Summary:
Make analyzer find out when null dereference comes from std::vector method.
If it does, it means that it's really empty vector access (due to the
way infer models std::vector)
Reviewed By: sblackshear
Differential Revision: D3327933
fbshipit-source-id: b9e11d6
Summary:
Reimplement command line options in preparation for uniformly passing
options from the top-level infer driver that invokes a build command
through the build system to the descendant infer processes.
All command line options of all executables are collected into Config,
and declared using a new CommandLineOption module that supports
maintining backward compatibility with the current command line
interface. Very few values representing command line options are
mutable now, as they are set once during parsing but are constant
thereafter. All ordering dependencies are contained within the
implementation of Config, and the implementation of Config is careful to
avoid unintended interactions and ordering dependencies between options.
Reviewed By: jvillard
Differential Revision: D3273345
fbshipit-source-id: 8e8c6fa
Summary:Make node ids be `private int` to make sure we don't mix them with random
integers from other sources.
Reviewed By: sblackshear, cristianoc
Differential Revision: D3179670
fb-gh-sync-id: 4bcf4f0
fbshipit-source-id: 4bcf4f0
Summary:public
Refactor Utils.SymOp into a separate module, bringing the failure_kind
type and associated operations.
Reviewed By: cristianoc
Differential Revision: D3161640
fb-gh-sync-id: be3d7c9
fbshipit-source-id: be3d7c9
Summary:public
Eliminate the use of the -open Utils command line option passed to the compiler in favor of `open! Utils` in each source file. While slightly convenient, this option causes more headaches than it is worth with other tools e.g. merlin.
Reviewed By: jvillard
Differential Revision: D3168193
fb-gh-sync-id: 4285ef6
fbshipit-source-id: 4285ef6
Summary: public Taint errors are complex, and each type requires its own specialized recommendation.
Reviewed By: jeremydubreil
Differential Revision: D3025921
fb-gh-sync-id: 8d7b45b
shipit-source-id: 8d7b45b
Summary:public
I have seen enough comments in this space by people during code review to switch on the analyses the compiler can already do. This diff is an automated renaming of unused identifiers to _, with a few additional changes made when reading the diff of the results for things that stood out as particularly strange. This base-lines all of the existing warnings. I'm not sure this is a good idea, since it might be better for those familiar with each part of the code to look at these warnings and use them as pointers to suspicious code.
Reviewed By: jeremydubreil
Differential Revision: D2938376
fb-gh-sync-id: 6e67817
shipit-source-id: 6e67817
Summary:
public
Title - instead of just creating dot file in some location, include this information as part of bug description.
Reviewed By: ddino
Differential Revision: D2779941
fb-gh-sync-id: 6bfb02b
Summary: public Crashes during the analysis are classified as timeouts in the .specs file. In addition, when there is a timeout, it does not say *why* the timeout occurred (hard time, symops, or recursion). This diff adds this information to the .specs file and adds a "fail hard" mode where crashes and timeouts will actually stop the analysis in developer mode (but will still be hidden in the normal production mode).
Reviewed By: jeremydubreil
Differential Revision: D2725382
fb-gh-sync-id: b0b4e5e
Summary:
public
The resource leak warning messages can sometimes be confusing especially when several type of resources are involved in the code where the warning is reported. This diff adds the class name of the resource being leaked to the error message.
Reviewed By: sblackshear
Differential Revision: D2706538
fb-gh-sync-id: ccf364e
Summary: public so that we don't get thousands of memory leaks in debug mode.
We will still get them if we pass ml_bucket internal.
Reviewed By: jvillard
Differential Revision: D2648200
fb-gh-sync-id: 8dce66f
Summary: public
Extends the current activity leak checker to all sort of context leaks.
Reviewed By: sblackshear
Differential Revision: D2572548
fb-gh-sync-id: 9da18e4
Summary: public
modules are better for namespacing.
How I made this diff:
1. moved list_* functions from utils.ml{,i} to iList.ml{,i}
2. shell commands:
grep '^val ' infer/src/backend/iList.mli | cut -f 2 -d ' ' | tr '\n' ' '
# gives a list of former list_ functions that IList implements, fed into the loops below:
LISTNAMES=" compare equal append combine exists filter flatten flatten_options find fold_left fold_left2 for_all for_all2 hd iter iter2 length fold_right map mem nth partition rev rev_append rev_map sort split stable_sort tl drop_first drop_last rev_with_acc remove_duplicates remove_irrelevant_duplicates merge_sorted_nodup intersect mem_assoc assoc map2 to_string"
# replace " list_*" function calls with IList.* ones
for i in $LISTNAMES; do find . -name '*.ml' -exec sed -i -e "s/ list_$i\b/ IList.$i/g" \{\} \; ; done
# replace (list_* functions with (IList.* ones
for i in $LISTNAMES; do find . -name '*.ml' -exec sed -i -e "s/(list_$i\b/(IList.$i/g" \{\} \; ; done
# ditto with [
for i in $LISTNAMES; do find . -name '*.ml' -exec sed -i -e "s/\[list_$i\b/[IList.$i/g" \{\} \; ; done
3. Then fix up the rest by hand. In particular, stuff that called Utils.list_*
explicitely, and stuff that used the "Fail" exception that has moved to
IList. (may revisit this in the future)
Reviewed By: jeremydubreil, cristianoc
Differential Revision: D2550241
fb-gh-sync-id: cd64b10
Summary:
`get_resource_or_undef` attribute is weird and was causing problems for me in another diff.
This diff refactors the attribute categories to make resource and undef separate.
Summary:
There's a lot of overlap between the representation of a proc desc and a spec summary. This diff moves all the data in common to the single record proc_attributes defined in Sil.
This gives a unified way of accessing most of the data carried by a procedure, whether it is contained in a proc desc or a spec. Also, it ensures that there is a single flow of information from proc desc to spec in the back-end, making sure that the information represented stays consistent.
Summary:
The symbolic execution was not stopping in case an unitialized dangling pointer was
passed to a function and then dereferenced inside the callee.
What would happen is that a wrong footprint would be added to the unititialized pointer
at the end of the function call in the caller proposition.
This checks that if we do:
frame * new_footprint
checks that we do not add heap predicates to the frame into uninitialized local variables.
If we can identify the variable then we raise a danglind pointer dereference. If instead
we cannot give a good explanation we give an internal error.
The latter case should be temporary. We should find a general way to raise dangling pointer
deref instead of the internal error.
I also fixed the model of getc that was the way I found the problem.
Summary:
This commit is the result of
`find infer/src -name '*.ml' -or -name '*.mli' -exec ocp-indent -i \{\} \;`
and
`INFER_CHECK_COPYRIGHT=1 InferPrint`