Summary:
Now all code in tests is reachable by the analyzer which increases
test quality.
Reviewed By: dulmarod
Differential Revision: D3358591
fbshipit-source-id: d54877e
Summary:
Pass object by reference every time struct object is passed by value
in C++. Do it only for C++/objC++ where we have guarantee that the
object which is passed will be temporary one (created by copy constructor).
Reviewed By: jberdine
Differential Revision: D3346271
fbshipit-source-id: d3e5daa
Summary:
Make analyzer find out when null dereference comes from std::vector method.
If it does, it means that it's really empty vector access (due to the
way infer models std::vector)
Reviewed By: sblackshear
Differential Revision: D3327933
fbshipit-source-id: b9e11d6
Summary:
Turns out, analyzer was getting confused with complicated
model and it was reporting empty access in places it
shouldn't. Fixing backend is not trivial (tracing mode is the answer),
but the model can be simplified.
It introduces the problem that get() method doesn't return fresh value
every time, but we should be able to change backend later to deal with it.
Reviewed By: sblackshear
Differential Revision: D3328228
fbshipit-source-id: dddbaf8
Summary:
Create model of C++ std::vector to find occurrences when vector which might be empty is accessed. Do it by triggering null dereference every time empty vector access is performed.
Note: model will be used only when c++11 (or c++14) are used.
Reviewed By: sblackshear
Differential Revision: D3276203
fbshipit-source-id: 420a95a
Summary:Local variable created by conditional operator translation is now declared in scope of whole
procedure. Semantically there is no difference, hopefuly backend will not complain about this
change. Also, nullifying that variable is deferred to preanalysis instead of calling it manually
Reviewed By: jvillard
Differential Revision: D3155733
fb-gh-sync-id: 6cec8fc
fbshipit-source-id: 6cec8fc
Summary:BinaryConditionalOperator should evaluate condition expression once, but we used to evaluate it twice.
Fix translation to account for it.
Reviewed By: dulmarod
Differential Revision: D3179803
fb-gh-sync-id: a801a7e
fbshipit-source-id: a801a7e
Summary:This diff translate cpp lambdas. For the moment it does not take care of
captured variables. Captured variables will come in the next diff.
Reviewed By: dulmarod
Differential Revision: D3114790
fb-gh-sync-id: bf36450
fbshipit-source-id: bf36450
Summary:public
When a conditional is the last instruction, there will be a join node leading directly to the exit node.
Some instructions, such as nullification of dead variables, and abstraction, are added to the control flow graph automatically. But, join nodes cannot contain instructions. So when a procedure ends with a conditional, there might be no place to store these instructions.
This diff adds one extra node between the join and the exit node in that situation.
Reviewed By: jvillard
Differential Revision: D3179056
fb-gh-sync-id: 2b9cd7e
fbshipit-source-id: 2b9cd7e
Summary:public
Instead of translating code from headers blindly, translate only gets transitively referenced from source code.
It won't translate functions from system headers, but in the future we could do that as well
since most of them aren't used and it shouldn't add much overhead.
For now this functionality is hidden behind --cxx-experimental flag
Reviewed By: dulmarod
Differential Revision: D3163519
fb-gh-sync-id: 0c53b10
fbshipit-source-id: 0c53b10
Summary:public
Instead of using location of init_stmt, use location of variable when translating initialization.
Most of the time it change anything with some exceptions:
// example1 - C/C++/objC
int x = // now: assignment happens in this line
3; // past: assignment happens in this line
// example2: valid in C++11 only
struct X {
int x = 0; // now: one assignment here
int y = 2; // now: one assigmnent here
X() = default; // before: 2 assignments in this line
};
Reviewed By: dulmarod
Differential Revision: D3155870
fb-gh-sync-id: f38c78c
fbshipit-source-id: f38c78c
Summary:public
Create a model of std::unique_ptr in similar fashion to what was done to std::shared_ptr.
For now, we are modeling it as container of raw pointer (no ownership concept).
This time unique_ptr is not derived from std__unique_ptr (unlike shared_ptr, it was easier to not do that) and so we need to provide implementations for all non-member functions per C++ reference:
http://en.cppreference.com/w/cpp/memory/unique_ptr
Reviewed By: dulmarod
Differential Revision: D3048209
fb-gh-sync-id: a9a6455
shipit-source-id: a9a6455
Summary:public
Implementation of std::move is straightforward and infer understands it without
any problems. To use it, we translate it even though it's coming from system headers.
Reviewed By: jvillard
Differential Revision: D3064019
fb-gh-sync-id: 823ae75
shipit-source-id: 823ae75
Summary:public
Create initial model of C++ std::shared_ptr. This means that infer will replace implementation of
shared_ptr and the resulting binary will change. Make sure no one will run it by crashing any binary that includes that code.
Reviewed By: jvillard
Differential Revision: D2999948
fb-gh-sync-id: 5753559
shipit-source-id: 5753559
Summary:public
Add extra dereference when accessing fields that have T& type. It is similar
to what is done when accessing variables of T& type.
The only difference is that we need to handle constructor initializer list
separately (this is the only place where the field can be initialized)
Reviewed By: ddino
Differential Revision: D2965887
fb-gh-sync-id: 1b8708b
shipit-source-id: 1b8708b
Summary:public
Do same thing we do to CXXDefaultArgExpr
Reviewed By: dulmarod
Differential Revision: D2954128
fb-gh-sync-id: 2c92c16
shipit-source-id: 2c92c16
Summary:public
Create separate specs for C models compiled in C++. It will allow us to tweak behavior/names of certain
functions based on the compilation language (such as adding `std::` namespace in C++).
Reviewed By: jvillard
Differential Revision: D2938992
fb-gh-sync-id: 73902f8
shipit-source-id: 73902f8
Summary:public
Translate headers every time they are included provided that they are located inside project_root directory.
While this is suboptimal (we might end up translating same header many times), doing it exactly once
is hard due to parallel compilation and template instantiations
Reviewed By: dulmarod
Differential Revision: D2916799
fb-gh-sync-id: 93b72c4
shipit-source-id: 93b72c4
Summary:
public
Avoid problems of overwriting good type information with incomplete information
when type declaration happens after its complete definition.
The solution is that we will only time we *update* type information is
when struct declaration has definition as well (which should happen once)
Reviewed By: cristianoc, sblackshear
Differential Revision: D2921811
fb-gh-sync-id: 16baba3
shipit-source-id: 16baba3
Summary:
public
This expression is used to value-initialize non-class types. Per definition of value initialization for non-class types:
1. If it's an array, value-initialize each of its elements
2. Otherwise, zero-initialize it
http://en.cppreference.com/w/cpp/language/value_initialization
I was unable to reproduce (1) in a way that produced CXXScalarValueInitExpr and so this diff
deals with case (2)
Reviewed By: jvillard
Differential Revision: D2901311
fb-gh-sync-id: beeafa2
Summary:
public
Add type of return parameter to the context. It allows for better translation
of returnStmt and will be necessary for easy implementation of constructor init lists
Reviewed By: cristianoc
Differential Revision: D2890838
fb-gh-sync-id: e791c3d
Summary:
public
xvalues is concept introduced in C++11. While they are not same as lvalues, they have one common trait:
They have identity which means that:
> it's possible to determine whether the expression refers to the same entity as another expression, such as by comparing addresses of the objects or the functions they identify (obtained directly or indirectly);
It means that as far as backend is concerned, they should be treated in same way. Right now there is no concept of "move" in the backend and so we don't have
to differentiate between them.
Reference:
http://en.cppreference.com/w/cpp/language/value_category
Reviewed By: cristianoc
Differential Revision: D2895593
fb-gh-sync-id: 5101e28
Summary:
public
C++ allows for parameters with empty names (unused/default copy constructors). Make backend happy by assigning a non-empty
name to these variables
Reviewed By: jvillard
Differential Revision: D2895550
fb-gh-sync-id: b466397
Summary:
public
It turns out that C-like structs in C++ may have methods generated by clang (constructors for example).
If struct has a method, it needs to have Sil.Class type - make all CXXRecordDecls Sil.Class types by default.
Reviewed By: cristianoc
Differential Revision: D2895567
fb-gh-sync-id: 8eb18c3
Summary:
public
Backend needs to know whether parameter has Derived* type - otherwise subtyping in backend doesn't work. Skipping `DerivedToBase` does that
Reviewed By: dulmarod
Differential Revision: D2890673
fb-gh-sync-id: a79abbc
Summary:
public
1. Add support for temporary C++ objects.
2. Make constructor calls return constructed objects - it allows us pass them as parameters to another constructs (such as parameters, member expressions etc.)
3. Translate FunctionalCastExpr which sometimes is used instead of CXXTemporaryObjectExpr
Reviewed By: dulmarod
Differential Revision: D2874916
fb-gh-sync-id: d9ac2cc
Summary:
public
1. Change exps result of translating call expressions
2. Modify field/method_deref_trans to make them work with rvalues returned by function
3. Add E2E test
Reviewed By: jberdine
Differential Revision: D2874822
fb-gh-sync-id: 42c617d
Summary:
public
1. When function uses return parameter instead of returning directly, populate that parameter.
2. Turn on new feature for C/C++ functions/methods that return structured types
Reviewed By: jberdine
Differential Revision: D2865091
fb-gh-sync-id: e15e6eb
Summary:
public
Add optional field to trans_state that denotes variable that is being initialized.
This information will be used by certain constructs (such as c++ constructors or
list initialization).
Passing it in trans_state will enable us to deal with more complicated AST structures where
there might be multiple nodes between variable declaration and its initialization.
Reviewed By: jvillard
Differential Revision: D2854988
fb-gh-sync-id: c100380
Summary:
public
Add destructor calls on delete expression.
While not the most important, it is the simplest case of adding destructor calls.
This will help us in the future with more complex cases.
Reviewed By: ddino
Differential Revision: D2773483
fb-gh-sync-id: 4df9c73
Summary:
public
Treat destructors in the same way we treat methods/constructors.
It doesn't deal with inheritance/composition - we'll need to add calls to these
destructors later
Reviewed By: dulmarod
Differential Revision: D2769142
fb-gh-sync-id: b1c77e1
Summary:
public
Lines other than the first of multi-line comments in non-ocaml files
were flush right instead of aligned.
Reviewed By: jvillard
Differential Revision: D2739752
fb-gh-sync-id: c85f56e
Summary:
public
After supporting template classes and template functions, it's time
to support template methods (they are very similar to template functions)
Reviewed By: dulmarod
Differential Revision: D2734807
fb-gh-sync-id: 41c7f96
Summary:
public
Add support for decl statements inside condition of switch statement
Reviewed By: ddino
Differential Revision: D2734213
fb-gh-sync-id: d60021d
Summary:
public
Conditional operator in C++ allows to return lvalues as a result of the operator.
Make infer frontend smart enough to detect when that happens and treat this
case correctly
Reviewed By: ddino
Differential Revision: D2729468
fb-gh-sync-id: f4a110d
Summary:
public
Read definitions of C++ function template specializations. Infer still doesn't work correctly for template methods, it will be addressed later
Reviewed By: dulmarod
Differential Revision: D2707411
fb-gh-sync-id: 6072796
Summary: public These two functions were doing very same things.
After last refactor code of both functions started to look very similar.
Reviewed By: dulmarod
Differential Revision: D2707502
fb-gh-sync-id: b0559a3
Summary: public
Nodes in these functions can be created later (after translation of subexpressions is done).
Change triggers many differences in .dot files, but they are all about different numbering of
nodes.
There is no functional change in this diff.
Reviewed By: dulmarod
Differential Revision: D2699703
fb-gh-sync-id: a7b8d2a
Summary: public
Add qualifiers to global varible names. It affects both
normal global vars and class static fields
Reviewed By: dulmarod
Differential Revision: D2699927
fb-gh-sync-id: 1471faf
Summary: public
`this` can't be null in C++ methods, make backend aware of it.
Behavior for other languages remains the same
Reviewed By: dulmarod
Differential Revision: D2668945
fb-gh-sync-id: c85acbf
Summary: public
Infer gets confused with this cast. It happens when objects try
to access superclass field/method, but we shouldn't change type in
this case (for the sake of backend)
Reviewed By: dulmarod
Differential Revision: D2663905
fb-gh-sync-id: bbf1cb2
Summary: public Translate template instantiations exported by clang.
There is no need to deal with templated code - clang creates one class
for each implementation.
Reviewed By: dulmarod
Differential Revision: D2686269
fb-gh-sync-id: 9249a00
Summary: public
Support MaterializeTemporaryExpr which happens often in real life C++.
For example, it will happen in this code:
std::vector<int> v;
v.push_back(1);
// it's because std::vector<int>::push_back(const int &)
Strategy is to create variable that will store value of init expression (to provide storage)
and then return variable as a result of an expression
Reviewed By: ddino
Differential Revision: D2674340
fb-gh-sync-id: 077ed6a
Summary: public
Translate C++ overloaded operator calls. AST of their children looks slightly differently
which means that we have to be more permissive in params_trans.exps.
Difference:
CXXMemberCallExpr:
MemberExpr:
'ThisExpr' (it's part of method decl ref evaluation)
MethodDeclRef
Param1
Param2
...
CXXOperatorCallExpr
MethodDeclRef/FunctionDeclRef
'ThisExpr' (it's part of parameters list evaluation)
Param1
Param2
...
Reviewed By: dulmarod
Differential Revision: D2679503
fb-gh-sync-id: 1437f73
Summary: public
Add support for translation and calling c++ static methods.
They can be called in two ways:
ClassName::method()
classInstance.method()
Both of them have the same meaning, but AST produced is different
Reviewed By: dulmarod
Differential Revision: D2636489
fb-gh-sync-id: 9294a3f
Summary: public
New qual_name exporting logic in facebook-clang-plugins handles anonymous
classes in much better way. This allows us to simplify name generation for
classes that don't rely on a type of the object (which could be wrong for
methods from superclasses).
Reviewed By: dulmarod
Differential Revision: D2663810
fb-gh-sync-id: 08146b8
Summary: public Fix oversight where fields of base classes were
not exported.
Reviewed By: dulmarod
Differential Revision: D2652218
fb-gh-sync-id: 75b93ed
Summary: public
When method was called from within other method,
the type of `this` parameter didn't have pointer in type.
This was due to wrong logic that stripped pointer out of the
type.
We still need to strip the type when dereferencing reference variable.
Reviewed By: dulmarod
Differential Revision: D2652012
fb-gh-sync-id: 44552ac
Summary: public
C++ allows to have one variable declared+initialized as a condition statement.
Handle these cases properly for `if` and `while` statements.
Reviewed By: dulmarod
Differential Revision: D2625774
fb-gh-sync-id: bac95b8
Summary: public
Translate CXXConstructExpr that are parts of variable initialization.
Reviewed By: dulmarod
Differential Revision: D2570750
fb-gh-sync-id: 708a457
Summary: public
Type of `this` argument to c++ method call has pointer type.
It's either raw pointer (for `->`) or reference (for `.`).
It was already correct in method declaration and method parameters, but it wasn't correct in method calls. Same thing will apply to constructor expressions.
As a result of this change, we won't expand type when calling methods.
Change to ast_expressions.ml fixes problem with autogenerating getters/setters that produced lvalue types after LValueToRValue cast.
Reviewed By: dulmarod
Differential Revision: D2605756
fb-gh-sync-id: 1027600
Summary: public
In C pre-increment/decrement returns rvalue, but in C++ it returns lvalue.
Make translation aware of the difference and treat these cases differently.
Reviewed By: ddino
Differential Revision: D2575136
fb-gh-sync-id: 952c095
Summary: public
Adds incomplete translation of constructor bodies. Treat constructors as
methods with something 'extra'.
We still don't translate initializer lists, just pass the information to cTrans
where it's ignored
Reviewed By: dulmarod
Differential Revision: D2550214
fb-gh-sync-id: 102c13a
Summary: public
C++ assignment operation result is lvalue, while in C it was rvalue.
This leads to different AST produced by clang for then same code!
Use language information from clang (`-x` flag) to distinguish these cases.
More specifically, let's look at following code:
int r;
int f = (r = 3);
// type of (r = 3) expression:
// C/objC -> int rvalue
// C++/objC++ -> int lvalue
Existing code did extra dereference because it was rvalue in C and there was no cast afterwards
in C++ there will be extra LValueToRvalue cast when neccesary so we don't have to do extra dereference manually
Reference:
http://en.cppreference.com/w/c/language/value_category (search for 'assignment and compound assignment operators')
NOTE: AST output doesn't change when something is hidden behind `extern "C"`, so we should use global language information
Reviewed By: ddino
Differential Revision: D2549866
fb-gh-sync-id: b193b11
Summary: public Two cases were not handled properly so far:
1. Declaration of a reference variable missed reference bit in type
2. Parameters to a function expecting T& had type T.
The way to distinguish reference types from value types is to look
whether parameter is type 'T rvalue' or type 'T lvalue' (xvalue probably as well)
Unfortunately, we can't just say 'T lvalue' = 'T&' because it would break
a lot of things in our frontend.
However, we know that when parameter to a function call has type 'T lvalue', it has to be 'T&' type.
Same applies when init_expression type is lvalue.
So, the solution is to add wrapper function that looks at results of `instruction` function and
expected expression type. Then if it's lvalue, wrap the type in reference.
Do this wrapping magic only when we know that lvalue mean reference type.
The rest of the changes is to make frontend tests pass - since we use different fields
in the AST, some of them were incorrectly set before and no one noticed.
Reviewed By: cristianoc
Differential Revision: D2549991
fb-gh-sync-id: 067f5d5
Summary: @public
This diff changes following things:
1. expression_info.type_ptr has type than decl_ref_info.type_ptr for reference types. Use type from decl_ref_info as a source of truth
2. reference types need to have one extra dereference that is not in AST. Add handling for this.
3. [small refactor] create function that creates temporary variable from res_trans expression and returns new res_trans.
Some caveats:
1. types are not quite right yet (see .dot files).
2. decl_ref_info might not be set for DeclRefExpr, make frontend crash in that case to catch when this happens
This is high risk change since it changes behavior of every translation on very widely used expr.
Reviewed By: @dulmarod
Differential Revision: D2540632
fb-gh-sync-id: aa28936
Summary: @public
This removes the old way of finding variable declarations to create sil variables and replaces it with
a a new way based on the map from pointers to declarations.
Basically, every variable dereference contains a pointer to the variable declaration, with that we can
build the corresponding sil variable.
Reviewed By: @akotulski
Differential Revision: D2536000
fb-gh-sync-id: dd29cf9
Summary: @public Add some basic tests to make sure that there is no
regression afterwards
Reviewed By: @dulmarod
Differential Revision: D2521887
fb-gh-sync-id: 1b8a15c
Summary: @public
Remove some of the duplicated code, move .dot files to new locations
Reviewed By: @dulmarod
Differential Revision: D2521709
fb-gh-sync-id: 0cc333d
Summary: @public
1. Add support for `this` keyword. It will allow to access fields/methods of the object from the method body.
2. Fix problem with method formals to add pointer to type of first parameter (which corresponds to `this`)
Reviewed By: @dulmarod
Differential Revision: D2484882
fb-gh-sync-id: c318619
Summary: @public
1. Factor out some of the common code for comparing C++ dot files
2. Create new directory with smaller .cpp files to translate
Reviewed By: @dulmarod
Differential Revision: D2507757
Summary: @public
First diff to give better language information in the frontend.
This information is necessary to understand when 'self' is objc keyword,
when 'this' is C++ keyword and when they are not.
Reviewed By: @ddino, @dulmarod
Differential Revision: D2489252
Summary:
frontend and backend assume that Sil.Struct
doesn't have methods nor inheritance. In order to plug C++
classes we probably need them to be Sil.Class
Summary:
Pass inheritance information to the backend
It also changes some functions in cTypes_decl and we are using type and decl maps to resolve these types
Summary:
This is the second of 3 stack diffs to deal with replacing the parser of types.
This diff is about changes to translate record types, as well as class types and enum
types. For class types and enum types we store the declaration pointer in the map of
types to find the type easier later.
For record declarations, we change the way we build record names.
Moreover, we don't translate typedefs anymore, because when we have a pointer to a typedef,
we can find the actual type it points to.
Summary:
each procedure has a different scope, so we can restart the fresh name generator and have more stable instructions in the cfg, that don't change when other procedures are changed
Summary:
Handle C++ method declarations and create cfgs for them.
Doesn't do:
Method calls (CXXMethodCall)
Using `this` expression in methods (including implicit ones)
Summary:
Add basic translation for C++ `new` keyword.
Currently, it's modeled as simple `malloc` call.
Following constructs are still not working properly:
- array new `new [size_expr]`
- run initializer attached to `new` (such as `new int(5)`)
- `delete[]`
Summary:
In objC we already prefix field names with classes.
It's better to make it consistent since it'll allow
us to share more code between C++ and objC
Summary:
@public
Add support for default function arguments.
As a side change - always create cmethod_signature for a function
Test Plan:
1. Call function with default parameter and confirm that it gets parsed and reports null dereference (B5 but still). It didn't before.
2. Created a test case
Summary:
@public
Translate CXXStaticCastExpr
Test Plan:
Add test, confirm that it gets translated.
Also create example to see that infer reports null dereference with this change:
struct X { int a; };
int main() {
X *x = static_cast<X*>(nullptr); // <- reports now
//X *x = (X*)nullptr; // <- reported before
return x->a;
}
Summary:
@public
Make c frontend understand CXXNullPtrLiteralExpr.
Note that the implementation differs from GNUNullExpr
Test Plan:
Create function that returns nullptr:
int* getPtr() {return nullptr;}
look at specs:
InferPrint infer-out/specs/getPtr\{831F\}.specs
Procedure: getPtr
int *getPtr()
Timestamp: 1
Status: INACTIVE
Phase: RE_EXECUTION
Dependency_map:
TIME:0.002853 s TIMEOUT:N SYMOPS:10 CALLS:1,0
ERRORS:
--------------------------- 1 of 1 [nvisited: 1] ---------------------------
PRE:
POST 1 of 1:
return = null:
----------------------------------------------------------------
Add test for it
Summary:
@public
The clang location information is described in an incremental way: each location information is a delta with respect to the previous one in the AST. This is based on a the visit of the AST nodes which corresponds to the order in which the lines are printed with the standard clang AST dump:
clang -cc1 -ast-dump filename.c
This diff adds a preprocessing phase to the front-end so that location information is composed during a visit, and explicit location information is used instead.
In the case of include files, we report the last known location before including the file.
The current file for a function is the file where it is defined. So if a function is entirely defined in a .h file, then the location information will consistently be about the .h file. If instead a function is defined in the source file being analyzed, and some AST nodes come from macro expansion, line information will refer to the original file.
The front-end tests reveal that the location information was incorrect in a few dot files.
Test Plan: arc unit, after having fixed the wrong location in the existing .dot files
Dulma Churchill
Andrzej Kotulski
Sam Blackshear
Dino Distefano
Cristiano Calcagno
Josh Berdine
Jules Villard
Open Source Synchronization