Summary: public
This is an initial version of the Expensive checker which only report violations on direct calls. The main objective is to setup all the files for this new checker.
The next steps are:
1) run the checker in interprocedural mode
2) Save in the summary of a method foo() the annotation attribute Expensive if a direct callee of foo is annotated with Expensive
3) Check that Expensive is enforced by subtyping, i.e. check that non-expensive method cannot be overwritten by a method annotated with Expensive
Reviewed By: cristianoc
Differential Revision: D2629947
fb-gh-sync-id: 0e06f85
Summary: public
Adding a progress bar to the analysis phase to check progress.
The progress bar for the analysing procedures part is just printing dots at the moment and will be
improved soon when we do all the multithreading inside Ocaml.
There is also a no_progress_bar option in the scripts to hide it, for instance in CI.
Reviewed By: cristianoc
Differential Revision: D2625763
fb-gh-sync-id: daf6f96
Summary: public
The context leaks were reported multiple times. If a leaks was found on method `f()` and `g()` calls `f()`, then the same leak was report both in `f()` and in `g()`.
Reviewed By: sblackshear
Differential Revision: D2598110
fb-gh-sync-id: ca90b57
Summary: public
Extends the current activity leak checker to all sort of context leaks.
Reviewed By: sblackshear
Differential Revision: D2572548
fb-gh-sync-id: 9da18e4
Summary: public
This allow to tell Infer to skip the translation of some files. This is especially useful to skip the translation of some generated files following the syntax:
> cat .inferconfig
{
"skip_translation": [
{
"language": "Java",
"source_contains": "_SHOULD_BE_SKIPPED_"
}
]
}
Reviewed By: cristianoc
Differential Revision: D2588095
fb-gh-sync-id: 3fda816
Summary: public Refactoring Printfargs checker a bit to
make it callable from symbolic executor, then calling it.
Reviewed By: jeremydubreil
Differential Revision: D2361286
fb-gh-sync-id: 4b73855
Summary: public
modules are better for namespacing.
How I made this diff:
1. moved list_* functions from utils.ml{,i} to iList.ml{,i}
2. shell commands:
grep '^val ' infer/src/backend/iList.mli | cut -f 2 -d ' ' | tr '\n' ' '
# gives a list of former list_ functions that IList implements, fed into the loops below:
LISTNAMES=" compare equal append combine exists filter flatten flatten_options find fold_left fold_left2 for_all for_all2 hd iter iter2 length fold_right map mem nth partition rev rev_append rev_map sort split stable_sort tl drop_first drop_last rev_with_acc remove_duplicates remove_irrelevant_duplicates merge_sorted_nodup intersect mem_assoc assoc map2 to_string"
# replace " list_*" function calls with IList.* ones
for i in $LISTNAMES; do find . -name '*.ml' -exec sed -i -e "s/ list_$i\b/ IList.$i/g" \{\} \; ; done
# replace (list_* functions with (IList.* ones
for i in $LISTNAMES; do find . -name '*.ml' -exec sed -i -e "s/(list_$i\b/(IList.$i/g" \{\} \; ; done
# ditto with [
for i in $LISTNAMES; do find . -name '*.ml' -exec sed -i -e "s/\[list_$i\b/[IList.$i/g" \{\} \; ; done
3. Then fix up the rest by hand. In particular, stuff that called Utils.list_*
explicitely, and stuff that used the "Fail" exception that has moved to
IList. (may revisit this in the future)
Reviewed By: jeremydubreil, cristianoc
Differential Revision: D2550241
fb-gh-sync-id: cd64b10
Summary: public
Dictionary literals are normally implemented using
`+dictionaryWithObjects:forKeys:count:` but were modeled as
`+dictionaryWithObjectsAndKeys:`
In particular, `@{@"aaa": nil}` would trigger a sentinel error instead of an NPE.
This models dictionary literals as a special infer builtin that the backend
interprets so as to give NPEs when passed nil objects or keys.
Reviewed By: dulmarod
Differential Revision: D2550039
fb-gh-sync-id: 1a10656
Summary: @public
There was an inconsistency with the type of `stats.json` created by `inferlib.py` and InferAnalyze. This diff cleans up the thing and uses two different files to saves the statistics to clarify what gets created by the analysis, i.e. `proc_stats.json` and what gets created all the time `stats.json`.
Reviewed By: @sblackshear
Differential Revision: D2500517
Summary: @public Infer previously did not work correctly when a function returns the result of a skip function:
```
retUndef() {
x = undefined();
return x;
}
derefUndef() {
y = retUndef();
y.doSomething(); // Symexec_memory_error here, prevents spec inference
}
```
The problem is that angelic mode did not know to add the return value of `retUndef()` to the footprint.
This diff fixes the problem by adding return values marked with the `Aundef` attribute to the footprint.
This is done lazily (e.g., a value only gets added to the footprint when you try to deref it).
Reviewed By: @jvillard
Differential Revision: D2444929
Summary:
`get_resource_or_undef` attribute is weird and was causing problems for me in another diff.
This diff refactors the attribute categories to make resource and undef separate.
Summary:
Some build systems compile files both under the project root and under temporary
directories (e.g., /tmp), so there need not be a single project root. Just use absolute paths
in the case that we can't resolve a relative path from the project root.
Summary:
Move proc_attributes to a separate module.
Field err_log, in common between proc desc and summary, can now be moved to ProcAttributes without creating cycles of dependencies.
Summary:
There's a lot of overlap between the representation of a proc desc and a spec summary. This diff moves all the data in common to the single record proc_attributes defined in Sil.
This gives a unified way of accessing most of the data carried by a procedure, whether it is contained in a proc desc or a spec. Also, it ensures that there is a single flow of information from proc desc to spec in the back-end, making sure that the information represented stays consistent.
Summary:
Errors arising from overriding methods defined in other files were not reported, because during parallel analysis the clusters did not have access to overridden methods, so could not load their annotation.
Changed cluster generation to add location information for the methods overridden by the procedures defined in the current cluster.
Summary:
When someone runs --changed-only mode, there is a risk of corrupting the results
for future analyses. The problem is that changed-only mode does not analyze the callers of changed
procedures. If a subsequent analysis relies on the specs of one of these callers, they will be stale
and may give the wrong results. To be concrete, let's say we know `Parent.foo()` calls `Child.bar()` and we do the following rounds of analysis:
Analysis round 1: Analyze all files, including `Parent` and `Child`
Analysis round 2: Analyze `Child.bar()` only with `--changed-only flag`. `Parent.foo()` is now stale.
Analysis round 3: Add procedure `Parent.baz()` that calls `Parent.foo()`, analyze in (any) incremental mode.
The analysis will only analyze `Parent.baz()`. However, the specs for `Parent.foo()` are stale and may give us bad results for `Parent.baz()`. We want the analysis to re-analyze `Parent.baz()`, but before this diff it will not.
This diff fixes this problem by adding a `STALE` status bit to procedure summaries. In `--changed-only` mode,
the callers of a changed procedures are not re-analyzed, but their summaries are marked as stale. For both
`--changed-only` and regular incremental mode, callees of changed procedures that are marked as stale are
re-analyzed even if they have not changed. This is better than a more obvious solution like deleting stale
procedure summaries, since that would force the next analysis to re-analyze all stale procedures even if it
does not need the results for whatever analysis it is doing. This scheme implemented in this diff ensures
that each analysis only does the work that it needs to compute reliable results for its changed procedures.
Summary:
Passing the list of SuppressWarnings annotations detected during the compilation to InferPrint. The next step will be to add support for error filtering in .inferconfig and use the same mechanism. The annotation processor will generate an .inferconfig like config file and use it to suppress the reports.
Summary:
Procdesc comparison can be fragile because internal variable names
and source positions in a procedure can vary even if the procedure stays exactly the
same. This diff makes pdesc comparisons less fragile by defining structural comparsions
over instructions, nodes and expressions. These structural comparsions work by lazily
creating a mapping between names in the two procdesc's that and checking that the mapped
names are used consistently.
Summary: Another step toward getting procedure-level incrementality for Infer. Here, we just assume that *all* procs in a file have changed when the file changes, but we will filter this list using the pd_changed field of the procdesc for each procedure in the future.
Summary: Handler.postDelayed keeps a persistent reference to its Runnable argument that may cause a memory leak if an Activity is reachable from the Runnable.
Summary: The Nullable checker reported FP's when a Nullable field/param was reassigned to a non-Nullable value in the footprint. This diff fixes the problem.
Summary:
This diff allows to use to make Infer failing when using the function `failwith`. This is especially useful to use while applying complex refactoring.
Summary: Infer cannot tell if a procdesc has changed across procedure runs. If we want procedure-level incrementality, it has to know how to compute this information. This diff implements this capability by comparing a procdesc to an existing one before it is saved to disk, and marking the new one as unchanged if applicable.
Summary:
When detecting a resource leak, Infer used to raise an Leak exception and then prevent the specs to be computed for the paths containing a leak. This diff prevents resource leak to stop the analysis.
Summary:
Creating a persistent reference to an Activity leads to a nasty form of memory leaks (see http://android-developers.blogspot.com/2009/01/avoiding-memory-leaks.html, https://corner.squareup.com/2015/05/leak-canary.html). There are many ways to create a bad persistent reference to an Activity, but the most obvious one is via a static field.
This diff implements a very simple form of Activity leak checking by inspecting postconditions to see if a subtype of Activity is reachable from a static field (and it reports an error if so). This is a very simple and limited form of leak checking that does not understand the Android lifecycle at all. In particular, if one creates a persistent reference to an Activity and then nulls it out in `onDestroy` (a reasonably common pattern), this approach will wrongly report a bug.
Summary:
The methods in objc can have the same name in the same class, but one be instance and the other class,
so that we need to take the instance flag into account when defining unique names for ObjC methods.
Summary:
While `-results_dir` is still the main place to look for specs files and to write reports,
it's necessary to load specs from multiple folders because some build tools that run Infer with a target-level granularity may need to move specs files around in order to get complete reports, whereas with this change they just need to keep track of the `specs` folders generated for each target, and pass them through `-lib dir1 -lib dir2 ... -lib dirN`
Summary:
The symbolic execution was not stopping in case an unitialized dangling pointer was
passed to a function and then dereferenced inside the callee.
What would happen is that a wrong footprint would be added to the unititialized pointer
at the end of the function call in the caller proposition.
This checks that if we do:
frame * new_footprint
checks that we do not add heap predicates to the frame into uninitialized local variables.
If we can identify the variable then we raise a danglind pointer dereference. If instead
we cannot give a good explanation we give an internal error.
The latter case should be temporary. We should find a general way to raise dangling pointer
deref instead of the internal error.
I also fixed the model of getc that was the way I found the problem.
Summary:
This is small code cleanup of the code to report leaks. No functional changes, just removing code that is longer used and reorganising the control flow.
Summary:
This commit is the result of
`find infer/src -name '*.ml' -or -name '*.mli' -exec ocp-indent -i \{\} \;`
and
`INFER_CHECK_COPYRIGHT=1 InferPrint`
Summary:
The old scheme for pruning away garbage from abducted retvars/abducted params passed by ref failed to eliminate garbage in the pure constraints (pi). This occasionally caused PRECONDITION_NOT_FOUND errors that stop the analysis.
Summary:
In preparation for C++ methods, we need to have type with
class, method, mangled (for overloading?)
1. Change objc method to support it
2. Do some renames to be less confusing
Summary:
This adds a sentinel check every time a function carrying a sentinel attribute
is called, regardless of whether we have a definition for that function or not.
Summary:
This attribute was used to tag arguments to variadic functions, as a way to
detect premature sentinels. The approach to detect premature sentinels has
changed making it obsolete.
Summary:
Treat `arrayWithObjects` as a special case of a sentinel attribute check. This
will make it easier to extend to other variadic functions that use a sentinel
attribute.
This also removes the need for the `Sil.Avariadic_function_argument` attribute,
which will be removed in a subsequent diff.
Summary:
the name of the return variable of a procedure only depends on the name of that procedure. This simplifies the need for the procedure description in a couple of places
Summary:
This is a refactoring diff with no functional changes in order to move the code using the procedure description of the callees in a single place, in order to replace the approach to use a summary instead in a subsequent step.
Summary:
This reverts commit 306f5b71c24042c89f71848898402cbc9269c543.
Turns out that developers think that this bugs should be fixed. So leaving it in for now until I gather more information.
Summary:
@public
There are many FPs of the form init method that contains
if ((self = [super initWithFrame:frame])) {
...
}
return self;
then an object being initialised with that constructor and added to an array or dictionary.
There we flag NPE and very likely that won't be a bug. So I'm removing the option for self
to be nil in the constructor, which should solve the problem.
Test Plan: Changed the relevant test.
Summary:
@public
Previously, if the close() method was throwing an exception, then code overriding the file attribute with a mem attribute would be skipped, resulting in reporting a wrong resource leak. This diff fixes this.
Test Plan: Added new end-to-end tests which would previously have been failing
Summary:
@public
This is a non-functional refactoring to remove the need for having the procedure description of the callee when execution function calls.
Test Plan: Infer CI. Expecting no change in the results.
Summary: @publicThe first argument of builtin calls in C gets translated twice, which is bad if the argument is a side-effecting expression like a function call.
Test Plan: Attached test previously reported a memory leak because the translation introduces an extra call to malloc(), now reports nothing.
Summary:
@public
Currently InferAnalyze always adds bucket to the message. Later, python code
strips it, but not everywhere. Changes:
1. Since it's easy to not write bucket in ocaml, stop writing them by default.
2. Add option to print them to InferAnalyze and pass it if infer is in debug mode.
Test Plan:
1. Run on openssl, confirm that no bucket info is written to stdout and csv
2. Run on small example in debug mode and see buckets on stdout
Summary:
@public
Using InferBuiltins.assume previously caused an assertion failure in the analyzer. Fixed this, and fixed the implementation of the assume builtin to block when the assumed condition cannot hold.
Test Plan: Added several new tests.
Summary:
@public
This adds basic support for function attributes in Sil, and for translating
attributes from the clang frontend to these new Sil attributes. For now only
the sentinel attribute is translated.
Note that attributes normally have parameters, but they are currently missing
from the clang plugin.
Test Plan:
Add
(match Sil.get_sentinel_func_attribute_value (Cfg.Procdesc.get_attributes callee_pdesc).Sil.func_attributes with
| Some _ -> L.out "found sentinel attribute!\n"
| _ -> ());
between lines 947 and 948 of symbExec.ml, then analyze a file containing:
int add_all_ints(int a, ...) __attribute__ ((sentinel));
int foo(void) { return add_all_ints(1, 2, 3, (void *)0); }
then `grep 'found sentinel' infer-out/log/analyzer_out`
-> the sentinel attribute is correctly passed from the frontend to the backend.
Summary:
@public
This changes "Starting analysis" into
"Starting analysis (Infer version XXX)".
Test Plan:
infer -- clang -c hello.c
shows "Starting analysis (Infer version git-6b9fb8838bcabd2af881554d296963a849b14f50)"
jrm
Dino Distefano
Dulma Rodriguez
Cristiano Calcagno
Jules Villard
Sam Blackshear
martinoluca
Rohan Jacob-Rao
Andrzej Kotulski
Open Source Synchronization