Summary:
A bug in docusaurus makes relative URLs fail depending on how the page
was accessed, because the URL of a page in docs/ will end in / if
accessed directly or via hyperlink, but that / will be omitted when
clicking on the sidebar. The final / makes all the difference when
interpreting relative URLs so relative URLs are essentially broken.
See https://github.com/facebook/docusaurus/issues/2832 for more details.
This changes URL generation to generate URLs /docs/next/..., and
manually substitute relative URLs that had been written by hand.
Also fix a few other things about outdated links/comments.
Finally, `make doc-publish`.
Reviewed By: dulmarod
Differential Revision: D22117187
fbshipit-source-id: 32e2ba7e1
master
Jules Villard5 years agocommitted byFacebook GitHub Bot
where `foo` has a linear cost in its parameter, then Infer automatically detects that the complexity of loop has increased from `O(|list|)` to `O(|list|^2)` and then reports an [`EXECUTION_TIME_COMPLEXITY_INCREASE`](execution_time_complexity_increase) issue.
where `foo` has a linear cost in its parameter, then Infer automatically detects that the complexity of loop has increased from `O(|list|)` to `O(|list|^2)` and then reports an [`EXECUTION_TIME_COMPLEXITY_INCREASE`](/docs/next/all-issue-types#execution_time_complexity_increase) issue.
@ -59,13 +59,13 @@ Differential cost analysis in action:
- first run infer's cost analysis on `File.java` and rename `costs-report.json` (which is in `/infer-out`) to `previous-costs-report.json`
- first run infer's cost analysis on `File.java` and rename `costs-report.json` (which is in `/infer-out`) to `previous-costs-report.json`
- modify the function as shown above
- modify the function as shown above
- re-run infer on `File.java` and rename `costs-report.json` to `current-costs-report.json`
- re-run infer on `File.java` and rename `costs-report.json` to `current-costs-report.json`
- run `infer reportdiff --costs-current current-costs-report.json --costs-previous current-costs-report`.
- run `infer reportdiff --costs-current current-costs-report.json --costs-previous current-costs-report`.
- Inspect `infer-out/differential/introduced.json` to see the newly found complexity increase issue(s).
- Inspect `infer-out/differential/introduced.json` to see the newly found complexity increase issue(s).
## Limitations
## Limitations
There are a number of known limitations to the design of the static cost analysis:
There are a number of known limitations to the design of the static cost analysis:
- InferBo's intervals are limited to affine expressions, not full-blown polynomials. Hence, we can automatically infer bounds involving square roots.
- InferBo's intervals are limited to affine expressions, not full-blown polynomials. Hence, we can automatically infer bounds involving square roots.
An important feature of RacerD is that it finds races by analyzing not just one
An important feature of RacerD is that it finds races by analyzing not just one
file or class, but by looking at memory accesses that occur after going through
file or class, but by looking at memory accesses that occur after going through
@ -396,7 +396,7 @@ Facebook engineers.
[A separate blog post looked at 100 recent data race fixes](https://code.facebook.com/posts/1537144479682247/finding-inter-procedural-bugs-at-scale-with-infer-static-analyzer/)
[A separate blog post looked at 100 recent data race fixes](https://code.facebook.com/posts/1537144479682247/finding-inter-procedural-bugs-at-scale-with-infer-static-analyzer/)
in Infer's deployment in various bug categories, and for data races observed
in Infer's deployment in various bug categories, and for data races observed
that 53 of them were inter-file (and thus involving multiple classes).
that 53 of them were inter-file (and thus involving multiple classes).
[See above](racerd#interprocedural) for an example of RacerD's interprocedural
[See above](#interprocedural-reasoning) for an example of RacerD's interprocedural
capabilities.
capabilities.
One reaction to the challenge of developing effective static race detectors has
One reaction to the challenge of developing effective static race detectors has
@ -408,14 +408,7 @@ Rust, and the use/checking of @GuardedBy annotations in
<violation begincolumn="3" beginline="12" endcolumn="3" endline="13" class="" method="test" package="" priority="1" rule="NULL_DEREFERENCE" ruleset="Infer Rules" externalinfourl="https://fbinfer.com/docs/next/all-issue-types#null_dereference">pointer `s` last assigned on line 11 could be null and is dereferenced at line 12, column 3.</violation>
<violation begincolumn="3" beginline="12" endcolumn="3" endline="13" class="" method="test" package="" priority="1" rule="NULL_DEREFERENCE" ruleset="Infer Rules" externalinfourl="https://fbinfer.com//docs/next/all-issue-types#null_dereference">pointer `s` last assigned on line 11 could be null and is dereferenced at line 12, column 3.</violation>
@ -7,7 +7,7 @@ Here is an overview of the issue types currently reported by Infer. Currently ou
## ASSIGN_POINTER_WARNING
## ASSIGN_POINTER_WARNING
Reported as "Assign Pointer Warning" by [linters](checker-linters.md).
Reported as "Assign Pointer Warning" by [linters](/docs/next/checker-linters).
This check fires when a pointer to an Obj-C object is tagged with an `assign`
This check fires when a pointer to an Obj-C object is tagged with an `assign`
property (similar to the `-Warc-unsafe-retained-assign` compiler flag). Not
property (similar to the `-Warc-unsafe-retained-assign` compiler flag). Not
@ -16,7 +16,7 @@ and use a dangling pointer.
## BAD_POINTER_COMPARISON
## BAD_POINTER_COMPARISON
Reported as "Bad Pointer Comparison" by [linters](checker-linters.md).
Reported as "Bad Pointer Comparison" by [linters](/docs/next/checker-linters).
Infer reports these warnings in Objective-C when a boxed primitive type such as
Infer reports these warnings in Objective-C when a boxed primitive type such as
`NSNumber *` is coerced to a boolean in a comparison. For example, consider the
`NSNumber *` is coerced to a boolean in a comparison. For example, consider the
@ -35,7 +35,7 @@ compare `n` to `nil` or call an accessor to clarify her intention.
## BUFFER_OVERRUN_L1
## BUFFER_OVERRUN_L1
Reported as "Buffer Overrun L1" by [bufferoverrun](checker-bufferoverrun.md).
Reported as "Buffer Overrun L1" by [bufferoverrun](/docs/next/checker-bufferoverrun).
Buffer overrun reports fall into several "buckets" corresponding to the expected precision of the
Buffer overrun reports fall into several "buckets" corresponding to the expected precision of the
report. The higher the number, the more likely it is to be a false positive.
report. The higher the number, the more likely it is to be a false positive.
@ -84,47 +84,47 @@ Other than them, there are some specific-purpose buffer overrun reports as follo
## BUFFER_OVERRUN_L2
## BUFFER_OVERRUN_L2
Reported as "Buffer Overrun L2" by [bufferoverrun](checker-bufferoverrun.md).
Reported as "Buffer Overrun L2" by [bufferoverrun](/docs/next/checker-bufferoverrun).
See [BUFFER_OVERRUN_L1](#buffer_overrun_l1)
See [BUFFER_OVERRUN_L1](#buffer_overrun_l1)
## BUFFER_OVERRUN_L3
## BUFFER_OVERRUN_L3
Reported as "Buffer Overrun L3" by [bufferoverrun](checker-bufferoverrun.md).
Reported as "Buffer Overrun L3" by [bufferoverrun](/docs/next/checker-bufferoverrun).
See [BUFFER_OVERRUN_L1](#buffer_overrun_l1)
See [BUFFER_OVERRUN_L1](#buffer_overrun_l1)
## BUFFER_OVERRUN_L4
## BUFFER_OVERRUN_L4
Reported as "Buffer Overrun L4" by [bufferoverrun](checker-bufferoverrun.md).
Reported as "Buffer Overrun L4" by [bufferoverrun](/docs/next/checker-bufferoverrun).
See [BUFFER_OVERRUN_L1](#buffer_overrun_l1)
See [BUFFER_OVERRUN_L1](#buffer_overrun_l1)
## BUFFER_OVERRUN_L5
## BUFFER_OVERRUN_L5
Reported as "Buffer Overrun L5" by [bufferoverrun](checker-bufferoverrun.md).
Reported as "Buffer Overrun L5" by [bufferoverrun](/docs/next/checker-bufferoverrun).
See [BUFFER_OVERRUN_L1](#buffer_overrun_l1)
See [BUFFER_OVERRUN_L1](#buffer_overrun_l1)
## BUFFER_OVERRUN_R2
## BUFFER_OVERRUN_R2
Reported as "Buffer Overrun R2" by [bufferoverrun](checker-bufferoverrun.md).
Reported as "Buffer Overrun R2" by [bufferoverrun](/docs/next/checker-bufferoverrun).
See [BUFFER_OVERRUN_L1](#buffer_overrun_l1)
See [BUFFER_OVERRUN_L1](#buffer_overrun_l1)
## BUFFER_OVERRUN_S2
## BUFFER_OVERRUN_S2
Reported as "Buffer Overrun S2" by [bufferoverrun](checker-bufferoverrun.md).
Reported as "Buffer Overrun S2" by [bufferoverrun](/docs/next/checker-bufferoverrun).
See [BUFFER_OVERRUN_L1](#buffer_overrun_l1)
See [BUFFER_OVERRUN_L1](#buffer_overrun_l1)
## BUFFER_OVERRUN_T1
## BUFFER_OVERRUN_T1
Reported as "Buffer Overrun T1" by [bufferoverrun](checker-bufferoverrun.md).
Reported as "Buffer Overrun T1" by [bufferoverrun](/docs/next/checker-bufferoverrun).
See [BUFFER_OVERRUN_L1](#buffer_overrun_l1)
See [BUFFER_OVERRUN_L1](#buffer_overrun_l1)
## BUFFER_OVERRUN_U5
## BUFFER_OVERRUN_U5
Reported as "Buffer Overrun U5" by [bufferoverrun](checker-bufferoverrun.md).
Reported as "Buffer Overrun U5" by [bufferoverrun](/docs/next/checker-bufferoverrun).
See [BUFFER_OVERRUN_L1](#buffer_overrun_l1)
See [BUFFER_OVERRUN_L1](#buffer_overrun_l1)
## CAPTURED_STRONG_SELF
## CAPTURED_STRONG_SELF
Reported as "Captured strongSelf" by [self-in-block](checker-self-in-block.md).
Reported as "Captured strongSelf" by [self-in-block](/docs/next/checker-self-in-block).
This will happen in one of two cases generally:
This will happen in one of two cases generally:
@ -137,7 +137,7 @@ This will happen in one of two cases generally:
## CHECKERS_ALLOCATES_MEMORY
## CHECKERS_ALLOCATES_MEMORY
Reported as "Allocates Memory" by [annotation-reachability](checker-annotation-reachability.md).
Reported as "Allocates Memory" by [annotation-reachability](/docs/next/checker-annotation-reachability).
A method annotated with `@NoAllocation` transitively calls `new`.
A method annotated with `@NoAllocation` transitively calls `new`.
@ -154,13 +154,13 @@ class C implements I {
## CHECKERS_ANNOTATION_REACHABILITY_ERROR
## CHECKERS_ANNOTATION_REACHABILITY_ERROR
Reported as "Annotation Reachability Error" by [annotation-reachability](checker-annotation-reachability.md).
Reported as "Annotation Reachability Error" by [annotation-reachability](/docs/next/checker-annotation-reachability).
A method annotated with an annotation `@A` transitively calls a method annotated `@B` where the combination of annotations is forbidden (for example, `@UiThread` calling `@WorkerThread`).
A method annotated with an annotation `@A` transitively calls a method annotated `@B` where the combination of annotations is forbidden (for example, `@UiThread` calling `@WorkerThread`).
## CHECKERS_CALLS_EXPENSIVE_METHOD
## CHECKERS_CALLS_EXPENSIVE_METHOD
Reported as "Expensive Method Called" by [annotation-reachability](checker-annotation-reachability.md).
Reported as "Expensive Method Called" by [annotation-reachability](/docs/next/checker-annotation-reachability).
A method annotated with `@PerformanceCritical` transitively calls a method annotated `@Expensive`.
A method annotated with `@PerformanceCritical` transitively calls a method annotated `@Expensive`.
@ -180,7 +180,7 @@ class C {
## CHECKERS_EXPENSIVE_OVERRIDES_UNANNOTATED
## CHECKERS_EXPENSIVE_OVERRIDES_UNANNOTATED
Reported as "Expensive Overrides Unannotated" by [annotation-reachability](checker-annotation-reachability.md).
Reported as "Expensive Overrides Unannotated" by [annotation-reachability](/docs/next/checker-annotation-reachability).
A method annotated with `@Expensive` overrides an un-annotated method.
A method annotated with `@Expensive` overrides an un-annotated method.
@ -199,7 +199,7 @@ class A implements I {
## CHECKERS_FRAGMENT_RETAINS_VIEW
## CHECKERS_FRAGMENT_RETAINS_VIEW
Reported as "Fragment Retains View" by [fragment-retains-view](checker-fragment-retains-view.md).
Reported as "Fragment Retains View" by [fragment-retains-view](/docs/next/checker-fragment-retains-view).
This error type is Android-specific. It fires when a `Fragment` type fails to
This error type is Android-specific. It fires when a `Fragment` type fails to
nullify one or more of its declared `View` fields in `onDestroyView`. In
nullify one or more of its declared `View` fields in `onDestroyView`. In
@ -213,7 +213,7 @@ Action: Nullify the `View` in question in `onDestroyView`.
## CHECKERS_IMMUTABLE_CAST
## CHECKERS_IMMUTABLE_CAST
Reported as "Checkers Immutable Cast" by [immutable-cast](checker-immutable-cast.md).
Reported as "Checkers Immutable Cast" by [immutable-cast](/docs/next/checker-immutable-cast).
This error type is reported in Java. It fires when an immutable collection is
This error type is reported in Java. It fires when an immutable collection is
returned from a method whose type is mutable.
returned from a method whose type is mutable.
@ -233,7 +233,7 @@ collection so that it can be modified.
## CHECKERS_PRINTF_ARGS
## CHECKERS_PRINTF_ARGS
Reported as "Checkers Printf Args" by [printf-args](checker-printf-args.md).
Reported as "Checkers Printf Args" by [printf-args](/docs/next/checker-printf-args).
This error is reported when the argument types to a `printf` method do not match the format string.
This error is reported when the argument types to a `printf` method do not match the format string.
@ -247,38 +247,38 @@ Action: fix the mismatch between format string and argument types.
## COMPONENT_FACTORY_FUNCTION
## COMPONENT_FACTORY_FUNCTION
Reported as "Component Factory Function" by [linters](checker-linters.md).
Reported as "Component Factory Function" by [linters](/docs/next/checker-linters).
## COMPONENT_INITIALIZER_WITH_SIDE_EFFECTS
## COMPONENT_INITIALIZER_WITH_SIDE_EFFECTS
Reported as "Component Initializer With Side Effects" by [linters](checker-linters.md).
Reported as "Component Initializer With Side Effects" by [linters](/docs/next/checker-linters).
## COMPONENT_WITH_MULTIPLE_FACTORY_METHODS
## COMPONENT_WITH_MULTIPLE_FACTORY_METHODS
Reported as "Component With Multiple Factory Methods" by [linters](checker-linters.md).
Reported as "Component With Multiple Factory Methods" by [linters](/docs/next/checker-linters).
## COMPONENT_WITH_UNCONVENTIONAL_SUPERCLASS
## COMPONENT_WITH_UNCONVENTIONAL_SUPERCLASS
Reported as "Component With Unconventional Superclass" by [linters](checker-linters.md).
Reported as "Component With Unconventional Superclass" by [linters](/docs/next/checker-linters).
[Doc in ComponentKit page](http://componentkit.org/docs/never-subclass-components)
[Doc in ComponentKit page](http://componentkit.org/docs/never-subclass-components)
## CONDITION_ALWAYS_FALSE
## CONDITION_ALWAYS_FALSE
Reported as "Condition Always False" by [bufferoverrun](checker-bufferoverrun.md).
Reported as "Condition Always False" by [bufferoverrun](/docs/next/checker-bufferoverrun).
A condition expression is **always** evaluated to false.
A condition expression is **always** evaluated to false.
## CONDITION_ALWAYS_TRUE
## CONDITION_ALWAYS_TRUE
Reported as "Condition Always True" by [bufferoverrun](checker-bufferoverrun.md).
Reported as "Condition Always True" by [bufferoverrun](/docs/next/checker-bufferoverrun).
A condition expression is **always** evaluated to true.
A condition expression is **always** evaluated to true.
## CONSTANT_ADDRESS_DEREFERENCE
## CONSTANT_ADDRESS_DEREFERENCE
Reported as "Constant Address Dereference" by [pulse](checker-pulse.md).
Reported as "Constant Address Dereference" by [pulse](/docs/next/checker-pulse).
This is reported when an address obtained via a non-zero constant is
This is reported when an address obtained via a non-zero constant is
dereferenced. If the address is zero then
dereferenced. If the address is zero then
@ -289,17 +289,17 @@ type.
## CREATE_INTENT_FROM_URI
## CREATE_INTENT_FROM_URI
Reported as "Create Intent From Uri" by [quandary](checker-quandary.md).
Reported as "Create Intent From Uri" by [quandary](/docs/next/checker-quandary).
Create an intent/start a component using a (possibly user-controlled) URI. may or may not be an issue depending on where the URI comes from.
Create an intent/start a component using a (possibly user-controlled) URI. may or may not be an issue depending on where the URI comes from.
## CROSS_SITE_SCRIPTING
## CROSS_SITE_SCRIPTING
Reported as "Cross Site Scripting" by [quandary](checker-quandary.md).
Reported as "Cross Site Scripting" by [quandary](/docs/next/checker-quandary).
Untrusted data flows into HTML; XSS risk.
Untrusted data flows into HTML; XSS risk.
## CXX_REFERENCE_CAPTURED_IN_OBJC_BLOCK
## CXX_REFERENCE_CAPTURED_IN_OBJC_BLOCK
Reported as "Cxx Reference Captured In Objc Block" by [linters](checker-linters.md).
Reported as "Cxx Reference Captured In Objc Block" by [linters](/docs/next/checker-linters).
With this check, Infer detects C++ references captured in a block. Doing this is
With this check, Infer detects C++ references captured in a block. Doing this is
almost always wrong. The reason is that C++ references are not managed pointers
almost always wrong. The reason is that C++ references are not managed pointers
@ -318,7 +318,7 @@ const int copied_v = v;
## DEADLOCK
## DEADLOCK
Reported as "Deadlock" by [starvation](checker-starvation.md).
Reported as "Deadlock" by [starvation](/docs/next/checker-starvation).
This error is currently reported in Java. A deadlock occurs when two distinct
This error is currently reported in Java. A deadlock occurs when two distinct
threads try to acquire two locks in reverse orders. The following code
threads try to acquire two locks in reverse orders. The following code
@ -383,14 +383,14 @@ To suppress reports of deadlocks in a method `m()` use the
## DEAD_STORE
## DEAD_STORE
Reported as "Dead Store" by [liveness](checker-liveness.md).
Reported as "Dead Store" by [liveness](/docs/next/checker-liveness).
This error is reported in C++. It fires when the value assigned to a variables
This error is reported in C++. It fires when the value assigned to a variables
is never used (e.g., `int i = 1; i = 2; return i;`).
is never used (e.g., `int i = 1; i = 2; return i;`).
## DIRECT_ATOMIC_PROPERTY_ACCESS
## DIRECT_ATOMIC_PROPERTY_ACCESS
Reported as "Direct Atomic Property Access" by [linters](checker-linters.md).
Reported as "Direct Atomic Property Access" by [linters](/docs/next/checker-linters).
This check warns you when you are accessing an atomic property directly with an
This check warns you when you are accessing an atomic property directly with an
ivar. This makes the atomic property not atomic anymore. So potentially you may
ivar. This makes the atomic property not atomic anymore. So potentially you may
@ -400,7 +400,7 @@ To fix the problem you need to access properties with their getter or setter.
## DISCOURAGED_WEAK_PROPERTY_CUSTOM_SETTER
## DISCOURAGED_WEAK_PROPERTY_CUSTOM_SETTER
Reported as "Discouraged Weak Property Custom Setter" by [linters](checker-linters.md).
Reported as "Discouraged Weak Property Custom Setter" by [linters](/docs/next/checker-linters).
This check warns you when you have a custom setter for a weak property. When
This check warns you when you have a custom setter for a weak property. When
compiled with Automatic Reference Counting (ARC, `-fobj-arc`) ARC may set the
compiled with Automatic Reference Counting (ARC, `-fobj-arc`) ARC may set the
@ -469,7 +469,7 @@ Note that the custom setter was only invoked once.
## EMPTY_VECTOR_ACCESS
## EMPTY_VECTOR_ACCESS
Reported as "Empty Vector Access" by [biabduction](checker-biabduction.md).
Reported as "Empty Vector Access" by [biabduction](/docs/next/checker-biabduction).
This error type is reported only in C++, in versions >= C++11.
This error type is reported only in C++, in versions >= C++11.
@ -486,7 +486,7 @@ int foo(){
## ERADICATE_CONDITION_REDUNDANT
## ERADICATE_CONDITION_REDUNDANT
Reported as "Condition Redundant" by [eradicate](checker-eradicate.md).
Reported as "Condition Redundant" by [eradicate](/docs/next/checker-eradicate).
This report is inactive by default. Condition (x != null) or (x == null) when x
This report is inactive by default. Condition (x != null) or (x == null) when x
cannot be null: the first condition is always true and the second is always
cannot be null: the first condition is always true and the second is always
@ -513,7 +513,7 @@ relevant. If the annotations are correct, you can remove the redundant case.
## ERADICATE_FIELD_NOT_INITIALIZED
## ERADICATE_FIELD_NOT_INITIALIZED
Reported as "Field Not Initialized" by [eradicate](checker-eradicate.md).
Reported as "Field Not Initialized" by [eradicate](/docs/next/checker-eradicate).
The constructor does not initialize a field f which is not annotated with
The constructor does not initialize a field f which is not annotated with
@Nullable
@Nullable
@ -535,7 +535,7 @@ annotated with @Nullable.
## ERADICATE_FIELD_NOT_NULLABLE
## ERADICATE_FIELD_NOT_NULLABLE
Reported as "Field Not Nullable" by [eradicate](checker-eradicate.md).
Reported as "Field Not Nullable" by [eradicate](/docs/next/checker-eradicate).
An assignment x.f = v where v could be null and field f is not annotated with
An assignment x.f = v where v could be null and field f is not annotated with
Reported as "Expensive Loop Invariant Call" by [loop-hoisting](/docs/next/checker-loop-hoisting).
We report this issue type when a function is [loop-invariant](/docs/next/all-issue-types#invariant_call) and also expensive (i.e. at least has linear complexity as determined by the [cost](/docs/next/checker-cost) analysis).
```java
int incr(int x) {
return x + 1;
}
// incr will not be hoisted since it is cheap(constant time)
void foo_linear(int size) {
int x = 10;
for (int i = 0; i <size;i++){
incr(x); // constant call, don't hoist
}
}
// call to foo_linear will be hoisted since it is expensive(linear in size).
void symbolic_expensive_hoist(int size) {
for (int i = 0; i <size;i++){
foo_linear(size); // hoist
}
}
```
## EXPOSED_INSECURE_INTENT_HANDLING
## EXPOSED_INSECURE_INTENT_HANDLING
Reported as "Exposed Insecure Intent Handling" by [quandary](checker-quandary.md).
Reported as "Exposed Insecure Intent Handling" by [quandary](/docs/next/checker-quandary).
where `foo` has a linear cost in its parameter, then Infer automatically detects that the complexity of loop has increased from `O(|list|)` to `O(|list|^2)` and then reports an [`EXECUTION_TIME_COMPLEXITY_INCREASE`](execution_time_complexity_increase) issue.
where `foo` has a linear cost in its parameter, then Infer automatically detects that the complexity of loop has increased from `O(|list|)` to `O(|list|^2)` and then reports an [`EXECUTION_TIME_COMPLEXITY_INCREASE`](/docs/next/all-issue-types#execution_time_complexity_increase) issue.
@ -72,13 +72,13 @@ Differential cost analysis in action:
- first run infer's cost analysis on `File.java` and rename `costs-report.json` (which is in `/infer-out`) to `previous-costs-report.json`
- first run infer's cost analysis on `File.java` and rename `costs-report.json` (which is in `/infer-out`) to `previous-costs-report.json`
- modify the function as shown above
- modify the function as shown above
- re-run infer on `File.java` and rename `costs-report.json` to `current-costs-report.json`
- re-run infer on `File.java` and rename `costs-report.json` to `current-costs-report.json`
- run `infer reportdiff --costs-current current-costs-report.json --costs-previous current-costs-report`.
- run `infer reportdiff --costs-current current-costs-report.json --costs-previous current-costs-report`.
- Inspect `infer-out/differential/introduced.json` to see the newly found complexity increase issue(s).
- Inspect `infer-out/differential/introduced.json` to see the newly found complexity increase issue(s).
## Limitations
## Limitations
There are a number of known limitations to the design of the static cost analysis:
There are a number of known limitations to the design of the static cost analysis:
- InferBo's intervals are limited to affine expressions, not full-blown polynomials. Hence, we can automatically infer bounds involving square roots.
- InferBo's intervals are limited to affine expressions, not full-blown polynomials. Hence, we can automatically infer bounds involving square roots.
@ -90,7 +90,7 @@ There are a number of known limitations to the design of the static cost analysi
## List of Issue Types
## List of Issue Types
The following issue types are reported by this checker:
The following issue types are reported by this checker:
description: "Detects functions with potential side-effects. Same as \"purity\", but implemented on top of Pulse."
---
Detects functions with potential side-effects. Same as "purity", but implemented on top of Pulse.
Activate with `--impurity`.
Supported languages:
- C/C++/ObjC: Experimental
- Java: Experimental
This is an experimental inter-procedural analysis that detects impure functions. It is meant to be an improvement over the [purity](/docs/next/checker-purity) analysis with a negation on the issue types. For each function, impurity analysis keeps track of not only the impurity of the function but also some additional information such as which parameters/globals the function modifies. It models functions with no summary/model as impure. The analysis relies on [Pulse](/docs/next/checker-pulse) summaries to determine impurity.
## List of Issue Types
The following issue types are reported by this checker:
description: "Checks that all non-option `@Prop`s have been specified when constructing Litho components."
description: "Checks that all non-optional`@Prop`s have been specified when constructing Litho components."
---
---
Checks that all non-option `@Prop`s have been specified when constructing Litho components.
Checks that all non-optional`@Prop`s have been specified when constructing Litho components.
Activate with `--litho-required-props`.
Activate with `--litho-required-props`.
@ -11,3 +11,60 @@ Supported languages:
- C/C++/ObjC: No
- C/C++/ObjC: No
- Java: Yes
- Java: Yes
This analysis checks that all non-optional [`@Prop`](https://fblitho.com/docs/props)`s have been specified when constructing Litho components. This is a [Litho](https://fblitho.com/) specific checker.
## What are required Props?
In a nutshell, a Litho Component is essentially a class that defines immutable inputs, called prop (annotated with `@Prop`) in component hierarchy methods. For each Component there is a corresponding spec class which defines the required props:. E.g:
```java
class MyComponentSpec {
static void onCreate(
ComponentContext c,
@Prop(optional = true) String prop1, @Prop int prop2) {
...
}
...
}
```
`MyComponentSpec` defines two props: a String prop called `prop1` and an int prop named `prop2`. For each prop defined on the spec, the annotation processor creates a builder pattern method that has the same name as the prop.
Developers pass down values for these props by calling the appropriate methods:
```java
MyComponent.create(c)
.prop1("My prop 1")
.prop2(256)
.build();
```
If the required props are not called, then annotation processor throws an exception in run time. This is really bad and that's where this checker comes into play to detect such cases statically.
## Examples
E.g. the following is caught as [MISSING_REQUIRED_PROP](/docs/next/all-issue-types#missing_required_prop) `prop2`.
```java
MyComponent.create(c)
.prop1("My prop 1")
.build();
```
The following is ok though since `prop1` is optional.
```java
MyComponent.create(c)
.prop2(8)
.build();
```
Note that, the functions `create()` and `build()` could be defined in different methods and there could be various function calls, aliasing, and control flow patterns in between. Hence, this checker is inter-procedural.
## List of Issue Types
The following issue types are reported by this checker:
This checker detects opportunities to hoist function calls that are invariant to outside of loop bodies. The hoisting analysis relies on [purity](/docs/next/checker-purity) analysis to determine whather a function is pure or not.
It has an additional mode that reports [loop-invariant functions that are expensive](/docs/next/all-issue-types#expensive_loop_invariant_call) (i.e. at least linear). This is enabled by the flag `--hoisting-report-only-expensive`.
## List of Issue Types
The following issue types are reported by this checker:
description: "Detects pure (side-effect-free) functions. A different implementation of \"impurity\"."
---
Detects pure (side-effect-free) functions. A different implementation of "impurity".
Activate with `--purity`.
Supported languages:
- C/C++/ObjC: Experimental
- Java: Experimental
This is an experimental inter-procedural analysis that detects pure (side-effect free) functions. For each function, purity analysis keeps track of not only the purity of the function but also some additional information such as whether the function modifies a global variable or which of the parameters are modified. It models functions with no summary/model as modifying the global state (hence impure).
If the function is pure (i.e. doesn't modify any global state or its parameters and doesn't call any unknown functions), then it reports an [`PURE_FUNCTION`](/docs/next/all-issue-types#pure_function) issue.
## Weaknesses
There are two issues with the existing purity analysis:
- In order to detect which parameters are modified, we need an alias analysis which is difficult to get right.
- Just keeping track of modified arguments doesn't suffice.
Too see the issue with the first point, consider the following simple program:
```java
void foo(Foo a){
Foo b = a;
b.x = 10;
}
```
in order to determine that `foo` is impure, we need to know that the write to `b`'s field is actually changing the function parameter `a`, i.e. we need to check if `b` is aliasing `a`. This is known as alias analysis and is hard to get right in a scalable manner. When this analysis was being developed, Infer didn't have a unified alias analysis and using biabduction seemed like a too daunting task at the time. Hence, we relied on [InferBo](/docs/next/checker-bufferoverrun)'s aliasing mechanism which was easy to invoke and integrate with. However, InferBo's aliasing analysis is far from perfect and causes issues for purity.
To see the issue with the second point, consider the following program:
```java
boolean contains(Integer i, ArrayList<Integer> list){
Iterator<Integer> listIterator = list.iterator();
while(listIterator.hasNext()) {
Integer el = listIterator.next();
if (i.equals(el)){
return true;
}
}
return false;
}
```
The existing purity analysis concludes that the above function `contains` is impure because it calls an impure function `next()` which modifies the iterator (hence it thinks it also modifies the `list`). However, notice that `contains` doesn't have an observable side-effect: `list.iterator()` returns a new object, `hasNext()` and `equals()` are pure, and `next()` only modifies the fields of the fresh object `listIterator`. Therefore, `contains` should be considered as pure.
To alleviate this problem, we have developed an [Impurity](/docs/next/checker-impurity) analysis which uses [pulse](/docs/next/checker-pulse) which can successfully analyze this program as pure \o/
The analysis is used by:
- [Loop-hoisting](/docs/next/checker-loop-hoisting) analysis which identifies loop-invariant function calls, i.e. functions that are pure and have loop-invariant arguments.
- [Cost](/docs/next/checker-cost) analysis which identifies control variables in the loop that affect how many times a loop is executed. In this computation, we need to prune control variables that do not affect how many times a loop is executed. In this pruning step, we need to compute loop-invariant variables (which requires the above analysis).
## List of Issue Types
The following issue types are reported by this checker:
An important feature of RacerD is that it finds races by analyzing not just one
An important feature of RacerD is that it finds races by analyzing not just one
file or class, but by looking at memory accesses that occur after going through
file or class, but by looking at memory accesses that occur after going through
@ -409,7 +409,7 @@ Facebook engineers.
[A separate blog post looked at 100 recent data race fixes](https://code.facebook.com/posts/1537144479682247/finding-inter-procedural-bugs-at-scale-with-infer-static-analyzer/)
[A separate blog post looked at 100 recent data race fixes](https://code.facebook.com/posts/1537144479682247/finding-inter-procedural-bugs-at-scale-with-infer-static-analyzer/)
in Infer's deployment in various bug categories, and for data races observed
in Infer's deployment in various bug categories, and for data races observed
that 53 of them were inter-file (and thus involving multiple classes).
that 53 of them were inter-file (and thus involving multiple classes).
[See above](racerd#interprocedural) for an example of RacerD's interprocedural
[See above](#interprocedural-reasoning) for an example of RacerD's interprocedural
capabilities.
capabilities.
One reaction to the challenge of developing effective static race detectors has
One reaction to the challenge of developing effective static race detectors has
@ -421,14 +421,7 @@ Rust, and the use/checking of @GuardedBy annotations in
<htmlxmlns="http://www.w3.org/1999/xhtml"><head><title>Help (infer.Integration.Help)</title><linkrel="stylesheet"href="../../../odoc.css"/><metacharset="utf-8"/><metaname="generator"content="odoc 1.5.0"/><metaname="viewport"content="width=device-width,initial-scale=1.0"/><scriptsrc="../../../highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body><divclass="content"><header><nav><ahref="../index.html">Up</a>–<ahref="../../index.html">infer</a>»<ahref="../index.html">Integration</a>» Help</nav><h1>Module <code>Integration.Help</code></h1></header><dl><dtclass="spec value"id="val-list_checkers"><ahref="#val-list_checkers"class="anchor"></a><code><spanclass="keyword">val</span> list_checkers : unit <span>-></span> unit</code></dt><dd><p>print the list of all checkers</p></dd></dl><dl><dtclass="spec value"id="val-list_issue_types"><ahref="#val-list_issue_types"class="anchor"></a><code><spanclass="keyword">val</span> list_issue_types : unit <span>-></span> unit</code></dt><dd><p>print the list of all known issue types</p></dd></dl><dl><dtclass="spec value"id="val-show_checkers"><ahref="#val-show_checkers"class="anchor"></a><code><spanclass="keyword">val</span> show_checkers : <span><ahref="../../IBase/Checker/index.html#type-t">IBase.Checker.t</a> list</span><span>-></span> unit</code></dt><dd><p>show information about the given checkers</p></dd></dl><dl><dtclass="spec value"id="val-show_issue_types"><ahref="#val-show_issue_types"class="anchor"></a><code><spanclass="keyword">val</span> show_issue_types : <span><ahref="../../IBase/IssueType/index.html#type-t">IBase.IssueType.t</a> list</span><span>-></span> unit</code></dt><dd><p>show information about the given issue_types</p></dd></dl><dl><dtclass="spec value"id="val-write_website"><ahref="#val-write_website"class="anchor"></a><code><spanclass="keyword">val</span> write_website : <span>website_root:string</span><span>-></span> unit</code></dt><dd><p>generate files for the fbinfer.com website</p></dd></dl><dl><dtclass="spec value"id="val-url_fragment_of_issue_type"><ahref="#val-url_fragment_of_issue_type" class="anchor"></a><code><spanclass="keyword">val</span> url_fragment_of_issue_type : string <span>-></span> string</code></dt><dd><p>given an issue type unique ID, return the URL fragment relative to the website documentation, e.g. <code>url_fragment_of_issue_type "NULL_DEREFERENCE"</code> is <code>"all-issue-types#null_dereference"</code></p></dd></dl></div></body></html>
<htmlxmlns="http://www.w3.org/1999/xhtml"><head><title>Help (infer.Integration.Help)</title><linkrel="stylesheet"href="../../../odoc.css"/><metacharset="utf-8"/><metaname="generator"content="odoc 1.5.0"/><metaname="viewport"content="width=device-width,initial-scale=1.0"/><scriptsrc="../../../highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body><divclass="content"><header><nav><ahref="../index.html">Up</a>–<ahref="../../index.html">infer</a>»<ahref="../index.html">Integration</a>» Help</nav><h1>Module <code>Integration.Help</code></h1></header><dl><dtclass="spec value"id="val-list_checkers"><ahref="#val-list_checkers"class="anchor"></a><code><spanclass="keyword">val</span> list_checkers : unit <span>-></span> unit</code></dt><dd><p>print the list of all checkers</p></dd></dl><dl><dtclass="spec value"id="val-list_issue_types"><ahref="#val-list_issue_types"class="anchor"></a><code><spanclass="keyword">val</span> list_issue_types : unit <span>-></span> unit</code></dt><dd><p>print the list of all known issue types</p></dd></dl><dl><dtclass="spec value"id="val-show_checkers"><ahref="#val-show_checkers"class="anchor"></a><code><spanclass="keyword">val</span> show_checkers : <span><ahref="../../IBase/Checker/index.html#type-t">IBase.Checker.t</a> list</span><span>-></span> unit</code></dt><dd><p>show information about the given checkers</p></dd></dl><dl><dtclass="spec value"id="val-show_issue_types"><ahref="#val-show_issue_types"class="anchor"></a><code><spanclass="keyword">val</span> show_issue_types : <span><ahref="../../IBase/IssueType/index.html#type-t">IBase.IssueType.t</a> list</span><span>-></span> unit</code></dt><dd><p>show information about the given issue_types</p></dd></dl><dl><dtclass="spec value"id="val-write_website"><ahref="#val-write_website"class="anchor"></a><code><spanclass="keyword">val</span> write_website : <span>website_root:string</span><span>-></span> unit</code></dt><dd><p>generate files for the fbinfer.com website</p></dd></dl><dl><dtclass="spec value"id="val-abs_url_of_issue_type"><ahref="#val-abs_url_of_issue_type" class="anchor"></a><code><spanclass="keyword">val</span>abs_url_of_issue_type : string <span>-></span> string</code></dt><dd><p>given an issue type unique ID, return the URL relative to the root of the website, e.g. <code>abs_url_of_issue_type "NULL_DEREFERENCE"</code> is <code>"/docs/all-issue-types#null_dereference"</code></p></dd></dl></div></body></html>
<htmlxmlns="http://www.w3.org/1999/xhtml"><head><title>Integration__Help (infer.Integration__Help)</title><linkrel="stylesheet"href="../../odoc.css"/><metacharset="utf-8"/><metaname="generator"content="odoc 1.5.0"/><metaname="viewport"content="width=device-width,initial-scale=1.0"/><scriptsrc="../../highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body><divclass="content"><header><nav><ahref="../index.html">Up</a>–<ahref="../index.html">infer</a>» Integration__Help</nav><h1>Module <code>Integration__Help</code></h1></header><dl><dtclass="spec value"id="val-list_checkers"><ahref="#val-list_checkers"class="anchor"></a><code><spanclass="keyword">val</span> list_checkers : unit <span>-></span> unit</code></dt><dd><p>print the list of all checkers</p></dd></dl><dl><dtclass="spec value"id="val-list_issue_types"><ahref="#val-list_issue_types"class="anchor"></a><code><spanclass="keyword">val</span> list_issue_types : unit <span>-></span> unit</code></dt><dd><p>print the list of all known issue types</p></dd></dl><dl><dtclass="spec value"id="val-show_checkers"><ahref="#val-show_checkers"class="anchor"></a><code><spanclass="keyword">val</span> show_checkers : <span><ahref="../IBase/Checker/index.html#type-t">IBase.Checker.t</a> list</span><span>-></span> unit</code></dt><dd><p>show information about the given checkers</p></dd></dl><dl><dtclass="spec value"id="val-show_issue_types"><ahref="#val-show_issue_types"class="anchor"></a><code><spanclass="keyword">val</span> show_issue_types : <span><ahref="../IBase/IssueType/index.html#type-t">IBase.IssueType.t</a> list</span><span>-></span> unit</code></dt><dd><p>show information about the given issue_types</p></dd></dl><dl><dtclass="spec value"id="val-write_website"><ahref="#val-write_website"class="anchor"></a><code><spanclass="keyword">val</span> write_website : <span>website_root:string</span><span>-></span> unit</code></dt><dd><p>generate files for the fbinfer.com website</p></dd></dl><dl><dtclass="spec value"id="val-url_fragment_of_issue_type"><ahref="#val-url_fragment_of_issue_type" class="anchor"></a><code><spanclass="keyword">val</span> url_fragment_of_issue_type : string <span>-></span> string</code></dt><dd><p>given an issue type unique ID, return the URL fragment relative to the website documentation, e.g. <code>url_fragment_of_issue_type "NULL_DEREFERENCE"</code> is <code>"all-issue-types#null_dereference"</code></p></dd></dl></div></body></html>
<htmlxmlns="http://www.w3.org/1999/xhtml"><head><title>Integration__Help (infer.Integration__Help)</title><linkrel="stylesheet"href="../../odoc.css"/><metacharset="utf-8"/><metaname="generator"content="odoc 1.5.0"/><metaname="viewport"content="width=device-width,initial-scale=1.0"/><scriptsrc="../../highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body><divclass="content"><header><nav><ahref="../index.html">Up</a>–<ahref="../index.html">infer</a>» Integration__Help</nav><h1>Module <code>Integration__Help</code></h1></header><dl><dtclass="spec value"id="val-list_checkers"><ahref="#val-list_checkers"class="anchor"></a><code><spanclass="keyword">val</span> list_checkers : unit <span>-></span> unit</code></dt><dd><p>print the list of all checkers</p></dd></dl><dl><dtclass="spec value"id="val-list_issue_types"><ahref="#val-list_issue_types"class="anchor"></a><code><spanclass="keyword">val</span> list_issue_types : unit <span>-></span> unit</code></dt><dd><p>print the list of all known issue types</p></dd></dl><dl><dtclass="spec value"id="val-show_checkers"><ahref="#val-show_checkers"class="anchor"></a><code><spanclass="keyword">val</span> show_checkers : <span><ahref="../IBase/Checker/index.html#type-t">IBase.Checker.t</a> list</span><span>-></span> unit</code></dt><dd><p>show information about the given checkers</p></dd></dl><dl><dtclass="spec value"id="val-show_issue_types"><ahref="#val-show_issue_types"class="anchor"></a><code><spanclass="keyword">val</span> show_issue_types : <span><ahref="../IBase/IssueType/index.html#type-t">IBase.IssueType.t</a> list</span><span>-></span> unit</code></dt><dd><p>show information about the given issue_types</p></dd></dl><dl><dtclass="spec value"id="val-write_website"><ahref="#val-write_website"class="anchor"></a><code><spanclass="keyword">val</span> write_website : <span>website_root:string</span><span>-></span> unit</code></dt><dd><p>generate files for the fbinfer.com website</p></dd></dl><dl><dtclass="spec value"id="val-abs_url_of_issue_type"><ahref="#val-abs_url_of_issue_type" class="anchor"></a><code><spanclass="keyword">val</span>abs_url_of_issue_type : string <span>-></span> string</code></dt><dd><p>given an issue type unique ID, return the URL relative to the root of the website, e.g. <code>abs_url_of_issue_type "NULL_DEREFERENCE"</code> is <code>"/docs/all-issue-types#null_dereference"</code></p></dd></dl></div></body></html>
Jules Villard
5 years ago
committed by
Facebook GitHub Bot