[pulse] interproc memleak trace test

Summary: Showcase the trace duplication, fixed in a further diff. Reviewed By: ezgicicek Differential Revision: D28536889 fbshipit-source-id: f23636368
4 years ago · 16054a4510
parent 8fcd79a0b7
commit 16054a4510
3 changed files with 27 additions and 0 deletions
--- a/infer/tests/codetoanalyze/c/pulse/interprocedural.c
+++ b/infer/tests/codetoanalyze/c/pulse/interprocedural.c
@ -77,3 +77,28 @@ int* follow_value_by_ret_bad() {
  int* z = return_first(y, 12, &dummy2);
  *z = 42;
 }
+
+int* malloc_wrapper_1() {
+  int* x;
+  x = (int*)malloc(sizeof(int));
+  return x;
+}
+
+int* malloc_wrapper_2(int b) {
+  if (b) {
+    return malloc_wrapper_1();
+  }
+}
+
+void free_wrapper(int* p, int b) {
+  if (b) {
+    free(p);
+  }
+}
+
+void trace_correctly_through_wrappers_bad() {
+  int* x = malloc_wrapper_2(1);
+  // TODO: ideally we would trace that we didn't go into the free() branch of
+  // the wrapper explicitly here to help understand the bug report
+  free_wrapper_(x, 0);
+}
--- a/infer/tests/codetoanalyze/c/pulse/issues.exp
+++ b/infer/tests/codetoanalyze/c/pulse/issues.exp
@ -8,6 +8,7 @@ codetoanalyze/c/pulse/interprocedural.c, if_freed_invalid_latent, 3, USE_AFTER_F
 codetoanalyze/c/pulse/interprocedural.c, latent, 3, NULLPTR_DEREFERENCE, no_bucket, ERROR, [*** LATENT ***,is the null pointer,assigned,invalid access occurs here]
 codetoanalyze/c/pulse/interprocedural.c, make_latent_manifest, 0, NULLPTR_DEREFERENCE, no_bucket, ERROR, [calling context starts here,in call to `propagate_latent_3_latent`,in call to `propagate_latent_2_latent`,in call to `propagate_latent_1_latent`,in call to `latent`,null pointer dereference part of the trace starts here,is the null pointer,assigned,invalid access occurs here]
 codetoanalyze/c/pulse/interprocedural.c, test_modified_value_then_error_bad, 4, NULLPTR_DEREFERENCE, no_bucket, ERROR, [is the null pointer,assigned,invalid access occurs here]
+codetoanalyze/c/pulse/interprocedural.c, trace_correctly_through_wrappers_bad, 5, MEMORY_LEAK, no_bucket, ERROR, [allocation part of the trace starts here,in call to `malloc_wrapper_2`,in call to `malloc_wrapper_1`,allocated by call to `malloc` (modelled),assigned,returned,return from call to `malloc_wrapper_1`,returned,return from call to `malloc_wrapper_2`,when calling `malloc_wrapper_2` here,in call to `malloc_wrapper_1`,allocated by call to `malloc` (modelled),assigned,returned,return from call to `malloc_wrapper_1`,when calling `malloc_wrapper_1` here,allocated by call to `malloc` (modelled),allocation part of the trace ends here,memory becomes unreachable here]
 codetoanalyze/c/pulse/latent.c, FN_nonlatent_use_after_free_bad, 6, USE_AFTER_FREE, no_bucket, ERROR, [*** LATENT ***,invalidation part of the trace starts here,parameter `x` of FN_nonlatent_use_after_free_bad,was invalidated by call to `free()`,use-after-lifetime part of the trace starts here,parameter `x` of FN_nonlatent_use_after_free_bad,invalid access occurs here]
 codetoanalyze/c/pulse/latent.c, latent_use_after_free, 4, NULLPTR_DEREFERENCE, no_bucket, ERROR, [*** LATENT ***,source of the null value part of the trace starts here,is the null pointer,null pointer dereference part of the trace starts here,parameter `x` of latent_use_after_free,invalid access occurs here]
 codetoanalyze/c/pulse/latent.c, latent_use_after_free, 4, USE_AFTER_FREE, no_bucket, ERROR, [*** LATENT ***,invalidation part of the trace starts here,parameter `x` of latent_use_after_free,was invalidated by call to `free()`,use-after-lifetime part of the trace starts here,parameter `x` of latent_use_after_free,invalid access occurs here]
--- a/infer/tests/codetoanalyze/c/pulse/issues.exp-isl
+++ b/infer/tests/codetoanalyze/c/pulse/issues.exp-isl
@ -8,6 +8,7 @@ codetoanalyze/c/pulse/interprocedural.c, if_freed_invalid_latent, 3, USE_AFTER_F
 codetoanalyze/c/pulse/interprocedural.c, latent, 3, NULLPTR_DEREFERENCE, no_bucket, ERROR, [*** LATENT ***,is the null pointer,assigned,invalid access occurs here]
 codetoanalyze/c/pulse/interprocedural.c, make_latent_manifest, 0, NULLPTR_DEREFERENCE, no_bucket, ERROR, [calling context starts here,in call to `propagate_latent_3_latent`,in call to `propagate_latent_2_latent`,in call to `propagate_latent_1_latent`,in call to `latent`,null pointer dereference part of the trace starts here,is the null pointer,assigned,invalid access occurs here]
 codetoanalyze/c/pulse/interprocedural.c, test_modified_value_then_error_bad, 4, NULLPTR_DEREFERENCE, no_bucket, ERROR, [is the null pointer,assigned,invalid access occurs here]
+codetoanalyze/c/pulse/interprocedural.c, trace_correctly_through_wrappers_bad, 5, MEMORY_LEAK, no_bucket, ERROR, [allocation part of the trace starts here,in call to `malloc_wrapper_2`,in call to `malloc_wrapper_1`,allocated by call to `malloc` (modelled),assigned,returned,return from call to `malloc_wrapper_1`,returned,return from call to `malloc_wrapper_2`,when calling `malloc_wrapper_2` here,in call to `malloc_wrapper_1`,allocated by call to `malloc` (modelled),assigned,returned,return from call to `malloc_wrapper_1`,when calling `malloc_wrapper_1` here,allocated by call to `malloc` (modelled),allocation part of the trace ends here,memory becomes unreachable here]
 codetoanalyze/c/pulse/latent.c, FN_nonlatent_use_after_free_bad, 6, USE_AFTER_FREE, no_bucket, ERROR, [*** LATENT ***,invalidation part of the trace starts here,was invalidated by call to `free()`,use-after-lifetime part of the trace starts here,invalid access occurs here]
 codetoanalyze/c/pulse/latent.c, latent_use_after_free, 4, NULLPTR_DEREFERENCE, no_bucket, ERROR, [*** LATENT ***,source of the null value part of the trace starts here,is the null pointer,null pointer dereference part of the trace starts here,invalid access occurs here]
 codetoanalyze/c/pulse/latent.c, latent_use_after_free, 4, USE_AFTER_FREE, no_bucket, ERROR, [*** LATENT ***,invalidation part of the trace starts here,was invalidated by call to `free()`,use-after-lifetime part of the trace starts here,invalid access occurs here]