Summary:
public
Add extra field that will be used to store extra bug description
in dotty format. This will allow to create better bug reports for
bugs that require images to understand what is going on (such as
retain cycles or activity leaks)
Reviewed By: jeremydubreil
Differential Revision: D2779935
fb-gh-sync-id: d2ecc0d
Summary:
public
When reading from static fields, the translation was overwriting the list of class members with the list of static ones. The backend was only looking up fields from the list of non static fields.
Reviewed By: sblackshear
Differential Revision: D2801759
fb-gh-sync-id: fe8ed80
Summary:
public
While playing with the type environment for Java, I realised that the types in models.jar where not re-generated when modifying Infer. As a consequence, some changes in Infer where surprisingly having no effect. This diff forces the type environment to be absent when analyzing the models.
Reviewed By: sblackshear
Differential Revision: D2802517
fb-gh-sync-id: 1c2673a
Summary:
public
4feb93e91c disabled join of tuple values, but also of any two values of the same
type. However, we do know how to join integer values, so re-enable those.
Reviewed By: cristianoc
Differential Revision: D2803286
fb-gh-sync-id: 5bcc725
Summary:
public
Using Typename.t in the list of superclasses to match the type for the key of the type environment. This avoids to make back and forth convertions from typename to type (csu, mangled name).
Depends on D2786574
Reviewed By: jberdine
Differential Revision: D2792116
fb-gh-sync-id: 6100f1a
Summary:
public
This diff cleans up the detection of assertion failures in C, C++ and Objective C which was previously hacked on top of the tracing mode for Java. The code is also generalized to detect any custom errors which can be defined using the `__infer_fail` builtin, and the case of assertion failure is now just the specific case of translating `assert` using `__infer_fail` directly in the clang frontend.
Reviewed By: jberdine
Differential Revision: D2786574
fb-gh-sync-id: dd1e1cf
Summary:
public
It seems that restricting printing to stdout and stderr to developer
mode has broken InferPrint. So unconditionally turn developer mode on
in InferPrint.
Reviewed By: sblackshear
Differential Revision: D2786897
fb-gh-sync-id: 44b5772
Summary:
public
When building models, make was invoked explicitly with `make -j` rather
than with `$(MAKE)`. This prevented controlling parallelism from the
top-level make invocation.
Reviewed By: akotulski
Differential Revision: D2786812
fb-gh-sync-id: 7f6d58c
Summary:
public
Some functions were never used, and some other were always used with the same parameters
Reviewed By: sblackshear
Differential Revision: D2786118
fb-gh-sync-id: 666fba2
Summary:
public
The function Sil.get_typ was actually always call with the optional parameter being `Csu.Class`
Reviewed By: sblackshear
Differential Revision: D2786055
fb-gh-sync-id: 4337258
Summary:
public
The paramtere where defined as simple strings in the procedure description. This diff force the use of the Mangled module to avoid possible conflict when converting variable back and forth from string to pvar. The code is now more consistent as the local variable were already named using mangled names.
Reviewed By: jberdine
Differential Revision: D2782863
fb-gh-sync-id: 1867574
Summary:
public
Move the naming of types to it own module, so that it can be used by modules `Sil` depends from like `Procname`
Reviewed By: jberdine
Differential Revision: D2773148
fb-gh-sync-id: a89f595
Summary:
public
Move the representation of data-structure into it own module, so that it can be used by modules `Sil` depends from like `Procname`.
Reviewed By: jberdine
Differential Revision: D2772791
fb-gh-sync-id: cda4e3a
Summary: public In this example we now get a dangling pointer dereference, so contains exactly doesn't work.
Reviewed By: jvillard
Differential Revision: D2773769
fb-gh-sync-id: 64d1044
Summary: public The properties in those models needed to be made nonatomic.
Reviewed By: akotulski
Differential Revision: D2773650
fb-gh-sync-id: 903e7df
Summary:
public
Make Ast_utils.get_decl_from_typ_ptr function more forgiving.
It will return None instead of crashing when there is no decl for a given type.
This is done in prepratation to try to get destructor function of any type without crashing.
Reviewed By: dulmarod
Differential Revision: D2769302
fb-gh-sync-id: 7a9fcfe
Summary:
public
Factor resolving default parameters from common method/constructor translation function.
This is done in preparation to use same function for generating destructor calls.
Reviewed By: dulmarod
Differential Revision: D2769291
fb-gh-sync-id: 9c35cf8
Summary:
public
Treat destructors in the same way we treat methods/constructors.
It doesn't deal with inheritance/composition - we'll need to add calls to these
destructors later
Reviewed By: dulmarod
Differential Revision: D2769142
fb-gh-sync-id: b1c77e1
Summary: public Crashes during the analysis are classified as timeouts in the .specs file. In addition, when there is a timeout, it does not say *why* the timeout occurred (hard time, symops, or recursion). This diff adds this information to the .specs file and adds a "fail hard" mode where crashes and timeouts will actually stop the analysis in developer mode (but will still be hidden in the normal production mode).
Reviewed By: jeremydubreil
Differential Revision: D2725382
fb-gh-sync-id: b0b4e5e
Summary:
public
This fixes two things:
- `make -j9000` now works without crashing
- `make -C infer/src clang java` followed by `make -C infer/src clang` results
in a cached build the second time. Previously, a bug in ocamlbuild meant that
building infer/java would stomp over some files used by infer/clang, hence
infer/clang would get partially recompiled. More generally, alternating
between targets, or simply repeatedly calling `make` would result in unecessary
rebuilds.
Reviewed By: akotulski
Differential Revision: D2765544
fb-gh-sync-id: ecffdee
Summary: public Did this by adding an option to rearrange that turns of error reporting.
Reviewed By: dulmarod
Differential Revision: D2768396
fb-gh-sync-id: 4898d2d
Summary:
public
Infer would previously give confusing reports in the following case: two classes `foo.MyClass` defined in `MyClass.java` under directory `foo/` and `bar.MyClass` defined in file `MyClass.java` under `bar/` are compiled together in a single call to the Java compiler. Then the errors in `foo/MyClass.java` could potentially be reported in `bar/MyClass.java`, or the other way around.
The reason is: Infer starts the translation from the bytecode which only contains information about the base filename in the metadata. For example, both `foo.MyClass` and `bar.MyClass` will contains the information that the source file is `MyClass.java` but not the full path to the actual source file (hopefully).
In order to cope with this issue, this diff adds the possibility to read the package declaration from the source file so that we can map classes to the source files these classes are defined without ambiguity. In order to avoid having to open and read the source files when not necessary, the code will behave as before as long as no name conflict is found. Otherwise, it will only load and search for the package declaration when two or more sources files have the same basename but are defined in different subdirectories.
Closes t9395275
Reviewed By: jberdine
Differential Revision: D2763775
fb-gh-sync-id: 0adc1ac
Summary:
public
There was one oversight that caused frontend to mark C++ method as
objc instance method.
Reviewed By: dulmarod
Differential Revision: D2769060
fb-gh-sync-id: d7a92bc
Summary:
public To deal with ObjC nullability and give meaningful error
messages, we introduced the ObjC_NULL attribute in the symbolic execution to
mean that the object carrying the attribute is null because it was the result
of a method call from a null object. However, one cannot add attributes to null,
so we had to delay nullifying the object in order to have the attribute until we
can assign it to a program variable. However, if the temp variable was used in a condition,
we were not taking into account that its meaning is null. This diff addresses that and fixes
many FPs that we have encounter.
Reviewed By: ddino
Differential Revision: D2765167
fb-gh-sync-id: c0878dd
Summary:
public
Generating .annot files is expensive. Add a configure option to disable them:
./configure --disable-ocaml-annot
./configure --disable-ocaml-bin-annot
(the latter is more for completeness, as bin-annot are not very expensive to
generate)
`make` is 30% faster without annot files. Unless you use Eclipse you shouldn't
need them.
Reviewed By: jeremydubreil
Differential Revision: D2765508
fb-gh-sync-id: 086bc39
Summary: public First in a series of diffs fixing the __nullable checker for obj-c, which currently reports false positives on property accesses via getters and setters. To fix this problem, we need a special implementation of letderef and set for property accesses that don't report NPE errors. Factoring out the execution of these instructions from the main symbolic executor will make this easier.
Reviewed By: jeremydubreil
Differential Revision: D2763923
fb-gh-sync-id: 883a184
Summary:
public
`json.dump` does not have the same number of arguments in 2.7.3 and 2.7.9. Fix
this by naming the optional parameters explicitly.
Reviewed By: akotulski
Differential Revision: D2760579
fb-gh-sync-id: 7ebc69e
Summary:
public
This configure option disables building the java analysis and the associated
checks.
Refactor infer/src/Makefile.in to better isolate the Java-specific ocamlfind
dependencies.
Reviewed By: jeremydubreil
Differential Revision: D2712921
fb-gh-sync-id: 08077c2
Summary:
public
This moves the hardcoded version numbers in one place and simplifies the logic
to compute the version a bit.
Reviewed By: jberdine
Differential Revision: D2759779
fb-gh-sync-id: 0e4d3c1
Summary:
public Remove property of maps and make sure that we add to the tenv the property attributes
by folowing the link between the property and the corresponding ivar.
Reviewed By: ddino
Differential Revision: D2755887
fb-gh-sync-id: beeecaf
Summary:
public
Remove trans_state.parent_line_number because it's not used anymore.
This slightly cleans up codebase
Reviewed By: ddino
Differential Revision: D2755050
fb-gh-sync-id: b1b7e8e
Summary:
public
The contravariant subtyping rule for the PerformanceCritial annotation was meant to document the code but can be very too verbose on exisiting project. It is also not necessary as we can get this annotation from the supertypes. I am disabling it for now, but keep the code in case we want to revive it at some point in the future.
Reviewed By: sblackshear
Differential Revision: D2750212
fb-gh-sync-id: 2424281
Summary:
public
Lines other than the first of multi-line comments in non-ocaml files
were flush right instead of aligned.
Reviewed By: jvillard
Differential Revision: D2739752
fb-gh-sync-id: c85f56e
Summary:
public
The function `Procname.to_simplified_string ~withclass:true` used to print `MyClass.MyClass()` when printing the name of a Java constructor. It now prints `MyClass()`.
I made a separate diff for this changes as it affects the bug hash, especially for resource leaks.
Reviewed By: sblackshear
Differential Revision: D2748661
fb-gh-sync-id: 9f51871
Summary:
public
It is possible to return null according to
http://docs.oracle.com/javase/7/docs/api/java/lang/Class.html#getResource(java.lang.String).
Also, getResource throws NPE if passed null:
$ cat -n TestClassGetResourceArgument.java
1 import java.net.URL;
2
3 public class TestClassGetResourceArgument {
4
5 static URL testClassGetResourceArgument(Class cls) {
6 return cls.getResource(null);
7 }
8
9 public static void main(String[] args) {
10 System.out.println(testClassGetResourceArgument("".getClass()).toString());
11 }
12
13 }
$ javac TestClassGetResourceArgument.java && java TestClassGetResourceArgument
Exception in thread "main" java.lang.NullPointerException
at sun.misc.MetaIndex.mayContain(MetaIndex.java:243)
at sun.misc.URLClassPath$JarLoader.getResource(URLClassPath.java:830)
at sun.misc.URLClassPath.getResource(URLClassPath.java:199)
at sun.misc.URLClassPath.getResource(URLClassPath.java:251)
at java.lang.ClassLoader.getBootstrapResource(ClassLoader.java:1305)
at java.lang.ClassLoader.getResource(ClassLoader.java:1144)
at java.lang.ClassLoader.getResource(ClassLoader.java:1142)
at java.lang.ClassLoader.getSystemResource(ClassLoader.java:1267)
at java.lang.Class.getResource(Class.java:2145)
at TestClassGetResourceArgument.testClassGetResourceArgument(TestClassGetResourceArgument.java:6)
at TestClassGetResourceArgument.main(TestClassGetResourceArgument.java:10)
Reviewed By: cristianoc
Differential Revision: D2752301
fb-gh-sync-id: 888baf1
Summary:
public
Remove double negation in test check as per jrm's comment on D2695548.
Reviewed By: jeremydubreil
Differential Revision: D2743862
fb-gh-sync-id: d7cc0d0
Summary:
public there was a problem with
templated method names that had '/' in its names.
This happened for names like this: `method_name<(anonymous lambda in path/to/src:1:1)>`
Plus random fix to backend logging
Reviewed By: dulmarod
Differential Revision: D2749359
fb-gh-sync-id: b9a0fcd
Summary:
public
version.ml changes at each commit, which triggers the recompilation of all .ml
files that depend on it. Adding version.mli should prevent that.
Reviewed By: jberdine
Differential Revision: D2748986
fb-gh-sync-id: 5a59a14
Summary:
public This info is based on clang's pointers so it should be more accurate. Also we want to remove the
property map.
Reviewed By: ddino
Differential Revision: D2739487
fb-gh-sync-id: 6be620a
Summary:
public
Avoid the analysis to fail when the type of an exception cannot be found in the type environement
Reviewed By: sblackshear
Differential Revision: D2743015
fb-gh-sync-id: 7b922eb
Summary:
public
Added special modelling for m.put(k,v) as assigning value v to map m at key k.
The modelling is analogous to the one for containsKey: the variable used to represent m.get(k) is generated, and assigned the value v.
Reviewed By: jberdine
Differential Revision: D2743844
fb-gh-sync-id: 56d3581
Summary:
public
Change the contructor names to a more standard capitalisation style + remove some dead code
Reviewed By: sblackshear
Differential Revision: D2738157
fb-gh-sync-id: 6d9734b
Summary:
Change eradicate handling of complex values so that an unknown function that
has an existing mapping to Undef is treated as if there was no existing
mapping.
Without this change, joining control-flow branches where one called a function
and the other did not resulted in a mapping to Undef. Later calls to the
function would then reuse the Undef mapping.
public
Reviewed By: cristianoc
Differential Revision: D2695548
fb-gh-sync-id: ab69c47
Summary:
public Prepare to use integers as pointers (as opposed to strings right now).
This should speed decl/type map lookup and there are no real downsides.
In order to preserve all knowledge we have right now, use following semantics for pointer values
clang pointer - its value is greater than 0
invalid pointer - its value is 0
internal pointer - its value is smaller than 0
Reviewed By: jvillard
Differential Revision: D2739419
fb-gh-sync-id: d264c28
Summary:
public The concept of generated method is not used anymore, so it is removed.
In general, I think we have noticed that generating code in the frontend is not the best
idea because it decreases performance, it's better to do it in the backend like with the
getters/setters.
Reviewed By: akotulski
Differential Revision: D2739142
fb-gh-sync-id: 0cf9535
Summary:
public This continues the work on adding builtins for getters and setters
and removing the generated code from the frontend. This is extending it to setters and
removing the preanalysis that is no longer needed.
Reviewed By: akotulski
Differential Revision: D2734499
fb-gh-sync-id: 7cf5749
Summary:
public
After supporting template classes and template functions, it's time
to support template methods (they are very similar to template functions)
Reviewed By: dulmarod
Differential Revision: D2734807
fb-gh-sync-id: 41c7f96
Summary:
public some of the code was repeated. Make the function shorter
by merging some cases
Reviewed By: dulmarod
Differential Revision: D2734056
fb-gh-sync-id: c84f04c
Summary:
public
Add support for decl statements inside condition of switch statement
Reviewed By: ddino
Differential Revision: D2734213
fb-gh-sync-id: d60021d
Summary:
public
Change semantics of res_trans_cond inside switchStmt_trans to include
condition node (as opposed to children nodes only).
This way, meaning will be consistent with conditions inside if and while
Reviewed By: ddino
Differential Revision: D2734185
fb-gh-sync-id: 866eee2
Summary:
public
In case of compilation error, ocaml would helpfully warn about irrelevant stuff
because infer doesn't look like an ocamlbuild project. Make it look like one.
Reviewed By: jberdine
Differential Revision: D2734392
fb-gh-sync-id: 9761eff
Summary:
public The ivar corresponding to the property is only available in the ast when the
implementation of the peroperty is available. Otherwise we add an ivar with the correct type
and the default name to the tenv and use it in the getter (and later in the setter).
This was not causing crashes because the generated code was swallowing the Missing_fld exception.
Now it flags it.
Reviewed By: akotulski
Differential Revision: D2734217
fb-gh-sync-id: 21c62af
Summary:
public
Use generic location visitor from facebook-clang-plugins
Therefore, there is no need to write our custom visitor which is hard to maintain
This introduces some level of magic, but makes it easier to maintain the code.
Reviewed By: jvillard
Differential Revision: D2734282
fb-gh-sync-id: ed9711a
Summary:
public
Update fcp, changes:
1. decl_ref from ObjcPropertyDecl to IvarDecl
2. Export location information in macro expansion, not macro definition
Reviewed By: dulmarod, jvillard
Differential Revision: D2733967
fb-gh-sync-id: 7d8ce00
Summary:
public
Conditional operator in C++ allows to return lvalues as a result of the operator.
Make infer frontend smart enough to detect when that happens and treat this
case correctly
Reviewed By: ddino
Differential Revision: D2729468
fb-gh-sync-id: f4a110d
Summary:
public Using the new information from the plugin that links method decls in objc with their
properties if they are getters. Setters to be done in next diff.
Reviewed By: ddino
Differential Revision: D2729511
fb-gh-sync-id: dc58894
Summary:
public
The resource leak warning messages can sometimes be confusing especially when several type of resources are involved in the code where the warning is reported. This diff adds the class name of the resource being leaked to the error message.
Reviewed By: sblackshear
Differential Revision: D2706538
fb-gh-sync-id: ccf364e
Summary:
public
The case when a resource leaks is reported because the the resource was not closed on the execution branch created by the preconditions checks are not very interesting in practice because the exceptions thrown, either `NullPointerException` or `IllegalStateException` are very rarely caught anyway. So the legimate use of preconditions checks is creating spurious resource leak reports.
Reviewed By: sblackshear
Differential Revision: D2707227
fb-gh-sync-id: 6aece73
Summary: public so that we don't introduce more string mutations in the future.
Reviewed By: jberdine
Differential Revision: D2729167
fb-gh-sync-id: 746319a
Summary:
public
Add the backwards-compatibility Bytes module if we detect OCaml version <
4.02.0.
Reviewed By: jberdine
Differential Revision: D2728924
fb-gh-sync-id: 39cf76b
Summary:
public This puts the bugs found with the checker strong delegate to a dummy method.
The error message will appear in the line of the class implementation definition, since the properties
are likely to be defined in the h file, and getting the reporting in a file that is not the current is
difficult.
Reviewed By: ddino
Differential Revision: D2718016
fb-gh-sync-id: 66273a4
Summary:
public
Modify do_branch inside conditionalOperator_trans:
1. Remove TempJoinNode optimization - instead create join node as usually. It produces one more node, but it's much cleaner
2. Claim priority inside do_branch instead of appending instructions to node created by children
3. Use compute_results_to_parent to some extent
4. Random changes to loop_instruction and trans_assertion_failure to make tests pass
Reviewed By: ddino
Differential Revision: D2708076
fb-gh-sync-id: d429167
Summary:
public
Use the autotools to generate some of the info used in infer/src/Makefile.
Reviewed By: jeremydubreil
Differential Revision: D2703752
fb-gh-sync-id: 59090b2
Summary:
public
Use autoconf's detection of xcode-select to decide whether to build the ObjC
models or not.
Reviewed By: jeremydubreil
Differential Revision: D2703864
fb-gh-sync-id: e6dadca
Summary:
public
Generate infer/Makefile from infer/Makefile.in to use make from autoconf.
Reviewed By: jeremydubreil
Differential Revision: D2703102
fb-gh-sync-id: ee22395
Summary:
public
Create Makefile.config.in to hold paths to various source directories used
in infer/annotations/Makefile.
Reviewed By: jeremydubreil
Differential Revision: D2702986
fb-gh-sync-id: b5eb5bf
Summary:
public
Read definitions of C++ function template specializations. Infer still doesn't work correctly for template methods, it will be addressed later
Reviewed By: dulmarod
Differential Revision: D2707411
fb-gh-sync-id: 6072796
Summary: public This only supports parameters for now, but should be easy to extend to return values and fields. The work of this diff is all in the translation--the task of finding annotations and doing the actual checking is handled by existing code.
Reviewed By: akotulski
Differential Revision: D2706791
fb-gh-sync-id: 0d706a8
Summary: public These two functions were doing very same things.
After last refactor code of both functions started to look very similar.
Reviewed By: dulmarod
Differential Revision: D2707502
fb-gh-sync-id: b0559a3
Summary: public
We were generating getters and setters in the frontend, and then removing them if they were not needed
in the preanalysis. This diff adds a builtin getter that gets called if we are going to skip the function. That
means, if there was a getter written by the developers we still use that one rather than the builtin.
Code for setter and cleanup of preanalysis will come in a next diff.
Reviewed By: jvillard
Differential Revision: D2702890
fb-gh-sync-id: d65f25e
Summary: public
New version:
dumps template function specializations
does some changes to setup/makefiles to make them better
Reviewed By: jvillard
Differential Revision: D2707355
fb-gh-sync-id: 0213138
Summary: public
Since we are only running the analysis on the Buck targets that are of type java_library or android_library, it may happen that the filtering gives an empty list of targets.
This diff does two things:
1) it filters out the empty strings `''` that can be returned when parsing the `buck query` command, and
2) skip the analysis when the list of targets to analyze is empty.
It also fixes the debug output for the list of targets to analyze, which was previously always printing the list of targets passed in the command line argument, which led for this issue to be unoticed even though it may have been there for a while already.
Reviewed By: sblackshear
Differential Revision: D2704949
fb-gh-sync-id: 83c62d8
Summary: public
The method `android.view.View.findViewById` and should not be run performance critical parts of the code like scrolling.
Reviewed By: sblackshear
Differential Revision: D2698196
fb-gh-sync-id: 2716ad7
Summary: public
With this change it will be possible to instruct Buck to not analyze certain files whose names match
with the regex passed in input.
So for example if you want to skip the analysis of files containing `skip_me` on their names, then
the command:
infer --use-flavors --blacklist-regex ".*skip_me.*" -- buck build <target-name>
will do it, because the `.*skip_me.*` regex will match the desired rule.
Reviewed By: jvillard
Differential Revision: D2702872
fb-gh-sync-id: 498b17b
Summary: public
Refactor how propositions are created from prune nodes, especially for
inequalities.
Reviewed By: cristianoc
Differential Revision: D2700119
fb-gh-sync-id: 86a70a3
Summary: public
Use PriorityNode.compute_results_to_parent in BinaryOperator_trans.
There is no functional change intended
Reviewed By: ddino
Differential Revision: D2696382
fb-gh-sync-id: 4e75761
Summary: public
Refactor compute_results_to_parent to call collect_res_trans directly there.
So the job of PriorityNode.compute_results_to_parent is the following:
Given list of [res_trans_1; res_trans_2; ... ; res_trans_n],
1. Connect nodes linearly (ie. res_trans_1 with res_trans_2, res_trans_2 with res_trans_3) etc.
If res_trans_k has no nodes, try connecting res_trans_k-1 with res_trans_k+1 (this is what collect_res_trans always did)
2. Collect all ids, instrs and exps into one res_trans
3. Create node if needed and put there same ids and instrs as usual.
4. Connect new node with existing ones
4. Return new node structrue with exps = []
This will make function usable in more places so we don't have to create nodes over and over again
Reviewed By: ddino
Differential Revision: D2696351
fb-gh-sync-id: 9f4a9b4
Summary: public Make it uniform with other function call translations. This is just reordering, no functional change intended
Reviewed By: dulmarod
Differential Revision: D2696370
fb-gh-sync-id: 63656e3
Summary: public
Nodes in these functions can be created later (after translation of subexpressions is done).
Change triggers many differences in .dot files, but they are all about different numbering of
nodes.
There is no functional change in this diff.
Reviewed By: dulmarod
Differential Revision: D2699703
fb-gh-sync-id: a7b8d2a
Summary: public
In both functions, there is no need to pass anything in succ_nodes since nodes will be connected later anyway.
This will allow to create node later (will be done in separate diff)
Reviewed By: dulmarod
Differential Revision: D2699693
fb-gh-sync-id: 4396d31
Summary: public
Add qualifiers to global varible names. It affects both
normal global vars and class static fields
Reviewed By: dulmarod
Differential Revision: D2699927
fb-gh-sync-id: 1471faf
Summary: public
`this` can't be null in C++ methods, make backend aware of it.
Behavior for other languages remains the same
Reviewed By: dulmarod
Differential Revision: D2668945
fb-gh-sync-id: c85acbf
Summary: public Turn off this 'feature' without killing the code (yet)
We should be fine without it due to CAstProcessor that populates all location information.
Reviewed By: dulmarod
Differential Revision: D2699651
fb-gh-sync-id: cd7a184
Summary: public
Infer gets confused with this cast. It happens when objects try
to access superclass field/method, but we shouldn't change type in
this case (for the sake of backend)
Reviewed By: dulmarod
Differential Revision: D2663905
fb-gh-sync-id: bbf1cb2
Summary: public
I realized that this code was returning false for `android.content.Context <: android.content.Context`.
Reviewed By: cristianoc
Differential Revision: D2699112
fb-gh-sync-id: 4c01c42
Summary: public
This allows to run the checker and get feedback about potential expensive call stacks without having to annotate first all the methods that are overriding PerofrmanceCritical-annotated methods
Reviewed By: cristianoc
Differential Revision: D2693556
fb-gh-sync-id: cb60278
Summary: public
When merging json reports from different buck targets, the same bug may be
reported several times.
Clean up some bug sorting functions while I'm at it.
Reviewed By: martinoluca
Differential Revision: D2690665
fb-gh-sync-id: 4a12072
Summary: public
Currently payloads for different analyses are stored in a disjoint union.
After this diff, a record is used to enable running different analyses using the same spec files.
Reviewed By: jvillard
Differential Revision: D2695566
fb-gh-sync-id: 3d2886d
Summary: public Translate template instantiations exported by clang.
There is no need to deal with templated code - clang creates one class
for each implementation.
Reviewed By: dulmarod
Differential Revision: D2686269
fb-gh-sync-id: 9249a00
Summary: public
Not finding C++ method in decl map was considered impossible to happen.
It turns out it can happen because ast exporter wasn't exporting template
instantiations.
So instead, pick a default when method decl is not found. This will be right in
most cases and will allow us to analyze rest of the function without crashing
frontend
Reviewed By: dulmarod
Differential Revision: D2695653
fb-gh-sync-id: 4077c59
Summary: public
Using clang's method resolution. This means that, in method calls, clang gives you a pointer to the declaration of the method.
In some cases though, clang doesn't find the right method. For example, when it finds a method in a category, we
need to make it into a method in the corresponding class, because that's how we treat categories in Infer. Moreover,
when it finds a method in a protocol, that is not useful for us, since the implementation will be in some class. Finally,
sometimes the call is on an object of type id, in which case clang doesn't know what is the correct declaration. In
those cases, we fall back to what we were doing before of approximating the method resolution. We also refactor
some of the code.
Reviewed By: akotulski
Differential Revision: D2679766
fb-gh-sync-id: b79bb85
Summary: public
-Wno-error flag doesn't turn off errors which were turned on using -Werror=$WARN_TYPE.
In order to turn these off we'd have to add -Wno-error=$WARN_TYPE for each warning type.
So instead, turn off all warnings so they can't get elevated to error
Reviewed By: jvillard
Differential Revision: D2690810
fb-gh-sync-id: 7d6611f
Summary: public
Support MaterializeTemporaryExpr which happens often in real life C++.
For example, it will happen in this code:
std::vector<int> v;
v.push_back(1);
// it's because std::vector<int>::push_back(const int &)
Strategy is to create variable that will store value of init expression (to provide storage)
and then return variable as a result of an expression
Reviewed By: ddino
Differential Revision: D2674340
fb-gh-sync-id: 077ed6a
Summary: public
Refactor reporting of errors to enhance readability and reuse.
Reviewed By: jeremydubreil
Differential Revision: D2679676
fb-gh-sync-id: f4c1cba
Summary: public
Update facebook-clang-plugins. Changes:
- [major] new clang
- dump class template instantiations
- change naming for qual names of anonymous structs
Changes are due to:
1. Different setter properties are exported for defaults (more correct). Fix the test that was wrong
2. New unary operator type
3. Naming for qual names changed
Reviewed By: jvillard
Differential Revision: D2685734
fb-gh-sync-id: f2c568a
Summary: public
Use the analysis summary to store call stacks from PerformanceCritical-annotated methods to Expensive-annotated methods.
This use the on demand scheduling in order to make sure that the summary of the callee is always analyzed before the callers.
Reviewed By: cristianoc
Differential Revision: D2685347
fb-gh-sync-id: ab403d9
Summary: public
With this change, it will be possible to pass to InferAnalyze a list of folders to be
searched for spec files, through a file containing those paths, separated by the newline
character.
For example, if there's a `PathList.txt` file containing
/path/to/specs/folder1
/path/to/specs/folder2
/path/to/specs/folder3
Then invoking `infer --specs-dir-list-file PathList.txt [--other_args, ...] -- <build_cmd>`
will instruct the analyzer to lookup to those three folders whenever it searches for specs.
It's important to note that since the analyzer runs in parallel from different locations, it's necessary to pass **absolute** paths, or the analyzer will fail with an error.
Reviewed By: jvillard
Differential Revision: D2668700
fb-gh-sync-id: b407a57
Summary: public
Translate C++ overloaded operator calls. AST of their children looks slightly differently
which means that we have to be more permissive in params_trans.exps.
Difference:
CXXMemberCallExpr:
MemberExpr:
'ThisExpr' (it's part of method decl ref evaluation)
MethodDeclRef
Param1
Param2
...
CXXOperatorCallExpr
MethodDeclRef/FunctionDeclRef
'ThisExpr' (it's part of parameters list evaluation)
Param1
Param2
...
Reviewed By: dulmarod
Differential Revision: D2679503
fb-gh-sync-id: 1437f73
Summary: public
For some reason OpaqueValueExpr has extra field with subexpressions. Visit it when assigning location information
Reviewed By: dulmarod
Differential Revision: D2674708
fb-gh-sync-id: b91e142
Summary: public
We forgot that BlockExpr has BlockDecl inside, we need to visit it as well and assign proper location information to block body
Reviewed By: dulmarod
Differential Revision: D2565045
fb-gh-sync-id: c821a28
Summary: public
Add support for translation and calling c++ static methods.
They can be called in two ways:
ClassName::method()
classInstance.method()
Both of them have the same meaning, but AST produced is different
Reviewed By: dulmarod
Differential Revision: D2636489
fb-gh-sync-id: 9294a3f
Summary: public
Some more examples to explain the behaviour of the type checker with inheritance
Reviewed By: cristianoc
Differential Revision: D2639908
fb-gh-sync-id: d038061
Summary: public
I previously change this for transitive calls to Expensive-annotated methods but forgot to do the same when enforcing the subtyping rules
Reviewed By: cristianoc
Differential Revision: D2667142
fb-gh-sync-id: 0de5a34
Summary: public Plugin already exports fully qualified name, we don't need
to reconstruct it in ocaml again.
It wasn't used anywhere so this diff shouldn't change any behavior
Reviewed By: dulmarod
Differential Revision: D2668588
fb-gh-sync-id: 1ed1d61
Summary: public
New qual_name exporting logic in facebook-clang-plugins handles anonymous
classes in much better way. This allows us to simplify name generation for
classes that don't rely on a type of the object (which could be wrong for
methods from superclasses).
Reviewed By: dulmarod
Differential Revision: D2663810
fb-gh-sync-id: 08146b8
Summary: public
The static and global variables used in blocks don't appear in the ast as captured.
We need them however to try and find retain cycles involving those variables.
This diff adds a way of collecting the static variables used in blocks and treat them
like we treat other captured variables to find retain cycles.
Reviewed By: ddino
Differential Revision: D2663727
fb-gh-sync-id: d5b44ec
Summary: public
The classes `java.util.zip.{Inflater/Deflater}` where not modelled as resources. In practice, bad memory leak can happen using these classes and forcing the call to `end()` can help to avoid waisting native memory.
Reviewed By: sblackshear
Differential Revision: D2661249
fb-gh-sync-id: 1e33316
Summary: public
The main objective here is to reduce the list of changes as much as possible to that the change set in the JSON base case only relates to the changes in Infer
Reviewed By: sblackshear
Differential Revision: D2661085
fb-gh-sync-id: 113a695
Summary: Add possibility of throwing IOException to model of
java.nio.channels.FileChannel.tryLock, and add test case.
public
Reviewed By: cristianoc
Differential Revision: D2658203
fb-gh-sync-id: 9ca9c02
Summary: public Fix oversight where fields of base classes were
not exported.
Reviewed By: dulmarod
Differential Revision: D2652218
fb-gh-sync-id: 75b93ed
Summary: public
This function is useful to understand how infer prints reports, it's worth
cleaning it up a notch.
Reviewed By: jeremydubreil
Differential Revision: D2646878
fb-gh-sync-id: 2ecd894
Summary: Add models of the java.nio.channels.FileChannel.tryLock methods which can
return null according to the java docs.
public
Reviewed By: sblackshear, cristianoc
Differential Revision: D2650050
fb-gh-sync-id: ae6c8ce
Summary: Express model of java.io.File.listFiles using InferUndefined.object_undefined
instead of new File[...].
public
Reviewed By: jeremydubreil, sblackshear
Differential Revision: D2649406
fb-gh-sync-id: 93c5bb5
Summary: public
When method was called from within other method,
the type of `this` parameter didn't have pointer in type.
This was due to wrong logic that stripped pointer out of the
type.
We still need to strip the type when dereferencing reference variable.
Reviewed By: dulmarod
Differential Revision: D2652012
fb-gh-sync-id: 44552ac
Summary: public so that we don't get thousands of memory leaks in debug mode.
We will still get them if we pass ml_bucket internal.
Reviewed By: jvillard
Differential Revision: D2648200
fb-gh-sync-id: 8dce66f
Summary: public
Move dealing with init expressions from VarDecl_trans to standalone function.
This will be useful for constructor initializer.
I didn't improve anything, just moved stuff around so that no test breaks.
Main change is that we pass Sil code responsible for LHS (var dereference) as
result_trans.
Currently we assume that var_result_trans will have no nodes, no instructions,
no ids. This is true for current usages (it's always Sil.Lvar expression), but in the future it
will change.
Reviewed By: dulmarod
Differential Revision: D2647108
fb-gh-sync-id: cae60b6
Summary: public Categories are now also only translated on demand.
For this we needed links from the class to the categories which we have
now.
Reviewed By: akotulski
Differential Revision: D2647072
fb-gh-sync-id: 4afdf5f
Summary: public
Load and store the inferred attributes on the analysis summaries. The next step is to use the call stack from performance critical methods to expensive methods form the summary payload instead of modifying the attributes.
Reviewed By: sblackshear, cristianoc
Differential Revision: D2644530
fb-gh-sync-id: b99a8e3
Summary: public
This is the first of a series of patches that reorganise the inferlib package
into a bunch of smaller modules.
Reviewed By: martinoluca
Differential Revision: D2641917
fb-gh-sync-id: 19788b5
Summary: public
returnStmt_trans adds all ids and instrs to its node. It shouldn't return them to parent then.
Reviewed By: dulmarod
Differential Revision: D2636829
fb-gh-sync-id: eb554b9
Summary: public This diff changes the way we treat enums in Infer.
1. The semantics of the translation is now correct, it was a bit incorrect before.
2. We don't add the enum types to the tenv anymore, which saves a lot of disk space
and avoids errors in the backend dealing with the enum type.
Reviewed By: akotulski
Differential Revision: D2641903
fb-gh-sync-id: 6295e5f
Summary: public
but keep the copy-pastability by wrapping the list into a small standalone
script that can be copy-pasted on the command line.
Reviewed By: jeremydubreil
Differential Revision: D2636536
fb-gh-sync-id: 7c689e2
Summary: public
These were only present in a few files. Could be added back on all files if
someone uses them.
Reviewed By: martinoluca
Differential Revision: D2646803
fb-gh-sync-id: edd6c43
Summary: public
We should be able to distinguish if a method is annotated with Expensive and has been automatically annotated as calling an expensive method using internally the annotation CallsExpensive in the later case.
Reviewed By: cristianoc
Differential Revision: D2640478
fb-gh-sync-id: 32a7ee9
Summary: public
This also fixes an issue with utf-8 in source code, as the csv report filters
out non-ascii characters.
Reviewed By: akotulski
Differential Revision: D2641727
fb-gh-sync-id: 3ca6dc6
Summary: public
This adds the following subtyping rules:
- methods that are not annotated with Expensive cannot be overwritten by a method annotated with Expensive
- methods annotated with PerformanceCritical must be overwitten by method annotated with PerformanceCritical
Reviewed By: cristianoc
Differential Revision: D2636076
fb-gh-sync-id: eb616c9
Summary: public
Just works by running the analysis bottom-up and promoting any method as virtually annotated with `Expensive` whenever one of its callee is annotated with `Expensive`
Reviewed By: cristianoc
Differential Revision: D2635242
fb-gh-sync-id: 4401be6
Summary: public
The jar file of the models was opened twice before. This should reduce a little bit the IO of the capture.
Reviewed By: cristianoc
Differential Revision: D2626251
fb-gh-sync-id: 310bef4
Summary: public
This should avoid confusion between the toplevel "infer" python script and
inferlib/infer.py.
Reviewed By: jeremydubreil
Differential Revision: D2637087
fb-gh-sync-id: 82ce2a4
Summary: public
Print "Capturing..." message, and some info in case it fails, eg:
$ cd examples/android_hello/
$ infer -- ./gradlew build
Running and capturing gradle compilation...
[... stuff ...]
$ infer -- ./gradlew build
Running and capturing gradle compilation...
Nothing to compile. Try running `./gradlew clean` first.
Reviewed By: jeremydubreil
Differential Revision: D2637024
fb-gh-sync-id: 0e8867d
Summary: public
When analysing projects we would not always display the numbers of procs and
files analysed. This fixes it, and also prints the stats before the reports for
readability. This way we also don't need to print "Analysis done" anymore.
Before:
$ infer -- gcc -c hello.c
Starting analysis (Infer version git-436690cf022a16313dda8447121a5934529e6e5c)
Analysis done
hello.c:5: error: NULL_DEREFERENCE
pointer s last assigned on line 4 could be null and is dereferenced at line 5, column 3
3. void test() {
4. int *s = NULL;
5. > *s = 42;
6. }
After:
$ infer -- gcc -c hello.c
Starting analysis (Infer version git-5b7ff3ac10d58e7ffd17c44574ab330ed07cb188)
Computing dependencies... 100%
Analyzing 1 cluster. 100%
Analyzed 1 procedure in 1 file
Found 1 issue
hello.c:5: error: NULL_DEREFERENCE
pointer s last assigned on line 4 could be null and is dereferenced at line 5, column 3
3. void test() {
4. int *s = NULL;
5. > *s = 42;
6. }
Also looked at the results on buck and gradle
Reviewed By: cristianoc
Differential Revision: D2636991
fb-gh-sync-id: 32b9a7c
Summary: public
This cleans up the output of infer. Before:
$ touch empty.c
$ infer -- gcc -c empty.c
Starting analysis (Infer version git-436690cf022a16313dda8447121a5934529e6e5c)
Analysis done
No issues found
$ infer -- javac Hello.java
Starting analysis (Infer version git-436690cf022a16313dda8447121a5934529e6e5c)
Analysis done
Hello.java:4: error: NULL_DEREFERENCE
object s last assigned on line 3 could be null and is dereferenced at line 4
2. int test() {
3. String s = null;
4. > return s.length();
5. }
6. }
Analyzed 2 procedures in 1 file
$
After:
$ infer -- gcc -c empty.c
Starting analysis (Infer version git-434faa7f70f6b9498615d3ead8c12bcfec6fc553)
Analyzing 0 clusters
Analysis done
No issues found
$ infer -- javac Hello.java
Starting analysis (Infer version git-434faa7f70f6b9498615d3ead8c12bcfec6fc553)
Computing dependencies... 100%
Analyzing 1 cluster. 100%
Analysis done
Found 1 issue
Hello.java:4: error: NULL_DEREFERENCE
object s last assigned on line 3 could be null and is dereferenced at line 4
2. int test() {
3. String s = null;
4. > return s.length();
5. }
6. }
Analyzed 2 procedures in 1 file
$
Also tested with buck, gradle.
Reviewed By: cristianoc
Differential Revision: D2636969
fb-gh-sync-id: 52f06f0
Summary: public
Use InferPrint to generate infer-out/report.json instead of converting
infer-out/report.csv. The json may soon contain more info than the CSV.
Reviewed By: jeremydubreil
Differential Revision: D2603775
fb-gh-sync-id: f141dfe
Summary: public
C++ allows to have one variable declared+initialized as a condition statement.
Handle these cases properly for `if` and `while` statements.
Reviewed By: dulmarod
Differential Revision: D2625774
fb-gh-sync-id: bac95b8
Summary: public Buck prints all the output at once and it doesn't look good. So we should not print the progress bar in the tests.
Reviewed By: jvillard
Differential Revision: D2631722
fb-gh-sync-id: 5460a70
Summary: public
This is an initial version of the Expensive checker which only report violations on direct calls. The main objective is to setup all the files for this new checker.
The next steps are:
1) run the checker in interprocedural mode
2) Save in the summary of a method foo() the annotation attribute Expensive if a direct callee of foo is annotated with Expensive
3) Check that Expensive is enforced by subtyping, i.e. check that non-expensive method cannot be overwritten by a method annotated with Expensive
Reviewed By: cristianoc
Differential Revision: D2629947
fb-gh-sync-id: 0e06f85
Summary: public
paths look a bit silly prior to this diff, as they go up from infer/ to go back
into infer/ right away, eg:
/home/jul/infer/infer/lib/python/inferlib/../../../../infer/lib/java/processor.jar
This changes this path to the less silly:
/home/jul/infer/infer/lib/python/inferlib/../../../lib/java/processor.jar"
Reviewed By: martinoluca
Differential Revision: D2631775
fb-gh-sync-id: 6df5d4d
Summary: public
This makes it a bit easier to diagnose errors. This is how it looks:
infer -- javac IDontExist.java
"javac" "-g" "-cp" "/home/jul/infer/infer/lib/python/inferlib/../../../../infer/lib/java/processor.jar" "-d" "/home/jul/infer/examples" "IDontExist.java" "-J-Duser.language=en"
This is how it used to look:
['javac', '-g', '-cp', u'/home/jul/code/infer/infer/bin/../lib/java/processor.jar', '-d', '/home/jul/infer/examples', 'IDontExist.java', '-J-Duser.language=en']
Reviewed By: jberdine
Differential Revision: D2631698
fb-gh-sync-id: 09903df
Summary: public
Add colored output if pygments is installed on the system.
Reviewed By: cristianoc
Differential Revision: D2601509
fb-gh-sync-id: 0fa8e9f
Summary: public
Now that we have modules, we can gather string constants in one place only.
Reviewed By: jeremydubreil
Differential Revision: D2615791
fb-gh-sync-id: 7cc21e4
Summary: public
This unclutters infer/bin/ and gives more structure to infer/lib/
Reviewed By: jeremydubreil
Differential Revision: D2605809
fb-gh-sync-id: 508fc2c
Summary: public
Adding a progress bar to the analysis phase to check progress.
The progress bar for the analysing procedures part is just printing dots at the moment and will be
improved soon when we do all the multithreading inside Ocaml.
There is also a no_progress_bar option in the scripts to hide it, for instance in CI.
Reviewed By: cristianoc
Differential Revision: D2625763
fb-gh-sync-id: daf6f96
Summary: public
This is a non-functional refactoring to add a flag to trigger the translation of the procedure description of callees. This allows to check in which cases we still need to procedure description of callees to run the analysis.
Reviewed By: cristianoc
Differential Revision: D2620402
fb-gh-sync-id: 7ef5b5f
Summary: public
Translate CXXConstructExpr that are parts of variable initialization.
Reviewed By: dulmarod
Differential Revision: D2570750
fb-gh-sync-id: 708a457
Summary: public
Type of `this` argument to c++ method call has pointer type.
It's either raw pointer (for `->`) or reference (for `.`).
It was already correct in method declaration and method parameters, but it wasn't correct in method calls. Same thing will apply to constructor expressions.
As a result of this change, we won't expand type when calling methods.
Change to ast_expressions.ml fixes problem with autogenerating getters/setters that produced lvalue types after LValueToRValue cast.
Reviewed By: dulmarod
Differential Revision: D2605756
fb-gh-sync-id: 1027600
Summary: public
If `INFER_RECORD_INTEGRATION_TESTS` is set to 1 then
`./scripts/build_integration_tests.py` will record the results of the tests
instead of checking them.
This modifies the test outputs as they are generated a bit differently from
before.
Reviewed By: jeremydubreil
Differential Revision: D2603764
fb-gh-sync-id: 506111f
Summary: public
The context leaks were reported multiple times. If a leaks was found on method `f()` and `g()` calls `f()`, then the same leak was report both in `f()` and in `g()`.
Reviewed By: sblackshear
Differential Revision: D2598110
fb-gh-sync-id: ca90b57
Summary: public
Adding initial support for Buck for Cxx on the toplevel infer command.
If a `cxx_binary`/`cxx_library` builds with the command `buck build //targetName:target` then the analysis of Infer can be triggered through the `#infer` flavor.
This change configures buck to run Infer, whenever the `#infer` flavor gets passed: just run
`infer --use-flavors -- buck build //targetName:target#infer`
Please note that when using this feature (`--use-flavors`), the toplevel `infer` command has to be launched from the root of the buck project (which is where the `.buckconfig` file is located) and the `#infer` flavor must be passed on the target.
Reviewed By: jvillard
Differential Revision: D2508296
fb-gh-sync-id: 63c0dea
Summary: public
For instance:
cd examples/
infer -- gcc -c hello.c
gives:
Starting analysis (Infer version git-c66ed7b302c996f238b6ec20cfcf4f6193fcbd88)
Analysis done
hello.c:5: error: NULL_DEREFERENCE
pointer s last assigned on line 4 could be null and is dereferenced at line 5, column 3
3. void test() {
4. int *s = NULL;
5. > *s = 42;
6. }
Reviewed By: jeremydubreil
Differential Revision: D2600864
fb-gh-sync-id: 71e0bd4
Summary: public Translate classes and protocols on demand only.
This saves space in the tenv and time. The categories still cannot be translated on demand
because there is no pointer to them from the classes. Andrzej is fixing that.
We had to make cTypes_Decl and the modules for translating classes, protocols and categories mutually
recursive. Moreover, we had to reorder the method for adding classes to the tenv to receive a decl and
return a type.
Reviewed By: ddino
Differential Revision: D2595610
fb-gh-sync-id: ca76068
Summary: public
Add a `--html` options to inferTraceBugs to generate html reports.
Reviewed By: jeremydubreil
Differential Revision: D2595895
fb-gh-sync-id: adfa757
Summary: public
Extends the current activity leak checker to all sort of context leaks.
Reviewed By: sblackshear
Differential Revision: D2572548
fb-gh-sync-id: 9da18e4
Summary: public
The relative path was triggering a bug in ocamlbuild where it would try to
create ".." for some reason, which already exists. Hence `make -C infer clean
checkCopyright` would always fail for instance.
Reviewed By: jeremydubreil
Differential Revision: D2596307
fb-gh-sync-id: 0dd8d9f
Summary: public
The harness was created all the time but we do not report issues comming from the harness right now. The option:
infer --android-harness -- <build command>
Allows to create the harness
Reviewed By: sblackshear
Differential Revision: D2595211
fb-gh-sync-id: c7a6dc5
Summary: public
This allow to tell Infer to skip the translation of some files. This is especially useful to skip the translation of some generated files following the syntax:
> cat .inferconfig
{
"skip_translation": [
{
"language": "Java",
"source_contains": "_SHOULD_BE_SKIPPED_"
}
]
}
Reviewed By: cristianoc
Differential Revision: D2588095
fb-gh-sync-id: 3fda816
Summary: public
In C pre-increment/decrement returns rvalue, but in C++ it returns lvalue.
Make translation aware of the difference and treat these cases differently.
Reviewed By: ddino
Differential Revision: D2575136
fb-gh-sync-id: 952c095