:7:29:7:33 | lock2 | lock2 | LockOrderBad.cs:11:9:19:9 | lock (...) {...} | lock1 | LockOrderBad.cs:16:13:18:13 | lock (...) {...} | lock2 | LockOrderBad.cs:24:9:32:9 | lock (...) {...} | lock2 | LockOrderBad.cs:29:13:31:13 | lock (...) {...} | lock1 |
diff --git a/csharp/ql/test/query-tests/Concurrency/LockOrder/LockOrderBad.cs b/csharp/ql/test/query-tests/Concurrency/LockOrder/LockOrderBad.cs
@@ -0,0 +1,34 @@
+using System;
+using System.Threading;
+
+class Deadlock
+{
+    private readonly Object lock1 = new Object();
+    private readonly Object lock2 = new Object();
+
+    public void thread1()
+    {
+        lock (lock1)
+        {
+            Console.Out.WriteLine("Thread 1 acquired lock1");
+            Thread.Sleep(10);
+            Console.Out.WriteLine("Thread 1 waiting on lock2");
+            lock (lock2)    // Deadlock here
+            {
+            }
+        }
+    }
+
+    public void thread2()
+    {
+        lock (lock2)
+        {
+            Console.Out.WriteLine("Thread 2 acquired lock2");
+            Thread.Sleep(10);
+            Console.Out.WriteLine("Thread 2 waiting on lock1");
+            lock (lock1)    // Deadlock here
+            {
+            }
+        }
+    }
+}
diff --git a/csharp/ql/test/query-tests/Concurrency/LockOrder/LockOrderGood.cs b/csharp/ql/test/query-tests/Concurrency/LockOrder/LockOrderGood.cs
@@ -0,0 +1,34 @@
+using System;
+using System.Threading;
+
+class DeadlockFixed
+{
+    private readonly Object lock1 = new Object();
+    private readonly Object lock2 = new Object();
+
+    public void thread1()
+    {
+        lock (lock1)
+        {
+            Console.Out.WriteLine("Thread 1 acquired lock1");
+            Thread.Sleep(10);
+            Console.Out.WriteLine("Thread 1 waiting on lock2");
+            lock (lock2)
+            {
+            }
+        }
+    }
+
+    public void thread2()
+    {
+        lock (lock1)    // Fixed
+        {
+            Console.Out.WriteLine("Thread 2 acquired lock1");
+            Thread.Sleep(10);
+            Console.Out.WriteLine("Thread 2 waiting on lock2");
+            lock (lock2)    // Fixed
+            {
+            }
+        }
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,6 @@`
	`1`	`+using System;`
	`2`	`+using System.Threading;`
	`3`	`+`
`1`	`4`	`class Deadlock`
`2`	`5`	`{`
`3`	`6`	`private readonly Object lock1 = new Object();`