[Savonet-users] Some FFI bugs

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hello,

I am currently researching methods for applying static analysis to
software projects which use multiple languages.  As part of this
effort, I am writing a tool which does type inference across foreign
function calls in order to detect bugs in programs which use the
OCaml/C foreign function interface.  While the tool isn't quite ready
for release yet(soon i hope!), I have already found some bugs in
several programs which I have run it on.  I haven't run it on all of
the programs on your web page, just the ssl and vorbis libraries(I
actually just picked things at random from the OCaml Humps page) and
wanted to let you know about the bugs I found in it.  For the
ocaml-vorbis library, I found just one small bug:

In file vorbis_stubs.c, function copy_buffer:120:
 CAMLparam/local was used but there is no CAMLreturn on this branch

For the ssl library, my tool reported 4 errors and 2 warnings.  The
errors are:

In file ssl_stubs.c, function ocaml_ssl_connect:216:
 Int_val instead of Val_int (or vice versa)

In file ssl_stubs.c, function ocaml_ssl_write:228:
 While checking the sig of caml_raise_with_arg
 while looking at param (((long)err<<1)+1),
 Int_val instead of Val_int (or vice versa)

In file ssl_stubs.c, function ocaml_ssl_read:240:
 While checking the sig of caml_raise_with_arg
 while looking at param (((long)err<<1)+1),
 Int_val instead of Val_int (or vice versa)

In file ssl_stubs.c, function ocaml_ssl_accept:251:
 While checking the sig of Int_val
 Int_val instead of Val_int (or vice versa)

The two warnings are about functions omitting a parameter of type
'unit'.  Recall that OCaml represents "unit" as the value Val_int(0),
so when a function is called with an argument of type "unit", a value
will be placed on the C stack, even though it is rather useless.
Although omitting this argument won't cause any ill effects, it is a
type error(C and Ocaml will view the stack with different sizes) and I
feel it should be fixed for "Good Practice".

In file ssl_stubs.c, function ocaml_ssl_create_client_context:67:
 arity mismatch.  Expecting a function with sig:
  unit
 but got instead:
  <empty>

In file ssl_stubs.c, function ocaml_ssl_init:171:
 arity mismatch.  Expecting a function with sig:
  unit
 but got instead:
  <empty>

I hope you find this bug report useful.  If you are interested in
reading about how the tool works, I have released a technical report
describing the technique and it is available from my web page[1].
Also, if you have any suggestions as to how a static analysis tool
might further help you develop multi-lingual software more
efficiently, I would love to hear about it.

Cheers,
-Mike

1 - http://www.cs.umd.edu/~furr/