[pulse] model std::integral_constant

Summary: cpp_initialization Reviewed By: skcho Differential Revision: D18528537 fbshipit-source-id: ab5f8038a
5 years ago · 6ecf4066e8
parent 6df4fb6a9b
commit 6ecf4066e8
5 changed files with 64 additions and 0 deletions
--- a/infer/src/IR/ProcnameDispatcher.ml
+++ b/infer/src/IR/ProcnameDispatcher.ml
@ -381,6 +381,11 @@ module type Common = sig
    -> ('context, 'f_in, 'f_out, 'captured_types, 'markers_in, 'markers_out) name_matcher
  (** Ends template arguments and starts a name *)

+  val ( >::+ ) :
+       ('a, 'b, 'c, 'd, 'e, 'f, 'g) templ_matcher
+    -> ('a -> string -> bool)
+    -> ('a, 'b, 'c, 'd, 'e, 'f) name_matcher
+
  val ( &+...>:: ) :
       ( 'context
       , 'f_in
@ -513,6 +518,8 @@ module Common = struct

  let ( >:: ) templ_matcher name = templ_matcher >! () &::! name

+  let ( >::+ ) templ_matcher f_name = templ_matcher >! () &::+! f_name
+
  let ( &+...>:: ) templ_matcher name = templ_matcher &+...>! () &::! name

  let ( &:: ) name_matcher name = name_matcher <...>! () &::! name
--- a/infer/src/IR/ProcnameDispatcher.mli
+++ b/infer/src/IR/ProcnameDispatcher.mli
@ -155,6 +155,11 @@ module type Common = sig
    -> ('context, 'f_in, 'f_out, 'captured_types, 'markers_in, 'markers_out) name_matcher
  (** Ends template arguments and starts a name *)

+  val ( >::+ ) :
+       ('a, 'b, 'c, 'd, 'e, 'f, 'g) templ_matcher
+    -> ('a -> string -> bool)
+    -> ('a, 'b, 'c, 'd, 'e, 'f) name_matcher
+
  val ( &+...>:: ) :
       ( 'context
       , 'f_in
--- a/infer/src/pulse/PulseModels.ml
+++ b/infer/src/pulse/PulseModels.ml
@ -7,6 +7,7 @@
 open! IStd
 open Result.Monad_infix
 open PulseBasicInterface
+open PulseDomainInterface

 type exec_fun =
     caller_summary:Summary.t
@ -38,6 +39,17 @@ module Misc = struct

  let early_exit : model = fun ~caller_summary:_ _ ~ret:_ ~actuals:_ _ -> Ok []

+  let return_int : Int64.t -> model =
+   fun i64 ~caller_summary:_ location ~ret:(ret_id, _) ~actuals:_ astate ->
+    let ret_addr = AbstractValue.mk_fresh () in
+    let astate =
+      Memory.add_attribute ret_addr
+        (Arithmetic (Arithmetic.equal_to (IntLit.of_int64 i64), Immediate {location; history= []}))
+        astate
+    in
+    Ok [PulseOperations.write_id ret_id (ret_addr, []) astate]
+
+
  let skip : model = fun ~caller_summary:_ _ ~ret:_ ~actuals:_ astate -> Ok [astate]

  let id_first_arg : model =
@ -243,6 +255,9 @@ module ProcNameDispatcher = struct
      ; -"std" &:: "basic_string" &:: "~basic_string" &--> StdBasicString.destructor
      ; -"std" &:: "function" &:: "operator()" &--> StdFunction.operator_call
      ; -"std" &:: "function" &:: "operator=" &--> Misc.shallow_copy "std::function::operator="
+      ; -"std" &:: "integral_constant" < any_typ &+ capt_int
+        >::+ (fun _ name -> String.is_prefix ~prefix:"operator_" name)
+        &--> Misc.return_int
      ; -"std" &:: "vector" &:: "assign" &--> StdVector.invalidate_references Assign
      ; -"std" &:: "vector" &:: "clear" &--> StdVector.invalidate_references Clear
      ; -"std" &:: "vector" &:: "emplace" &--> StdVector.invalidate_references Emplace
--- a/infer/tests/codetoanalyze/cpp/pulse/issues.exp
+++ b/infer/tests/codetoanalyze/cpp/pulse/issues.exp
@ -22,6 +22,8 @@ codetoanalyze/cpp/pulse/interprocedural.cpp, feed_invalid_into_access_bad, 2, US
 codetoanalyze/cpp/pulse/join.cpp, invalidate_node_alias_bad, 12, USE_AFTER_DELETE, no_bucket, ERROR, [invalidation part of the trace starts here,parameter `head` of invalidate_node_alias_bad,assigned,assigned,assigned,was invalidated by `delete`,use-after-lifetime part of the trace starts here,parameter `head` of invalidate_node_alias_bad,assigned,assigned,assigned,invalid access occurs here]
 codetoanalyze/cpp/pulse/nullptr.cpp, deref_nullptr_bad, 2, NULLPTR_DEREFERENCE, no_bucket, ERROR, [invalidation part of the trace starts here,assigned,is the null pointer,use-after-lifetime part of the trace starts here,assigned,invalid access occurs here]
 codetoanalyze/cpp/pulse/nullptr.cpp, no_check_return_bad, 2, NULLPTR_DEREFERENCE, no_bucket, ERROR, [invalidation part of the trace starts here,when calling `may_return_nullptr` here,assigned,is the null pointer,use-after-lifetime part of the trace starts here,passed as argument to `may_return_nullptr`,return from call to `may_return_nullptr`,assigned,invalid access occurs here]
+codetoanalyze/cpp/pulse/nullptr.cpp, std_false_type_deref_bad, 3, NULLPTR_DEREFERENCE, no_bucket, ERROR, [invalidation part of the trace starts here,assigned,is the null pointer,use-after-lifetime part of the trace starts here,assigned,invalid access occurs here]
+codetoanalyze/cpp/pulse/nullptr.cpp, std_true_type_deref_bad, 3, NULLPTR_DEREFERENCE, no_bucket, ERROR, [invalidation part of the trace starts here,assigned,is the null pointer,use-after-lifetime part of the trace starts here,assigned,invalid access occurs here]
 codetoanalyze/cpp/pulse/reference_wrapper.cpp, reference_wrapper_heap_bad, 2, USE_AFTER_DELETE, no_bucket, ERROR, [invalidation part of the trace starts here,variable `rw` declared here,when calling `getwrapperHeap` here,variable `a` declared here,passed as argument to `WrapsB::WrapsB`,assigned,return from call to `WrapsB::WrapsB`,when calling `WrapsB::~WrapsB` here,parameter `this` of WrapsB::~WrapsB,when calling `WrapsB::__infer_inner_destructor_~WrapsB` here,parameter `this` of WrapsB::__infer_inner_destructor_~WrapsB,was invalidated by `delete`,use-after-lifetime part of the trace starts here,variable `rw` declared here,passed as argument to `getwrapperHeap`,variable `a` declared here,passed as argument to `WrapsB::WrapsB`,assigned,return from call to `WrapsB::WrapsB`,passed as argument to `ReferenceWrapperHeap::ReferenceWrapperHeap`,parameter `a` of ReferenceWrapperHeap::ReferenceWrapperHeap,passed as argument to `WrapsB::getb`,return from call to `WrapsB::getb`,assigned,return from call to `ReferenceWrapperHeap::ReferenceWrapperHeap`,return from call to `getwrapperHeap`,invalid access occurs here]
 codetoanalyze/cpp/pulse/reference_wrapper.cpp, reference_wrapper_stack_bad, 2, USE_AFTER_LIFETIME, no_bucket, ERROR, [invalidation part of the trace starts here,variable `rw` declared here,when calling `getwrapperStack` here,variable `b` declared here,is the address of a stack variable `b` whose lifetime has ended,use-after-lifetime part of the trace starts here,variable `rw` declared here,passed as argument to `getwrapperStack`,variable `b` declared here,passed as argument to `ReferenceWrapperStack::ReferenceWrapperStack`,parameter `bref` of ReferenceWrapperStack::ReferenceWrapperStack,assigned,return from call to `ReferenceWrapperStack::ReferenceWrapperStack`,return from call to `getwrapperStack`,invalid access occurs here]
 codetoanalyze/cpp/pulse/returns.cpp, returns::return_literal_stack_reference_bad, 0, STACK_VARIABLE_ADDRESS_ESCAPE, no_bucket, ERROR, [variable `C++ temporary` declared here,returned here]
--- a/infer/tests/codetoanalyze/cpp/pulse/nullptr.cpp
+++ b/infer/tests/codetoanalyze/cpp/pulse/nullptr.cpp
@ -4,6 +4,9 @@
 * This source code is licensed under the MIT license found in the
 * LICENSE file in the root directory of this source tree.
 */
+
+#include <type_traits>
+
 void assign_zero_ok() {
  int x[2];
  x[1] = 42;
@ -55,3 +58,35 @@ void deref_after_compare_ok(int* x) {
  compare_to_null(x);
  *x = 42;
 }
+
+bool return_true() { return std::true_type{}; }
+
+void std_true_type_impossible_deref_ok() {
+  int* x = nullptr;
+  if (!return_true()) {
+    *x = 42;
+  }
+}
+
+void std_true_type_deref_bad() {
+  int* x = nullptr;
+  if (return_true()) {
+    *x = 42;
+  }
+}
+
+bool return_false() { return std::false_type{}; }
+
+void std_false_type_impossible_deref_ok() {
+  int* x = nullptr;
+  if (return_false()) {
+    *x = 42;
+  }
+}
+
+void std_false_type_deref_bad() {
+  int* x = nullptr;
+  if (!return_false()) {
+    *x = 42;
+  }
+}