[infer][java] Dynamic dispatch: fix wrong level of indirection on pointers when specialzing methods

Summary: This fixes a wrong level of indirection when performing the type substitution.

Reviewed By: sblackshear

Differential Revision: D4521008

fbshipit-source-id: 7324ea6
master
Jeremy Dubreil 8 years ago committed by Facebook Github Bot
parent fd8e135994
commit 13cdff1532

@ -362,7 +362,7 @@ let specialize_types_proc callee_pdesc resolved_pdesc substitutions => {
let convert_instr instrs =>
fun
| Sil.Load
id (Exp.Lvar origin_pvar as origin_exp) (Typ.Tptr (Typ.Tstruct origin_typename) _) loc => {
id (Exp.Lvar origin_pvar as origin_exp) (Typ.Tptr (Tstruct origin_typename) Pk_pointer) loc => {
let specialized_typname =
try (Mangled.Map.find (Pvar.get_name origin_pvar) substitutions) {
| Not_found => origin_typename
@ -370,9 +370,9 @@ let specialize_types_proc callee_pdesc resolved_pdesc substitutions => {
subst_map := Ident.IdentMap.add id specialized_typname !subst_map;
[Sil.Load id (convert_exp origin_exp) (mk_ptr_typ specialized_typname) loc, ...instrs]
}
| Sil.Load id (Exp.Var origin_id as origin_exp) origin_typ loc => {
| Sil.Load id (Exp.Var origin_id as origin_exp) (Typ.Tstruct _ as origin_typ) loc => {
let updated_typ =
try (mk_ptr_typ (Ident.IdentMap.find origin_id !subst_map)) {
try (Typ.Tstruct (Ident.IdentMap.find origin_id !subst_map)) {
| Not_found => origin_typ
};
[Sil.Load id (convert_exp origin_exp) updated_typ loc, ...instrs]

@ -106,7 +106,7 @@ codetoanalyze/java/infer/NullPointerExceptions.java, void NullPointerExceptions.
codetoanalyze/java/infer/NullPointerExceptions.java, void NullPointerExceptions.nullPointerExceptionFromFailingFileOutputStreamConstructor(), 7, NULL_DEREFERENCE, [start of procedure nullPointerExceptionFromFailingFileOutputStreamConstructor(),exception java.io.FileNotFoundException,Switch condition is true. Entering switch case]
codetoanalyze/java/infer/NullPointerExceptions.java, void NullPointerExceptions.nullPointerExceptionFromFaillingResourceConstructor(), 6, NULL_DEREFERENCE, [start of procedure nullPointerExceptionFromFaillingResourceConstructor(),exception java.io.FileNotFoundException,Switch condition is true. Entering switch case]
codetoanalyze/java/infer/NullPointerExceptions.java, void NullPointerExceptions.nullPointerExceptionInArrayLengthLoop(java.lang.Object[]), 3, NULL_DEREFERENCE, [start of procedure nullPointerExceptionInArrayLengthLoop(...),Taking true branch]
codetoanalyze/java/infer/NullPointerExceptions.java, void NullPointerExceptions.nullPointerExceptionUnlessFrameFails(), 4, NULL_DEREFERENCE, [start of procedure nullPointerExceptionUnlessFrameFails(),start of procedure NullPointerExceptions$A(...),return from a call to NullPointerExceptions$A.<init>(NullPointerExceptions),Taking true branch]
codetoanalyze/java/infer/NullPointerExceptions.java, void NullPointerExceptions.nullPointerExceptionUnlessFrameFails(), 4, NULL_DEREFERENCE, [start of procedure nullPointerExceptionUnlessFrameFails(),start of procedure NullPointerExceptions$A(...),return from a call to NullPointerExceptions$A.<init>(NullPointerExceptions),start of procedure frame(...),start of procedure id_generics(...),return from a call to Object NullPointerExceptions.id_generics(NullPointerExceptions$A),return from a call to NullPointerExceptions$A NullPointerExceptions.frame(NullPointerExceptions$A),Taking true branch]
codetoanalyze/java/infer/NullPointerExceptions.java, void NullPointerExceptions.nullPointerExceptionWithNullArrayParameter(), 1, NULL_DEREFERENCE, [start of procedure nullPointerExceptionWithNullArrayParameter(),start of procedure expectNotNullArrayParameter(...)]
codetoanalyze/java/infer/NullPointerExceptions.java, void NullPointerExceptions.nullPointerExceptionWithNullObjectParameter(), 1, NULL_DEREFERENCE, [start of procedure nullPointerExceptionWithNullObjectParameter(),start of procedure expectNotNullObjectParameter(...)]
codetoanalyze/java/infer/NullPointerExceptions.java, void NullPointerExceptions.nullableFieldNPE(), 1, NULL_DEREFERENCE, [start of procedure nullableFieldNPE()]
@ -169,6 +169,7 @@ codetoanalyze/java/infer/ResourceLeaks.java, void ResourceLeaks.twoResources(),
codetoanalyze/java/infer/ResourceLeaks.java, void ResourceLeaks.twoResourcesRandomAccessFile(), 10, RESOURCE_LEAK, [start of procedure twoResourcesRandomAccessFile(),Taking true branch,exception java.io.IOException]
codetoanalyze/java/infer/ResourceLeaks.java, void ResourceLeaks.twoResourcesServerSocket(), 10, RESOURCE_LEAK, [start of procedure twoResourcesServerSocket(),Taking true branch,exception java.io.IOException]
codetoanalyze/java/infer/ResourceLeaks.java, void ResourceLeaks.zipFileLeakExceptionalBranch(), 5, RESOURCE_LEAK, [start of procedure zipFileLeakExceptionalBranch(),exception java.io.IOException,Switch condition is true. Entering switch case]
codetoanalyze/java/infer/TaintExample.java, InputStream TaintExample.socketIgnoreExceptionNoVerify(SSLSocketFactory), 9, TAINTED_VALUE_REACHING_SENSITIVE_FUNCTION, [start of procedure socketIgnoreExceptionNoVerify(...),start of procedure throwExceptionIfNoVerify(...),Taking true branch,exception javax.net.ssl.SSLException,return from a call to void TaintExample.throwExceptionIfNoVerify(SSLSocket,String),Switch condition is true. Entering switch case]
codetoanalyze/java/infer/TaintExample.java, InputStream TaintExample.socketNotVerifiedSimple(SSLSocketFactory), 3, TAINTED_VALUE_REACHING_SENSITIVE_FUNCTION, [start of procedure socketNotVerifiedSimple(...)]
codetoanalyze/java/infer/TaintExample.java, InputStream TaintExample.socketVerifiedForgotToCheckRetval(SSLSocketFactory,HostnameVerifier,SSLSession), 7, TAINTED_VALUE_REACHING_SENSITIVE_FUNCTION, [start of procedure socketVerifiedForgotToCheckRetval(...)]
codetoanalyze/java/infer/TaintExample.java, InputStream TaintExample.taintingShouldNotPreventInference1(SSLSocketFactory), 4, TAINTED_VALUE_REACHING_SENSITIVE_FUNCTION, [start of procedure taintingShouldNotPreventInference1(...),start of procedure socketNotVerifiedSimple(...),return from a call to InputStream TaintExample.socketNotVerifiedSimple(SSLSocketFactory)]

@ -106,7 +106,7 @@ infer/tests/codetoanalyze/java/infer/NullPointerExceptions.java, void NullPointe
infer/tests/codetoanalyze/java/infer/NullPointerExceptions.java, void NullPointerExceptions.nullPointerExceptionFromFailingFileOutputStreamConstructor(), 7, NULL_DEREFERENCE, [start of procedure nullPointerExceptionFromFailingFileOutputStreamConstructor(),exception java.io.FileNotFoundException,Switch condition is true. Entering switch case]
infer/tests/codetoanalyze/java/infer/NullPointerExceptions.java, void NullPointerExceptions.nullPointerExceptionFromFaillingResourceConstructor(), 6, NULL_DEREFERENCE, [start of procedure nullPointerExceptionFromFaillingResourceConstructor(),exception java.io.FileNotFoundException,Switch condition is true. Entering switch case]
infer/tests/codetoanalyze/java/infer/NullPointerExceptions.java, void NullPointerExceptions.nullPointerExceptionInArrayLengthLoop(java.lang.Object[]), 3, NULL_DEREFERENCE, [start of procedure nullPointerExceptionInArrayLengthLoop(...),Taking true branch]
infer/tests/codetoanalyze/java/infer/NullPointerExceptions.java, void NullPointerExceptions.nullPointerExceptionUnlessFrameFails(), 4, NULL_DEREFERENCE, [start of procedure nullPointerExceptionUnlessFrameFails(),start of procedure NullPointerExceptions$A(...),return from a call to NullPointerExceptions$A.<init>(NullPointerExceptions),Taking true branch]
infer/tests/codetoanalyze/java/infer/NullPointerExceptions.java, void NullPointerExceptions.nullPointerExceptionUnlessFrameFails(), 4, NULL_DEREFERENCE, [start of procedure nullPointerExceptionUnlessFrameFails(),start of procedure NullPointerExceptions$A(...),return from a call to NullPointerExceptions$A.<init>(NullPointerExceptions),start of procedure frame(...),start of procedure id_generics(...),return from a call to Object NullPointerExceptions.id_generics(NullPointerExceptions$A),return from a call to NullPointerExceptions$A NullPointerExceptions.frame(NullPointerExceptions$A),Taking true branch]
infer/tests/codetoanalyze/java/infer/NullPointerExceptions.java, void NullPointerExceptions.nullPointerExceptionWithNullArrayParameter(), 1, NULL_DEREFERENCE, [start of procedure nullPointerExceptionWithNullArrayParameter(),start of procedure expectNotNullArrayParameter(...)]
infer/tests/codetoanalyze/java/infer/NullPointerExceptions.java, void NullPointerExceptions.nullPointerExceptionWithNullObjectParameter(), 1, NULL_DEREFERENCE, [start of procedure nullPointerExceptionWithNullObjectParameter(),start of procedure expectNotNullObjectParameter(...)]
infer/tests/codetoanalyze/java/infer/NullPointerExceptions.java, void NullPointerExceptions.nullableFieldNPE(), 1, NULL_DEREFERENCE, [start of procedure nullableFieldNPE()]
@ -169,6 +169,7 @@ infer/tests/codetoanalyze/java/infer/ResourceLeaks.java, void ResourceLeaks.twoR
infer/tests/codetoanalyze/java/infer/ResourceLeaks.java, void ResourceLeaks.twoResourcesRandomAccessFile(), 10, RESOURCE_LEAK, [start of procedure twoResourcesRandomAccessFile(),Taking true branch,exception java.io.IOException]
infer/tests/codetoanalyze/java/infer/ResourceLeaks.java, void ResourceLeaks.twoResourcesServerSocket(), 10, RESOURCE_LEAK, [start of procedure twoResourcesServerSocket(),Taking true branch,exception java.io.IOException]
infer/tests/codetoanalyze/java/infer/ResourceLeaks.java, void ResourceLeaks.zipFileLeakExceptionalBranch(), 5, RESOURCE_LEAK, [start of procedure zipFileLeakExceptionalBranch(),exception java.io.IOException,Switch condition is true. Entering switch case]
infer/tests/codetoanalyze/java/infer/TaintExample.java, InputStream TaintExample.socketIgnoreExceptionNoVerify(SSLSocketFactory), 9, TAINTED_VALUE_REACHING_SENSITIVE_FUNCTION, [start of procedure socketIgnoreExceptionNoVerify(...),start of procedure throwExceptionIfNoVerify(...),Taking true branch,exception javax.net.ssl.SSLException,return from a call to void TaintExample.throwExceptionIfNoVerify(SSLSocket,String),Switch condition is true. Entering switch case]
infer/tests/codetoanalyze/java/infer/TaintExample.java, InputStream TaintExample.socketNotVerifiedSimple(SSLSocketFactory), 3, TAINTED_VALUE_REACHING_SENSITIVE_FUNCTION, [start of procedure socketNotVerifiedSimple(...)]
infer/tests/codetoanalyze/java/infer/TaintExample.java, InputStream TaintExample.socketVerifiedForgotToCheckRetval(SSLSocketFactory,HostnameVerifier,SSLSession), 7, TAINTED_VALUE_REACHING_SENSITIVE_FUNCTION, [start of procedure socketVerifiedForgotToCheckRetval(...)]
infer/tests/codetoanalyze/java/infer/TaintExample.java, InputStream TaintExample.taintingShouldNotPreventInference1(SSLSocketFactory), 4, TAINTED_VALUE_REACHING_SENSITIVE_FUNCTION, [start of procedure taintingShouldNotPreventInference1(...),start of procedure socketNotVerifiedSimple(...),return from a call to InputStream TaintExample.socketNotVerifiedSimple(SSLSocketFactory)]

@ -184,7 +184,7 @@ codetoanalyze/java/infer/NullPointerExceptions.java, void NullPointerExceptions.
codetoanalyze/java/infer/NullPointerExceptions.java, void NullPointerExceptions.nullPointerExceptionFromFailingFileOutputStreamConstructor(), 7, NULL_DEREFERENCE, [start of procedure nullPointerExceptionFromFailingFileOutputStreamConstructor(),exception java.io.FileNotFoundException,Switch condition is true. Entering switch case]
codetoanalyze/java/infer/NullPointerExceptions.java, void NullPointerExceptions.nullPointerExceptionFromFaillingResourceConstructor(), 6, NULL_DEREFERENCE, [start of procedure nullPointerExceptionFromFaillingResourceConstructor(),exception java.io.FileNotFoundException,Switch condition is true. Entering switch case]
codetoanalyze/java/infer/NullPointerExceptions.java, void NullPointerExceptions.nullPointerExceptionInArrayLengthLoop(java.lang.Object[]), 3, NULL_DEREFERENCE, [start of procedure nullPointerExceptionInArrayLengthLoop(...),Taking true branch]
codetoanalyze/java/infer/NullPointerExceptions.java, void NullPointerExceptions.nullPointerExceptionUnlessFrameFails(), 4, NULL_DEREFERENCE, [start of procedure nullPointerExceptionUnlessFrameFails(),start of procedure NullPointerExceptions$A(...),return from a call to NullPointerExceptions$A.<init>(NullPointerExceptions),Taking true branch]
codetoanalyze/java/infer/NullPointerExceptions.java, void NullPointerExceptions.nullPointerExceptionUnlessFrameFails(), 4, NULL_DEREFERENCE, [start of procedure nullPointerExceptionUnlessFrameFails(),start of procedure NullPointerExceptions$A(...),return from a call to NullPointerExceptions$A.<init>(NullPointerExceptions),start of procedure frame(...),start of procedure id_generics(...),return from a call to Object NullPointerExceptions.id_generics(NullPointerExceptions$A),return from a call to NullPointerExceptions$A NullPointerExceptions.frame(NullPointerExceptions$A),Taking true branch]
codetoanalyze/java/infer/NullPointerExceptions.java, void NullPointerExceptions.nullPointerExceptionWithNullArrayParameter(), 1, NULL_DEREFERENCE, [start of procedure nullPointerExceptionWithNullArrayParameter(),start of procedure expectNotNullArrayParameter(...)]
codetoanalyze/java/infer/NullPointerExceptions.java, void NullPointerExceptions.nullPointerExceptionWithNullObjectParameter(), 1, NULL_DEREFERENCE, [start of procedure nullPointerExceptionWithNullObjectParameter(),start of procedure expectNotNullObjectParameter(...)]
codetoanalyze/java/infer/NullPointerExceptions.java, void NullPointerExceptions.nullableFieldNPE(), 1, NULL_DEREFERENCE, [start of procedure nullableFieldNPE()]
@ -231,7 +231,6 @@ codetoanalyze/java/infer/ResourceLeaks.java, int ResourceLeaks.fileOutputStreamT
codetoanalyze/java/infer/ResourceLeaks.java, int ResourceLeaks.readConfigNotCloseStream(String), 5, RESOURCE_LEAK, [start of procedure readConfigNotCloseStream(...)]
codetoanalyze/java/infer/ResourceLeaks.java, void ResourceLeaks.NoResourceLeakWarningAfterCheckState(File,int), 2, PRECONDITION_NOT_MET, [start of procedure NoResourceLeakWarningAfterCheckState(...),Taking false branch]
codetoanalyze/java/infer/ResourceLeaks.java, void ResourceLeaks.activityObtainTypedArrayAndLeak(Activity), 2, RESOURCE_LEAK, [start of procedure activityObtainTypedArrayAndLeak(...),start of procedure ignore(...),return from a call to void ResourceLeaks.ignore(Object)]
codetoanalyze/java/infer/ResourceLeaks.java, void ResourceLeaks.closeWithCloseablesNestedAlloc(), 5, PRECONDITION_NOT_MET, [start of procedure closeWithCloseablesNestedAlloc()]
codetoanalyze/java/infer/ResourceLeaks.java, void ResourceLeaks.closedQuietlyWithCloseables(), 3, RETURN_VALUE_IGNORED, [start of procedure closedQuietlyWithCloseables()]
codetoanalyze/java/infer/ResourceLeaks.java, void ResourceLeaks.closedWithCloseables(), 3, RETURN_VALUE_IGNORED, [start of procedure closedWithCloseables()]
codetoanalyze/java/infer/ResourceLeaks.java, void ResourceLeaks.contextObtainTypedArrayAndLeak(Context), 2, RESOURCE_LEAK, [start of procedure contextObtainTypedArrayAndLeak(...),start of procedure ignore(...),return from a call to void ResourceLeaks.ignore(Object)]
@ -288,11 +287,10 @@ codetoanalyze/java/infer/ResourceLeaks.java, void ResourceLeaks.twoResourcesServ
codetoanalyze/java/infer/ResourceLeaks.java, void ResourceLeaks.twoResourcesServerSocket(), 10, RESOURCE_LEAK, [start of procedure twoResourcesServerSocket(),Taking true branch,exception java.io.IOException]
codetoanalyze/java/infer/ResourceLeaks.java, void ResourceLeaks.zipFileLeakExceptionalBranch(), 5, RESOURCE_LEAK, [start of procedure zipFileLeakExceptionalBranch(),exception java.io.IOException,Switch condition is true. Entering switch case]
codetoanalyze/java/infer/ReturnValueIgnored.java, void ReturnValueIgnored.returnValueIgnored(), 1, RETURN_VALUE_IGNORED, [start of procedure returnValueIgnored()]
codetoanalyze/java/infer/TaintExample.java, InputStream TaintExample.socketIgnoreExceptionNoVerify(SSLSocketFactory), 3, CLASS_CAST_EXCEPTION, [start of procedure socketIgnoreExceptionNoVerify(...)]
codetoanalyze/java/infer/TaintExample.java, InputStream TaintExample.socketIgnoreExceptionNoVerify(SSLSocketFactory), 9, TAINTED_VALUE_REACHING_SENSITIVE_FUNCTION, [start of procedure socketIgnoreExceptionNoVerify(...),start of procedure throwExceptionIfNoVerify(...),Taking true branch,exception javax.net.ssl.SSLException,return from a call to void TaintExample.throwExceptionIfNoVerify(SSLSocket,String),Switch condition is true. Entering switch case]
codetoanalyze/java/infer/TaintExample.java, InputStream TaintExample.socketNotVerifiedSimple(SSLSocketFactory), 3, TAINTED_VALUE_REACHING_SENSITIVE_FUNCTION, [start of procedure socketNotVerifiedSimple(...)]
codetoanalyze/java/infer/TaintExample.java, InputStream TaintExample.socketVerifiedForgotToCheckRetval(SSLSocketFactory,HostnameVerifier,SSLSession), 6, RETURN_VALUE_IGNORED, [start of procedure socketVerifiedForgotToCheckRetval(...)]
codetoanalyze/java/infer/TaintExample.java, InputStream TaintExample.socketVerifiedForgotToCheckRetval(SSLSocketFactory,HostnameVerifier,SSLSession), 7, TAINTED_VALUE_REACHING_SENSITIVE_FUNCTION, [start of procedure socketVerifiedForgotToCheckRetval(...)]
codetoanalyze/java/infer/TaintExample.java, InputStream TaintExample.socketVerifiedOk2(SSLSocketFactory), 1, CLASS_CAST_EXCEPTION, [start of procedure socketVerifiedOk2(...)]
codetoanalyze/java/infer/TaintExample.java, InputStream TaintExample.taintingShouldNotPreventInference1(SSLSocketFactory), 4, TAINTED_VALUE_REACHING_SENSITIVE_FUNCTION, [start of procedure taintingShouldNotPreventInference1(...),start of procedure socketNotVerifiedSimple(...),return from a call to InputStream TaintExample.socketNotVerifiedSimple(SSLSocketFactory)]
codetoanalyze/java/infer/TaintExample.java, InputStream TaintExample.taintingShouldNotPreventInference2(SSLSocketFactory), 3, TAINTED_VALUE_REACHING_SENSITIVE_FUNCTION, [start of procedure taintingShouldNotPreventInference2(...),start of procedure callReadInputStreamCauseTaintError(...),start of procedure readInputStream(...),return from a call to InputStream TaintExample.readInputStream(Socket),return from a call to Socket TaintExample.callReadInputStreamCauseTaintError(SSLSocketFactory)]
codetoanalyze/java/infer/TaintExample.java, Socket TaintExample.callReadInputStreamCauseTaintError(SSLSocketFactory), 3, TAINTED_VALUE_REACHING_SENSITIVE_FUNCTION, [start of procedure callReadInputStreamCauseTaintError(...)]

Loading…
Cancel
Save