前往小程序,Get更优阅读体验!
立即前往
首页
学习
活动
专区
工具
TVP
发布
社区首页 >专栏 >使用 ControlFlag 扫描出 PHP 代码中的错误

使用 ControlFlag 扫描出 PHP 代码中的错误

作者头像
崔哥
发布2022-05-25 21:00:53
1K0
发布2022-05-25 21:00:53
举报
文章被收录于专栏:崔哥的专栏

ControlFlag是一个开源的、利用机器学习来发现任意代码库中的错误的项目,起初它专注于发现C/C++代码中的错误,但随着其新的V1.1版本的发布,开始支持发现PHP代码当中的错误。

安装

注意gcc和cmake的版本,太低不行1️⃣

代码语言:javascript
复制
#下载安装包
https://github.com/IntelLabs/control-flag/releases/tag/v1.1

cd control-flag-1.1
cmake .
make -j
make test

#创建日志目录
[root@nfsFileSystem control-flag-1.1]# mkdir log

扫描

扫描php

代码语言:javascript
复制
#准备一个错误的代码
vi /vagrant/php/test.php
<?php
if (x = 7) y = x;

if($a=!3) echo 22;

#扫描
[root@nfsFileSystem control-flag-1.1]# scripts/scan_for_anomalies.sh -d /vagrant/php -t /vagrant/php_controlflag_if_stmts.ts -o log -l 3
Training: start.
Trie L1 build took: 13.641s
Trie L2 build took: 16.266s
Training: complete.
Storing logs in log

#查看扫描结果
[vagrant@nfsFileSystem control-flag-1.1]$ grep "Potential anomaly" -C 5 log/thread_0.log 
[TID=139824646551296] Scanning File: /vagrant/php/test.php
Level:ONE Expression:(parenthesized_expression (binary_expression ("=") (variable_name (name))(unary_op_expression (integer)))) not found in training dataset: Source file: /vagrant/php/test.php:3:2:($a=!3)
Expression is Okay
Level:TWO Expression:(parenthesized_expression (assignment_expression left: (variable_name (name)) right: (unary_op_expression (integer)))) not found in training dataset: Source file: /vagrant/php/test.php:3:2:($a=!3)
Expression is Potential anomaly
Did you mean:(parenthesized_expression (assignment_expression left: (variable_name (name)) right: (unary_op_expression (integer)))) with editing cost:0 and occurrences: 0
Did you mean:(parenthesized_expression (binary_expression left: (variable_name (name)) right: (unary_op_expression (integer)))) with editing cost:2 and occurrences: 217
Did you mean:(parenthesized_expression (assignment_expression left: (variable_name (name)) right: (variable_name (name)))) with editing cost:2 and occurrences: 3

从扫描结果看,代码if($a=!3) echo 22;提示了Expression is Potential anomaly,也给出了几条它的猜测

相反,代码if (x = 7) y = x;就没扫出来问题,提示Expression is Okay

其实我私下扫过几个完整的 php 项目,也想了很多 php 的错误语法,令人失望的是基本都扫不出来,有些虽然提示了Expression is Potential anomaly,也基本是误报

简单总结:没什么用

扫描c

代码语言:javascript
复制
[root@nfsFileSystem control-flag-1.1]# scripts/scan_for_anomalies.sh -d /vagrant/code/ -t /vagrant/c_lang_if_stmts_6000_gitrepos_small.ts -o log
Training: start.
Trie L1 build took: 11.483s
Trie L2 build took: 6.254s
Training: complete.
Storing logs in log
Scan progress:2/2 ... in progress

问题

1️⃣ gcc版本太低(比如7.3.1)会报类似以下错误,我换8.3.1后正常

代码语言:javascript
复制
CMake Error in src/CMakeLists.txt:
  Target "cf_base" requires the language dialect "CXX17" , but CMake does not
  know the compile flags to use to enable it.
本文参与 腾讯云自媒体同步曝光计划,分享自作者个人站点/博客。
如有侵权请联系 cloudcommunity@tencent.com 删除

本文分享自 作者个人站点/博客 前往查看

如有侵权,请联系 cloudcommunity@tencent.com 删除。

本文参与 腾讯云自媒体同步曝光计划  ,欢迎热爱写作的你一起参与!

评论
登录后参与评论
0 条评论
热度
最新
推荐阅读
目录
  • 安装
  • 扫描
    • 扫描php
      • 扫描c
      • 问题
      领券
      问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档