Summary:
Deabbreviate CommandLineOption.exe type constructors, which correspond
to the various infer executables.
Reviewed By: cristianoc
Differential Revision: D3455942
fbshipit-source-id: f25ed77
Summary:
The code to set the minor heap size confused bytes and words, and so was
off by a factor 8. Fortunately it attempted to set the minor heap to
1MB and got the better value of 8MB instead.
Reviewed By: cristianoc
Differential Revision: D3455937
fbshipit-source-id: 48d0e23
Summary:
Two phase parsing of command line options, part of unifying command
line options and .inferconfig, broke the --help and --help-full usage
messages. This diff fixes them.
Reviewed By: jvillard
Differential Revision: D3435521
fbshipit-source-id: d4ecbb1
Summary:
Now that array types record only static - and therefore constant -
lengths, Sil typ and exp no longer need to be mutually recursive.
This diff:
- splits the recursion in the type definitions of typ and exp,
- splits the recursion in the comparison and pretty-printing
functions,
- and then refactors typ into a separate module.
Reviewed By: cristianoc
Differential Revision: D3423575
fbshipit-source-id: 6130630
Summary:
This diff refactors Sil.Int, which represents integer literals, into a
separate module IntLit. There are no dependencies forcing Sil.Int to
be a submodule of Sil, and it is also no simpler as a submodule.
Reviewed By: cristianoc
Differential Revision: D3422910
fbshipit-source-id: 63013f2
Summary:
Change int_compare to avoid overflow, without generating a call to a C
function or any branch instructions.
Reviewed By: cristianoc
Differential Revision: D3417671
fbshipit-source-id: e4c5d7b
Summary:
Array types where the length is not statically known were represented
using fresh variables. This diff:
- Makes array type length optional, reducing the amount of work needed
for renaming, substitution, and normalization.
- Revises uses of array length so that the length component of a
Tarray type represents only the statically determined constant
length of an array type, and the length component of a Sizeof
expression represents the dynamically determined length of an array
value.
- Restricts the type of static lengths from a general expression
(Sil.exp) to an integer (Sil.Int.t), enforcing that static types are
constant. This in particular ensures that types contain no
variables, and so are invariant under operations such as renaming
and substitution.
- Removes the type substitution and renaming functions typ_sub,
typ_normalize, and typ_captured_ren. Now that array type lengths
are constant integers, all of these functions are the identity.
Reviewed By: cristianoc
Differential Revision: D3387343
fbshipit-source-id: b5db768
Summary:
The extra dereference in stmtexpr was wrong. When a dereference is needed, we have a cast.
This was causing one dereference too many, and creating wrong results.
Reviewed By: akotulski
Differential Revision: D3393294
fbshipit-source-id: 7a1ec8e
Summary:
This diff extends Sizeof expressions with an optional expression for the
length of the final extensible array, if any. For example, sizeof a
simple array `sizeof(t[n])` is represented by (modulo subtyping info)
`Sizeof t (Some n)`, and sizeof a struct whose final member is an array
`sizeof(struct s {... t[n] f})` is represented by `Sizeof (struct s
{... t[n] f}) (Some n)`.
This is an intermediate step toward eliminating expressions from types,
the redundancy between the length in the types and in the sizeof
expressions will be eliminated later.
Reviewed By: cristianoc
Differential Revision: D3358763
fbshipit-source-id: 2239bca
Summary:
Hardcoding `variable@` in Makefiles is Bad™ because it prevents the users from
overwriting them easily with `make variable="my custom value"`. The right way
to do it is thus:
```
variable = variable@
# then use $(variable) everywhere
```
This diff puts all the `variable = variable@` lines in Makefile.config.in, and
changes every occurrence of a `variable@` to `$(variable)` everywhere else.
I mostly automated generating this diff. Here are the steps I did:
- find out which `variable@`s we use:
find . -name 'Makefile*' -exec grep -e '@[^@ []\+@' -o -h \{\} \+ | sort | uniq > config_variables
- write this `replace.sh` script to replace every `variable@` with `$(variable)`:
```
#!/bin/sh
config_vars_file=$1
shift
for line in $(cat $config_vars_file); do
var=$(echo $line | tr -d @)
sed -i -e "s/$line/\$($var)/g" $@ > /dev/null
done
```
- run the script as such:
find . -name 'Makefile.*in' \( -not -wholename './Makefile.config.in' \) -exec ./replace.sh config_variables \{\} \+
- put all the `VARIABLE = VARIABLE@` lines in Makefile.config.in
- move all `Makefile.in` to `Makefile`, since they don't need to be generated by `./configure` anymore:
```
for i in $(find . -name 'Makefile.*in' \( -not -wholename './Makefile.config.in' \)); do \
rm $(dirname $i)/$(basename $i .in) && git mv $i $(dirname $i)/$(basename $i .in) ; \
done
```
- delete all Makefile except Makefile.config from configure.ac
- manually inspect and remove remaining instances of `VAR = $(VAR)` in makefiles, looking at the output of `git grep '^\(\w\+\) = $(\1)'`
Reviewed By: jberdine
Differential Revision: D3358379
fbshipit-source-id: 5d37f02
Summary:
Recent changes in the makefile seem to have made this dependency disappear and
now nothing builds it!
Reviewed By: akotulski
Differential Revision: D3352670
fbshipit-source-id: 8657e89
Summary:
This change introduces a new binary, called `InferStatsAggregator`, that once invoked, aggregates
together all the stats generated by the single invocations of frontend/backend/reporting, that can
be used for performance measurements.
Reviewed By: jvillard
Differential Revision: D3317000
fbshipit-source-id: 61ec615
Summary:
We stopped including the directories for java/clang/llvm with the change in the
makefile. `ocamlbuild` seems to be mostly happy still.
Reviewed By: jberdine
Differential Revision: D3352703
fbshipit-source-id: 5b4e763
Summary:
Pass object by reference every time struct object is passed by value
in C++. Do it only for C++/objC++ where we have guarantee that the
object which is passed will be temporary one (created by copy constructor).
Reviewed By: jberdine
Differential Revision: D3346271
fbshipit-source-id: d3e5daa
Summary: I missed that codepath and it lead to NULL_DEREFERENCE errors when in fact they should be EMPTY_VECTOR_ACCESS
Reviewed By: jvillard
Differential Revision: D3340627
fbshipit-source-id: 52ae85f
Summary:
Make analyzer find out when null dereference comes from std::vector method.
If it does, it means that it's really empty vector access (due to the
way infer models std::vector)
Reviewed By: sblackshear
Differential Revision: D3327933
fbshipit-source-id: b9e11d6
Summary:
Optimize retries in deserialization by opening the file only once
instead of once per retry. Also ensure that the file is closed on
failure. This reduces memory leaked for unclosed channels.
Reviewed By: jvillard, cristianoc
Differential Revision: D3321132
fbshipit-source-id: 05e6ff0
Summary: Fix apparent bug in sym_eval, where struct fields could be reversed.
Reviewed By: cristianoc
Differential Revision: D3333035
fbshipit-source-id: 4ccc859
Summary:
The typ_iter_types, exp_iter_types, and instr_iter_types functions of
Sil are unused.
Reviewed By: cristianoc
Differential Revision: D3332878
fbshipit-source-id: e8d8f71
Summary:
Optimize attribute loading by caching all attributes read from file in
memory. This reduces io and allocation rate and raises memory usage.
Reviewed By: cristianoc
Differential Revision: D3321156
fbshipit-source-id: 37bc6bc
Summary:
End of the migration of .inferconfig-specific options into options accepted
both by .inferconfig and the CLI.
Reviewed By: jberdine
Differential Revision: D3304798
fbshipit-source-id: 14f6833
Summary:
Part of the migration of .inferconfig-specific options into options accepted
both by .inferconfig and the CLI.
This changes the behaviour of Infer in that we now create matchers eagerly
instead of lazily. I think it's ok because I suspect what's really important is
not laziness but memoisation, and thus laziness was just an implementation
detail. If I'm wrong please yell, it should be easy to revert to a lazy
behaviour if really needed.
Reviewed By: jberdine
Differential Revision: D3304792
fbshipit-source-id: 1ddde6d
Summary:
Part of the migration of .inferconfig-specific options into options accepted
both by .inferconfig and the CLI.
Reviewed By: jberdine
Differential Revision: D3304785
fbshipit-source-id: e0204e9
Summary:
Part of the migration of .inferconfig-specific options into options accepted
both by .inferconfig and the CLI.
Reviewed By: jberdine
Differential Revision: D3322508
fbshipit-source-id: 1820a9d
Summary:
Part of the migration of .inferconfig-specific options into options accepted
both by .inferconfig and the CLI.
Reviewed By: jberdine
Differential Revision: D3304784
fbshipit-source-id: 0c39b39
Summary:
- `test_build` now also test that the OSS build works if we're inside the internal repo
- remove some "if java/clang" in the test targets, since tests work under the
assumption that all the analyzers are to be tested.
Reviewed By: jberdine
Differential Revision: D3305088
fbshipit-source-id: 142fc49
Summary:
`make clean all test` worked, but not `make clean test` because `test` only
builds stuff in infer/src/ (no models, no infer/bin/infer). For now, fix the
workflow by building both `infer` and `test_build` in different directories (so
they can be parallelized).
Reviewed By: jberdine
Differential Revision: D3322797
fbshipit-source-id: 71d146d
Summary:
Part of the migration of .inferconfig-specific options into options accepted
both by .inferconfig and the CLI.
Reviewed By: jberdine
Differential Revision: D3304783
fbshipit-source-id: 4a7ee6f
Summary:
Any option accepted by infer/InferAnalyze/... can now appear in
.inferconfig and will be interpreted accordingly. Options in .inferconfig
are overriden by both env vars parameters and command line
arguments.
To achieve this, we do a first round of parsing that only acts on the
flags necessary to find out where .inferconfig lives. Then we serialise
the contents of the json file into the format expected by command-line
arguments, and use a trick similar to the way we handle env variables to
interpret the json arguments.
Reviewed By: jberdine
Differential Revision: D3298379
fbshipit-source-id: 12b7d57
Summary:
Build everything at once all the time. This removes the need for multiple
directories, which were a hassle to begin with.
This removes the `java`, `clang`, and `llvm` targets in various Makefiles as
well.
Reviewed By: jberdine
Differential Revision: D3317230
fbshipit-source-id: 8e86140
Summary:
Now we can add to inferconfig an option
skip-translation-file to skip completely the translation
and analysis of some file.
Reviewed By: jberdine
Differential Revision: D3311129
fbshipit-source-id: 58fd179
Summary:
Add a Makefile to convert files to reason, to help with rebasing over
the conversion.
Reviewed By: jvillard
Differential Revision: D3316674
fbshipit-source-id: 8abcbe0
Summary:
If we see a read of a field f annotated with GuardedBy("mLock"), we spring into action.
What we do is look for some hpred `A.mLock |-> B` and return `B` as the "guarded-by object".
Once we have models for montitorenter/exit in place, `B.__inferIsLocked = true` will mean "lock held", and `B.__inferIsLocked = false` will mean "lock not held".
Reviewed By: jvillard
Differential Revision: D3316288
fbshipit-source-id: 8625e04
Summary:
Parse the inferconfig_home and project_root options in a separate phase
before other options. This enables using their values to e.g. find the
inferconfig file and process it prior to full option parsing.
Reviewed By: jvillard
Differential Revision: D3302143
fbshipit-source-id: a1f9175
Summary:
Non-fatal warnings are only checked by `make -C infer/src test_build`,
which should be part of `make test`
Reviewed By: sblackshear
Differential Revision: D3301913
fbshipit-source-id: 8196e03
Summary:
Create model of C++ std::vector to find occurrences when vector which might be empty is accessed. Do it by triggering null dereference every time empty vector access is performed.
Note: model will be used only when c++11 (or c++14) are used.
Reviewed By: sblackshear
Differential Revision: D3276203
fbshipit-source-id: 420a95a
Summary:
The checkers check was causing perf issues because it kept loading the json of
inferconfig. To prevent this from happening again, load json files inside
config.ml, and only export `Yojson.Basic.json Lazy.t` values to other modules.
Also move the list of checks disabled by default into config.ml for better
discoverability.
Reviewed By: jberdine
Differential Revision: D3293041
fbshipit-source-id: 4a38b26
Summary:
F for files, . for procedures, and a few more for developer mode.
Also add the crash message to the crash symbol, because if infer crashes we
want as much information as possible.
```
$ infer -- javac Hello.java
Starting analysis (Infer version v0.8.1-8e8c6fa)
legend:
"F" analyzing a file
"." analyzing a procedure
F..
Analyzed 1 file
Found 1 issue
Hello.java:13: error: NULL_DEREFERENCE
object s last assigned on line 12 could be null and is dereferenced at line 13
11. int test() {
12. String s = null;
13. > return s.length();
14. }
15. }
16.
Summary of the reports
NULL_DEREFERENCE: 1
$ infer -g -- javac Hello.java
...
Starting analysis (Infer version v0.8.1-8e8c6fa)
legend:
"F" analyzing a file
"." analyzing a procedure
"C" analyzer crashed
"T" timeout: procedure analysis took too much time
"S" timeout: procedure analysis took too many symbolic execution steps
"R" timeout: procedure analysis took too many recursive iterations
...
```
Reviewed By: sblackshear
Differential Revision: D3288081
fbshipit-source-id: becea34
Summary:
Reimplement command line options in preparation for uniformly passing
options from the top-level infer driver that invokes a build command
through the build system to the descendant infer processes.
All command line options of all executables are collected into Config,
and declared using a new CommandLineOption module that supports
maintining backward compatibility with the current command line
interface. Very few values representing command line options are
mutable now, as they are set once during parsing but are constant
thereafter. All ordering dependencies are contained within the
implementation of Config, and the implementation of Config is careful to
avoid unintended interactions and ordering dependencies between options.
Reviewed By: jvillard
Differential Revision: D3273345
fbshipit-source-id: 8e8c6fa
Summary:
Add a module target to the src Makefile that builds a single module and
its dependencies, perhaps with extra flags. Useful for generating
assembly or interfaces, as well as directing the typechecker when
refactoring.
Execute: `make INFER_CFLAGS=<flags> M=<Module>.cm{o,x} module`
Reviewed By: jeremydubreil
Differential Revision: D3273437
fb-gh-sync-id: 65a51d6
fbshipit-source-id: 65a51d6
Summary:
Handle building in debug mode by passing command line options set in
the Makefile, as all the other configuration of ocamlbuild is done
through command line options.
Reviewed By: jvillard
Differential Revision: D3202085
fb-gh-sync-id: d467019
fbshipit-source-id: d467019
Summary:
The computation of the perf stats file did not work in case -cluster was
passed a (relative) path.
Also, do not fail if the perf stats file cannot be opened/written, just
log a warning to stdout.
Reviewed By: jvillard
Differential Revision: D3269727
fb-gh-sync-id: c141ffa
fbshipit-source-id: c141ffa
Summary:
- [python] decode strings coming from `os.*` commands
- [python] decode strings coming from the command-line
- [python] encode a few remaining unicodes into strings
- [java] replace lex/yacc parser for javac verbose output by regex-based matching to handle unicode in paths
- [make] random fix of `make test` to have `make clean test` work
- [integration tests] add e2e build integration tests for utf8 in the PWD
Closes#76
Reviewed By: martinoluca
Differential Revision: D3240809
fb-gh-sync-id: 8c2e1ed
fbshipit-source-id: 8c2e1ed
Summary:
Results of AbsInt checkers are node id -> abstract state maps.
It's hard to compare/combine the results of multiple analyses if the node id types are different.
Needed for the upcoming improvements of the preanalysis.
Reviewed By: jvillard
Differential Revision: D3235669
fb-gh-sync-id: c5251cf
fbshipit-source-id: c5251cf
Summary:
The case where the right hand side of the `Letderef` expression is an identifier was missing. With this diff, the following example is now working as expected:
class A {
public Object foo() {
return new Object();
}
}
class B extends A {
public Object foo() {
return null;
}
}
public class Test {
static Object bar(A a) {
return a.foo();
}
static void shoulReport() {
B b = new B();
bar(b).toString();
}
}
using the command:
INFER_LAZY_DYNAMIC_DISPATCH=1 infer -- javac Test.java
Reviewed By: sblackshear
Differential Revision: D3238986
fb-gh-sync-id: d6059fb
fbshipit-source-id: d6059fb
Summary:
The philosophy of the tracing mode reporting is to not report the errors in a method if reaching this error does depend on information that can be false at call site. Typically with:
void foo(Object obj, int x) {
if (x == 3) {
obj.toString();
}
}
it may be that we always call `foo` with a non-null parameter or `x != 3`.
Thechnically, the reporting code matches the pairs of the form (precondition, error) and filtering out the cases where the precondtions was not imposing constraints on the calling context, and report the other cases. So the NPE could be reported in the following case:
void bar() {
foo(null, 3);
}
However, we were missing the case where there was anyway no way to call a method in a safe way, i.e. all the preconditions were of the form: (precondition, error), for example:
void baz(boolean b) {
if (b) {
foo(null, 3);
} else {
foo(null, 3);
}
}
In that case, the summary is of the form
PRE (1): b = false
POST: NullPointerException
PRE (2): b = true
POST: NullPointerException
In which case it is legit to report `NullPointerException` in `baz`.
Reviewed By: sblackshear, jberdine
Differential Revision: D3220501
fb-gh-sync-id: 7fb7d70
fbshipit-source-id: 7fb7d70
Summary: So that we no longer have to run `Tabulation.prop_is_exn` before running `Tabulation.prop_get_exn_name`.
Reviewed By: jberdine
Differential Revision: D3222545
fb-gh-sync-id: a7faa06
fbshipit-source-id: a7faa06
Summary:
As suggested in the discussion https://github.com/facebook/infer/issues/326 this pull request implements
```ocaml
get_overriden_method : Tenv.t -> Procname.java -> Procname.t
```
to get the method of a superclass that is being overridden by a specific java pname.
I thought of unit test this, but unfortunately I wasn't able to figure out how to create the proper context with OUnit2. Perhaps the easiest way to test this will be integration tests.
Feel free to reject the pull request if unit tests are mandatory (or for any other reason, of course).
Closes https://github.com/facebook/infer/pull/341
Reviewed By: jeremydubreil
Differential Revision: D3221254
Pulled By: sblackshear
fb-gh-sync-id: 9c26258
fbshipit-source-id: 9c26258
Summary:
I ran perf on rocksdb analysis and found out that ~40% of time is spent inside ocaml GC originating
from Prop.typ_normalize.
After this change, profile shows that GC is ~2% and Prop.typ_normalize takes 50% of the time.
Reviewed By: jberdine
Differential Revision: D3219113
fb-gh-sync-id: 27c34d9
fbshipit-source-id: 27c34d9
Summary:Local variable created by conditional operator translation is now declared in scope of whole
procedure. Semantically there is no difference, hopefuly backend will not complain about this
change. Also, nullifying that variable is deferred to preanalysis instead of calling it manually
Reviewed By: jvillard
Differential Revision: D3155733
fb-gh-sync-id: 6cec8fc
fbshipit-source-id: 6cec8fc
Summary: For performance critical sections of the code, this checker detects memory allocations or calls to methods annotated as expensive. However, such cases of memory allocations or expensive calls are acceptable is occuring in rare cases. This diff adds supports for the "unlikely" branch prediction method and does not track expensive calls in unlikely branches.
Reviewed By: sblackshear
Differential Revision: D3193473
fb-gh-sync-id: ea87e49
fbshipit-source-id: ea87e49