[quandary] use preanalysis for abstract GC

Reviewed By: jeremydubreil

Differential Revision: D3866919

fbshipit-source-id: 87fb380

infer/src/quandary/TaintAnalysis.ml

@@ -245,7 +245,17 @@ module Make (TraceDomain : QuandarySummary.Trace) = struct
           astate_with_source
       | Sil.Call _ ->
           failwith "Unimp: non-pname call expressions"
-      | Sil.Prune _ | Remove_temps _ | Nullify _ | Abstract _ | Declare_locals _ ->
+      | Sil.Nullify (pvar, _) ->
+          let id_map = IdMapDomain.remove (Var.of_pvar pvar) astate.id_map in
+          { astate with id_map; }
+      | Sil.Remove_temps (ids, _) ->
+          let id_map =
+            IList.fold_left
+              (fun acc id -> IdMapDomain.remove (Var.of_id id) acc)
+              astate.id_map
+              ids in
+          { astate with id_map; }
+      | Sil.Prune _ | Abstract _ | Declare_locals _ ->
           astate
   end
 
@@ -324,6 +334,8 @@ module Make (TraceDomain : QuandarySummary.Trace) = struct
     IList.fold_lefti add_formal_summaries [] formals
     |> add_return_summaries
 
+  let dummy_cg = Cg.create ()
+
   let checker { Callbacks.get_proc_desc; proc_name; proc_desc; tenv; } =
     let analyze_ondemand pdesc =
       let make_formal_access_paths pdesc : AccessPath.base list=
@@ -350,6 +362,7 @@ module Make (TraceDomain : QuandarySummary.Trace) = struct
     if Ondemand.procedure_should_be_analyzed proc_name
     then
       begin
+        Preanal.doit proc_desc dummy_cg tenv;
         Ondemand.set_callbacks callbacks;
         analyze_ondemand proc_desc;
         Ondemand.unset_callbacks ();

infer/tests/codetoanalyze/java/quandary/Basics.java

@@ -178,6 +178,14 @@ public class Basics {
     InferTaint.inferSensitiveSink(src);
   }
 
+  Object exceptionOk(boolean b, Object o) {
+    if (b) {
+      throw new AssertionError("exception");
+    }
+    o.toString();
+    return o;
+  }
+
   /** "known false positive" tests demonstrating limitations. an ideal analysis would not report on
       these tests, but we do. */
 

infer/tests/codetoanalyze/java/quandary/issues.exp

@@ -20,8 +20,8 @@ Basics.java:118: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.infe
 Basics.java:132: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 129]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 132]) via {  }
 Basics.java:142: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 140]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 142]) via {  }
 Basics.java:153: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 150]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 153]) via {  }
-Basics.java:188: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 185]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 188]) via {  }
-Basics.java:197: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 193]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 197]) via {  }
+Basics.java:196: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 193]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 196]) via {  }
+Basics.java:205: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 201]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 205]) via {  }
 Fields.java:28: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 27]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 28]) via {  }
 Fields.java:33: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 32]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 33]) via {  }
 Fields.java:38: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 37]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 38]) via {  }