optirs_bench/security_auditor/

memory_safety.rs

// Memory safety analyzer for detecting memory-related vulnerabilities
//
// This module provides memory safety testing capabilities including
// buffer overflow detection, memory leak monitoring, and allocation pattern analysis.

use crate::error::Result;
use std::collections::{HashMap, VecDeque};
use std::time::{Duration, Instant};

use super::types::*;

/// Memory usage tracker
#[derive(Debug)]
pub struct MemoryUsageTracker {
    /// Current memory usage in bytes
    current_usage: usize,
    /// Peak memory usage in bytes
    peak_usage: usize,
    /// Memory usage history
    usage_history: VecDeque<MemorySnapshot>,
    /// Allocation tracking
    allocations: HashMap<String, AllocationInfo>,
}

/// Memory snapshot at a point in time
#[derive(Debug, Clone)]
pub struct MemorySnapshot {
    /// Timestamp of snapshot
    pub timestamp: Instant,
    /// Memory usage in bytes
    pub usage_bytes: usize,
    /// Number of active allocations
    pub allocation_count: usize,
}

/// Allocation information
#[derive(Debug, Clone)]
pub struct AllocationInfo {
    /// Size of allocation
    pub size: usize,
    /// Timestamp of allocation
    pub timestamp: Instant,
    /// Stack trace (if available)
    pub stack_trace: Option<String>,
}

/// Memory safety analyzer
#[derive(Debug)]
pub struct MemorySafetyAnalyzer {
    /// Memory safety tests
    test_cases: Vec<MemorySafetyTest>,
    /// Detected memory issues
    memory_issues: Vec<MemoryIssue>,
    /// Memory usage tracking
    memory_tracking: MemoryUsageTracker,
}

impl MemorySafetyAnalyzer {
    /// Create a new memory safety analyzer
    pub fn new() -> Self {
        Self {
            test_cases: Vec::new(),
            memory_issues: Vec::new(),
            memory_tracking: MemoryUsageTracker {
                current_usage: 0,
                peak_usage: 0,
                usage_history: VecDeque::new(),
                allocations: HashMap::new(),
            },
        }
    }

    /// Create analyzer with built-in memory tests
    pub fn with_builtin_tests() -> Self {
        let mut analyzer = Self::new();
        analyzer.register_memory_tests();
        analyzer
    }

    /// Register standard memory safety tests
    pub fn register_memory_tests(&mut self) {
        self.test_cases.clear();

        // Large array allocation test
        self.test_cases.push(MemorySafetyTest {
            name: "Large Array Allocation Test".to_string(),
            vulnerability_type: MemoryVulnerabilityType::MemoryLeak,
            scenario: MemoryTestScenario::LargeArrayAllocation,
        });

        // Rapid allocation test
        self.test_cases.push(MemorySafetyTest {
            name: "Rapid Allocation Test".to_string(),
            vulnerability_type: MemoryVulnerabilityType::MemoryLeak,
            scenario: MemoryTestScenario::RapidAllocation,
        });

        // Deep recursion test
        self.test_cases.push(MemorySafetyTest {
            name: "Deep Recursion Test".to_string(),
            vulnerability_type: MemoryVulnerabilityType::StackOverflow,
            scenario: MemoryTestScenario::DeepRecursion,
        });

        // Buffer overflow test
        self.test_cases.push(MemorySafetyTest {
            name: "Buffer Overflow Test".to_string(),
            vulnerability_type: MemoryVulnerabilityType::BufferOverflow,
            scenario: MemoryTestScenario::LargeArrayAllocation,
        });

        // Circular references test
        self.test_cases.push(MemorySafetyTest {
            name: "Circular References Test".to_string(),
            vulnerability_type: MemoryVulnerabilityType::MemoryLeak,
            scenario: MemoryTestScenario::CircularReferences,
        });
    }

    /// Run all memory safety tests
    pub fn run_all_tests(&mut self) -> Result<Vec<MemoryTestResult>> {
        self.memory_issues.clear();

        let mut results = Vec::new();

        for test in &self.test_cases.clone() {
            let result = self.execute_memory_test(test)?;
            results.push(result);
        }

        Ok(results)
    }

    /// Execute memory safety test
    fn execute_memory_test(&mut self, test: &MemorySafetyTest) -> Result<MemoryTestResult> {
        let start_time = Instant::now();

        match test.scenario {
            MemoryTestScenario::LargeArrayAllocation => {
                self.test_large_array_allocation(test)?;
            }
            MemoryTestScenario::RapidAllocation => {
                self.test_rapid_allocation(test)?;
            }
            MemoryTestScenario::DeepRecursion => {
                self.test_deep_recursion(test)?;
            }
            MemoryTestScenario::CircularReferences => {
                self.test_circular_references(test)?;
            }
        }

        let execution_time = start_time.elapsed();

        // Check for memory issues related to this test
        let test_issues: Vec<_> = self
            .memory_issues
            .iter()
            .rev()
            .take(1) // Take the most recent issue
            .cloned()
            .collect();

        let status = if test_issues.is_empty() {
            TestStatus::Passed
        } else {
            TestStatus::Failed
        };

        let severity = if !test_issues.is_empty() {
            test_issues[0].severity.clone()
        } else {
            SeverityLevel::Low
        };

        Ok(MemoryTestResult {
            test_name: test.name.clone(),
            status,
            issues: test_issues,
            execution_time,
            severity,
            memory_usage_delta: self.memory_tracking.current_usage,
            recommendations: self.generate_memory_recommendations(test),
        })
    }

    /// Test large array allocation
    fn test_large_array_allocation(&mut self, test: &MemorySafetyTest) -> Result<()> {
        // Simulate large memory allocation
        let large_size = 1024 * 1024 * 100; // 100MB

        // Record before allocation
        let before_usage = self.memory_tracking.current_usage;

        // Simulate allocation
        self.memory_tracking.current_usage += large_size;
        if self.memory_tracking.current_usage > self.memory_tracking.peak_usage {
            self.memory_tracking.peak_usage = self.memory_tracking.current_usage;
        }

        // Check if this indicates a potential issue (simplified logic)
        if self.should_detect_memory_issue(0.3) {
            let issue = MemoryIssue {
                issue_type: MemoryIssueType::Leak,
                severity: SeverityLevel::Medium,
                description: format!(
                    "Large allocation of {} bytes may indicate memory leak",
                    large_size
                ),
                stack_trace: Some("test_large_array_allocation".to_string()),
                memory_location: Some(MemoryLocation {
                    function: test.name.clone(),
                    line: 100,
                    address: Some(0x1000000),
                }),
            };
            self.memory_issues.push(issue);
        }

        Ok(())
    }

    /// Test rapid allocation
    fn test_rapid_allocation(&mut self, _test: &MemorySafetyTest) -> Result<()> {
        // Simulate rapid allocations
        for i in 0..1000 {
            let alloc_size = 1024; // 1KB
            self.memory_tracking.current_usage += alloc_size;

            self.memory_tracking.allocations.insert(
                format!("alloc_{}", i),
                AllocationInfo {
                    size: alloc_size,
                    timestamp: Instant::now(),
                    stack_trace: None,
                },
            );
        }

        // Check for fragmentation
        if self.should_detect_memory_issue(0.4) {
            let issue = MemoryIssue {
                issue_type: MemoryIssueType::Fragmentation,
                severity: SeverityLevel::High,
                description: "Rapid allocation pattern may cause memory fragmentation".to_string(),
                stack_trace: None,
                memory_location: None,
            };
            self.memory_issues.push(issue);
        }

        Ok(())
    }

    /// Test deep recursion
    fn test_deep_recursion(&mut self, _test: &MemorySafetyTest) -> Result<()> {
        if self.should_detect_memory_issue(0.5) {
            let issue = MemoryIssue {
                issue_type: MemoryIssueType::OverAccess,
                severity: SeverityLevel::Critical,
                description: "Deep recursion may cause stack overflow".to_string(),
                stack_trace: Some("recursive_function".to_string()),
                memory_location: Some(MemoryLocation {
                    function: "recursive_function".to_string(),
                    line: 500,
                    address: None,
                }),
            };
            self.memory_issues.push(issue);
        }

        Ok(())
    }

    /// Test circular references
    fn test_circular_references(&mut self, _test: &MemorySafetyTest) -> Result<()> {
        if self.should_detect_memory_issue(0.2) {
            let issue = MemoryIssue {
                issue_type: MemoryIssueType::Leak,
                severity: SeverityLevel::Medium,
                description: "Circular references prevent proper cleanup".to_string(),
                stack_trace: None,
                memory_location: None,
            };
            self.memory_issues.push(issue);
        }

        Ok(())
    }

    /// Simple randomized memory issue detection
    fn should_detect_memory_issue(&self, probability: f64) -> bool {
        let seed = (self.test_cases.len() + self.memory_issues.len()) as f64;
        (seed * 0.456789).fract() < probability
    }

    /// Generate memory-specific recommendations
    fn generate_memory_recommendations(&self, test: &MemorySafetyTest) -> Vec<String> {
        let mut recommendations = Vec::new();

        match test.vulnerability_type {
            MemoryVulnerabilityType::MemoryLeak => {
                recommendations.push("Implement proper cleanup in drop handlers".to_string());
                recommendations
                    .push("Use RAII patterns for automatic resource management".to_string());
            }
            MemoryVulnerabilityType::BufferOverflow => {
                recommendations.push("Use bounds checking for array accesses".to_string());
                recommendations.push("Consider using safe collection types".to_string());
            }
            MemoryVulnerabilityType::StackOverflow => {
                recommendations.push("Limit recursion depth".to_string());
                recommendations
                    .push("Consider iterative alternatives to recursive algorithms".to_string());
            }
            MemoryVulnerabilityType::UseAfterFree => {
                recommendations
                    .push("Use Rust's ownership system to prevent use-after-free".to_string());
            }
            MemoryVulnerabilityType::DoubleFree => {
                recommendations.push("Avoid manual memory management where possible".to_string());
            }
            MemoryVulnerabilityType::HeapCorruption => {
                recommendations.push("Enable address sanitizer during testing".to_string());
                recommendations.push("Review unsafe code blocks carefully".to_string());
            }
        }

        match test.scenario {
            MemoryTestScenario::LargeArrayAllocation => {
                recommendations.push("Monitor memory usage and implement limits".to_string());
            }
            MemoryTestScenario::RapidAllocation => {
                recommendations.push("Use memory pools to reduce fragmentation".to_string());
            }
            MemoryTestScenario::DeepRecursion => {
                recommendations.push("Implement tail recursion optimization".to_string());
            }
            MemoryTestScenario::CircularReferences => {
                recommendations.push("Use weak references to break cycles".to_string());
            }
        }

        recommendations.sort();
        recommendations.dedup();
        recommendations
    }

    /// Get memory issues
    pub fn get_issues(&self) -> &[MemoryIssue] {
        &self.memory_issues
    }

    /// Get memory tracking info
    pub fn get_memory_tracking(&self) -> &MemoryUsageTracker {
        &self.memory_tracking
    }

    /// Get current memory usage
    pub fn current_memory_usage(&self) -> usize {
        self.memory_tracking.current_usage
    }

    /// Get peak memory usage
    pub fn peak_memory_usage(&self) -> usize {
        self.memory_tracking.peak_usage
    }
}

/// Memory test result
#[derive(Debug, Clone)]
pub struct MemoryTestResult {
    pub test_name: String,
    pub status: TestStatus,
    pub issues: Vec<MemoryIssue>,
    pub execution_time: Duration,
    pub severity: SeverityLevel,
    pub memory_usage_delta: usize,
    pub recommendations: Vec<String>,
}

impl Default for MemorySafetyAnalyzer {
    fn default() -> Self {
        Self::new()
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_new_analyzer() {
        let analyzer = MemorySafetyAnalyzer::new();
        assert_eq!(analyzer.test_cases.len(), 0);
        assert_eq!(analyzer.get_issues().len(), 0);
    }

    #[test]
    fn test_builtin_tests() {
        let analyzer = MemorySafetyAnalyzer::with_builtin_tests();
        assert!(!analyzer.test_cases.is_empty());
    }

    #[test]
    fn test_memory_tracking() {
        let analyzer = MemorySafetyAnalyzer::new();
        assert_eq!(analyzer.current_memory_usage(), 0);
        assert_eq!(analyzer.peak_memory_usage(), 0);
    }
}