From d087de8ad6b0a684eaaf3868e4d4446c45b1211e Mon Sep 17 00:00:00 2001
From: Qianyi Shu <qianyishu@fb.com>
Date: Wed, 5 Aug 2020 01:08:22 -0700
Subject: [PATCH] [cost] adapt NSCollection to behave like Collection model for
 java

Summary: Before, `NSCollection` are modelled like array, but this will have issue when we want to say add object to array. This diff changes `NSCollection`'s model to use Java's Collection model.

Reviewed By: ezgicicek

Differential Revision: D22840079

fbshipit-source-id: b944b743b
---
 .../src/bufferoverrun/bufferOverrunModels.ml  | 124 +++++-------------
 .../objc/performance/NSMutableArray.m         |   2 -
 .../objc/performance/cost-issues.exp          |  21 ++-
 .../codetoanalyze/objc/performance/issues.exp |  13 +-
 4 files changed, 52 insertions(+), 108 deletions(-)

diff --git a/infer/src/bufferoverrun/bufferOverrunModels.ml b/infer/src/bufferoverrun/bufferOverrunModels.ml
index 9c99b55c5..9630a9190 100644
--- a/infer/src/bufferoverrun/bufferOverrunModels.ml
+++ b/infer/src/bufferoverrun/bufferOverrunModels.ml
@@ -542,71 +542,6 @@ module ArrObjCommon = struct
       cond_set
 end
 
-module NSCollection = struct
-  (** Creates a new array from the given array by copying the first X elements. *)
-  let create_array src_exp size_exp =
-    let {exec= malloc_exec; check= _} = malloc ~can_be_zero:true size_exp in
-    let exec model_env ~ret:((id, _) as ret) mem =
-      let mem = malloc_exec model_env ~ret mem in
-      let dest_loc = Loc.of_id id |> PowLoc.singleton in
-      let dest_arr_loc = Dom.Val.get_array_locs (Dom.Mem.find_set dest_loc mem) in
-      let src_arr_v = Dom.Mem.find_set (Sem.eval_locs src_exp mem) mem in
-      Dom.Mem.update_mem dest_arr_loc src_arr_v mem
-    and check {location; integer_type_widths} mem cond_set =
-      BoUtils.Check.lindex integer_type_widths ~array_exp:src_exp ~index_exp:size_exp
-        ~last_included:true mem location cond_set
-    in
-    {exec; check}
-
-
-  let empty_array = malloc ~can_be_zero:true Exp.zero
-
-  let get_internal_array_locs arr_id _ = Loc.of_id arr_id |> PowLoc.singleton
-
-  let get_internal_elements_locs arr_id mem =
-    let arr_locs = get_internal_array_locs arr_id mem in
-    Dom.Mem.find_set arr_locs mem |> Dom.Val.get_all_locs
-
-
-  let length e =
-    let exec {integer_type_widths} ~ret:(ret_id, _) mem =
-      let v = Sem.eval_arr integer_type_widths e mem in
-      let length = Dom.Val.of_itv (ArrayBlk.get_size (Dom.Val.get_array_blk v)) in
-      Dom.Mem.add_stack (Loc.of_id ret_id) length mem
-    in
-    {exec; check= no_check}
-
-
-  let check_index ~last_included arr_id index_exp =
-    ArrObjCommon.check_index ~last_included get_internal_array_locs arr_id index_exp
-
-
-  let get_at_index arr_id index_exp =
-    let exec _model_env ~ret:(ret_id, _) mem =
-      let locs = get_internal_elements_locs arr_id mem in
-      let v = Dom.Mem.find_set locs mem in
-      model_by_value v ret_id mem
-    in
-    {exec; check= check_index ~last_included:false arr_id index_exp}
-
-
-  let set_elem_exec {integer_type_widths} arr_id elem_exp mem =
-    let locs = get_internal_elements_locs arr_id mem in
-    let v = Sem.eval integer_type_widths elem_exp mem in
-    Dom.Mem.update_mem locs v mem
-
-
-  let array_from_list list =
-    let len_exp = List.length list |> IntLit.of_int |> Exp.int in
-    let {exec= create_array_exec; check= _} = malloc ~can_be_zero:true len_exp in
-    let exec model_env ~ret:((arr_id, _) as ret) mem =
-      let mem = create_array_exec model_env ~ret mem in
-      List.fold_left list ~init:mem ~f:(fun acc {exp= elem_exp} ->
-          set_elem_exec model_env arr_id elem_exp acc )
-    in
-    {exec; check= no_check}
-end
-
 module StdVector = struct
   let append_field loc ~vec_typ ~elt_typ =
     Loc.append_field loc (BufferOverrunField.cpp_vector_elem ~vec_typ ~elt_typ)
@@ -1096,6 +1031,22 @@ module Collection = struct
     {exec; check= check_index ~last_included:false coll_id index_exp}
 end
 
+module NSCollection = struct
+  (** Creates a new array from the given c array by copying the first X elements. *)
+  let create_from_array src_exp size_exp =
+    let exec ({integer_type_widths} as model_env) ~ret:((id, _) as ret) mem =
+      let size_v = Sem.eval integer_type_widths size_exp mem |> Dom.Val.get_itv in
+      let src_arr_v = Dom.Mem.find_set (Sem.eval_locs src_exp mem) mem in
+      let mem = Collection.create_collection model_env ~ret mem ~length:size_v in
+      let dest_arr_loc = Collection.get_collection_internal_elements_locs id mem in
+      Dom.Mem.update_mem dest_arr_loc src_arr_v mem
+    and check {location; integer_type_widths} mem cond_set =
+      BoUtils.Check.lindex integer_type_widths ~array_exp:src_exp ~index_exp:size_exp
+        ~last_included:true mem location cond_set
+    in
+    {exec; check}
+end
+
 module JavaClass = struct
   let decl_array {pname; node_hash; location} ~ret:(ret_id, _) length mem =
     let loc =
@@ -1393,15 +1344,11 @@ module NSString = struct
   let concat = JavaString.concat
 
   let split exp =
-    let exec ({location} as model_env) ~ret:((id, _) as ret) mem =
+    let exec model_env ~ret mem =
       let itv =
-        ArrObjCommon.eval_size model_env exp ~fn mem
-        |> JavaString.range_itv_one_max_one_mone |> Dom.Val.of_itv
+        ArrObjCommon.eval_size model_env exp ~fn mem |> JavaString.range_itv_one_max_one_mone
       in
-      let {exec} = malloc ~can_be_zero:false Exp.one in
-      let mem = exec model_env ~ret mem in
-      let dest_loc = Loc.of_id id |> PowLoc.singleton in
-      Dom.Mem.transform_mem ~f:(Dom.Val.set_array_length location ~length:itv) dest_loc mem
+      Collection.create_collection ~length:itv model_env ~ret mem
     in
     {exec; check= no_check}
 
@@ -1423,7 +1370,7 @@ let objc_malloc exp =
   let exec ({tenv} as model) ~ret mem =
     match exp with
     | Exp.Sizeof {typ} when PatternMatch.ObjectiveC.implements "NSArray" tenv (Typ.to_string typ) ->
-        (malloc ~can_be_zero Exp.zero).exec model ~ret mem
+        Collection.new_collection.exec model ~ret mem
     | Exp.Sizeof {typ} when PatternMatch.ObjectiveC.implements "NSString" tenv (Typ.to_string typ)
       ->
         (NSString.create_with_c_string (Exp.Const (Const.Cstr ""))).exec model ~ret mem
@@ -1571,31 +1518,30 @@ module Call = struct
       ; -"vsnprintf" <>--> by_value Dom.Val.Itv.nat
       ; (* ObjC models *)
         -"__objc_alloc_no_fail" <>$ capt_exp $+...$--> objc_malloc
-      ; -"CFArrayCreate" <>$ any_arg $+ capt_exp $+ capt_exp $+...$--> NSCollection.create_array
+      ; -"CFArrayCreate" <>$ any_arg $+ capt_exp $+ capt_exp
+        $+...$--> NSCollection.create_from_array
       ; -"CFArrayCreateCopy" <>$ any_arg $+ capt_exp $!--> create_copy_array
-      ; -"CFArrayGetCount" <>$ capt_exp $!--> NSCollection.length
-      ; -"CFArrayGetValueAtIndex" <>$ capt_var_exn $+ capt_exp $!--> NSCollection.get_at_index
-      ; -"CFDictionaryGetCount" <>$ capt_exp $!--> NSCollection.length
-      ; -"MCFArrayGetCount" <>$ capt_exp $!--> NSCollection.length
+      ; -"CFArrayGetCount" <>$ capt_exp $!--> Collection.size
+      ; -"CFArrayGetValueAtIndex" <>$ capt_var_exn $+ capt_exp $!--> Collection.get_at_index
+      ; -"CFDictionaryGetCount" <>$ capt_exp $!--> Collection.size
+      ; -"MCFArrayGetCount" <>$ capt_exp $!--> Collection.size
       ; +PatternMatch.ObjectiveC.implements "NSArray" &:: "init" <>$ capt_exp $--> id
-      ; +PatternMatch.ObjectiveC.implements "NSArray" &:: "array" <>--> NSCollection.empty_array
-      ; +PatternMatch.ObjectiveC.implements "NSArray"
-        &:: "count" <>$ capt_exp $!--> NSCollection.length
-      ; +PatternMatch.ObjectiveC.implements "NSArray"
-        &:: "objectAtIndexedSubscript:" <>$ capt_var_exn $+ capt_exp $!--> NSCollection.get_at_index
+      ; +PatternMatch.ObjectiveC.implements "NSArray" &:: "array" <>--> Collection.new_collection
+      ; +PatternMatch.ObjectiveC.implements "NSArray" &:: "count" <>$ capt_exp $!--> Collection.size
       ; +PatternMatch.ObjectiveC.implements "NSArray"
-        &:: "arrayWithObjects:count:" <>$ capt_exp $+ capt_exp $--> NSCollection.create_array
+        &:: "objectAtIndexedSubscript:" <>$ capt_var_exn $+ capt_exp $!--> Collection.get_at_index
       ; +PatternMatch.ObjectiveC.implements "NSArray"
-        &:: "arrayWithObjects" &++> NSCollection.array_from_list
+        &:: "arrayWithObjects:count:" <>$ capt_exp $+ capt_exp $--> NSCollection.create_from_array
+      ; +PatternMatch.ObjectiveC.implements "NSArray" &:: "arrayWithObjects" &++> Collection.of_list
       ; +PatternMatch.ObjectiveC.implements "NSDictionary"
         &:: "dictionaryWithObjects:forKeys:count:" <>$ any_arg $+ capt_exp $+ capt_exp
-        $--> NSCollection.create_array
+        $--> NSCollection.create_from_array
       ; +PatternMatch.ObjectiveC.implements "NSDictionary"
-        &:: "objectForKeyedSubscript:" <>$ capt_var_exn $+ capt_exp $--> NSCollection.get_at_index
+        &:: "objectForKeyedSubscript:" <>$ capt_var_exn $+ capt_exp $--> Collection.get_at_index
       ; +PatternMatch.ObjectiveC.implements "NSDictionary"
-        &:: "objectForKey:" <>$ capt_var_exn $+ capt_exp $--> NSCollection.get_at_index
+        &:: "objectForKey:" <>$ capt_var_exn $+ capt_exp $--> Collection.get_at_index
       ; +PatternMatch.ObjectiveC.implements "NSDictionary"
-        &:: "count" <>$ capt_exp $--> NSCollection.length
+        &:: "count" <>$ capt_exp $--> Collection.size
       ; +PatternMatch.ObjectiveC.implements "NSDictionary"
         &:: "allKeys" <>$ capt_exp $--> create_copy_array
       ; +PatternMatch.ObjectiveC.implements "NSDictionary"
diff --git a/infer/tests/codetoanalyze/objc/performance/NSMutableArray.m b/infer/tests/codetoanalyze/objc/performance/NSMutableArray.m
index 442f8a1d0..9381a81ff 100644
--- a/infer/tests/codetoanalyze/objc/performance/NSMutableArray.m
+++ b/infer/tests/codetoanalyze/objc/performance/NSMutableArray.m
@@ -84,8 +84,6 @@ void nsmarray_add_all_constant() {
 
 // set element
 
-void nsmarray_set_constant(NSMutableArray* array) { array[0] = @1; }
-
 void nsmarray_set_linear(NSMutableArray* array) {
   for (int i = 0; i < array.count; i++) {
     array[i] = [NSNumber numberWithInt:([array[i] intValue] + 1)];
diff --git a/infer/tests/codetoanalyze/objc/performance/cost-issues.exp b/infer/tests/codetoanalyze/objc/performance/cost-issues.exp
index 2a27b2658..622453693 100644
--- a/infer/tests/codetoanalyze/objc/performance/cost-issues.exp
+++ b/infer/tests/codetoanalyze/objc/performance/cost-issues.exp
@@ -1,14 +1,14 @@
 codetoanalyze/objc/performance/NSArray.m, nsarray_access_constant, 50,  OnUIThread:false, []
-codetoanalyze/objc/performance/NSArray.m, nsarray_access_linear, 3 + 7 ⋅ array.length + 3 ⋅ (array.length + 1),  OnUIThread:false, [{array.length + 1},Loop,{array.length},Loop]
+codetoanalyze/objc/performance/NSArray.m, nsarray_access_linear, 3 + 7 ⋅ array.length.ub + 3 ⋅ (array.length.ub + 1),  OnUIThread:false, [{array.length.ub + 1},Loop,{array.length.ub},Loop]
 codetoanalyze/objc/performance/NSArray.m, nsarray_add_object_constant, 8,  OnUIThread:false, []
 codetoanalyze/objc/performance/NSArray.m, nsarray_add_objects_from_array_linear_FN, 8,  OnUIThread:false, []
 codetoanalyze/objc/performance/NSArray.m, nsarray_array_with_objects_constant, 27,  OnUIThread:false, []
 codetoanalyze/objc/performance/NSArray.m, nsarray_binary_search_log_FN, 10,  OnUIThread:false, []
 codetoanalyze/objc/performance/NSArray.m, nsarray_contains_object_linear_FN, 4,  OnUIThread:false, []
-codetoanalyze/objc/performance/NSArray.m, nsarray_count_bounded_linear, 3 + 3 ⋅ array.length + 3 ⋅ (array.length + 1),  OnUIThread:false, [{array.length + 1},Loop,{array.length},Loop]
+codetoanalyze/objc/performance/NSArray.m, nsarray_count_bounded_linear, 3 + 3 ⋅ array.length.ub + 3 ⋅ (array.length.ub + 1),  OnUIThread:false, [{array.length.ub + 1},Loop,{array.length.ub},Loop]
 codetoanalyze/objc/performance/NSArray.m, nsarray_empty_array_constant, 8,  OnUIThread:false, []
 codetoanalyze/objc/performance/NSArray.m, nsarray_enumerator_linear_FN, 14,  OnUIThread:false, []
-codetoanalyze/objc/performance/NSArray.m, nsarray_find_linear, 4 + 9 ⋅ array.length + 3 ⋅ (array.length + 1),  OnUIThread:false, [{array.length + 1},Loop,{array.length},Loop]
+codetoanalyze/objc/performance/NSArray.m, nsarray_find_linear, 4 + 9 ⋅ array.length.ub + 3 ⋅ (array.length.ub + 1),  OnUIThread:false, [{array.length.ub + 1},Loop,{array.length.ub},Loop]
 codetoanalyze/objc/performance/NSArray.m, nsarray_first_object_constant, 4,  OnUIThread:false, []
 codetoanalyze/objc/performance/NSArray.m, nsarray_init_constant, 9,  OnUIThread:false, []
 codetoanalyze/objc/performance/NSArray.m, nsarray_init_with_array_constant_FP, ⊤,  OnUIThread:false, [Call to nsarray_init_with_array_linear_FP,Unbounded loop,Loop]
@@ -23,9 +23,9 @@ codetoanalyze/objc/performance/NSArray.m, nsarray_object_at_indexed_constant, 34
 codetoanalyze/objc/performance/NSArray.m, nsarray_sort_using_descriptors_constant, 34,  OnUIThread:false, []
 codetoanalyze/objc/performance/NSArray.m, nsarray_sort_using_descriptors_nlogn_FN, 10,  OnUIThread:false, []
 codetoanalyze/objc/performance/NSArray.m, objc_blocknsarray_binary_search_log_FN_1, 5,  OnUIThread:false, []
-codetoanalyze/objc/performance/NSDictionary.m, nsdictionary_all_keys_linear1, 3 + 3 ⋅ dict.length + 4 ⋅ (dict.length + 1),  OnUIThread:false, [{dict.length + 1},Loop,{dict.length},Loop]
-codetoanalyze/objc/performance/NSDictionary.m, nsdictionary_all_keys_linear2, 6 + 3 ⋅ dict.length + 3 ⋅ (dict.length + 1),  OnUIThread:false, [{dict.length + 1},Loop,{dict.length},Loop]
-codetoanalyze/objc/performance/NSDictionary.m, nsdictionary_all_values_linear, 3 + 3 ⋅ dict.length + 4 ⋅ (dict.length + 1),  OnUIThread:false, [{dict.length + 1},Loop,{dict.length},Loop]
+codetoanalyze/objc/performance/NSDictionary.m, nsdictionary_all_keys_linear1, 3 + 3 ⋅ dict.length.ub + 4 ⋅ (dict.length.ub + 1),  OnUIThread:false, [{dict.length.ub + 1},Loop,{dict.length.ub},Loop]
+codetoanalyze/objc/performance/NSDictionary.m, nsdictionary_all_keys_linear2, 6 + 3 ⋅ dict.length.ub + 3 ⋅ (dict.length.ub + 1),  OnUIThread:false, [{dict.length.ub + 1},Loop,{dict.length.ub},Loop]
+codetoanalyze/objc/performance/NSDictionary.m, nsdictionary_all_values_linear, 3 + 3 ⋅ dict.length.ub + 4 ⋅ (dict.length.ub + 1),  OnUIThread:false, [{dict.length.ub + 1},Loop,{dict.length.ub},Loop]
 codetoanalyze/objc/performance/NSDictionary.m, nsdictionary_dictionary_with_objects_linear, 14 + 15 ⋅ n_entries + 3 ⋅ n_entries + 2 ⋅ (1+max(0, n_entries)) + 4 ⋅ (1+max(0, n_entries)),  OnUIThread:false, [{1+max(0, n_entries)},Loop,{1+max(0, n_entries)},Loop,{n_entries},Loop,{n_entries},Loop]
 codetoanalyze/objc/performance/NSDictionary.m, nsdictionary_enumerate_constant, 52,  OnUIThread:false, []
 codetoanalyze/objc/performance/NSDictionary.m, nsdictionary_enumerator_linear_FN, 10,  OnUIThread:false, []
@@ -45,9 +45,8 @@ codetoanalyze/objc/performance/NSMutableArray.m, nsmarray_empty_ok_costant, 7,
 codetoanalyze/objc/performance/NSMutableArray.m, nsmarray_init_with_capacity_constant_FP, ⊤,  OnUIThread:false, [Unbounded loop,Loop]
 codetoanalyze/objc/performance/NSMutableArray.m, nsmarray_remove_constant, 15,  OnUIThread:false, []
 codetoanalyze/objc/performance/NSMutableArray.m, nsmarray_remove_in_loop_constant, 92,  OnUIThread:false, []
-codetoanalyze/objc/performance/NSMutableArray.m, nsmarray_set_constant, 4,  OnUIThread:false, []
 codetoanalyze/objc/performance/NSMutableArray.m, nsmarray_set_in_loop_constant, 18,  OnUIThread:false, []
-codetoanalyze/objc/performance/NSMutableArray.m, nsmarray_set_linear, 3 + 11 ⋅ array.length + 3 ⋅ (array.length + 1),  OnUIThread:false, [{array.length + 1},Loop,{array.length},Loop]
+codetoanalyze/objc/performance/NSMutableArray.m, nsmarray_set_linear, 3 + 11 ⋅ array.length.ub + 3 ⋅ (array.length.ub + 1),  OnUIThread:false, [{array.length.ub + 1},Loop,{array.length.ub},Loop]
 codetoanalyze/objc/performance/NSMutableDictionary.m, nsmutabledictionary_set_element_in_loop_linear_FN, 14,  OnUIThread:false, []
 codetoanalyze/objc/performance/NSMutableString.m, nsmstring_append_string_constant, 14 + 3 ⋅ (str.length.ub + 5) + 3 ⋅ (str.length.ub + 6),  OnUIThread:false, [{str.length.ub + 6},Loop,{str.length.ub + 5},Loop]
 codetoanalyze/objc/performance/NSMutableString.m, nsmstring_append_string_linear, 5 + str2.length.ub + 3 ⋅ (str2.length.ub + str1.length.ub) + 3 ⋅ (str2.length.ub + str1.length.ub + 1),  OnUIThread:false, [{str2.length.ub + str1.length.ub + 1},Loop,{str2.length.ub + str1.length.ub},Loop,{str2.length.ub},Modeled call to NSMutableString.appendString:]
@@ -81,10 +80,10 @@ codetoanalyze/objc/performance/block.m, objc_blockblock_multiply_array_linear_FN
 codetoanalyze/objc/performance/break.m, break_constant_FP, 8 + 5 ⋅ p + 2 ⋅ (1+max(0, p)),  OnUIThread:false, [{1+max(0, p)},Call to break_loop,Loop,{p},Call to break_loop,Loop]
 codetoanalyze/objc/performance/break.m, break_loop, 5 + 5 ⋅ p + 2 ⋅ (1+max(0, p)),  OnUIThread:false, [{1+max(0, p)},Loop,{p},Loop]
 codetoanalyze/objc/performance/break.m, break_loop_with_t, 7 + 5 ⋅ p + 2 ⋅ (1+max(0, p)),  OnUIThread:false, [{1+max(0, p)},Loop,{p},Loop]
-codetoanalyze/objc/performance/cf.m, array_count_linear, 6 + 3 ⋅ arr.length + 2 ⋅ (arr.length + 1),  OnUIThread:false, [{arr.length + 1},Loop,{arr.length},Loop]
-codetoanalyze/objc/performance/cf.m, cf_array_create_copy_linear, 1010,  OnUIThread:false, []
+codetoanalyze/objc/performance/cf.m, array_count_linear, 6 + 3 ⋅ arr.length.ub + 2 ⋅ (arr.length.ub + 1),  OnUIThread:false, [{arr.length.ub + 1},Loop,{arr.length.ub},Loop]
+codetoanalyze/objc/performance/cf.m, cf_array_create_copy_linear, 8 + 3 ⋅ arrayValues.length + 2 ⋅ (arrayValues.length + 1),  OnUIThread:false, [{arrayValues.length + 1},Loop,{arrayValues.length},Loop]
 codetoanalyze/objc/performance/cf.m, cf_array_create_linear, 11 + 3 ⋅ x + 2 ⋅ (1+max(0, x)),  OnUIThread:false, [{1+max(0, x)},Loop,{x},Loop]
-codetoanalyze/objc/performance/cf.m, dict_count_linear, 6 + 3 ⋅ dict.length + 2 ⋅ (dict.length + 1),  OnUIThread:false, [{dict.length + 1},Loop,{dict.length},Loop]
+codetoanalyze/objc/performance/cf.m, dict_count_linear, 6 + 3 ⋅ dict.length.ub + 2 ⋅ (dict.length.ub + 1),  OnUIThread:false, [{dict.length.ub + 1},Loop,{dict.length.ub},Loop]
 codetoanalyze/objc/performance/compound_loop_guard.m, compound_while, 7 + 3 ⋅ m + 4 ⋅ (1+max(0, m)),  OnUIThread:false, [{1+max(0, m)},Loop,{m},Loop]
 codetoanalyze/objc/performance/compound_loop_guard.m, nested_while_and_or_constant, 20,  OnUIThread:false, []
 codetoanalyze/objc/performance/compound_loop_guard.m, simplified_simulated_while_with_and_constant, 605,  OnUIThread:false, []
diff --git a/infer/tests/codetoanalyze/objc/performance/issues.exp b/infer/tests/codetoanalyze/objc/performance/issues.exp
index 68546e65f..106f085b6 100644
--- a/infer/tests/codetoanalyze/objc/performance/issues.exp
+++ b/infer/tests/codetoanalyze/objc/performance/issues.exp
@@ -3,18 +3,19 @@ codetoanalyze/objc/performance/NSArray.m, nsarray_enumerator_linear_FN, 7, INTEG
 codetoanalyze/objc/performance/NSArray.m, nsarray_init_constant, 3, CONDITION_ALWAYS_FALSE, no_bucket, WARNING, [Here]
 codetoanalyze/objc/performance/NSArray.m, nsarray_init_with_array_constant_FP, 0, INFINITE_EXECUTION_TIME, no_bucket, ERROR, [Call to nsarray_init_with_array_linear_FP,Unbounded loop,Loop]
 codetoanalyze/objc/performance/NSArray.m, nsarray_init_with_array_copy_linear_FP, 0, INFINITE_EXECUTION_TIME, no_bucket, ERROR, [Unbounded loop,Loop]
-codetoanalyze/objc/performance/NSArray.m, nsarray_init_with_array_copy_linear_FP, 2, INTEGER_OVERFLOW_L5, no_bucket, ERROR, [<LHS trace>,Assignment,Binary operation: ([0, +oo] + 1):signed32]
+codetoanalyze/objc/performance/NSArray.m, nsarray_init_with_array_copy_linear_FP, 2, INTEGER_OVERFLOW_U5, no_bucket, ERROR, [<LHS trace>,Unknown value from: NSArray.initWithArray:copyItems:,Binary operation: ([0, +oo] + 1):signed32]
 codetoanalyze/objc/performance/NSArray.m, nsarray_init_with_array_linear_FP, 0, INFINITE_EXECUTION_TIME, no_bucket, ERROR, [Unbounded loop,Loop]
-codetoanalyze/objc/performance/NSArray.m, nsarray_init_with_array_linear_FP, 3, INTEGER_OVERFLOW_L5, no_bucket, ERROR, [<LHS trace>,Assignment,Binary operation: ([0, +oo] + 1):signed32]
+codetoanalyze/objc/performance/NSArray.m, nsarray_init_with_array_linear_FP, 3, INTEGER_OVERFLOW_U5, no_bucket, ERROR, [<LHS trace>,Unknown value from: NSArray.initWithArray:,Binary operation: ([0, +oo] + 1):signed32]
 codetoanalyze/objc/performance/NSArray.m, nsarray_iterate_linear_FN, 3, INTEGER_OVERFLOW_U5, no_bucket, ERROR, [<LHS trace>,Assignment,<RHS trace>,Unknown value from: NSEnumerator.nextObject,Assignment,Binary operation: ([-oo, +oo] + [-oo, +oo]):signed64]
-codetoanalyze/objc/performance/NSDictionary.m, nsdictionary_enumerate_constant, 6, BUFFER_OVERRUN_U5, no_bucket, ERROR, [<Offset trace>,Unknown value from: NSEnumerator.nextObject,Assignment,<Length trace>,Unknown value from: NSDictionary.dictionaryWithObjects:forKeys:count:,Assignment,Array access: Offset: [-oo, +oo] (⇐ [-oo, +oo] + [-oo, +oo]) Size: [0, +oo]]
+codetoanalyze/objc/performance/NSDictionary.m, nsdictionary_enumerate_constant, 6, BUFFER_OVERRUN_U5, no_bucket, ERROR, [<Offset trace>,Unknown value from: NSEnumerator.nextObject,Assignment,<Length trace>,Unknown value from: NSEnumerator.nextObject,Array access: Offset: [-oo, +oo] (⇐ [-oo, +oo] + [-oo, +oo]) Size: [0, +oo]]
+codetoanalyze/objc/performance/NSDictionary.m, nsdictionary_find_key_linear_FN, 3, BUFFER_OVERRUN_U5, no_bucket, ERROR, [<Offset trace>,Unknown value from: NSEnumerator.nextObject,Assignment,<Length trace>,Unknown value from: NSEnumerator.nextObject,Array access: Offset: [-oo, +oo] (⇐ [-oo, +oo] + [-oo, +oo]) Size: [0, +oo]]
 codetoanalyze/objc/performance/NSDictionary.m, nsdictionary_init_with_dictionary_linear_FP, 0, INFINITE_EXECUTION_TIME, no_bucket, ERROR, [Unbounded loop,Loop]
-codetoanalyze/objc/performance/NSDictionary.m, nsdictionary_init_with_dictionary_linear_FP, 2, INTEGER_OVERFLOW_L5, no_bucket, ERROR, [<LHS trace>,Assignment,Binary operation: ([0, +oo] + 1):signed32]
+codetoanalyze/objc/performance/NSDictionary.m, nsdictionary_init_with_dictionary_linear_FP, 2, INTEGER_OVERFLOW_U5, no_bucket, ERROR, [<LHS trace>,Unknown value from: NSDictionary.initWithDictionary:,Binary operation: ([0, +oo] + 1):signed32]
 codetoanalyze/objc/performance/NSMutableArray.m, nsmarray_add_in_loop_constant, 5, CONDITION_ALWAYS_FALSE, no_bucket, WARNING, [Here]
 codetoanalyze/objc/performance/NSMutableArray.m, nsmarray_add_then_loop_constant, 14, CONDITION_ALWAYS_FALSE, no_bucket, WARNING, [Here]
 codetoanalyze/objc/performance/NSMutableArray.m, nsmarray_init_with_capacity_constant_FP, 0, INFINITE_EXECUTION_TIME, no_bucket, ERROR, [Unbounded loop,Loop]
-codetoanalyze/objc/performance/NSMutableArray.m, nsmarray_init_with_capacity_constant_FP, 3, INTEGER_OVERFLOW_L5, no_bucket, ERROR, [<LHS trace>,Assignment,Binary operation: ([0, +oo] + 1):signed32]
-codetoanalyze/objc/performance/NSMutableArray.m, nsmarray_remove_constant, 5, BUFFER_OVERRUN_L1, no_bucket, ERROR, [<Length trace>,Array declaration,Assignment,Array access: Offset: 0 Size: 0]
+codetoanalyze/objc/performance/NSMutableArray.m, nsmarray_init_with_capacity_constant_FP, 3, INTEGER_OVERFLOW_U5, no_bucket, ERROR, [<LHS trace>,Unknown value from: NSMutableArray.initWithCapacity:,Binary operation: ([0, +oo] + 1):signed32]
+codetoanalyze/objc/performance/NSMutableArray.m, nsmarray_remove_constant, 5, BUFFER_OVERRUN_L1, no_bucket, ERROR, [<Length trace>,Array declaration,Array access: Offset: 0 Size: 0]
 codetoanalyze/objc/performance/NSMutableArray.m, nsmarray_remove_in_loop_constant, 5, CONDITION_ALWAYS_FALSE, no_bucket, WARNING, [Here]
 codetoanalyze/objc/performance/NSMutableArray.m, nsmarray_set_in_loop_constant, 6, CONDITION_ALWAYS_FALSE, no_bucket, WARNING, [Here]
 codetoanalyze/objc/performance/NSMutableArray.m, nsmarray_set_linear, 2, INTEGER_OVERFLOW_U5, no_bucket, ERROR, [<LHS trace>,Unknown value from: NSNumber.intValue,Binary operation: ([-oo, +oo] + 1):signed32]