Summary:public
Is seems that automatically inheriting annotations like `PerformanceCritical` or `NoAllocation` is the right thing to do in general. Otherwise, we need to enforce sub-typing rules which in the best case just adds a little bit of documentation, but could miss important issues when the code is not fully annotated. I am simplifying this part to avoid adding boilerplate code for the `NoAllocation` case.
Reviewed By: sblackshear
Differential Revision: D2938627
fb-gh-sync-id: ddb668b
shipit-source-id: ddb668b
Summary:public
Type-based resolution of fields, constructors, etc. can be ambiguous if
types are not principal. Compile with -principal and enable warnings 18
and 19 to check these cases.
Reviewed By: jvillard
Differential Revision: D2938237
fb-gh-sync-id: bb4237b
shipit-source-id: bb4237b
Summary:
public
Avoid problems of overwriting good type information with incomplete information
when type declaration happens after its complete definition.
The solution is that we will only time we *update* type information is
when struct declaration has definition as well (which should happen once)
Reviewed By: cristianoc, sblackshear
Differential Revision: D2921811
fb-gh-sync-id: 16baba3
shipit-source-id: 16baba3
Summary:
public
The inductive list predicate was not firing during abstraction because of a type mismatch between C and Java. In Java, the second parameter of the `Sil.Sizeof` constructor is always `Sil.Subtype.exact` in C but is `Sil.Subtype.subtypes` in Java. This diff fixes the confution by comparing the `Sil` types only instead of the type expressions.
Reviewed By: jberdine
Differential Revision: D2912493
fb-gh-sync-id: 3f712a8
shipit-source-id: 3f712a8
Summary:
public
Java synthetic methods used to be inlined when a procedure was being analyzed.
This was done almost everywhere. A missing case was when a cfg is loaded during an existing analysis because on-demand needs access to a procedure.
Intead of trying to maintain an invariant in all access paths, we now inline them systematically before saving the cfg to disk.
A secondary consequence of this is that in debug mode the cfg dotty file will show the inlined cfg, so there's no difference between that view and what happens during analysis.
Reviewed By: jeremydubreil
Differential Revision: D2903366
fb-gh-sync-id: 252604c
Summary:
public
This expression is used to value-initialize non-class types. Per definition of value initialization for non-class types:
1. If it's an array, value-initialize each of its elements
2. Otherwise, zero-initialize it
http://en.cppreference.com/w/cpp/language/value_initialization
I was unable to reproduce (1) in a way that produced CXXScalarValueInitExpr and so this diff
deals with case (2)
Reviewed By: jvillard
Differential Revision: D2901311
fb-gh-sync-id: beeafa2
Summary:
public Add typ information to trans_state.var_exp and use it
in constructor translation.
This information is necessary to call constructor of class Base on object with
different type (which is derived from Base)
Reviewed By: jberdine
Differential Revision: D2890850
fb-gh-sync-id: 8075db1
Summary:
public
Add type of return parameter to the context. It allows for better translation
of returnStmt and will be necessary for easy implementation of constructor init lists
Reviewed By: cristianoc
Differential Revision: D2890838
fb-gh-sync-id: e791c3d
Summary:
public
The "dotty" field in json reports is only used when reporting retain cycles. It
makes sense not to emit it by default (when it's `None`).
Reviewed By: akotulski
Differential Revision: D2891320
fb-gh-sync-id: 54292a9
Summary:
public
- add to json reports the location in the ocaml code of assertions raised
during the analysis
- only add when in debug mode. For this, add a flag to `InferPrint` that is
passed by the toplevel `infer` whenever `infer -g` is used.
Reviewed By: jeremydubreil
Differential Revision: D2891286
fb-gh-sync-id: ad4577c
Summary:
public
xvalues is concept introduced in C++11. While they are not same as lvalues, they have one common trait:
They have identity which means that:
> it's possible to determine whether the expression refers to the same entity as another expression, such as by comparing addresses of the objects or the functions they identify (obtained directly or indirectly);
It means that as far as backend is concerned, they should be treated in same way. Right now there is no concept of "move" in the backend and so we don't have
to differentiate between them.
Reference:
http://en.cppreference.com/w/cpp/language/value_category
Reviewed By: cristianoc
Differential Revision: D2895593
fb-gh-sync-id: 5101e28
Summary:
public
C++ allows for parameters with empty names (unused/default copy constructors). Make backend happy by assigning a non-empty
name to these variables
Reviewed By: jvillard
Differential Revision: D2895550
fb-gh-sync-id: b466397
Summary:
public
It turns out that C-like structs in C++ may have methods generated by clang (constructors for example).
If struct has a method, it needs to have Sil.Class type - make all CXXRecordDecls Sil.Class types by default.
Reviewed By: cristianoc
Differential Revision: D2895567
fb-gh-sync-id: 8eb18c3
Summary:
public
Backend needs to know whether parameter has Derived* type - otherwise subtyping in backend doesn't work. Skipping `DerivedToBase` does that
Reviewed By: dulmarod
Differential Revision: D2890673
fb-gh-sync-id: a79abbc
Summary:
public
Simplify our frontend by using information from clang.
It will also make default argument resolution more robust
with templates
Reviewed By: jvillard
Differential Revision: D2890451
fb-gh-sync-id: 9db4beb
Summary:
public
The Worklist module currently encapsulates a global data structure. Likewise for the global variables for the join state and pathset todo and visited.
This diff refactors the Worklist module into an API where instances of the record can be created and passed around. All the global state is included in the record.
The Worklist data structure never escapes the Interproc module.
Reviewed By: sblackshear
Differential Revision: D2887674
fb-gh-sync-id: 65cb234
Summary:
It has a similar lifecycle to activities and fragments, it would be nice to support `onCreate` as an initializer by default.
Closes https://github.com/facebook/infer/pull/258
Reviewed By: jeremydubreil
Differential Revision: D2887325
Pulled By: cristianoc
fb-gh-sync-id: ed31df5
Summary:
public
These casts are responsible for 100 crashes in the frontend on rocksdb.
Reviewed By: dulmarod
Differential Revision: D2879532
fb-gh-sync-id: c4594fb
Summary:
public
1. Add support for temporary C++ objects.
2. Make constructor calls return constructed objects - it allows us pass them as parameters to another constructs (such as parameters, member expressions etc.)
3. Translate FunctionalCastExpr which sometimes is used instead of CXXTemporaryObjectExpr
Reviewed By: dulmarod
Differential Revision: D2874916
fb-gh-sync-id: d9ac2cc
Summary:
public
1. Change exps result of translating call expressions
2. Modify field/method_deref_trans to make them work with rvalues returned by function
3. Add E2E test
Reviewed By: jberdine
Differential Revision: D2874822
fb-gh-sync-id: 42c617d
Summary:
public
This is main reason for not translating rocksdb code right now. Deal with it.
Reviewed By: dulmarod
Differential Revision: D2874446
fb-gh-sync-id: 6f6cf3a
Summary:
public
1. Make function body one stmt instead of list
2. Revert list of statements in exec_trans_instrs
3. Simplify some code related to handling custom instructions
Reviewed By: jvillard
Differential Revision: D2865275
fb-gh-sync-id: b07ed06
Summary:
public
1. When function uses return parameter instead of returning directly, populate that parameter.
2. Turn on new feature for C/C++ functions/methods that return structured types
Reviewed By: jberdine
Differential Revision: D2865091
fb-gh-sync-id: e15e6eb
Summary:
public
This information will be useful when returning values
Reviewed By: jberdine, jvillard
Differential Revision: D2864864
fb-gh-sync-id: 36da0bb
Summary:
public
When method has return parameter, that parameter has to be added when method is called. This adds support for that feature.
Reviewed By: jberdine
Differential Revision: D2864857
fb-gh-sync-id: f7f4094
Summary:
public
Introduce additional parameter for functions returning struct types - instead of returning it, populate output parameter.
This diff just changes method signature, there are more coming
Reviewed By: jberdine
Differential Revision: D2864842
fb-gh-sync-id: 52fc12c
Summary:
public
Remove the need to create a record with two elements to create a procedure description
Reviewed By: cristianoc
Differential Revision: D2872744
fb-gh-sync-id: d26bbdc
Summary:
public
Remove some of the explicit pattern matches in favor of using trans_state.var_exp for
init lists and compound literals
Reviewed By: jvillard
Differential Revision: D2855203
fb-gh-sync-id: ce929f6
Summary:
public
Add optional field to trans_state that denotes variable that is being initialized.
This information will be used by certain constructs (such as c++ constructors or
list initialization).
Passing it in trans_state will enable us to deal with more complicated AST structures where
there might be multiple nodes between variable declaration and its initialization.
Reviewed By: jvillard
Differential Revision: D2854988
fb-gh-sync-id: c100380
Summary:
public
This diff fixes a race condition where errors found in a procedure by one checker could be overwritten by running on demand the analysis of the same procedure with another checker.
Reviewed By: cristianoc
Differential Revision: D2847308
fb-gh-sync-id: 4f0c78e
Summary: public use Sil.exp to pass variable to initialize instead of res_trans containing this Sil.exp.
Reviewed By: jvillard
Differential Revision: D2854981
fb-gh-sync-id: 0cb37f3
Summary:
public This assert false causes the whole analysis to crash.
It is currently happening intermittently which makes it hard to debug.
Other inconsistencies don't cause the whole analysis to crash normally,
so this one seems to be too strict.
Reviewed By: cristianoc
Differential Revision: D2849864
fb-gh-sync-id: de6dce0
Summary:
public
otherwise Infer cannot know the type of the temporary variable
Reviewed By: dulmarod
Differential Revision: D2845054
fb-gh-sync-id: cf5fb8d
Summary:
public
Use Infer traces to follow the chain of calls from methods annotated PerformanceCritical to the methods annotated as Expensive.
This contains direct jumps from method definition to method definition. So the traces are of the form:
method definition of m1 -> definition of m2 -> definition of m3 -> ... -> definition of mN annotated as Expensive
In the next diff, I will make the checker create traces of the form:
definition of m1 -> call to m2 -> definition of m2 -> call to m3 -> ... -> call to mN -> definition of mN annotated as Expensive
and then simplify the error message whenever the chain of call is longer than, say, 5 calls.
Reviewed By: jberdine
Differential Revision: D2818398
fb-gh-sync-id: c566a44
Summary: public We are not assigning the location of the property rather than that of the class. It seems that it's no problem having the bugs reported in the .h files.
Reviewed By: ddino
Differential Revision: D2831226
fb-gh-sync-id: 026692e
Summary: public We are not assigning the location of the property rather than that of the class. It seems that it's no problem having the bugs reported in the .h files.
Reviewed By: ddino
Differential Revision: D2828005
fb-gh-sync-id: cf26549
Summary:
public
Reuse logic in cFrontend.ml to deal with nested structs. This allows to have less duplicated logic which will result
in less bugs.
As a bonus, it fixes the problem of nested template class (which wasn't be handled right).
And one random fix in c_type -> sil_type conversion (I'm amazed it worked before)
Reviewed By: dulmarod
Differential Revision: D2773687
fb-gh-sync-id: e312599
Summary:
public
Get newest version of facebook-clang-plugin that replaces pointers from strings to ints.
Fix all compilation issues infer has
Reviewed By: jvillard
Differential Revision: D2815144
fb-gh-sync-id: e93d4b3
Summary:
public
CLocation.init_curr_source_file is now a no-op, so remove it.
Reviewed By: jvillard
Differential Revision: D2815238
fb-gh-sync-id: 00c8a08
Summary:
public
CLocation.current_source_file is always equal to DB.current_source, so
remove it.
Reviewed By: jvillard
Differential Revision: D2815236
fb-gh-sync-id: 9390d2b
Summary:
public
It seems that CLocation.current_source_file is always equal to
DB.current_source. This diff adds assertions to check this, as a
precondition for forthcoming diffs that simplify CLocation code.
Reviewed By: jvillard
Differential Revision: D2815231
fb-gh-sync-id: 88d1f32
Summary:
public
Fist resolve the method name based on the dynamic types found during the symbolic execution, then run the analysis on-demand with the resolved method name.
Reviewed By: cristianoc
Differential Revision: D2815744
fb-gh-sync-id: c55accd
Summary:
public
Add destructor calls on delete expression.
While not the most important, it is the simplest case of adding destructor calls.
This will help us in the future with more complex cases.
Reviewed By: ddino
Differential Revision: D2773483
fb-gh-sync-id: 4df9c73
Summary:
public
In the case of Java, the name of the method is enough to lookup the summary of the callees and run the symbolic execution. This revision separates the case of method call in Java and in C, C++ and Objective C. Most of the code for executing method calls was Clang specific and this is an intermediate step to be able to run the capture and analysis on demand.
Reviewed By: sblackshear
Differential Revision: D2809171
fb-gh-sync-id: da62dce
Summary:
public
Title - instead of just creating dot file in some location, include this information as part of bug description.
Reviewed By: ddino
Differential Revision: D2779941
fb-gh-sync-id: 6bfb02b
Summary:
public
Add extra field that will be used to store extra bug description
in dotty format. This will allow to create better bug reports for
bugs that require images to understand what is going on (such as
retain cycles or activity leaks)
Reviewed By: jeremydubreil
Differential Revision: D2779935
fb-gh-sync-id: d2ecc0d
Summary:
public
When reading from static fields, the translation was overwriting the list of class members with the list of static ones. The backend was only looking up fields from the list of non static fields.
Reviewed By: sblackshear
Differential Revision: D2801759
fb-gh-sync-id: fe8ed80
Summary:
public
While playing with the type environment for Java, I realised that the types in models.jar where not re-generated when modifying Infer. As a consequence, some changes in Infer where surprisingly having no effect. This diff forces the type environment to be absent when analyzing the models.
Reviewed By: sblackshear
Differential Revision: D2802517
fb-gh-sync-id: 1c2673a
Summary:
public
4feb93e91c disabled join of tuple values, but also of any two values of the same
type. However, we do know how to join integer values, so re-enable those.
Reviewed By: cristianoc
Differential Revision: D2803286
fb-gh-sync-id: 5bcc725
Summary:
public
Using Typename.t in the list of superclasses to match the type for the key of the type environment. This avoids to make back and forth convertions from typename to type (csu, mangled name).
Depends on D2786574
Reviewed By: jberdine
Differential Revision: D2792116
fb-gh-sync-id: 6100f1a
Summary:
public
This diff cleans up the detection of assertion failures in C, C++ and Objective C which was previously hacked on top of the tracing mode for Java. The code is also generalized to detect any custom errors which can be defined using the `__infer_fail` builtin, and the case of assertion failure is now just the specific case of translating `assert` using `__infer_fail` directly in the clang frontend.
Reviewed By: jberdine
Differential Revision: D2786574
fb-gh-sync-id: dd1e1cf
Summary:
public
It seems that restricting printing to stdout and stderr to developer
mode has broken InferPrint. So unconditionally turn developer mode on
in InferPrint.
Reviewed By: sblackshear
Differential Revision: D2786897
fb-gh-sync-id: 44b5772
Summary:
public
Some functions were never used, and some other were always used with the same parameters
Reviewed By: sblackshear
Differential Revision: D2786118
fb-gh-sync-id: 666fba2
Summary:
public
The function Sil.get_typ was actually always call with the optional parameter being `Csu.Class`
Reviewed By: sblackshear
Differential Revision: D2786055
fb-gh-sync-id: 4337258
Summary:
public
The paramtere where defined as simple strings in the procedure description. This diff force the use of the Mangled module to avoid possible conflict when converting variable back and forth from string to pvar. The code is now more consistent as the local variable were already named using mangled names.
Reviewed By: jberdine
Differential Revision: D2782863
fb-gh-sync-id: 1867574
Summary:
public
Move the naming of types to it own module, so that it can be used by modules `Sil` depends from like `Procname`
Reviewed By: jberdine
Differential Revision: D2773148
fb-gh-sync-id: a89f595
Summary:
public
Move the representation of data-structure into it own module, so that it can be used by modules `Sil` depends from like `Procname`.
Reviewed By: jberdine
Differential Revision: D2772791
fb-gh-sync-id: cda4e3a
Summary:
public
Make Ast_utils.get_decl_from_typ_ptr function more forgiving.
It will return None instead of crashing when there is no decl for a given type.
This is done in prepratation to try to get destructor function of any type without crashing.
Reviewed By: dulmarod
Differential Revision: D2769302
fb-gh-sync-id: 7a9fcfe
Summary:
public
Factor resolving default parameters from common method/constructor translation function.
This is done in preparation to use same function for generating destructor calls.
Reviewed By: dulmarod
Differential Revision: D2769291
fb-gh-sync-id: 9c35cf8
Summary:
public
Treat destructors in the same way we treat methods/constructors.
It doesn't deal with inheritance/composition - we'll need to add calls to these
destructors later
Reviewed By: dulmarod
Differential Revision: D2769142
fb-gh-sync-id: b1c77e1
Summary: public Crashes during the analysis are classified as timeouts in the .specs file. In addition, when there is a timeout, it does not say *why* the timeout occurred (hard time, symops, or recursion). This diff adds this information to the .specs file and adds a "fail hard" mode where crashes and timeouts will actually stop the analysis in developer mode (but will still be hidden in the normal production mode).
Reviewed By: jeremydubreil
Differential Revision: D2725382
fb-gh-sync-id: b0b4e5e
Summary:
public
This fixes two things:
- `make -j9000` now works without crashing
- `make -C infer/src clang java` followed by `make -C infer/src clang` results
in a cached build the second time. Previously, a bug in ocamlbuild meant that
building infer/java would stomp over some files used by infer/clang, hence
infer/clang would get partially recompiled. More generally, alternating
between targets, or simply repeatedly calling `make` would result in unecessary
rebuilds.
Reviewed By: akotulski
Differential Revision: D2765544
fb-gh-sync-id: ecffdee
Summary: public Did this by adding an option to rearrange that turns of error reporting.
Reviewed By: dulmarod
Differential Revision: D2768396
fb-gh-sync-id: 4898d2d
Summary:
public
Infer would previously give confusing reports in the following case: two classes `foo.MyClass` defined in `MyClass.java` under directory `foo/` and `bar.MyClass` defined in file `MyClass.java` under `bar/` are compiled together in a single call to the Java compiler. Then the errors in `foo/MyClass.java` could potentially be reported in `bar/MyClass.java`, or the other way around.
The reason is: Infer starts the translation from the bytecode which only contains information about the base filename in the metadata. For example, both `foo.MyClass` and `bar.MyClass` will contains the information that the source file is `MyClass.java` but not the full path to the actual source file (hopefully).
In order to cope with this issue, this diff adds the possibility to read the package declaration from the source file so that we can map classes to the source files these classes are defined without ambiguity. In order to avoid having to open and read the source files when not necessary, the code will behave as before as long as no name conflict is found. Otherwise, it will only load and search for the package declaration when two or more sources files have the same basename but are defined in different subdirectories.
Closes t9395275
Reviewed By: jberdine
Differential Revision: D2763775
fb-gh-sync-id: 0adc1ac
Summary:
public
There was one oversight that caused frontend to mark C++ method as
objc instance method.
Reviewed By: dulmarod
Differential Revision: D2769060
fb-gh-sync-id: d7a92bc
Summary:
public To deal with ObjC nullability and give meaningful error
messages, we introduced the ObjC_NULL attribute in the symbolic execution to
mean that the object carrying the attribute is null because it was the result
of a method call from a null object. However, one cannot add attributes to null,
so we had to delay nullifying the object in order to have the attribute until we
can assign it to a program variable. However, if the temp variable was used in a condition,
we were not taking into account that its meaning is null. This diff addresses that and fixes
many FPs that we have encounter.
Reviewed By: ddino
Differential Revision: D2765167
fb-gh-sync-id: c0878dd
Summary:
public
Generating .annot files is expensive. Add a configure option to disable them:
./configure --disable-ocaml-annot
./configure --disable-ocaml-bin-annot
(the latter is more for completeness, as bin-annot are not very expensive to
generate)
`make` is 30% faster without annot files. Unless you use Eclipse you shouldn't
need them.
Reviewed By: jeremydubreil
Differential Revision: D2765508
fb-gh-sync-id: 086bc39
Summary: public First in a series of diffs fixing the __nullable checker for obj-c, which currently reports false positives on property accesses via getters and setters. To fix this problem, we need a special implementation of letderef and set for property accesses that don't report NPE errors. Factoring out the execution of these instructions from the main symbolic executor will make this easier.
Reviewed By: jeremydubreil
Differential Revision: D2763923
fb-gh-sync-id: 883a184