Support MaterializeTemporaryExpr

Summary: public Support MaterializeTemporaryExpr which happens often in real life C++. For example, it will happen in this code: std::vector<int> v; v.push_back(1); // it's because std::vector<int>::push_back(const int &) Strategy is to create variable that will store value of init expression (to provide storage) and then return variable as a result of an expression Reviewed By: ddino Differential Revision: D2674340 fb-gh-sync-id: 077ed6a
9 years ago · 81337ce2cb
parent 22bd029e46
commit 81337ce2cb
5 changed files with 170 additions and 2 deletions
--- a/infer/src/clang/cTrans.ml
+++ b/infer/src/clang/cTrans.ml
@ -1574,8 +1574,8 @@ struct
              CArithmetic_trans.assignment_arc_mode context var_exp ie_typ sil_e1' sil_loc rhs_owning_method true in
            ([(e, ie_typ)], instrs, ids)
          else ([], [Sil.Set (var_exp, ie_typ, sil_e1', sil_loc)], []) in
-        let ids = res_trans_ie.ids@ids_assign in
-        let instrs = res_trans_ie.instrs@instrs_assign in
+        let ids = var_res_trans.ids @ res_trans_ie.ids @ ids_assign in
+        let instrs = var_res_trans.instrs @ res_trans_ie.instrs @ instrs_assign in
        if PriorityNode.own_priority_node trans_state_pri.priority var_stmt_info then (
          let node = IList.hd next_node in
          Cfg.Node.append_instrs_temps node instrs ids;
@ -1938,6 +1938,22 @@ struct
      PriorityNode.compute_results_to_parent trans_state_pri sil_loc "Call delete" stmt_info res_trans_tmp in
    { res_trans with exps = [] }

+  and materializeTemporaryExpr_trans trans_state stmt_info stmt_list expr_info =
+    let context = trans_state.context in
+    let procdesc = context.CContext.procdesc in
+    let procname = Cfg.Procdesc.get_proc_name procdesc in
+    let temp_exp = match stmt_list with [p] -> p | _ -> assert false in
+    (* use id to create unique variable name within a function *)
+    let id = Ident.create_fresh Ident.knormal in
+    let pvar_mangled = Mangled.from_string ("SIL_materialize_temp__" ^ (Ident.to_string id)) in
+    let pvar = Sil.mk_pvar pvar_mangled procname in
+    let type_ptr = expr_info.Clang_ast_t.ei_type_ptr in
+    let typ = CTypes_decl.type_ptr_to_sil_type context.CContext.tenv type_ptr in
+    let typ_ptr = Sil.Tptr (typ, Sil.Pk_pointer) in
+    let var_res_trans = { empty_res_trans with exps = [(Sil.Lvar pvar, typ_ptr)] } in
+    Cfg.Procdesc.append_locals procdesc [(Sil.pvar_get_name pvar, typ)];
+    let res_trans = init_expr_trans trans_state var_res_trans stmt_info (Some temp_exp) in
+    { res_trans with exps = [(Sil.Lvar pvar, typ)] }

  (* Translates a clang instruction into SIL instructions. It takes a       *)
  (* a trans_state containing current info on the translation and it returns *)
@ -2152,6 +2168,8 @@ struct
        cxxNewExpr_trans trans_state stmt_info expr_info
    | CXXDeleteExpr (stmt_info, stmt_list, expr_info, _) ->
        cxxDeleteExpr_trans trans_state stmt_info stmt_list expr_info
+    | MaterializeTemporaryExpr (stmt_info, stmt_list, expr_info, _) ->
+        materializeTemporaryExpr_trans trans_state stmt_info stmt_list expr_info
    | s -> (Printing.log_stats
              "\n!!!!WARNING: found statement %s. \nACTION REQUIRED: Translation need to be defined. Statement ignored.... \n"
              (Ast_utils.string_of_stmt s);
--- a/infer/tests/codetoanalyze/cpp/frontend/reference/temporary_lvalue.cpp
+++ b/infer/tests/codetoanalyze/cpp/frontend/reference/temporary_lvalue.cpp
@ -0,0 +1,25 @@
+/*
+* Copyright (c) 2015 - present Facebook, Inc.
+* All rights reserved.
+*
+* This source code is licensed under the BSD style license found in the
+* LICENSE file in the root directory of this source tree. An additional grant
+* of patent rights can be found in the PATENTS file in the same directory.
+*/
+
+int div(const int& v) { return 1 / v; }
+
+int div0_init_expr() {
+  const int& a = 0;
+  return div(a);
+}
+
+int div0_function_param_cast() {
+  return div(0);
+}
+
+// to compare with cfgs when no MaterializeTemporaryExpr is produced
+int div0_no_const_ref() {
+  int a = 0;
+  return div(a);
+}
--- a/infer/tests/codetoanalyze/cpp/frontend/reference/temporary_lvalue.cpp.dot
+++ b/infer/tests/codetoanalyze/cpp/frontend/reference/temporary_lvalue.cpp.dot
@ -0,0 +1,54 @@
+digraph iCFG {
+14 [label="14:  DeclStmt \n   *&a:int =0 [line 23]\n " shape="box"]
+	
+
+	 14 -> 13 ;
+13 [label="13:  Return Stmt \n   n$0=_fun_div(&a:int &) [line 24]\n  *&return:int =n$0 [line 24]\n  REMOVE_TEMPS(n$0); [line 24]\n  NULLIFY(&a,false); [line 24]\n  APPLY_ABSTRACTION; [line 24]\n " shape="box"]
+	
+
+	 13 -> 12 ;
+12 [label="12: Exit div0_no_const_ref \n  " color=yellow style=filled]
+	
+
+11 [label="11: Start div0_no_const_ref\nFormals: \nLocals:  a:int  \n   DECLARE_LOCALS(&return,&a); [line 22]\n " color=yellow style=filled]
+	
+
+	 11 -> 14 ;
+10 [label="10:  Return Stmt \n   *&SIL_materialize_temp__n$0:int =0 [line 18]\n  n$1=_fun_div(&SIL_materialize_temp__n$0:int &) [line 18]\n  *&return:int =n$1 [line 18]\n  REMOVE_TEMPS(n$1); [line 18]\n  NULLIFY(&SIL_materialize_temp__n$0,false); [line 18]\n  APPLY_ABSTRACTION; [line 18]\n " shape="box"]
+	
+
+	 10 -> 9 ;
+9 [label="9: Exit div0_function_param_cast \n  " color=yellow style=filled]
+	
+
+8 [label="8: Start div0_function_param_cast\nFormals: \nLocals:  SIL_materialize_temp__n$0:int  \n   DECLARE_LOCALS(&return,&SIL_materialize_temp__n$0); [line 17]\n " color=yellow style=filled]
+	
+
+	 8 -> 10 ;
+7 [label="7:  DeclStmt \n   *&SIL_materialize_temp__n$2:int =0 [line 13]\n  *&a:int &=&SIL_materialize_temp__n$2 [line 13]\n " shape="box"]
+	
+
+	 7 -> 6 ;
+6 [label="6:  Return Stmt \n   n$0=*&a:int & [line 14]\n  n$1=_fun_div(n$0:int &) [line 14]\n  *&return:int =n$1 [line 14]\n  REMOVE_TEMPS(n$0,n$1); [line 14]\n  NULLIFY(&a,false); [line 14]\n  NULLIFY(&SIL_materialize_temp__n$2,false); [line 14]\n  APPLY_ABSTRACTION; [line 14]\n " shape="box"]
+	
+
+	 6 -> 5 ;
+5 [label="5: Exit div0_init_expr \n  " color=yellow style=filled]
+	
+
+4 [label="4: Start div0_init_expr\nFormals: \nLocals:  a:int & SIL_materialize_temp__n$2:int  \n   DECLARE_LOCALS(&return,&a,&SIL_materialize_temp__n$2); [line 12]\n  NULLIFY(&a,false); [line 12]\n " color=yellow style=filled]
+	
+
+	 4 -> 7 ;
+3 [label="3:  Return Stmt \n   n$0=*&v:int & [line 10]\n  n$1=*n$0:int  [line 10]\n  *&return:int =(1 / n$1) [line 10]\n  REMOVE_TEMPS(n$0,n$1); [line 10]\n  NULLIFY(&v,false); [line 10]\n  APPLY_ABSTRACTION; [line 10]\n " shape="box"]
+	
+
+	 3 -> 2 ;
+2 [label="2: Exit div \n  " color=yellow style=filled]
+	
+
+1 [label="1: Start div\nFormals:  v:int &\nLocals:  \n   DECLARE_LOCALS(&return); [line 10]\n " color=yellow style=filled]
+	
+
+	 1 -> 3 ;
+}
--- a/infer/tests/endtoend/cpp/TemporaryLValueTest.java
+++ b/infer/tests/endtoend/cpp/TemporaryLValueTest.java
@ -0,0 +1,65 @@
+/*
+* Copyright (c) 2015 - present Facebook, Inc.
+* All rights reserved.
+*
+* This source code is licensed under the BSD style license found in the
+* LICENSE file in the root directory of this source tree. An additional grant
+* of patent rights can be found in the PATENTS file in the same directory.
+*/
+
+package endtoend.cpp;
+
+import static org.hamcrest.MatcherAssert.assertThat;
+import static utils.matchers.ResultContainsExactly.containsExactly;
+
+import com.google.common.collect.ImmutableList;
+
+import org.junit.BeforeClass;
+import org.junit.ClassRule;
+import org.junit.Test;
+
+import java.io.IOException;
+
+import utils.DebuggableTemporaryFolder;
+import utils.InferException;
+import utils.InferResults;
+import utils.InferRunner;
+
+public class TemporaryLValueTest {
+
+  public static final String FILE =
+      "infer/tests/codetoanalyze/cpp/frontend/reference/temporary_lvalue.cpp";
+
+  private static ImmutableList<String> inferCmd;
+
+  public static final String DIVIDE_BY_ZERO = "DIVIDE_BY_ZERO";
+
+  @ClassRule
+  public static DebuggableTemporaryFolder folder =
+      new DebuggableTemporaryFolder();
+
+  @BeforeClass
+  public static void runInfer() throws InterruptedException, IOException {
+    inferCmd = InferRunner.createCPPInferCommand(folder, FILE);
+  }
+
+  @Test
+  public void whenInferRunsOnDiv0MethodsErrorIsFound()
+      throws InterruptedException, IOException, InferException {
+    InferResults inferResults = InferRunner.runInferCPP(inferCmd);
+    String[] procedures = {
+        "div0_init_expr",
+        "div0_function_param_cast",
+        "div0_no_const_ref",
+    };
+    assertThat(
+        "Results should contain the expected divide by zero",
+        inferResults,
+        containsExactly(
+            DIVIDE_BY_ZERO,
+            FILE,
+            procedures
+        )
+    );
+  }
+}
--- a/infer/tests/frontend/cpp/ReferenceTest.java
+++ b/infer/tests/frontend/cpp/ReferenceTest.java
@ -70,6 +70,12 @@ public class ReferenceTest {
      throws InterruptedException, IOException, InferException {
    frontendTest("increment.cpp");
  }
+
+  @Test
+  public void testTemporaryLValueDotFilesMatch()
+      throws InterruptedException, IOException, InferException {
+    frontendTest("temporary_lvalue.cpp");
+  }
  
  @Test
  public void testReferenceTypeE2EDotFilesMatch()