search

microsoft / infersharp

Infer# is an interprocedural and scalable static code analyzer for C#. Via the capabilities of Facebook's Infer, this tool detects null dereferences, resource leaks, and thread-safety violations. It also performs taint flow tracking to detect critical security vulnerabilities like SQL injections.
MIT License
735 stars 29 forks source link

InferSharp 1.41 Crashes Visual Studio Pro 2022 17.4.4 #209

Open kabua opened 1 year ago

kabua commented 1 year ago

I have VS Pro 2022 and have installed the infersharp 1.41 managed extension.

If I click Tools > Infer# Analysis, my mouse cursor shows a spinning arrow for a few seconds, VS is unresponsive for 5-10 seconds, and then Visual Studio crashes! Visual Studio then restarts with the following message:

A previous session ended unexpectedly. Disabling the extension InferSharp 1.41 might help.

From a dos cmd prompt, I tried running this command:

wget https://github.com/microsoft/infersharp/releases/download/v1.4/infersharp-wsl-distro-v1.4.tar.gz && wsl --import infersharp1.4 C:\wslDistroStorage\infersharp1.4 infersharp-wsl-distro-v1.4.tar.gz && rm infersharp-wsl-distro-v1.4.tar.gz

from here step 1

However, wget return this error:

image

Therefore, I used Chrome to download the file manually. Then I ran the rest of the command line:

image

which also failed.

I have WSL2 installed, and working (I believe):

image

And still, InferSharp crashes Visual Studio.

I have also looked at issue #184, which didn't seem to help much.

What log files (and where would I find them) I can review and/or upload?

kabua commented 1 year ago

I just tried the same thing on my home computer and I was able to get to this screen

image

Therefore, what is the extension trying to do between clicking on the command and question dialog which is causing VS to crash?

xinshiMSFT commented 1 year ago

It looks like WSL is enabled on your machine, but somehow it still claims that rm and wget are not recognized. If WSL is properly enabled, they should be recognized. After clicking on the menu item, we do a ls command check to determine if you have the correct version of the distro installed. It may have caused the crash because some commands are not recognized. Can you try uninstall and reenable WSL, and restart your machine?

To answer your second question - After you click yes on the dialog, the extension is trying to download the Infer# WSL distro (assuming you have WSL enabled) and configures everything necessary to run Infer#.

kabua commented 1 year ago

Okay, I have:

  1. unregistered all flavors of Linux.
  2. uninstall WSL
  3. rebooted
  4. ran wsl --install
  5. it ran and installed Ubuntu
  6. I rebooted
  7. Ensured that there was no local copy of wget on my system.
  8. started Ubuntu, and verified that wget worked by trying to download wget https://github.com/microsoft/infersharp/releases/download/v1.4/infersharp-wsl-distro-v1.4.tar.gz
  9. It started downloading, so I killed it.
  10. Started VS and clicked on the button; same results as stated above. After ~90 seconds VS crashed.

Note: from the Windows CMD, wget is not recognized, only from the Ubuntu prompt. The path \\wsl$\Ubuntu is also valid.

Now what? What other URLs are you trying to hit, or what ports are you trying to access? We lock down access to most websites.

matjin commented 1 year ago

The only thing that the extension should be trying to do in the setup phase is install and set up the Infer# custom distro you see at the link. If you terminate the download, setup will not be able to proceed, as the extension relies on the custom distro.

If this poses security issues, you can manually build Infer# from source and Infer from source -- the custom distro is for helping you circumvent this hassle and also control the release version. If it works with your scenario, you can also download/verify and manually install the distro at the link yourself. The extension will then be able to proceed with the analysis; it's been stuck on the download step because the download and installation is a prerequisite for the extension being able to run the analysis.

matjin commented 1 year ago

If it's OK with the security issues, you can also try our Docker: https://github.com/microsoft/infersharp/blob/main/RUNNING_IN_DOCKER.md

The dockerfile is here: https://github.com/microsoft/infersharp/blob/main/Dockerfile

You can see all items being downloaded/libraries being installed as dependencies of the project there. Let me know what the limitations are and I can try to recommend the best approach to get this working for you

kabua commented 1 year ago

I got this

docker pull mcr.microsoft.com/infersharp:v1.4
docker run -it mcr.microsoft.com/infersharp:v1.4
./run_infersharp.sh Examples

working but not this

docker run -v c:\mytestproject\bin\debug\net48:/infersharp/binary_path --rm mcr.microsoft.com/infersharp:v1.4 /bin/bash -c "./run_infersharp.sh binary_path; cp infer-out/report.txt /infersharp/binary_path/report.txt"

output

Processing {binary_path}
Copying binaries to a staging folder...

Code translation started...
Translation stage 1/3: Loading binaries.
Translation stage 2/3: Computing type environment.
Translation stage 3/3: Computing control-flow graph.

Coverage Statistics:

Method successfully translated: 0 (-2147483648%)
Method partially translated: 0 (-2147483648%)
Instructions translated: 0 (-2147483648%)
Instructions skipped: 0 (-2147483648%)
======================================

Code translation completed. Analyzing...

Capturing using JSON mode...
Nothing to compile. Try cleaning the build first.
There was nothing to analyze.

  No issues found

Now what?

kabua commented 1 year ago

Where can I find the VSIX source code to the InferSharp extension so that I can debug it?

kabua commented 1 year ago

I've looked at this issue #151 and created a new Console App (.net 4.8) at C:\Sandbox\DotNet\ConsoleApp1. The bin directory is C:\Sandbox\DotNet\ConsoleApp1\ConsoleApp1\bin\Debug; and it still crashes VS.

I even logon to the machine as a new test user, run through all the steps and it still crashes VS.

matjin commented 1 year ago

I got this

docker pull mcr.microsoft.com/infersharp:v1.4
docker run -it mcr.microsoft.com/infersharp:v1.4
./run_infersharp.sh Examples

working but not this

docker run -v c:\mytestproject\bin\debug\net48:/infersharp/binary_path --rm mcr.microsoft.com/infersharp:v1.4 /bin/bash -c "./run_infersharp.sh binary_path; cp infer-out/report.txt /infersharp/binary_path/report.txt"

output

Processing {binary_path}
Copying binaries to a staging folder...

Code translation started...
Translation stage 1/3: Loading binaries.
Translation stage 2/3: Computing type environment.
Translation stage 3/3: Computing control-flow graph.

Coverage Statistics:

Method successfully translated: 0 (-2147483648%)
Method partially translated: 0 (-2147483648%)
Instructions translated: 0 (-2147483648%)
Instructions skipped: 0 (-2147483648%)
======================================

Code translation completed. Analyzing...

Capturing using JSON mode...
Nothing to compile. Try cleaning the build first.
There was nothing to analyze.

  No issues found

Now what?

This issue occurs when Infer# does not find compatible dll/pdb pairs. Can you please confirm that you have the output of a Debug build (meaning the dll/pdbs are both present in the input directory)?

matjin commented 1 year ago

Where can I find the VSIX source code to the InferSharp extension so that I can debug it?

We don't have it out on the open web, but essentially it works like this:

1) Check that the infersharp wsl distro is correctly installed and setup with a command "wsl ~ -d infersharp1.4". If the command fails, then we need to attempt setup (the wget thing you see above, and then you just set it up via wsl --import infersharp1.4

2) If the command succeeds, attempt to execute the analysis, which just uses our run_infersharp.sh script. You can see all of the individual commands and comments on what they're trying to accomplish: https://github.com/microsoft/infersharp/blob/main/run_infersharp.sh

The important stuff is here, where we invoke the actual infersharp translation (renders the C# binaries in a way that Infer can understand):

https://github.com/microsoft/infersharp/blob/2a604a4ed3e493e2ce5dfa1085bbe5aac78f7953/run_infersharp.sh#L58

and then this line runs the infer analysis:

https://github.com/microsoft/infersharp/blob/2a604a4ed3e493e2ce5dfa1085bbe5aac78f7953/run_infersharp.sh#L60

matjin commented 1 year ago

I've looked at this issue #151 and created a new Console App (.net 4.8) at C:\Sandbox\DotNet\ConsoleApp1. The bin directory is C:\Sandbox\DotNet\ConsoleApp1\ConsoleApp1\bin\Debug; and it still crashes VS.

I even logon to the machine as a new test user, run through all the steps and it still crashes VS.

The VS extension isn't doing anything fancy; it's essentially a UI wrapper around WSL. To isolate the issue, can you try to run the analysis directly in the WSL container? Directions here: https://github.com/microsoft/infersharp/blob/main/RUNNING_INFERSHARP_ON_WINDOWS.md

kabua commented 1 year ago

For my second larger test, No. I didn't copy the pdbs only the DLLs. Let me try that. This worked thanks.

Will this not work for Exec then?

I have read these https://github.com/microsoft/infersharp/blob/main/RUNNING_INFERSHARP_ON_WINDOWS.md instructions several times. But this line doesn't work for several reasons.

wget https://github.com/microsoft/infersharp/releases/download/v1.4/infersharp-wsl-distro-v1.4.tar.gz && wsl --import infersharp1.4 C:\wslDistroStorage\infersharp1.4 infersharp-wsl-distro-v1.4.tar.gz && rm infersharp-wsl-distro-v1.4.tar.gz

If I run this from a DOS command, DOS states it can't find wget as this is a Lynix command. If I run this from Ubuntu it complains that wsl isn't found since it is a Windows command.

If I add wsl wget ... then parts 1 and 2 run but not the rm command as it is not a Windows command.

Is it possible that you are not running from a clean Windows 10 Pro machine? Perhaps you have something like msys64 installed.

matjin commented 1 year ago

No, I didn't copy the pdbs only the DLLs. Let me try that.

Will this not work for Exec then?

I have read these https://github.com/microsoft/infersharp/blob/main/RUNNING_INFERSHARP_ON_WINDOWS.md instructions several times. But this line doesn't work for several reasons.

wget https://github.com/microsoft/infersharp/releases/download/v1.4/infersharp-wsl-distro-v1.4.tar.gz && wsl --import infersharp1.4 C:\wslDistroStorage\infersharp1.4 infersharp-wsl-distro-v1.4.tar.gz && rm infersharp-wsl-distro-v1.4.tar.gz

If I run this from a DOS command, DOS states it can't find wget as this is a Lynix command. If I run this from Ubuntu it complains that wsl isn't found since it is a Windows command.

If I add wsl wget ... then parts 1 and 2 run but not the rm command as it is not a Windows command.

Is it possible that you are not running from a clean Windows 10 Pro machine? Perhaps you have something like msys64 installed.

We need debug information. Without it, we would still be able to identify bugs but would lack valuable information for users to locate them, like line numbers.

You're right per the wget comment -- thank you, we will fix that shortly. The wget command should work in Windows PowerShell, not Windows Command Prompt. Please give that a try instead.

kabua commented 1 year ago

I'm trying to use this tool on a N-Layered Framework. Which means I have several projects in my solutions. Therefore, how do you handle multiple projects? If it can't, then what is the process of selecting it? Do you use the "Startup Project" or the currently hilited one?

It doesn't matter; it still crashed VS. :(

matjin commented 1 year ago

Did WSL work with you after downloading/installing the Infer# custom distro?

The path you provide should be the root directory of the projects you want to scan. Infer# then scans through the tree rooted at that path for all DLL/PDB pairs and creates the CFG from them. If you have several projects, just give it the path that contains all of them.