Nikos Gorogiannis
269a1a9b93
[starvation] treat locks in (and accessed from) inner classes properly
...
Reviewed By: sblackshear
Differential Revision: D7427659
fbshipit-source-id: 9abf1ad
7 years ago
Daiva Naudziuniene
94aae8713e
[biabduction] Fix lookup of abduced expression
...
Summary: Currently when we look for already abduced expression and find an assertion [exp|->strexp:typexp], we use typexp rather than strexp.
Reviewed By: sblackshear
Differential Revision: D7617193
fbshipit-source-id: c089720
7 years ago
Ezgi Çiçek
76300d55c7
Tracks variables that affect control flow for a more precise cost analysis
...
Reviewed By: mbouaziz
Differential Revision: D7586777
fbshipit-source-id: 8752679
7 years ago
Ezgi Çiçek
af5265f75d
"Report infinity as error per function"
...
Reviewed By: mbouaziz
Differential Revision: D7600383
fbshipit-source-id: d6387ca
7 years ago
Jules Villard
dee7414aa9
[inferbo] do not include location information in the bug description
...
Summary:
This information is already available in the trace, and can contain absolute
paths to system includes (or infer's own clang runtime), which confuses the
diff analysis.
Reviewed By: mbouaziz
Differential Revision: D7534609
fbshipit-source-id: 5bd8f8b
7 years ago
Dulma Churchill
aa578ea586
[retain cycles] Treat missing fields also angelically when it still happens in rare cases
...
Reviewed By: mbouaziz
Differential Revision: D7550900
fbshipit-source-id: 11703ab
7 years ago
Jeremy Dubreil
2f1d486aab
[eradicate] model com.google.common.base.Strings.isNullOrEmpty(...)
...
Reviewed By: sblackshear
Differential Revision: D7526376
fbshipit-source-id: da60808
7 years ago
Dino Distefano
3b608695af
Improving treatment of default constructor
...
Reviewed By: sblackshear
Differential Revision: D7509019
fbshipit-source-id: 69d99a9
7 years ago
Dulma Churchill
74e16bdb58
[retain cycles] Define custom compare function that is more suited to dedup cycles
...
Reviewed By: mbouaziz
Differential Revision: D7517385
fbshipit-source-id: 00e0433
7 years ago
Mehdi Bouaziz
e9a3913fdb
[Inferbo] Do not propagate all safety conditions
...
Reviewed By: skcho
Differential Revision: D7289292
fbshipit-source-id: 999b14a
7 years ago
Sungkeun Cho
4234288c93
[inferbo] Add a pointer arithmetic test
...
Reviewed By: mbouaziz
Differential Revision: D7484490
fbshipit-source-id: 8d64016
7 years ago
Sungkeun Cho
e12a4a1071
[inferbo] Add traces in lift functions
...
Reviewed By: mbouaziz
Differential Revision: D7484003
fbshipit-source-id: 4411337
7 years ago
Sungkeun Cho
1f6feef448
[inferbo] Revise eval_locs for array blocks
...
Summary:
It renames `eval_locs` to `eval_arr` and we use it for getting array block values the given input expressions are pointing to. For example, when given a program variable `x` as an input, `eval_arr` returns array blocks that `x` is pointing to, on the other hand, `eval` returns an abstract location of `x`.
Depends on D7471891
Reviewed By: mbouaziz
Differential Revision: D7471915
fbshipit-source-id: b994944
7 years ago
Sam Blackshear
94c2cd1d3b
[ownership] tests for pointer arithmetic
...
Reviewed By: jeremydubreil
Differential Revision: D7495530
fbshipit-source-id: 0685772
7 years ago
Sam Blackshear
9180ff56c1
[ownership] handle new kinds of access expressions
...
Reviewed By: jeremydubreil
Differential Revision: D7482554
fbshipit-source-id: c511bda
7 years ago
Sungkeun Cho
a353d69a6e
[inferbo] Fix test code
...
Reviewed By: mbouaziz
Differential Revision: D7483906
fbshipit-source-id: 128ad17
7 years ago
Sungkeun Cho
4aafe8a990
[inferbo][bugfix] Revise gathering safety conditions in sub-exp
...
Reviewed By: mbouaziz
Differential Revision: D7471891
fbshipit-source-id: 2b592b1
7 years ago
Sungkeun Cho
b42d66d557
[inferbo][bugfix] Pointer arithmetics on pointers to non-array
...
Summary: In the pointer arithmetics, it returns top, if we cannot precisely follow the physical memory model, e.g., (&x + 1).
Reviewed By: mbouaziz
Differential Revision: D7453510
fbshipit-source-id: db8738e
7 years ago
Sungkeun Cho
00e1139071
[frontend] Parse binary operator using types of parameters
...
Summary: It parses "+" (and "-") to PlusA and PlusPI (and MinusA, MinusPI, MinusPP) using types of parameters.
Reviewed By: mbouaziz
Differential Revision: D7443048
fbshipit-source-id: bd560c7
7 years ago
Jeremy Dubreil
5dea7c55e2
[infer][java] report nullable inconsistencies on library calls
...
Summary:
Report nullable inconsistencies by relying on the bytecode, and not on the presence of analysis summary on disk.
This use the `--external-java-packages` to avoid reporting inconsistencies outside of the codebase.
Reviewed By: sblackshear
Differential Revision: D7481101
fbshipit-source-id: 281135d
7 years ago
Daiva Naudziuniene
681f2a56ab
[HIL] Explicit dereference
...
Reviewed By: sblackshear
Differential Revision: D7350669
fbshipit-source-id: c316188
7 years ago
Dulma Churchill
436e5340f3
[retain cycles] Move the retain cycle check to sym_exec_wrapper to get the path of the last instruction executed
...
Reviewed By: mbouaziz
Differential Revision: D7443580
fbshipit-source-id: 4512675
7 years ago
Nikos Gorogiannis
462c2e2b2e
[starvation] fix handling of static synchronized methods and static locks
...
Reviewed By: sblackshear
Differential Revision: D7427365
fbshipit-source-id: f23795f
7 years ago
Nikos Gorogiannis
b11dd03fb9
[starvation] ignore local/temp variables as locks
...
Reviewed By: sblackshear
Differential Revision: D7420069
fbshipit-source-id: caea591
7 years ago
Sungkeun Cho
d15894c78a
[inferbo] Add tests for relational analysis
...
Reviewed By: mbouaziz
Differential Revision: D7427283
fbshipit-source-id: a08bf63
7 years ago
Sam Blackshear
33fe8879a5
[quandary] report flows originating from `UserControlledEndpoint` as `_RISK`
...
Reviewed By: fahndrich
Differential Revision: D7420925
fbshipit-source-id: 5f40cb2
7 years ago
Sam Blackshear
f621dda0be
[infer][clang] models off-by-default
...
Reviewed By: jeremydubreil
Differential Revision: D7350715
fbshipit-source-id: e1d28ef
7 years ago
Dulma Churchill
927e2049c3
[backend] Add getter/setter execution to the trace
...
Reviewed By: mbouaziz, jvillard
Differential Revision: D7428857
fbshipit-source-id: 93018b0
7 years ago
Ezgi Çiçek
872daf1ba7
Add estimated cost to trace element
...
Reviewed By: mbouaziz
Differential Revision: D7414240
fbshipit-source-id: b30e4d1
7 years ago
Nikos Gorogiannis
b335fb9c50
[deadlock] rebrand to starvation
...
Reviewed By: sblackshear
Differential Revision: D7415034
fbshipit-source-id: a9789eb
7 years ago
Sam Blackshear
44e5d0564b
[ownership] fix false positives on aggregate locals in loops
...
Summary:
If an aggregate `a` has a field `f` whose type has a constructor (e.g., `std::string`), we translate creating a local aggregate `A { "hi" }` as `string(&(a.f), "hi")`.
This diff makes sure that we recognize this as initializing `a`.
Reviewed By: jeremydubreil
Differential Revision: D7404624
fbshipit-source-id: 0ba90a7
7 years ago
Jeremy Dubreil
2e14f9c9c3
[infer] model android.app.AlarmManager.cancel(PendingIntent) as not accepting a null parameter
...
Reviewed By: sblackshear
Differential Revision: D7378602
fbshipit-source-id: 94281a2
7 years ago
Jeremy Dubreil
8cfbdef7e0
[infer][biabduction] no longer track the resources saved into a container
...
Reviewed By: sblackshear
Differential Revision: D7387371
fbshipit-source-id: 81f34cc
7 years ago
Sam Blackshear
aabf8aec55
[quandary] use `_risk` warning types for endpoint sources in Java
...
Summary: Matching what we do on the C++ side.
Reviewed By: jeremydubreil
Differential Revision: D7374902
fbshipit-source-id: 7b25e6d
7 years ago
Dino Distefano
e54df20eb7
Migrate to Itv.Bound
...
Reviewed By: mbouaziz
Differential Revision: D7351195
fbshipit-source-id: 7f4f57b
7 years ago
Sam Blackshear
7efb5cb549
[ownership] allow placement new on non-var expressions
...
Reviewed By: jeremydubreil
Differential Revision: D7368872
fbshipit-source-id: 43b1ad8
7 years ago
Sam Blackshear
57a8c2f594
[quandary] don't taint dummy Thrift `_return` formals
...
Summary: In C++, Thrift implements return values using these. They shouldn't be tainted.
Reviewed By: mbouaziz
Differential Revision: D7362176
fbshipit-source-id: af8e515
7 years ago
Sam Blackshear
6b3282f619
[ownership] First parameter to constructor is read, not written
...
Reviewed By: jeremydubreil
Differential Revision: D7359197
fbshipit-source-id: 239b44d
7 years ago
Dulma Churchill
862bbdb5fc
[retain cycles] Take weak pointers into account to avoid false positives
...
Reviewed By: mbouaziz
Differential Revision: D7323649
fbshipit-source-id: e05a066
7 years ago
Sam Blackshear
f8dfc2305e
[ownership] simple 2-step traces
...
Summary:
Show where the invalidation occurred in the trace.
Should make things easier to understand.
Reviewed By: jeremydubreil
Differential Revision: D7312182
fbshipit-source-id: 44ba9cc
7 years ago
Sam Blackshear
ec73adc66d
[ownership] support placement new
...
Reviewed By: jeremydubreil
Differential Revision: D7269381
fbshipit-source-id: 7867958
7 years ago
Jeremy Dubreil
245e49e2da
[infer] Eradicate should understand any form of checkNotNull
...
Reviewed By: mbouaziz
Differential Revision: D7286232
fbshipit-source-id: 8046d90
7 years ago
Jeremy Dubreil
e801617488
[infer][java] Eradicate should not report a Return Not Nullable when a method returns the integer 0
...
Summary: This was causing false positives when returning the constant integer 0.
Reviewed By: sblackshear
Differential Revision: D7330143
fbshipit-source-id: 45d19dd
7 years ago
Dulma Churchill
d04a7aed52
[clang] Removed the mangling part of Clang global variables in the error messages
...
Reviewed By: mbouaziz
Differential Revision: D7292524
fbshipit-source-id: 1127751
7 years ago
Sam Blackshear
6d46b0c7be
[cleanup] stop printing `&`'s on `Var.t`'s
...
Reviewed By: jeremydubreil
Differential Revision: D7299568
fbshipit-source-id: ec7b18f
7 years ago
Sungkeun Cho
bd040cf696
[inferbo] Add an issue type for alarms by unknown function call
...
Summary: It adds an issue type, `BUFFER_OVERRUN_U5`, for alarms involving unknown values, i.e., when the trace set includes an unknown function call.
Reviewed By: mbouaziz
Differential Revision: D7178841
fbshipit-source-id: bfe857b
7 years ago
Sam Blackshear
b57aa90d7d
[quandary] don't crash if JSON source/sink is invalid procedure name
...
Summary:
At the moment, Java and Clang sources/sinks live in the same inferconfig entry.
If we try to parse a Java procedure that happens to be an invalid Clang qualified name (e.g., `MyClass.<init>`),
parsing will crash.
As a temporary fix, throw an exception and catch it instead.
In the future, we can avoid this by requiring that JSON source/sink specifications to indicate the language.
Reviewed By: mbouaziz
Differential Revision: D7291880
fbshipit-source-id: f8f4502
7 years ago
Sam Blackshear
4952f1ea3b
[quandary] tests documenting limitations of sanitizers
...
Reviewed By: mbouaziz
Differential Revision: D7257570
fbshipit-source-id: 5f97e31
7 years ago
Nikos Gorogiannis
484480f72f
[deadlock] regression tests
...
Reviewed By: sblackshear
Differential Revision: D7238932
fbshipit-source-id: 923e18e
7 years ago
Sam Blackshear
12ad6c11c1
[ownership] return bottom on early exit or thrown exception
...
Reviewed By: jeremydubreil
Differential Revision: D7230168
fbshipit-source-id: 84f97a5
7 years ago