Summary: public Fix oversight where fields of base classes were
not exported.
Reviewed By: dulmarod
Differential Revision: D2652218
fb-gh-sync-id: 75b93ed
Summary: public
When method was called from within other method,
the type of `this` parameter didn't have pointer in type.
This was due to wrong logic that stripped pointer out of the
type.
We still need to strip the type when dereferencing reference variable.
Reviewed By: dulmarod
Differential Revision: D2652012
fb-gh-sync-id: 44552ac
Summary: public so that we don't get thousands of memory leaks in debug mode.
We will still get them if we pass ml_bucket internal.
Reviewed By: jvillard
Differential Revision: D2648200
fb-gh-sync-id: 8dce66f
Summary: public
Move dealing with init expressions from VarDecl_trans to standalone function.
This will be useful for constructor initializer.
I didn't improve anything, just moved stuff around so that no test breaks.
Main change is that we pass Sil code responsible for LHS (var dereference) as
result_trans.
Currently we assume that var_result_trans will have no nodes, no instructions,
no ids. This is true for current usages (it's always Sil.Lvar expression), but in the future it
will change.
Reviewed By: dulmarod
Differential Revision: D2647108
fb-gh-sync-id: cae60b6
Summary: public Categories are now also only translated on demand.
For this we needed links from the class to the categories which we have
now.
Reviewed By: akotulski
Differential Revision: D2647072
fb-gh-sync-id: 4afdf5f
Summary: public
Load and store the inferred attributes on the analysis summaries. The next step is to use the call stack from performance critical methods to expensive methods form the summary payload instead of modifying the attributes.
Reviewed By: sblackshear, cristianoc
Differential Revision: D2644530
fb-gh-sync-id: b99a8e3
Summary: public
returnStmt_trans adds all ids and instrs to its node. It shouldn't return them to parent then.
Reviewed By: dulmarod
Differential Revision: D2636829
fb-gh-sync-id: eb554b9
Summary: public This diff changes the way we treat enums in Infer.
1. The semantics of the translation is now correct, it was a bit incorrect before.
2. We don't add the enum types to the tenv anymore, which saves a lot of disk space
and avoids errors in the backend dealing with the enum type.
Reviewed By: akotulski
Differential Revision: D2641903
fb-gh-sync-id: 6295e5f
Summary: public
We should be able to distinguish if a method is annotated with Expensive and has been automatically annotated as calling an expensive method using internally the annotation CallsExpensive in the later case.
Reviewed By: cristianoc
Differential Revision: D2640478
fb-gh-sync-id: 32a7ee9
Summary: public
This adds the following subtyping rules:
- methods that are not annotated with Expensive cannot be overwritten by a method annotated with Expensive
- methods annotated with PerformanceCritical must be overwitten by method annotated with PerformanceCritical
Reviewed By: cristianoc
Differential Revision: D2636076
fb-gh-sync-id: eb616c9
Summary: public
Just works by running the analysis bottom-up and promoting any method as virtually annotated with `Expensive` whenever one of its callee is annotated with `Expensive`
Reviewed By: cristianoc
Differential Revision: D2635242
fb-gh-sync-id: 4401be6
Summary: public
The jar file of the models was opened twice before. This should reduce a little bit the IO of the capture.
Reviewed By: cristianoc
Differential Revision: D2626251
fb-gh-sync-id: 310bef4
Summary: public
When analysing projects we would not always display the numbers of procs and
files analysed. This fixes it, and also prints the stats before the reports for
readability. This way we also don't need to print "Analysis done" anymore.
Before:
$ infer -- gcc -c hello.c
Starting analysis (Infer version git-436690cf022a16313dda8447121a5934529e6e5c)
Analysis done
hello.c:5: error: NULL_DEREFERENCE
pointer s last assigned on line 4 could be null and is dereferenced at line 5, column 3
3. void test() {
4. int *s = NULL;
5. > *s = 42;
6. }
After:
$ infer -- gcc -c hello.c
Starting analysis (Infer version git-5b7ff3ac10d58e7ffd17c44574ab330ed07cb188)
Computing dependencies... 100%
Analyzing 1 cluster. 100%
Analyzed 1 procedure in 1 file
Found 1 issue
hello.c:5: error: NULL_DEREFERENCE
pointer s last assigned on line 4 could be null and is dereferenced at line 5, column 3
3. void test() {
4. int *s = NULL;
5. > *s = 42;
6. }
Also looked at the results on buck and gradle
Reviewed By: cristianoc
Differential Revision: D2636991
fb-gh-sync-id: 32b9a7c
Summary: public
This cleans up the output of infer. Before:
$ touch empty.c
$ infer -- gcc -c empty.c
Starting analysis (Infer version git-436690cf022a16313dda8447121a5934529e6e5c)
Analysis done
No issues found
$ infer -- javac Hello.java
Starting analysis (Infer version git-436690cf022a16313dda8447121a5934529e6e5c)
Analysis done
Hello.java:4: error: NULL_DEREFERENCE
object s last assigned on line 3 could be null and is dereferenced at line 4
2. int test() {
3. String s = null;
4. > return s.length();
5. }
6. }
Analyzed 2 procedures in 1 file
$
After:
$ infer -- gcc -c empty.c
Starting analysis (Infer version git-434faa7f70f6b9498615d3ead8c12bcfec6fc553)
Analyzing 0 clusters
Analysis done
No issues found
$ infer -- javac Hello.java
Starting analysis (Infer version git-434faa7f70f6b9498615d3ead8c12bcfec6fc553)
Computing dependencies... 100%
Analyzing 1 cluster. 100%
Analysis done
Found 1 issue
Hello.java:4: error: NULL_DEREFERENCE
object s last assigned on line 3 could be null and is dereferenced at line 4
2. int test() {
3. String s = null;
4. > return s.length();
5. }
6. }
Analyzed 2 procedures in 1 file
$
Also tested with buck, gradle.
Reviewed By: cristianoc
Differential Revision: D2636969
fb-gh-sync-id: 52f06f0
Summary: public
C++ allows to have one variable declared+initialized as a condition statement.
Handle these cases properly for `if` and `while` statements.
Reviewed By: dulmarod
Differential Revision: D2625774
fb-gh-sync-id: bac95b8
Summary: public
This is an initial version of the Expensive checker which only report violations on direct calls. The main objective is to setup all the files for this new checker.
The next steps are:
1) run the checker in interprocedural mode
2) Save in the summary of a method foo() the annotation attribute Expensive if a direct callee of foo is annotated with Expensive
3) Check that Expensive is enforced by subtyping, i.e. check that non-expensive method cannot be overwritten by a method annotated with Expensive
Reviewed By: cristianoc
Differential Revision: D2629947
fb-gh-sync-id: 0e06f85
Summary: public
Adding a progress bar to the analysis phase to check progress.
The progress bar for the analysing procedures part is just printing dots at the moment and will be
improved soon when we do all the multithreading inside Ocaml.
There is also a no_progress_bar option in the scripts to hide it, for instance in CI.
Reviewed By: cristianoc
Differential Revision: D2625763
fb-gh-sync-id: daf6f96
Summary: public
This is a non-functional refactoring to add a flag to trigger the translation of the procedure description of callees. This allows to check in which cases we still need to procedure description of callees to run the analysis.
Reviewed By: cristianoc
Differential Revision: D2620402
fb-gh-sync-id: 7ef5b5f
Summary: public
Translate CXXConstructExpr that are parts of variable initialization.
Reviewed By: dulmarod
Differential Revision: D2570750
fb-gh-sync-id: 708a457
Summary: public
Type of `this` argument to c++ method call has pointer type.
It's either raw pointer (for `->`) or reference (for `.`).
It was already correct in method declaration and method parameters, but it wasn't correct in method calls. Same thing will apply to constructor expressions.
As a result of this change, we won't expand type when calling methods.
Change to ast_expressions.ml fixes problem with autogenerating getters/setters that produced lvalue types after LValueToRValue cast.
Reviewed By: dulmarod
Differential Revision: D2605756
fb-gh-sync-id: 1027600
Summary: public
The context leaks were reported multiple times. If a leaks was found on method `f()` and `g()` calls `f()`, then the same leak was report both in `f()` and in `g()`.
Reviewed By: sblackshear
Differential Revision: D2598110
fb-gh-sync-id: ca90b57
Summary: public Translate classes and protocols on demand only.
This saves space in the tenv and time. The categories still cannot be translated on demand
because there is no pointer to them from the classes. Andrzej is fixing that.
We had to make cTypes_Decl and the modules for translating classes, protocols and categories mutually
recursive. Moreover, we had to reorder the method for adding classes to the tenv to receive a decl and
return a type.
Reviewed By: ddino
Differential Revision: D2595610
fb-gh-sync-id: ca76068
Summary: public
Extends the current activity leak checker to all sort of context leaks.
Reviewed By: sblackshear
Differential Revision: D2572548
fb-gh-sync-id: 9da18e4
Summary: public
The relative path was triggering a bug in ocamlbuild where it would try to
create ".." for some reason, which already exists. Hence `make -C infer clean
checkCopyright` would always fail for instance.
Reviewed By: jeremydubreil
Differential Revision: D2596307
fb-gh-sync-id: 0dd8d9f
Summary: public
The harness was created all the time but we do not report issues comming from the harness right now. The option:
infer --android-harness -- <build command>
Allows to create the harness
Reviewed By: sblackshear
Differential Revision: D2595211
fb-gh-sync-id: c7a6dc5
Summary: public
This allow to tell Infer to skip the translation of some files. This is especially useful to skip the translation of some generated files following the syntax:
> cat .inferconfig
{
"skip_translation": [
{
"language": "Java",
"source_contains": "_SHOULD_BE_SKIPPED_"
}
]
}
Reviewed By: cristianoc
Differential Revision: D2588095
fb-gh-sync-id: 3fda816
Summary: public
In C pre-increment/decrement returns rvalue, but in C++ it returns lvalue.
Make translation aware of the difference and treat these cases differently.
Reviewed By: ddino
Differential Revision: D2575136
fb-gh-sync-id: 952c095
Summary: public
Translating structs and C++ classes only on demand. This reduces the size of the tenv and
saves analysis time.
Reviewed By: ddino
Differential Revision: D2575008
fb-gh-sync-id: b29da2a
Summary: public
Update clang plugin version that has following changes:
1. Don't dump DeclContext as a part of BlockDecl
2. Add location information to C++ constructor initializers
This diff is making infer compatible with these changes by
1. Making infer compile
2. Reading location information from c++ constructor initializers so we don't miss update to line number
Reviewed By: dulmarod
Differential Revision: D2575066
fb-gh-sync-id: 6dc594a
Summary: public
Refactor translation of C++ method calls so that we get two parts:
1. Get Sil code for method address and this expression
2. Given method address, this expression and list of paramter statements, create Call instruction
This will allow us to share more code with C++ constructor calls that do (1) differently, but
(2) will be shared
Reviewed By: dulmarod
Differential Revision: D2570712
fb-gh-sync-id: 9c6c3e4
Summary: public
Remove spurious recursion between type and function declarations in the files
generated via `atdgen`. This speeds up the compilation time of `make clang` by
almost half (one-shot measurements: 59s -> 36s).
Silence warning 39 on this generated code to make compilation pass.
Reviewed By: akotulski
Differential Revision: D2570506
fb-gh-sync-id: 8edba22
Summary: public This diff fixes incorrect mangling of captured variables in blocks. Because they are formals,
they shouldn't be mangled, but this case was not taken into account. This caused an assert false in the
example infer/tests/codetoanalyze/objc/frontend/block/block.m which wasn't caught before because there
wasn't an endtoend test for it.
Reviewed By: akotulski
Differential Revision: D2560379
fb-gh-sync-id: db500b6
Summary: public
Adds incomplete translation of constructor bodies. Treat constructors as
methods with something 'extra'.
We still don't translate initializer lists, just pass the information to cTrans
where it's ignored
Reviewed By: dulmarod
Differential Revision: D2550214
fb-gh-sync-id: 102c13a
Summary: public anonymous types have file:line in its name.
Since file is relative path, type name can have '/' in its name.
This is very fragile since we might create file wiht typename in its name (for example for methods).
Replacing '/' with '_' should make frontend more resilient to failure.
Translation of anonymous structs is still pretty fragile (due to relative path in its name),
but at least it doesn't crash frontend
Reviewed By: dulmarod
Differential Revision: D2559936
fb-gh-sync-id: 647fd7f
Summary: public
Just some refactoring and renaming of Makefile variables.
Reviewed By: jeremydubreil
Differential Revision: D2555766
fb-gh-sync-id: 5b7d4ff
Summary: public Refactoring Printfargs checker a bit to
make it callable from symbolic executor, then calling it.
Reviewed By: jeremydubreil
Differential Revision: D2361286
fb-gh-sync-id: 4b73855
Summary: public
modules are better for namespacing.
How I made this diff:
1. moved list_* functions from utils.ml{,i} to iList.ml{,i}
2. shell commands:
grep '^val ' infer/src/backend/iList.mli | cut -f 2 -d ' ' | tr '\n' ' '
# gives a list of former list_ functions that IList implements, fed into the loops below:
LISTNAMES=" compare equal append combine exists filter flatten flatten_options find fold_left fold_left2 for_all for_all2 hd iter iter2 length fold_right map mem nth partition rev rev_append rev_map sort split stable_sort tl drop_first drop_last rev_with_acc remove_duplicates remove_irrelevant_duplicates merge_sorted_nodup intersect mem_assoc assoc map2 to_string"
# replace " list_*" function calls with IList.* ones
for i in $LISTNAMES; do find . -name '*.ml' -exec sed -i -e "s/ list_$i\b/ IList.$i/g" \{\} \; ; done
# replace (list_* functions with (IList.* ones
for i in $LISTNAMES; do find . -name '*.ml' -exec sed -i -e "s/(list_$i\b/(IList.$i/g" \{\} \; ; done
# ditto with [
for i in $LISTNAMES; do find . -name '*.ml' -exec sed -i -e "s/\[list_$i\b/[IList.$i/g" \{\} \; ; done
3. Then fix up the rest by hand. In particular, stuff that called Utils.list_*
explicitely, and stuff that used the "Fail" exception that has moved to
IList. (may revisit this in the future)
Reviewed By: jeremydubreil, cristianoc
Differential Revision: D2550241
fb-gh-sync-id: cd64b10
Summary: public
C++ assignment operation result is lvalue, while in C it was rvalue.
This leads to different AST produced by clang for then same code!
Use language information from clang (`-x` flag) to distinguish these cases.
More specifically, let's look at following code:
int r;
int f = (r = 3);
// type of (r = 3) expression:
// C/objC -> int rvalue
// C++/objC++ -> int lvalue
Existing code did extra dereference because it was rvalue in C and there was no cast afterwards
in C++ there will be extra LValueToRvalue cast when neccesary so we don't have to do extra dereference manually
Reference:
http://en.cppreference.com/w/c/language/value_category (search for 'assignment and compound assignment operators')
NOTE: AST output doesn't change when something is hidden behind `extern "C"`, so we should use global language information
Reviewed By: ddino
Differential Revision: D2549866
fb-gh-sync-id: b193b11
Summary: public Two cases were not handled properly so far:
1. Declaration of a reference variable missed reference bit in type
2. Parameters to a function expecting T& had type T.
The way to distinguish reference types from value types is to look
whether parameter is type 'T rvalue' or type 'T lvalue' (xvalue probably as well)
Unfortunately, we can't just say 'T lvalue' = 'T&' because it would break
a lot of things in our frontend.
However, we know that when parameter to a function call has type 'T lvalue', it has to be 'T&' type.
Same applies when init_expression type is lvalue.
So, the solution is to add wrapper function that looks at results of `instruction` function and
expected expression type. Then if it's lvalue, wrap the type in reference.
Do this wrapping magic only when we know that lvalue mean reference type.
The rest of the changes is to make frontend tests pass - since we use different fields
in the AST, some of them were incorrectly set before and no one noticed.
Reviewed By: cristianoc
Differential Revision: D2549991
fb-gh-sync-id: 067f5d5
Summary: public
Dictionary literals are normally implemented using
`+dictionaryWithObjects:forKeys:count:` but were modeled as
`+dictionaryWithObjectsAndKeys:`
In particular, `@{@"aaa": nil}` would trigger a sentinel error instead of an NPE.
This models dictionary literals as a special infer builtin that the backend
interprets so as to give NPEs when passed nil objects or keys.
Reviewed By: dulmarod
Differential Revision: D2550039
fb-gh-sync-id: 1a10656
Summary: @public
This diff changes following things:
1. expression_info.type_ptr has type than decl_ref_info.type_ptr for reference types. Use type from decl_ref_info as a source of truth
2. reference types need to have one extra dereference that is not in AST. Add handling for this.
3. [small refactor] create function that creates temporary variable from res_trans expression and returns new res_trans.
Some caveats:
1. types are not quite right yet (see .dot files).
2. decl_ref_info might not be set for DeclRefExpr, make frontend crash in that case to catch when this happens
This is high risk change since it changes behavior of every translation on very widely used expr.
Reviewed By: @dulmarod
Differential Revision: D2540632
fb-gh-sync-id: aa28936
Summary: @public
This removes the old way of finding variable declarations to create sil variables and replaces it with
a a new way based on the map from pointers to declarations.
Basically, every variable dereference contains a pointer to the variable declaration, with that we can
build the corresponding sil variable.
Reviewed By: @akotulski
Differential Revision: D2536000
fb-gh-sync-id: dd29cf9
Summary: @public
Refactor exising code that handles __nonnull annotations.
Create extendable way to add extra stuff to be translated before
rest of statements get translated.
This will make handling of constructor initializer list simpler
Reviewed By: @dulmarod
Differential Revision: D2521659
fb-gh-sync-id: ba613e7
Summary: @public
Update version of clang plugin, it changes type
of CXXMethodDecl, all of the changes are to make frontend compile.
Reviewed By: @jvillard
Differential Revision: D2522117
fb-gh-sync-id: 970bdc8
Summary: @public remove `is_instance` function parameter that was used for
blocks only. Instead, pass context everywhere - it holds information that is
very relevant when defining block.
Reviewed By: @dulmarod
Differential Revision: D2521772
fb-gh-sync-id: 5fb53f9
Summary: @public
1. Add support for `this` keyword. It will allow to access fields/methods of the object from the method body.
2. Fix problem with method formals to add pointer to type of first parameter (which corresponds to `this`)
Reviewed By: @dulmarod
Differential Revision: D2484882
fb-gh-sync-id: c318619
Summary: @public
Get newest goodness from facebook-clang-plugins
that allows us to change type of type_ptr during deserialization
We are modifying clang_ast_types.ml that fcp/clang-ocaml expects to
exist - we provide our own implementations of:
t_ptr, pointer_to_type_ptr, type_ptr_to_pointer
Reviewed By: @dulmarod
Differential Revision: D2498623
Summary: @public
First diff to give better language information in the frontend.
This information is necessary to understand when 'self' is objc keyword,
when 'this' is C++ keyword and when they are not.
Reviewed By: @ddino, @dulmarod
Differential Revision: D2489252
Summary: @public
There was an inconsistency with the type of `stats.json` created by `inferlib.py` and InferAnalyze. This diff cleans up the thing and uses two different files to saves the statistics to clarify what gets created by the analysis, i.e. `proc_stats.json` and what gets created all the time `stats.json`.
Reviewed By: @sblackshear
Differential Revision: D2500517
Summary: @public
qual_type was the same as type_ptr, so it was removed.
This commit makes it compatible with facebook-clang-plugins
Commands ran:
codemod --extensions ml,mli 'qual_type' 'type_ptr'
codemod --extensions ml,mli 'qt' 'tp'
If there is any other popular name for qual_type, let me know
Reviewed By: @dulmarod
Differential Revision: D2498289
Summary: @public Infer previously did not work correctly when a function returns the result of a skip function:
```
retUndef() {
x = undefined();
return x;
}
derefUndef() {
y = retUndef();
y.doSomething(); // Symexec_memory_error here, prevents spec inference
}
```
The problem is that angelic mode did not know to add the return value of `retUndef()` to the footprint.
This diff fixes the problem by adding return values marked with the `Aundef` attribute to the footprint.
This is done lazily (e.g., a value only gets added to the footprint when you try to deref it).
Reviewed By: @jvillard
Differential Revision: D2444929
Summary: @public
We no longer rely on existence of qt_raw field.
Update facebook-clang-plugins so that this field
is not even exported. This should give us some perf wins
since qual_type is written in a lot of places
Reviewed By: @dulmarod
Differential Revision: D2489308
Summary:
Using the qualified names of fields to create mangled names.
This removes the need to search for the fields in the tenv when translating a field access.
That was only done to build the correct mangled name,
The rest of the changes are using the qualified names for ivars and property names in the property module,
which is needed to make it work. Basically a big chain of changes of using qualified names to make the code
compile.
Summary:
This diff aims at removing the occurrences of the types in string form so that we can remove them
from the ast which will save space.
There is one occurrence left regarding attributes that will be handled later by Andrzej.
We build a function to create a string out of a function type used for name mangling.
Summary:
frontend and backend assume that Sil.Struct
doesn't have methods nor inheritance. In order to plug C++
classes we probably need them to be Sil.Class
Summary:
C function names depend only on their name (and their file is they are static, and their type if we are in C++)
This is more in sync with the actual semantics of C function names than the previous implementation.
Summary:
`get_resource_or_undef` attribute is weird and was causing problems for me in another diff.
This diff refactors the attribute categories to make resource and undef separate.
Sam Blackshear
Dino Distefano
Andrzej Kotulski
Dulma Rodriguez
jrm
Jules Villard
Cristiano Calcagno
martinoluca
Irene Papakonstantinou