Summary:
This diff removes the unused support for reporting props, which enables
refactoring so that the 'base' directory has no dependencies, and the
'IR' directory depends only on 'base'.
Reviewed By: jvillard
Differential Revision: D3981352
fbshipit-source-id: 3700a23
Summary:
This diff removes the redundancy in the representation of types where
struct types could be represented either directly using Tstruct or
indirectly using Tvar to refer to the type environment. A consequence
is that it is much harder to construct large type values.
Reviewed By: sblackshear, cristianoc
Differential Revision: D3839753
fbshipit-source-id: cf04ea5
Summary:
Refactor module Prop disentangling the various normalization functions, and moving them inside a new module Normalize.
There is quite a reshuffling of functions, including some dead code removal, but there should be no computational difference.
Reviewed By: jvillard
Differential Revision: D3696491
fbshipit-source-id: 68dd719
Summary:
Clean up the API to access component of propositions.
Use uniform naming for getting and setting components.
Reviewed By: jberdine
Differential Revision: D3696180
fbshipit-source-id: a8aedb0
Summary:
Add module `Core` in Prop to contain the implementation of a prop as a record. The record is private so that pattern matching is unchanged.
Added new function to set individual fields, enforcing that the type becomes exposed when constructing explicitly.
Added function unsafe_cast_to_normal to mark all the cases where a coercion to a normalized type is used.
This is purely a refactoring diff that only affects types, it should have no runtime consequence.
Reviewed By: jberdine
Differential Revision: D3691342
fbshipit-source-id: fa06e29
Summary:
This diff lifts the Prop.Attribute module out of Prop. This required
moving several Prop functions that depend on Attribute
(find_arithmetic_problem, deallocate_stack_vars, find_equal_formal_path)
and adding numerous calls to Prop.normalize to fix normal/exposed
mismatches. Also note that the type of Prop.normalize is generalized to
allow calling it on normalized props.
Reviewed By: cristianoc
Differential Revision: D3684523
fbshipit-source-id: f37af8b
Summary:
Move the Sil.attribute type and associated types and operations to a new
PredSymb module.
Reviewed By: cristianoc
Differential Revision: D3683834
fbshipit-source-id: d3606a8
Summary:
Change the Aobjc_null attribute from a family of unary predicates, one
for each Pvar.t * Ident.fieldname list, to a single binary predicate.
This diff should not change behavior except for printing of Aobjc_null
attributes. Also, operations such as free variables, etc. should now
behave correctly with respect to variables occurring in the arguments of
Aobjc_null.
Reviewed By: cristianoc
Differential Revision: D3669392
fbshipit-source-id: fe4434a
Summary:
Add support for nary predicates, not just unary ones. Many operations
don't make much sense for nullary predicates, and are generally treated
as no-ops. The first argument is treated specially, as the "anchor" of
the predicate application. For example, adding or removing an attribute
uses the anchor to identify the atom to operate on. Also, abstraction
and normalization operations treat the anchor specially.
Reviewed By: cristianoc
Differential Revision: D3669391
fbshipit-source-id: 3d142ea
Summary:
Simplify the (implementation and) interface of Prop by using the atom
type directly instead of a tuple type that duplicates the fields.
This change does not weaken the type guarantees, while reducing
redundancy between types thereby making future changes easier.
Reviewed By: cristianoc
Differential Revision: D3669388
fbshipit-source-id: 65f7493
Summary:
Change representation of pure predicate applications to distinguish
between positive and negative literals using the Apred and Anpred
constructors instead of a boolean field.
This representation is more compact, and is uniform with the treatment
of equalities and disequalities. Some code is simpler, but there isn't
much in it.
Reviewed By: cristianoc
Differential Revision: D3669387
fbshipit-source-id: 07cdea6
Summary:
Treat attributes as unary predicates in classical first-order logic.
This diff extends predicates with a polarity and uses classical 2-valued
semantics. This potentially changes the behavior of negating
attributes, which was not previously relied on.
Reviewed By: sblackshear
Differential Revision: D3669365
fbshipit-source-id: 2f26776
Summary:
Replace disequalities to Attribute expressions with predicate symbol
application pure atomic formulas.
This diff should preserve existing behavior, up to the comparison order
of attribute disequalities versus predicate applications.
Reviewed By: sblackshear
Differential Revision: D3647049
fbshipit-source-id: c39a901
Summary: Move Sil.binop type and operations into separate Binop module.
Reviewed By: dulmarod
Differential Revision: D3548082
fbshipit-source-id: 356bee3
Summary:
The Aobjc_null attribute does not need a fully general exp. This diff
refines this to a possibly-empty path of fields starting from a pvar,
which reduces interdependence between Sil types.
Reviewed By: dulmarod
Differential Revision: D3548043
fbshipit-source-id: 49d16ab
Summary:
Now that array types record only static - and therefore constant -
lengths, Sil typ and exp no longer need to be mutually recursive.
This diff:
- splits the recursion in the type definitions of typ and exp,
- splits the recursion in the comparison and pretty-printing
functions,
- and then refactors typ into a separate module.
Reviewed By: cristianoc
Differential Revision: D3423575
fbshipit-source-id: 6130630
Summary:
This diff refactors Sil.Int, which represents integer literals, into a
separate module IntLit. There are no dependencies forcing Sil.Int to
be a submodule of Sil, and it is also no simpler as a submodule.
Reviewed By: cristianoc
Differential Revision: D3422910
fbshipit-source-id: 63013f2
Summary:
This diff extends Sizeof expressions with an optional expression for the
length of the final extensible array, if any. For example, sizeof a
simple array `sizeof(t[n])` is represented by (modulo subtyping info)
`Sizeof t (Some n)`, and sizeof a struct whose final member is an array
`sizeof(struct s {... t[n] f})` is represented by `Sizeof (struct s
{... t[n] f}) (Some n)`.
This is an intermediate step toward eliminating expressions from types,
the redundancy between the length in the types and in the sizeof
expressions will be eliminated later.
Reviewed By: cristianoc
Differential Revision: D3358763
fbshipit-source-id: 2239bca
Summary:public
Eliminate the use of the -open Utils command line option passed to the compiler in favor of `open! Utils` in each source file. While slightly convenient, this option causes more headaches than it is worth with other tools e.g. merlin.
Reviewed By: jvillard
Differential Revision: D3168193
fb-gh-sync-id: 4285ef6
fbshipit-source-id: 4285ef6
Summary:public
Refactor the ml_loc type and associated operations from Utils to Logging. Seems a better fit, and reduces dependencies.
Reviewed By: cristianoc
Differential Revision: D3161440
fb-gh-sync-id: 2e09c25
fbshipit-source-id: 2e09c25
Summary:public
An observer object that registered to a notification center needs to be
unregistered before it is deallocated.
If not, the notification center may send a notification to a gost object.
This diff introduce a checker for this problem.
Reviewed By: dulmarod
Differential Revision: D2949692
fb-gh-sync-id: 1653cec
shipit-source-id: 1653cec
Summary:public
I have seen enough comments in this space by people during code review to switch on the analyses the compiler can already do. This diff is an automated renaming of unused identifiers to _, with a few additional changes made when reading the diff of the results for things that stood out as particularly strange. This base-lines all of the existing warnings. I'm not sure this is a good idea, since it might be better for those familiar with each part of the code to look at these warnings and use them as pointers to suspicious code.
Reviewed By: jeremydubreil
Differential Revision: D2938376
fb-gh-sync-id: 6e67817
shipit-source-id: 6e67817
Summary:
public To deal with ObjC nullability and give meaningful error
messages, we introduced the ObjC_NULL attribute in the symbolic execution to
mean that the object carrying the attribute is null because it was the result
of a method call from a null object. However, one cannot add attributes to null,
so we had to delay nullifying the object in order to have the attribute until we
can assign it to a program variable. However, if the temp variable was used in a condition,
we were not taking into account that its meaning is null. This diff addresses that and fixes
many FPs that we have encounter.
Reviewed By: ddino
Differential Revision: D2765167
fb-gh-sync-id: c0878dd
Summary: @public Infer previously did not work correctly when a function returns the result of a skip function:
```
retUndef() {
x = undefined();
return x;
}
derefUndef() {
y = retUndef();
y.doSomething(); // Symexec_memory_error here, prevents spec inference
}
```
The problem is that angelic mode did not know to add the return value of `retUndef()` to the footprint.
This diff fixes the problem by adding return values marked with the `Aundef` attribute to the footprint.
This is done lazily (e.g., a value only gets added to the footprint when you try to deref it).
Reviewed By: @jvillard
Differential Revision: D2444929
Summary:
`get_resource_or_undef` attribute is weird and was causing problems for me in another diff.
This diff refactors the attribute categories to make resource and undef separate.
Summary:
There's a lot of overlap between the representation of a proc desc and a spec summary. This diff moves all the data in common to the single record proc_attributes defined in Sil.
This gives a unified way of accessing most of the data carried by a procedure, whether it is contained in a proc desc or a spec. Also, it ensures that there is a single flow of information from proc desc to spec in the back-end, making sure that the information represented stays consistent.
Summary:
Creating a persistent reference to an Activity leads to a nasty form of memory leaks (see http://android-developers.blogspot.com/2009/01/avoiding-memory-leaks.html, https://corner.squareup.com/2015/05/leak-canary.html). There are many ways to create a bad persistent reference to an Activity, but the most obvious one is via a static field.
This diff implements a very simple form of Activity leak checking by inspecting postconditions to see if a subtype of Activity is reachable from a static field (and it reports an error if so). This is a very simple and limited form of leak checking that does not understand the Android lifecycle at all. In particular, if one creates a persistent reference to an Activity and then nulls it out in `onDestroy` (a reasonably common pattern), this approach will wrongly report a bug.
Summary:
The symbolic execution was not stopping in case an unitialized dangling pointer was
passed to a function and then dereferenced inside the callee.
What would happen is that a wrong footprint would be added to the unititialized pointer
at the end of the function call in the caller proposition.
This checks that if we do:
frame * new_footprint
checks that we do not add heap predicates to the frame into uninitialized local variables.
If we can identify the variable then we raise a danglind pointer dereference. If instead
we cannot give a good explanation we give an internal error.
The latter case should be temporary. We should find a general way to raise dangling pointer
deref instead of the internal error.
I also fixed the model of getc that was the way I found the problem.
Josh Berdine
Cristiano Calcagno
Daiva Naudziuniene
Sam Blackshear
Dino Distefano
Dulma Rodriguez
Jules Villard