diff --git a/infer/src/backend/prop.ml b/infer/src/backend/prop.ml index 2958443a9..b07631bd3 100644 --- a/infer/src/backend/prop.ml +++ b/infer/src/backend/prop.ml @@ -434,6 +434,10 @@ let sym_eval abs e = match e with | Sil.Var _ -> e + | Sil.Const (Sil.Cclosure c) -> + let captured_vars = + IList.map (fun (exp, pvar, typ) -> (eval exp, pvar, typ)) c.captured_vars in + Sil.Const (Sil.Cclosure { c with captured_vars; }) | Sil.Const _ -> e | Sil.Sizeof (Sil.Tarray (Sil.Tint ik, e), _) diff --git a/infer/src/backend/sil.ml b/infer/src/backend/sil.ml index f7e6b8b22..ef2df7c30 100644 --- a/infer/src/backend/sil.ml +++ b/infer/src/backend/sil.ml @@ -647,7 +647,7 @@ and attribute_category = and closure = { name : Procname.t; - captured_vars : (Ident.t * pvar * typ) list; + captured_vars : (exp * pvar * typ) list; } (** Constants *) @@ -1334,10 +1334,10 @@ let rec const_compare (c1 : const) (c2 : const) : int = | Cptr_to_fld _, _ -> -1 | _, Cptr_to_fld _ -> 1 | Cclosure { name=n1; captured_vars=c1; }, Cclosure { name=n2; captured_vars=c2; } -> - let captured_var_compare acc (id1, pvar1, typ1) (id2, pvar2, typ2) = + let captured_var_compare acc (e1, pvar1, typ1) (e2, pvar2, typ2) = if acc <> 0 then acc else - let n = Ident.compare id1 id2 in + let n = exp_compare e1 e2 in if n <> 0 then n else let n = pvar_compare pvar1 pvar2 in @@ -2016,7 +2016,7 @@ and pp_const pe f = function | Cclass c -> F.fprintf f "%a" Ident.pp_name c | Cptr_to_fld (fn, _) -> F.fprintf f "__fld_%a" Ident.pp_fieldname fn | Cclosure { name; captured_vars; } -> - let id_exps = IList.map (fun (id, _, _) -> Var id) captured_vars in + let id_exps = IList.map (fun (id_exp, _, _) -> id_exp) captured_vars in F.fprintf f "(%a)" (pp_comma_seq (pp_exp pe)) ((Const (Cfun name)) :: id_exps) (** Pretty print a type. Do nothing by default. *) @@ -2969,7 +2969,8 @@ let exp_lt e1 e2 = let rec exp_fpv = function | Var _ -> [] | Const (Cexn e) -> exp_fpv e - | Const (Cclosure _) -> [] + | Const (Cclosure { captured_vars; }) -> + IList.map (fun (_, pvar, _) -> pvar) captured_vars | Const _ -> [] | Cast (_, e) | UnOp (_, e, _) -> exp_fpv e | BinOp (_, e1, e2) -> exp_fpv e1 @ exp_fpv e2 @@ -3131,8 +3132,9 @@ let fav_mem fav id = let rec exp_fav_add fav = function | Var id -> fav ++ id | Const (Cexn e) -> exp_fav_add fav e - | Const (Cint _ | Cfun _ | Cstr _ | Cfloat _ | Cattribute _ | Cclass _ | Cptr_to_fld _ - | Cclosure _) -> () + | Const (Cclosure { captured_vars; }) -> + IList.iter (fun (e, _, _) -> exp_fav_add fav e) captured_vars + | Const (Cint _ | Cfun _ | Cstr _ | Cfloat _ | Cattribute _ | Cclass _ | Cptr_to_fld _) -> () | Cast (_, e) | UnOp (_, e, _) -> exp_fav_add fav e | BinOp (_, e1, e2) -> exp_fav_add fav e1; exp_fav_add fav e2 | Lvar _ -> () (* do nothing since we only count non-program variables *) @@ -3432,8 +3434,11 @@ and exp_sub (subst: subst) e = | Const (Cexn e1) -> let e1' = exp_sub subst e1 in Const (Cexn e1') - | Const (Cint _ | Cfun _ | Cstr _ | Cfloat _ | Cattribute _ | Cclass _ | Cptr_to_fld _ - | Cclosure _) -> + | Const (Cclosure c) -> + let captured_vars = + IList.map (fun (exp, pvar, typ) -> (exp_sub subst exp, pvar, typ)) c.captured_vars in + Const (Cclosure { c with captured_vars }) + | Const (Cint _ | Cfun _ | Cstr _ | Cfloat _ | Cattribute _ | Cclass _ | Cptr_to_fld _) -> e | Cast (t, e1) -> let e1' = exp_sub subst e1 in diff --git a/infer/src/backend/sil.mli b/infer/src/backend/sil.mli index e875c8505..483b3c95c 100644 --- a/infer/src/backend/sil.mli +++ b/infer/src/backend/sil.mli @@ -284,7 +284,7 @@ and attribute_category = and closure = { name : Procname.t; - captured_vars : (Ident.t * pvar * typ) list; + captured_vars : (exp * pvar * typ) list; } (** Constants *) diff --git a/infer/src/backend/symExec.ml b/infer/src/backend/symExec.ml index 131cff262..8b7733c0b 100644 --- a/infer/src/backend/symExec.ml +++ b/infer/src/backend/symExec.ml @@ -960,7 +960,7 @@ let rec sym_exec tenv current_pdesc _instr (prop_: Prop.normal Prop.t) path | Sil.Const (Sil.Cclosure c) -> let proc_exp = Sil.Const (Sil.Cfun c.name) in let proc_exp' = Prop.exp_normalize_prop prop_ proc_exp in - let par' = IList.map (fun (id, _, typ) -> (Sil.Var id, typ)) c.captured_vars in + let par' = IList.map (fun (id_exp, _, typ) -> (id_exp, typ)) c.captured_vars in Sil.Call (ret, proc_exp', par' @ par, loc, call_flags) | _ -> Sil.Call (ret, exp', par, loc, call_flags) in diff --git a/infer/src/clang/cTrans.ml b/infer/src/clang/cTrans.ml index 09ee10465..c5f085faf 100644 --- a/infer/src/clang/cTrans.ml +++ b/infer/src/clang/cTrans.ml @@ -173,7 +173,7 @@ struct ids := id :: !ids; insts := Sil.Letderef (id, block, typ, loc) :: !insts; (Sil.Var id, typ) in - let make_arg typ (id, _, _) = (Sil.Var id, typ) in + let make_arg typ (id, _, _) = (id, typ) in let rec f es = match es with | [] -> [] @@ -1919,7 +1919,7 @@ struct F.function_decl context.tenv context.cfg context.cg decl (Some block_data); Cfg.set_procname_priority context.cfg block_pname; let captured_vars = - IList.map2 (fun id (pvar, typ) -> (id, pvar, typ)) ids captured_pvars in + IList.map2 (fun id (pvar, typ) -> (Sil.Var id, pvar, typ)) ids captured_pvars in let closure = Sil.Cclosure { name=block_pname; captured_vars } in let block_name = Procname.to_string block_pname in let static_vars = CContext.static_vars_for_block context block_pname in diff --git a/infer/src/unit/addressTakenTests.ml b/infer/src/unit/addressTakenTests.ml index 154066826..d6d458ffb 100644 --- a/infer/src/unit/addressTakenTests.ml +++ b/infer/src/unit/addressTakenTests.ml @@ -23,7 +23,7 @@ let tests = let int_ptr_typ = Sil.Tptr (int_typ, Pk_pointer) in let fun_ptr_typ = Sil.Tptr (Tfun false, Pk_pointer) in let closure_exp captured_pvars = - let mk_captured_var str = (ident_of_str str, pvar_of_str str, int_ptr_typ) in + let mk_captured_var str = (Sil.Var (ident_of_str str), pvar_of_str str, int_ptr_typ) in let captured_vars = IList.map mk_captured_var captured_pvars in let closure = { Sil.name=dummy_procname; captured_vars; } in Sil.Const (Cclosure closure) in diff --git a/infer/tests/codetoanalyze/objc/frontend/block/BlockVar.dot b/infer/tests/codetoanalyze/objc/frontend/block/BlockVar.dot index 39e3ff6bf..e29ff68b5 100644 --- a/infer/tests/codetoanalyze/objc/frontend/block/BlockVar.dot +++ b/infer/tests/codetoanalyze/objc/frontend/block/BlockVar.dot @@ -1,57 +1,185 @@ digraph iCFG { -21 [label="21: DeclStmt \n DECLARE_LOCALS(&__objc_anonymous_block_BlockVar_navigateToURLInBackground______1); [line 19]\n n$10=_fun___objc_alloc_no_fail(sizeof(class __objc_anonymous_block_BlockVar_navigateToURLInBackground______1 ):unsigned long ) [line 19]\n *&__objc_anonymous_block_BlockVar_navigateToURLInBackground______1:class __objc_anonymous_block_BlockVar_navigateToURLInBackground______1 =n$10 [line 19]\n *&addBlock:_fn_ (*)=(_fun___objc_anonymous_block_BlockVar_navigateToURLInBackground______1) [line 19]\n REMOVE_TEMPS(n$10); [line 19]\n " shape="box"] +55 [label="55: DeclStmt \n *&i:int =5 [line 57]\n " shape="box"] - 21 -> 15 ; -20 [label="20: DeclStmt \n *&error:class NSError *=0 [line 20]\n NULLIFY(&error,false); [line 20]\n " shape="box"] + 55 -> 54 ; +54 [label="54: DeclStmt \n *&x:int *=&i [line 58]\n " shape="box"] - 20 -> 19 ; -19 [label="19: DeclStmt \n n$9=_fun_BlockVar_test() [line 21]\n *&res:int =n$9 [line 21]\n REMOVE_TEMPS(n$9); [line 21]\n " shape="box"] + 54 -> 53 ; +53 [label="53: DeclStmt \n DECLARE_LOCALS(&__objc_anonymous_block_BlockVar_capturedNoNullDeref______5); [line 59]\n n$37=_fun___objc_alloc_no_fail(sizeof(class __objc_anonymous_block_BlockVar_capturedNoNullDeref______5 ):unsigned long ) [line 59]\n *&__objc_anonymous_block_BlockVar_capturedNoNullDeref______5:class __objc_anonymous_block_BlockVar_capturedNoNullDeref______5 =n$37 [line 59]\n n$38=*&x:int * [line 59]\n *n$37.x:int *=n$38 [line 59]\n n$34=*&x:int * [line 59]\n *&my_block:_fn_ (*)=(_fun___objc_anonymous_block_BlockVar_capturedNoNullDeref______5,n$34) [line 59]\n REMOVE_TEMPS(n$37,n$38,n$34); [line 59]\n " shape="box"] + + + 53 -> 49 ; +52 [label="52: Return Stmt \n n$35=*&x:int * [line 60]\n n$36=*n$35:int [line 60]\n *&return:int =n$36 [line 60]\n REMOVE_TEMPS(n$35,n$36); [line 60]\n APPLY_ABSTRACTION; [line 60]\n " shape="box"] + + + 52 -> 51 ; +51 [label="51: Exit __objc_anonymous_block_BlockVar_capturedNoNullDeref______5 \n " color=yellow style=filled] + + +50 [label="50: Start __objc_anonymous_block_BlockVar_capturedNoNullDeref______5\nFormals: x:int *\nLocals: \nCaptured: x:int * \n DECLARE_LOCALS(&return); [line 59]\n " color=yellow style=filled] + + + 50 -> 52 ; +49 [label="49: BinaryOperatorStmt: Assign \n *&x:int *=0 [line 62]\n " shape="box"] + + + 49 -> 48 ; +48 [label="48: Return Stmt \n n$32=*&my_block:_fn_ (*) [line 63]\n n$33=n$32() [line 63]\n *&return:int =n$33 [line 63]\n REMOVE_TEMPS(n$32,n$33); [line 63]\n NULLIFY(&__objc_anonymous_block_BlockVar_capturedNoNullDeref______5,true); [line 63]\n NULLIFY(&my_block,false); [line 63]\n NULLIFY(&i,false); [line 63]\n APPLY_ABSTRACTION; [line 63]\n " shape="box"] + + + 48 -> 47 ; +47 [label="47: Exit BlockVar_capturedNoNullDeref \n " color=yellow style=filled] + + +46 [label="46: Start BlockVar_capturedNoNullDeref\nFormals: self:class BlockVar *\nLocals: my_block:_fn_ (*) x:int * i:int \n DECLARE_LOCALS(&return,&my_block,&x,&i); [line 56]\n NULLIFY(&my_block,false); [line 56]\n NULLIFY(&self,false); [line 56]\n " color=yellow style=filled] + + + 46 -> 55 ; +45 [label="45: DeclStmt \n *&x:int *=0 [line 49]\n " shape="box"] + + + 45 -> 44 ; +44 [label="44: DeclStmt \n DECLARE_LOCALS(&__objc_anonymous_block_BlockVar_capturedNullDeref______4); [line 50]\n n$30=_fun___objc_alloc_no_fail(sizeof(class __objc_anonymous_block_BlockVar_capturedNullDeref______4 ):unsigned long ) [line 50]\n *&__objc_anonymous_block_BlockVar_capturedNullDeref______4:class __objc_anonymous_block_BlockVar_capturedNullDeref______4 =n$30 [line 50]\n n$31=*&x:int * [line 50]\n *n$30.x:int *=n$31 [line 50]\n n$27=*&x:int * [line 50]\n *&my_block:_fn_ (*)=(_fun___objc_anonymous_block_BlockVar_capturedNullDeref______4,n$27) [line 50]\n REMOVE_TEMPS(n$30,n$31,n$27); [line 50]\n " shape="box"] + + + 44 -> 40 ; +43 [label="43: Return Stmt \n n$28=*&x:int * [line 51]\n n$29=*n$28:int [line 51]\n *&return:int =n$29 [line 51]\n REMOVE_TEMPS(n$28,n$29); [line 51]\n APPLY_ABSTRACTION; [line 51]\n " shape="box"] + + + 43 -> 42 ; +42 [label="42: Exit __objc_anonymous_block_BlockVar_capturedNullDeref______4 \n " color=yellow style=filled] + + +41 [label="41: Start __objc_anonymous_block_BlockVar_capturedNullDeref______4\nFormals: x:int *\nLocals: \nCaptured: x:int * \n DECLARE_LOCALS(&return); [line 50]\n " color=yellow style=filled] + + + 41 -> 43 ; +40 [label="40: Return Stmt \n n$25=*&my_block:_fn_ (*) [line 53]\n n$26=n$25() [line 53]\n *&return:int =n$26 [line 53]\n REMOVE_TEMPS(n$25,n$26); [line 53]\n NULLIFY(&__objc_anonymous_block_BlockVar_capturedNullDeref______4,true); [line 53]\n NULLIFY(&my_block,false); [line 53]\n APPLY_ABSTRACTION; [line 53]\n " shape="box"] + + + 40 -> 39 ; +39 [label="39: Exit BlockVar_capturedNullDeref \n " color=yellow style=filled] + + +38 [label="38: Start BlockVar_capturedNullDeref\nFormals: self:class BlockVar *\nLocals: my_block:_fn_ (*) x:int * \n DECLARE_LOCALS(&return,&my_block,&x); [line 48]\n NULLIFY(&my_block,false); [line 48]\n NULLIFY(&self,false); [line 48]\n " color=yellow style=filled] + + + 38 -> 45 ; +37 [label="37: DeclStmt \n *&i:int =7 [line 40]\n " shape="box"] + + + 37 -> 36 ; +36 [label="36: DeclStmt \n *&x:int *=&i [line 41]\n " shape="box"] + + + 36 -> 35 ; +35 [label="35: DeclStmt \n DECLARE_LOCALS(&__objc_anonymous_block_BlockVar_blockPostOk______3); [line 42]\n n$23=_fun___objc_alloc_no_fail(sizeof(class __objc_anonymous_block_BlockVar_blockPostOk______3 ):unsigned long ) [line 42]\n *&__objc_anonymous_block_BlockVar_blockPostOk______3:class __objc_anonymous_block_BlockVar_blockPostOk______3 =n$23 [line 42]\n n$24=*&x:int * [line 42]\n *n$23.x:int *=n$24 [line 42]\n n$21=*&x:int * [line 42]\n *&my_block:_fn_ (*)=(_fun___objc_anonymous_block_BlockVar_blockPostOk______3,n$21) [line 42]\n REMOVE_TEMPS(n$23,n$24,n$21); [line 42]\n " shape="box"] + + + 35 -> 31 ; +34 [label="34: Return Stmt \n n$22=*&x:int * [line 43]\n *&return:int *=n$22 [line 43]\n REMOVE_TEMPS(n$22); [line 43]\n APPLY_ABSTRACTION; [line 43]\n " shape="box"] + + + 34 -> 33 ; +33 [label="33: Exit __objc_anonymous_block_BlockVar_blockPostOk______3 \n " color=yellow style=filled] + + +32 [label="32: Start __objc_anonymous_block_BlockVar_blockPostOk______3\nFormals: x:int *\nLocals: \nCaptured: x:int * \n DECLARE_LOCALS(&return); [line 42]\n " color=yellow style=filled] + + + 32 -> 34 ; +31 [label="31: Return Stmt \n n$18=*&my_block:_fn_ (*) [line 45]\n n$19=n$18() [line 45]\n n$20=*n$19:int [line 45]\n *&return:int =n$20 [line 45]\n REMOVE_TEMPS(n$18,n$19,n$20); [line 45]\n NULLIFY(&__objc_anonymous_block_BlockVar_blockPostOk______3,true); [line 45]\n NULLIFY(&my_block,false); [line 45]\n NULLIFY(&i,false); [line 45]\n APPLY_ABSTRACTION; [line 45]\n " shape="box"] + + + 31 -> 30 ; +30 [label="30: Exit BlockVar_blockPostOk \n " color=yellow style=filled] + + +29 [label="29: Start BlockVar_blockPostOk\nFormals: self:class BlockVar *\nLocals: my_block:_fn_ (*) x:int * i:int \n DECLARE_LOCALS(&return,&my_block,&x,&i); [line 39]\n NULLIFY(&my_block,false); [line 39]\n NULLIFY(&self,false); [line 39]\n " color=yellow style=filled] + + + 29 -> 37 ; +28 [label="28: DeclStmt \n *&x:int *=0 [line 32]\n " shape="box"] + + + 28 -> 27 ; +27 [label="27: DeclStmt \n DECLARE_LOCALS(&__objc_anonymous_block_BlockVar_blockPostBad______2); [line 33]\n n$16=_fun___objc_alloc_no_fail(sizeof(class __objc_anonymous_block_BlockVar_blockPostBad______2 ):unsigned long ) [line 33]\n *&__objc_anonymous_block_BlockVar_blockPostBad______2:class __objc_anonymous_block_BlockVar_blockPostBad______2 =n$16 [line 33]\n n$17=*&x:int * [line 33]\n *n$16.x:int *=n$17 [line 33]\n n$14=*&x:int * [line 33]\n *&my_block:_fn_ (*)=(_fun___objc_anonymous_block_BlockVar_blockPostBad______2,n$14) [line 33]\n REMOVE_TEMPS(n$16,n$17,n$14); [line 33]\n " shape="box"] + + + 27 -> 23 ; +26 [label="26: Return Stmt \n n$15=*&x:int * [line 34]\n *&return:int *=n$15 [line 34]\n REMOVE_TEMPS(n$15); [line 34]\n APPLY_ABSTRACTION; [line 34]\n " shape="box"] + + + 26 -> 25 ; +25 [label="25: Exit __objc_anonymous_block_BlockVar_blockPostBad______2 \n " color=yellow style=filled] + + +24 [label="24: Start __objc_anonymous_block_BlockVar_blockPostBad______2\nFormals: x:int *\nLocals: \nCaptured: x:int * \n DECLARE_LOCALS(&return); [line 33]\n " color=yellow style=filled] + + + 24 -> 26 ; +23 [label="23: Return Stmt \n n$11=*&my_block:_fn_ (*) [line 36]\n n$12=n$11() [line 36]\n n$13=*n$12:int [line 36]\n *&return:int =n$13 [line 36]\n REMOVE_TEMPS(n$11,n$12,n$13); [line 36]\n NULLIFY(&__objc_anonymous_block_BlockVar_blockPostBad______2,true); [line 36]\n NULLIFY(&my_block,false); [line 36]\n APPLY_ABSTRACTION; [line 36]\n " shape="box"] + + + 23 -> 22 ; +22 [label="22: Exit BlockVar_blockPostBad \n " color=yellow style=filled] + + +21 [label="21: Start BlockVar_blockPostBad\nFormals: self:class BlockVar *\nLocals: my_block:_fn_ (*) x:int * \n DECLARE_LOCALS(&return,&my_block,&x); [line 31]\n NULLIFY(&my_block,false); [line 31]\n NULLIFY(&self,false); [line 31]\n " color=yellow style=filled] + + + 21 -> 28 ; +20 [label="20: DeclStmt \n DECLARE_LOCALS(&__objc_anonymous_block_BlockVar_navigateToURLInBackground______1); [line 19]\n n$10=_fun___objc_alloc_no_fail(sizeof(class __objc_anonymous_block_BlockVar_navigateToURLInBackground______1 ):unsigned long ) [line 19]\n *&__objc_anonymous_block_BlockVar_navigateToURLInBackground______1:class __objc_anonymous_block_BlockVar_navigateToURLInBackground______1 =n$10 [line 19]\n *&addBlock:_fn_ (*)=(_fun___objc_anonymous_block_BlockVar_navigateToURLInBackground______1) [line 19]\n REMOVE_TEMPS(n$10); [line 19]\n " shape="box"] + + + 20 -> 15 ; +19 [label="19: DeclStmt \n n$9=_fun_BlockVar_test() [line 20]\n *&res:int =n$9 [line 20]\n REMOVE_TEMPS(n$9); [line 20]\n " shape="box"] 19 -> 18 ; -18 [label="18: Return Stmt \n n$6=*&a:int [line 22]\n n$7=*&b:int [line 22]\n n$8=*&res:int [line 22]\n *&return:int =((n$6 + n$7) + n$8) [line 22]\n REMOVE_TEMPS(n$6,n$7,n$8); [line 22]\n NULLIFY(&a,false); [line 22]\n NULLIFY(&b,false); [line 22]\n NULLIFY(&res,false); [line 22]\n APPLY_ABSTRACTION; [line 22]\n " shape="box"] +18 [label="18: Return Stmt \n n$6=*&a:int [line 21]\n n$7=*&b:int [line 21]\n n$8=*&res:int [line 21]\n *&return:int =((n$6 + n$7) + n$8) [line 21]\n REMOVE_TEMPS(n$6,n$7,n$8); [line 21]\n NULLIFY(&a,false); [line 21]\n NULLIFY(&b,false); [line 21]\n NULLIFY(&res,false); [line 21]\n APPLY_ABSTRACTION; [line 21]\n " shape="box"] 18 -> 17 ; 17 [label="17: Exit __objc_anonymous_block_BlockVar_navigateToURLInBackground______1 \n " color=yellow style=filled] -16 [label="16: Start __objc_anonymous_block_BlockVar_navigateToURLInBackground______1\nFormals: a:int b:int \nLocals: res:int error:class NSError * \n DECLARE_LOCALS(&return,&res,&error); [line 19]\n NULLIFY(&error,false); [line 19]\n NULLIFY(&res,false); [line 19]\n " color=yellow style=filled] +16 [label="16: Start __objc_anonymous_block_BlockVar_navigateToURLInBackground______1\nFormals: a:int b:int \nLocals: res:int \n DECLARE_LOCALS(&return,&res); [line 19]\n NULLIFY(&res,false); [line 19]\n " color=yellow style=filled] - 16 -> 20 ; -15 [label="15: DeclStmt \n n$4=*&addBlock:_fn_ (*) [line 24]\n n$5=n$4(1:int ,2:int ) [line 24]\n *&x:int =n$5 [line 24]\n REMOVE_TEMPS(n$4,n$5); [line 24]\n NULLIFY(&addBlock,false); [line 24]\n " shape="box"] + 16 -> 19 ; +15 [label="15: DeclStmt \n n$4=*&addBlock:_fn_ (*) [line 23]\n n$5=n$4(1:int ,2:int ) [line 23]\n *&x:int =n$5 [line 23]\n REMOVE_TEMPS(n$4,n$5); [line 23]\n NULLIFY(&addBlock,false); [line 23]\n " shape="box"] 15 -> 14 ; -14 [label="14: DeclStmt \n *&p:int *=0 [line 25]\n " shape="box"] +14 [label="14: DeclStmt \n *&p:int *=0 [line 24]\n " shape="box"] 14 -> 9 ; -13 [label="13: Return Stmt \n NULLIFY(&p,false); [line 29]\n n$3=*&x:int [line 29]\n *&return:int =n$3 [line 29]\n REMOVE_TEMPS(n$3); [line 29]\n NULLIFY(&__objc_anonymous_block_BlockVar_navigateToURLInBackground______1,true); [line 29]\n NULLIFY(&x,false); [line 29]\n APPLY_ABSTRACTION; [line 29]\n " shape="box"] +13 [label="13: Return Stmt \n NULLIFY(&p,false); [line 28]\n n$3=*&x:int [line 28]\n *&return:int =n$3 [line 28]\n REMOVE_TEMPS(n$3); [line 28]\n NULLIFY(&__objc_anonymous_block_BlockVar_navigateToURLInBackground______1,true); [line 28]\n NULLIFY(&x,false); [line 28]\n APPLY_ABSTRACTION; [line 28]\n " shape="box"] 13 -> 7 ; -12 [label="12: Return Stmt \n NULLIFY(&x,false); [line 27]\n n$1=*&p:int * [line 27]\n n$2=*n$1:int [line 27]\n *&return:int =n$2 [line 27]\n REMOVE_TEMPS(n$1,n$2); [line 27]\n NULLIFY(&__objc_anonymous_block_BlockVar_navigateToURLInBackground______1,true); [line 27]\n NULLIFY(&p,false); [line 27]\n APPLY_ABSTRACTION; [line 27]\n " shape="box"] +12 [label="12: Return Stmt \n NULLIFY(&x,false); [line 26]\n n$1=*&p:int * [line 26]\n n$2=*n$1:int [line 26]\n *&return:int =n$2 [line 26]\n REMOVE_TEMPS(n$1,n$2); [line 26]\n NULLIFY(&__objc_anonymous_block_BlockVar_navigateToURLInBackground______1,true); [line 26]\n NULLIFY(&p,false); [line 26]\n APPLY_ABSTRACTION; [line 26]\n " shape="box"] 12 -> 7 ; -11 [label="11: Prune (false branch) \n PRUNE(((n$0 == 8) == 0), false); [line 26]\n REMOVE_TEMPS(n$0); [line 26]\n " shape="invhouse"] +11 [label="11: Prune (false branch) \n PRUNE(((n$0 == 8) == 0), false); [line 25]\n REMOVE_TEMPS(n$0); [line 25]\n " shape="invhouse"] 11 -> 13 ; -10 [label="10: Prune (true branch) \n PRUNE(((n$0 == 8) != 0), true); [line 26]\n REMOVE_TEMPS(n$0); [line 26]\n " shape="invhouse"] +10 [label="10: Prune (true branch) \n PRUNE(((n$0 == 8) != 0), true); [line 25]\n REMOVE_TEMPS(n$0); [line 25]\n " shape="invhouse"] 10 -> 12 ; -9 [label="9: BinaryOperatorStmt: EQ \n n$0=*&x:int [line 26]\n " shape="box"] +9 [label="9: BinaryOperatorStmt: EQ \n n$0=*&x:int [line 25]\n " shape="box"] 9 -> 10 ; 9 -> 11 ; -8 [label="8: + \n NULLIFY(&__objc_anonymous_block_BlockVar_navigateToURLInBackground______1,true); [line 26]\n NULLIFY(&addBlock,false); [line 26]\n NULLIFY(&p,false); [line 26]\n NULLIFY(&x,false); [line 26]\n " ] +8 [label="8: + \n NULLIFY(&__objc_anonymous_block_BlockVar_navigateToURLInBackground______1,true); [line 25]\n NULLIFY(&addBlock,false); [line 25]\n NULLIFY(&p,false); [line 25]\n NULLIFY(&x,false); [line 25]\n " ] 8 -> 7 ; @@ -61,7 +189,7 @@ digraph iCFG { 6 [label="6: Start BlockVar_navigateToURLInBackground\nFormals: \nLocals: p:int * x:int addBlock:_fn_ (*) \n DECLARE_LOCALS(&return,&p,&x,&addBlock); [line 18]\n NULLIFY(&addBlock,false); [line 18]\n NULLIFY(&p,false); [line 18]\n NULLIFY(&x,false); [line 18]\n " color=yellow style=filled] - 6 -> 21 ; + 6 -> 20 ; 5 [label="5: Return Stmt \n *&return:int =5 [line 15]\n APPLY_ABSTRACTION; [line 15]\n " shape="box"] diff --git a/infer/tests/codetoanalyze/objc/frontend/block/BlockVar.m b/infer/tests/codetoanalyze/objc/frontend/block/BlockVar.m index d8770d655..ba07974da 100644 --- a/infer/tests/codetoanalyze/objc/frontend/block/BlockVar.m +++ b/infer/tests/codetoanalyze/objc/frontend/block/BlockVar.m @@ -17,7 +17,6 @@ + (int)navigateToURLInBackground { int (^addBlock)(int a, int b) = ^(int a, int b) { - NSError* error = nil; int res = [self test]; return a + b + res; }; @@ -28,4 +27,40 @@ else return x; } + +- (int)blockPostBad { + int* x = NULL; + int* (^my_block)(void) = ^() { + return x; + }; + return *my_block(); // should report null deref here +} + +- (int)blockPostOk { + int i = 7; + int* x = &i; + int* (^my_block)(void) = ^() { + return x; + }; + return *my_block(); // should not report null deref here +} + +- (int)capturedNullDeref { + int* x = NULL; + int (^my_block)(void) = ^() { + return *x; + }; + return my_block(); // should report null deref here +} + +- (int)capturedNoNullDeref { + int i = 5; + int* x = &i; + int (^my_block)(void) = ^() { + return *x; + }; + x = NULL; + return my_block(); // should not report null deref here +} + @end diff --git a/infer/tests/endtoend/objc/BlockVarTest.java b/infer/tests/endtoend/objc/BlockVarTest.java index 9cdf9db3f..b64ef64f8 100644 --- a/infer/tests/endtoend/objc/BlockVarTest.java +++ b/infer/tests/endtoend/objc/BlockVarTest.java @@ -44,11 +44,13 @@ public class BlockVarTest { } @Test - public void whenInferRunsOnNavigateToURLInBackgroundThenNPEIsFound() + public void matchErrors() throws InterruptedException, IOException, InferException { InferResults inferResults = InferRunner.runInferObjC(inferCmd); String[] procedures = { "navigateToURLInBackground", + "blockPostBad", + "capturedNullDeref" }; assertThat( "Results should contain the expected null pointer exception", @@ -60,4 +62,5 @@ public class BlockVarTest { ) ); } + }