53 Commits (94fedd9cf0b1e791f268279ed2c4eb2184ae3c9e)

Author SHA1 Message Date
Jules Villard 363d69430d [ai][pulse] use subgraph-based implication between states
6 years ago
Jules Villard a19db6605c [AI][pulse] lists of disjuncts instead of sets
6 years ago
Jules Villard 44007f054c [pulse] collect garbage (unreachable) heap parts from time to time
6 years ago
Sungkeun Cho 0e5a902ac6 [inferbo] Add model of String::length
6 years ago
Jules Villard 4c1ee2a485 [pulse] add traces to the domain
6 years ago
Daiva Naudziuniene b19ad38dae [pulse] Example of use after destructor for temporaries
6 years ago
Jules Villard 8d3363f677 [pulse] record simple double free test
6 years ago
Jules Villard 9868f7f763 [pulse] warn on returning address of C++ temporary
6 years ago
Jules Villard db1814b1d1 [pulse] detect stack variable address escape
6 years ago
Jules Villard c77f22310a [pulse] rewrite test to avoid stack variable address escape
6 years ago
Jules Villard 2bb9e5ad85 [pulse] rename function that was never a pulse FP
6 years ago
Daiva Naudziuniene e2b5a6f941 [pulse] Allow taking address of a field of an invalid object
6 years ago
Daiva Naudziuniene 220d29766d [pulse] Model stack as a map from addresses of variables
6 years ago
Jules Villard 65d031af66 [pulse] model lambda captures
6 years ago
Daiva Naudziuniene fcfb6cc361 [pulse] Model more std::vector functions that can invalid references to elements
6 years ago
Jules Villard 95fab102bf [pulse] do not destroy `this` even if asked to
6 years ago
Daiva Naudziuniene 332b150be9 [pulse] Model std::vector::reserve to invalidate references to elements
6 years ago
Daiva Naudziuniene 485b9c7bf5 [pulse] Abstract Location Set
6 years ago
Daiva Naudziuniene e59d9632b1 [Pulse] Improve example to illustrate FP caused by an allocation in a branch
6 years ago
Jules Villard 1c668c4d41 [SIL][preanalysis] add call flag for functions treating first formal as return
6 years ago
Jules Villard f3411a2203 [HIL] Add `ExitScope` instruction
6 years ago
Jules Villard 0b2dcbf406 [pulse] add non-passing tests about join
6 years ago
Daiva Naudziuniene b640d69021 [pulse] An example of false positive caused by an allocation in a branch
6 years ago
Daiva Naudziuniene 2c06254800 [pulse] False positive caused by multiple variables captured by value in lambda
6 years ago
Jules Villard 67ff14b4ed [pulse] record attributes inside memory cells instead of separately
6 years ago
Jules Villard 6f9028a77f [pulse] use WTO scheduler
6 years ago
Daiva Naudziuniene 86f52e52ed [pulse] Operator= copy assignment
6 years ago
Jules Villard f30e97f072 [pulse] add model for `std::vector::reserve` using additional memory attribute
6 years ago
Jules Villard 1c8143898e [pulse] generalise "invalid" addresses as sets of attributes
6 years ago
Jules Villard 637018a330 [pulse] model some early exit functions
6 years ago
Jules Villard 9aa5582caa [clang] leave markers of variable initialization for pulse
6 years ago
Jules Villard 165cb1cf73 [pulse] back to sounder joins
6 years ago
Jules Villard f400d4c5c5 [pulse] always register havoc'd variables
6 years ago
Daiva Naudziuniene 4954d3da4b [pulse] Model operator=
6 years ago
Daiva Naudziuniene 881bcb8fce [pulse] Clean up placement new model
6 years ago
Jules Villard 0a2cb44667 [pulse] introduce the more precise `VECTOR_INVALIDATION` issue type
6 years ago
Jules Villard f627812541 [pulse] new issue type `USE_AFTER_DESTRUCTOR`
6 years ago
Jules Villard c6b2126c3f [pulse] forget about addresses that are invalid on only one side of a join
6 years ago
Daiva Naudziuniene 8b54879b07 [pulse] Constructors
6 years ago
Daiva Naudziuniene 1094a8224c [pulse] Invalidate object rather than address in destructor call
6 years ago
Jules Villard 6cce767d19 [pulse] copy tests from ownership
6 years ago
Jules Villard cf66ea0afb [pulse] havoc vector array on push_back
6 years ago
Jules Villard 6d6ac1d368 [pulse] do not use access paths as they forget about &/*
6 years ago
Jules Villard f5786c444b [pulse] use after free
6 years ago
Jules Villard 38ced865f3 [pulse] more issue types and add details about why locations get invalidated
6 years ago
Daiva Naudziuniene 5dab665fc2 [pulse] Model placement new
6 years ago
Daiva Naudziuniene 50da07e922 [pulse] Invalidate addresses for destructors
6 years ago
Jules Villard 497720386e [pulse] join of memory graphs
6 years ago
Jules Villard 47867a8fdc [pulse] rename `Location` -> `Address` and better reporting
6 years ago
Jules Villard dd220a0fb4 [pulse] vector models
6 years ago