From f28d75c910d6158b2db84cabef1354356512ea6e Mon Sep 17 00:00:00 2001 From: Dulma Churchill Date: Tue, 28 Apr 2020 08:37:41 -0700 Subject: [PATCH] [pulse] Add model for malloc_no_fail Summary: We model `malloc` in Objective-C as `malloc_not_fail` I think because the null case is not normally handled in iOS apps because the OS will just killed the app after giving some memory warnings. So adding `malloc_not_fail` model to Pulse. Reviewed By: jvillard Differential Revision: D21278527 fbshipit-source-id: 17a5008fe --- infer/src/pulse/PulseModels.ml | 1 + .../codetoanalyze/objc/pulse/MallocInObjC.m | 16 ++++++++++++++++ infer/tests/codetoanalyze/objc/pulse/issues.exp | 1 + 3 files changed, 18 insertions(+) create mode 100644 infer/tests/codetoanalyze/objc/pulse/MallocInObjC.m diff --git a/infer/src/pulse/PulseModels.ml b/infer/src/pulse/PulseModels.ml index 69b4f0591..58954264a 100644 --- a/infer/src/pulse/PulseModels.ml +++ b/infer/src/pulse/PulseModels.ml @@ -677,6 +677,7 @@ module ProcNameDispatcher = struct ; -"CFBridgingRelease" <>$ capt_arg_payload $--> C.cf_bridging_release ; +match_builtin BuiltinDecl.__free_cf <>$ capt_arg_payload $--> C.cf_bridging_release ; +PatternMatch.ObjectiveC.is_modelled_as_alloc &++> C.malloc_not_null + ; +match_builtin BuiltinDecl.malloc_no_fail <>$ capt_arg_payload $--> C.malloc_not_null ; +PatternMatch.ObjectiveC.is_modelled_as_free <>$ capt_arg_payload $--> C.free ] end diff --git a/infer/tests/codetoanalyze/objc/pulse/MallocInObjC.m b/infer/tests/codetoanalyze/objc/pulse/MallocInObjC.m new file mode 100644 index 000000000..dfbc75d3e --- /dev/null +++ b/infer/tests/codetoanalyze/objc/pulse/MallocInObjC.m @@ -0,0 +1,16 @@ +/* + * Copyright (c) Facebook, Inc. and its affiliates. + * + * This source code is licensed under the MIT license found in the + * LICENSE file in the root directory of this source tree. + */ +#import + +void wrap_free(void* x) { free(x); } + +void interproc_free_ok() { + int* p = malloc(sizeof(int)); + wrap_free(p); +} + +void leak_bad() { int* p = malloc(sizeof(int)); } diff --git a/infer/tests/codetoanalyze/objc/pulse/issues.exp b/infer/tests/codetoanalyze/objc/pulse/issues.exp index aa6c9bdb3..285b54ad4 100644 --- a/infer/tests/codetoanalyze/objc/pulse/issues.exp +++ b/infer/tests/codetoanalyze/objc/pulse/issues.exp @@ -1,4 +1,5 @@ codetoanalyze/objc/pulse/AllocPatternMemLeak.m, A::create_no_release_leak_bad, 1, PULSE_MEMORY_LEAK, no_bucket, ERROR, [allocation part of the trace starts here,allocated by call to `ABFDataCreate` (modelled),allocation part of the trace ends here,memory becomes unreachable here] +codetoanalyze/objc/pulse/MallocInObjC.m, leak_bad, 0, PULSE_MEMORY_LEAK, no_bucket, ERROR, [allocation part of the trace starts here,allocated by call to `malloc_no_fail` (modelled),allocation part of the trace ends here,memory becomes unreachable here] codetoanalyze/objc/pulse/MemoryLeaks.m, MemoryLeaks::cg_path_create_mutable_leak_bad:, 2, PULSE_MEMORY_LEAK, no_bucket, ERROR, [allocation part of the trace starts here,allocated by call to `CGPathCreateMutable` (modelled),allocation part of the trace ends here,memory becomes unreachable here] codetoanalyze/objc/pulse/MemoryLeaks.m, MemoryLeaks::cg_path_create_with_rect_leak_bad, 3, PULSE_MEMORY_LEAK, no_bucket, ERROR, [allocation part of the trace starts here,allocated by call to `CGPathCreateWithRect` (modelled),allocation part of the trace ends here,memory becomes unreachable here] codetoanalyze/objc/pulse/MemoryLeaks.m, MemoryLeaks::no_bridge_leak_bad, 1, PULSE_MEMORY_LEAK, no_bucket, ERROR, [allocation part of the trace starts here,allocated by call to `CFLocaleCreate` (modelled),allocation part of the trace ends here,memory becomes unreachable here]