pghs975uc
/
infer_clone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[pulse] do not model `operator=` as assignment

Browse Source 
Summary:
In a next diff temporaries will get destructed at the end of their
lifetimes and that naive model would be causing false positives.

The flipside is that we lose all reports on closures for now, will need
to model them separately later.

Reviewed By: mbouaziz

Differential Revision: D15695943

fbshipit-source-id: c2c482c02
master
Jules Villard 6 years ago committed by Facebook Github Bot
parent ab427fd3f3
commit 21f66dd197
3 changed files with 3 additions and 10 deletions
Show Stats Download Patch File Download Diff File

7
infer/src/pulse/Pulse.ml
Unescape View File

@ -75,7 +75,7 @@ module PulseTransferFunctions = struct
>>= PulseOperations.havoc [crumb] loc lhs_access >>= PulseOperations.havoc [crumb] loc lhs_access
let exec_unknown_call summary _ret (call : HilInstr.call) (actuals : HilExp.t list) _flags let exec_unknown_call _summary _ret (call : HilInstr.call) (actuals : HilExp.t list) _flags
call_loc astate = call_loc astate =
let read_all args astate = let read_all args astate =
PulseOperations.read_all call_loc (List.concat_map args ~f:HilExp.get_access_exprs) astate PulseOperations.read_all call_loc (List.concat_map args ~f:HilExp.get_access_exprs) astate
@ -94,11 +94,6 @@ module PulseTransferFunctions = struct
when Typ.Procname.ObjC_Cpp.is_operator_equal callee_pname -> ( when Typ.Procname.ObjC_Cpp.is_operator_equal callee_pname -> (
L.d_printfln "operator= detected@." ; L.d_printfln "operator= detected@." ;
match actuals with match actuals with
(* We want to assign *lhs to *rhs when rhs is materialized temporary created in constructor *)
| [AccessExpression lhs; HilExp.AccessExpression (AddressOf (Base rhs_base as rhs_exp))]
when Var.is_cpp_temporary (fst rhs_base) ->
let lhs_deref = HilExp.AccessExpression.dereference lhs in
exec_assign summary lhs_deref (HilExp.AccessExpression rhs_exp) call_loc astate
(* copy assignment *) (* copy assignment *)
| [AccessExpression lhs; HilExp.AccessExpression rhs] -> | [AccessExpression lhs; HilExp.AccessExpression rhs] ->
let lhs_deref = HilExp.AccessExpression.dereference lhs in let lhs_deref = HilExp.AccessExpression.dereference lhs in

4
infer/tests/codetoanalyze/cpp/pulse/closures.cpp
Unescape View File

@ -13,7 +13,7 @@ struct S {
~S() {} ~S() {}
}; };
int ref_capture_destroy_invoke_bad() { int FN_ref_capture_destroy_invoke_bad() {
std::function<int()> f; std::function<int()> f;
{ {
S s; S s;
@ -22,7 +22,7 @@ int ref_capture_destroy_invoke_bad() {
return f(); // s used here return f(); // s used here
} }
int implicit_ref_capture_destroy_invoke_bad() { int FN_implicit_ref_capture_destroy_invoke_bad() {
std::function<int()> f; std::function<int()> f;
{ {
auto s = S(); auto s = S();

2
infer/tests/codetoanalyze/cpp/pulse/issues.exp
Unescape View File

@ -1,7 +1,5 @@
codetoanalyze/cpp/pulse/basics.cpp, multiple_invalidations_branch_bad, 6, USE_AFTER_DELETE, no_bucket, ERROR, [invalidation part of the trace starts here,memory was invalidated by `delete` on `ptr` here,use-after-lifetime part of the trace starts here,invalid access to `*ptr` here] codetoanalyze/cpp/pulse/basics.cpp, multiple_invalidations_branch_bad, 6, USE_AFTER_DELETE, no_bucket, ERROR, [invalidation part of the trace starts here,memory was invalidated by `delete` on `ptr` here,use-after-lifetime part of the trace starts here,invalid access to `*ptr` here]
codetoanalyze/cpp/pulse/basics.cpp, multiple_invalidations_loop_bad, 3, USE_AFTER_DELETE, no_bucket, ERROR, [invalidation part of the trace starts here,memory was invalidated by `delete` on `ptr` here,use-after-lifetime part of the trace starts here,invalid access to `ptr` here] codetoanalyze/cpp/pulse/basics.cpp, multiple_invalidations_loop_bad, 3, USE_AFTER_DELETE, no_bucket, ERROR, [invalidation part of the trace starts here,memory was invalidated by `delete` on `ptr` here,use-after-lifetime part of the trace starts here,invalid access to `ptr` here]
codetoanalyze/cpp/pulse/closures.cpp, implicit_ref_capture_destroy_invoke_bad, 6, USE_AFTER_LIFETIME, no_bucket, ERROR, [invalidation part of the trace starts here,memory is the address of a stack variable `s` whose lifetime has ended here,use-after-lifetime part of the trace starts here,`&s` captured as `s`,invalid access to `&f` here]
codetoanalyze/cpp/pulse/closures.cpp, ref_capture_destroy_invoke_bad, 6, USE_AFTER_LIFETIME, no_bucket, ERROR, [invalidation part of the trace starts here,memory is the address of a stack variable `s` whose lifetime has ended here,use-after-lifetime part of the trace starts here,`&s` captured as `s`,invalid access to `&f` here]
codetoanalyze/cpp/pulse/deduplication.cpp, deduplication::SomeTemplatedClass<int*>::lifetime_error_bad, 2, USE_AFTER_DELETE, no_bucket, ERROR, [invalidation part of the trace starts here,when calling `templated_wrapper_delete_ok` here,memory was invalidated by `delete` on `a` here,use-after-lifetime part of the trace starts here,when calling `templated_wrapper_access_ok` here,invalid access to `a->f` here] codetoanalyze/cpp/pulse/deduplication.cpp, deduplication::SomeTemplatedClass<int*>::lifetime_error_bad, 2, USE_AFTER_DELETE, no_bucket, ERROR, [invalidation part of the trace starts here,when calling `templated_wrapper_delete_ok` here,memory was invalidated by `delete` on `a` here,use-after-lifetime part of the trace starts here,when calling `templated_wrapper_access_ok` here,invalid access to `a->f` here]
codetoanalyze/cpp/pulse/deduplication.cpp, deduplication::SomeTemplatedClass<int>::lifetime_error_bad, 2, USE_AFTER_DELETE, no_bucket, ERROR, [invalidation part of the trace starts here,when calling `templated_wrapper_delete_ok` here,memory was invalidated by `delete` on `a` here,use-after-lifetime part of the trace starts here,when calling `templated_wrapper_access_ok` here,invalid access to `a->f` here] codetoanalyze/cpp/pulse/deduplication.cpp, deduplication::SomeTemplatedClass<int>::lifetime_error_bad, 2, USE_AFTER_DELETE, no_bucket, ERROR, [invalidation part of the trace starts here,when calling `templated_wrapper_delete_ok` here,memory was invalidated by `delete` on `a` here,use-after-lifetime part of the trace starts here,when calling `templated_wrapper_access_ok` here,invalid access to `a->f` here]
codetoanalyze/cpp/pulse/deduplication.cpp, deduplication::templated_function_bad<_Bool>, 3, USE_AFTER_DELETE, no_bucket, ERROR, [invalidation part of the trace starts here,when calling `deduplication::templated_delete_function` here,memory was invalidated by `delete` on `a` here,use-after-lifetime part of the trace starts here,assigned to `a`,when calling `deduplication::templated_access_function` here,invalid access to `a->f` here] codetoanalyze/cpp/pulse/deduplication.cpp, deduplication::templated_function_bad<_Bool>, 3, USE_AFTER_DELETE, no_bucket, ERROR, [invalidation part of the trace starts here,when calling `deduplication::templated_delete_function` here,memory was invalidated by `delete` on `a` here,use-after-lifetime part of the trace starts here,assigned to `a`,when calling `deduplication::templated_access_function` here,invalid access to `a->f` here]

Write Preview
Loading…
Cancel
Save