From 16054a45101e4d370d0648f5cbe1d3b51b9acbc8 Mon Sep 17 00:00:00 2001 From: Jules Villard Date: Wed, 19 May 2021 08:56:20 -0700 Subject: [PATCH] [pulse] interproc memleak trace test Summary: Showcase the trace duplication, fixed in a further diff. Reviewed By: ezgicicek Differential Revision: D28536889 fbshipit-source-id: f23636368 --- .../codetoanalyze/c/pulse/interprocedural.c | 25 +++++++++++++++++++ infer/tests/codetoanalyze/c/pulse/issues.exp | 1 + .../codetoanalyze/c/pulse/issues.exp-isl | 1 + 3 files changed, 27 insertions(+) diff --git a/infer/tests/codetoanalyze/c/pulse/interprocedural.c b/infer/tests/codetoanalyze/c/pulse/interprocedural.c index 17358f465..6e813ab98 100644 --- a/infer/tests/codetoanalyze/c/pulse/interprocedural.c +++ b/infer/tests/codetoanalyze/c/pulse/interprocedural.c @@ -77,3 +77,28 @@ int* follow_value_by_ret_bad() { int* z = return_first(y, 12, &dummy2); *z = 42; } + +int* malloc_wrapper_1() { + int* x; + x = (int*)malloc(sizeof(int)); + return x; +} + +int* malloc_wrapper_2(int b) { + if (b) { + return malloc_wrapper_1(); + } +} + +void free_wrapper(int* p, int b) { + if (b) { + free(p); + } +} + +void trace_correctly_through_wrappers_bad() { + int* x = malloc_wrapper_2(1); + // TODO: ideally we would trace that we didn't go into the free() branch of + // the wrapper explicitly here to help understand the bug report + free_wrapper_(x, 0); +} diff --git a/infer/tests/codetoanalyze/c/pulse/issues.exp b/infer/tests/codetoanalyze/c/pulse/issues.exp index 6ec9e7854..b08298a7f 100644 --- a/infer/tests/codetoanalyze/c/pulse/issues.exp +++ b/infer/tests/codetoanalyze/c/pulse/issues.exp @@ -8,6 +8,7 @@ codetoanalyze/c/pulse/interprocedural.c, if_freed_invalid_latent, 3, USE_AFTER_F codetoanalyze/c/pulse/interprocedural.c, latent, 3, NULLPTR_DEREFERENCE, no_bucket, ERROR, [*** LATENT ***,is the null pointer,assigned,invalid access occurs here] codetoanalyze/c/pulse/interprocedural.c, make_latent_manifest, 0, NULLPTR_DEREFERENCE, no_bucket, ERROR, [calling context starts here,in call to `propagate_latent_3_latent`,in call to `propagate_latent_2_latent`,in call to `propagate_latent_1_latent`,in call to `latent`,null pointer dereference part of the trace starts here,is the null pointer,assigned,invalid access occurs here] codetoanalyze/c/pulse/interprocedural.c, test_modified_value_then_error_bad, 4, NULLPTR_DEREFERENCE, no_bucket, ERROR, [is the null pointer,assigned,invalid access occurs here] +codetoanalyze/c/pulse/interprocedural.c, trace_correctly_through_wrappers_bad, 5, MEMORY_LEAK, no_bucket, ERROR, [allocation part of the trace starts here,in call to `malloc_wrapper_2`,in call to `malloc_wrapper_1`,allocated by call to `malloc` (modelled),assigned,returned,return from call to `malloc_wrapper_1`,returned,return from call to `malloc_wrapper_2`,when calling `malloc_wrapper_2` here,in call to `malloc_wrapper_1`,allocated by call to `malloc` (modelled),assigned,returned,return from call to `malloc_wrapper_1`,when calling `malloc_wrapper_1` here,allocated by call to `malloc` (modelled),allocation part of the trace ends here,memory becomes unreachable here] codetoanalyze/c/pulse/latent.c, FN_nonlatent_use_after_free_bad, 6, USE_AFTER_FREE, no_bucket, ERROR, [*** LATENT ***,invalidation part of the trace starts here,parameter `x` of FN_nonlatent_use_after_free_bad,was invalidated by call to `free()`,use-after-lifetime part of the trace starts here,parameter `x` of FN_nonlatent_use_after_free_bad,invalid access occurs here] codetoanalyze/c/pulse/latent.c, latent_use_after_free, 4, NULLPTR_DEREFERENCE, no_bucket, ERROR, [*** LATENT ***,source of the null value part of the trace starts here,is the null pointer,null pointer dereference part of the trace starts here,parameter `x` of latent_use_after_free,invalid access occurs here] codetoanalyze/c/pulse/latent.c, latent_use_after_free, 4, USE_AFTER_FREE, no_bucket, ERROR, [*** LATENT ***,invalidation part of the trace starts here,parameter `x` of latent_use_after_free,was invalidated by call to `free()`,use-after-lifetime part of the trace starts here,parameter `x` of latent_use_after_free,invalid access occurs here] diff --git a/infer/tests/codetoanalyze/c/pulse/issues.exp-isl b/infer/tests/codetoanalyze/c/pulse/issues.exp-isl index b412165f2..c86bcd37e 100644 --- a/infer/tests/codetoanalyze/c/pulse/issues.exp-isl +++ b/infer/tests/codetoanalyze/c/pulse/issues.exp-isl @@ -8,6 +8,7 @@ codetoanalyze/c/pulse/interprocedural.c, if_freed_invalid_latent, 3, USE_AFTER_F codetoanalyze/c/pulse/interprocedural.c, latent, 3, NULLPTR_DEREFERENCE, no_bucket, ERROR, [*** LATENT ***,is the null pointer,assigned,invalid access occurs here] codetoanalyze/c/pulse/interprocedural.c, make_latent_manifest, 0, NULLPTR_DEREFERENCE, no_bucket, ERROR, [calling context starts here,in call to `propagate_latent_3_latent`,in call to `propagate_latent_2_latent`,in call to `propagate_latent_1_latent`,in call to `latent`,null pointer dereference part of the trace starts here,is the null pointer,assigned,invalid access occurs here] codetoanalyze/c/pulse/interprocedural.c, test_modified_value_then_error_bad, 4, NULLPTR_DEREFERENCE, no_bucket, ERROR, [is the null pointer,assigned,invalid access occurs here] +codetoanalyze/c/pulse/interprocedural.c, trace_correctly_through_wrappers_bad, 5, MEMORY_LEAK, no_bucket, ERROR, [allocation part of the trace starts here,in call to `malloc_wrapper_2`,in call to `malloc_wrapper_1`,allocated by call to `malloc` (modelled),assigned,returned,return from call to `malloc_wrapper_1`,returned,return from call to `malloc_wrapper_2`,when calling `malloc_wrapper_2` here,in call to `malloc_wrapper_1`,allocated by call to `malloc` (modelled),assigned,returned,return from call to `malloc_wrapper_1`,when calling `malloc_wrapper_1` here,allocated by call to `malloc` (modelled),allocation part of the trace ends here,memory becomes unreachable here] codetoanalyze/c/pulse/latent.c, FN_nonlatent_use_after_free_bad, 6, USE_AFTER_FREE, no_bucket, ERROR, [*** LATENT ***,invalidation part of the trace starts here,was invalidated by call to `free()`,use-after-lifetime part of the trace starts here,invalid access occurs here] codetoanalyze/c/pulse/latent.c, latent_use_after_free, 4, NULLPTR_DEREFERENCE, no_bucket, ERROR, [*** LATENT ***,source of the null value part of the trace starts here,is the null pointer,null pointer dereference part of the trace starts here,invalid access occurs here] codetoanalyze/c/pulse/latent.c, latent_use_after_free, 4, USE_AFTER_FREE, no_bucket, ERROR, [*** LATENT ***,invalidation part of the trace starts here,was invalidated by call to `free()`,use-after-lifetime part of the trace starts here,invalid access occurs here]