infer_clone/infer/tests/codetoanalyze/c/pulse/uninit.c

/*
 * Copyright (c) Facebook, Inc. and its affiliates.
 *
 * This source code is licensed under the MIT license found in the
 * LICENSE file in the root directory of this source tree.
 */

int dereference_bad() {
  int* p;
  return *p;
}

void self_assign_bad() {
  int x;
  x = x;
}

void use_and_mayinit(int, int*);

void call_to_use_and_mayinit_bad() {
  int x;
  use_and_mayinit(x, &x);
}

void malloc_good() {
  int* p = (int*)malloc(sizeof(int));
  if (p) {
    *p = 5;
    int x = *p;
  }
  free(p);
}

void malloc_bad() {
  int* p = (int*)malloc(sizeof(int));
  if (p) {
    int x = *p;
  }
  free(p);
}

void init_int_ref(int* p) { *p = 5; }

void interprocedural_init_in_callee_good() {
  int x;
  init_int_ref(&x);
  int y = x;
}

void nop(int* p) {}

void interprocedural_nop_in_callee_bad() {
  int x;
  nop(&x);
  int y = x;
}

void read_int_ref(int* p) { int x = *p; }

void interprocedural_read_in_callee_bad() {
  int x;
  read_int_ref(&x);
}

int* uninit() { return (int*)malloc(sizeof(int)); }

void interprocedural_uninit_in_callee_bad() {
  int* p = uninit();
  if (p) {
    int x = *p;
  }
}

struct uninit_s {
  int f1;
  int f2;
};

void get_field_address_good() {
  struct uninit_s* s = (struct uninit_s*)malloc(2 * sizeof(int));
  if (s) {
    int* p = &s->f1;
  }
  free(s);
}

void init_f1(struct uninit_s* p) { p->f1 = 5; }

void interprocedural_struct_good() {
  struct uninit_s s;
  init_f1(&s);
  int y = s.f1;
}

void interprocedural_struct_bad() {
  struct uninit_s s;
  init_f1(&s);
  int y = s.f2;
}

void malloc_array_good(int len) {
  char* o = (char*)malloc(len);
  if (o) {
    o[0] = 'a';
    char c = o[0];
  }
  free(o);
}

struct uninit_s unknown_struct();

struct uninit_s unknown_wrapper() {
  return unknown_struct();
}

void havoc_calling_unknown_struct_good() {
  struct uninit_s x = unknown_wrapper();
  int y = x.f1;
}

void malloc_array_bad_FN(int len) {
  char* o = (char*)malloc(len);
  if (o) {
    o[0] = 'a';
    char c = o[1];
  }
  free(o);
}

void local_array_good() {
  char o[10];
  o[0] = 'a';
  char c = o[0];
  free(o);
}

void local_array_bad_FN() {
  char o[10];
  o[0] = 'a';
  char c = o[1];
  free(o);
}
[pulse] Uninitialized value check in pulse Summary: This diff adds uninitialized value check in pulse. For now, it supports only simple cases, - declared variables with a type of integer, float, void, and pointer - malloced pointer variables that points to integer, float, void, and pointer TODOs: I will add more cases in the following diffs. - declared/malloced array - declared/malloced struct - inter-procedural checking Reviewed By: jvillard Differential Revision: D25269073 fbshipit-source-id: 317df9a85 4 years ago			`/*`
			`* Copyright (c) Facebook, Inc. and its affiliates.`
			`*`
			`* This source code is licensed under the MIT license found in the`
			`* LICENSE file in the root directory of this source tree.`
			`*/`

			`int dereference_bad() {`
			`int* p;`
			`return *p;`
			`}`

			`void self_assign_bad() {`
			`int x;`
			`x = x;`
			`}`

			`void use_and_mayinit(int, int*);`

			`void call_to_use_and_mayinit_bad() {`
			`int x;`
			`use_and_mayinit(x, &x);`
			`}`

			`void malloc_good() {`
			`int* p = (int*)malloc(sizeof(int));`
			`if (p) {`
			`*p = 5;`
			`int x = *p;`
			`}`
			`free(p);`
			`}`

			`void malloc_bad() {`
			`int* p = (int*)malloc(sizeof(int));`
			`if (p) {`
			`int x = *p;`
			`}`
			`free(p);`
			`}`

			`void init_int_ref(int* p) { *p = 5; }`

[pulse] Inter-procedural uninit analysis Summary: This diff supports inter-procedural uninit analysis in pulse. * Added `MustBeInitialized` attribute to pre state when an address is read * Remove `Uninitialized` attribute when callee has `WrittenTo` for the same address Reviewed By: jvillard Differential Revision: D25368492 fbshipit-source-id: cbc74d4dc 4 years ago			`void interprocedural_init_in_callee_good() {`
[pulse] Uninitialized value check in pulse Summary: This diff adds uninitialized value check in pulse. For now, it supports only simple cases, - declared variables with a type of integer, float, void, and pointer - malloced pointer variables that points to integer, float, void, and pointer TODOs: I will add more cases in the following diffs. - declared/malloced array - declared/malloced struct - inter-procedural checking Reviewed By: jvillard Differential Revision: D25269073 fbshipit-source-id: 317df9a85 4 years ago			`int x;`
			`init_int_ref(&x);`
			`int y = x;`
			`}`

[pulse] Inter-procedural uninit analysis Summary: This diff supports inter-procedural uninit analysis in pulse. * Added `MustBeInitialized` attribute to pre state when an address is read * Remove `Uninitialized` attribute when callee has `WrittenTo` for the same address Reviewed By: jvillard Differential Revision: D25368492 fbshipit-source-id: cbc74d4dc 4 years ago			`void nop(int* p) {}`

			`void interprocedural_nop_in_callee_bad() {`
[pulse] Uninitialized value check in pulse Summary: This diff adds uninitialized value check in pulse. For now, it supports only simple cases, - declared variables with a type of integer, float, void, and pointer - malloced pointer variables that points to integer, float, void, and pointer TODOs: I will add more cases in the following diffs. - declared/malloced array - declared/malloced struct - inter-procedural checking Reviewed By: jvillard Differential Revision: D25269073 fbshipit-source-id: 317df9a85 4 years ago			`int x;`
			`nop(&x);`
			`int y = x;`
			`}`

[pulse] Inter-procedural uninit analysis Summary: This diff supports inter-procedural uninit analysis in pulse. * Added `MustBeInitialized` attribute to pre state when an address is read * Remove `Uninitialized` attribute when callee has `WrittenTo` for the same address Reviewed By: jvillard Differential Revision: D25368492 fbshipit-source-id: cbc74d4dc 4 years ago			`void read_int_ref(int* p) { int x = *p; }`

			`void interprocedural_read_in_callee_bad() {`
			`int x;`
			`read_int_ref(&x);`
			`}`

			`int* uninit() { return (int*)malloc(sizeof(int)); }`

			`void interprocedural_uninit_in_callee_bad() {`
			`int* p = uninit();`
			`if (p) {`
			`int x = *p;`
			`}`
			`}`

[pulse] Uninitialized value check in pulse Summary: This diff adds uninitialized value check in pulse. For now, it supports only simple cases, - declared variables with a type of integer, float, void, and pointer - malloced pointer variables that points to integer, float, void, and pointer TODOs: I will add more cases in the following diffs. - declared/malloced array - declared/malloced struct - inter-procedural checking Reviewed By: jvillard Differential Revision: D25269073 fbshipit-source-id: 317df9a85 4 years ago			`struct uninit_s {`
			`int f1;`
			`int f2;`
			`};`

			`void get_field_address_good() {`
			`struct uninit_s* s = (struct uninit_s)malloc(2 sizeof(int));`
			`if (s) {`
			`int* p = &s->f1;`
			`}`
			`free(s);`
			`}`

			`void init_f1(struct uninit_s* p) { p->f1 = 5; }`

[pulse] Uninitialized check for struct fields Reviewed By: jvillard Differential Revision: D25371929 fbshipit-source-id: 966f333e3 4 years ago			`void interprocedural_struct_good() {`
			`struct uninit_s s;`
			`init_f1(&s);`
			`int y = s.f1;`
			`}`

			`void interprocedural_struct_bad() {`
[pulse] Uninitialized value check in pulse Summary: This diff adds uninitialized value check in pulse. For now, it supports only simple cases, - declared variables with a type of integer, float, void, and pointer - malloced pointer variables that points to integer, float, void, and pointer TODOs: I will add more cases in the following diffs. - declared/malloced array - declared/malloced struct - inter-procedural checking Reviewed By: jvillard Differential Revision: D25269073 fbshipit-source-id: 317df9a85 4 years ago			`struct uninit_s s;`
			`init_f1(&s);`
			`int y = s.f2;`
			`}`

			`void malloc_array_good(int len) {`
			`char* o = (char*)malloc(len);`
			`if (o) {`
			`o[0] = 'a';`
[pulse] Ignore array elements in uninitialized value check Summary: In practice, it is not easy to mark all of NOT initialized elements of array, so let's ignore the array value at the moment. Reviewed By: jvillard Differential Revision: D25372449 fbshipit-source-id: 02b2e217c 4 years ago			`char c = o[0];`
[pulse] Uninitialized value check in pulse Summary: This diff adds uninitialized value check in pulse. For now, it supports only simple cases, - declared variables with a type of integer, float, void, and pointer - malloced pointer variables that points to integer, float, void, and pointer TODOs: I will add more cases in the following diffs. - declared/malloced array - declared/malloced struct - inter-procedural checking Reviewed By: jvillard Differential Revision: D25269073 fbshipit-source-id: 317df9a85 4 years ago			`}`
			`free(o);`
			`}`
[pulse] Uninitialized check for struct fields Reviewed By: jvillard Differential Revision: D25371929 fbshipit-source-id: 966f333e3 4 years ago
			`struct uninit_s unknown_struct();`

			`struct uninit_s unknown_wrapper() {`
			`return unknown_struct();`
			`}`

			`void havoc_calling_unknown_struct_good() {`
			`struct uninit_s x = unknown_wrapper();`
			`int y = x.f1;`
			`}`
[pulse] Ignore array elements in uninitialized value check Summary: In practice, it is not easy to mark all of NOT initialized elements of array, so let's ignore the array value at the moment. Reviewed By: jvillard Differential Revision: D25372449 fbshipit-source-id: 02b2e217c 4 years ago
			`void malloc_array_bad_FN(int len) {`
			`char* o = (char*)malloc(len);`
			`if (o) {`
			`o[0] = 'a';`
			`char c = o[1];`
			`}`
			`free(o);`
			`}`

			`void local_array_good() {`
			`char o[10];`
			`o[0] = 'a';`
			`char c = o[0];`
			`free(o);`
			`}`

			`void local_array_bad_FN() {`
			`char o[10];`
			`o[0] = 'a';`
			`char c = o[1];`
			`free(o);`
			`}`