Summary:public This also required a refactoring of InitListExpr.
The idea is that ImplicitValueInitExpr can stand for initialising a whole struct,
so we translating as a list of zero expressions, according to the struct's fields,
which is then paired with a list of field expressions, such that one get a list of
assignment instructions.
Reviewed By: ddino
Differential Revision: D2999875
fb-gh-sync-id: 7f609a0
shipit-source-id: 7f609a0
Summary:public
Revamped Timeout module by storing elapsed wallclock seconds, and the status of symops, in case of recursive calls.
Extended the API with suspend() and resume() to pause and resume the current timeout.
These are used before and after an on-demand call to the analysis functions.
This achieves the effect that each procedure, even though is interrupted, has its own time and symop counters, which are suspended and resumed as required.
Reviewed By: jeremydubreil
Differential Revision: D2976918
fb-gh-sync-id: 0ed1079
shipit-source-id: 0ed1079
Summary:public
Improved/simplified framework for fronend checkers.
Now we have a unique hook from cTrans to run checkers on statements and a unique
hook from cFrontent to run checkers on declarations.
So now when adding a checker we don't have to modify cTrans/cFrontend.
Moreover made more sistematic the way checkers are invoked. This simplify the definition
of checkers and the way we use them.
Code is now simpler.
Reviewed By: jvillard
Differential Revision: D2976589
fb-gh-sync-id: fbe22d4
shipit-source-id: fbe22d4
Summary:public
Add extra dereference when accessing fields that have T& type. It is similar
to what is done when accessing variables of T& type.
The only difference is that we need to handle constructor initializer list
separately (this is the only place where the field can be initialized)
Reviewed By: ddino
Differential Revision: D2965887
fb-gh-sync-id: 1b8708b
shipit-source-id: 1b8708b
Summary:public
Do same thing we do to CXXDefaultArgExpr
Reviewed By: dulmarod
Differential Revision: D2954128
fb-gh-sync-id: 2c92c16
shipit-source-id: 2c92c16
Summary:public
Create separate specs for C models compiled in C++. It will allow us to tweak behavior/names of certain
functions based on the compilation language (such as adding `std::` namespace in C++).
Reviewed By: jvillard
Differential Revision: D2938992
fb-gh-sync-id: 73902f8
shipit-source-id: 73902f8
Summary:public
Names of templated types can be very long. The default 4k characters is not long
enough to handle folly library. Increase it to 16k characters and log when deserialization
fails.
Reviewed By: jberdine
Differential Revision: D2948935
fb-gh-sync-id: a659b23
shipit-source-id: a659b23
Summary:public
I have seen enough comments in this space by people during code review to switch on the analyses the compiler can already do. This diff is an automated renaming of unused identifiers to _, with a few additional changes made when reading the diff of the results for things that stood out as particularly strange. This base-lines all of the existing warnings. I'm not sure this is a good idea, since it might be better for those familiar with each part of the code to look at these warnings and use them as pointers to suspicious code.
Reviewed By: jeremydubreil
Differential Revision: D2938376
fb-gh-sync-id: 6e67817
shipit-source-id: 6e67817
Summary:public We model it as the builtin __instanceof which models the instanceof construct of Java.
The behaviour is the same.
Reviewed By: jvillard
Differential Revision: D2938969
fb-gh-sync-id: 2258de3
shipit-source-id: 2258de3
Summary:public
Translate headers every time they are included provided that they are located inside project_root directory.
While this is suboptimal (we might end up translating same header many times), doing it exactly once
is hard due to parallel compilation and template instantiations
Reviewed By: dulmarod
Differential Revision: D2916799
fb-gh-sync-id: 93b72c4
shipit-source-id: 93b72c4
Summary:
public
Avoid problems of overwriting good type information with incomplete information
when type declaration happens after its complete definition.
The solution is that we will only time we *update* type information is
when struct declaration has definition as well (which should happen once)
Reviewed By: cristianoc, sblackshear
Differential Revision: D2921811
fb-gh-sync-id: 16baba3
shipit-source-id: 16baba3
Summary:
public
This expression is used to value-initialize non-class types. Per definition of value initialization for non-class types:
1. If it's an array, value-initialize each of its elements
2. Otherwise, zero-initialize it
http://en.cppreference.com/w/cpp/language/value_initialization
I was unable to reproduce (1) in a way that produced CXXScalarValueInitExpr and so this diff
deals with case (2)
Reviewed By: jvillard
Differential Revision: D2901311
fb-gh-sync-id: beeafa2
Summary:
public Add typ information to trans_state.var_exp and use it
in constructor translation.
This information is necessary to call constructor of class Base on object with
different type (which is derived from Base)
Reviewed By: jberdine
Differential Revision: D2890850
fb-gh-sync-id: 8075db1
Summary:
public
Add type of return parameter to the context. It allows for better translation
of returnStmt and will be necessary for easy implementation of constructor init lists
Reviewed By: cristianoc
Differential Revision: D2890838
fb-gh-sync-id: e791c3d
Summary:
public
xvalues is concept introduced in C++11. While they are not same as lvalues, they have one common trait:
They have identity which means that:
> it's possible to determine whether the expression refers to the same entity as another expression, such as by comparing addresses of the objects or the functions they identify (obtained directly or indirectly);
It means that as far as backend is concerned, they should be treated in same way. Right now there is no concept of "move" in the backend and so we don't have
to differentiate between them.
Reference:
http://en.cppreference.com/w/cpp/language/value_category
Reviewed By: cristianoc
Differential Revision: D2895593
fb-gh-sync-id: 5101e28
Summary:
public
C++ allows for parameters with empty names (unused/default copy constructors). Make backend happy by assigning a non-empty
name to these variables
Reviewed By: jvillard
Differential Revision: D2895550
fb-gh-sync-id: b466397
Summary:
public
It turns out that C-like structs in C++ may have methods generated by clang (constructors for example).
If struct has a method, it needs to have Sil.Class type - make all CXXRecordDecls Sil.Class types by default.
Reviewed By: cristianoc
Differential Revision: D2895567
fb-gh-sync-id: 8eb18c3
Summary:
public
Backend needs to know whether parameter has Derived* type - otherwise subtyping in backend doesn't work. Skipping `DerivedToBase` does that
Reviewed By: dulmarod
Differential Revision: D2890673
fb-gh-sync-id: a79abbc
Summary:
public
Simplify our frontend by using information from clang.
It will also make default argument resolution more robust
with templates
Reviewed By: jvillard
Differential Revision: D2890451
fb-gh-sync-id: 9db4beb
Summary:
public
These casts are responsible for 100 crashes in the frontend on rocksdb.
Reviewed By: dulmarod
Differential Revision: D2879532
fb-gh-sync-id: c4594fb
Summary:
public
1. Add support for temporary C++ objects.
2. Make constructor calls return constructed objects - it allows us pass them as parameters to another constructs (such as parameters, member expressions etc.)
3. Translate FunctionalCastExpr which sometimes is used instead of CXXTemporaryObjectExpr
Reviewed By: dulmarod
Differential Revision: D2874916
fb-gh-sync-id: d9ac2cc
Summary:
public
1. Change exps result of translating call expressions
2. Modify field/method_deref_trans to make them work with rvalues returned by function
3. Add E2E test
Reviewed By: jberdine
Differential Revision: D2874822
fb-gh-sync-id: 42c617d
Summary:
public
This is main reason for not translating rocksdb code right now. Deal with it.
Reviewed By: dulmarod
Differential Revision: D2874446
fb-gh-sync-id: 6f6cf3a
Summary:
public
1. Make function body one stmt instead of list
2. Revert list of statements in exec_trans_instrs
3. Simplify some code related to handling custom instructions
Reviewed By: jvillard
Differential Revision: D2865275
fb-gh-sync-id: b07ed06
Summary:
public
1. When function uses return parameter instead of returning directly, populate that parameter.
2. Turn on new feature for C/C++ functions/methods that return structured types
Reviewed By: jberdine
Differential Revision: D2865091
fb-gh-sync-id: e15e6eb
Summary:
public
This information will be useful when returning values
Reviewed By: jberdine, jvillard
Differential Revision: D2864864
fb-gh-sync-id: 36da0bb
Summary:
public
When method has return parameter, that parameter has to be added when method is called. This adds support for that feature.
Reviewed By: jberdine
Differential Revision: D2864857
fb-gh-sync-id: f7f4094
Summary:
public
Introduce additional parameter for functions returning struct types - instead of returning it, populate output parameter.
This diff just changes method signature, there are more coming
Reviewed By: jberdine
Differential Revision: D2864842
fb-gh-sync-id: 52fc12c
Summary:
public
Remove the need to create a record with two elements to create a procedure description
Reviewed By: cristianoc
Differential Revision: D2872744
fb-gh-sync-id: d26bbdc
Summary:
public
Remove some of the explicit pattern matches in favor of using trans_state.var_exp for
init lists and compound literals
Reviewed By: jvillard
Differential Revision: D2855203
fb-gh-sync-id: ce929f6
Summary:
public
Add optional field to trans_state that denotes variable that is being initialized.
This information will be used by certain constructs (such as c++ constructors or
list initialization).
Passing it in trans_state will enable us to deal with more complicated AST structures where
there might be multiple nodes between variable declaration and its initialization.
Reviewed By: jvillard
Differential Revision: D2854988
fb-gh-sync-id: c100380
Summary: public use Sil.exp to pass variable to initialize instead of res_trans containing this Sil.exp.
Reviewed By: jvillard
Differential Revision: D2854981
fb-gh-sync-id: 0cb37f3
Summary:
public
otherwise Infer cannot know the type of the temporary variable
Reviewed By: dulmarod
Differential Revision: D2845054
fb-gh-sync-id: cf5fb8d
Summary: public We are not assigning the location of the property rather than that of the class. It seems that it's no problem having the bugs reported in the .h files.
Reviewed By: ddino
Differential Revision: D2831226
fb-gh-sync-id: 026692e
Summary: public We are not assigning the location of the property rather than that of the class. It seems that it's no problem having the bugs reported in the .h files.
Reviewed By: ddino
Differential Revision: D2828005
fb-gh-sync-id: cf26549
Summary:
public
Reuse logic in cFrontend.ml to deal with nested structs. This allows to have less duplicated logic which will result
in less bugs.
As a bonus, it fixes the problem of nested template class (which wasn't be handled right).
And one random fix in c_type -> sil_type conversion (I'm amazed it worked before)
Reviewed By: dulmarod
Differential Revision: D2773687
fb-gh-sync-id: e312599
Summary:
public
Get newest version of facebook-clang-plugin that replaces pointers from strings to ints.
Fix all compilation issues infer has
Reviewed By: jvillard
Differential Revision: D2815144
fb-gh-sync-id: e93d4b3
Summary:
public
CLocation.init_curr_source_file is now a no-op, so remove it.
Reviewed By: jvillard
Differential Revision: D2815238
fb-gh-sync-id: 00c8a08
Summary:
public
CLocation.current_source_file is always equal to DB.current_source, so
remove it.
Reviewed By: jvillard
Differential Revision: D2815236
fb-gh-sync-id: 9390d2b
Summary:
public
It seems that CLocation.current_source_file is always equal to
DB.current_source. This diff adds assertions to check this, as a
precondition for forthcoming diffs that simplify CLocation code.
Reviewed By: jvillard
Differential Revision: D2815231
fb-gh-sync-id: 88d1f32
Summary:
public
Add destructor calls on delete expression.
While not the most important, it is the simplest case of adding destructor calls.
This will help us in the future with more complex cases.
Reviewed By: ddino
Differential Revision: D2773483
fb-gh-sync-id: 4df9c73
Summary:
public
Using Typename.t in the list of superclasses to match the type for the key of the type environment. This avoids to make back and forth convertions from typename to type (csu, mangled name).
Depends on D2786574
Reviewed By: jberdine
Differential Revision: D2792116
fb-gh-sync-id: 6100f1a
Summary:
public
This diff cleans up the detection of assertion failures in C, C++ and Objective C which was previously hacked on top of the tracing mode for Java. The code is also generalized to detect any custom errors which can be defined using the `__infer_fail` builtin, and the case of assertion failure is now just the specific case of translating `assert` using `__infer_fail` directly in the clang frontend.
Reviewed By: jberdine
Differential Revision: D2786574
fb-gh-sync-id: dd1e1cf
Summary:
public
The paramtere where defined as simple strings in the procedure description. This diff force the use of the Mangled module to avoid possible conflict when converting variable back and forth from string to pvar. The code is now more consistent as the local variable were already named using mangled names.
Reviewed By: jberdine
Differential Revision: D2782863
fb-gh-sync-id: 1867574
Summary:
public
Move the naming of types to it own module, so that it can be used by modules `Sil` depends from like `Procname`
Reviewed By: jberdine
Differential Revision: D2773148
fb-gh-sync-id: a89f595
Summary:
public
Move the representation of data-structure into it own module, so that it can be used by modules `Sil` depends from like `Procname`.
Reviewed By: jberdine
Differential Revision: D2772791
fb-gh-sync-id: cda4e3a
Summary:
public
Make Ast_utils.get_decl_from_typ_ptr function more forgiving.
It will return None instead of crashing when there is no decl for a given type.
This is done in prepratation to try to get destructor function of any type without crashing.
Reviewed By: dulmarod
Differential Revision: D2769302
fb-gh-sync-id: 7a9fcfe
Summary:
public
Factor resolving default parameters from common method/constructor translation function.
This is done in preparation to use same function for generating destructor calls.
Reviewed By: dulmarod
Differential Revision: D2769291
fb-gh-sync-id: 9c35cf8
Summary:
public
Treat destructors in the same way we treat methods/constructors.
It doesn't deal with inheritance/composition - we'll need to add calls to these
destructors later
Reviewed By: dulmarod
Differential Revision: D2769142
fb-gh-sync-id: b1c77e1
Summary:
public
There was one oversight that caused frontend to mark C++ method as
objc instance method.
Reviewed By: dulmarod
Differential Revision: D2769060
fb-gh-sync-id: d7a92bc
Summary:
public Remove property of maps and make sure that we add to the tenv the property attributes
by folowing the link between the property and the corresponding ivar.
Reviewed By: ddino
Differential Revision: D2755887
fb-gh-sync-id: beeecaf
Summary:
public
Remove trans_state.parent_line_number because it's not used anymore.
This slightly cleans up codebase
Reviewed By: ddino
Differential Revision: D2755050
fb-gh-sync-id: b1b7e8e
Summary:
public
Lines other than the first of multi-line comments in non-ocaml files
were flush right instead of aligned.
Reviewed By: jvillard
Differential Revision: D2739752
fb-gh-sync-id: c85f56e
Summary:
public there was a problem with
templated method names that had '/' in its names.
This happened for names like this: `method_name<(anonymous lambda in path/to/src:1:1)>`
Plus random fix to backend logging
Reviewed By: dulmarod
Differential Revision: D2749359
fb-gh-sync-id: b9a0fcd
Summary:
public This info is based on clang's pointers so it should be more accurate. Also we want to remove the
property map.
Reviewed By: ddino
Differential Revision: D2739487
fb-gh-sync-id: 6be620a
Summary:
public Prepare to use integers as pointers (as opposed to strings right now).
This should speed decl/type map lookup and there are no real downsides.
In order to preserve all knowledge we have right now, use following semantics for pointer values
clang pointer - its value is greater than 0
invalid pointer - its value is 0
internal pointer - its value is smaller than 0
Reviewed By: jvillard
Differential Revision: D2739419
fb-gh-sync-id: d264c28
Summary:
public The concept of generated method is not used anymore, so it is removed.
In general, I think we have noticed that generating code in the frontend is not the best
idea because it decreases performance, it's better to do it in the backend like with the
getters/setters.
Reviewed By: akotulski
Differential Revision: D2739142
fb-gh-sync-id: 0cf9535
Summary:
public This continues the work on adding builtins for getters and setters
and removing the generated code from the frontend. This is extending it to setters and
removing the preanalysis that is no longer needed.
Reviewed By: akotulski
Differential Revision: D2734499
fb-gh-sync-id: 7cf5749
Summary:
public
After supporting template classes and template functions, it's time
to support template methods (they are very similar to template functions)
Reviewed By: dulmarod
Differential Revision: D2734807
fb-gh-sync-id: 41c7f96
Summary:
public some of the code was repeated. Make the function shorter
by merging some cases
Reviewed By: dulmarod
Differential Revision: D2734056
fb-gh-sync-id: c84f04c
Summary:
public
Add support for decl statements inside condition of switch statement
Reviewed By: ddino
Differential Revision: D2734213
fb-gh-sync-id: d60021d
Summary:
public
Change semantics of res_trans_cond inside switchStmt_trans to include
condition node (as opposed to children nodes only).
This way, meaning will be consistent with conditions inside if and while
Reviewed By: ddino
Differential Revision: D2734185
fb-gh-sync-id: 866eee2
Summary:
public The ivar corresponding to the property is only available in the ast when the
implementation of the peroperty is available. Otherwise we add an ivar with the correct type
and the default name to the tenv and use it in the getter (and later in the setter).
This was not causing crashes because the generated code was swallowing the Missing_fld exception.
Now it flags it.
Reviewed By: akotulski
Differential Revision: D2734217
fb-gh-sync-id: 21c62af
Summary:
public
Use generic location visitor from facebook-clang-plugins
Therefore, there is no need to write our custom visitor which is hard to maintain
This introduces some level of magic, but makes it easier to maintain the code.
Reviewed By: jvillard
Differential Revision: D2734282
fb-gh-sync-id: ed9711a
Summary:
public
Conditional operator in C++ allows to return lvalues as a result of the operator.
Make infer frontend smart enough to detect when that happens and treat this
case correctly
Reviewed By: ddino
Differential Revision: D2729468
fb-gh-sync-id: f4a110d
Summary:
public Using the new information from the plugin that links method decls in objc with their
properties if they are getters. Setters to be done in next diff.
Reviewed By: ddino
Differential Revision: D2729511
fb-gh-sync-id: dc58894
Summary:
public This puts the bugs found with the checker strong delegate to a dummy method.
The error message will appear in the line of the class implementation definition, since the properties
are likely to be defined in the h file, and getting the reporting in a file that is not the current is
difficult.
Reviewed By: ddino
Differential Revision: D2718016
fb-gh-sync-id: 66273a4
Summary:
public
Modify do_branch inside conditionalOperator_trans:
1. Remove TempJoinNode optimization - instead create join node as usually. It produces one more node, but it's much cleaner
2. Claim priority inside do_branch instead of appending instructions to node created by children
3. Use compute_results_to_parent to some extent
4. Random changes to loop_instruction and trans_assertion_failure to make tests pass
Reviewed By: ddino
Differential Revision: D2708076
fb-gh-sync-id: d429167
Summary:
public
Read definitions of C++ function template specializations. Infer still doesn't work correctly for template methods, it will be addressed later
Reviewed By: dulmarod
Differential Revision: D2707411
fb-gh-sync-id: 6072796
Summary: public This only supports parameters for now, but should be easy to extend to return values and fields. The work of this diff is all in the translation--the task of finding annotations and doing the actual checking is handled by existing code.
Reviewed By: akotulski
Differential Revision: D2706791
fb-gh-sync-id: 0d706a8
Summary: public These two functions were doing very same things.
After last refactor code of both functions started to look very similar.
Reviewed By: dulmarod
Differential Revision: D2707502
fb-gh-sync-id: b0559a3
Summary: public
We were generating getters and setters in the frontend, and then removing them if they were not needed
in the preanalysis. This diff adds a builtin getter that gets called if we are going to skip the function. That
means, if there was a getter written by the developers we still use that one rather than the builtin.
Code for setter and cleanup of preanalysis will come in a next diff.
Reviewed By: jvillard
Differential Revision: D2702890
fb-gh-sync-id: d65f25e
Summary: public
New version:
dumps template function specializations
does some changes to setup/makefiles to make them better
Reviewed By: jvillard
Differential Revision: D2707355
fb-gh-sync-id: 0213138
Summary: public
Use PriorityNode.compute_results_to_parent in BinaryOperator_trans.
There is no functional change intended
Reviewed By: ddino
Differential Revision: D2696382
fb-gh-sync-id: 4e75761
Summary: public
Refactor compute_results_to_parent to call collect_res_trans directly there.
So the job of PriorityNode.compute_results_to_parent is the following:
Given list of [res_trans_1; res_trans_2; ... ; res_trans_n],
1. Connect nodes linearly (ie. res_trans_1 with res_trans_2, res_trans_2 with res_trans_3) etc.
If res_trans_k has no nodes, try connecting res_trans_k-1 with res_trans_k+1 (this is what collect_res_trans always did)
2. Collect all ids, instrs and exps into one res_trans
3. Create node if needed and put there same ids and instrs as usual.
4. Connect new node with existing ones
4. Return new node structrue with exps = []
This will make function usable in more places so we don't have to create nodes over and over again
Reviewed By: ddino
Differential Revision: D2696351
fb-gh-sync-id: 9f4a9b4
Summary: public Make it uniform with other function call translations. This is just reordering, no functional change intended
Reviewed By: dulmarod
Differential Revision: D2696370
fb-gh-sync-id: 63656e3
Summary: public
Nodes in these functions can be created later (after translation of subexpressions is done).
Change triggers many differences in .dot files, but they are all about different numbering of
nodes.
There is no functional change in this diff.
Reviewed By: dulmarod
Differential Revision: D2699703
fb-gh-sync-id: a7b8d2a
Summary: public
In both functions, there is no need to pass anything in succ_nodes since nodes will be connected later anyway.
This will allow to create node later (will be done in separate diff)
Reviewed By: dulmarod
Differential Revision: D2699693
fb-gh-sync-id: 4396d31
Summary: public
Add qualifiers to global varible names. It affects both
normal global vars and class static fields
Reviewed By: dulmarod
Differential Revision: D2699927
fb-gh-sync-id: 1471faf
Summary: public
`this` can't be null in C++ methods, make backend aware of it.
Behavior for other languages remains the same
Reviewed By: dulmarod
Differential Revision: D2668945
fb-gh-sync-id: c85acbf
Summary: public Turn off this 'feature' without killing the code (yet)
We should be fine without it due to CAstProcessor that populates all location information.
Reviewed By: dulmarod
Differential Revision: D2699651
fb-gh-sync-id: cd7a184
Summary: public
Infer gets confused with this cast. It happens when objects try
to access superclass field/method, but we shouldn't change type in
this case (for the sake of backend)
Reviewed By: dulmarod
Differential Revision: D2663905
fb-gh-sync-id: bbf1cb2
Summary: public Translate template instantiations exported by clang.
There is no need to deal with templated code - clang creates one class
for each implementation.
Reviewed By: dulmarod
Differential Revision: D2686269
fb-gh-sync-id: 9249a00
Summary: public
Not finding C++ method in decl map was considered impossible to happen.
It turns out it can happen because ast exporter wasn't exporting template
instantiations.
So instead, pick a default when method decl is not found. This will be right in
most cases and will allow us to analyze rest of the function without crashing
frontend
Reviewed By: dulmarod
Differential Revision: D2695653
fb-gh-sync-id: 4077c59
Summary: public
Using clang's method resolution. This means that, in method calls, clang gives you a pointer to the declaration of the method.
In some cases though, clang doesn't find the right method. For example, when it finds a method in a category, we
need to make it into a method in the corresponding class, because that's how we treat categories in Infer. Moreover,
when it finds a method in a protocol, that is not useful for us, since the implementation will be in some class. Finally,
sometimes the call is on an object of type id, in which case clang doesn't know what is the correct declaration. In
those cases, we fall back to what we were doing before of approximating the method resolution. We also refactor
some of the code.
Reviewed By: akotulski
Differential Revision: D2679766
fb-gh-sync-id: b79bb85
Summary: public
Support MaterializeTemporaryExpr which happens often in real life C++.
For example, it will happen in this code:
std::vector<int> v;
v.push_back(1);
// it's because std::vector<int>::push_back(const int &)
Strategy is to create variable that will store value of init expression (to provide storage)
and then return variable as a result of an expression
Reviewed By: ddino
Differential Revision: D2674340
fb-gh-sync-id: 077ed6a
Summary: public
Update facebook-clang-plugins. Changes:
- [major] new clang
- dump class template instantiations
- change naming for qual names of anonymous structs
Changes are due to:
1. Different setter properties are exported for defaults (more correct). Fix the test that was wrong
2. New unary operator type
3. Naming for qual names changed
Reviewed By: jvillard
Differential Revision: D2685734
fb-gh-sync-id: f2c568a
Summary: public
Translate C++ overloaded operator calls. AST of their children looks slightly differently
which means that we have to be more permissive in params_trans.exps.
Difference:
CXXMemberCallExpr:
MemberExpr:
'ThisExpr' (it's part of method decl ref evaluation)
MethodDeclRef
Param1
Param2
...
CXXOperatorCallExpr
MethodDeclRef/FunctionDeclRef
'ThisExpr' (it's part of parameters list evaluation)
Param1
Param2
...
Reviewed By: dulmarod
Differential Revision: D2679503
fb-gh-sync-id: 1437f73
Summary: public
For some reason OpaqueValueExpr has extra field with subexpressions. Visit it when assigning location information
Reviewed By: dulmarod
Differential Revision: D2674708
fb-gh-sync-id: b91e142
Summary: public
We forgot that BlockExpr has BlockDecl inside, we need to visit it as well and assign proper location information to block body
Reviewed By: dulmarod
Differential Revision: D2565045
fb-gh-sync-id: c821a28
Summary: public
Add support for translation and calling c++ static methods.
They can be called in two ways:
ClassName::method()
classInstance.method()
Both of them have the same meaning, but AST produced is different
Reviewed By: dulmarod
Differential Revision: D2636489
fb-gh-sync-id: 9294a3f
Summary: public Plugin already exports fully qualified name, we don't need
to reconstruct it in ocaml again.
It wasn't used anywhere so this diff shouldn't change any behavior
Reviewed By: dulmarod
Differential Revision: D2668588
fb-gh-sync-id: 1ed1d61
Summary: public
New qual_name exporting logic in facebook-clang-plugins handles anonymous
classes in much better way. This allows us to simplify name generation for
classes that don't rely on a type of the object (which could be wrong for
methods from superclasses).
Reviewed By: dulmarod
Differential Revision: D2663810
fb-gh-sync-id: 08146b8
Summary: public
The static and global variables used in blocks don't appear in the ast as captured.
We need them however to try and find retain cycles involving those variables.
This diff adds a way of collecting the static variables used in blocks and treat them
like we treat other captured variables to find retain cycles.
Reviewed By: ddino
Differential Revision: D2663727
fb-gh-sync-id: d5b44ec
Summary: public Fix oversight where fields of base classes were
not exported.
Reviewed By: dulmarod
Differential Revision: D2652218
fb-gh-sync-id: 75b93ed
Summary: public
When method was called from within other method,
the type of `this` parameter didn't have pointer in type.
This was due to wrong logic that stripped pointer out of the
type.
We still need to strip the type when dereferencing reference variable.
Reviewed By: dulmarod
Differential Revision: D2652012
fb-gh-sync-id: 44552ac
Summary: public
Move dealing with init expressions from VarDecl_trans to standalone function.
This will be useful for constructor initializer.
I didn't improve anything, just moved stuff around so that no test breaks.
Main change is that we pass Sil code responsible for LHS (var dereference) as
result_trans.
Currently we assume that var_result_trans will have no nodes, no instructions,
no ids. This is true for current usages (it's always Sil.Lvar expression), but in the future it
will change.
Reviewed By: dulmarod
Differential Revision: D2647108
fb-gh-sync-id: cae60b6
Summary: public Categories are now also only translated on demand.
For this we needed links from the class to the categories which we have
now.
Reviewed By: akotulski
Differential Revision: D2647072
fb-gh-sync-id: 4afdf5f
Summary: public
returnStmt_trans adds all ids and instrs to its node. It shouldn't return them to parent then.
Reviewed By: dulmarod
Differential Revision: D2636829
fb-gh-sync-id: eb554b9
Summary: public This diff changes the way we treat enums in Infer.
1. The semantics of the translation is now correct, it was a bit incorrect before.
2. We don't add the enum types to the tenv anymore, which saves a lot of disk space
and avoids errors in the backend dealing with the enum type.
Reviewed By: akotulski
Differential Revision: D2641903
fb-gh-sync-id: 6295e5f
Summary: public
C++ allows to have one variable declared+initialized as a condition statement.
Handle these cases properly for `if` and `while` statements.
Reviewed By: dulmarod
Differential Revision: D2625774
fb-gh-sync-id: bac95b8
Summary: public
Translate CXXConstructExpr that are parts of variable initialization.
Reviewed By: dulmarod
Differential Revision: D2570750
fb-gh-sync-id: 708a457
Summary: public
Type of `this` argument to c++ method call has pointer type.
It's either raw pointer (for `->`) or reference (for `.`).
It was already correct in method declaration and method parameters, but it wasn't correct in method calls. Same thing will apply to constructor expressions.
As a result of this change, we won't expand type when calling methods.
Change to ast_expressions.ml fixes problem with autogenerating getters/setters that produced lvalue types after LValueToRValue cast.
Reviewed By: dulmarod
Differential Revision: D2605756
fb-gh-sync-id: 1027600
Summary: public Translate classes and protocols on demand only.
This saves space in the tenv and time. The categories still cannot be translated on demand
because there is no pointer to them from the classes. Andrzej is fixing that.
We had to make cTypes_Decl and the modules for translating classes, protocols and categories mutually
recursive. Moreover, we had to reorder the method for adding classes to the tenv to receive a decl and
return a type.
Reviewed By: ddino
Differential Revision: D2595610
fb-gh-sync-id: ca76068
Summary: public
In C pre-increment/decrement returns rvalue, but in C++ it returns lvalue.
Make translation aware of the difference and treat these cases differently.
Reviewed By: ddino
Differential Revision: D2575136
fb-gh-sync-id: 952c095
Summary: public
Translating structs and C++ classes only on demand. This reduces the size of the tenv and
saves analysis time.
Reviewed By: ddino
Differential Revision: D2575008
fb-gh-sync-id: b29da2a
Summary: public
Update clang plugin version that has following changes:
1. Don't dump DeclContext as a part of BlockDecl
2. Add location information to C++ constructor initializers
This diff is making infer compatible with these changes by
1. Making infer compile
2. Reading location information from c++ constructor initializers so we don't miss update to line number
Reviewed By: dulmarod
Differential Revision: D2575066
fb-gh-sync-id: 6dc594a
Summary: public
Refactor translation of C++ method calls so that we get two parts:
1. Get Sil code for method address and this expression
2. Given method address, this expression and list of paramter statements, create Call instruction
This will allow us to share more code with C++ constructor calls that do (1) differently, but
(2) will be shared
Reviewed By: dulmarod
Differential Revision: D2570712
fb-gh-sync-id: 9c6c3e4
Summary: public
Remove spurious recursion between type and function declarations in the files
generated via `atdgen`. This speeds up the compilation time of `make clang` by
almost half (one-shot measurements: 59s -> 36s).
Silence warning 39 on this generated code to make compilation pass.
Reviewed By: akotulski
Differential Revision: D2570506
fb-gh-sync-id: 8edba22
Summary: public This diff fixes incorrect mangling of captured variables in blocks. Because they are formals,
they shouldn't be mangled, but this case was not taken into account. This caused an assert false in the
example infer/tests/codetoanalyze/objc/frontend/block/block.m which wasn't caught before because there
wasn't an endtoend test for it.
Reviewed By: akotulski
Differential Revision: D2560379
fb-gh-sync-id: db500b6
Summary: public
Adds incomplete translation of constructor bodies. Treat constructors as
methods with something 'extra'.
We still don't translate initializer lists, just pass the information to cTrans
where it's ignored
Reviewed By: dulmarod
Differential Revision: D2550214
fb-gh-sync-id: 102c13a
Summary: public anonymous types have file:line in its name.
Since file is relative path, type name can have '/' in its name.
This is very fragile since we might create file wiht typename in its name (for example for methods).
Replacing '/' with '_' should make frontend more resilient to failure.
Translation of anonymous structs is still pretty fragile (due to relative path in its name),
but at least it doesn't crash frontend
Reviewed By: dulmarod
Differential Revision: D2559936
fb-gh-sync-id: 647fd7f
Summary: public
modules are better for namespacing.
How I made this diff:
1. moved list_* functions from utils.ml{,i} to iList.ml{,i}
2. shell commands:
grep '^val ' infer/src/backend/iList.mli | cut -f 2 -d ' ' | tr '\n' ' '
# gives a list of former list_ functions that IList implements, fed into the loops below:
LISTNAMES=" compare equal append combine exists filter flatten flatten_options find fold_left fold_left2 for_all for_all2 hd iter iter2 length fold_right map mem nth partition rev rev_append rev_map sort split stable_sort tl drop_first drop_last rev_with_acc remove_duplicates remove_irrelevant_duplicates merge_sorted_nodup intersect mem_assoc assoc map2 to_string"
# replace " list_*" function calls with IList.* ones
for i in $LISTNAMES; do find . -name '*.ml' -exec sed -i -e "s/ list_$i\b/ IList.$i/g" \{\} \; ; done
# replace (list_* functions with (IList.* ones
for i in $LISTNAMES; do find . -name '*.ml' -exec sed -i -e "s/(list_$i\b/(IList.$i/g" \{\} \; ; done
# ditto with [
for i in $LISTNAMES; do find . -name '*.ml' -exec sed -i -e "s/\[list_$i\b/[IList.$i/g" \{\} \; ; done
3. Then fix up the rest by hand. In particular, stuff that called Utils.list_*
explicitely, and stuff that used the "Fail" exception that has moved to
IList. (may revisit this in the future)
Reviewed By: jeremydubreil, cristianoc
Differential Revision: D2550241
fb-gh-sync-id: cd64b10
Summary: public
C++ assignment operation result is lvalue, while in C it was rvalue.
This leads to different AST produced by clang for then same code!
Use language information from clang (`-x` flag) to distinguish these cases.
More specifically, let's look at following code:
int r;
int f = (r = 3);
// type of (r = 3) expression:
// C/objC -> int rvalue
// C++/objC++ -> int lvalue
Existing code did extra dereference because it was rvalue in C and there was no cast afterwards
in C++ there will be extra LValueToRvalue cast when neccesary so we don't have to do extra dereference manually
Reference:
http://en.cppreference.com/w/c/language/value_category (search for 'assignment and compound assignment operators')
NOTE: AST output doesn't change when something is hidden behind `extern "C"`, so we should use global language information
Reviewed By: ddino
Differential Revision: D2549866
fb-gh-sync-id: b193b11
Summary: public Two cases were not handled properly so far:
1. Declaration of a reference variable missed reference bit in type
2. Parameters to a function expecting T& had type T.
The way to distinguish reference types from value types is to look
whether parameter is type 'T rvalue' or type 'T lvalue' (xvalue probably as well)
Unfortunately, we can't just say 'T lvalue' = 'T&' because it would break
a lot of things in our frontend.
However, we know that when parameter to a function call has type 'T lvalue', it has to be 'T&' type.
Same applies when init_expression type is lvalue.
So, the solution is to add wrapper function that looks at results of `instruction` function and
expected expression type. Then if it's lvalue, wrap the type in reference.
Do this wrapping magic only when we know that lvalue mean reference type.
The rest of the changes is to make frontend tests pass - since we use different fields
in the AST, some of them were incorrectly set before and no one noticed.
Reviewed By: cristianoc
Differential Revision: D2549991
fb-gh-sync-id: 067f5d5
Summary: public
Dictionary literals are normally implemented using
`+dictionaryWithObjects:forKeys:count:` but were modeled as
`+dictionaryWithObjectsAndKeys:`
In particular, `@{@"aaa": nil}` would trigger a sentinel error instead of an NPE.
This models dictionary literals as a special infer builtin that the backend
interprets so as to give NPEs when passed nil objects or keys.
Reviewed By: dulmarod
Differential Revision: D2550039
fb-gh-sync-id: 1a10656
Summary: @public
This diff changes following things:
1. expression_info.type_ptr has type than decl_ref_info.type_ptr for reference types. Use type from decl_ref_info as a source of truth
2. reference types need to have one extra dereference that is not in AST. Add handling for this.
3. [small refactor] create function that creates temporary variable from res_trans expression and returns new res_trans.
Some caveats:
1. types are not quite right yet (see .dot files).
2. decl_ref_info might not be set for DeclRefExpr, make frontend crash in that case to catch when this happens
This is high risk change since it changes behavior of every translation on very widely used expr.
Reviewed By: @dulmarod
Differential Revision: D2540632
fb-gh-sync-id: aa28936
Summary: @public
This removes the old way of finding variable declarations to create sil variables and replaces it with
a a new way based on the map from pointers to declarations.
Basically, every variable dereference contains a pointer to the variable declaration, with that we can
build the corresponding sil variable.
Reviewed By: @akotulski
Differential Revision: D2536000
fb-gh-sync-id: dd29cf9
Summary: @public
Refactor exising code that handles __nonnull annotations.
Create extendable way to add extra stuff to be translated before
rest of statements get translated.
This will make handling of constructor initializer list simpler
Reviewed By: @dulmarod
Differential Revision: D2521659
fb-gh-sync-id: ba613e7
Summary: @public
Update version of clang plugin, it changes type
of CXXMethodDecl, all of the changes are to make frontend compile.
Reviewed By: @jvillard
Differential Revision: D2522117
fb-gh-sync-id: 970bdc8
Summary: @public remove `is_instance` function parameter that was used for
blocks only. Instead, pass context everywhere - it holds information that is
very relevant when defining block.
Reviewed By: @dulmarod
Differential Revision: D2521772
fb-gh-sync-id: 5fb53f9
Summary: @public
1. Add support for `this` keyword. It will allow to access fields/methods of the object from the method body.
2. Fix problem with method formals to add pointer to type of first parameter (which corresponds to `this`)
Reviewed By: @dulmarod
Differential Revision: D2484882
fb-gh-sync-id: c318619
Summary: @public
Get newest goodness from facebook-clang-plugins
that allows us to change type of type_ptr during deserialization
We are modifying clang_ast_types.ml that fcp/clang-ocaml expects to
exist - we provide our own implementations of:
t_ptr, pointer_to_type_ptr, type_ptr_to_pointer
Reviewed By: @dulmarod
Differential Revision: D2498623
Summary: @public
First diff to give better language information in the frontend.
This information is necessary to understand when 'self' is objc keyword,
when 'this' is C++ keyword and when they are not.
Reviewed By: @ddino, @dulmarod
Differential Revision: D2489252
Summary: @public
qual_type was the same as type_ptr, so it was removed.
This commit makes it compatible with facebook-clang-plugins
Commands ran:
codemod --extensions ml,mli 'qual_type' 'type_ptr'
codemod --extensions ml,mli 'qt' 'tp'
If there is any other popular name for qual_type, let me know
Reviewed By: @dulmarod
Differential Revision: D2498289
Summary: @public
We no longer rely on existence of qt_raw field.
Update facebook-clang-plugins so that this field
is not even exported. This should give us some perf wins
since qual_type is written in a lot of places
Reviewed By: @dulmarod
Differential Revision: D2489308
Summary:
Using the qualified names of fields to create mangled names.
This removes the need to search for the fields in the tenv when translating a field access.
That was only done to build the correct mangled name,
The rest of the changes are using the qualified names for ivars and property names in the property module,
which is needed to make it work. Basically a big chain of changes of using qualified names to make the code
compile.
Summary:
This diff aims at removing the occurrences of the types in string form so that we can remove them
from the ast which will save space.
There is one occurrence left regarding attributes that will be handled later by Andrzej.
We build a function to create a string out of a function type used for name mangling.
Summary:
frontend and backend assume that Sil.Struct
doesn't have methods nor inheritance. In order to plug C++
classes we probably need them to be Sil.Class
Summary:
C function names depend only on their name (and their file is they are static, and their type if we are in C++)
This is more in sync with the actual semantics of C function names than the previous implementation.
Summary:
Make infer run with clang 3.7.0. Small changes are due to differences
in output of clang
NOTE: this diff will require recompiling clang (it takes time)
Summary:
Pass inheritance information to the backend
It also changes some functions in cTypes_decl and we are using type and decl maps to resolve these types
Summary:
This is the second of 3 stack diffs to deal with replacing the parser of types.
This diff is about changes to translate record types, as well as class types and enum
types. For class types and enum types we store the declaration pointer in the map of
types to find the type easier later.
For record declarations, we change the way we build record names.
Moreover, we don't translate typedefs anymore, because when we have a pointer to a typedef,
we can find the actual type it points to.
Summary:
This is the second of 3 stack diffs to deal with replacing the parser of types.
This diff is about general changes to the frontend to make it cope with the change. There
are two main challenges:
1. We create pieces of ast in ast_expressions, such as getters and setters. For that we create
custom types.
2. We store types in cMethod_signature for parameters and return type of functions. This was
stored as strings, but that means losing the pointer information which is vital to get the
sil types.
So this diff consists mostly of dealing with these challenges. It change the signature of
cMethod_signature and update modules accordingly.
To deal with the custom types, we build methods in ast_expressions for creating those types,
with a custom type pointer, like "internal_typeint". At the beginning of the translation we save
all these custom types in the map from type pointers to sil types that we build as we compute the
types, so that they are available later.
Another custom type that we build is a type of classes or pointer of classes based on the current
class. I found a simple way to deal with it, giving it a pointer "class_name", and then we know
how to translate those. Something I tried is to save the declaration of the current class and pass
that declaration around, but somehow that lead to pref regression, so I removed it in favor of this
more lightweight version.
Summary:
This is the first of 3 stack diffs to replace the parser of types in the clang frontend.
In this diff we remove the parser and the lexer and add a new module that does the
translation from ast types to sil types.
It is still incomplete, i.e. many c++ types are still not treated. However, all the
types that we were previously treating in C and ObjC are treated and some C++ ones, such
that the tests pass and we get good results in the apps.
Sometimes one needs to translate a record type when we havent translated the record itself,
so the translation of types and of records needs to be mutual recursive. I managed however
to get them into different modules and achieve the mutual recursion using higher order functions.
Summary:
each procedure has a different scope, so we can restart the fresh name generator and have more stable instructions in the cfg, that don't change when other procedures are changed
Summary:
Move proc_attributes to a separate module.
Field err_log, in common between proc desc and summary, can now be moved to ProcAttributes without creating cycles of dependencies.
Summary:
There's a lot of overlap between the representation of a proc desc and a spec summary. This diff moves all the data in common to the single record proc_attributes defined in Sil.
This gives a unified way of accessing most of the data carried by a procedure, whether it is contained in a proc desc or a spec. Also, it ensures that there is a single flow of information from proc desc to spec in the back-end, making sure that the information represented stays consistent.
Summary:
Use the new clang plugin that outputs biniou instead of Yojson. This binary format is more compact, which makes the frontend a little faster (5 to 10%).
@update-submodule: facebook-clang-plugins
Summary:
Use the map of pointers to find method declarations and build method signatures.
Remove the need for having an extra map for method signatures (and remove that map).
Summary:
see title. It will make number of arguments
less ridiculous and make it easier to share C/C++ structs.
Another diff that adds base class information for C++ will
follow.
This change is big enough to deserve separate diff
Summary:
Handle C++ method declarations and create cfgs for them.
Doesn't do:
Method calls (CXXMethodCall)
Using `this` expression in methods (including implicit ones)
Summary:
Refactor of creating method signatures. First step to use the map of pointers to find method declarations.
The idea is to have a function that creates a method signature from a declaration, later we can get the declaration from a pointer
and use this function to retrieve the method signature.
(authored by @dulmarod)
Summary:
Add basic translation for C++ `new` keyword.
Currently, it's modeled as simple `malloc` call.
Following constructs are still not working properly:
- array new `new [size_expr]`
- run initializer attached to `new` (such as `new int(5)`)
- `delete[]`
Summary:
1. Unify the code now that MemberExpr has more information available and it can be shared with ObjCIvarRefExpr
2. Use type from decl_ref instead of expression type. For methods, expression type is useless (`<bound something something`>). For fields it should be the same
Summary:
The methods in objc can have the same name in the same class, but one be instance and the other class,
so that we need to take the instance flag into account when defining unique names for ObjC methods.
Summary:
Update fcp version and make infer build with it.
It's not using new features yet, diffs will follow.
New stuff:
Proper type information in form of pointer->type
Expose more information about cxx classes (superclass info)
Add pointers to objc method decls when possible
Summary:
This commit is the result of
`find infer/src -name '*.ml' -or -name '*.mli' -exec ocp-indent -i \{\} \;`
and
`INFER_CHECK_COPYRIGHT=1 InferPrint`
Summary:
In preparation for C++ methods, we need to have type with
class, method, mangled (for overloading?)
1. Change objc method to support it
2. Do some renames to be less confusing
Summary:
In objC we already prefix field names with classes.
It's better to make it consistent since it'll allow
us to share more code between C++ and objC
Summary:
This adds support for having lookup from pointer to decl in C frontend
NOTE: with this diff atdgen 1.6 or later is required.
To upgrade atdgen, please run `opam install atdgen.1.6.0`
Summary:
This makes infer C frontend compatible
with new scheme for naming which has:
1. plain name (like 'fun')
2. qualified name (reversed list like ['fun', 'class', 'top_class', 'namespace'])
Summary:
@public
Add support for default function arguments.
As a side change - always create cmethod_signature for a function
Test Plan:
1. Call function with default parameter and confirm that it gets parsed and reports null dereference (B5 but still). It didn't before.
2. Created a test case
Summary: @publicThe first argument of builtin calls in C gets translated twice, which is bad if the argument is a side-effecting expression like a function call.
Test Plan: Attached test previously reported a memory leak because the translation introduces an extra call to malloc(), now reports nothing.
Summary:
@public
Translate CXXStaticCastExpr
Test Plan:
Add test, confirm that it gets translated.
Also create example to see that infer reports null dereference with this change:
struct X { int a; };
int main() {
X *x = static_cast<X*>(nullptr); // <- reports now
//X *x = (X*)nullptr; // <- reported before
return x->a;
}
Summary:
@public
Make c frontend understand CXXNullPtrLiteralExpr.
Note that the implementation differs from GNUNullExpr
Test Plan:
Create function that returns nullptr:
int* getPtr() {return nullptr;}
look at specs:
InferPrint infer-out/specs/getPtr\{831F\}.specs
Procedure: getPtr
int *getPtr()
Timestamp: 1
Status: INACTIVE
Phase: RE_EXECUTION
Dependency_map:
TIME:0.002853 s TIMEOUT:N SYMOPS:10 CALLS:1,0
ERRORS:
--------------------------- 1 of 1 [nvisited: 1] ---------------------------
PRE:
POST 1 of 1:
return = null:
----------------------------------------------------------------
Add test for it
Summary:
@public
Sorting the fields in structs and classes. Was needed in the backend and forgotten.
Fixes the github issue https://github.com/facebook/infer/issues/90.
Test Plan: Added a new test that shows that we now get a spec for the example from the github issue.
Summary:
@public
This adds basic support for function attributes in Sil, and for translating
attributes from the clang frontend to these new Sil attributes. For now only
the sentinel attribute is translated.
Note that attributes normally have parameters, but they are currently missing
from the clang plugin.
Test Plan:
Add
(match Sil.get_sentinel_func_attribute_value (Cfg.Procdesc.get_attributes callee_pdesc).Sil.func_attributes with
| Some _ -> L.out "found sentinel attribute!\n"
| _ -> ());
between lines 947 and 948 of symbExec.ml, then analyze a file containing:
int add_all_ints(int a, ...) __attribute__ ((sentinel));
int foo(void) { return add_all_ints(1, 2, 3, (void *)0); }
then `grep 'found sentinel' infer-out/log/analyzer_out`
-> the sentinel attribute is correctly passed from the frontend to the backend.
Summary:
@public
The clang location information is described in an incremental way: each location information is a delta with respect to the previous one in the AST. This is based on a the visit of the AST nodes which corresponds to the order in which the lines are printed with the standard clang AST dump:
clang -cc1 -ast-dump filename.c
This diff adds a preprocessing phase to the front-end so that location information is composed during a visit, and explicit location information is used instead.
In the case of include files, we report the last known location before including the file.
The current file for a function is the file where it is defined. So if a function is entirely defined in a .h file, then the location information will consistently be about the .h file. If instead a function is defined in the source file being analyzed, and some AST nodes come from macro expansion, line information will refer to the original file.
The front-end tests reveal that the location information was incorrect in a few dot files.
Test Plan: arc unit, after having fixed the wrong location in the existing .dot files