From 8ed44df7f6a830af0ddc591eb3010d540b667ea0 Mon Sep 17 00:00:00 2001 From: Sungkeun Cho Date: Thu, 28 Jan 2021 06:29:46 -0800 Subject: [PATCH] [frontend] Fix incorrect order of statements (negation) Summary: This diff fixes incorrect order of statements on `*p = !b;`. Reviewed By: jvillard Differential Revision: D26125069 fbshipit-source-id: 9dcefbd34 --- infer/src/clang/cTrans.ml | 2 +- .../codetoanalyze/cpp/pulse/frontend.cpp | 28 +++++++++++++++++++ .../tests/codetoanalyze/cpp/pulse/issues.exp | 1 + 3 files changed, 30 insertions(+), 1 deletion(-) diff --git a/infer/src/clang/cTrans.ml b/infer/src/clang/cTrans.ml index ffbc7306e..ade33615f 100644 --- a/infer/src/clang/cTrans.ml +++ b/infer/src/clang/cTrans.ml @@ -1094,7 +1094,7 @@ module CTrans_funct (F : CModule_type.CFrontend) : CModule_type.CTranslation = s to avoid an incorrect statement order. *) let e1_control = match (binary_operator_info.Clang_ast_t.boi_kind, s2) with - | `Assign, Clang_ast_t.ConditionalOperator _ -> + | `Assign, Clang_ast_t.(ConditionalOperator _ | UnaryOperator _) -> let trans_state' = PriorityNode.try_claim_priority_node trans_state' stmt_info in PriorityNode.compute_controls_to_parent trans_state' sil_loc node_name stmt_info [res_trans_e1.control] diff --git a/infer/tests/codetoanalyze/cpp/pulse/frontend.cpp b/infer/tests/codetoanalyze/cpp/pulse/frontend.cpp index f4396d75f..7ef02bfe5 100644 --- a/infer/tests/codetoanalyze/cpp/pulse/frontend.cpp +++ b/infer/tests/codetoanalyze/cpp/pulse/frontend.cpp @@ -175,4 +175,32 @@ void call_set_field_via_local_bad() { } } +void not_boolean_ok() { + bool t = true; + bool* b = (bool*)malloc(sizeof(bool)); + if (b) { + *b = true; + *b = !t; // *b is false + if (*b) { + int* p = nullptr; + *p = 42; + } + free(b); + } +} + +void not_boolean_bad() { + bool f = false; + bool* b = (bool*)malloc(sizeof(bool)); + if (b) { + *b = false; + *b = !f; // *b is true + if (*b) { + int* p = nullptr; + *p = 42; + } + free(b); + } +} + } // namespace frontend diff --git a/infer/tests/codetoanalyze/cpp/pulse/issues.exp b/infer/tests/codetoanalyze/cpp/pulse/issues.exp index 9031b7af4..d83d45b4b 100644 --- a/infer/tests/codetoanalyze/cpp/pulse/issues.exp +++ b/infer/tests/codetoanalyze/cpp/pulse/issues.exp @@ -37,6 +37,7 @@ codetoanalyze/cpp/pulse/frontend.cpp, frontend::call_Frontend_constructor_bad, 4 codetoanalyze/cpp/pulse/frontend.cpp, frontend::call_set_field_via_local_bad, 5, NULLPTR_DEREFERENCE, no_bucket, ERROR, [invalidation part of the trace starts here,assigned,is the null pointer,use-after-lifetime part of the trace starts here,assigned,invalid access occurs here] codetoanalyze/cpp/pulse/frontend.cpp, frontend::conditional_expression_bad, 5, NULLPTR_DEREFERENCE, no_bucket, ERROR, [invalidation part of the trace starts here,assigned,is the null pointer,use-after-lifetime part of the trace starts here,assigned,invalid access occurs here] codetoanalyze/cpp/pulse/frontend.cpp, frontend::deref_null_namespace_alias_ptr_bad, 4, USE_AFTER_DELETE, no_bucket, ERROR, [invalidation part of the trace starts here,when calling `frontend::some::thing::bad_ptr` here,passed as argument to `new` (modelled),return from call to `new` (modelled),assigned,was invalidated by `delete`,use-after-lifetime part of the trace starts here,passed as argument to `frontend::some::thing::bad_ptr`,return from call to `frontend::some::thing::bad_ptr`,assigned,invalid access occurs here] +codetoanalyze/cpp/pulse/frontend.cpp, frontend::not_boolean_bad, 8, NULLPTR_DEREFERENCE, no_bucket, ERROR, [invalidation part of the trace starts here,assigned,is the null pointer,use-after-lifetime part of the trace starts here,assigned,invalid access occurs here] codetoanalyze/cpp/pulse/interprocedural.cpp, access_to_invalidated_alias2_bad, 3, USE_AFTER_DELETE, no_bucket, ERROR, [invalidation part of the trace starts here,parameter `x` of access_to_invalidated_alias2_bad,assigned,when calling `invalidate_and_set_to_null` here,parameter `x_ptr` of invalidate_and_set_to_null,was invalidated by `delete`,use-after-lifetime part of the trace starts here,parameter `x` of access_to_invalidated_alias2_bad,when calling `wraps_read` here,parameter `x` of wraps_read,when calling `wraps_read_inner` here,parameter `x` of wraps_read_inner,invalid access occurs here] codetoanalyze/cpp/pulse/interprocedural.cpp, access_to_invalidated_alias_bad, 3, USE_AFTER_DELETE, no_bucket, ERROR, [invalidation part of the trace starts here,parameter `x` of access_to_invalidated_alias_bad,when calling `invalidate_and_set_to_null` here,parameter `x_ptr` of invalidate_and_set_to_null,was invalidated by `delete`,use-after-lifetime part of the trace starts here,parameter `x` of access_to_invalidated_alias_bad,assigned,when calling `wraps_read` here,parameter `x` of wraps_read,when calling `wraps_read_inner` here,parameter `x` of wraps_read_inner,invalid access occurs here] codetoanalyze/cpp/pulse/interprocedural.cpp, delete_aliased_then_read_bad, 4, USE_AFTER_DELETE, no_bucket, ERROR, [invalidation part of the trace starts here,parameter `x` of delete_aliased_then_read_bad,assigned,was invalidated by `delete`,use-after-lifetime part of the trace starts here,parameter `x` of delete_aliased_then_read_bad,assigned,when calling `wraps_read` here,parameter `x` of wraps_read,when calling `wraps_read_inner` here,parameter `x` of wraps_read_inner,invalid access occurs here]