infer_clone/infer/src/pulse/PulseAbductiveDomain.mli

(*
 * Copyright (c) Facebook, Inc. and its affiliates.
 *
 * This source code is licensed under the MIT license found in the
 * LICENSE file in the root directory of this source tree.
 *)
open! IStd
module AbstractAddress = PulseDomain.AbstractAddress
module Attributes = PulseDomain.Attributes

(* layer on top of {!PulseDomain} to propagate operations on the current state to the pre-condition
   when necessary

   The abstract type [t] is a pre/post pair in the style of biabduction.
*)

include AbstractDomain.NoJoin

val mk_initial : Procdesc.t -> t

(** stack operations like {!PulseDomain.Stack} but that also take care of propagating facts to the
    precondition *)
module Stack : sig
  val add : Var.t -> PulseDomain.Stack.value -> t -> t

  val remove_vars : Var.t list -> t -> t

  val fold : (Var.t -> PulseDomain.Stack.value -> 'a -> 'a) -> t -> 'a -> 'a

  val find_opt : Var.t -> t -> PulseDomain.Stack.value option

  val materialize : Var.t -> t -> t * PulseDomain.Stack.value
end

(** stack operations like {!PulseDomain.Heap} but that also take care of propagating facts to the
    precondition *)
module Memory : sig
  module Access = PulseDomain.Memory.Access
  module Edges = PulseDomain.Memory.Edges

  val add_attributes : AbstractAddress.t -> Attributes.t -> t -> t

  val add_edge : AbstractAddress.t -> Access.t -> PulseDomain.AddrTracePair.t -> t -> t

  val check_valid :
       HilExp.AccessExpression.t PulseDomain.InterprocAction.t
    -> AbstractAddress.t
    -> t
    -> (t, PulseDomain.Invalidation.t PulseDomain.Trace.t) result

  val find_opt : AbstractAddress.t -> t -> PulseDomain.Memory.cell option

  val set_cell : AbstractAddress.t -> PulseDomain.Memory.cell -> t -> t

  val invalidate :
       AbstractAddress.t * PulseDomain.ValueHistory.t
    -> PulseDomain.Invalidation.t PulseDomain.InterprocAction.t
    -> t
    -> t

  val is_std_vector_reserved : AbstractAddress.t -> t -> bool

  val std_vector_reserve : AbstractAddress.t -> t -> t

  val materialize_edge : AbstractAddress.t -> Access.t -> t -> t * PulseDomain.AddrTracePair.t
end

module PrePost : sig
  type domain_t = t

  type t = private domain_t

  val pp : Format.formatter -> t -> unit

  val of_post : domain_t -> t

  val apply :
       Typ.Procname.t
    -> Location.t
    -> t
    -> formals:Var.t list
    -> ret:AbstractAddress.t * PulseDomain.ValueHistory.t
    -> actuals:(AbstractAddress.t * HilExp.AccessExpression.t * PulseDomain.ValueHistory.t) option
               list
    -> domain_t
    -> (domain_t, PulseDiagnostic.t) result
end

val discard_unreachable : t -> t
(** garbage collect unreachable addresses in the state to make it smaller, just for convenience and
    keep its size down *)
[pulse][interproc 2/3] abductive domain Summary: For each operation on the domain, try to record what it requires of the precondition of the function. This is akin to what happens in the biabduction backend, hence the terminology used. Reviewed By: jberdine Differential Revision: D14387148 fbshipit-source-id: a61fe30c8 6 years ago			`(*`
[copyright] Remove years Reviewed By: jvillard Differential Revision: D15771884 fbshipit-source-id: e2997e3a3 6 years ago			`* Copyright (c) Facebook, Inc. and its affiliates.`
[pulse][interproc 2/3] abductive domain Summary: For each operation on the domain, try to record what it requires of the precondition of the function. This is akin to what happens in the biabduction backend, hence the terminology used. Reviewed By: jberdine Differential Revision: D14387148 fbshipit-source-id: a61fe30c8 6 years ago			`*`
			`* This source code is licensed under the MIT license found in the`
			`* LICENSE file in the root directory of this source tree.`
			`*)`
			`open! IStd`
			`module AbstractAddress = PulseDomain.AbstractAddress`
			`module Attributes = PulseDomain.Attributes`

			`(* layer on top of {!PulseDomain} to propagate operations on the current state to the pre-condition`
			`when necessary`

			`The abstract type [t] is a pre/post pair in the style of biabduction.`
			`*)`

			`include AbstractDomain.NoJoin`

[pulse] tighten up summaries Summary: Only throw values to the pre if they can be followed from "abducible" variables: formals of the current method and globals. Because figuring out if a `Pvar.t` is a formal of the current procedure is actually a giant pain, hack something not too bad instead: pre-register all formals at the start of the analysis of the procedure. Then the only other variables we care about in the precondition are globals, which we can detect easily. This is mostly an optimisation (summaries won't include irrelevant "abduced" facts about the procedure's local variables anymore), but it also fixes a bug where we would sometimes overwrite things in the pre. I think that's why the tests improved. Reviewed By: ngorogiannis Differential Revision: D14753493 fbshipit-source-id: 08e73637f 6 years ago			`val mk_initial : Procdesc.t -> t`
[pulse][interproc 2/3] abductive domain Summary: For each operation on the domain, try to record what it requires of the precondition of the function. This is akin to what happens in the biabduction backend, hence the terminology used. Reviewed By: jberdine Differential Revision: D14387148 fbshipit-source-id: a61fe30c8 6 years ago
			`(** stack operations like {!PulseDomain.Stack} but that also take care of propagating facts to the`
			`precondition *)`
			`module Stack : sig`
			`val add : Var.t -> PulseDomain.Stack.value -> t -> t`

			`val remove_vars : Var.t list -> t -> t`

			`val fold : (Var.t -> PulseDomain.Stack.value -> 'a -> 'a) -> t -> 'a -> 'a`

			`val find_opt : Var.t -> t -> PulseDomain.Stack.value option`

			`val materialize : Var.t -> t -> t * PulseDomain.Stack.value`
			`end`

			`(** stack operations like {!PulseDomain.Heap} but that also take care of propagating facts to the`
			`precondition *)`
			`module Memory : sig`
			`module Access = PulseDomain.Memory.Access`
			`module Edges = PulseDomain.Memory.Edges`

			`val add_attributes : AbstractAddress.t -> Attributes.t -> t -> t`

			`val add_edge : AbstractAddress.t -> Access.t -> PulseDomain.AddrTracePair.t -> t -> t`

			`val check_valid :`
[pulse] move [PulseTrace] inside [PulseDomain] Summary: Just moving code around. This is needed later to make some types in `PulseTrace` depend on a new that I'll have to define in `PulseDomain`. Also, this gives better names all around I think Reviewed By: mbouaziz Differential Revision: D15881281 fbshipit-source-id: e86c1472e 6 years ago			`HilExp.AccessExpression.t PulseDomain.InterprocAction.t`
[pulse][interproc 3/3] interproc call Summary: biggest_diff Reviewed By: jberdine Differential Revision: D14387150 fbshipit-source-id: 6d6ddeffc 6 years ago			`-> AbstractAddress.t`
			`-> t`
[pulse] move [PulseTrace] inside [PulseDomain] Summary: Just moving code around. This is needed later to make some types in `PulseTrace` depend on a new that I'll have to define in `PulseDomain`. Also, this gives better names all around I think Reviewed By: mbouaziz Differential Revision: D15881281 fbshipit-source-id: e86c1472e 6 years ago			`-> (t, PulseDomain.Invalidation.t PulseDomain.Trace.t) result`
[pulse][interproc 2/3] abductive domain Summary: For each operation on the domain, try to record what it requires of the precondition of the function. This is akin to what happens in the biabduction backend, hence the terminology used. Reviewed By: jberdine Differential Revision: D14387148 fbshipit-source-id: a61fe30c8 6 years ago
			`val find_opt : AbstractAddress.t -> t -> PulseDomain.Memory.cell option`

			`val set_cell : AbstractAddress.t -> PulseDomain.Memory.cell -> t -> t`

[pulse] traces record how values were constructed Summary: Before: the trace would explain how a value was invalidated and accessed, but not how the value that was invalidated had been constructed. Now: `PulseTrace.t` records breadcrumbs of how the value was constructed in addition to the interproc "action" trace leading to the invalidation or access action. Concretely: ``` void bad(X &x) { X y = x; X z = x; delete y; access(z); } ``` will produce the trace: Invalidation part: y = x delete y Access part: z = x access(z) access to z->f inside of access(z) Before this diff the "Access part" would be missing the "z = x" part of the trace, so it might be confusing why `z` has anything to do with `y`. However, such "breadcrumbs" are not recorded in the inter-procedural part, only the sequence of calls is. This is a trade-off for simplicity, maybe it's enough for developers maybe it isn't, we'll find out later. Reviewed By: jberdine Differential Revision: D15354438 fbshipit-source-id: 8d0aed717 6 years ago			`val invalidate :`
[pulse] move [PulseTrace] inside [PulseDomain] Summary: Just moving code around. This is needed later to make some types in `PulseTrace` depend on a new that I'll have to define in `PulseDomain`. Also, this gives better names all around I think Reviewed By: mbouaziz Differential Revision: D15881281 fbshipit-source-id: e86c1472e 6 years ago			`AbstractAddress.t * PulseDomain.ValueHistory.t`
			`-> PulseDomain.Invalidation.t PulseDomain.InterprocAction.t`
[pulse] move PulseInvalidation inside PulseDomain Summary: Just moving code around. This is needed later to make some types in `PulseInvalidation` depend on a new type that I'll have to define in `PulseDomain`. Reviewed By: mbouaziz Differential Revision: D15824962 fbshipit-source-id: 86cba2bfb 6 years ago			`-> t`
			`-> t`
[pulse][interproc 2/3] abductive domain Summary: For each operation on the domain, try to record what it requires of the precondition of the function. This is akin to what happens in the biabduction backend, hence the terminology used. Reviewed By: jberdine Differential Revision: D14387148 fbshipit-source-id: a61fe30c8 6 years ago
			`val is_std_vector_reserved : AbstractAddress.t -> t -> bool`

			`val std_vector_reserve : AbstractAddress.t -> t -> t`

			`val materialize_edge : AbstractAddress.t -> Access.t -> t -> t * PulseDomain.AddrTracePair.t`
			`end`

[pulse][interproc 3/3] interproc call Summary: biggest_diff Reviewed By: jberdine Differential Revision: D14387150 fbshipit-source-id: 6d6ddeffc 6 years ago			`module PrePost : sig`
			`type domain_t = t`

			`type t = private domain_t`

			`val pp : Format.formatter -> t -> unit`

			`val of_post : domain_t -> t`

			`val apply :`
			`Typ.Procname.t`
			`-> Location.t`
			`-> t`
			`-> formals:Var.t list`
[pulse] move [PulseTrace] inside [PulseDomain] Summary: Just moving code around. This is needed later to make some types in `PulseTrace` depend on a new that I'll have to define in `PulseDomain`. Also, this gives better names all around I think Reviewed By: mbouaziz Differential Revision: D15881281 fbshipit-source-id: e86c1472e 6 years ago			`-> ret:AbstractAddress.t * PulseDomain.ValueHistory.t`
			`-> actuals:(AbstractAddress.t * HilExp.AccessExpression.t * PulseDomain.ValueHistory.t) option`
			`list`
[pulse][interproc 3/3] interproc call Summary: biggest_diff Reviewed By: jberdine Differential Revision: D14387150 fbshipit-source-id: 6d6ddeffc 6 years ago			`-> domain_t`
			`-> (domain_t, PulseDiagnostic.t) result`
			`end`

[pulse][interproc 2/3] abductive domain Summary: For each operation on the domain, try to record what it requires of the precondition of the function. This is akin to what happens in the biabduction backend, hence the terminology used. Reviewed By: jberdine Differential Revision: D14387148 fbshipit-source-id: a61fe30c8 6 years ago			`val discard_unreachable : t -> t`
			`(** garbage collect unreachable addresses in the state to make it smaller, just for convenience and`
[pulse][interproc 3/3] interproc call Summary: biggest_diff Reviewed By: jberdine Differential Revision: D14387150 fbshipit-source-id: 6d6ddeffc 6 years ago			`keep its size down *)`