From 678386acbbbae18527269dc13f552fe958ed636e Mon Sep 17 00:00:00 2001
From: Sungkeun Cho <scho@fb.com>
Date: Wed, 23 Jun 2021 05:33:51 -0700
Subject: [PATCH] [pulse] Add FP tests due to infeasible paths depending on
 string length

Reviewed By: ezgicicek

Differential Revision: D29302634

fbshipit-source-id: 259b7120d
---
 .../tests/codetoanalyze/cpp/pulse/issues.exp  |  4 ++
 .../tests/codetoanalyze/cpp/pulse/uninit.cpp  | 38 +++++++++++++++++++
 2 files changed, 42 insertions(+)

diff --git a/infer/tests/codetoanalyze/cpp/pulse/issues.exp b/infer/tests/codetoanalyze/cpp/pulse/issues.exp
index e3b300f54..ec39de095 100644
--- a/infer/tests/codetoanalyze/cpp/pulse/issues.exp
+++ b/infer/tests/codetoanalyze/cpp/pulse/issues.exp
@@ -102,6 +102,10 @@ codetoanalyze/cpp/pulse/std_atomics.cpp, atomic_test::pre_increment_decrement_te
 codetoanalyze/cpp/pulse/temporaries.cpp, temporaries::call_mk_UniquePtr_A_deref_bad, 4, USE_AFTER_DELETE, no_bucket, ERROR, [invalidation part of the trace starts here,in call to `temporaries::mk_UniquePtr_A`,allocated by call to `new` (modelled),in call to `temporaries::UniquePtr<temporaries::A>::UniquePtr`,parameter `y` of temporaries::UniquePtr<temporaries::A>::UniquePtr,assigned,return from call to `temporaries::UniquePtr<temporaries::A>::UniquePtr`,return from call to `temporaries::mk_UniquePtr_A`,when calling `temporaries::UniquePtr<temporaries::A>::~UniquePtr` here,parameter `this` of temporaries::UniquePtr<temporaries::A>::~UniquePtr,when calling `temporaries::UniquePtr<temporaries::A>::__infer_inner_destructor_~UniquePtr` here,parameter `this` of temporaries::UniquePtr<temporaries::A>::__infer_inner_destructor_~UniquePtr,was invalidated by `delete`,use-after-lifetime part of the trace starts here,in call to `temporaries::mk_UniquePtr_A`,allocated by call to `new` (modelled),in call to `temporaries::UniquePtr<temporaries::A>::UniquePtr`,parameter `y` of temporaries::UniquePtr<temporaries::A>::UniquePtr,assigned,return from call to `temporaries::UniquePtr<temporaries::A>::UniquePtr`,return from call to `temporaries::mk_UniquePtr_A`,in call to `temporaries::UniquePtr<temporaries::A>::get`,parameter `this` of temporaries::UniquePtr<temporaries::A>::get,returned,return from call to `temporaries::UniquePtr<temporaries::A>::get`,assigned,invalid access occurs here]
 codetoanalyze/cpp/pulse/trace.cpp, trace_free_bad, 4, USE_AFTER_FREE, no_bucket, ERROR, [invalidation part of the trace starts here,parameter `x` of trace_free_bad,in call to `make_alias`,parameter `src` of make_alias,assigned,return from call to `make_alias`,when calling `do_free` here,parameter `x` of do_free,assigned,was invalidated by call to `free()`,use-after-lifetime part of the trace starts here,parameter `x` of trace_free_bad,invalid access occurs here]
 codetoanalyze/cpp/pulse/traces.cpp, access_destructed_string, 6, USE_AFTER_DELETE, no_bucket, ERROR, [invalidation part of the trace starts here,variable `s` declared here,in call to `std::basic_string::~basic_string()` (modelled),was invalidated by `delete`,use-after-lifetime part of the trace starts here,variable `s` declared here,in call to `std::basic_string::data()` (modelled),assigned,invalid access occurs here]
+codetoanalyze/cpp/pulse/uninit.cpp, Uninit2::not_read_f1_ok_FP, 2, PULSE_UNINITIALIZED_VALUE, no_bucket, ERROR, [struct field address `f1` created,when calling `Uninit2::may_read_f1` here,parameter `this` of Uninit2::may_read_f1,read to uninitialized value occurs here]
+codetoanalyze/cpp/pulse/uninit.cpp, Uninit2::not_read_f2_ok_FP, 2, PULSE_UNINITIALIZED_VALUE, no_bucket, ERROR, [struct field address `f1` created,when calling `Uninit2::may_read_f2` here,parameter `this` of Uninit2::may_read_f2,read to uninitialized value occurs here]
+codetoanalyze/cpp/pulse/uninit.cpp, Uninit2::read_f1_bad, 2, PULSE_UNINITIALIZED_VALUE, no_bucket, ERROR, [struct field address `f1` created,when calling `Uninit2::may_read_f1` here,parameter `this` of Uninit2::may_read_f1,read to uninitialized value occurs here]
+codetoanalyze/cpp/pulse/uninit.cpp, Uninit2::read_f2_bad, 2, PULSE_UNINITIALIZED_VALUE, no_bucket, ERROR, [struct field address `f1` created,when calling `Uninit2::may_read_f2` here,parameter `this` of Uninit2::may_read_f2,read to uninitialized value occurs here]
 codetoanalyze/cpp/pulse/uninit.cpp, Uninit::call_init_by_store_ok, 3, PULSE_UNINITIALIZED_VALUE, no_bucket, ERROR, [struct field address `i` created,read to uninitialized value occurs here]
 codetoanalyze/cpp/pulse/unknown_functions.cpp, call_init_with_pointer_value_bad, 3, NULLPTR_DEREFERENCE, no_bucket, ERROR, [is the null pointer,assigned,invalid access occurs here]
 codetoanalyze/cpp/pulse/unknown_functions.cpp, const_no_init_bad, 3, NULLPTR_DEREFERENCE, no_bucket, ERROR, [is the null pointer,assigned,invalid access occurs here]
diff --git a/infer/tests/codetoanalyze/cpp/pulse/uninit.cpp b/infer/tests/codetoanalyze/cpp/pulse/uninit.cpp
index bdfb5c1ba..942d6cfd1 100644
--- a/infer/tests/codetoanalyze/cpp/pulse/uninit.cpp
+++ b/infer/tests/codetoanalyze/cpp/pulse/uninit.cpp
@@ -7,6 +7,7 @@
 
 #include <atomic>
 #include <functional>
+#include <string>
 
 void get_closure(std::function<int()> closure);
 
@@ -34,3 +35,40 @@ class Uninit {
     int y = x.i;
   }
 };
+
+class Uninit2 {
+  int f1;
+  int f2;
+
+  void may_read_f1(std::string s) {
+    if (s.empty()) {
+      int x = f1;
+    }
+  }
+
+  void not_read_f1_ok_FP() {
+    Uninit2 o;
+    o.may_read_f1("non empty string");
+  }
+
+  void read_f1_bad() {
+    Uninit2 o;
+    o.may_read_f1(std::string());
+  }
+
+  void may_read_f2(std::string s) {
+    if (s.length() == 0) {
+      int x = f1;
+    }
+  }
+
+  void not_read_f2_ok_FP() {
+    Uninit2 o;
+    o.may_read_f2("non empty string");
+  }
+
+  void read_f2_bad() {
+    Uninit2 o;
+    o.may_read_f2("");
+  }
+};