diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md deleted file mode 100644 index 0f7ad8bf..00000000 --- a/CODE_OF_CONDUCT.md +++ /dev/null @@ -1,5 +0,0 @@ -# Code of Conduct - -Facebook has adopted a Code of Conduct that we expect project participants to adhere to. -Please read the [full text](https://code.fb.com/codeofconduct/) -so that you can understand what actions will and will not be tolerated. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index e4c43625..5b79eb17 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -30,20 +30,10 @@ We actively welcome your pull requests. 5. Make sure your code lints. 6. If you haven't already, complete the Contributor License Agreement ("CLA"). -## Contributor License Agreement ("CLA") -In order to accept your pull request, we need you to submit a CLA. You only need -to do this once to work on any of Facebook's open source projects. - -Complete your CLA here: - ## Issues We use GitHub issues to track public bugs. Please ensure your description is clear and has sufficient instructions to be able to reproduce the issue. -Facebook has a [bounty program](https://www.facebook.com/whitehat/) for the safe -disclosure of security bugs. In those cases, please go through the process -outlined on that page and do not file a public issue. - ## Coding Style We use the [Rust style guide](https://github.com/rust-lang-nursery/fmt-rfcs/blob/master/guide/guide.md) diff --git a/PULL_REQUEST_TEMPLATE.md b/PULL_REQUEST_TEMPLATE.md index afdc25f6..7e66b37f 100644 --- a/PULL_REQUEST_TEMPLATE.md +++ b/PULL_REQUEST_TEMPLATE.md @@ -22,5 +22,4 @@ Fixes # (issue) - [ ] If you've changed APIs, update the documentation. - [ ] Ensure the test suite passes. - [ ] Make sure your code lints. -- [ ] If you haven't already, complete your CLA here: diff --git a/README.md b/README.md index fc1ad7c1..356ec750 100644 --- a/README.md +++ b/README.md @@ -1,16 +1,8 @@ -# MIRAI [![codecov](https://codecov.io/gh/facebookexperimental/MIRAI/branch/main/graph/badge.svg?token=q4jzL09Ahl)](https://codecov.io/gh/facebookexperimental/MIRAI) [![deps.rs](https://deps.rs/repo/github/facebookexperimental/MIRAI/status.svg)](https://deps.rs/repo/github/facebookexperimental/MIRAI) +# MIRAI [![codecov](https://codecov.io/gh/endorlabs/MIRAI/branch/main/graph/badge.svg?token=q4jzL09Ahl)](https://codecov.io/gh/endorlabs/MIRAI) [![deps.rs](https://deps.rs/repo/github/endorlabs/MIRAI/status.svg)](https://deps.rs/repo/github/endorlabs/MIRAI) MIRAI is an abstract interpreter for the [Rust](https://www.rust-lang.org/) compiler's [mid-level intermediate representation](https://github.com/rust-lang/rfcs/blob/master/text/1211-mir.md) (MIR). It is intended to become a widely used static analysis tool for Rust. -## Request for Proposals - -The Web3 Foundation has an -[RFP](https://github.com/w3f/Grants-Program/blob/master/docs/RFPs/Open/Static-Analysis-for-Runtime-Pallets.md) -for extending MIRAI. If you are interested in making a proposal, feel free to do so and expect to count on support -with design reviews, coding and merging your contributions. Contact herman_venter@msn.com if you want to discuss this -further. - ## Who should use MIRAI MIRAI can be used as a linter that finds panics that may be unintentional or are not the best way to terminate a @@ -29,13 +21,13 @@ become security problems (denial of service, undefined behavior). ## How to use MIRAI You'll need to install MIRAI as described -[here](https://github.com/facebookexperimental/MIRAI/blob/main/documentation/InstallationGuide.md). +[here](https://github.com/endorlabs/MIRAI/blob/main/documentation/InstallationGuide.md). Then use `cargo mirai` to run MIRAI over your current package. This works much like `cargo check` but uses MIRAI rather than rustc to analyze the targets of your current package. `cargo mirai` does a top-down full-program path sensitive analysis of the -[entry points](https://github.com/facebookexperimental/MIRAI/blob/main/documentation/Overview.md#entry-points) of your +[entry points](https://github.com/endorlabs/MIRAI/blob/main/documentation/Overview.md#entry-points) of your package. To analyze test functions instead, use `cargo mirai --tests`. This will likely produce some warnings. Some of these will be real issues (true positives) that you'll fix by changing @@ -62,21 +54,21 @@ You can get some insight into the inner workings of MIRAI by setting the verbosi `warn`, `info`, `debug`, or `trace`, via the environment variable `MIRAI_LOG`. ## Developing MIRAI -See the [developer guide](https://github.com/facebookexperimental/MIRAI/blob/main/documentation//DeveloperGuide.md) +See the [developer guide](https://github.com/endorlabs/MIRAI/blob/main/documentation//DeveloperGuide.md) for instructions on how to build, run and debug MIRAI. ## Full documentation -* [Overview of project](https://github.com/facebookexperimental/MIRAI/blob/main/documentation/Overview.md). -* [Architecture](https://github.com/facebookexperimental/MIRAI/blob/main/documentation/Architecture.md). -* [Design discussions](https://github.com/facebookexperimental/MIRAI/blob/main/documentation/DesignDiscussions.md). -* [Further reading](https://github.com/facebookexperimental/MIRAI/blob/main/documentation/FurtherReading.md). +* [Overview of project](https://github.com/endorlabs/MIRAI/blob/main/documentation/Overview.md). +* [Architecture](https://github.com/endorlabs/MIRAI/blob/main/documentation/Architecture.md). +* [Design discussions](https://github.com/endorlabs/MIRAI/blob/main/documentation/DesignDiscussions.md). +* [Further reading](https://github.com/endorlabs/MIRAI/blob/main/documentation/FurtherReading.md). ## Join the MIRAI community -See the [CONTRIBUTING](https://github.com/facebookexperimental/MIRAI/blob/main/CONTRIBUTING.md) file for how to help out. +See the [CONTRIBUTING](https://github.com/endorlabs/MIRAI/blob/main/CONTRIBUTING.md) file for how to help out. ## License -MIRAI is MIT licensed, as found in the [LICENSE](https://github.com/facebookexperimental/MIRAI/blob/main/LICENSE) file. +MIRAI is MIT licensed, as found in the [LICENSE](https://github.com/endorlabs/MIRAI/blob/main/LICENSE) file. diff --git a/annotations/Cargo.toml b/annotations/Cargo.toml index a0e30d20..2fb3be84 100644 --- a/annotations/Cargo.toml +++ b/annotations/Cargo.toml @@ -4,7 +4,7 @@ name = "mirai-annotations" version = "1.12.1" authors = ["Herman Venter "] description = "Macros that provide source code annotations for MIRAI" -repository = "https://github.com/facebookexperimental/MIRAI" +repository = "https://github.com/endorlabs/MIRAI" readme = "README.md" license = "MIT" edition = "2021" diff --git a/annotations/README.md b/annotations/README.md index 0595e2ae..bd966293 100644 --- a/annotations/README.md +++ b/annotations/README.md @@ -1,7 +1,7 @@ # MIRAI Annotations This crate provides a set of macros that can be used in the place of the standard RUST assert and debug_assert macros. -They add value by allowing [MIRAI](https://github.com/facebookexperimental/MIRAI) to: +They add value by allowing [MIRAI](https://github.com/endorlabs/MIRAI) to: * distinguish between path conditions and verification conditions * distinguish between conditions that it should assume as true and conditions that it should verify * check conditions at compile time that should not be checked at runtime because they are too expensive diff --git a/checker/Cargo.toml b/checker/Cargo.toml index d9f18752..d325a739 100644 --- a/checker/Cargo.toml +++ b/checker/Cargo.toml @@ -4,7 +4,7 @@ name = "mirai" version = "1.1.9" authors = ["Herman Venter "] description = "A static analysis tool for Rust, based on Abstract Interpretation of MIR" -repository = "https://github.com/facebookexperimental/MIRAI" +repository = "https://github.com/endorlabs/MIRAI" readme = "../README.md" license = "MIT" edition = "2021" diff --git a/checker/src/abstract_value.rs b/checker/src/abstract_value.rs index ad20448c..98910ea9 100644 --- a/checker/src/abstract_value.rs +++ b/checker/src/abstract_value.rs @@ -29,7 +29,7 @@ use crate::path::{Path, PathEnum, PathSelector}; use crate::path::{PathRefinement, PathRoot}; use crate::tag_domain::{Tag, TagDomain}; -// See https://github.com/facebookexperimental/MIRAI/blob/main/documentation/AbstractValues.md. +// See https://github.com/endorlabs/MIRAI/blob/main/documentation/AbstractValues.md. /// Mirai is an abstract interpreter and thus produces abstract values. /// In general, an abstract value is a value that is not fully known. diff --git a/checker/src/options.rs b/checker/src/options.rs index 90323612..2277101c 100644 --- a/checker/src/options.rs +++ b/checker/src/options.rs @@ -56,7 +56,7 @@ fn make_options_parser(running_test_harness: bool) -> Command { .long("call_graph_config") .num_args(1) .help("Path call graph config.") - .long_help(r#"Path to a JSON file that configures call graph output. Please see the documentation for details (https://github.com/facebookexperimental/MIRAI/blob/main/documentation/CallGraph.md)."#)) + .long_help(r#"Path to a JSON file that configures call graph output. Please see the documentation for details (https://github.com/endorlabs/MIRAI/blob/main/documentation/CallGraph.md)."#)) .arg(Arg::new("print_function_names") .long("print_function_names") .num_args(0) diff --git a/documentation/Decisions.md b/documentation/Decisions.md index 112100e0..305c051b 100644 --- a/documentation/Decisions.md +++ b/documentation/Decisions.md @@ -196,7 +196,7 @@ trickier because of the dependency on a nightly build of the compiler. Not a good idea for such a complicated language, but this is pretty much what has been done for C++. #### Analyze the output of the rust compiler. For example LLVM bitcode. This is not a terrible idea, but see -[Why plug into the Rust compiler?](https://github.com/facebookexperimental/MIRAI/blob/main/documentation/WhyPlugIn.md). +[Why plug into the Rust compiler?](https://github.com/endorlabs/MIRAI/blob/main/documentation/WhyPlugIn.md). ## Use MIR The Mid-level Intermediate Representation is the last intermediate data structure produced by the rust compiler before @@ -221,7 +221,7 @@ more functions. ### Alternatives #### Use LLVM bitcode But see -[Why plug into the Rust compiler?](https://github.com/facebookexperimental/MIRAI/blob/main/documentation/WhyPlugIn.md). +[Why plug into the Rust compiler?](https://github.com/endorlabs/MIRAI/blob/main/documentation/WhyPlugIn.md). #### Lower MIR into a well-defined and stable LIR where operations are simple For example, the Common Intermediate Language of .NET. @@ -293,7 +293,7 @@ abstract domains. ## Symbolic expression domain The abstract domain used by default uses a symbolic expression as its representation. -See [Abstract Values](https://github.com/facebookexperimental/MIRAI/blob/main/documentation/AbstractValues.md). +See [Abstract Values](https://github.com/endorlabs/MIRAI/blob/main/documentation/AbstractValues.md). ### Positives The most precise way to specify which values an expression can result in is the expression itself. ### Negatives diff --git a/documentation/DesignDiscussions.md b/documentation/DesignDiscussions.md index ef2bcd01..8b144bb6 100644 --- a/documentation/DesignDiscussions.md +++ b/documentation/DesignDiscussions.md @@ -1,20 +1,20 @@ # Design Discussions -[Abstract Values](https://github.com/facebookexperimental/MIRAI/blob/main/documentation/AbstractValues.md) +[Abstract Values](https://github.com/endorlabs/MIRAI/blob/main/documentation/AbstractValues.md) -[Caching](https://github.com/facebookexperimental/MIRAI/blob/main/documentation/Caching.md) +[Caching](https://github.com/endorlabs/MIRAI/blob/main/documentation/Caching.md) -[Incremental Analysis](https://github.com/facebookexperimental/MIRAI/blob/main/documentation/IncrementalAnalysis.md) +[Incremental Analysis](https://github.com/endorlabs/MIRAI/blob/main/documentation/IncrementalAnalysis.md) -[Parallelism](https://github.com/facebookexperimental/MIRAI/blob/main/documentation/Parallelism.md) +[Parallelism](https://github.com/endorlabs/MIRAI/blob/main/documentation/Parallelism.md) -[Why MIR?](https://github.com/facebookexperimental/MIRAI/blob/main/documentation/WhyMir.md) +[Why MIR?](https://github.com/endorlabs/MIRAI/blob/main/documentation/WhyMir.md) -[Why plug into the Rust compiler?](https://github.com/facebookexperimental/MIRAI/blob/main/documentation/WhyPlugIn.md) +[Why plug into the Rust compiler?](https://github.com/endorlabs/MIRAI/blob/main/documentation/WhyPlugIn.md) -[Why Rust?](https://github.com/facebookexperimental/MIRAI/blob/main/documentation/WhyRust.md) +[Why Rust?](https://github.com/endorlabs/MIRAI/blob/main/documentation/WhyRust.md) -[Why top down?](https://github.com/facebookexperimental/MIRAI/blob/main/documentation/WhyTopDown.md) +[Why top down?](https://github.com/endorlabs/MIRAI/blob/main/documentation/WhyTopDown.md) Devirtualization diff --git a/documentation/DeveloperGuide.md b/documentation/DeveloperGuide.md index 14791699..750b657d 100644 --- a/documentation/DeveloperGuide.md +++ b/documentation/DeveloperGuide.md @@ -1,7 +1,7 @@ # Developer Guide Install MIRAI following the instructions in the -[installation guide](https://github.com/facebookexperimental/MIRAI/blob/main/documentation/InstallationGuide.md). +[installation guide](https://github.com/endorlabs/MIRAI/blob/main/documentation/InstallationGuide.md). Also make sure that the correct version of rustc is installed, along with some optional components @@ -43,7 +43,7 @@ To run mirai on a crate, as if it were rustc, just set the `RUSTC_WRAPPER` envir When running `RUSTC_WRAPPER=~/mirai/target/debug/mirai cargo build` on a crate make sure to either: 1. Set Rust to use the same nightly as MIRAI in the crate's directory (via `rustup override`, or by linking to - MIRAI's [rust-toolchain](https://github.com/facebookexperimental/MIRAI/blob/main/rust-toolchain) file). + MIRAI's [rust-toolchain](https://github.com/endorlabs/MIRAI/blob/main/rust-toolchain) file). 2. Or set `DYLD_LIBRARY_PATH=/Users/$USER/.rustup/toolchains/nightly-YYYY-MM-DD-TA/lib/` before running `RUSTC_WRAPPER=mirai cargo build`. - (Be sure to fill `YYYY-MM-DD` with the correctly nightly date and to replace TA with the appropriate target @@ -171,7 +171,7 @@ into the JSON format needed by VSCode. Since Mirai makes use of a private and unstable API with sparse documentation, it can be very helpful to debug Mirai while seeing the actual rustc sources in the debugger. By default, this does not happen. To make it happen, see -[debugging](https://github.com/facebookexperimental/MIRAI/blob/main/documentation/DebuggingRustc.md) with Rustc sources. +[debugging](https://github.com/endorlabs/MIRAI/blob/main/documentation/DebuggingRustc.md) with Rustc sources. ## Testing diff --git a/documentation/IncrementalAnalysis.md b/documentation/IncrementalAnalysis.md index e6e56497..ade6511a 100644 --- a/documentation/IncrementalAnalysis.md +++ b/documentation/IncrementalAnalysis.md @@ -4,16 +4,16 @@ Ideally, Mirai should just become a regular part of the Rust Language Service (R are being edited. If this is to happen, Mirai should be fast, which is not something one typically associates with program verification -tools. Furthermore, as discussed [here]((https://github.com/facebookexperimental/MIRAI/blob/main/documentation/Parallelism.md)), +tools. Furthermore, as discussed [here]((https://github.com/endorlabs/MIRAI/blob/main/documentation/Parallelism.md)), parallelism is not going to help. -As discussed [here](https://github.com/facebookexperimental/MIRAI/blob/main/documentation/Caching.md), caching +As discussed [here](https://github.com/endorlabs/MIRAI/blob/main/documentation/Caching.md), caching function summaries helps to avoid some exponential behavior during analysis. Caching also helps make the analysis incremental, which is going to be the key to integrating MIRAI into the RLS. Even so, the analysis of even a single function body can become exponential when it contains many loops and/or makes many calls to functions that have large summaries. Imposing -[k-limits](https://github.com/facebookexperimental/MIRAI/blob/main/documentation/K-limits.md) helps to keep things +[k-limits](https://github.com/endorlabs/MIRAI/blob/main/documentation/K-limits.md) helps to keep things responsive, but at the cost of increasing the number of false negatives. It seems interesting to pursue more incrementalism in this case, possibly by retaining the environments computed for diff --git a/documentation/InstallationGuide.md b/documentation/InstallationGuide.md index e4525105..29761a51 100644 --- a/documentation/InstallationGuide.md +++ b/documentation/InstallationGuide.md @@ -15,7 +15,7 @@ Please ensure that all of the following dependencies are installed: The best way to install MIRAI into cargo is to clone the MIRAI repository: ```bash -git clone https://github.com/facebookexperimental/MIRAI.git +git clone https://github.com/endorlabs/MIRAI.git cd MIRAI ``` @@ -28,4 +28,4 @@ cargo install --locked --path ./checker ## Contributing to MIRAI If you want to help develop MIRAI see -the [developer guide](https://github.com/facebookexperimental/MIRAI/blob/main/documentation/DeveloperGuide.md) +the [developer guide](https://github.com/endorlabs/MIRAI/blob/main/documentation/DeveloperGuide.md) diff --git a/documentation/Overview.md b/documentation/Overview.md index 6a30bf12..e8828932 100644 --- a/documentation/Overview.md +++ b/documentation/Overview.md @@ -50,7 +50,7 @@ investigated and fixed as appropriate. There are currently no plans for a v2. ## How to use MIRAI -You'll need to build and install MIRAI as described [here](https://github.com/facebookexperimental/MIRAI#using-mirai). +You'll need to build and install MIRAI as described [here](https://github.com/endorlabs/MIRAI#using-mirai). That done, just run `cargo mirai` in the root directory of your project. When run this way, MIRAI, will statically analyze all the code reachable from entry @@ -184,7 +184,7 @@ is missing or the good tag is present. To prevent intermediate code from accidentally adding "good" tags, this can be made a privileged operation by making the tag constructor private. -More details and examples can be found [here](https://github.com/facebookexperimental/MIRAI/blob/main/documentation/TagAnalysis.md). +More details and examples can be found [here](https://github.com/endorlabs/MIRAI/blob/main/documentation/TagAnalysis.md). ## Constant time analysis @@ -316,7 +316,7 @@ thus never trigger the path with the unresolvable call. The approached used to deal with to these hard problems is to infer preconditions that preclude the unresolvable calls from being reached, as already discussed -[above](https://github.com/facebookexperimental/MIRAI/blob/main/documentation/Overview.md#incomplete-analysis). +[above](https://github.com/endorlabs/MIRAI/blob/main/documentation/Overview.md#incomplete-analysis). ## Foreign functions @@ -327,7 +327,7 @@ written in languages other than Rust, or just calls to Rust standard library fun These functions need to have some kind of "model" that can be summarized and used in the analysis when calls to them are encountered. Models for many of the standard library foreign functions are included with the MIRAI sources and -can be found [here](https://github.com/facebookexperimental/MIRAI/blob/main/standard_contracts/src/foreign_contracts.rs). +can be found [here](https://github.com/endorlabs/MIRAI/blob/main/standard_contracts/src/foreign_contracts.rs). Most of these are uninteresting because they have no preconditions and their results are inputs to the program and must thus be treated as fully unknown by the analysis. Others are just trivial re-implementations of the library functions. diff --git a/documentation/Parallelism.md b/documentation/Parallelism.md index dc4983e7..6f8a8c8d 100644 --- a/documentation/Parallelism.md +++ b/documentation/Parallelism.md @@ -16,5 +16,5 @@ analysis of pathological functions that are widely used will quickly cause other duplicate work. Pursuing this at the moment does not seem to be the best use of resources. Future work should probably concentrate on -[incremental analysis](https://github.com/facebookexperimental/MIRAI/blob/main/documentation/IncrementalAnalysis.md). +[incremental analysis](https://github.com/endorlabs/MIRAI/blob/main/documentation/IncrementalAnalysis.md). diff --git a/documentation/WhyMir.md b/documentation/WhyMir.md index 997b17a4..242c07fd 100644 --- a/documentation/WhyMir.md +++ b/documentation/WhyMir.md @@ -11,9 +11,9 @@ the [High-Level Intermediate Representation](https://rustc-dev-guide.rust-lang.o All of these approaches would require some form of lowering in order to perform an analysis of the execution of the project of interest. This would provide flexibility and more control, but it also involves a substantial amount of largely duplicated work -([see also](https://github.com/facebookexperimental/MIRAI/blob/main/documentation/WhyPlugIn.md)). +([see also](https://github.com/endorlabs/MIRAI/blob/main/documentation/WhyPlugIn.md)). There is another consideration: Unlike the AST, HIR and THIR, MIR is serialized into the compiler output for dependencies. Since MIRAI does a top-down analysis -([see also](https://github.com/facebookexperimental/MIRAI/blob/main/documentation/WhyTopDown.md)), the convenience +([see also](https://github.com/endorlabs/MIRAI/blob/main/documentation/WhyTopDown.md)), the convenience and performance benefit of not re-compiling every dependency, are factors of overriding importance. \ No newline at end of file diff --git a/standard_contracts/Cargo.toml b/standard_contracts/Cargo.toml index 0335b130..771a0119 100644 --- a/standard_contracts/Cargo.toml +++ b/standard_contracts/Cargo.toml @@ -4,7 +4,7 @@ name = "mirai-standard-contracts" version = "0.0.1" authors = ["Herman Venter "] description = "Specifications of standard library functions for MIRAI" -repository = "https://github.com/facebookexperimental/MIRAI" +repository = "https://github.com/endorlabs/MIRAI" readme = "README.md" license = "MIT" edition = "2021"