From 21f66dd19708dca53a3280d90d3fb28e4a865272 Mon Sep 17 00:00:00 2001 From: Jules Villard Date: Mon, 17 Jun 2019 03:55:16 -0700 Subject: [PATCH] [pulse] do not model `operator=` as assignment Summary: In a next diff temporaries will get destructed at the end of their lifetimes and that naive model would be causing false positives. The flipside is that we lose all reports on closures for now, will need to model them separately later. Reviewed By: mbouaziz Differential Revision: D15695943 fbshipit-source-id: c2c482c02 --- infer/src/pulse/Pulse.ml | 7 +------ infer/tests/codetoanalyze/cpp/pulse/closures.cpp | 4 ++-- infer/tests/codetoanalyze/cpp/pulse/issues.exp | 2 -- 3 files changed, 3 insertions(+), 10 deletions(-) diff --git a/infer/src/pulse/Pulse.ml b/infer/src/pulse/Pulse.ml index 83a171bb5..a6f972cde 100644 --- a/infer/src/pulse/Pulse.ml +++ b/infer/src/pulse/Pulse.ml @@ -75,7 +75,7 @@ module PulseTransferFunctions = struct >>= PulseOperations.havoc [crumb] loc lhs_access - let exec_unknown_call summary _ret (call : HilInstr.call) (actuals : HilExp.t list) _flags + let exec_unknown_call _summary _ret (call : HilInstr.call) (actuals : HilExp.t list) _flags call_loc astate = let read_all args astate = PulseOperations.read_all call_loc (List.concat_map args ~f:HilExp.get_access_exprs) astate @@ -94,11 +94,6 @@ module PulseTransferFunctions = struct when Typ.Procname.ObjC_Cpp.is_operator_equal callee_pname -> ( L.d_printfln "operator= detected@." ; match actuals with - (* We want to assign *lhs to *rhs when rhs is materialized temporary created in constructor *) - | [AccessExpression lhs; HilExp.AccessExpression (AddressOf (Base rhs_base as rhs_exp))] - when Var.is_cpp_temporary (fst rhs_base) -> - let lhs_deref = HilExp.AccessExpression.dereference lhs in - exec_assign summary lhs_deref (HilExp.AccessExpression rhs_exp) call_loc astate (* copy assignment *) | [AccessExpression lhs; HilExp.AccessExpression rhs] -> let lhs_deref = HilExp.AccessExpression.dereference lhs in diff --git a/infer/tests/codetoanalyze/cpp/pulse/closures.cpp b/infer/tests/codetoanalyze/cpp/pulse/closures.cpp index 397b5cb53..dd9456178 100644 --- a/infer/tests/codetoanalyze/cpp/pulse/closures.cpp +++ b/infer/tests/codetoanalyze/cpp/pulse/closures.cpp @@ -13,7 +13,7 @@ struct S { ~S() {} }; -int ref_capture_destroy_invoke_bad() { +int FN_ref_capture_destroy_invoke_bad() { std::function f; { S s; @@ -22,7 +22,7 @@ int ref_capture_destroy_invoke_bad() { return f(); // s used here } -int implicit_ref_capture_destroy_invoke_bad() { +int FN_implicit_ref_capture_destroy_invoke_bad() { std::function f; { auto s = S(); diff --git a/infer/tests/codetoanalyze/cpp/pulse/issues.exp b/infer/tests/codetoanalyze/cpp/pulse/issues.exp index a6453dfae..5549dfa13 100644 --- a/infer/tests/codetoanalyze/cpp/pulse/issues.exp +++ b/infer/tests/codetoanalyze/cpp/pulse/issues.exp @@ -1,7 +1,5 @@ codetoanalyze/cpp/pulse/basics.cpp, multiple_invalidations_branch_bad, 6, USE_AFTER_DELETE, no_bucket, ERROR, [invalidation part of the trace starts here,memory was invalidated by `delete` on `ptr` here,use-after-lifetime part of the trace starts here,invalid access to `*ptr` here] codetoanalyze/cpp/pulse/basics.cpp, multiple_invalidations_loop_bad, 3, USE_AFTER_DELETE, no_bucket, ERROR, [invalidation part of the trace starts here,memory was invalidated by `delete` on `ptr` here,use-after-lifetime part of the trace starts here,invalid access to `ptr` here] -codetoanalyze/cpp/pulse/closures.cpp, implicit_ref_capture_destroy_invoke_bad, 6, USE_AFTER_LIFETIME, no_bucket, ERROR, [invalidation part of the trace starts here,memory is the address of a stack variable `s` whose lifetime has ended here,use-after-lifetime part of the trace starts here,`&s` captured as `s`,invalid access to `&f` here] -codetoanalyze/cpp/pulse/closures.cpp, ref_capture_destroy_invoke_bad, 6, USE_AFTER_LIFETIME, no_bucket, ERROR, [invalidation part of the trace starts here,memory is the address of a stack variable `s` whose lifetime has ended here,use-after-lifetime part of the trace starts here,`&s` captured as `s`,invalid access to `&f` here] codetoanalyze/cpp/pulse/deduplication.cpp, deduplication::SomeTemplatedClass::lifetime_error_bad, 2, USE_AFTER_DELETE, no_bucket, ERROR, [invalidation part of the trace starts here,when calling `templated_wrapper_delete_ok` here,memory was invalidated by `delete` on `a` here,use-after-lifetime part of the trace starts here,when calling `templated_wrapper_access_ok` here,invalid access to `a->f` here] codetoanalyze/cpp/pulse/deduplication.cpp, deduplication::SomeTemplatedClass::lifetime_error_bad, 2, USE_AFTER_DELETE, no_bucket, ERROR, [invalidation part of the trace starts here,when calling `templated_wrapper_delete_ok` here,memory was invalidated by `delete` on `a` here,use-after-lifetime part of the trace starts here,when calling `templated_wrapper_access_ok` here,invalid access to `a->f` here] codetoanalyze/cpp/pulse/deduplication.cpp, deduplication::templated_function_bad<_Bool>, 3, USE_AFTER_DELETE, no_bucket, ERROR, [invalidation part of the trace starts here,when calling `deduplication::templated_delete_function` here,memory was invalidated by `delete` on `a` here,use-after-lifetime part of the trace starts here,assigned to `a`,when calling `deduplication::templated_access_function` here,invalid access to `a->f` here]