From 81337ce2cb4e3858deeaef80d711f9b23c1dc612 Mon Sep 17 00:00:00 2001 From: Andrzej Kotulski Date: Tue, 24 Nov 2015 07:22:12 -0800 Subject: [PATCH] Support MaterializeTemporaryExpr Summary: public Support MaterializeTemporaryExpr which happens often in real life C++. For example, it will happen in this code: std::vector v; v.push_back(1); // it's because std::vector::push_back(const int &) Strategy is to create variable that will store value of init expression (to provide storage) and then return variable as a result of an expression Reviewed By: ddino Differential Revision: D2674340 fb-gh-sync-id: 077ed6a --- infer/src/clang/cTrans.ml | 22 ++++++- .../frontend/reference/temporary_lvalue.cpp | 25 +++++++ .../reference/temporary_lvalue.cpp.dot | 54 +++++++++++++++ .../endtoend/cpp/TemporaryLValueTest.java | 65 +++++++++++++++++++ infer/tests/frontend/cpp/ReferenceTest.java | 6 ++ 5 files changed, 170 insertions(+), 2 deletions(-) create mode 100644 infer/tests/codetoanalyze/cpp/frontend/reference/temporary_lvalue.cpp create mode 100644 infer/tests/codetoanalyze/cpp/frontend/reference/temporary_lvalue.cpp.dot create mode 100644 infer/tests/endtoend/cpp/TemporaryLValueTest.java diff --git a/infer/src/clang/cTrans.ml b/infer/src/clang/cTrans.ml index c97a39d4f..27e3cd873 100644 --- a/infer/src/clang/cTrans.ml +++ b/infer/src/clang/cTrans.ml @@ -1574,8 +1574,8 @@ struct CArithmetic_trans.assignment_arc_mode context var_exp ie_typ sil_e1' sil_loc rhs_owning_method true in ([(e, ie_typ)], instrs, ids) else ([], [Sil.Set (var_exp, ie_typ, sil_e1', sil_loc)], []) in - let ids = res_trans_ie.ids@ids_assign in - let instrs = res_trans_ie.instrs@instrs_assign in + let ids = var_res_trans.ids @ res_trans_ie.ids @ ids_assign in + let instrs = var_res_trans.instrs @ res_trans_ie.instrs @ instrs_assign in if PriorityNode.own_priority_node trans_state_pri.priority var_stmt_info then ( let node = IList.hd next_node in Cfg.Node.append_instrs_temps node instrs ids; @@ -1938,6 +1938,22 @@ struct PriorityNode.compute_results_to_parent trans_state_pri sil_loc "Call delete" stmt_info res_trans_tmp in { res_trans with exps = [] } + and materializeTemporaryExpr_trans trans_state stmt_info stmt_list expr_info = + let context = trans_state.context in + let procdesc = context.CContext.procdesc in + let procname = Cfg.Procdesc.get_proc_name procdesc in + let temp_exp = match stmt_list with [p] -> p | _ -> assert false in + (* use id to create unique variable name within a function *) + let id = Ident.create_fresh Ident.knormal in + let pvar_mangled = Mangled.from_string ("SIL_materialize_temp__" ^ (Ident.to_string id)) in + let pvar = Sil.mk_pvar pvar_mangled procname in + let type_ptr = expr_info.Clang_ast_t.ei_type_ptr in + let typ = CTypes_decl.type_ptr_to_sil_type context.CContext.tenv type_ptr in + let typ_ptr = Sil.Tptr (typ, Sil.Pk_pointer) in + let var_res_trans = { empty_res_trans with exps = [(Sil.Lvar pvar, typ_ptr)] } in + Cfg.Procdesc.append_locals procdesc [(Sil.pvar_get_name pvar, typ)]; + let res_trans = init_expr_trans trans_state var_res_trans stmt_info (Some temp_exp) in + { res_trans with exps = [(Sil.Lvar pvar, typ)] } (* Translates a clang instruction into SIL instructions. It takes a *) (* a trans_state containing current info on the translation and it returns *) @@ -2152,6 +2168,8 @@ struct cxxNewExpr_trans trans_state stmt_info expr_info | CXXDeleteExpr (stmt_info, stmt_list, expr_info, _) -> cxxDeleteExpr_trans trans_state stmt_info stmt_list expr_info + | MaterializeTemporaryExpr (stmt_info, stmt_list, expr_info, _) -> + materializeTemporaryExpr_trans trans_state stmt_info stmt_list expr_info | s -> (Printing.log_stats "\n!!!!WARNING: found statement %s. \nACTION REQUIRED: Translation need to be defined. Statement ignored.... \n" (Ast_utils.string_of_stmt s); diff --git a/infer/tests/codetoanalyze/cpp/frontend/reference/temporary_lvalue.cpp b/infer/tests/codetoanalyze/cpp/frontend/reference/temporary_lvalue.cpp new file mode 100644 index 000000000..6ce3ba980 --- /dev/null +++ b/infer/tests/codetoanalyze/cpp/frontend/reference/temporary_lvalue.cpp @@ -0,0 +1,25 @@ +/* +* Copyright (c) 2015 - present Facebook, Inc. +* All rights reserved. +* +* This source code is licensed under the BSD style license found in the +* LICENSE file in the root directory of this source tree. An additional grant +* of patent rights can be found in the PATENTS file in the same directory. +*/ + +int div(const int& v) { return 1 / v; } + +int div0_init_expr() { + const int& a = 0; + return div(a); +} + +int div0_function_param_cast() { + return div(0); +} + +// to compare with cfgs when no MaterializeTemporaryExpr is produced +int div0_no_const_ref() { + int a = 0; + return div(a); +} diff --git a/infer/tests/codetoanalyze/cpp/frontend/reference/temporary_lvalue.cpp.dot b/infer/tests/codetoanalyze/cpp/frontend/reference/temporary_lvalue.cpp.dot new file mode 100644 index 000000000..8f34bab3e --- /dev/null +++ b/infer/tests/codetoanalyze/cpp/frontend/reference/temporary_lvalue.cpp.dot @@ -0,0 +1,54 @@ +digraph iCFG { +14 [label="14: DeclStmt \n *&a:int =0 [line 23]\n " shape="box"] + + + 14 -> 13 ; +13 [label="13: Return Stmt \n n$0=_fun_div(&a:int &) [line 24]\n *&return:int =n$0 [line 24]\n REMOVE_TEMPS(n$0); [line 24]\n NULLIFY(&a,false); [line 24]\n APPLY_ABSTRACTION; [line 24]\n " shape="box"] + + + 13 -> 12 ; +12 [label="12: Exit div0_no_const_ref \n " color=yellow style=filled] + + +11 [label="11: Start div0_no_const_ref\nFormals: \nLocals: a:int \n DECLARE_LOCALS(&return,&a); [line 22]\n " color=yellow style=filled] + + + 11 -> 14 ; +10 [label="10: Return Stmt \n *&SIL_materialize_temp__n$0:int =0 [line 18]\n n$1=_fun_div(&SIL_materialize_temp__n$0:int &) [line 18]\n *&return:int =n$1 [line 18]\n REMOVE_TEMPS(n$1); [line 18]\n NULLIFY(&SIL_materialize_temp__n$0,false); [line 18]\n APPLY_ABSTRACTION; [line 18]\n " shape="box"] + + + 10 -> 9 ; +9 [label="9: Exit div0_function_param_cast \n " color=yellow style=filled] + + +8 [label="8: Start div0_function_param_cast\nFormals: \nLocals: SIL_materialize_temp__n$0:int \n DECLARE_LOCALS(&return,&SIL_materialize_temp__n$0); [line 17]\n " color=yellow style=filled] + + + 8 -> 10 ; +7 [label="7: DeclStmt \n *&SIL_materialize_temp__n$2:int =0 [line 13]\n *&a:int &=&SIL_materialize_temp__n$2 [line 13]\n " shape="box"] + + + 7 -> 6 ; +6 [label="6: Return Stmt \n n$0=*&a:int & [line 14]\n n$1=_fun_div(n$0:int &) [line 14]\n *&return:int =n$1 [line 14]\n REMOVE_TEMPS(n$0,n$1); [line 14]\n NULLIFY(&a,false); [line 14]\n NULLIFY(&SIL_materialize_temp__n$2,false); [line 14]\n APPLY_ABSTRACTION; [line 14]\n " shape="box"] + + + 6 -> 5 ; +5 [label="5: Exit div0_init_expr \n " color=yellow style=filled] + + +4 [label="4: Start div0_init_expr\nFormals: \nLocals: a:int & SIL_materialize_temp__n$2:int \n DECLARE_LOCALS(&return,&a,&SIL_materialize_temp__n$2); [line 12]\n NULLIFY(&a,false); [line 12]\n " color=yellow style=filled] + + + 4 -> 7 ; +3 [label="3: Return Stmt \n n$0=*&v:int & [line 10]\n n$1=*n$0:int [line 10]\n *&return:int =(1 / n$1) [line 10]\n REMOVE_TEMPS(n$0,n$1); [line 10]\n NULLIFY(&v,false); [line 10]\n APPLY_ABSTRACTION; [line 10]\n " shape="box"] + + + 3 -> 2 ; +2 [label="2: Exit div \n " color=yellow style=filled] + + +1 [label="1: Start div\nFormals: v:int &\nLocals: \n DECLARE_LOCALS(&return); [line 10]\n " color=yellow style=filled] + + + 1 -> 3 ; +} diff --git a/infer/tests/endtoend/cpp/TemporaryLValueTest.java b/infer/tests/endtoend/cpp/TemporaryLValueTest.java new file mode 100644 index 000000000..c30ef1c2a --- /dev/null +++ b/infer/tests/endtoend/cpp/TemporaryLValueTest.java @@ -0,0 +1,65 @@ +/* +* Copyright (c) 2015 - present Facebook, Inc. +* All rights reserved. +* +* This source code is licensed under the BSD style license found in the +* LICENSE file in the root directory of this source tree. An additional grant +* of patent rights can be found in the PATENTS file in the same directory. +*/ + +package endtoend.cpp; + +import static org.hamcrest.MatcherAssert.assertThat; +import static utils.matchers.ResultContainsExactly.containsExactly; + +import com.google.common.collect.ImmutableList; + +import org.junit.BeforeClass; +import org.junit.ClassRule; +import org.junit.Test; + +import java.io.IOException; + +import utils.DebuggableTemporaryFolder; +import utils.InferException; +import utils.InferResults; +import utils.InferRunner; + +public class TemporaryLValueTest { + + public static final String FILE = + "infer/tests/codetoanalyze/cpp/frontend/reference/temporary_lvalue.cpp"; + + private static ImmutableList inferCmd; + + public static final String DIVIDE_BY_ZERO = "DIVIDE_BY_ZERO"; + + @ClassRule + public static DebuggableTemporaryFolder folder = + new DebuggableTemporaryFolder(); + + @BeforeClass + public static void runInfer() throws InterruptedException, IOException { + inferCmd = InferRunner.createCPPInferCommand(folder, FILE); + } + + @Test + public void whenInferRunsOnDiv0MethodsErrorIsFound() + throws InterruptedException, IOException, InferException { + InferResults inferResults = InferRunner.runInferCPP(inferCmd); + String[] procedures = { + "div0_init_expr", + "div0_function_param_cast", + "div0_no_const_ref", + }; + assertThat( + "Results should contain the expected divide by zero", + inferResults, + containsExactly( + DIVIDE_BY_ZERO, + FILE, + procedures + ) + ); + } +} diff --git a/infer/tests/frontend/cpp/ReferenceTest.java b/infer/tests/frontend/cpp/ReferenceTest.java index 48651222b..34f79359c 100644 --- a/infer/tests/frontend/cpp/ReferenceTest.java +++ b/infer/tests/frontend/cpp/ReferenceTest.java @@ -70,6 +70,12 @@ public class ReferenceTest { throws InterruptedException, IOException, InferException { frontendTest("increment.cpp"); } + + @Test + public void testTemporaryLValueDotFilesMatch() + throws InterruptedException, IOException, InferException { + frontendTest("temporary_lvalue.cpp"); + } @Test public void testReferenceTypeE2EDotFilesMatch()