Summary: This workflow still uses the parse transform hook to detect which files are compiled. The parse transform now adds an entry to a list of compiled BEAMs that will be traversed after compilation by the new `extract.escript` to produce the JSON ASTs in the provided outdir.
Differential Revision: D29103633
fbshipit-source-id: 12b8720f4
Summary: There was a typo (probably copy paste) in an error message for unknown unary operators in the Erlang frontend.
Differential Revision: D29062028
fbshipit-source-id: b79e783ba
Summary:
The formatting of sugared list syntax regressed with
https://github.com/ocaml-ppx/ocamlformat/pull/1567.
Reviewed By: ngorogiannis
Differential Revision: D28907812
fbshipit-source-id: 16ad68218
Summary: The llvm code to avoid formatting is now under `vendor` not `llvm`.
Reviewed By: da319
Differential Revision: D28907808
fbshipit-source-id: ae9444f49
Summary:
Implement validator for Erlang AST to check various invariants and well-formedness constraints (based on https://erlang.org/doc/apps/erts/absform.html), including:
- Restrictions on expressions used as patterns
- Restrictions on expressions used as guards
- Case and catch clauses have 1 pattern
- If clause has no patterns
See comments for some limitations:
- Some constraints would require type information (e.g., unary/binary operators in patterns/guards), we are not enforcing these yet.
- Map patterns can only have `:=` association, except in some special functions that get translated during compilation. However, we get the AST before these transformation so we are not enforcing this rule yet.
Reviewed By: rgrig
Differential Revision: D28832961
fbshipit-source-id: 7df4425e4
Summary:
{F623534971}
instead, we want the procedure name/type to be stylized as code
Reviewed By: skcho
Differential Revision: D29027480
fbshipit-source-id: 35f8e0c4a
Summary:
Patterns like X, [], [H | T], [X, Y | T] should now be translated.
Also, environment now stores Location.t rather than SourceFile.t: this
simplifies tracking locations during translation.
Reviewed By: skcho
Differential Revision: D28873581
fbshipit-source-id: 09171f9bf
Summary: The `Utils` module has another version of try-finally than can swallow exceptions from the restart scheduler. This diff fixes that, but has to also fix the dependency cycle introduced between `SymOp` and `Utils`. This is done by extracting the exception handling from `SymOp` into a new base module `Exception`.
Reviewed By: jvillard
Differential Revision: D28930082
fbshipit-source-id: 7894d8c89
Summary:
We were defaulting to treating some values as strings regardless of
their intended types. In particular, for options that take no arguments
this was making it impossible to specify them in .inferconfig. Now they
take "null" as argument.
Reviewed By: ezgicicek
Differential Revision: D28959484
fbshipit-source-id: 46327f3d3
Summary:
Bumps [ws](https://github.com/websockets/ws) from 6.2.1 to 6.2.2.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a href="https://github.com/websockets/ws/commits">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/facebook/infer/network/alerts).
</details>
Pull Request resolved: https://github.com/facebook/infer/pull/1451
Reviewed By: skcho
Differential Revision: D28929739
Pulled By: jvillard
fbshipit-source-id: b0bcd031c
Summary: Adapted the AST to reflect the official [documentation](https://erlang.org/doc/apps/erts/absform.html): a clause can have a *guard sequence*, which is a list of *guards*. Each *guard* is a list of *guard tests*. A *guard test* is a (restricted) expression. Therefore, in the AST we now have `guard_test = expression`, and a clause has `guard_test list list`. Furthermore, the JSON translator simply applies `to_expression` to the 2D list, instead of flattening one level with `andalso`. Using `andalso` to flatten was wrong because it handles exceptions differently, see [note](https://learnyousomeerlang.com/syntax-in-functions#guards-guards).
Reviewed By: rgrig
Differential Revision: D28936558
fbshipit-source-id: 510930998
Summary:
- Break down large and deeply nested report function for readability
- Move callees closer to callers
Reviewed By: skcho
Differential Revision: D28873391
fbshipit-source-id: fc3f22708
Summary:
Add a mode which executes randomly-chosen paths depth-first, without
duplicating the work of executing shared prefixes. This mode is to be
used when hoping to get lucky and quickly choose a path that exhibits
a bug, but is slower to achieve coverage than the default.
Differential Revision: D27996963
fbshipit-source-id: 20a7a32c5
Summary:
Make the biabduction machinery for detecting (biabduction) exceptions that can be swallowed recognise the one thrown by the restart scheduler.
The dependency hierarchy requires declaring that exception in `base`.
Reviewed By: jvillard
Differential Revision: D28773898
fbshipit-source-id: 2136346da
Summary:
Translates case_clause, ignoring guards for now.
Also, refactored a bit `translate_one_function`, because trying cases
one by one in sequence is similar to trying argument patterns one by
one in sequence.
Also, changed the strategy for storing the value of an (Erlang)
expression: instead of letting the translation function decide where to
put the result and return their choice (in a `block`), the choice is
done at a higher level and passed down in the environment. (This means,
for example, theres no need to copy the result of each case_clause to
the special `return` variable of the function.)
Reviewed By: skcho
Differential Revision: D28834672
fbshipit-source-id: d5d33be5f
Summary: Die loudly if DB to merge is not accessible, before even getting to the Sqlite statement.
Reviewed By: skcho
Differential Revision: D28872539
fbshipit-source-id: af38edd9a
Summary:
`Initializer` is used (mostly by Nullsafe) to signal that a method will only be run from/as a constructor, even if public.
RacerD should recognise this annotation; this diff makes RacerD treat methods annotated as `Initializer` like constructors with regards to the ownership of the receiver object.
Reviewed By: skcho
Differential Revision: D28748068
fbshipit-source-id: 5dd060865
Summary: The number of times summaries get overwritten is useful as a measure of wasted work. Use a hashtable to remember how many times each procedure is overwritten. Use integers as the keys to avoid wasting memory, with the keys set to the string hashes of the procedure UID.
Reviewed By: ezgicicek
Differential Revision: D28794862
fbshipit-source-id: b2737ab23
Summary: Sometimes the type definition is missing, especially in not-well supported build systems. When missing, default to true if on Java since you'd have to explicitly select a non-recursive one on purpose, and vice versa for clang.
Reviewed By: jvillard
Differential Revision: D28745172
fbshipit-source-id: 8b0e26e1a
Summary:
This seems like a bug in opam, probably started after we moved the opam
files to opam/ in D27326495 (673c944fc3). I reported the strange behaviour in
https://github.com/ocaml/opam/issues/4313#issuecomment-853179145.
Reviewed By: rgrig
Differential Revision: D28837624
fbshipit-source-id: f91a58dbc
Summary:
This handles function definitions. (Expressions, aka function bodies,
are not translated.)
Reviewed By: skcho
Differential Revision: D28606721
fbshipit-source-id: 0fd5dc57e
Summary:
Some funky C++ way of calling the parent's constructor triggers a
function in the frontend that used to reverse the order of parameters.
Reviewed By: skcho
Differential Revision: D28832500
fbshipit-source-id: 1032de2ca
Summary:
Unknown functions may create false positives as well as false negatives
for Pulse. Let's consider that unknown functions behave "functionally",
or at least that a functional behaviour is a possible behaviour for
them: when called with the same parameter values, they should return the
same value.
This is implemented purely in the arithmetic domain by recording
`v_return = f_unknown(v1, v2, ..., vN)` for each call to unknown
functions `f_unknown` with values `v1`, `v2`, ..., `vN` (and return
`v_return`). The hope is that this will create more false negatives than
false positives, as several FPs have been observed on real code that
would be suppressed with this heuristic.
The other effect this has on reports is to record hypotheses made on the
return values of unknown functions into the "pruned" part of formulas,
which inhibits reporting on paths whose feasibility depends on the
return value of unknown functions (by making these issues latent
instead). This should allow us to control the amount of FPs until we
model more functions.
Reviewed By: skcho
Differential Revision: D27798275
fbshipit-source-id: d31cfb8b6
Summary: Auditing exception handling so as to remove catch-all clauses that could potentially swallow exceptions from the restart scheduler.
Reviewed By: jvillard
Differential Revision: D28772739
fbshipit-source-id: 99a8d516d
Summary:
Bumps [dns-packet](https://github.com/mafintosh/dns-packet) from 1.3.1 to 1.3.4.
<details>
<summary>Commits</summary>
<ul>
<li><a href="ebdf849da5"><code>ebdf849</code></a> 1.3.4</li>
<li><a href="ac578722f2"><code>ac57872</code></a> move all allocUnsafes to allocs for easier maintenance</li>
<li><a href="c64c9507e5"><code>c64c950</code></a> 1.3.3</li>
<li><a href="0598ba19d1"><code>0598ba1</code></a> fix .. in encodingLength</li>
<li><a href="010aedb33c"><code>010aedb</code></a> 1.3.2</li>
<li><a href="0d0d593f8d"><code>0d0d593</code></a> backport encodingLength fix to v1</li>
<li>See full diff in <a href="https://github.com/mafintosh/dns-packet/compare/v1.3.1...v1.3.4">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/facebook/infer/network/alerts).
</details>
Pull Request resolved: https://github.com/facebook/infer/pull/1449
Reviewed By: ngorogiannis
Differential Revision: D28795053
Pulled By: jvillard
fbshipit-source-id: 5a0f6cf79
Summary:
This complements a bug fix for InferSharp in which we weren't handling type-checking correctly.
Pull Request resolved: https://github.com/facebook/infer/pull/1447
Reviewed By: ngorogiannis
Differential Revision: D28772069
Pulled By: jvillard
fbshipit-source-id: be0210836
Summary:
Hi.
Thanks for the great tool!
This is just a simple correction for string literals in the `Util` module.
Pull Request resolved: https://github.com/facebook/infer/pull/1448
Reviewed By: ngorogiannis
Differential Revision: D28772080
Pulled By: jvillard
fbshipit-source-id: 36e2145c9
Summary:
This seems needed in some cases, might as well provide the option since
Infer is supposed to work with or without it.
Reviewed By: ngorogiannis
Differential Revision: D28712272
fbshipit-source-id: 35c0708f2
Summary: This diff prints cost and config impact checkers' json reports only for the changed files.
Reviewed By: ezgicicek
Differential Revision: D28707192
fbshipit-source-id: d949771f2
Summary:
Freenode.net has changed ownership and many communities are moving to
Libera.chat as a result.
Reviewed By: ngorogiannis
Differential Revision: D28708298
fbshipit-source-id: 4395adc55
Summary: Litho (https://fblitho.com/) does some operations in the background. Add RacerD messaging specific to Litho.
Reviewed By: ezgicicek
Differential Revision: D28675504
fbshipit-source-id: e76f9f538
Summary: Same as MustBeValid: we want to report the first error on the path.
Reviewed By: skcho
Differential Revision: D28674724
fbshipit-source-id: a2ac04b5b
Summary:
Add a new `PathContext.t` component to the abstract state. For now it
tracks only the current "timestamp" of symbolic execution inside the
procedure, i.e. which step of symbolic execution we are in (bumped by 1
each time we've executed one instruction). In the future this will also
hold, eg, which conditionals we've been through on the path (for
reporting traces with that information).
Most of the diff is about propagating the path context through many of
the APIs.
We use timestamps only in `MustBeValid` attributes to report the first
incorrect access in a function call for now.
Reviewed By: skcho
Differential Revision: D28674726
fbshipit-source-id: 2cd825e73
Summary:
It's better to remember the first reason why an address must be valid,
etc.
Reviewed By: skcho
Differential Revision: D28674729
fbshipit-source-id: 3b69de7ef
Summary:
Spoiler alert: we don't. The next diffs fix that.
When there are several invalid accesses to report at a function call
instruction, we want to report the first one to occur within the
function. This is to avoid confusing reports where pulse reports, eg, a
null dereference for a pointer at a point where it's already been
dereferenced before in the same function.
Reviewed By: skcho
Differential Revision: D28674730
fbshipit-source-id: acb029e4b
Summary:
That was just broken before, but apparently nothing cared. It's needed
for the next diffs.
Reviewed By: skcho
Differential Revision: D28674731
fbshipit-source-id: 2f080238b
Matteo Marescotti
Loc Le
Nikos Gorogiannis
Akos Hajdu
Josh Berdine
Daiva Naudziuniene
Ezgi Çiçek
Radu Grigore
Jules Villard
dependabot[bot]
Sungkeun Cho
Xiaoyu Liu
Matthew Jin
Sangwoo Joh