pghs975uc
/
infer_clone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'bab5aa4b08'
${ noResults }
infer_clone/infer/tests/codetoanalyze/cpp/liveness/dead_stores.cpp

613 lines
9.4 KiB
Raw Normal View History Unescape

[checkers] use liveness analysis to create dead store checker Summary: Pretty basic: warn when we see an assignment instruction `x = ...` and `x` is not live in the post of the instruction. Only enabled for Clang at the moment because linters already warn on this for Java. But we can enable it later if we want to (should be fully generic). Reviewed By: jeremydubreil Differential Revision: D5450439 fbshipit-source-id: 693514c
7 years ago
/*
[copyright] Remove years Reviewed By: jvillard Differential Revision: D15771884 fbshipit-source-id: e2997e3a3
6 years ago
* Copyright (c) Facebook, Inc. and its affiliates.
[checkers] use liveness analysis to create dead store checker Summary: Pretty basic: warn when we see an assignment instruction `x = ...` and `x` is not live in the post of the instruction. Only enabled for Clang at the moment because linters already warn on this for Java. But we can enable it later if we want to (should be fully generic). Reviewed By: jeremydubreil Differential Revision: D5450439 fbshipit-source-id: 693514c
7 years ago
*
Change license to MIT Summary: Change the license of the source code from BSD + PATENTS to MIT. Change `checkCopyright` to reflect the new license and learn some new file types. Generated with: ``` git grep BSD | xargs -n 1 ./scripts/checkCopyright -i ``` Reviewed By: jeremydubreil, mbouaziz, jberdine Differential Revision: D8071249 fbshipit-source-id: 97ca23a
7 years ago
* This source code is licensed under the MIT license found in the
* LICENSE file in the root directory of this source tree.
[checkers] use liveness analysis to create dead store checker Summary: Pretty basic: warn when we see an assignment instruction `x = ...` and `x` is not live in the post of the instruction. Only enabled for Clang at the moment because linters already warn on this for Java. But we can enable it later if we want to (should be fully generic). Reviewed By: jeremydubreil Differential Revision: D5450439 fbshipit-source-id: 693514c
7 years ago
*/
[clang] basic support for exceptional control-flow Summary: This diff: - translates C++ `catch` blocks - adds an exceptional control-flow edge from the end of a `try` block to the beginning of a `catch` block This obviously doesn't reflect the way exceptions actually work, but I think it is better than what we have now. For one thing, we'll see/translate code inside `catch` blocks, which were opaque before. If Clang analyses don't want this behavior, they can simply use `ProcCfg.Normal` (which, up until this diff, behaved identically to `ProcCfg.Exceptional`. In the future, we can extend `trans_state` to track blocks that might throw an exception, and have each of these blocks transition to `catch` instead. Reviewed By: jvillard Differential Revision: D7814521 fbshipit-source-id: 67b86a6
7 years ago
#include <exception>
[dead stores] don't warn on dead stores of ScopeGuard's Reviewed By: da319 Differential Revision: D6139339 fbshipit-source-id: 8dee51f
7 years ago
#include <mutex>
[clang] fix translation of placement new Summary: The "placement new" operator `new (e) T` constructs a `T` in the pre-allocated memory address `e`. We weren't translating the `e` part, which was leading to false positives in the dead store analysis. Reviewed By: dulmarod Differential Revision: D5814191 fbshipit-source-id: 05c6fa9
7 years ago
#include <new>
[clang] basic support for exceptional control-flow Summary: This diff: - translates C++ `catch` blocks - adds an exceptional control-flow edge from the end of a `try` block to the beginning of a `catch` block This obviously doesn't reflect the way exceptions actually work, but I think it is better than what we have now. For one thing, we'll see/translate code inside `catch` blocks, which were opaque before. If Clang analyses don't want this behavior, they can simply use `ProcCfg.Normal` (which, up until this diff, behaved identically to `ProcCfg.Exceptional`. In the future, we can extend `trans_state` to track blocks that might throw an exception, and have each of these blocks transition to `catch` instead. Reviewed By: jvillard Differential Revision: D7814521 fbshipit-source-id: 67b86a6
7 years ago
#include <stdexcept>
[dead stores] don't warn on dead stores of ScopeGuard's Reviewed By: da319 Differential Revision: D6139339 fbshipit-source-id: 8dee51f
7 years ago
#include <thread>
[dead stores] config file for custom scope guard types Reviewed By: da319 Differential Revision: D6517706 fbshipit-source-id: 3b6f805
7 years ago
namespace infer {
class ScopeGuard {};
}; // namespace infer
[checkers] use liveness analysis to create dead store checker Summary: Pretty basic: warn when we see an assignment instruction `x = ...` and `x` is not live in the post of the instruction. Only enabled for Clang at the moment because linters already warn on this for Java. But we can enable it later if we want to (should be fully generic). Reviewed By: jeremydubreil Differential Revision: D5450439 fbshipit-source-id: 693514c
7 years ago
namespace dead_stores {
void easy_bad() { int x = 5; }
[pre-analysis] Add models for `no_return` and handle throw-catch better Summary: - Add `no_return` models for Java's `exit(...)` methods (can be extended further later on) - handle throw-catch better by short-cutting throw nodes to not exit node but to all **catch nodes** that are reachable by the node. If there is no catch node, we short-cut to the exit node as before. This removes a FP from deadstore tests because before we simply were not able to handle CF from throw-> catch nodes at all. Reviewed By: skcho Differential Revision: D20769039 fbshipit-source-id: e978f6cdb
5 years ago
void throw_bad() {
int i = 20;
throw 1;
}
[checkers] use liveness analysis to create dead store checker Summary: Pretty basic: warn when we see an assignment instruction `x = ...` and `x` is not live in the post of the instruction. Only enabled for Clang at the moment because linters already warn on this for Java. But we can enable it later if we want to (should be fully generic). Reviewed By: jeremydubreil Differential Revision: D5450439 fbshipit-source-id: 693514c
7 years ago
void reassign_param_bad(int x) { x = 5; }
int dead_then_live_bad() {
int x = 5;
x = 3;
return x;
}
int use_then_dead_bad() {
int x = 5;
int y = x;
x = 7;
return y;
}
void dead_pointer_bad() {
int num = 2;
int* x = &num;
}
[liveness] fix bug in usage of OneInstrPerNode CFG Reviewed By: mbouaziz, jvillard Differential Revision: D5468487 fbshipit-source-id: 7ab6f9a
7 years ago
void plus_plus1_bad() {
[dead stores] don't warn on likely-harmless dead stores to default values Reviewed By: jberdine Differential Revision: D6223991 fbshipit-source-id: ff53e8b
7 years ago
int i = 1;
[liveness] fix bug in usage of OneInstrPerNode CFG Reviewed By: mbouaziz, jvillard Differential Revision: D5468487 fbshipit-source-id: 7ab6f9a
7 years ago
++i;
}
void plus_plus2_bad() {
[dead stores] don't warn on likely-harmless dead stores to default values Reviewed By: jberdine Differential Revision: D6223991 fbshipit-source-id: ff53e8b
7 years ago
int i = 1;
[liveness] fix bug in usage of OneInstrPerNode CFG Reviewed By: mbouaziz, jvillard Differential Revision: D5468487 fbshipit-source-id: 7ab6f9a
7 years ago
i++;
}
int plus_plus3_bad() {
[dead stores] don't warn on likely-harmless dead stores to default values Reviewed By: jberdine Differential Revision: D6223991 fbshipit-source-id: ff53e8b
7 years ago
int i = 1;
[liveness] fix bug in usage of OneInstrPerNode CFG Reviewed By: mbouaziz, jvillard Differential Revision: D5468487 fbshipit-source-id: 7ab6f9a
7 years ago
return i++;
}
[clang] translate vars captured by lambda Reviewed By: jeremydubreil Differential Revision: D5482634 fbshipit-source-id: 86afb05
7 years ago
void FN_capture_no_read_bad() {
[dead stores] don't warn on likely-harmless dead stores to default values Reviewed By: jberdine Differential Revision: D6223991 fbshipit-source-id: ff53e8b
7 years ago
int x = 1;
[clang] translate vars captured by lambda Reviewed By: jeremydubreil Differential Revision: D5482634 fbshipit-source-id: 86afb05
7 years ago
[x]() { return; }();
}
[clang][dead stores] translate init-capture expressions Summary: Not translating these properly was causing false positives for the dead store analysis in cases like ``` int i = 0; return [j = i]() { return j; }(); ``` Reviewed By: da319 Differential Revision: D5731562 fbshipit-source-id: ae79ac8
7 years ago
void init_capture_reassign_bad() {
[dead stores] don't warn on likely-harmless dead stores to default values Reviewed By: jberdine Differential Revision: D6223991 fbshipit-source-id: ff53e8b
7 years ago
int i = 1; // this is a dead store
Change license to MIT Summary: Change the license of the source code from BSD + PATENTS to MIT. Change `checkCopyright` to reflect the new license and learn some new file types. Generated with: ``` git grep BSD | xargs -n 1 ./scripts/checkCopyright -i ``` Reviewed By: jeremydubreil, mbouaziz, jberdine Differential Revision: D8071249 fbshipit-source-id: 97ca23a
7 years ago
return [i = 1]() { return i; }();
[clang][dead stores] translate init-capture expressions Summary: Not translating these properly was causing false positives for the dead store analysis in cases like ``` int i = 0; return [j = i]() { return j; }(); ``` Reviewed By: da319 Differential Revision: D5731562 fbshipit-source-id: ae79ac8
7 years ago
}
[frontend] Fix capture init for cpp lambdas Summary: We were missing assignment to captured variables with initializers. Consider the following example: ``` S* update_inside_lambda_capture_and_init(S* s) { S* object = nullptr; auto f = [& o = object](S* s) { o = s; }; f(s); return object; } ``` which was translated to ``` VARIABLE_DECLARED(o:S*&); *&o:S*&=&object *&f =(_fun...lambda..._operator(),([by ref]&o &o:S*&)) ``` However, we want to capture `o` (which is an address of `object`), rather `&o` in closure. After the diff ``` VARIABLE_DECLARED(o:S*&); *&o:S*&=&object n$7=*&o:S*& *&f =(_fun...lambda..._operator(),([by ref]n$7 &o:S*&)) ``` Reviewed By: jvillard Differential Revision: D23567346 fbshipit-source-id: 20f77acc2
4 years ago
void FN_init_capture_no_call_bad() {
[dead stores] don't warn on likely-harmless dead stores to default values Reviewed By: jberdine Differential Revision: D6223991 fbshipit-source-id: ff53e8b
7 years ago
[i = 1]() { return i; };
[clang][dead stores] translate init-capture expressions Summary: Not translating these properly was causing false positives for the dead store analysis in cases like ``` int i = 0; return [j = i]() { return j; }(); ``` Reviewed By: da319 Differential Revision: D5731562 fbshipit-source-id: ae79ac8
7 years ago
}
[frontend] Fix capture init for cpp lambdas Summary: We were missing assignment to captured variables with initializers. Consider the following example: ``` S* update_inside_lambda_capture_and_init(S* s) { S* object = nullptr; auto f = [& o = object](S* s) { o = s; }; f(s); return object; } ``` which was translated to ``` VARIABLE_DECLARED(o:S*&); *&o:S*&=&object *&f =(_fun...lambda..._operator(),([by ref]&o &o:S*&)) ``` However, we want to capture `o` (which is an address of `object`), rather `&o` in closure. After the diff ``` VARIABLE_DECLARED(o:S*&); *&o:S*&=&object n$7=*&o:S*& *&f =(_fun...lambda..._operator(),([by ref]n$7 &o:S*&)) ``` Reviewed By: jvillard Differential Revision: D23567346 fbshipit-source-id: 20f77acc2
4 years ago
void FN_init_capture_call_bad2() {
auto f = [i = 1]() { return i; };
}
[clang][dead stores] translate init-capture expressions Summary: Not translating these properly was causing false positives for the dead store analysis in cases like ``` int i = 0; return [j = i]() { return j; }(); ``` Reviewed By: da319 Differential Revision: D5731562 fbshipit-source-id: ae79ac8
7 years ago
int FN_init_capture_no_read_bad() {
Change license to MIT Summary: Change the license of the source code from BSD + PATENTS to MIT. Change `checkCopyright` to reflect the new license and learn some new file types. Generated with: ``` git grep BSD | xargs -n 1 ./scripts/checkCopyright -i ``` Reviewed By: jeremydubreil, mbouaziz, jberdine Differential Revision: D8071249 fbshipit-source-id: 97ca23a
7 years ago
return [i = 1]() { return 0; }();
[clang] translate vars captured by lambda Reviewed By: jeremydubreil Differential Revision: D5482634 fbshipit-source-id: 86afb05
7 years ago
}
[checkers] use liveness analysis to create dead store checker Summary: Pretty basic: warn when we see an assignment instruction `x = ...` and `x` is not live in the post of the instruction. Only enabled for Clang at the moment because linters already warn on this for Java. But we can enable it later if we want to (should be fully generic). Reviewed By: jeremydubreil Differential Revision: D5450439 fbshipit-source-id: 693514c
7 years ago
int return_ok() {
int x = 5;
return x;
}
int branch_ok(bool b) {
int x = 5;
int y = 3;
if (b) {
y = x;
}
return y;
}
int loop_ok(bool b) {
int x = 5;
int y = 3;
while (b) {
y = x;
b = false;
}
return y;
}
int loop_break_ok(bool b) {
int x = 5;
while (b) {
x = 3;
break;
}
return x;
}
int loop_continue_ok(bool b) {
int x = 5;
int y = 2;
while (b) {
y = x;
x = 3;
continue;
}
return y;
}
void assign_pointer1_ok(int* ptr) { *ptr = 7; }
int* assign_pointer2_ok() {
int num = 2;
int* ptr = &num;
return ptr;
}
[clang] translate vars captured by lambda Reviewed By: jeremydubreil Differential Revision: D5482634 fbshipit-source-id: 86afb05
7 years ago
void by_ref1_ok(int& ref) { ref = 7; }
void by_ref2_ok(int& ref) { ref++; }
[checkers] use liveness analysis to create dead store checker Summary: Pretty basic: warn when we see an assignment instruction `x = ...` and `x` is not live in the post of the instruction. Only enabled for Clang at the moment because linters already warn on this for Java. But we can enable it later if we want to (should be fully generic). Reviewed By: jeremydubreil Differential Revision: D5450439 fbshipit-source-id: 693514c
7 years ago
[liveness] fix bug in usage of OneInstrPerNode CFG Reviewed By: mbouaziz, jvillard Differential Revision: D5468487 fbshipit-source-id: 7ab6f9a
7 years ago
int plus_plus_ok() {
[dead stores] don't warn on likely-harmless dead stores to default values Reviewed By: jberdine Differential Revision: D6223991 fbshipit-source-id: ff53e8b
7 years ago
int x = 1;
[liveness] fix bug in usage of OneInstrPerNode CFG Reviewed By: mbouaziz, jvillard Differential Revision: D5468487 fbshipit-source-id: 7ab6f9a
7 years ago
return ++x;
}
int plus_plus_loop_ok(int n) {
int i;
[dead stores] don't warn on likely-harmless dead stores to default values Reviewed By: jberdine Differential Revision: D6223991 fbshipit-source-id: ff53e8b
7 years ago
for (i = 1; i < n; i++) {
[liveness] fix bug in usage of OneInstrPerNode CFG Reviewed By: mbouaziz, jvillard Differential Revision: D5468487 fbshipit-source-id: 7ab6f9a
7 years ago
i++;
}
return i;
}
[dead stores] fix FPs due to capture by ref Reviewed By: jeremydubreil Differential Revision: D5534605 fbshipit-source-id: e8048a5
7 years ago
void lambda_bad() {
int x = []() {
int y = 1;
y = 2;
return y;
}();
return x;
}
[clang] translate vars captured by lambda Reviewed By: jeremydubreil Differential Revision: D5482634 fbshipit-source-id: 86afb05
7 years ago
void capture1_ok() {
int x = 1;
[x]() { return x; }();
}
void capture2_ok(int x) {
[x]() { return x; }();
}
[dead stores] fix FPs due to capture by ref Reviewed By: jeremydubreil Differential Revision: D5534605 fbshipit-source-id: e8048a5
7 years ago
int capture_by_ref1_ok() {
[dead stores] don't warn on likely-harmless dead stores to default values Reviewed By: jberdine Differential Revision: D6223991 fbshipit-source-id: ff53e8b
7 years ago
int x = 1;
[clang] translate vars captured by lambda Reviewed By: jeremydubreil Differential Revision: D5482634 fbshipit-source-id: 86afb05
7 years ago
[&x]() { x++; }();
return x;
}
[dead stores] fix FPs due to capture by ref Reviewed By: jeremydubreil Differential Revision: D5534605 fbshipit-source-id: e8048a5
7 years ago
int capture_by_ref2_ok() {
[dead stores] don't warn on likely-harmless dead stores to default values Reviewed By: jberdine Differential Revision: D6223991 fbshipit-source-id: ff53e8b
7 years ago
int x = 1;
int y = 1;
[dead stores] fix FPs due to capture by ref Reviewed By: jeremydubreil Differential Revision: D5534605 fbshipit-source-id: e8048a5
7 years ago
[&]() {
x = x + y;
y = x;
}();
return x + y;
}
[liveness] don't report on dead stores of variables captured by reference in a lambda Summary: You can capture a variable by reference in a lambda, assign to it, and then invoke the lambda. This looks like a dead store from the perspective of the current analysis. This diff mitigates the problem by computing an additional analysis that tracks variables captured by ref at each program point. It refuses to report a dead store on a variable that has already been captured by reference. Later, we might want to incorporate the results of this analysis directly into the liveness analysis instead of just using it to gate reporting. Reviewed By: jeremydubreil Differential Revision: D7090291 fbshipit-source-id: 25eeffa
7 years ago
int capture_by_ref3_ok() {
int x = 1;
[&](auto y) { x += y; }(3);
return x;
}
int capture_by_ref4_ok() {
int x = 1;
auto lambda = [&] { return x; };
x = 2; // not a dead store; updates captured x
return lambda();
}
int dead_store_before_capture_by_ref_bad() {
int x = 1; // this is dead. should report it even though x is captured by ref
// later on
x = 2;
auto lambda = [&] { return x; };
x = 2;
return lambda();
}
[dead stores] report on dead stores to values captured by value in a lambda Summary: Before D7100561, the frontend translated capture-by-ref and capture-by-value in the same way. Now we can tell the difference and report bugs in the capture-by-value case. Reviewed By: jeremydubreil Differential Revision: D7102214 fbshipit-source-id: e9d3ac7
7 years ago
int capture_by_value_bad() {
[liveness] don't report on dead stores of variables captured by reference in a lambda Summary: You can capture a variable by reference in a lambda, assign to it, and then invoke the lambda. This looks like a dead store from the perspective of the current analysis. This diff mitigates the problem by computing an additional analysis that tracks variables captured by ref at each program point. It refuses to report a dead store on a variable that has already been captured by reference. Later, we might want to incorporate the results of this analysis directly into the liveness analysis instead of just using it to gate reporting. Reviewed By: jeremydubreil Differential Revision: D7090291 fbshipit-source-id: 25eeffa
7 years ago
int x = 1;
auto lambda = [=] { return x; };
x = 2; // this is dead
return lambda();
}
[dead stores] fix FPs due to capture by ref Reviewed By: jeremydubreil Differential Revision: D5534605 fbshipit-source-id: e8048a5
7 years ago
int FN_capture_by_ref_reuseBad() {
[dead stores] don't warn on likely-harmless dead stores to default values Reviewed By: jberdine Differential Revision: D6223991 fbshipit-source-id: ff53e8b
7 years ago
int x = 1;
[dead stores] fix FPs due to capture by ref Reviewed By: jeremydubreil Differential Revision: D5534605 fbshipit-source-id: e8048a5
7 years ago
[&x]() {
x = 1; // dead, but we won't report
x = 2;
}();
return x;
}
[clang][dead stores] translate init-capture expressions Summary: Not translating these properly was causing false positives for the dead store analysis in cases like ``` int i = 0; return [j = i]() { return j; }(); ``` Reviewed By: da319 Differential Revision: D5731562 fbshipit-source-id: ae79ac8
7 years ago
int init_capture1_ok() {
Change license to MIT Summary: Change the license of the source code from BSD + PATENTS to MIT. Change `checkCopyright` to reflect the new license and learn some new file types. Generated with: ``` git grep BSD | xargs -n 1 ./scripts/checkCopyright -i ``` Reviewed By: jeremydubreil, mbouaziz, jberdine Differential Revision: D8071249 fbshipit-source-id: 97ca23a
7 years ago
return [i = 1]() { return i; }();
[clang][dead stores] translate init-capture expressions Summary: Not translating these properly was causing false positives for the dead store analysis in cases like ``` int i = 0; return [j = i]() { return j; }(); ``` Reviewed By: da319 Differential Revision: D5731562 fbshipit-source-id: ae79ac8
7 years ago
}
int init_capture2_ok() {
[dead stores] don't warn on likely-harmless dead stores to default values Reviewed By: jberdine Differential Revision: D6223991 fbshipit-source-id: ff53e8b
7 years ago
int i = 1;
Change license to MIT Summary: Change the license of the source code from BSD + PATENTS to MIT. Change `checkCopyright` to reflect the new license and learn some new file types. Generated with: ``` git grep BSD | xargs -n 1 ./scripts/checkCopyright -i ``` Reviewed By: jeremydubreil, mbouaziz, jberdine Differential Revision: D8071249 fbshipit-source-id: 97ca23a
7 years ago
return [j = i]() { return j; }();
[clang][dead stores] translate init-capture expressions Summary: Not translating these properly was causing false positives for the dead store analysis in cases like ``` int i = 0; return [j = i]() { return j; }(); ``` Reviewed By: da319 Differential Revision: D5731562 fbshipit-source-id: ae79ac8
7 years ago
}
int init_capture3_ok() {
[dead stores] don't warn on likely-harmless dead stores to default values Reviewed By: jberdine Differential Revision: D6223991 fbshipit-source-id: ff53e8b
7 years ago
int i = 1;
Change license to MIT Summary: Change the license of the source code from BSD + PATENTS to MIT. Change `checkCopyright` to reflect the new license and learn some new file types. Generated with: ``` git grep BSD | xargs -n 1 ./scripts/checkCopyright -i ``` Reviewed By: jeremydubreil, mbouaziz, jberdine Differential Revision: D8071249 fbshipit-source-id: 97ca23a
7 years ago
return [i = i]() { return i; }();
[clang][dead stores] translate init-capture expressions Summary: Not translating these properly was causing false positives for the dead store analysis in cases like ``` int i = 0; return [j = i]() { return j; }(); ``` Reviewed By: da319 Differential Revision: D5731562 fbshipit-source-id: ae79ac8
7 years ago
}
int init_capture4_ok() {
[dead stores] don't warn on likely-harmless dead stores to default values Reviewed By: jberdine Differential Revision: D6223991 fbshipit-source-id: ff53e8b
7 years ago
int i = 1;
int j = 1;
Change license to MIT Summary: Change the license of the source code from BSD + PATENTS to MIT. Change `checkCopyright` to reflect the new license and learn some new file types. Generated with: ``` git grep BSD | xargs -n 1 ./scripts/checkCopyright -i ``` Reviewed By: jeremydubreil, mbouaziz, jberdine Differential Revision: D8071249 fbshipit-source-id: 97ca23a
7 years ago
return [a = 1, b = i, c = j]() { return a + b + c; }();
[clang][dead stores] translate init-capture expressions Summary: Not translating these properly was causing false positives for the dead store analysis in cases like ``` int i = 0; return [j = i]() { return j; }(); ``` Reviewed By: da319 Differential Revision: D5731562 fbshipit-source-id: ae79ac8
7 years ago
}
int init_capture5_ok() {
[dead stores] don't warn on likely-harmless dead stores to default values Reviewed By: jberdine Differential Revision: D6223991 fbshipit-source-id: ff53e8b
7 years ago
int i = 1;
Change license to MIT Summary: Change the license of the source code from BSD + PATENTS to MIT. Change `checkCopyright` to reflect the new license and learn some new file types. Generated with: ``` git grep BSD | xargs -n 1 ./scripts/checkCopyright -i ``` Reviewed By: jeremydubreil, mbouaziz, jberdine Differential Revision: D8071249 fbshipit-source-id: 97ca23a
7 years ago
int k = [j = i]() { return j; }();
[clang][dead stores] translate init-capture expressions Summary: Not translating these properly was causing false positives for the dead store analysis in cases like ``` int i = 0; return [j = i]() { return j; }(); ``` Reviewed By: da319 Differential Revision: D5731562 fbshipit-source-id: ae79ac8
7 years ago
i = 5; // should not be flagged
return i + k;
}
int init_capture6_ok() {
[dead stores] don't warn on likely-harmless dead stores to default values Reviewed By: jberdine Differential Revision: D6223991 fbshipit-source-id: ff53e8b
7 years ago
int i = 1;
Change license to MIT Summary: Change the license of the source code from BSD + PATENTS to MIT. Change `checkCopyright` to reflect the new license and learn some new file types. Generated with: ``` git grep BSD | xargs -n 1 ./scripts/checkCopyright -i ``` Reviewed By: jeremydubreil, mbouaziz, jberdine Differential Revision: D8071249 fbshipit-source-id: 97ca23a
7 years ago
int k = [i = i + 1]() { return i; }();
[clang][dead stores] translate init-capture expressions Summary: Not translating these properly was causing false positives for the dead store analysis in cases like ``` int i = 0; return [j = i]() { return j; }(); ``` Reviewed By: da319 Differential Revision: D5731562 fbshipit-source-id: ae79ac8
7 years ago
i = 5; // should not be flagged;
return i + k;
[clang] translate vars captured by lambda Reviewed By: jeremydubreil Differential Revision: D5482634 fbshipit-source-id: 86afb05
7 years ago
}
[checkers] use liveness analysis to create dead store checker Summary: Pretty basic: warn when we see an assignment instruction `x = ...` and `x` is not live in the post of the instruction. Only enabled for Clang at the moment because linters already warn on this for Java. But we can enable it later if we want to (should be fully generic). Reviewed By: jeremydubreil Differential Revision: D5450439 fbshipit-source-id: 693514c
7 years ago
char* global;
[infer] Translate casting expressions of integer pointers Summary: It enables the translation of casting expression. As of now, it translates only the castings of pointers to integer types, in order to avoid too much of change, which may mess the checkers up. Reviewed By: jvillard Differential Revision: D12920568 fbshipit-source-id: a5489df24
6 years ago
void assign_array_tricky_ok() {
[checkers] use liveness analysis to create dead store checker Summary: Pretty basic: warn when we see an assignment instruction `x = ...` and `x` is not live in the post of the instruction. Only enabled for Clang at the moment because linters already warn on this for Java. But we can enable it later if we want to (should be fully generic). Reviewed By: jeremydubreil Differential Revision: D5450439 fbshipit-source-id: 693514c
7 years ago
char arr[1];
global = arr;
[infer] Translate casting expressions of integer pointers Summary: It enables the translation of casting expression. As of now, it translates only the castings of pointers to integer types, in order to avoid too much of change, which may mess the checkers up. Reviewed By: jvillard Differential Revision: D12920568 fbshipit-source-id: a5489df24
6 years ago
*(int*)arr = 123;
}
// Currently the frontend does not translate the casting of pointers to float.
void FP_assign_array_tricky2_ok() {
char arr[1];
global = arr;
*(float*)arr = 1.0;
[checkers] use liveness analysis to create dead store checker Summary: Pretty basic: warn when we see an assignment instruction `x = ...` and `x` is not live in the post of the instruction. Only enabled for Clang at the moment because linters already warn on this for Java. But we can enable it later if we want to (should be fully generic). Reviewed By: jeremydubreil Differential Revision: D5450439 fbshipit-source-id: 693514c
7 years ago
}
[clang][dead stores] translate init-capture expressions Summary: Not translating these properly was causing false positives for the dead store analysis in cases like ``` int i = 0; return [j = i]() { return j; }(); ``` Reviewed By: da319 Differential Revision: D5731562 fbshipit-source-id: ae79ac8
7 years ago
[clang] fix translation of placement new Summary: The "placement new" operator `new (e) T` constructs a `T` in the pre-allocated memory address `e`. We weren't translating the `e` part, which was leading to false positives in the dead store analysis. Reviewed By: dulmarod Differential Revision: D5814191 fbshipit-source-id: 05c6fa9
7 years ago
void placement_new_ok(int len, int* ptr) {
int* placement = ptr;
while (len--) {
new (placement++) int(5);
}
}
[dead stores] don't warn on likely-harmless dead stores to default values Reviewed By: jberdine Differential Revision: D6223991 fbshipit-source-id: ff53e8b
7 years ago
// we don't report on dead stores where the RHS is 0, 0.0, false, nullptr, etc.
bool sentinel_bool_ok() {
bool b = false;
b = true;
return b;
}
int sentinel_int_ok() {
int i = 0;
i = 1;
return i;
}
int sentinel_long_ok() {
long l = 0L;
l = 1L;
return l;
}
float sentinel_float_ok() {
float f = 0.0;
f = 1.0;
return f;
}
double sentinel_double_ok() {
double d = 0.0;
d = 1.0;
return d;
}
int* sentinel_ptr_ok(int* j) {
int* i = nullptr;
i = j;
return i;
}
[dead stores] config file for custom scope guard types Reviewed By: da319 Differential Revision: D6517706 fbshipit-source-id: 3b6f805
7 years ago
void custom_scope_guard_ok() { infer::ScopeGuard guard; }
[dead stores] identify dead stores involving struct values Summary: As da319 points out, we did not handle this case correctly before. There were a few reasons why: (1) An assignment like `struct S s = mk_s()` gets translated as `tmp = mk_s(); S(&s, tmp)`, so we didn't see the write to `s`. (2) We counted uses of variables in destructors and dummy `_ = *s` assignments as reads, which meant that any struct values were considered as live. This diff fixes these limitations so we can report on dead stores of struct values. Reviewed By: da319 Differential Revision: D6327564 fbshipit-source-id: 2ead4be
7 years ago
struct S {
~S() {}
};
typedef S&& B;
S mk_s() {
S s;
return s;
};
// s gets read by the destructor for S
[liveness] remove special-casing for destructor reads Reviewed By: jeremydubreil Differential Revision: D6569310 fbshipit-source-id: f072e05
7 years ago
void FN_dead_struct_value1_bad() { S s = mk_s(); }
[dead stores] identify dead stores involving struct values Summary: As da319 points out, we did not handle this case correctly before. There were a few reasons why: (1) An assignment like `struct S s = mk_s()` gets translated as `tmp = mk_s(); S(&s, tmp)`, so we didn't see the write to `s`. (2) We counted uses of variables in destructors and dummy `_ = *s` assignments as reads, which meant that any struct values were considered as live. This diff fixes these limitations so we can report on dead stores of struct values. Reviewed By: da319 Differential Revision: D6327564 fbshipit-source-id: 2ead4be
7 years ago
// need to handle operator= in order to detect this case
void FN_dead_struct_value2_bad() {
S s = mk_s();
s = mk_s();
}
void dead_struct_rvalue_ref_bad() { B b = mk_s(); }
S struct_value_used_ok() {
S s = mk_s();
return s;
}
B& struct_rvalue_ref_used_ok() {
B b = mk_s();
return b;
}
[liveness] remove special-casing for destructor reads Reviewed By: jeremydubreil Differential Revision: D6569310 fbshipit-source-id: f072e05
7 years ago
struct NoDestructor {};
void dead_struct_no_destructor_bad() { NoDestructor dead; }
[frontend] Translating ToVoid cast Summary: We were missing reads of `a` if it was used in void cast, i.e. `(void) a;` This caused dead store false positives: we were not using `exp` that was the result of translating `a`. This diff creates a call to built-in skip function with `exp` as its argument, which causes the analyses to see reads of `exp`. Reviewed By: mbouaziz Differential Revision: D8332092 fbshipit-source-id: f3b0e10
7 years ago
void no_destructor_void_read_ok() {
NoDestructor dead;
(void)dead;
}
[destructors] Inject destructor calls even if the destructor declaration is empty Summary: We do not inject a destructor call if the destructor declaration does not contain a body in AST. We miss all the cases where the destructor is declared in `.h` file and defined in `.cpp` file as other files include `.h` file and do not contain the body of the destructor when destructor calls are being injected based on AST information. After this diff we inject destructor calls even if we do not have body for the destructor in AST. Reviewed By: sblackshear Differential Revision: D6796567 fbshipit-source-id: 1c187ec
7 years ago
struct NoDestructorDefinition {
~NoDestructorDefinition();
};
void dead_struct_no_destructor_definition_ok() { NoDestructorDefinition dead; }
[dead stores] don't warn on dead stores of ScopeGuard's Reviewed By: da319 Differential Revision: D6139339 fbshipit-source-id: 8dee51f
7 years ago
std::mutex my_mutex;
void dead_lock_guard_ok() { std::lock_guard<std::mutex> lock(my_mutex); }
void dead_unique_lock_ok() { std::unique_lock<std::mutex> lock(my_mutex); }
[clang] basic support for exceptional control-flow Summary: This diff: - translates C++ `catch` blocks - adds an exceptional control-flow edge from the end of a `try` block to the beginning of a `catch` block This obviously doesn't reflect the way exceptions actually work, but I think it is better than what we have now. For one thing, we'll see/translate code inside `catch` blocks, which were opaque before. If Clang analyses don't want this behavior, they can simply use `ProcCfg.Normal` (which, up until this diff, behaved identically to `ProcCfg.Exceptional`. In the future, we can extend `trans_state` to track blocks that might throw an exception, and have each of these blocks transition to `catch` instead. Reviewed By: jvillard Differential Revision: D7814521 fbshipit-source-id: 67b86a6
7 years ago
extern int maybe_throw();
class Exceptions {
int read_in_catch1_ok() {
int i = 1;
try {
throw std::runtime_error("error");
} catch (...) {
return i;
}
return 0;
}
int read_in_catch_explicit_throw_ok() {
int i = 1;
try {
maybe_throw();
} catch (...) {
return i;
}
return 0;
}
int dead_in_catch_bad() {
try {
throw std::runtime_error("error");
} catch (...) {
int i = 1;
}
return 0;
}
[frontend] Do not create exceptional successors for return nodes Summary: Exceptional successors were not meant to be created for return nodes, but they were created if try block had a single return statement. Reviewed By: jvillard Differential Revision: D8913371 fbshipit-source-id: 6ac85b21d
6 years ago
int unreachable_catch_bad() {
[clang] basic support for exceptional control-flow Summary: This diff: - translates C++ `catch` blocks - adds an exceptional control-flow edge from the end of a `try` block to the beginning of a `catch` block This obviously doesn't reflect the way exceptions actually work, but I think it is better than what we have now. For one thing, we'll see/translate code inside `catch` blocks, which were opaque before. If Clang analyses don't want this behavior, they can simply use `ProcCfg.Normal` (which, up until this diff, behaved identically to `ProcCfg.Exceptional`. In the future, we can extend `trans_state` to track blocks that might throw an exception, and have each of these blocks transition to `catch` instead. Reviewed By: jvillard Differential Revision: D7814521 fbshipit-source-id: 67b86a6
7 years ago
int i = 1;
try {
} catch (...) {
return i;
}
return 0;
}
int multiple_catches_ok(bool b) {
int i = 1;
int j = 2;
try {
if (b) {
throw std::length_error("error");
} else {
throw std::range_error("error");
}
} catch (std::length_error& msg) {
return i;
} catch (std::range_error& msg) {
return j;
}
return 0;
}
void dont_throw() {}
int FN_harder_unreachable_catch_bad() {
int i = 1;
try {
dont_throw();
} catch (...) {
return i;
}
return 0;
}
[pre-analysis] Add models for `no_return` and handle throw-catch better Summary: - Add `no_return` models for Java's `exit(...)` methods (can be extended further later on) - handle throw-catch better by short-cutting throw nodes to not exit node but to all **catch nodes** that are reachable by the node. If there is no catch node, we short-cut to the exit node as before. This removes a FP from deadstore tests because before we simply were not able to handle CF from throw-> catch nodes at all. Reviewed By: skcho Differential Revision: D20769039 fbshipit-source-id: e978f6cdb
5 years ago
// the transition to the catch block is set at pre-analysis
int read_in_catch_tricky_ok(bool b1, bool b2) {
[clang] basic support for exceptional control-flow Summary: This diff: - translates C++ `catch` blocks - adds an exceptional control-flow edge from the end of a `try` block to the beginning of a `catch` block This obviously doesn't reflect the way exceptions actually work, but I think it is better than what we have now. For one thing, we'll see/translate code inside `catch` blocks, which were opaque before. If Clang analyses don't want this behavior, they can simply use `ProcCfg.Normal` (which, up until this diff, behaved identically to `ProcCfg.Exceptional`. In the future, we can extend `trans_state` to track blocks that might throw an exception, and have each of these blocks transition to `catch` instead. Reviewed By: jvillard Differential Revision: D7814521 fbshipit-source-id: 67b86a6
7 years ago
int i = 1;
try {
if (b1) {
throw std::runtime_error("error");
}
i = 2;
if (b2) {
throw std::runtime_error("error");
}
} catch (...) {
return i;
}
return 0;
}
[pre-analysis] Add models for `no_return` and handle throw-catch better Summary: - Add `no_return` models for Java's `exit(...)` methods (can be extended further later on) - handle throw-catch better by short-cutting throw nodes to not exit node but to all **catch nodes** that are reachable by the node. If there is no catch node, we short-cut to the exit node as before. This removes a FP from deadstore tests because before we simply were not able to handle CF from throw-> catch nodes at all. Reviewed By: skcho Differential Revision: D20769039 fbshipit-source-id: e978f6cdb
5 years ago
int read_in_loop_tricky_ok(bool b) {
int i = 1;
for (int p = 0; p <= 5; p++) {
try {
if (b) {
throw std::runtime_error("error");
}
} catch (...) {
return i;
}
}
return 0;
}
void read_in_goto_ok(bool b) {
int i = 1;
try {
if (b) {
throw std::runtime_error("error");
goto A;
} else {
goto B;
}
A:
goto B;
B:
goto A;
}
catch (...) {
return i;
}
}
[clang] basic support for exceptional control-flow Summary: This diff: - translates C++ `catch` blocks - adds an exceptional control-flow edge from the end of a `try` block to the beginning of a `catch` block This obviously doesn't reflect the way exceptions actually work, but I think it is better than what we have now. For one thing, we'll see/translate code inside `catch` blocks, which were opaque before. If Clang analyses don't want this behavior, they can simply use `ProcCfg.Normal` (which, up until this diff, behaved identically to `ProcCfg.Exceptional`. In the future, we can extend `trans_state` to track blocks that might throw an exception, and have each of these blocks transition to `catch` instead. Reviewed By: jvillard Differential Revision: D7814521 fbshipit-source-id: 67b86a6
7 years ago
int return_in_try1_ok() {
bool b;
try {
maybe_throw();
return 3;
} catch (const char* msg) {
b = true;
}
if (b) {
return 2;
}
return 3;
}
int return_in_try2_ok() {
bool b;
try {
return maybe_throw();
} catch (const char* msg) {
b = true;
}
if (b) {
return 2;
}
return 3;
}
};
[clang frontent] Fix translation of binary operator Reviewed By: dulmarod, jvillard Differential Revision: D8588689 fbshipit-source-id: ef04877
7 years ago
void init_in_binop_bad(int x) { x = -x & ~int{0}; }
[clang] ignore `__attribute__((unused))` variable initialisations Summary: When a `VarDecl` has the attribute `unused` then do not assign its initialisation result to the corresponding variable. Reviewed By: ngorogiannis Differential Revision: D13974497 fbshipit-source-id: 28029f995
6 years ago
void unused_tmp_bad() { int __tmp = 1; }
[deadstore] Do not report on __tmp Reviewed By: mbouaziz Differential Revision: D9482603 fbshipit-source-id: 303b74eb4
6 years ago
#define UNUSED(a) __typeof__(&a) __attribute__((unused)) __tmp = &a;
[clang] ignore `__attribute__((unused))` variable initialisations Summary: When a `VarDecl` has the attribute `unused` then do not assign its initialisation result to the corresponding variable. Reviewed By: ngorogiannis Differential Revision: D13974497 fbshipit-source-id: 28029f995
6 years ago
void unused_attribute_tmp_ok() {
[deadstore] Do not report on __tmp Reviewed By: mbouaziz Differential Revision: D9482603 fbshipit-source-id: 303b74eb4
6 years ago
int x;
UNUSED(x);
}
[clang] ignore `__attribute__((unused))` variable initialisations Summary: When a `VarDecl` has the attribute `unused` then do not assign its initialisation result to the corresponding variable. Reviewed By: ngorogiannis Differential Revision: D13974497 fbshipit-source-id: 28029f995
6 years ago
void unused_attribute_ok() { int __attribute__((unused)) x = 42; }
[SIL][preanalysis] add call flag for functions treating first formal as return Summary: This helps some checkers and the liveness preanalysis. Reviewed By: da319 Differential Revision: D13102954 fbshipit-source-id: b8d3c5fe2
6 years ago
struct ChainedCalls {
ChainedCalls chained(int i);
};
ChainedCalls chain_method_calls_ok() {
ChainedCalls x;
return x.chained(5).chained(6);
}
[dead store] Dead store false positive caused by forgetting expression inside decltype Summary: We do not want to export unnecessary information from clang plugin, hence, the solution to this false positive would be to annotate with `__unused__` attribute. Reviewed By: jvillard Differential Revision: D13861333 fbshipit-source-id: 774009f37
6 years ago
struct A {
int f : 4;
};
[models] get rid of include-based C++ models Summary: These have proved to be too fragile to maintain as they would often break compilation of user code. They have been off by default for more than a year now (D7350715). Removing the include models shows a more accurate picture of what infer results look like in production. As such, lots of tests have changed, mostly biabduction but also in inferbo. SIOF was using include-based models too but now libc++ is better and iostreams are implemented in a way that SIOF understands (instead of being magical creatures) so nothing changed there. Reviewed By: skcho Differential Revision: D16602171 fbshipit-source-id: ce38f045b
5 years ago
int decltype_read_ok(int x) {
A a;
[dead store] Dead store false positive caused by forgetting expression inside decltype Summary: We do not want to export unnecessary information from clang plugin, hence, the solution to this false positive would be to annotate with `__unused__` attribute. Reviewed By: jvillard Differential Revision: D13861333 fbshipit-source-id: 774009f37
6 years ago
decltype(a.f) i;
return x + i;
}
[liveness] blacklist of dangerous classes Summary: Add an option to specify some classes that we really want to warn about with the liveness checker, even when they appear used because of the implicit destructor call inserted by the compiler. Reviewed By: mbouaziz Differential Revision: D13991129 fbshipit-source-id: 7fafdba84
6 years ago
// destructor blacklisted for liveness in .inferconfig
struct BlacklistedStruct {
~BlacklistedStruct(){};
BlacklistedStruct cloneAsValue() const { return BlacklistedStruct(); }
std::unique_ptr<BlacklistedStruct> clone() const {
return std::make_unique<BlacklistedStruct>(cloneAsValue());
}
};
void unused_blacklisted_constructed_bad() { auto x = BlacklistedStruct(); }
void unused_blacklisted_clone_bad(BlacklistedStruct* something) {
auto x = something->clone();
}
void unused_blacklisted_unique_ptr_bad(BlacklistedStruct* something) {
auto x = std::make_unique<BlacklistedStruct>(*something);
}
void unused_unique_ptr_good(A* something) {
auto x = std::make_unique<A>(*something);
}
[clang] fix bad interaction between ConditionalOperator and initializers Summary: This is several inter-connected changes together to keep the tests happy. The ConditionalOperator `b?t:e` is translated by first creating a placeholder variable to temporarily store the result of the evaluation in each branch, then the real thing we want to assign to reads that variable. But, there are situations where that changes the semantics of the expression, namely when the value created is a struct on the stack (eg, a C++ temporary). This is because in SIL we cannot assign the *address* of a program variable, only its contents, so by the time we're out of the conditional operator we cannot set the struct value correctly anymore: we can only set its content, which we did, but that results in a "shifted" struct value that is one dereference away from where it should be. So a batch of changes concern `conditionalOperator_trans`: - instead of systematically creating a temporary for the conditional, use the `trans_state.var_exp_typ` provided from above if available when translating `ConditionalOperator` - don't even set anything if that variable was already initialized by merely translating the branch expression, eg when it's a constructor - fix long-standing TODO to propagate these initialization facts accurately for ConditionalOperator (used by `init_expr_trans` to also figure out if it should insert a store to the variable being initialised or not) The rest of the changes adapt some relevant other constructs to deal with conditionalOperator properly now that it can set the current variable itself, instead of storing stuff inside a temp variable. This change was a problem because some constructs, eg a variable declaration, will insert nodes that set up the variable before calling its initialization, and now the initialization happens *before* that setup, in the translation of the inner conditional operator, which naturally creates nodes above the current one. - add a generic helper to force a sequential order between two translation results, forcing node creation if necessary - use that in `init_expr_trans` and `cxxNewExpr_trans` - adjust many places where `var_exp_typ` was incorrectly not reset when translating sub-expressions The sequentiality business creates more nodes when used, and the conditionalOperator business uses fewer temporary variables, so the frontend results change quite a bit. Note that biabduction tests were invaluable in debugging this. There could be other constructs to adjust similarly to cxxNewExpr that were not covered by the tests though. Added tests in pulse that exercises the previous bug. Reviewed By: da319 Differential Revision: D24796282 fbshipit-source-id: 0790c8d17
4 years ago
struct X {
operator bool() { return true; }
};
X getX() {
X x;
return x;
}
void binaryConditional_bad() {
int i = 42;
X a;
X x = getX() ?: a;
int j = 42;
}
[clang] force node creation in switch statements Summary: The translation of `switch` cases needs to insert nodes around the translation of each `case` sub-statement, so we need to force node creation in these sub-statements so the nodes around it can be connected to the translation of the sub-statements. Also added more logging I found useful when debugging that. Reviewed By: da319 Differential Revision: D24991455 fbshipit-source-id: d3a622142
4 years ago
X getXFromInt(int x);
void switch_with_temporary_ok() {
int x = 44;
switch (42) {
case 0:
getXFromInt(x);
};
}
Change license to MIT Summary: Change the license of the source code from BSD + PATENTS to MIT. Change `checkCopyright` to reflect the new license and learn some new file types. Generated with: ``` git grep BSD | xargs -n 1 ./scripts/checkCopyright -i ``` Reviewed By: jeremydubreil, mbouaziz, jberdine Differential Revision: D8071249 fbshipit-source-id: 97ca23a
7 years ago
} // namespace dead_stores