[inferbo] Add model of vector resize

Reviewed By: ezgicicek

Differential Revision: D19942412

fbshipit-source-id: 0e3d6816e
master
Sungkeun Cho 5 years ago committed by Facebook Github Bot
parent ace23a1670
commit 175af05b8b

@ -671,6 +671,15 @@ module StdVector = struct
ArrObjCommon.size_exec vec_exp ~fn:(BufferOverrunField.cpp_vector_elem ~vec_typ ~elt_typ)
in
{exec; check= no_check}
let resize elt_typ vec_arg size_exp =
let exec ({integer_type_widths} as model_env) ~ret:_ mem =
let arr_locs = deref_of model_env elt_typ vec_arg mem in
let new_size = Sem.eval integer_type_widths size_exp mem in
set_size model_env arr_locs new_size mem
in
{exec; check= no_check}
end
module Split = struct
@ -1416,6 +1425,8 @@ module Call = struct
$--> StdVector.push_back
; -"std" &:: "vector" < any_typ &+ any_typ >:: "reserve" $ any_arg $+ any_arg $--> no_model
; -"std" &:: "vector" < capt_typ &+ any_typ >:: "size" $ capt_arg $--> StdVector.size
; -"std" &:: "vector" < capt_typ &+ any_typ >:: "resize" $ capt_arg $+ capt_exp
$--> StdVector.resize
; -"std" &:: "shared_ptr" &:: "operator->" $ capt_exp $--> id
; -"std" &:: "__shared_ptr_access" &:: "operator->" $ capt_exp $--> id
; +PatternMatch.implements_collection

@ -124,6 +124,7 @@ codetoanalyze/cpp/bufferoverrun/vector.cpp, precise_subst_Bad, 3, BUFFER_OVERRUN
codetoanalyze/cpp/bufferoverrun/vector.cpp, precise_subst_Good_FP, 3, BUFFER_OVERRUN_L3, no_bucket, ERROR, [Array declaration,Call,Parameter `*init`,Assignment,Call,Parameter `*__param_0->a`,Assignment,Call,<Length trace>,Parameter `count`,Call,Parameter `idx`,Assignment,Array access: Offset: [-1, 0] Size: 10 by call to `access_minus_one` ]
codetoanalyze/cpp/bufferoverrun/vector.cpp, push_back_Bad, 3, BUFFER_OVERRUN_L1, no_bucket, ERROR, [<Length trace>,Array declaration,Array access: Offset: 1 Size: 1]
codetoanalyze/cpp/bufferoverrun/vector.cpp, reserve_Bad, 3, BUFFER_OVERRUN_L1, no_bucket, ERROR, [<Length trace>,Array declaration,Assignment,Array access: Offset: 0 Size: 0]
codetoanalyze/cpp/bufferoverrun/vector.cpp, resize_Bad, 3, BUFFER_OVERRUN_L1, no_bucket, ERROR, [<Length trace>,Array declaration,Array access: Offset: 1 Size: 1]
codetoanalyze/cpp/bufferoverrun/vector.cpp, safe_access3_Good, 2, CONDITION_ALWAYS_FALSE, no_bucket, WARNING, [Here]
codetoanalyze/cpp/bufferoverrun/vector.cpp, simple_size_Bad, 2, BUFFER_OVERRUN_L1, no_bucket, ERROR, [<Offset trace>,Array declaration,Assignment,<Length trace>,Array declaration,Assignment,Array access: Offset: 3 Size: 3]
codetoanalyze/cpp/bufferoverrun/void_ptr.cpp, FP_call_casting_void_ptr_Ok, 2, BUFFER_OVERRUN_L5, no_bucket, ERROR, [Array declaration,Call,<Length trace>,Parameter `*p`,Assignment,Array access: Offset: 14 Size: 2 by call to `casting_void_ptr` ]

@ -215,3 +215,15 @@ void precise_subst_Bad() {
CharVector v(a);
access_minus_one(0, v);
}
void resize_Good() {
std::vector<int> v;
v.resize(1);
v[0] = 0;
}
void resize_Bad() {
std::vector<int> v;
v.resize(1);
v[1] = 0;
}

Loading…
Cancel
Save