Summary: public
Now that we have modules, we can gather string constants in one place only.
Reviewed By: jeremydubreil
Differential Revision: D2615791
fb-gh-sync-id: 7cc21e4
Summary: public
This unclutters infer/bin/ and gives more structure to infer/lib/
Reviewed By: jeremydubreil
Differential Revision: D2605809
fb-gh-sync-id: 508fc2c
Summary: public
Adding a progress bar to the analysis phase to check progress.
The progress bar for the analysing procedures part is just printing dots at the moment and will be
improved soon when we do all the multithreading inside Ocaml.
There is also a no_progress_bar option in the scripts to hide it, for instance in CI.
Reviewed By: cristianoc
Differential Revision: D2625763
fb-gh-sync-id: daf6f96
Summary: public
This is a non-functional refactoring to add a flag to trigger the translation of the procedure description of callees. This allows to check in which cases we still need to procedure description of callees to run the analysis.
Reviewed By: cristianoc
Differential Revision: D2620402
fb-gh-sync-id: 7ef5b5f
Summary: public
Translate CXXConstructExpr that are parts of variable initialization.
Reviewed By: dulmarod
Differential Revision: D2570750
fb-gh-sync-id: 708a457
Summary: public
Type of `this` argument to c++ method call has pointer type.
It's either raw pointer (for `->`) or reference (for `.`).
It was already correct in method declaration and method parameters, but it wasn't correct in method calls. Same thing will apply to constructor expressions.
As a result of this change, we won't expand type when calling methods.
Change to ast_expressions.ml fixes problem with autogenerating getters/setters that produced lvalue types after LValueToRValue cast.
Reviewed By: dulmarod
Differential Revision: D2605756
fb-gh-sync-id: 1027600
Summary: public
If `INFER_RECORD_INTEGRATION_TESTS` is set to 1 then
`./scripts/build_integration_tests.py` will record the results of the tests
instead of checking them.
This modifies the test outputs as they are generated a bit differently from
before.
Reviewed By: jeremydubreil
Differential Revision: D2603764
fb-gh-sync-id: 506111f
Summary: public
The context leaks were reported multiple times. If a leaks was found on method `f()` and `g()` calls `f()`, then the same leak was report both in `f()` and in `g()`.
Reviewed By: sblackshear
Differential Revision: D2598110
fb-gh-sync-id: ca90b57
Summary: public
Adding initial support for Buck for Cxx on the toplevel infer command.
If a `cxx_binary`/`cxx_library` builds with the command `buck build //targetName:target` then the analysis of Infer can be triggered through the `#infer` flavor.
This change configures buck to run Infer, whenever the `#infer` flavor gets passed: just run
`infer --use-flavors -- buck build //targetName:target#infer`
Please note that when using this feature (`--use-flavors`), the toplevel `infer` command has to be launched from the root of the buck project (which is where the `.buckconfig` file is located) and the `#infer` flavor must be passed on the target.
Reviewed By: jvillard
Differential Revision: D2508296
fb-gh-sync-id: 63c0dea
Summary: public
For instance:
cd examples/
infer -- gcc -c hello.c
gives:
Starting analysis (Infer version git-c66ed7b302c996f238b6ec20cfcf4f6193fcbd88)
Analysis done
hello.c:5: error: NULL_DEREFERENCE
pointer s last assigned on line 4 could be null and is dereferenced at line 5, column 3
3. void test() {
4. int *s = NULL;
5. > *s = 42;
6. }
Reviewed By: jeremydubreil
Differential Revision: D2600864
fb-gh-sync-id: 71e0bd4
Summary: public Translate classes and protocols on demand only.
This saves space in the tenv and time. The categories still cannot be translated on demand
because there is no pointer to them from the classes. Andrzej is fixing that.
We had to make cTypes_Decl and the modules for translating classes, protocols and categories mutually
recursive. Moreover, we had to reorder the method for adding classes to the tenv to receive a decl and
return a type.
Reviewed By: ddino
Differential Revision: D2595610
fb-gh-sync-id: ca76068
Summary: public
Add a `--html` options to inferTraceBugs to generate html reports.
Reviewed By: jeremydubreil
Differential Revision: D2595895
fb-gh-sync-id: adfa757
Summary: public
Extends the current activity leak checker to all sort of context leaks.
Reviewed By: sblackshear
Differential Revision: D2572548
fb-gh-sync-id: 9da18e4
Summary: public
The relative path was triggering a bug in ocamlbuild where it would try to
create ".." for some reason, which already exists. Hence `make -C infer clean
checkCopyright` would always fail for instance.
Reviewed By: jeremydubreil
Differential Revision: D2596307
fb-gh-sync-id: 0dd8d9f
Summary: public
The harness was created all the time but we do not report issues comming from the harness right now. The option:
infer --android-harness -- <build command>
Allows to create the harness
Reviewed By: sblackshear
Differential Revision: D2595211
fb-gh-sync-id: c7a6dc5
Summary: public
This allow to tell Infer to skip the translation of some files. This is especially useful to skip the translation of some generated files following the syntax:
> cat .inferconfig
{
"skip_translation": [
{
"language": "Java",
"source_contains": "_SHOULD_BE_SKIPPED_"
}
]
}
Reviewed By: cristianoc
Differential Revision: D2588095
fb-gh-sync-id: 3fda816
Summary: public
In C pre-increment/decrement returns rvalue, but in C++ it returns lvalue.
Make translation aware of the difference and treat these cases differently.
Reviewed By: ddino
Differential Revision: D2575136
fb-gh-sync-id: 952c095
Summary: public
Translating structs and C++ classes only on demand. This reduces the size of the tenv and
saves analysis time.
Reviewed By: ddino
Differential Revision: D2575008
fb-gh-sync-id: b29da2a
Summary: public
Update clang plugin version that has following changes:
1. Don't dump DeclContext as a part of BlockDecl
2. Add location information to C++ constructor initializers
This diff is making infer compatible with these changes by
1. Making infer compile
2. Reading location information from c++ constructor initializers so we don't miss update to line number
Reviewed By: dulmarod
Differential Revision: D2575066
fb-gh-sync-id: 6dc594a
Summary: public
Refactor translation of C++ method calls so that we get two parts:
1. Get Sil code for method address and this expression
2. Given method address, this expression and list of paramter statements, create Call instruction
This will allow us to share more code with C++ constructor calls that do (1) differently, but
(2) will be shared
Reviewed By: dulmarod
Differential Revision: D2570712
fb-gh-sync-id: 9c6c3e4
Summary: public
The option `-a compile` was previously doing the same thing as `-a capture`. This option is very useful to debug the integration with the build systems.
Reviewed By: jvillard
Differential Revision: D2554816
fb-gh-sync-id: 95f32c2
Summary: public
Remove spurious recursion between type and function declarations in the files
generated via `atdgen`. This speeds up the compilation time of `make clang` by
almost half (one-shot measurements: 59s -> 36s).
Silence warning 39 on this generated code to make compilation pass.
Reviewed By: akotulski
Differential Revision: D2570506
fb-gh-sync-id: 8edba22
Summary: public This diff fixes incorrect mangling of captured variables in blocks. Because they are formals,
they shouldn't be mangled, but this case was not taken into account. This caused an assert false in the
example infer/tests/codetoanalyze/objc/frontend/block/block.m which wasn't caught before because there
wasn't an endtoend test for it.
Reviewed By: akotulski
Differential Revision: D2560379
fb-gh-sync-id: db500b6
Summary: public
Adds incomplete translation of constructor bodies. Treat constructors as
methods with something 'extra'.
We still don't translate initializer lists, just pass the information to cTrans
where it's ignored
Reviewed By: dulmarod
Differential Revision: D2550214
fb-gh-sync-id: 102c13a
Summary: public anonymous types have file:line in its name.
Since file is relative path, type name can have '/' in its name.
This is very fragile since we might create file wiht typename in its name (for example for methods).
Replacing '/' with '_' should make frontend more resilient to failure.
Translation of anonymous structs is still pretty fragile (due to relative path in its name),
but at least it doesn't crash frontend
Reviewed By: dulmarod
Differential Revision: D2559936
fb-gh-sync-id: 647fd7f
Summary: public
Just some refactoring and renaming of Makefile variables.
Reviewed By: jeremydubreil
Differential Revision: D2555766
fb-gh-sync-id: 5b7d4ff
Summary: public Refactoring Printfargs checker a bit to
make it callable from symbolic executor, then calling it.
Reviewed By: jeremydubreil
Differential Revision: D2361286
fb-gh-sync-id: 4b73855
Summary: public
modules are better for namespacing.
How I made this diff:
1. moved list_* functions from utils.ml{,i} to iList.ml{,i}
2. shell commands:
grep '^val ' infer/src/backend/iList.mli | cut -f 2 -d ' ' | tr '\n' ' '
# gives a list of former list_ functions that IList implements, fed into the loops below:
LISTNAMES=" compare equal append combine exists filter flatten flatten_options find fold_left fold_left2 for_all for_all2 hd iter iter2 length fold_right map mem nth partition rev rev_append rev_map sort split stable_sort tl drop_first drop_last rev_with_acc remove_duplicates remove_irrelevant_duplicates merge_sorted_nodup intersect mem_assoc assoc map2 to_string"
# replace " list_*" function calls with IList.* ones
for i in $LISTNAMES; do find . -name '*.ml' -exec sed -i -e "s/ list_$i\b/ IList.$i/g" \{\} \; ; done
# replace (list_* functions with (IList.* ones
for i in $LISTNAMES; do find . -name '*.ml' -exec sed -i -e "s/(list_$i\b/(IList.$i/g" \{\} \; ; done
# ditto with [
for i in $LISTNAMES; do find . -name '*.ml' -exec sed -i -e "s/\[list_$i\b/[IList.$i/g" \{\} \; ; done
3. Then fix up the rest by hand. In particular, stuff that called Utils.list_*
explicitely, and stuff that used the "Fail" exception that has moved to
IList. (may revisit this in the future)
Reviewed By: jeremydubreil, cristianoc
Differential Revision: D2550241
fb-gh-sync-id: cd64b10
Summary: public
C++ assignment operation result is lvalue, while in C it was rvalue.
This leads to different AST produced by clang for then same code!
Use language information from clang (`-x` flag) to distinguish these cases.
More specifically, let's look at following code:
int r;
int f = (r = 3);
// type of (r = 3) expression:
// C/objC -> int rvalue
// C++/objC++ -> int lvalue
Existing code did extra dereference because it was rvalue in C and there was no cast afterwards
in C++ there will be extra LValueToRvalue cast when neccesary so we don't have to do extra dereference manually
Reference:
http://en.cppreference.com/w/c/language/value_category (search for 'assignment and compound assignment operators')
NOTE: AST output doesn't change when something is hidden behind `extern "C"`, so we should use global language information
Reviewed By: ddino
Differential Revision: D2549866
fb-gh-sync-id: b193b11
Summary: public Two cases were not handled properly so far:
1. Declaration of a reference variable missed reference bit in type
2. Parameters to a function expecting T& had type T.
The way to distinguish reference types from value types is to look
whether parameter is type 'T rvalue' or type 'T lvalue' (xvalue probably as well)
Unfortunately, we can't just say 'T lvalue' = 'T&' because it would break
a lot of things in our frontend.
However, we know that when parameter to a function call has type 'T lvalue', it has to be 'T&' type.
Same applies when init_expression type is lvalue.
So, the solution is to add wrapper function that looks at results of `instruction` function and
expected expression type. Then if it's lvalue, wrap the type in reference.
Do this wrapping magic only when we know that lvalue mean reference type.
The rest of the changes is to make frontend tests pass - since we use different fields
in the AST, some of them were incorrectly set before and no one noticed.
Reviewed By: cristianoc
Differential Revision: D2549991
fb-gh-sync-id: 067f5d5
Summary: public
Dictionary literals are normally implemented using
`+dictionaryWithObjects:forKeys:count:` but were modeled as
`+dictionaryWithObjectsAndKeys:`
In particular, `@{@"aaa": nil}` would trigger a sentinel error instead of an NPE.
This models dictionary literals as a special infer builtin that the backend
interprets so as to give NPEs when passed nil objects or keys.
Reviewed By: dulmarod
Differential Revision: D2550039
fb-gh-sync-id: 1a10656
Summary: @public
This diff changes following things:
1. expression_info.type_ptr has type than decl_ref_info.type_ptr for reference types. Use type from decl_ref_info as a source of truth
2. reference types need to have one extra dereference that is not in AST. Add handling for this.
3. [small refactor] create function that creates temporary variable from res_trans expression and returns new res_trans.
Some caveats:
1. types are not quite right yet (see .dot files).
2. decl_ref_info might not be set for DeclRefExpr, make frontend crash in that case to catch when this happens
This is high risk change since it changes behavior of every translation on very widely used expr.
Reviewed By: @dulmarod
Differential Revision: D2540632
fb-gh-sync-id: aa28936
Summary: @public
This removes the old way of finding variable declarations to create sil variables and replaces it with
a a new way based on the map from pointers to declarations.
Basically, every variable dereference contains a pointer to the variable declaration, with that we can
build the corresponding sil variable.
Reviewed By: @akotulski
Differential Revision: D2536000
fb-gh-sync-id: dd29cf9
Summary: @public
Refactor exising code that handles __nonnull annotations.
Create extendable way to add extra stuff to be translated before
rest of statements get translated.
This will make handling of constructor initializer list simpler
Reviewed By: @dulmarod
Differential Revision: D2521659
fb-gh-sync-id: ba613e7
Summary: @public Add some basic tests to make sure that there is no
regression afterwards
Reviewed By: @dulmarod
Differential Revision: D2521887
fb-gh-sync-id: 1b8a15c
Summary: @public
Remove some of the duplicated code, move .dot files to new locations
Reviewed By: @dulmarod
Differential Revision: D2521709
fb-gh-sync-id: 0cc333d
Summary: @public
Update version of clang plugin, it changes type
of CXXMethodDecl, all of the changes are to make frontend compile.
Reviewed By: @jvillard
Differential Revision: D2522117
fb-gh-sync-id: 970bdc8
Summary: @public remove `is_instance` function parameter that was used for
blocks only. Instead, pass context everywhere - it holds information that is
very relevant when defining block.
Reviewed By: @dulmarod
Differential Revision: D2521772
fb-gh-sync-id: 5fb53f9
Summary: @public
1. Add support for `this` keyword. It will allow to access fields/methods of the object from the method body.
2. Fix problem with method formals to add pointer to type of first parameter (which corresponds to `this`)
Reviewed By: @dulmarod
Differential Revision: D2484882
fb-gh-sync-id: c318619
Summary: @public
1. Factor out some of the common code for comparing C++ dot files
2. Create new directory with smaller .cpp files to translate
Reviewed By: @dulmarod
Differential Revision: D2507757
Summary: @public
Get newest goodness from facebook-clang-plugins
that allows us to change type of type_ptr during deserialization
We are modifying clang_ast_types.ml that fcp/clang-ocaml expects to
exist - we provide our own implementations of:
t_ptr, pointer_to_type_ptr, type_ptr_to_pointer
Reviewed By: @dulmarod
Differential Revision: D2498623
Summary: @public
Fix issues when compiling for armv7k architecture, replacing it with armv7;
Removing also unsupported flags `-fembed-bitcode-marker`, `-mwatchos-version-min` that cause compilation failures.
Reviewed By: @akotulski, @jvillard
Differential Revision: D2507687
Summary: @public
First diff to give better language information in the frontend.
This information is necessary to understand when 'self' is objc keyword,
when 'this' is C++ keyword and when they are not.
Reviewed By: @ddino, @dulmarod
Differential Revision: D2489252
Summary: @public
There was an inconsistency with the type of `stats.json` created by `inferlib.py` and InferAnalyze. This diff cleans up the thing and uses two different files to saves the statistics to clarify what gets created by the analysis, i.e. `proc_stats.json` and what gets created all the time `stats.json`.
Reviewed By: @sblackshear
Differential Revision: D2500517
Summary: @public
qual_type was the same as type_ptr, so it was removed.
This commit makes it compatible with facebook-clang-plugins
Commands ran:
codemod --extensions ml,mli 'qual_type' 'type_ptr'
codemod --extensions ml,mli 'qt' 'tp'
If there is any other popular name for qual_type, let me know
Reviewed By: @dulmarod
Differential Revision: D2498289
Summary: @public Infer previously did not work correctly when a function returns the result of a skip function:
```
retUndef() {
x = undefined();
return x;
}
derefUndef() {
y = retUndef();
y.doSomething(); // Symexec_memory_error here, prevents spec inference
}
```
The problem is that angelic mode did not know to add the return value of `retUndef()` to the footprint.
This diff fixes the problem by adding return values marked with the `Aundef` attribute to the footprint.
This is done lazily (e.g., a value only gets added to the footprint when you try to deref it).
Reviewed By: @jvillard
Differential Revision: D2444929
Summary: @public
We no longer rely on existence of qt_raw field.
Update facebook-clang-plugins so that this field
is not even exported. This should give us some perf wins
since qual_type is written in a lot of places
Reviewed By: @dulmarod
Differential Revision: D2489308
Summary:
Using the qualified names of fields to create mangled names.
This removes the need to search for the fields in the tenv when translating a field access.
That was only done to build the correct mangled name,
The rest of the changes are using the qualified names for ivars and property names in the property module,
which is needed to make it work. Basically a big chain of changes of using qualified names to make the code
compile.
Summary:
This diff aims at removing the occurrences of the types in string form so that we can remove them
from the ast which will save space.
There is one occurrence left regarding attributes that will be handled later by Andrzej.
We build a function to create a string out of a function type used for name mangling.
Summary:
frontend and backend assume that Sil.Struct
doesn't have methods nor inheritance. In order to plug C++
classes we probably need them to be Sil.Class
Summary:
See D2465673, replacing `-gmodule` with equivalent flags, as per http://reviews.llvm.org/D11958
The `-fmodule-format` is not available on Xcode's clang, so skip it for now.
Summary:
In the new clang the parameters to these functions have notnull annotations, because of that infer tests fail. More concretely, the tests say there would be a memory leak. In the symbolic execution of those functions though, an inconsistency is created, because the parameter was nil, and the constraint argument should not be nil was also there, which leads to an error in the execution and no object is created, hence, no memory leak.
Summary:
C function names depend only on their name (and their file is they are static, and their type if we are in C++)
This is more in sync with the actual semantics of C function names than the previous implementation.
Summary:
`get_resource_or_undef` attribute is weird and was causing problems for me in another diff.
This diff refactors the attribute categories to make resource and undef separate.
Summary:
Harness generation was using the autogenerated harness file as the source file,
but placing the harness code in the cfg belonging do a different source file. Fix this confusion
by using the source file of the cfg containing the harness code throughout.
Summary:
The python parser for '-d <dir>' interpreted '-deprecation'
as '-d eprecation', which is not desirable. Fixed it by teaching the parser to
parse '-deprecation' as a boolean flag.
Summary:
Some build systems compile files both under the project root and under temporary
directories (e.g., /tmp), so there need not be a single project root. Just use absolute paths
in the case that we can't resolve a relative path from the project root.
Summary:
Added two annotations @TrueOnNull and @FalseOnNull to be used for boolean functions to specify what value is returned when the argument is null.
Added model for TextUtils.isEmpty, which corresponds to the annotation
@TrueOnNull
static boolean isEmpty(@Nullable java.lang.CharSequence s)
Summary:
Make infer run with clang 3.7.0. Small changes are due to differences
in output of clang
NOTE: this diff will require recompiling clang (it takes time)
Summary:
Pass inheritance information to the backend
It also changes some functions in cTypes_decl and we are using type and decl maps to resolve these types
Summary:
This is the second of 3 stack diffs to deal with replacing the parser of types.
This diff is about changes to translate record types, as well as class types and enum
types. For class types and enum types we store the declaration pointer in the map of
types to find the type easier later.
For record declarations, we change the way we build record names.
Moreover, we don't translate typedefs anymore, because when we have a pointer to a typedef,
we can find the actual type it points to.
Summary:
This is the second of 3 stack diffs to deal with replacing the parser of types.
This diff is about general changes to the frontend to make it cope with the change. There
are two main challenges:
1. We create pieces of ast in ast_expressions, such as getters and setters. For that we create
custom types.
2. We store types in cMethod_signature for parameters and return type of functions. This was
stored as strings, but that means losing the pointer information which is vital to get the
sil types.
So this diff consists mostly of dealing with these challenges. It change the signature of
cMethod_signature and update modules accordingly.
To deal with the custom types, we build methods in ast_expressions for creating those types,
with a custom type pointer, like "internal_typeint". At the beginning of the translation we save
all these custom types in the map from type pointers to sil types that we build as we compute the
types, so that they are available later.
Another custom type that we build is a type of classes or pointer of classes based on the current
class. I found a simple way to deal with it, giving it a pointer "class_name", and then we know
how to translate those. Something I tried is to save the declaration of the current class and pass
that declaration around, but somehow that lead to pref regression, so I removed it in favor of this
more lightweight version.
Summary:
This is the first of 3 stack diffs to replace the parser of types in the clang frontend.
In this diff we remove the parser and the lexer and add a new module that does the
translation from ast types to sil types.
It is still incomplete, i.e. many c++ types are still not treated. However, all the
types that we were previously treating in C and ObjC are treated and some C++ ones, such
that the tests pass and we get good results in the apps.
Sometimes one needs to translate a record type when we havent translated the record itself,
so the translation of types and of records needs to be mutual recursive. I managed however
to get them into different modules and achieve the mutual recursion using higher order functions.
Summary:
System.getProperty can return null when the property is not found, and expects a non-null argument.
Add models for Infer and Eradicate to reflect that.
Summary:
Fix the issue with Linux, introduced in 721cc1957c and temporarily fixed in aef13134bf
Now clang gets the `x86_64-apple-darwin14` target only when running on ObjCXX source code with a specific `isysroot` flag.
Summary:
each procedure has a different scope, so we can restart the fresh name generator and have more stable instructions in the cfg, that don't change when other procedures are changed
Summary:
When you run "gradle build", it builds both the
debug and the release configurations for an app. This causes capture
to run twice for some files and tricks the incremental analysis into
marking the double-captured files as unchanged. This diff fixes the
issue by only doing capture once on a set of commands that are identical
up to the "debug/release" configuration.
Summary:
Move proc_attributes to a separate module.
Field err_log, in common between proc desc and summary, can now be moved to ProcAttributes without creating cycles of dependencies.
Dino Distefano
Jules Villard
Dulma Rodriguez
Cristiano Calcagno
jrm
Andrzej Kotulski
martinoluca
Sam Blackshear
Irene Papakonstantinou