Summary:
Handle C++ method declarations and create cfgs for them.
Doesn't do:
Method calls (CXXMethodCall)
Using `this` expression in methods (including implicit ones)
Summary:
Refactor of creating method signatures. First step to use the map of pointers to find method declarations.
The idea is to have a function that creates a method signature from a declaration, later we can get the declaration from a pointer
and use this function to retrieve the method signature.
(authored by @dulmarod)
Summary:
Add basic translation for C++ `new` keyword.
Currently, it's modeled as simple `malloc` call.
Following constructs are still not working properly:
- array new `new [size_expr]`
- run initializer attached to `new` (such as `new int(5)`)
- `delete[]`
Summary:
When detecting a resource leak, Infer used to raise an Leak exception and then prevent the specs to be computed for the paths containing a leak. This diff prevents resource leak to stop the analysis.
Summary:
1. Unify the code now that MemberExpr has more information available and it can be shared with ObjCIvarRefExpr
2. Use type from decl_ref instead of expression type. For methods, expression type is useless (`<bound something something`>). For fields it should be the same
Summary:
No longer swallow compilation failures for javac. Before this diff, the compilation failures where raised:
> infer -- javac Test.java
Test.java:5: error: ';' expected
static String str = "Hello"
^
1 error
but the exit code was incorrect:
> echo $?
0
With this diff, the failing command is printed in standard error:
> infer -- javac Test.java
Javac compilation error with:
['javac', '-g', 'Test.java', '-J-Duser.language=en']
and the exit code is different from 0.
> echo $?
1
Summary:
Creating a persistent reference to an Activity leads to a nasty form of memory leaks (see http://android-developers.blogspot.com/2009/01/avoiding-memory-leaks.html, https://corner.squareup.com/2015/05/leak-canary.html). There are many ways to create a bad persistent reference to an Activity, but the most obvious one is via a static field.
This diff implements a very simple form of Activity leak checking by inspecting postconditions to see if a subtype of Activity is reachable from a static field (and it reports an error if so). This is a very simple and limited form of leak checking that does not understand the Android lifecycle at all. In particular, if one creates a persistent reference to an Activity and then nulls it out in `onDestroy` (a reasonably common pattern), this approach will wrongly report a bug.
Summary:
The methods in objc can have the same name in the same class, but one be instance and the other class,
so that we need to take the instance flag into account when defining unique names for ObjC methods.
Summary:
This is mostly useful to authors of annotation processors and
`javac`-based static analysis tools. The nullable return models
cover these packages pretty comprehensively (with the exception
of the various visitor classes). The non-nullable parameter models
are mostly there to help make the nullable return models more useful,
as some codepaths will pass a nullable object to one of the utility
classes but never actually invoke a method on the nullable object itself.
Summary:
While `-results_dir` is still the main place to look for specs files and to write reports,
it's necessary to load specs from multiple folders because some build tools that run Infer with a target-level granularity may need to move specs files around in order to get complete reports, whereas with this change they just need to keep track of the `specs` folders generated for each target, and pass them through `-lib dir1 -lib dir2 ... -lib dirN`
Summary:
Buck is creating javac compilation commands with arguments of the form:
-Opt={"list": ["pif", "paf", "pouf"]}
While converting command lines from bash to python, these option gets split into
['-Opt={"list":', '["pif",', '"paf",', '"pouf"]}']
instead of:
['-Opt={"list": ["pif", "paf", "pouf"]}']
which create the compilation to fail when running Infer even though the original files are compiling correctly.
Summary:
The symbolic execution was not stopping in case an unitialized dangling pointer was
passed to a function and then dereferenced inside the callee.
What would happen is that a wrong footprint would be added to the unititialized pointer
at the end of the function call in the caller proposition.
This checks that if we do:
frame * new_footprint
checks that we do not add heap predicates to the frame into uninitialized local variables.
If we can identify the variable then we raise a danglind pointer dereference. If instead
we cannot give a good explanation we give an internal error.
The latter case should be temporary. We should find a general way to raise dangling pointer
deref instead of the internal error.
I also fixed the model of getc that was the way I found the problem.
Summary:
Update fcp version and make infer build with it.
It's not using new features yet, diffs will follow.
New stuff:
Proper type information in form of pointer->type
Expose more information about cxx classes (superclass info)
Add pointers to objc method decls when possible
Summary:
This is small code cleanup of the code to report leaks. No functional changes, just removing code that is longer used and reorganising the control flow.
Summary:
This commit is the result of
`find infer/src -name '*.ml' -or -name '*.mli' -exec ocp-indent -i \{\} \;`
and
`INFER_CHECK_COPYRIGHT=1 InferPrint`
Summary:
The old scheme for pruning away garbage from abducted retvars/abducted params passed by ref failed to eliminate garbage in the pure constraints (pi). This occasionally caused PRECONDITION_NOT_FOUND errors that stop the analysis.
Summary:
In preparation for C++ methods, we need to have type with
class, method, mangled (for overloading?)
1. Change objc method to support it
2. Do some renames to be less confusing
Summary:
Added phase to construct (incomplete) CFG from existing AST.
Individual instructions are not yet translated so any nonempty functions will
result in a runtime exception.
Added some very short examples of LLVM programs.
Summary:
This adds a sentinel check every time a function carrying a sentinel attribute
is called, regardless of whether we have a definition for that function or not.
Summary:
In objC we already prefix field names with classes.
It's better to make it consistent since it'll allow
us to share more code between C++ and objC
Summary:
The json files that were written by json.dump were valid, machine readable but they had no indentation/return lines making them a long single line and hard to read. Dump the json with an indent of
2.
Closes https://github.com/facebook/infer/pull/149
Github Author: =?UTF-8?q?Deniz=20T=C3=BCrkoglu?= <deniz@spotify.com>
Summary:
Add a partial copy of TextUtils from Android source for commonly used TextUtils.isEmpty method.
Fixes#141
Closes https://github.com/facebook/infer/pull/143
Github Author: Deniz Türkoglu <deniz@spotify.com>
Summary:
Bumping up the version of the libraries javalib and sawja to 2.3.1 and 1.5.1 respectively in order to use the upstream fix about classnames with $$.
Summary:
The models for InputStreamReader and OutputStreamWriter are taking into consideration the charset passed as parameter in order to follow the exception branch when the charset is not valid. However, the previsous models were only considering encoding literals with uppercase letters. This diff adds the lowercase encoding names to the list.
Closes https://github.com/facebook/infer/issues/127
Summary:
This adds support for having lookup from pointer to decl in C frontend
NOTE: with this diff atdgen 1.6 or later is required.
To upgrade atdgen, please run `opam install atdgen.1.6.0`
Summary:
The current way gradle plugin works is by parsing the verbose output to figure out which files to compile. This becomes a problem when the number of files exceed allowed argument parameter
length. Use javac's @sources file instead.
This patch will leave the tempfiles behind (also noted by Jyrki during the review), however I would like to leave that to a follow up commit and first make sure the tool works for people experiencing this problem.
Fixes#22
Closes https://github.com/facebook/infer/pull/131
Github Author: =?UTF-8?q?Deniz=20T=C3=BCrkoglu?= <deniz@spotify.com>
Summary:
inferTraceBugs filters the bugs to only show those which have a trace attached
to them. However, the number selected by the user would then be used in the
unfiltered list of bugs. This led to sometimes selecting the wrong bug from the
text interface and from the --select option.
Summary:
This makes infer C frontend compatible
with new scheme for naming which has:
1. plain name (like 'fun')
2. qualified name (reversed list like ['fun', 'class', 'top_class', 'namespace'])
Summary:
This attribute was used to tag arguments to variadic functions, as a way to
detect premature sentinels. The approach to detect premature sentinels has
changed making it obsolete.
Summary:
Treat `arrayWithObjects` as a special case of a sentinel attribute check. This
will make it easier to extend to other variadic functions that use a sentinel
attribute.
This also removes the need for the `Sil.Avariadic_function_argument` attribute,
which will be removed in a subsequent diff.
Summary:
the name of the return variable of a procedure only depends on the name of that procedure. This simplifies the need for the procedure description in a couple of places
Summary:
This is a refactoring diff with no functional changes in order to move the code using the procedure description of the callees in a single place, in order to replace the approach to use a summary instead in a subsequent step.
Summary:
This reverts commit 306f5b71c24042c89f71848898402cbc9269c543.
Turns out that developers think that this bugs should be fixed. So leaving it in for now until I gather more information.
Summary:
@public
There are many FPs of the form init method that contains
if ((self = [super initWithFrame:frame])) {
...
}
return self;
then an object being initialised with that constructor and added to an array or dictionary.
There we flag NPE and very likely that won't be a bug. So I'm removing the option for self
to be nil in the constructor, which should solve the problem.
Test Plan: Changed the relevant test.
Summary:
@public
Previously, if the close() method was throwing an exception, then code overriding the file attribute with a mem attribute would be skipped, resulting in reporting a wrong resource leak. This diff fixes this.
Test Plan: Added new end-to-end tests which would previously have been failing
Summary:
@public
Add support for default function arguments.
As a side change - always create cmethod_signature for a function
Test Plan:
1. Call function with default parameter and confirm that it gets parsed and reports null dereference (B5 but still). It didn't before.
2. Created a test case
Summary: @public JavacCapture does not have an args field, which crashes Python with an AttributeError if we hit self.args.debug. Replaced with the correct expression.
Test Plan: Cause AttributeError with small test case, error no longer happens after fix
Summary:
@public
This is a non-functional refactoring to remove the need for having the procedure description of the callee when execution function calls.
Test Plan: Infer CI. Expecting no change in the results.
Summary: @publicThe first argument of builtin calls in C gets translated twice, which is bad if the argument is a side-effecting expression like a function call.
Test Plan: Attached test previously reported a memory leak because the translation introduces an extra call to malloc(), now reports nothing.
Summary:
@public
utils.remove_bucket no longer exists and is no longer needed.
Test Plan:
cd ~/infer/examples
infer -- clang -c hello.c
inferTraceBugs
no longer crashes
Summary:
This patch forces javac to report verbose output in English.
In my environment, the debug report in Japanese had caused Parsing.Parse_error at
https://github.com/facebook/infer/blob/master/infer/src/java/jClasspath.ml#L108.
This patch solved the error I encountered on compiling Hello.java.
I think `$ infer -- javac -J-Duser.language=ja Hello.java` will reproduce my bug if system supports the language. (My patch will not work with this case since the argument-specified language will override the language setting.)
Possible related issue: #30
Closes https://github.com/facebook/infer/pull/94
Github Author: Tomoyuki Saito <aocchoda@gmail.com>
Test Plan: Imported from GitHub, without a `Test Plan:` line.
Summary:
@public
Translate CXXStaticCastExpr
Test Plan:
Add test, confirm that it gets translated.
Also create example to see that infer reports null dereference with this change:
struct X { int a; };
int main() {
X *x = static_cast<X*>(nullptr); // <- reports now
//X *x = (X*)nullptr; // <- reported before
return x->a;
}
Summary:
@public
Currently InferAnalyze always adds bucket to the message. Later, python code
strips it, but not everywhere. Changes:
1. Since it's easy to not write bucket in ocaml, stop writing them by default.
2. Add option to print them to InferAnalyze and pass it if infer is in debug mode.
Test Plan:
1. Run on openssl, confirm that no bucket info is written to stdout and csv
2. Run on small example in debug mode and see buckets on stdout
Summary:
@public
Make c frontend understand CXXNullPtrLiteralExpr.
Note that the implementation differs from GNUNullExpr
Test Plan:
Create function that returns nullptr:
int* getPtr() {return nullptr;}
look at specs:
InferPrint infer-out/specs/getPtr\{831F\}.specs
Procedure: getPtr
int *getPtr()
Timestamp: 1
Status: INACTIVE
Phase: RE_EXECUTION
Dependency_map:
TIME:0.002853 s TIMEOUT:N SYMOPS:10 CALLS:1,0
ERRORS:
--------------------------- 1 of 1 [nvisited: 1] ---------------------------
PRE:
POST 1 of 1:
return = null:
----------------------------------------------------------------
Add test for it
Summary:
@public
Remove setjmp that is causing problems in the models in linux.
Will investigate and add it again later.
Test Plan: All the models are now created. In particular strcpy, strdup and a few others in the beginning of the file.
Summary:
@public
Using InferBuiltins.assume previously caused an assertion failure in the analyzer. Fixed this, and fixed the implementation of the assume builtin to block when the assumed condition cannot hold.
Test Plan: Added several new tests.
Summary:
@public
Modeling bypasses the Closeable as resource assumption for `java.io.StringReader`, `java.io.ByteArrayInputStream` and `java.io.ByteArrayOutputStream`.
Test Plan: Infer CI. Some resource leak should also disappear on Instagram.
Summary:
@public
Sorting the fields in structs and classes. Was needed in the backend and forgotten.
Fixes the github issue https://github.com/facebook/infer/issues/90.
Test Plan: Added a new test that shows that we now get a spec for the example from the github issue.
Summary:
@public
Add some logging to the script and capture modules so it is easier to troubleshoot.
What will be logged:
versions of infer, platform, versions of java, build systems etc.
In the future we will add more info that we might find useful while troubleshooting
Test Plan:
run infer with gradle, ant, buck, xcode, mvn and see the logging output
Run symbolic link pointing to infer:
[INFO] Path to infer script /Users/akotulski/tmp/infer_link (/Users/akotulski/infer/infer/bin/infer)
Summary:
@public
The models for Java no longer require to keep the original fields since we now make the union of the fields from the models and the fields from the code to analyze.
Test Plan: Infer CI. No functional change intended.
Summary:
@public
The empty string '' is a valid classpath information. This diff parses it and skips it when detecting the parts of the classpath. This case is happening when analyzing Buck. This one be one possibility why Infer does not load any bytecode in some cases, leading the
TODO: print error message
failure happening with the release (now `Failed to load any Java source code`).
Test Plan: Infer CI.
Summary:
@public
Adds a small example of a Ant project in order to test that there is not regresssion when modifying the toplevel scripts
Test Plan:
cd infer/tests/codetoanalyze/java/infer
ant clean && infer -- ant compile
Summary:
@public
This will enable support for the same set of arguments already supported by the `make` module, e.g. `--frontend-stats`, `--frontend-debug`
Test Plan:
Tested on an Xcode project with the `-fs` argument, and checked that `.astlog` files have been generated on the same location of the .o files
infer -fs -- xcodebuild -workspace Project.xcworkspace -scheme Project -sdk iphonesimulator
Summary:
@public
Attaching the resource attribute to the object allows to more easily remove this attribute during the symbolic execution when the resource is passed as a argument, e.g. with `res.close()` or when this resource is passed around via a skipped function.
Test Plan: Infer CI.
Summary:
@public
This adds basic support for function attributes in Sil, and for translating
attributes from the clang frontend to these new Sil attributes. For now only
the sentinel attribute is translated.
Note that attributes normally have parameters, but they are currently missing
from the clang plugin.
Test Plan:
Add
(match Sil.get_sentinel_func_attribute_value (Cfg.Procdesc.get_attributes callee_pdesc).Sil.func_attributes with
| Some _ -> L.out "found sentinel attribute!\n"
| _ -> ());
between lines 947 and 948 of symbExec.ml, then analyze a file containing:
int add_all_ints(int a, ...) __attribute__ ((sentinel));
int foo(void) { return add_all_ints(1, 2, 3, (void *)0); }
then `grep 'found sentinel' infer-out/log/analyzer_out`
-> the sentinel attribute is correctly passed from the frontend to the backend.
Summary:
@public
- Remove `No such file or directory` unrelated errors when building Infer for Java only:
line 0: cd: infer/../facebook-clang-plugin: No such file or directory
- Remove makefile comments from stdout
Test Plan:
Ran this command without any checkout of `facebook-clang-plugins`
make -C infer java
The misleading error messages are gone.
Summary:
@public
This is a workaround to a clang crash that happens whenever `-fmodules` and `YojsonASTExporter` are used together.
This workaround, uses the `-plugin` argument instead of `-add-plugin` one for the clang frontend, and as a result of that, it overrides the default action of clang, which means no object files are emitted, but just the AST.
To generate the missing data needed by the subsequent building phases of xcodebuild, we run Apple's clang.
Test Plan:
Compiled project containing Pods and `@import`, through a command of the form:
infer -- xcodebuild -workspace project_name.xcworkspace -scheme project_name -sdk iphonesimulator
Summary:
@public
The clang location information is described in an incremental way: each location information is a delta with respect to the previous one in the AST. This is based on a the visit of the AST nodes which corresponds to the order in which the lines are printed with the standard clang AST dump:
clang -cc1 -ast-dump filename.c
This diff adds a preprocessing phase to the front-end so that location information is composed during a visit, and explicit location information is used instead.
In the case of include files, we report the last known location before including the file.
The current file for a function is the file where it is defined. So if a function is entirely defined in a .h file, then the location information will consistently be about the .h file. If instead a function is defined in the source file being analyzed, and some AST nodes come from macro expansion, line information will refer to the original file.
The front-end tests reveal that the location information was incorrect in a few dot files.
Test Plan: arc unit, after having fixed the wrong location in the existing .dot files
Summary:
report_number is zero before the conditions
Closes https://github.com/facebook/infer/pull/74
Github Author: Chase choi <cs09gi@gmail.com>
Test Plan: Imported from GitHub, without a `Test Plan:` line.
Summary:
While working on building a quick Homebrew formula for this, I ran into symlink-related issues around the libs folder. This seems to fix it with minimal impact.
Closes https://github.com/facebook/infer/pull/13
Github Author: Dan Ambrisco <dambrisco@gmail.com>
Test Plan: Imported from GitHub, without a `Test Plan:` line.
Summary:
@public
This adds a script `inferTraceBugs` to `infer/bin/` that
1. shows the list of bugs found by Infer to the user
2. asks which one to display
3. asks what max level of nested procedure calls to display
4. shows the error trace of that bug with some lines of context in the source
code
Also has some options to script more easily, for instance when calling it from
inside an editor to navigate the sources.
Test Plan:
infer -o out -- gcc -c hello.c
inferTraceBugs -o out
also tested on OpenSSL.
In emacs, run `M-x compile` from the directory where `infer-out` is, then enter custom compilation command:
inferTraceBugs --select 0 --max-level max --no-source
Then navigate the trace with `M-g n`.
Summary:
@public
Even though internally we recover from these errors, we still show them on
standard output. Redirect errors to /dev/null instead.
Test Plan:
infer -- buck build target
doesn't complain that git crashes on non-git repositories.
Summary:
@public
This changes "Starting analysis" into
"Starting analysis (Infer version XXX)".
Test Plan:
infer -- clang -c hello.c
shows "Starting analysis (Infer version git-6b9fb8838bcabd2af881554d296963a849b14f50)"
Summary:
@public
We were counting the number of matches for `infer-out/captured/*/*.cfg`, but
some ways of running infer (eg, inferJ) do not produce cfgs. Instead, count the
number of directorys `infer-out/captured/*/`.
Test Plan:
make -C infer java
reports the number of models analysed instead of 0.
Sam Blackshear
Rohan Jacob-Rao
Andrzej Kotulski
Jules Villard
martinoluca
jrm
Dulma Rodriguez
Jonathan Keljo
Dino Distefano
Cristiano Calcagno
=?UTF-8?q?Deniz=20T=C3=BCrkoglu?=
Tomoyuki Saito
Chase choi
Dan Ambrisco
Open Source Synchronization