trailofbits.python.waiting-with-torch-distributed.waiting-with-torch-distributed

trailofbits

Author

unknown

Download Count*

CC BY-NC-SA 4.0

License

Not waiting for requests is a source of undefined behavior

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: waiting-with-torch-distributed
    message: Not waiting for requests is a source of undefined behavior
    languages:
      - python
    severity: WARNING
    metadata:
      category: security
      cwe: "CWE-758: Reliance on Undefined, Unspecified, or Implementation-Defined
        Behavior"
      subcategory:
        - vuln
      confidence: MEDIUM
      likelihood: LOW
      impact: LOW
      license: CC-BY-NC-SA-4.0
    patterns:
      - pattern-either:
          - pattern: $REQ = torch.distributed.irecv(...)
          - pattern: $REQ = torch.distributed.isend(...)
      - pattern-not-inside: |
          ...
          $REQ.wait()

Examples

waiting-with-torch-distributed.py

import torch.distributed as dist

def bad(): 
  def run(rank, size):
      tensor = torch.zeros(1)
      req = None
      if rank == 0:
          tensor += 1
          # ok: waiting-with-torch-distributed
          req = dist.isend(tensor=tensor, dst=1)
          print('Rank 0 started sending')
      else:
          # ok: waiting-with-torch-distributed
          req = dist.irecv(tensor=tensor, src=0)
          print('Rank 1 started receiving')
      req.wait()
      print('Rank ', rank, ' has data ', tensor[0])

  # ruleid: waiting-with-torch-distributed
  req = dist.isend(tensor=tensor, dst=1)

  # ruleid: waiting-with-torch-distributed
  req = dist.irecv(tensor=tensor, src=0)
  return req

Short Link: https://sg.run/OyQL