Summary:
public
Use Infer traces to follow the chain of calls from methods annotated PerformanceCritical to the methods annotated as Expensive.
This contains direct jumps from method definition to method definition. So the traces are of the form:
method definition of m1 -> definition of m2 -> definition of m3 -> ... -> definition of mN annotated as Expensive
In the next diff, I will make the checker create traces of the form:
definition of m1 -> call to m2 -> definition of m2 -> call to m3 -> ... -> call to mN -> definition of mN annotated as Expensive
and then simplify the error message whenever the chain of call is longer than, say, 5 calls.
Reviewed By: jberdine
Differential Revision: D2818398
fb-gh-sync-id: c566a44
Summary: public We are not assigning the location of the property rather than that of the class. It seems that it's no problem having the bugs reported in the .h files.
Reviewed By: ddino
Differential Revision: D2831226
fb-gh-sync-id: 026692e
Summary: public We are not assigning the location of the property rather than that of the class. It seems that it's no problem having the bugs reported in the .h files.
Reviewed By: ddino
Differential Revision: D2828005
fb-gh-sync-id: cf26549
Summary:
This will stop Infer from creating an `infer-out` directory when just running `infer`.
(I run `infer` without any arguments somewhat often to look at documenting.)
One downside to this is that there will be no logs when running Infer without any commands - is this bad?
Closes https://github.com/facebook/infer/pull/240
Reviewed By: cristianoc
Differential Revision: D2829752
Pulled By: jeremydubreil
fb-gh-sync-id: 6827ef9
Summary:
public
Reuse logic in cFrontend.ml to deal with nested structs. This allows to have less duplicated logic which will result
in less bugs.
As a bonus, it fixes the problem of nested template class (which wasn't be handled right).
And one random fix in c_type -> sil_type conversion (I'm amazed it worked before)
Reviewed By: dulmarod
Differential Revision: D2773687
fb-gh-sync-id: e312599
Summary:
public
In the case of Buck, the integration works by using the out directory of javac in order to store the analysis artifacts in the jar file. Making buck call:
infer -o infer_out -- javac -d classes_out ...
instead of every javac command is having no effect and is the same as Buck running:
infer -- javac -d classes_out ...
Reviewed By: sblackshear
Differential Revision: D2822642
fb-gh-sync-id: b13e067
Summary: public This map is the only reason we currently need to piggyback on the compiler. Once we have the map we should be able to point Infer at bytecodes + the map.
Reviewed By: jeremydubreil
Differential Revision: D2813110
fb-gh-sync-id: 91664de
Summary:
public
Get newest version of facebook-clang-plugin that replaces pointers from strings to ints.
Fix all compilation issues infer has
Reviewed By: jvillard
Differential Revision: D2815144
fb-gh-sync-id: e93d4b3
Summary:
public
CLocation.init_curr_source_file is now a no-op, so remove it.
Reviewed By: jvillard
Differential Revision: D2815238
fb-gh-sync-id: 00c8a08
Summary:
public
CLocation.current_source_file is always equal to DB.current_source, so
remove it.
Reviewed By: jvillard
Differential Revision: D2815236
fb-gh-sync-id: 9390d2b
Summary:
public
It seems that CLocation.current_source_file is always equal to
DB.current_source. This diff adds assertions to check this, as a
precondition for forthcoming diffs that simplify CLocation code.
Reviewed By: jvillard
Differential Revision: D2815231
fb-gh-sync-id: 88d1f32
Summary:
public
Fist resolve the method name based on the dynamic types found during the symbolic execution, then run the analysis on-demand with the resolved method name.
Reviewed By: cristianoc
Differential Revision: D2815744
fb-gh-sync-id: c55accd
Summary:
public
Add destructor calls on delete expression.
While not the most important, it is the simplest case of adding destructor calls.
This will help us in the future with more complex cases.
Reviewed By: ddino
Differential Revision: D2773483
fb-gh-sync-id: 4df9c73
Summary:
public
In the case of Java, the name of the method is enough to lookup the summary of the callees and run the symbolic execution. This revision separates the case of method call in Java and in C, C++ and Objective C. Most of the code for executing method calls was Clang specific and this is an intermediate step to be able to run the capture and analysis on demand.
Reviewed By: sblackshear
Differential Revision: D2809171
fb-gh-sync-id: da62dce
Summary:
public
Title - instead of just creating dot file in some location, include this information as part of bug description.
Reviewed By: ddino
Differential Revision: D2779941
fb-gh-sync-id: 6bfb02b
Summary:
public
Add extra field that will be used to store extra bug description
in dotty format. This will allow to create better bug reports for
bugs that require images to understand what is going on (such as
retain cycles or activity leaks)
Reviewed By: jeremydubreil
Differential Revision: D2779935
fb-gh-sync-id: d2ecc0d
Summary:
public
When reading from static fields, the translation was overwriting the list of class members with the list of static ones. The backend was only looking up fields from the list of non static fields.
Reviewed By: sblackshear
Differential Revision: D2801759
fb-gh-sync-id: fe8ed80
Summary:
public
While playing with the type environment for Java, I realised that the types in models.jar where not re-generated when modifying Infer. As a consequence, some changes in Infer where surprisingly having no effect. This diff forces the type environment to be absent when analyzing the models.
Reviewed By: sblackshear
Differential Revision: D2802517
fb-gh-sync-id: 1c2673a
Summary:
public
4feb93e91c disabled join of tuple values, but also of any two values of the same
type. However, we do know how to join integer values, so re-enable those.
Reviewed By: cristianoc
Differential Revision: D2803286
fb-gh-sync-id: 5bcc725
Summary:
public
Using Typename.t in the list of superclasses to match the type for the key of the type environment. This avoids to make back and forth convertions from typename to type (csu, mangled name).
Depends on D2786574
Reviewed By: jberdine
Differential Revision: D2792116
fb-gh-sync-id: 6100f1a
Summary:
public
This diff cleans up the detection of assertion failures in C, C++ and Objective C which was previously hacked on top of the tracing mode for Java. The code is also generalized to detect any custom errors which can be defined using the `__infer_fail` builtin, and the case of assertion failure is now just the specific case of translating `assert` using `__infer_fail` directly in the clang frontend.
Reviewed By: jberdine
Differential Revision: D2786574
fb-gh-sync-id: dd1e1cf
Summary:
public
It seems that restricting printing to stdout and stderr to developer
mode has broken InferPrint. So unconditionally turn developer mode on
in InferPrint.
Reviewed By: sblackshear
Differential Revision: D2786897
fb-gh-sync-id: 44b5772
Summary:
public
When building models, make was invoked explicitly with `make -j` rather
than with `$(MAKE)`. This prevented controlling parallelism from the
top-level make invocation.
Reviewed By: akotulski
Differential Revision: D2786812
fb-gh-sync-id: 7f6d58c
Summary:
public
Some functions were never used, and some other were always used with the same parameters
Reviewed By: sblackshear
Differential Revision: D2786118
fb-gh-sync-id: 666fba2
Summary:
public
The function Sil.get_typ was actually always call with the optional parameter being `Csu.Class`
Reviewed By: sblackshear
Differential Revision: D2786055
fb-gh-sync-id: 4337258
Summary:
public
The paramtere where defined as simple strings in the procedure description. This diff force the use of the Mangled module to avoid possible conflict when converting variable back and forth from string to pvar. The code is now more consistent as the local variable were already named using mangled names.
Reviewed By: jberdine
Differential Revision: D2782863
fb-gh-sync-id: 1867574
Summary:
public
Move the naming of types to it own module, so that it can be used by modules `Sil` depends from like `Procname`
Reviewed By: jberdine
Differential Revision: D2773148
fb-gh-sync-id: a89f595
Summary:
public
Move the representation of data-structure into it own module, so that it can be used by modules `Sil` depends from like `Procname`.
Reviewed By: jberdine
Differential Revision: D2772791
fb-gh-sync-id: cda4e3a
Summary: public In this example we now get a dangling pointer dereference, so contains exactly doesn't work.
Reviewed By: jvillard
Differential Revision: D2773769
fb-gh-sync-id: 64d1044
Summary: public The properties in those models needed to be made nonatomic.
Reviewed By: akotulski
Differential Revision: D2773650
fb-gh-sync-id: 903e7df
Summary:
public
Make Ast_utils.get_decl_from_typ_ptr function more forgiving.
It will return None instead of crashing when there is no decl for a given type.
This is done in prepratation to try to get destructor function of any type without crashing.
Reviewed By: dulmarod
Differential Revision: D2769302
fb-gh-sync-id: 7a9fcfe
Summary:
public
Factor resolving default parameters from common method/constructor translation function.
This is done in preparation to use same function for generating destructor calls.
Reviewed By: dulmarod
Differential Revision: D2769291
fb-gh-sync-id: 9c35cf8
Summary:
public
Treat destructors in the same way we treat methods/constructors.
It doesn't deal with inheritance/composition - we'll need to add calls to these
destructors later
Reviewed By: dulmarod
Differential Revision: D2769142
fb-gh-sync-id: b1c77e1
Summary: public Crashes during the analysis are classified as timeouts in the .specs file. In addition, when there is a timeout, it does not say *why* the timeout occurred (hard time, symops, or recursion). This diff adds this information to the .specs file and adds a "fail hard" mode where crashes and timeouts will actually stop the analysis in developer mode (but will still be hidden in the normal production mode).
Reviewed By: jeremydubreil
Differential Revision: D2725382
fb-gh-sync-id: b0b4e5e
Summary:
public
This fixes two things:
- `make -j9000` now works without crashing
- `make -C infer/src clang java` followed by `make -C infer/src clang` results
in a cached build the second time. Previously, a bug in ocamlbuild meant that
building infer/java would stomp over some files used by infer/clang, hence
infer/clang would get partially recompiled. More generally, alternating
between targets, or simply repeatedly calling `make` would result in unecessary
rebuilds.
Reviewed By: akotulski
Differential Revision: D2765544
fb-gh-sync-id: ecffdee
Summary: public Did this by adding an option to rearrange that turns of error reporting.
Reviewed By: dulmarod
Differential Revision: D2768396
fb-gh-sync-id: 4898d2d
Summary:
public
Infer would previously give confusing reports in the following case: two classes `foo.MyClass` defined in `MyClass.java` under directory `foo/` and `bar.MyClass` defined in file `MyClass.java` under `bar/` are compiled together in a single call to the Java compiler. Then the errors in `foo/MyClass.java` could potentially be reported in `bar/MyClass.java`, or the other way around.
The reason is: Infer starts the translation from the bytecode which only contains information about the base filename in the metadata. For example, both `foo.MyClass` and `bar.MyClass` will contains the information that the source file is `MyClass.java` but not the full path to the actual source file (hopefully).
In order to cope with this issue, this diff adds the possibility to read the package declaration from the source file so that we can map classes to the source files these classes are defined without ambiguity. In order to avoid having to open and read the source files when not necessary, the code will behave as before as long as no name conflict is found. Otherwise, it will only load and search for the package declaration when two or more sources files have the same basename but are defined in different subdirectories.
Closes t9395275
Reviewed By: jberdine
Differential Revision: D2763775
fb-gh-sync-id: 0adc1ac
Summary:
public
There was one oversight that caused frontend to mark C++ method as
objc instance method.
Reviewed By: dulmarod
Differential Revision: D2769060
fb-gh-sync-id: d7a92bc
Summary:
public To deal with ObjC nullability and give meaningful error
messages, we introduced the ObjC_NULL attribute in the symbolic execution to
mean that the object carrying the attribute is null because it was the result
of a method call from a null object. However, one cannot add attributes to null,
so we had to delay nullifying the object in order to have the attribute until we
can assign it to a program variable. However, if the temp variable was used in a condition,
we were not taking into account that its meaning is null. This diff addresses that and fixes
many FPs that we have encounter.
Reviewed By: ddino
Differential Revision: D2765167
fb-gh-sync-id: c0878dd
Summary:
public
Generating .annot files is expensive. Add a configure option to disable them:
./configure --disable-ocaml-annot
./configure --disable-ocaml-bin-annot
(the latter is more for completeness, as bin-annot are not very expensive to
generate)
`make` is 30% faster without annot files. Unless you use Eclipse you shouldn't
need them.
Reviewed By: jeremydubreil
Differential Revision: D2765508
fb-gh-sync-id: 086bc39
Summary: public First in a series of diffs fixing the __nullable checker for obj-c, which currently reports false positives on property accesses via getters and setters. To fix this problem, we need a special implementation of letderef and set for property accesses that don't report NPE errors. Factoring out the execution of these instructions from the main symbolic executor will make this easier.
Reviewed By: jeremydubreil
Differential Revision: D2763923
fb-gh-sync-id: 883a184
Summary:
public
`json.dump` does not have the same number of arguments in 2.7.3 and 2.7.9. Fix
this by naming the optional parameters explicitly.
Reviewed By: akotulski
Differential Revision: D2760579
fb-gh-sync-id: 7ebc69e
Summary:
public
This configure option disables building the java analysis and the associated
checks.
Refactor infer/src/Makefile.in to better isolate the Java-specific ocamlfind
dependencies.
Reviewed By: jeremydubreil
Differential Revision: D2712921
fb-gh-sync-id: 08077c2
Summary:
public
This moves the hardcoded version numbers in one place and simplifies the logic
to compute the version a bit.
Reviewed By: jberdine
Differential Revision: D2759779
fb-gh-sync-id: 0e4d3c1
Summary:
public Remove property of maps and make sure that we add to the tenv the property attributes
by folowing the link between the property and the corresponding ivar.
Reviewed By: ddino
Differential Revision: D2755887
fb-gh-sync-id: beeecaf
Summary:
public
Remove trans_state.parent_line_number because it's not used anymore.
This slightly cleans up codebase
Reviewed By: ddino
Differential Revision: D2755050
fb-gh-sync-id: b1b7e8e
Summary:
public
The contravariant subtyping rule for the PerformanceCritial annotation was meant to document the code but can be very too verbose on exisiting project. It is also not necessary as we can get this annotation from the supertypes. I am disabling it for now, but keep the code in case we want to revive it at some point in the future.
Reviewed By: sblackshear
Differential Revision: D2750212
fb-gh-sync-id: 2424281
Summary:
public
Lines other than the first of multi-line comments in non-ocaml files
were flush right instead of aligned.
Reviewed By: jvillard
Differential Revision: D2739752
fb-gh-sync-id: c85f56e
Summary:
public
The function `Procname.to_simplified_string ~withclass:true` used to print `MyClass.MyClass()` when printing the name of a Java constructor. It now prints `MyClass()`.
I made a separate diff for this changes as it affects the bug hash, especially for resource leaks.
Reviewed By: sblackshear
Differential Revision: D2748661
fb-gh-sync-id: 9f51871
Summary:
public
It is possible to return null according to
http://docs.oracle.com/javase/7/docs/api/java/lang/Class.html#getResource(java.lang.String).
Also, getResource throws NPE if passed null:
$ cat -n TestClassGetResourceArgument.java
1 import java.net.URL;
2
3 public class TestClassGetResourceArgument {
4
5 static URL testClassGetResourceArgument(Class cls) {
6 return cls.getResource(null);
7 }
8
9 public static void main(String[] args) {
10 System.out.println(testClassGetResourceArgument("".getClass()).toString());
11 }
12
13 }
$ javac TestClassGetResourceArgument.java && java TestClassGetResourceArgument
Exception in thread "main" java.lang.NullPointerException
at sun.misc.MetaIndex.mayContain(MetaIndex.java:243)
at sun.misc.URLClassPath$JarLoader.getResource(URLClassPath.java:830)
at sun.misc.URLClassPath.getResource(URLClassPath.java:199)
at sun.misc.URLClassPath.getResource(URLClassPath.java:251)
at java.lang.ClassLoader.getBootstrapResource(ClassLoader.java:1305)
at java.lang.ClassLoader.getResource(ClassLoader.java:1144)
at java.lang.ClassLoader.getResource(ClassLoader.java:1142)
at java.lang.ClassLoader.getSystemResource(ClassLoader.java:1267)
at java.lang.Class.getResource(Class.java:2145)
at TestClassGetResourceArgument.testClassGetResourceArgument(TestClassGetResourceArgument.java:6)
at TestClassGetResourceArgument.main(TestClassGetResourceArgument.java:10)
Reviewed By: cristianoc
Differential Revision: D2752301
fb-gh-sync-id: 888baf1
Summary:
public
Remove double negation in test check as per jrm's comment on D2695548.
Reviewed By: jeremydubreil
Differential Revision: D2743862
fb-gh-sync-id: d7cc0d0
Summary:
public there was a problem with
templated method names that had '/' in its names.
This happened for names like this: `method_name<(anonymous lambda in path/to/src:1:1)>`
Plus random fix to backend logging
Reviewed By: dulmarod
Differential Revision: D2749359
fb-gh-sync-id: b9a0fcd
Summary:
public
version.ml changes at each commit, which triggers the recompilation of all .ml
files that depend on it. Adding version.mli should prevent that.
Reviewed By: jberdine
Differential Revision: D2748986
fb-gh-sync-id: 5a59a14
Summary:
public This info is based on clang's pointers so it should be more accurate. Also we want to remove the
property map.
Reviewed By: ddino
Differential Revision: D2739487
fb-gh-sync-id: 6be620a
Summary:
public
Avoid the analysis to fail when the type of an exception cannot be found in the type environement
Reviewed By: sblackshear
Differential Revision: D2743015
fb-gh-sync-id: 7b922eb
Summary:
public
Added special modelling for m.put(k,v) as assigning value v to map m at key k.
The modelling is analogous to the one for containsKey: the variable used to represent m.get(k) is generated, and assigned the value v.
Reviewed By: jberdine
Differential Revision: D2743844
fb-gh-sync-id: 56d3581
Summary:
public
Change the contructor names to a more standard capitalisation style + remove some dead code
Reviewed By: sblackshear
Differential Revision: D2738157
fb-gh-sync-id: 6d9734b
Summary:
Change eradicate handling of complex values so that an unknown function that
has an existing mapping to Undef is treated as if there was no existing
mapping.
Without this change, joining control-flow branches where one called a function
and the other did not resulted in a mapping to Undef. Later calls to the
function would then reuse the Undef mapping.
public
Reviewed By: cristianoc
Differential Revision: D2695548
fb-gh-sync-id: ab69c47
Summary:
public Prepare to use integers as pointers (as opposed to strings right now).
This should speed decl/type map lookup and there are no real downsides.
In order to preserve all knowledge we have right now, use following semantics for pointer values
clang pointer - its value is greater than 0
invalid pointer - its value is 0
internal pointer - its value is smaller than 0
Reviewed By: jvillard
Differential Revision: D2739419
fb-gh-sync-id: d264c28
Summary:
public The concept of generated method is not used anymore, so it is removed.
In general, I think we have noticed that generating code in the frontend is not the best
idea because it decreases performance, it's better to do it in the backend like with the
getters/setters.
Reviewed By: akotulski
Differential Revision: D2739142
fb-gh-sync-id: 0cf9535
Summary:
public This continues the work on adding builtins for getters and setters
and removing the generated code from the frontend. This is extending it to setters and
removing the preanalysis that is no longer needed.
Reviewed By: akotulski
Differential Revision: D2734499
fb-gh-sync-id: 7cf5749
Summary:
public
After supporting template classes and template functions, it's time
to support template methods (they are very similar to template functions)
Reviewed By: dulmarod
Differential Revision: D2734807
fb-gh-sync-id: 41c7f96
Summary:
public some of the code was repeated. Make the function shorter
by merging some cases
Reviewed By: dulmarod
Differential Revision: D2734056
fb-gh-sync-id: c84f04c
Summary:
public
Add support for decl statements inside condition of switch statement
Reviewed By: ddino
Differential Revision: D2734213
fb-gh-sync-id: d60021d
Summary:
public
Change semantics of res_trans_cond inside switchStmt_trans to include
condition node (as opposed to children nodes only).
This way, meaning will be consistent with conditions inside if and while
Reviewed By: ddino
Differential Revision: D2734185
fb-gh-sync-id: 866eee2
Summary:
public
In case of compilation error, ocaml would helpfully warn about irrelevant stuff
because infer doesn't look like an ocamlbuild project. Make it look like one.
Reviewed By: jberdine
Differential Revision: D2734392
fb-gh-sync-id: 9761eff
Summary:
public The ivar corresponding to the property is only available in the ast when the
implementation of the peroperty is available. Otherwise we add an ivar with the correct type
and the default name to the tenv and use it in the getter (and later in the setter).
This was not causing crashes because the generated code was swallowing the Missing_fld exception.
Now it flags it.
Reviewed By: akotulski
Differential Revision: D2734217
fb-gh-sync-id: 21c62af
Summary:
public
Use generic location visitor from facebook-clang-plugins
Therefore, there is no need to write our custom visitor which is hard to maintain
This introduces some level of magic, but makes it easier to maintain the code.
Reviewed By: jvillard
Differential Revision: D2734282
fb-gh-sync-id: ed9711a
Summary:
public
Update fcp, changes:
1. decl_ref from ObjcPropertyDecl to IvarDecl
2. Export location information in macro expansion, not macro definition
Reviewed By: dulmarod, jvillard
Differential Revision: D2733967
fb-gh-sync-id: 7d8ce00
Summary:
public
Conditional operator in C++ allows to return lvalues as a result of the operator.
Make infer frontend smart enough to detect when that happens and treat this
case correctly
Reviewed By: ddino
Differential Revision: D2729468
fb-gh-sync-id: f4a110d
Summary:
public Using the new information from the plugin that links method decls in objc with their
properties if they are getters. Setters to be done in next diff.
Reviewed By: ddino
Differential Revision: D2729511
fb-gh-sync-id: dc58894
Summary:
public
The resource leak warning messages can sometimes be confusing especially when several type of resources are involved in the code where the warning is reported. This diff adds the class name of the resource being leaked to the error message.
Reviewed By: sblackshear
Differential Revision: D2706538
fb-gh-sync-id: ccf364e
Summary:
public
The case when a resource leaks is reported because the the resource was not closed on the execution branch created by the preconditions checks are not very interesting in practice because the exceptions thrown, either `NullPointerException` or `IllegalStateException` are very rarely caught anyway. So the legimate use of preconditions checks is creating spurious resource leak reports.
Reviewed By: sblackshear
Differential Revision: D2707227
fb-gh-sync-id: 6aece73
Summary: public so that we don't introduce more string mutations in the future.
Reviewed By: jberdine
Differential Revision: D2729167
fb-gh-sync-id: 746319a
Summary:
public
Add the backwards-compatibility Bytes module if we detect OCaml version <
4.02.0.
Reviewed By: jberdine
Differential Revision: D2728924
fb-gh-sync-id: 39cf76b
Summary:
public This puts the bugs found with the checker strong delegate to a dummy method.
The error message will appear in the line of the class implementation definition, since the properties
are likely to be defined in the h file, and getting the reporting in a file that is not the current is
difficult.
Reviewed By: ddino
Differential Revision: D2718016
fb-gh-sync-id: 66273a4
Summary:
public
Modify do_branch inside conditionalOperator_trans:
1. Remove TempJoinNode optimization - instead create join node as usually. It produces one more node, but it's much cleaner
2. Claim priority inside do_branch instead of appending instructions to node created by children
3. Use compute_results_to_parent to some extent
4. Random changes to loop_instruction and trans_assertion_failure to make tests pass
Reviewed By: ddino
Differential Revision: D2708076
fb-gh-sync-id: d429167
Summary:
public
Use the autotools to generate some of the info used in infer/src/Makefile.
Reviewed By: jeremydubreil
Differential Revision: D2703752
fb-gh-sync-id: 59090b2
Summary:
public
Use autoconf's detection of xcode-select to decide whether to build the ObjC
models or not.
Reviewed By: jeremydubreil
Differential Revision: D2703864
fb-gh-sync-id: e6dadca
Summary:
public
Generate infer/Makefile from infer/Makefile.in to use make from autoconf.
Reviewed By: jeremydubreil
Differential Revision: D2703102
fb-gh-sync-id: ee22395
Summary:
public
Create Makefile.config.in to hold paths to various source directories used
in infer/annotations/Makefile.
Reviewed By: jeremydubreil
Differential Revision: D2702986
fb-gh-sync-id: b5eb5bf
Summary:
public
Read definitions of C++ function template specializations. Infer still doesn't work correctly for template methods, it will be addressed later
Reviewed By: dulmarod
Differential Revision: D2707411
fb-gh-sync-id: 6072796
Summary: public This only supports parameters for now, but should be easy to extend to return values and fields. The work of this diff is all in the translation--the task of finding annotations and doing the actual checking is handled by existing code.
Reviewed By: akotulski
Differential Revision: D2706791
fb-gh-sync-id: 0d706a8
Summary: public These two functions were doing very same things.
After last refactor code of both functions started to look very similar.
Reviewed By: dulmarod
Differential Revision: D2707502
fb-gh-sync-id: b0559a3
Summary: public
We were generating getters and setters in the frontend, and then removing them if they were not needed
in the preanalysis. This diff adds a builtin getter that gets called if we are going to skip the function. That
means, if there was a getter written by the developers we still use that one rather than the builtin.
Code for setter and cleanup of preanalysis will come in a next diff.
Reviewed By: jvillard
Differential Revision: D2702890
fb-gh-sync-id: d65f25e
Summary: public
New version:
dumps template function specializations
does some changes to setup/makefiles to make them better
Reviewed By: jvillard
Differential Revision: D2707355
fb-gh-sync-id: 0213138
Summary: public
Since we are only running the analysis on the Buck targets that are of type java_library or android_library, it may happen that the filtering gives an empty list of targets.
This diff does two things:
1) it filters out the empty strings `''` that can be returned when parsing the `buck query` command, and
2) skip the analysis when the list of targets to analyze is empty.
It also fixes the debug output for the list of targets to analyze, which was previously always printing the list of targets passed in the command line argument, which led for this issue to be unoticed even though it may have been there for a while already.
Reviewed By: sblackshear
Differential Revision: D2704949
fb-gh-sync-id: 83c62d8
Summary: public
The method `android.view.View.findViewById` and should not be run performance critical parts of the code like scrolling.
Reviewed By: sblackshear
Differential Revision: D2698196
fb-gh-sync-id: 2716ad7
Summary: public
With this change it will be possible to instruct Buck to not analyze certain files whose names match
with the regex passed in input.
So for example if you want to skip the analysis of files containing `skip_me` on their names, then
the command:
infer --use-flavors --blacklist-regex ".*skip_me.*" -- buck build <target-name>
will do it, because the `.*skip_me.*` regex will match the desired rule.
Reviewed By: jvillard
Differential Revision: D2702872
fb-gh-sync-id: 498b17b
Summary: public
Refactor how propositions are created from prune nodes, especially for
inequalities.
Reviewed By: cristianoc
Differential Revision: D2700119
fb-gh-sync-id: 86a70a3
Summary: public
Use PriorityNode.compute_results_to_parent in BinaryOperator_trans.
There is no functional change intended
Reviewed By: ddino
Differential Revision: D2696382
fb-gh-sync-id: 4e75761
Summary: public
Refactor compute_results_to_parent to call collect_res_trans directly there.
So the job of PriorityNode.compute_results_to_parent is the following:
Given list of [res_trans_1; res_trans_2; ... ; res_trans_n],
1. Connect nodes linearly (ie. res_trans_1 with res_trans_2, res_trans_2 with res_trans_3) etc.
If res_trans_k has no nodes, try connecting res_trans_k-1 with res_trans_k+1 (this is what collect_res_trans always did)
2. Collect all ids, instrs and exps into one res_trans
3. Create node if needed and put there same ids and instrs as usual.
4. Connect new node with existing ones
4. Return new node structrue with exps = []
This will make function usable in more places so we don't have to create nodes over and over again
Reviewed By: ddino
Differential Revision: D2696351
fb-gh-sync-id: 9f4a9b4
Summary: public Make it uniform with other function call translations. This is just reordering, no functional change intended
Reviewed By: dulmarod
Differential Revision: D2696370
fb-gh-sync-id: 63656e3
Summary: public
Nodes in these functions can be created later (after translation of subexpressions is done).
Change triggers many differences in .dot files, but they are all about different numbering of
nodes.
There is no functional change in this diff.
Reviewed By: dulmarod
Differential Revision: D2699703
fb-gh-sync-id: a7b8d2a
Summary: public
In both functions, there is no need to pass anything in succ_nodes since nodes will be connected later anyway.
This will allow to create node later (will be done in separate diff)
Reviewed By: dulmarod
Differential Revision: D2699693
fb-gh-sync-id: 4396d31
Summary: public
Add qualifiers to global varible names. It affects both
normal global vars and class static fields
Reviewed By: dulmarod
Differential Revision: D2699927
fb-gh-sync-id: 1471faf
Summary: public
`this` can't be null in C++ methods, make backend aware of it.
Behavior for other languages remains the same
Reviewed By: dulmarod
Differential Revision: D2668945
fb-gh-sync-id: c85acbf
Summary: public Turn off this 'feature' without killing the code (yet)
We should be fine without it due to CAstProcessor that populates all location information.
Reviewed By: dulmarod
Differential Revision: D2699651
fb-gh-sync-id: cd7a184
Summary: public
Infer gets confused with this cast. It happens when objects try
to access superclass field/method, but we shouldn't change type in
this case (for the sake of backend)
Reviewed By: dulmarod
Differential Revision: D2663905
fb-gh-sync-id: bbf1cb2
Summary: public
I realized that this code was returning false for `android.content.Context <: android.content.Context`.
Reviewed By: cristianoc
Differential Revision: D2699112
fb-gh-sync-id: 4c01c42
Summary: public
This allows to run the checker and get feedback about potential expensive call stacks without having to annotate first all the methods that are overriding PerofrmanceCritical-annotated methods
Reviewed By: cristianoc
Differential Revision: D2693556
fb-gh-sync-id: cb60278
Summary: public
When merging json reports from different buck targets, the same bug may be
reported several times.
Clean up some bug sorting functions while I'm at it.
Reviewed By: martinoluca
Differential Revision: D2690665
fb-gh-sync-id: 4a12072
Summary: public
Currently payloads for different analyses are stored in a disjoint union.
After this diff, a record is used to enable running different analyses using the same spec files.
Reviewed By: jvillard
Differential Revision: D2695566
fb-gh-sync-id: 3d2886d
Summary: public Translate template instantiations exported by clang.
There is no need to deal with templated code - clang creates one class
for each implementation.
Reviewed By: dulmarod
Differential Revision: D2686269
fb-gh-sync-id: 9249a00
Summary: public
Not finding C++ method in decl map was considered impossible to happen.
It turns out it can happen because ast exporter wasn't exporting template
instantiations.
So instead, pick a default when method decl is not found. This will be right in
most cases and will allow us to analyze rest of the function without crashing
frontend
Reviewed By: dulmarod
Differential Revision: D2695653
fb-gh-sync-id: 4077c59
Summary: public
Using clang's method resolution. This means that, in method calls, clang gives you a pointer to the declaration of the method.
In some cases though, clang doesn't find the right method. For example, when it finds a method in a category, we
need to make it into a method in the corresponding class, because that's how we treat categories in Infer. Moreover,
when it finds a method in a protocol, that is not useful for us, since the implementation will be in some class. Finally,
sometimes the call is on an object of type id, in which case clang doesn't know what is the correct declaration. In
those cases, we fall back to what we were doing before of approximating the method resolution. We also refactor
some of the code.
Reviewed By: akotulski
Differential Revision: D2679766
fb-gh-sync-id: b79bb85
Summary: public
-Wno-error flag doesn't turn off errors which were turned on using -Werror=$WARN_TYPE.
In order to turn these off we'd have to add -Wno-error=$WARN_TYPE for each warning type.
So instead, turn off all warnings so they can't get elevated to error
Reviewed By: jvillard
Differential Revision: D2690810
fb-gh-sync-id: 7d6611f
Summary: public
Support MaterializeTemporaryExpr which happens often in real life C++.
For example, it will happen in this code:
std::vector<int> v;
v.push_back(1);
// it's because std::vector<int>::push_back(const int &)
Strategy is to create variable that will store value of init expression (to provide storage)
and then return variable as a result of an expression
Reviewed By: ddino
Differential Revision: D2674340
fb-gh-sync-id: 077ed6a
Summary: public
Refactor reporting of errors to enhance readability and reuse.
Reviewed By: jeremydubreil
Differential Revision: D2679676
fb-gh-sync-id: f4c1cba
Summary: public
Update facebook-clang-plugins. Changes:
- [major] new clang
- dump class template instantiations
- change naming for qual names of anonymous structs
Changes are due to:
1. Different setter properties are exported for defaults (more correct). Fix the test that was wrong
2. New unary operator type
3. Naming for qual names changed
Reviewed By: jvillard
Differential Revision: D2685734
fb-gh-sync-id: f2c568a
Summary: public
Use the analysis summary to store call stacks from PerformanceCritical-annotated methods to Expensive-annotated methods.
This use the on demand scheduling in order to make sure that the summary of the callee is always analyzed before the callers.
Reviewed By: cristianoc
Differential Revision: D2685347
fb-gh-sync-id: ab403d9
Summary: public
With this change, it will be possible to pass to InferAnalyze a list of folders to be
searched for spec files, through a file containing those paths, separated by the newline
character.
For example, if there's a `PathList.txt` file containing
/path/to/specs/folder1
/path/to/specs/folder2
/path/to/specs/folder3
Then invoking `infer --specs-dir-list-file PathList.txt [--other_args, ...] -- <build_cmd>`
will instruct the analyzer to lookup to those three folders whenever it searches for specs.
It's important to note that since the analyzer runs in parallel from different locations, it's necessary to pass **absolute** paths, or the analyzer will fail with an error.
Reviewed By: jvillard
Differential Revision: D2668700
fb-gh-sync-id: b407a57
Summary: public
Translate C++ overloaded operator calls. AST of their children looks slightly differently
which means that we have to be more permissive in params_trans.exps.
Difference:
CXXMemberCallExpr:
MemberExpr:
'ThisExpr' (it's part of method decl ref evaluation)
MethodDeclRef
Param1
Param2
...
CXXOperatorCallExpr
MethodDeclRef/FunctionDeclRef
'ThisExpr' (it's part of parameters list evaluation)
Param1
Param2
...
Reviewed By: dulmarod
Differential Revision: D2679503
fb-gh-sync-id: 1437f73
Summary: public
For some reason OpaqueValueExpr has extra field with subexpressions. Visit it when assigning location information
Reviewed By: dulmarod
Differential Revision: D2674708
fb-gh-sync-id: b91e142
Summary: public
We forgot that BlockExpr has BlockDecl inside, we need to visit it as well and assign proper location information to block body
Reviewed By: dulmarod
Differential Revision: D2565045
fb-gh-sync-id: c821a28
Summary: public
Add support for translation and calling c++ static methods.
They can be called in two ways:
ClassName::method()
classInstance.method()
Both of them have the same meaning, but AST produced is different
Reviewed By: dulmarod
Differential Revision: D2636489
fb-gh-sync-id: 9294a3f
Summary: public
Some more examples to explain the behaviour of the type checker with inheritance
Reviewed By: cristianoc
Differential Revision: D2639908
fb-gh-sync-id: d038061
Summary: public
I previously change this for transitive calls to Expensive-annotated methods but forgot to do the same when enforcing the subtyping rules
Reviewed By: cristianoc
Differential Revision: D2667142
fb-gh-sync-id: 0de5a34
Summary: public Plugin already exports fully qualified name, we don't need
to reconstruct it in ocaml again.
It wasn't used anywhere so this diff shouldn't change any behavior
Reviewed By: dulmarod
Differential Revision: D2668588
fb-gh-sync-id: 1ed1d61
Summary: public
New qual_name exporting logic in facebook-clang-plugins handles anonymous
classes in much better way. This allows us to simplify name generation for
classes that don't rely on a type of the object (which could be wrong for
methods from superclasses).
Reviewed By: dulmarod
Differential Revision: D2663810
fb-gh-sync-id: 08146b8
Summary: public
The static and global variables used in blocks don't appear in the ast as captured.
We need them however to try and find retain cycles involving those variables.
This diff adds a way of collecting the static variables used in blocks and treat them
like we treat other captured variables to find retain cycles.
Reviewed By: ddino
Differential Revision: D2663727
fb-gh-sync-id: d5b44ec
Summary: public
The classes `java.util.zip.{Inflater/Deflater}` where not modelled as resources. In practice, bad memory leak can happen using these classes and forcing the call to `end()` can help to avoid waisting native memory.
Reviewed By: sblackshear
Differential Revision: D2661249
fb-gh-sync-id: 1e33316
Summary: public
The main objective here is to reduce the list of changes as much as possible to that the change set in the JSON base case only relates to the changes in Infer
Reviewed By: sblackshear
Differential Revision: D2661085
fb-gh-sync-id: 113a695
Summary: Add possibility of throwing IOException to model of
java.nio.channels.FileChannel.tryLock, and add test case.
public
Reviewed By: cristianoc
Differential Revision: D2658203
fb-gh-sync-id: 9ca9c02
Summary: public Fix oversight where fields of base classes were
not exported.
Reviewed By: dulmarod
Differential Revision: D2652218
fb-gh-sync-id: 75b93ed
Summary: public
This function is useful to understand how infer prints reports, it's worth
cleaning it up a notch.
Reviewed By: jeremydubreil
Differential Revision: D2646878
fb-gh-sync-id: 2ecd894
Summary: Add models of the java.nio.channels.FileChannel.tryLock methods which can
return null according to the java docs.
public
Reviewed By: sblackshear, cristianoc
Differential Revision: D2650050
fb-gh-sync-id: ae6c8ce
Summary: Express model of java.io.File.listFiles using InferUndefined.object_undefined
instead of new File[...].
public
Reviewed By: jeremydubreil, sblackshear
Differential Revision: D2649406
fb-gh-sync-id: 93c5bb5
Summary: public
When method was called from within other method,
the type of `this` parameter didn't have pointer in type.
This was due to wrong logic that stripped pointer out of the
type.
We still need to strip the type when dereferencing reference variable.
Reviewed By: dulmarod
Differential Revision: D2652012
fb-gh-sync-id: 44552ac
Summary: public so that we don't get thousands of memory leaks in debug mode.
We will still get them if we pass ml_bucket internal.
Reviewed By: jvillard
Differential Revision: D2648200
fb-gh-sync-id: 8dce66f
Summary: public
Move dealing with init expressions from VarDecl_trans to standalone function.
This will be useful for constructor initializer.
I didn't improve anything, just moved stuff around so that no test breaks.
Main change is that we pass Sil code responsible for LHS (var dereference) as
result_trans.
Currently we assume that var_result_trans will have no nodes, no instructions,
no ids. This is true for current usages (it's always Sil.Lvar expression), but in the future it
will change.
Reviewed By: dulmarod
Differential Revision: D2647108
fb-gh-sync-id: cae60b6
Summary: public Categories are now also only translated on demand.
For this we needed links from the class to the categories which we have
now.
Reviewed By: akotulski
Differential Revision: D2647072
fb-gh-sync-id: 4afdf5f
Summary: public
Load and store the inferred attributes on the analysis summaries. The next step is to use the call stack from performance critical methods to expensive methods form the summary payload instead of modifying the attributes.
Reviewed By: sblackshear, cristianoc
Differential Revision: D2644530
fb-gh-sync-id: b99a8e3
Summary: public
This is the first of a series of patches that reorganise the inferlib package
into a bunch of smaller modules.
Reviewed By: martinoluca
Differential Revision: D2641917
fb-gh-sync-id: 19788b5
Summary: public
returnStmt_trans adds all ids and instrs to its node. It shouldn't return them to parent then.
Reviewed By: dulmarod
Differential Revision: D2636829
fb-gh-sync-id: eb554b9
Summary: public This diff changes the way we treat enums in Infer.
1. The semantics of the translation is now correct, it was a bit incorrect before.
2. We don't add the enum types to the tenv anymore, which saves a lot of disk space
and avoids errors in the backend dealing with the enum type.
Reviewed By: akotulski
Differential Revision: D2641903
fb-gh-sync-id: 6295e5f
Summary: public
but keep the copy-pastability by wrapping the list into a small standalone
script that can be copy-pasted on the command line.
Reviewed By: jeremydubreil
Differential Revision: D2636536
fb-gh-sync-id: 7c689e2
Summary: public
These were only present in a few files. Could be added back on all files if
someone uses them.
Reviewed By: martinoluca
Differential Revision: D2646803
fb-gh-sync-id: edd6c43
Summary: public
We should be able to distinguish if a method is annotated with Expensive and has been automatically annotated as calling an expensive method using internally the annotation CallsExpensive in the later case.
Reviewed By: cristianoc
Differential Revision: D2640478
fb-gh-sync-id: 32a7ee9
Summary: public
This also fixes an issue with utf-8 in source code, as the csv report filters
out non-ascii characters.
Reviewed By: akotulski
Differential Revision: D2641727
fb-gh-sync-id: 3ca6dc6
Summary: public
This adds the following subtyping rules:
- methods that are not annotated with Expensive cannot be overwritten by a method annotated with Expensive
- methods annotated with PerformanceCritical must be overwitten by method annotated with PerformanceCritical
Reviewed By: cristianoc
Differential Revision: D2636076
fb-gh-sync-id: eb616c9
Summary: public
Just works by running the analysis bottom-up and promoting any method as virtually annotated with `Expensive` whenever one of its callee is annotated with `Expensive`
Reviewed By: cristianoc
Differential Revision: D2635242
fb-gh-sync-id: 4401be6
Summary: public
The jar file of the models was opened twice before. This should reduce a little bit the IO of the capture.
Reviewed By: cristianoc
Differential Revision: D2626251
fb-gh-sync-id: 310bef4
Summary: public
This should avoid confusion between the toplevel "infer" python script and
inferlib/infer.py.
Reviewed By: jeremydubreil
Differential Revision: D2637087
fb-gh-sync-id: 82ce2a4
Summary: public
Print "Capturing..." message, and some info in case it fails, eg:
$ cd examples/android_hello/
$ infer -- ./gradlew build
Running and capturing gradle compilation...
[... stuff ...]
$ infer -- ./gradlew build
Running and capturing gradle compilation...
Nothing to compile. Try running `./gradlew clean` first.
Reviewed By: jeremydubreil
Differential Revision: D2637024
fb-gh-sync-id: 0e8867d
Summary: public
When analysing projects we would not always display the numbers of procs and
files analysed. This fixes it, and also prints the stats before the reports for
readability. This way we also don't need to print "Analysis done" anymore.
Before:
$ infer -- gcc -c hello.c
Starting analysis (Infer version git-436690cf022a16313dda8447121a5934529e6e5c)
Analysis done
hello.c:5: error: NULL_DEREFERENCE
pointer s last assigned on line 4 could be null and is dereferenced at line 5, column 3
3. void test() {
4. int *s = NULL;
5. > *s = 42;
6. }
After:
$ infer -- gcc -c hello.c
Starting analysis (Infer version git-5b7ff3ac10d58e7ffd17c44574ab330ed07cb188)
Computing dependencies... 100%
Analyzing 1 cluster. 100%
Analyzed 1 procedure in 1 file
Found 1 issue
hello.c:5: error: NULL_DEREFERENCE
pointer s last assigned on line 4 could be null and is dereferenced at line 5, column 3
3. void test() {
4. int *s = NULL;
5. > *s = 42;
6. }
Also looked at the results on buck and gradle
Reviewed By: cristianoc
Differential Revision: D2636991
fb-gh-sync-id: 32b9a7c
Summary: public
This cleans up the output of infer. Before:
$ touch empty.c
$ infer -- gcc -c empty.c
Starting analysis (Infer version git-436690cf022a16313dda8447121a5934529e6e5c)
Analysis done
No issues found
$ infer -- javac Hello.java
Starting analysis (Infer version git-436690cf022a16313dda8447121a5934529e6e5c)
Analysis done
Hello.java:4: error: NULL_DEREFERENCE
object s last assigned on line 3 could be null and is dereferenced at line 4
2. int test() {
3. String s = null;
4. > return s.length();
5. }
6. }
Analyzed 2 procedures in 1 file
$
After:
$ infer -- gcc -c empty.c
Starting analysis (Infer version git-434faa7f70f6b9498615d3ead8c12bcfec6fc553)
Analyzing 0 clusters
Analysis done
No issues found
$ infer -- javac Hello.java
Starting analysis (Infer version git-434faa7f70f6b9498615d3ead8c12bcfec6fc553)
Computing dependencies... 100%
Analyzing 1 cluster. 100%
Analysis done
Found 1 issue
Hello.java:4: error: NULL_DEREFERENCE
object s last assigned on line 3 could be null and is dereferenced at line 4
2. int test() {
3. String s = null;
4. > return s.length();
5. }
6. }
Analyzed 2 procedures in 1 file
$
Also tested with buck, gradle.
Reviewed By: cristianoc
Differential Revision: D2636969
fb-gh-sync-id: 52f06f0
Summary: public
Use InferPrint to generate infer-out/report.json instead of converting
infer-out/report.csv. The json may soon contain more info than the CSV.
Reviewed By: jeremydubreil
Differential Revision: D2603775
fb-gh-sync-id: f141dfe
Summary: public
C++ allows to have one variable declared+initialized as a condition statement.
Handle these cases properly for `if` and `while` statements.
Reviewed By: dulmarod
Differential Revision: D2625774
fb-gh-sync-id: bac95b8
Summary: public Buck prints all the output at once and it doesn't look good. So we should not print the progress bar in the tests.
Reviewed By: jvillard
Differential Revision: D2631722
fb-gh-sync-id: 5460a70
Summary: public
This is an initial version of the Expensive checker which only report violations on direct calls. The main objective is to setup all the files for this new checker.
The next steps are:
1) run the checker in interprocedural mode
2) Save in the summary of a method foo() the annotation attribute Expensive if a direct callee of foo is annotated with Expensive
3) Check that Expensive is enforced by subtyping, i.e. check that non-expensive method cannot be overwritten by a method annotated with Expensive
Reviewed By: cristianoc
Differential Revision: D2629947
fb-gh-sync-id: 0e06f85
Summary: public
paths look a bit silly prior to this diff, as they go up from infer/ to go back
into infer/ right away, eg:
/home/jul/infer/infer/lib/python/inferlib/../../../../infer/lib/java/processor.jar
This changes this path to the less silly:
/home/jul/infer/infer/lib/python/inferlib/../../../lib/java/processor.jar"
Reviewed By: martinoluca
Differential Revision: D2631775
fb-gh-sync-id: 6df5d4d
Summary: public
This makes it a bit easier to diagnose errors. This is how it looks:
infer -- javac IDontExist.java
"javac" "-g" "-cp" "/home/jul/infer/infer/lib/python/inferlib/../../../../infer/lib/java/processor.jar" "-d" "/home/jul/infer/examples" "IDontExist.java" "-J-Duser.language=en"
This is how it used to look:
['javac', '-g', '-cp', u'/home/jul/code/infer/infer/bin/../lib/java/processor.jar', '-d', '/home/jul/infer/examples', 'IDontExist.java', '-J-Duser.language=en']
Reviewed By: jberdine
Differential Revision: D2631698
fb-gh-sync-id: 09903df
Summary: public
Add colored output if pygments is installed on the system.
Reviewed By: cristianoc
Differential Revision: D2601509
fb-gh-sync-id: 0fa8e9f
Summary: public
Now that we have modules, we can gather string constants in one place only.
Reviewed By: jeremydubreil
Differential Revision: D2615791
fb-gh-sync-id: 7cc21e4
Summary: public
This unclutters infer/bin/ and gives more structure to infer/lib/
Reviewed By: jeremydubreil
Differential Revision: D2605809
fb-gh-sync-id: 508fc2c
Summary: public
Adding a progress bar to the analysis phase to check progress.
The progress bar for the analysing procedures part is just printing dots at the moment and will be
improved soon when we do all the multithreading inside Ocaml.
There is also a no_progress_bar option in the scripts to hide it, for instance in CI.
Reviewed By: cristianoc
Differential Revision: D2625763
fb-gh-sync-id: daf6f96
Summary: public
This is a non-functional refactoring to add a flag to trigger the translation of the procedure description of callees. This allows to check in which cases we still need to procedure description of callees to run the analysis.
Reviewed By: cristianoc
Differential Revision: D2620402
fb-gh-sync-id: 7ef5b5f
Summary: public
Translate CXXConstructExpr that are parts of variable initialization.
Reviewed By: dulmarod
Differential Revision: D2570750
fb-gh-sync-id: 708a457
Summary: public
Type of `this` argument to c++ method call has pointer type.
It's either raw pointer (for `->`) or reference (for `.`).
It was already correct in method declaration and method parameters, but it wasn't correct in method calls. Same thing will apply to constructor expressions.
As a result of this change, we won't expand type when calling methods.
Change to ast_expressions.ml fixes problem with autogenerating getters/setters that produced lvalue types after LValueToRValue cast.
Reviewed By: dulmarod
Differential Revision: D2605756
fb-gh-sync-id: 1027600
Summary: public
If `INFER_RECORD_INTEGRATION_TESTS` is set to 1 then
`./scripts/build_integration_tests.py` will record the results of the tests
instead of checking them.
This modifies the test outputs as they are generated a bit differently from
before.
Reviewed By: jeremydubreil
Differential Revision: D2603764
fb-gh-sync-id: 506111f
Summary: public
The context leaks were reported multiple times. If a leaks was found on method `f()` and `g()` calls `f()`, then the same leak was report both in `f()` and in `g()`.
Reviewed By: sblackshear
Differential Revision: D2598110
fb-gh-sync-id: ca90b57
Summary: public
Adding initial support for Buck for Cxx on the toplevel infer command.
If a `cxx_binary`/`cxx_library` builds with the command `buck build //targetName:target` then the analysis of Infer can be triggered through the `#infer` flavor.
This change configures buck to run Infer, whenever the `#infer` flavor gets passed: just run
`infer --use-flavors -- buck build //targetName:target#infer`
Please note that when using this feature (`--use-flavors`), the toplevel `infer` command has to be launched from the root of the buck project (which is where the `.buckconfig` file is located) and the `#infer` flavor must be passed on the target.
Reviewed By: jvillard
Differential Revision: D2508296
fb-gh-sync-id: 63c0dea
Summary: public
For instance:
cd examples/
infer -- gcc -c hello.c
gives:
Starting analysis (Infer version git-c66ed7b302c996f238b6ec20cfcf4f6193fcbd88)
Analysis done
hello.c:5: error: NULL_DEREFERENCE
pointer s last assigned on line 4 could be null and is dereferenced at line 5, column 3
3. void test() {
4. int *s = NULL;
5. > *s = 42;
6. }
Reviewed By: jeremydubreil
Differential Revision: D2600864
fb-gh-sync-id: 71e0bd4
Summary: public Translate classes and protocols on demand only.
This saves space in the tenv and time. The categories still cannot be translated on demand
because there is no pointer to them from the classes. Andrzej is fixing that.
We had to make cTypes_Decl and the modules for translating classes, protocols and categories mutually
recursive. Moreover, we had to reorder the method for adding classes to the tenv to receive a decl and
return a type.
Reviewed By: ddino
Differential Revision: D2595610
fb-gh-sync-id: ca76068
Summary: public
Add a `--html` options to inferTraceBugs to generate html reports.
Reviewed By: jeremydubreil
Differential Revision: D2595895
fb-gh-sync-id: adfa757
Summary: public
Extends the current activity leak checker to all sort of context leaks.
Reviewed By: sblackshear
Differential Revision: D2572548
fb-gh-sync-id: 9da18e4
Summary: public
The relative path was triggering a bug in ocamlbuild where it would try to
create ".." for some reason, which already exists. Hence `make -C infer clean
checkCopyright` would always fail for instance.
Reviewed By: jeremydubreil
Differential Revision: D2596307
fb-gh-sync-id: 0dd8d9f
Summary: public
The harness was created all the time but we do not report issues comming from the harness right now. The option:
infer --android-harness -- <build command>
Allows to create the harness
Reviewed By: sblackshear
Differential Revision: D2595211
fb-gh-sync-id: c7a6dc5
Summary: public
This allow to tell Infer to skip the translation of some files. This is especially useful to skip the translation of some generated files following the syntax:
> cat .inferconfig
{
"skip_translation": [
{
"language": "Java",
"source_contains": "_SHOULD_BE_SKIPPED_"
}
]
}
Reviewed By: cristianoc
Differential Revision: D2588095
fb-gh-sync-id: 3fda816
Summary: public
In C pre-increment/decrement returns rvalue, but in C++ it returns lvalue.
Make translation aware of the difference and treat these cases differently.
Reviewed By: ddino
Differential Revision: D2575136
fb-gh-sync-id: 952c095
Summary: public
Translating structs and C++ classes only on demand. This reduces the size of the tenv and
saves analysis time.
Reviewed By: ddino
Differential Revision: D2575008
fb-gh-sync-id: b29da2a
Summary: public
Update clang plugin version that has following changes:
1. Don't dump DeclContext as a part of BlockDecl
2. Add location information to C++ constructor initializers
This diff is making infer compatible with these changes by
1. Making infer compile
2. Reading location information from c++ constructor initializers so we don't miss update to line number
Reviewed By: dulmarod
Differential Revision: D2575066
fb-gh-sync-id: 6dc594a
Summary: public
Refactor translation of C++ method calls so that we get two parts:
1. Get Sil code for method address and this expression
2. Given method address, this expression and list of paramter statements, create Call instruction
This will allow us to share more code with C++ constructor calls that do (1) differently, but
(2) will be shared
Reviewed By: dulmarod
Differential Revision: D2570712
fb-gh-sync-id: 9c6c3e4
Summary: public
The option `-a compile` was previously doing the same thing as `-a capture`. This option is very useful to debug the integration with the build systems.
Reviewed By: jvillard
Differential Revision: D2554816
fb-gh-sync-id: 95f32c2
Summary: public
Remove spurious recursion between type and function declarations in the files
generated via `atdgen`. This speeds up the compilation time of `make clang` by
almost half (one-shot measurements: 59s -> 36s).
Silence warning 39 on this generated code to make compilation pass.
Reviewed By: akotulski
Differential Revision: D2570506
fb-gh-sync-id: 8edba22
Summary: public This diff fixes incorrect mangling of captured variables in blocks. Because they are formals,
they shouldn't be mangled, but this case was not taken into account. This caused an assert false in the
example infer/tests/codetoanalyze/objc/frontend/block/block.m which wasn't caught before because there
wasn't an endtoend test for it.
Reviewed By: akotulski
Differential Revision: D2560379
fb-gh-sync-id: db500b6
Summary: public
Adds incomplete translation of constructor bodies. Treat constructors as
methods with something 'extra'.
We still don't translate initializer lists, just pass the information to cTrans
where it's ignored
Reviewed By: dulmarod
Differential Revision: D2550214
fb-gh-sync-id: 102c13a
Summary: public anonymous types have file:line in its name.
Since file is relative path, type name can have '/' in its name.
This is very fragile since we might create file wiht typename in its name (for example for methods).
Replacing '/' with '_' should make frontend more resilient to failure.
Translation of anonymous structs is still pretty fragile (due to relative path in its name),
but at least it doesn't crash frontend
Reviewed By: dulmarod
Differential Revision: D2559936
fb-gh-sync-id: 647fd7f
Summary: public
Just some refactoring and renaming of Makefile variables.
Reviewed By: jeremydubreil
Differential Revision: D2555766
fb-gh-sync-id: 5b7d4ff
Summary: public Refactoring Printfargs checker a bit to
make it callable from symbolic executor, then calling it.
Reviewed By: jeremydubreil
Differential Revision: D2361286
fb-gh-sync-id: 4b73855
Summary: public
modules are better for namespacing.
How I made this diff:
1. moved list_* functions from utils.ml{,i} to iList.ml{,i}
2. shell commands:
grep '^val ' infer/src/backend/iList.mli | cut -f 2 -d ' ' | tr '\n' ' '
# gives a list of former list_ functions that IList implements, fed into the loops below:
LISTNAMES=" compare equal append combine exists filter flatten flatten_options find fold_left fold_left2 for_all for_all2 hd iter iter2 length fold_right map mem nth partition rev rev_append rev_map sort split stable_sort tl drop_first drop_last rev_with_acc remove_duplicates remove_irrelevant_duplicates merge_sorted_nodup intersect mem_assoc assoc map2 to_string"
# replace " list_*" function calls with IList.* ones
for i in $LISTNAMES; do find . -name '*.ml' -exec sed -i -e "s/ list_$i\b/ IList.$i/g" \{\} \; ; done
# replace (list_* functions with (IList.* ones
for i in $LISTNAMES; do find . -name '*.ml' -exec sed -i -e "s/(list_$i\b/(IList.$i/g" \{\} \; ; done
# ditto with [
for i in $LISTNAMES; do find . -name '*.ml' -exec sed -i -e "s/\[list_$i\b/[IList.$i/g" \{\} \; ; done
3. Then fix up the rest by hand. In particular, stuff that called Utils.list_*
explicitely, and stuff that used the "Fail" exception that has moved to
IList. (may revisit this in the future)
Reviewed By: jeremydubreil, cristianoc
Differential Revision: D2550241
fb-gh-sync-id: cd64b10
Summary: public
C++ assignment operation result is lvalue, while in C it was rvalue.
This leads to different AST produced by clang for then same code!
Use language information from clang (`-x` flag) to distinguish these cases.
More specifically, let's look at following code:
int r;
int f = (r = 3);
// type of (r = 3) expression:
// C/objC -> int rvalue
// C++/objC++ -> int lvalue
Existing code did extra dereference because it was rvalue in C and there was no cast afterwards
in C++ there will be extra LValueToRvalue cast when neccesary so we don't have to do extra dereference manually
Reference:
http://en.cppreference.com/w/c/language/value_category (search for 'assignment and compound assignment operators')
NOTE: AST output doesn't change when something is hidden behind `extern "C"`, so we should use global language information
Reviewed By: ddino
Differential Revision: D2549866
fb-gh-sync-id: b193b11
Summary: public Two cases were not handled properly so far:
1. Declaration of a reference variable missed reference bit in type
2. Parameters to a function expecting T& had type T.
The way to distinguish reference types from value types is to look
whether parameter is type 'T rvalue' or type 'T lvalue' (xvalue probably as well)
Unfortunately, we can't just say 'T lvalue' = 'T&' because it would break
a lot of things in our frontend.
However, we know that when parameter to a function call has type 'T lvalue', it has to be 'T&' type.
Same applies when init_expression type is lvalue.
So, the solution is to add wrapper function that looks at results of `instruction` function and
expected expression type. Then if it's lvalue, wrap the type in reference.
Do this wrapping magic only when we know that lvalue mean reference type.
The rest of the changes is to make frontend tests pass - since we use different fields
in the AST, some of them were incorrectly set before and no one noticed.
Reviewed By: cristianoc
Differential Revision: D2549991
fb-gh-sync-id: 067f5d5
Summary: public
Dictionary literals are normally implemented using
`+dictionaryWithObjects:forKeys:count:` but were modeled as
`+dictionaryWithObjectsAndKeys:`
In particular, `@{@"aaa": nil}` would trigger a sentinel error instead of an NPE.
This models dictionary literals as a special infer builtin that the backend
interprets so as to give NPEs when passed nil objects or keys.
Reviewed By: dulmarod
Differential Revision: D2550039
fb-gh-sync-id: 1a10656
Summary: @public
This diff changes following things:
1. expression_info.type_ptr has type than decl_ref_info.type_ptr for reference types. Use type from decl_ref_info as a source of truth
2. reference types need to have one extra dereference that is not in AST. Add handling for this.
3. [small refactor] create function that creates temporary variable from res_trans expression and returns new res_trans.
Some caveats:
1. types are not quite right yet (see .dot files).
2. decl_ref_info might not be set for DeclRefExpr, make frontend crash in that case to catch when this happens
This is high risk change since it changes behavior of every translation on very widely used expr.
Reviewed By: @dulmarod
Differential Revision: D2540632
fb-gh-sync-id: aa28936
Summary: @public
This removes the old way of finding variable declarations to create sil variables and replaces it with
a a new way based on the map from pointers to declarations.
Basically, every variable dereference contains a pointer to the variable declaration, with that we can
build the corresponding sil variable.
Reviewed By: @akotulski
Differential Revision: D2536000
fb-gh-sync-id: dd29cf9
Summary: @public
Refactor exising code that handles __nonnull annotations.
Create extendable way to add extra stuff to be translated before
rest of statements get translated.
This will make handling of constructor initializer list simpler
Reviewed By: @dulmarod
Differential Revision: D2521659
fb-gh-sync-id: ba613e7
Summary: @public Add some basic tests to make sure that there is no
regression afterwards
Reviewed By: @dulmarod
Differential Revision: D2521887
fb-gh-sync-id: 1b8a15c
Summary: @public
Remove some of the duplicated code, move .dot files to new locations
Reviewed By: @dulmarod
Differential Revision: D2521709
fb-gh-sync-id: 0cc333d
Summary: @public
Update version of clang plugin, it changes type
of CXXMethodDecl, all of the changes are to make frontend compile.
Reviewed By: @jvillard
Differential Revision: D2522117
fb-gh-sync-id: 970bdc8
Summary: @public remove `is_instance` function parameter that was used for
blocks only. Instead, pass context everywhere - it holds information that is
very relevant when defining block.
Reviewed By: @dulmarod
Differential Revision: D2521772
fb-gh-sync-id: 5fb53f9
Summary: @public
1. Add support for `this` keyword. It will allow to access fields/methods of the object from the method body.
2. Fix problem with method formals to add pointer to type of first parameter (which corresponds to `this`)
Reviewed By: @dulmarod
Differential Revision: D2484882
fb-gh-sync-id: c318619
Summary: @public
1. Factor out some of the common code for comparing C++ dot files
2. Create new directory with smaller .cpp files to translate
Reviewed By: @dulmarod
Differential Revision: D2507757
Summary: @public
Get newest goodness from facebook-clang-plugins
that allows us to change type of type_ptr during deserialization
We are modifying clang_ast_types.ml that fcp/clang-ocaml expects to
exist - we provide our own implementations of:
t_ptr, pointer_to_type_ptr, type_ptr_to_pointer
Reviewed By: @dulmarod
Differential Revision: D2498623
Summary: @public
Fix issues when compiling for armv7k architecture, replacing it with armv7;
Removing also unsupported flags `-fembed-bitcode-marker`, `-mwatchos-version-min` that cause compilation failures.
Reviewed By: @akotulski, @jvillard
Differential Revision: D2507687
Summary: @public
First diff to give better language information in the frontend.
This information is necessary to understand when 'self' is objc keyword,
when 'this' is C++ keyword and when they are not.
Reviewed By: @ddino, @dulmarod
Differential Revision: D2489252
Summary: @public
There was an inconsistency with the type of `stats.json` created by `inferlib.py` and InferAnalyze. This diff cleans up the thing and uses two different files to saves the statistics to clarify what gets created by the analysis, i.e. `proc_stats.json` and what gets created all the time `stats.json`.
Reviewed By: @sblackshear
Differential Revision: D2500517
Summary: @public
qual_type was the same as type_ptr, so it was removed.
This commit makes it compatible with facebook-clang-plugins
Commands ran:
codemod --extensions ml,mli 'qual_type' 'type_ptr'
codemod --extensions ml,mli 'qt' 'tp'
If there is any other popular name for qual_type, let me know
Reviewed By: @dulmarod
Differential Revision: D2498289
Summary: @public Infer previously did not work correctly when a function returns the result of a skip function:
```
retUndef() {
x = undefined();
return x;
}
derefUndef() {
y = retUndef();
y.doSomething(); // Symexec_memory_error here, prevents spec inference
}
```
The problem is that angelic mode did not know to add the return value of `retUndef()` to the footprint.
This diff fixes the problem by adding return values marked with the `Aundef` attribute to the footprint.
This is done lazily (e.g., a value only gets added to the footprint when you try to deref it).
Reviewed By: @jvillard
Differential Revision: D2444929
Summary: @public
We no longer rely on existence of qt_raw field.
Update facebook-clang-plugins so that this field
is not even exported. This should give us some perf wins
since qual_type is written in a lot of places
Reviewed By: @dulmarod
Differential Revision: D2489308
Summary:
Using the qualified names of fields to create mangled names.
This removes the need to search for the fields in the tenv when translating a field access.
That was only done to build the correct mangled name,
The rest of the changes are using the qualified names for ivars and property names in the property module,
which is needed to make it work. Basically a big chain of changes of using qualified names to make the code
compile.
Summary:
This diff aims at removing the occurrences of the types in string form so that we can remove them
from the ast which will save space.
There is one occurrence left regarding attributes that will be handled later by Andrzej.
We build a function to create a string out of a function type used for name mangling.
Summary:
frontend and backend assume that Sil.Struct
doesn't have methods nor inheritance. In order to plug C++
classes we probably need them to be Sil.Class
Summary:
See D2465673, replacing `-gmodule` with equivalent flags, as per http://reviews.llvm.org/D11958
The `-fmodule-format` is not available on Xcode's clang, so skip it for now.
Summary:
In the new clang the parameters to these functions have notnull annotations, because of that infer tests fail. More concretely, the tests say there would be a memory leak. In the symbolic execution of those functions though, an inconsistency is created, because the parameter was nil, and the constraint argument should not be nil was also there, which leads to an error in the execution and no object is created, hence, no memory leak.
Summary:
C function names depend only on their name (and their file is they are static, and their type if we are in C++)
This is more in sync with the actual semantics of C function names than the previous implementation.
Summary:
`get_resource_or_undef` attribute is weird and was causing problems for me in another diff.
This diff refactors the attribute categories to make resource and undef separate.
Summary:
Harness generation was using the autogenerated harness file as the source file,
but placing the harness code in the cfg belonging do a different source file. Fix this confusion
by using the source file of the cfg containing the harness code throughout.
Summary:
The python parser for '-d <dir>' interpreted '-deprecation'
as '-d eprecation', which is not desirable. Fixed it by teaching the parser to
parse '-deprecation' as a boolean flag.
Summary:
Some build systems compile files both under the project root and under temporary
directories (e.g., /tmp), so there need not be a single project root. Just use absolute paths
in the case that we can't resolve a relative path from the project root.
Summary:
Added two annotations @TrueOnNull and @FalseOnNull to be used for boolean functions to specify what value is returned when the argument is null.
Added model for TextUtils.isEmpty, which corresponds to the annotation
@TrueOnNull
static boolean isEmpty(@Nullable java.lang.CharSequence s)
Summary:
Make infer run with clang 3.7.0. Small changes are due to differences
in output of clang
NOTE: this diff will require recompiling clang (it takes time)
Summary:
Pass inheritance information to the backend
It also changes some functions in cTypes_decl and we are using type and decl maps to resolve these types
Summary:
This is the second of 3 stack diffs to deal with replacing the parser of types.
This diff is about changes to translate record types, as well as class types and enum
types. For class types and enum types we store the declaration pointer in the map of
types to find the type easier later.
For record declarations, we change the way we build record names.
Moreover, we don't translate typedefs anymore, because when we have a pointer to a typedef,
we can find the actual type it points to.
Summary:
This is the second of 3 stack diffs to deal with replacing the parser of types.
This diff is about general changes to the frontend to make it cope with the change. There
are two main challenges:
1. We create pieces of ast in ast_expressions, such as getters and setters. For that we create
custom types.
2. We store types in cMethod_signature for parameters and return type of functions. This was
stored as strings, but that means losing the pointer information which is vital to get the
sil types.
So this diff consists mostly of dealing with these challenges. It change the signature of
cMethod_signature and update modules accordingly.
To deal with the custom types, we build methods in ast_expressions for creating those types,
with a custom type pointer, like "internal_typeint". At the beginning of the translation we save
all these custom types in the map from type pointers to sil types that we build as we compute the
types, so that they are available later.
Another custom type that we build is a type of classes or pointer of classes based on the current
class. I found a simple way to deal with it, giving it a pointer "class_name", and then we know
how to translate those. Something I tried is to save the declaration of the current class and pass
that declaration around, but somehow that lead to pref regression, so I removed it in favor of this
more lightweight version.
Summary:
This is the first of 3 stack diffs to replace the parser of types in the clang frontend.
In this diff we remove the parser and the lexer and add a new module that does the
translation from ast types to sil types.
It is still incomplete, i.e. many c++ types are still not treated. However, all the
types that we were previously treating in C and ObjC are treated and some C++ ones, such
that the tests pass and we get good results in the apps.
Sometimes one needs to translate a record type when we havent translated the record itself,
so the translation of types and of records needs to be mutual recursive. I managed however
to get them into different modules and achieve the mutual recursion using higher order functions.
Summary:
System.getProperty can return null when the property is not found, and expects a non-null argument.
Add models for Infer and Eradicate to reflect that.
Summary:
Fix the issue with Linux, introduced in 721cc1957c and temporarily fixed in aef13134bf
Now clang gets the `x86_64-apple-darwin14` target only when running on ObjCXX source code with a specific `isysroot` flag.
Summary:
each procedure has a different scope, so we can restart the fresh name generator and have more stable instructions in the cfg, that don't change when other procedures are changed
Summary:
When you run "gradle build", it builds both the
debug and the release configurations for an app. This causes capture
to run twice for some files and tricks the incremental analysis into
marking the double-captured files as unchanged. This diff fixes the
issue by only doing capture once on a set of commands that are identical
up to the "debug/release" configuration.
Summary:
Move proc_attributes to a separate module.
Field err_log, in common between proc desc and summary, can now be moved to ProcAttributes without creating cycles of dependencies.
Summary:
Create infer/src/backend/version.ml even if git is not installed or returns
errors. This is useful for source releases of Infer, which need to be able to
produce a sensible version number without a .git repository.
See also #167.
Summary:
There's a lot of overlap between the representation of a proc desc and a spec summary. This diff moves all the data in common to the single record proc_attributes defined in Sil.
This gives a unified way of accessing most of the data carried by a procedure, whether it is contained in a proc desc or a spec. Also, it ensures that there is a single flow of information from proc desc to spec in the back-end, making sure that the information represented stays consistent.
Summary:
Errors arising from overriding methods defined in other files were not reported, because during parallel analysis the clusters did not have access to overridden methods, so could not load their annotation.
Changed cluster generation to add location information for the methods overridden by the procedures defined in the current cluster.
Summary:
When someone runs --changed-only mode, there is a risk of corrupting the results
for future analyses. The problem is that changed-only mode does not analyze the callers of changed
procedures. If a subsequent analysis relies on the specs of one of these callers, they will be stale
and may give the wrong results. To be concrete, let's say we know `Parent.foo()` calls `Child.bar()` and we do the following rounds of analysis:
Analysis round 1: Analyze all files, including `Parent` and `Child`
Analysis round 2: Analyze `Child.bar()` only with `--changed-only flag`. `Parent.foo()` is now stale.
Analysis round 3: Add procedure `Parent.baz()` that calls `Parent.foo()`, analyze in (any) incremental mode.
The analysis will only analyze `Parent.baz()`. However, the specs for `Parent.foo()` are stale and may give us bad results for `Parent.baz()`. We want the analysis to re-analyze `Parent.baz()`, but before this diff it will not.
This diff fixes this problem by adding a `STALE` status bit to procedure summaries. In `--changed-only` mode,
the callers of a changed procedures are not re-analyzed, but their summaries are marked as stale. For both
`--changed-only` and regular incremental mode, callees of changed procedures that are marked as stale are
re-analyzed even if they have not changed. This is better than a more obvious solution like deleting stale
procedure summaries, since that would force the next analysis to re-analyze all stale procedures even if it
does not need the results for whatever analysis it is doing. This scheme implemented in this diff ensures
that each analysis only does the work that it needs to compute reliable results for its changed procedures.
Summary:
It can be useful in some situations for Infer to exit with an error code in
case it found a bug. A bug is anything Infer reports in infer-out/report.json.
This adds a flag `--fail-on-bug` to the toplevel infer script.
closes#139
Summary:
Use the new clang plugin that outputs biniou instead of Yojson. This binary format is more compact, which makes the frontend a little faster (5 to 10%).
@update-submodule: facebook-clang-plugins
Summary:
Passing the list of SuppressWarnings annotations detected during the compilation to InferPrint. The next step will be to add support for error filtering in .inferconfig and use the same mechanism. The annotation processor will generate an .inferconfig like config file and use it to suppress the reports.
Summary:
In order to use the annotation processor to detect the classes and methods annotated with `@SuppressWarnings`, we need to modified javac commands of the form:
javac -cp classpath File.java
into:
javac -cp annotations/processor.jar:classpath File.java
This diff is just a non-functional re-factoring step.
Summary:
Procdesc comparison can be fragile because internal variable names
and source positions in a procedure can vary even if the procedure stays exactly the
same. This diff makes pdesc comparisons less fragile by defining structural comparsions
over instructions, nodes and expressions. These structural comparsions work by lazily
creating a mapping between names in the two procdesc's that and checking that the mapped
names are used consistently.
Summary:
Use the map of pointers to find method declarations and build method signatures.
Remove the need for having an extra map for method signatures (and remove that map).
Summary:
Setting up a basic annotation processor. Right now, the processor
just saves a map of class -> methods that should be suppressed. Next, this map
needs to be turned into a .inferconfig file.
Summary: Another step toward getting procedure-level incrementality for Infer. Here, we just assume that *all* procs in a file have changed when the file changes, but we will filter this list using the pd_changed field of the procdesc for each procedure in the future.
Summary: Handler.postDelayed keeps a persistent reference to its Runnable argument that may cause a memory leak if an Activity is reachable from the Runnable.
Summary: The Nullable checker reported FP's when a Nullable field/param was reassigned to a non-Nullable value in the footprint. This diff fixes the problem.
Summary:
The @NonNull annotation, with camel case, can now be used to inform Eradicate that some fields that are not initialized by the constructor can be initialized by other means, e.g. via dependency injection.
Summary:
This test was actually testing: "at least one Field not initialized error is found" where we actualy want to test "exactly one Field not initialized error is found". The case of @Inject was also missing from the tests.
Summary:
see title. It will make number of arguments
less ridiculous and make it easier to share C/C++ structs.
Another diff that adds base class information for C++ will
follow.
This change is big enough to deserve separate diff
Summary:
This diff allows to use to make Infer failing when using the function `failwith`. This is especially useful to use while applying complex refactoring.
Summary: Infer cannot tell if a procdesc has changed across procedure runs. If we want procedure-level incrementality, it has to know how to compute this information. This diff implements this capability by comparing a procdesc to an existing one before it is saved to disk, and marking the new one as unchanged if applicable.
Summary:
Handle C++ method declarations and create cfgs for them.
Doesn't do:
Method calls (CXXMethodCall)
Using `this` expression in methods (including implicit ones)
Summary:
Refactor of creating method signatures. First step to use the map of pointers to find method declarations.
The idea is to have a function that creates a method signature from a declaration, later we can get the declaration from a pointer
and use this function to retrieve the method signature.
(authored by @dulmarod)
Summary:
Add basic translation for C++ `new` keyword.
Currently, it's modeled as simple `malloc` call.
Following constructs are still not working properly:
- array new `new [size_expr]`
- run initializer attached to `new` (such as `new int(5)`)
- `delete[]`
Summary:
When detecting a resource leak, Infer used to raise an Leak exception and then prevent the specs to be computed for the paths containing a leak. This diff prevents resource leak to stop the analysis.
Summary:
1. Unify the code now that MemberExpr has more information available and it can be shared with ObjCIvarRefExpr
2. Use type from decl_ref instead of expression type. For methods, expression type is useless (`<bound something something`>). For fields it should be the same
Summary:
No longer swallow compilation failures for javac. Before this diff, the compilation failures where raised:
> infer -- javac Test.java
Test.java:5: error: ';' expected
static String str = "Hello"
^
1 error
but the exit code was incorrect:
> echo $?
0
With this diff, the failing command is printed in standard error:
> infer -- javac Test.java
Javac compilation error with:
['javac', '-g', 'Test.java', '-J-Duser.language=en']
and the exit code is different from 0.
> echo $?
1
Summary:
Creating a persistent reference to an Activity leads to a nasty form of memory leaks (see http://android-developers.blogspot.com/2009/01/avoiding-memory-leaks.html, https://corner.squareup.com/2015/05/leak-canary.html). There are many ways to create a bad persistent reference to an Activity, but the most obvious one is via a static field.
This diff implements a very simple form of Activity leak checking by inspecting postconditions to see if a subtype of Activity is reachable from a static field (and it reports an error if so). This is a very simple and limited form of leak checking that does not understand the Android lifecycle at all. In particular, if one creates a persistent reference to an Activity and then nulls it out in `onDestroy` (a reasonably common pattern), this approach will wrongly report a bug.
Summary:
The methods in objc can have the same name in the same class, but one be instance and the other class,
so that we need to take the instance flag into account when defining unique names for ObjC methods.
Summary:
This is mostly useful to authors of annotation processors and
`javac`-based static analysis tools. The nullable return models
cover these packages pretty comprehensively (with the exception
of the various visitor classes). The non-nullable parameter models
are mostly there to help make the nullable return models more useful,
as some codepaths will pass a nullable object to one of the utility
classes but never actually invoke a method on the nullable object itself.
Summary:
While `-results_dir` is still the main place to look for specs files and to write reports,
it's necessary to load specs from multiple folders because some build tools that run Infer with a target-level granularity may need to move specs files around in order to get complete reports, whereas with this change they just need to keep track of the `specs` folders generated for each target, and pass them through `-lib dir1 -lib dir2 ... -lib dirN`
Summary:
Buck is creating javac compilation commands with arguments of the form:
-Opt={"list": ["pif", "paf", "pouf"]}
While converting command lines from bash to python, these option gets split into
['-Opt={"list":', '["pif",', '"paf",', '"pouf"]}']
instead of:
['-Opt={"list": ["pif", "paf", "pouf"]}']
which create the compilation to fail when running Infer even though the original files are compiling correctly.
Summary:
The symbolic execution was not stopping in case an unitialized dangling pointer was
passed to a function and then dereferenced inside the callee.
What would happen is that a wrong footprint would be added to the unititialized pointer
at the end of the function call in the caller proposition.
This checks that if we do:
frame * new_footprint
checks that we do not add heap predicates to the frame into uninitialized local variables.
If we can identify the variable then we raise a danglind pointer dereference. If instead
we cannot give a good explanation we give an internal error.
The latter case should be temporary. We should find a general way to raise dangling pointer
deref instead of the internal error.
I also fixed the model of getc that was the way I found the problem.
Summary:
Update fcp version and make infer build with it.
It's not using new features yet, diffs will follow.
New stuff:
Proper type information in form of pointer->type
Expose more information about cxx classes (superclass info)
Add pointers to objc method decls when possible
Summary:
This is small code cleanup of the code to report leaks. No functional changes, just removing code that is longer used and reorganising the control flow.
Summary:
This commit is the result of
`find infer/src -name '*.ml' -or -name '*.mli' -exec ocp-indent -i \{\} \;`
and
`INFER_CHECK_COPYRIGHT=1 InferPrint`
Summary:
The old scheme for pruning away garbage from abducted retvars/abducted params passed by ref failed to eliminate garbage in the pure constraints (pi). This occasionally caused PRECONDITION_NOT_FOUND errors that stop the analysis.
Summary:
In preparation for C++ methods, we need to have type with
class, method, mangled (for overloading?)
1. Change objc method to support it
2. Do some renames to be less confusing
Summary:
Added phase to construct (incomplete) CFG from existing AST.
Individual instructions are not yet translated so any nonempty functions will
result in a runtime exception.
Added some very short examples of LLVM programs.
Summary:
This adds a sentinel check every time a function carrying a sentinel attribute
is called, regardless of whether we have a definition for that function or not.
Summary:
In objC we already prefix field names with classes.
It's better to make it consistent since it'll allow
us to share more code between C++ and objC
Summary:
The json files that were written by json.dump were valid, machine readable but they had no indentation/return lines making them a long single line and hard to read. Dump the json with an indent of
2.
Closes https://github.com/facebook/infer/pull/149
Github Author: =?UTF-8?q?Deniz=20T=C3=BCrkoglu?= <deniz@spotify.com>
Summary:
Add a partial copy of TextUtils from Android source for commonly used TextUtils.isEmpty method.
Fixes#141
Closes https://github.com/facebook/infer/pull/143
Github Author: Deniz Türkoglu <deniz@spotify.com>
Summary:
Bumping up the version of the libraries javalib and sawja to 2.3.1 and 1.5.1 respectively in order to use the upstream fix about classnames with $$.
Summary:
The models for InputStreamReader and OutputStreamWriter are taking into consideration the charset passed as parameter in order to follow the exception branch when the charset is not valid. However, the previsous models were only considering encoding literals with uppercase letters. This diff adds the lowercase encoding names to the list.
Closes https://github.com/facebook/infer/issues/127
Summary:
This adds support for having lookup from pointer to decl in C frontend
NOTE: with this diff atdgen 1.6 or later is required.
To upgrade atdgen, please run `opam install atdgen.1.6.0`
Summary:
The current way gradle plugin works is by parsing the verbose output to figure out which files to compile. This becomes a problem when the number of files exceed allowed argument parameter
length. Use javac's @sources file instead.
This patch will leave the tempfiles behind (also noted by Jyrki during the review), however I would like to leave that to a follow up commit and first make sure the tool works for people experiencing this problem.
Fixes#22
Closes https://github.com/facebook/infer/pull/131
Github Author: =?UTF-8?q?Deniz=20T=C3=BCrkoglu?= <deniz@spotify.com>
Summary:
inferTraceBugs filters the bugs to only show those which have a trace attached
to them. However, the number selected by the user would then be used in the
unfiltered list of bugs. This led to sometimes selecting the wrong bug from the
text interface and from the --select option.
Summary:
This makes infer C frontend compatible
with new scheme for naming which has:
1. plain name (like 'fun')
2. qualified name (reversed list like ['fun', 'class', 'top_class', 'namespace'])
Summary:
This attribute was used to tag arguments to variadic functions, as a way to
detect premature sentinels. The approach to detect premature sentinels has
changed making it obsolete.
Summary:
Treat `arrayWithObjects` as a special case of a sentinel attribute check. This
will make it easier to extend to other variadic functions that use a sentinel
attribute.
This also removes the need for the `Sil.Avariadic_function_argument` attribute,
which will be removed in a subsequent diff.
Summary:
the name of the return variable of a procedure only depends on the name of that procedure. This simplifies the need for the procedure description in a couple of places
Summary:
This is a refactoring diff with no functional changes in order to move the code using the procedure description of the callees in a single place, in order to replace the approach to use a summary instead in a subsequent step.
Summary:
This reverts commit 306f5b71c24042c89f71848898402cbc9269c543.
Turns out that developers think that this bugs should be fixed. So leaving it in for now until I gather more information.
Summary:
@public
There are many FPs of the form init method that contains
if ((self = [super initWithFrame:frame])) {
...
}
return self;
then an object being initialised with that constructor and added to an array or dictionary.
There we flag NPE and very likely that won't be a bug. So I'm removing the option for self
to be nil in the constructor, which should solve the problem.
Test Plan: Changed the relevant test.
Summary:
@public
Previously, if the close() method was throwing an exception, then code overriding the file attribute with a mem attribute would be skipped, resulting in reporting a wrong resource leak. This diff fixes this.
Test Plan: Added new end-to-end tests which would previously have been failing
Summary:
@public
Add support for default function arguments.
As a side change - always create cmethod_signature for a function
Test Plan:
1. Call function with default parameter and confirm that it gets parsed and reports null dereference (B5 but still). It didn't before.
2. Created a test case
Summary: @public JavacCapture does not have an args field, which crashes Python with an AttributeError if we hit self.args.debug. Replaced with the correct expression.
Test Plan: Cause AttributeError with small test case, error no longer happens after fix
Summary:
@public
This is a non-functional refactoring to remove the need for having the procedure description of the callee when execution function calls.
Test Plan: Infer CI. Expecting no change in the results.
Summary: @publicThe first argument of builtin calls in C gets translated twice, which is bad if the argument is a side-effecting expression like a function call.
Test Plan: Attached test previously reported a memory leak because the translation introduces an extra call to malloc(), now reports nothing.
Summary:
@public
utils.remove_bucket no longer exists and is no longer needed.
Test Plan:
cd ~/infer/examples
infer -- clang -c hello.c
inferTraceBugs
no longer crashes
Summary:
This patch forces javac to report verbose output in English.
In my environment, the debug report in Japanese had caused Parsing.Parse_error at
https://github.com/facebook/infer/blob/master/infer/src/java/jClasspath.ml#L108.
This patch solved the error I encountered on compiling Hello.java.
I think `$ infer -- javac -J-Duser.language=ja Hello.java` will reproduce my bug if system supports the language. (My patch will not work with this case since the argument-specified language will override the language setting.)
Possible related issue: #30
Closes https://github.com/facebook/infer/pull/94
Github Author: Tomoyuki Saito <aocchoda@gmail.com>
Test Plan: Imported from GitHub, without a `Test Plan:` line.
Summary:
@public
Translate CXXStaticCastExpr
Test Plan:
Add test, confirm that it gets translated.
Also create example to see that infer reports null dereference with this change:
struct X { int a; };
int main() {
X *x = static_cast<X*>(nullptr); // <- reports now
//X *x = (X*)nullptr; // <- reported before
return x->a;
}
Summary:
@public
Currently InferAnalyze always adds bucket to the message. Later, python code
strips it, but not everywhere. Changes:
1. Since it's easy to not write bucket in ocaml, stop writing them by default.
2. Add option to print them to InferAnalyze and pass it if infer is in debug mode.
Test Plan:
1. Run on openssl, confirm that no bucket info is written to stdout and csv
2. Run on small example in debug mode and see buckets on stdout
Summary:
@public
Make c frontend understand CXXNullPtrLiteralExpr.
Note that the implementation differs from GNUNullExpr
Test Plan:
Create function that returns nullptr:
int* getPtr() {return nullptr;}
look at specs:
InferPrint infer-out/specs/getPtr\{831F\}.specs
Procedure: getPtr
int *getPtr()
Timestamp: 1
Status: INACTIVE
Phase: RE_EXECUTION
Dependency_map:
TIME:0.002853 s TIMEOUT:N SYMOPS:10 CALLS:1,0
ERRORS:
--------------------------- 1 of 1 [nvisited: 1] ---------------------------
PRE:
POST 1 of 1:
return = null:
----------------------------------------------------------------
Add test for it
Summary:
@public
Remove setjmp that is causing problems in the models in linux.
Will investigate and add it again later.
Test Plan: All the models are now created. In particular strcpy, strdup and a few others in the beginning of the file.
Summary:
@public
Using InferBuiltins.assume previously caused an assertion failure in the analyzer. Fixed this, and fixed the implementation of the assume builtin to block when the assumed condition cannot hold.
Test Plan: Added several new tests.
Summary:
@public
Modeling bypasses the Closeable as resource assumption for `java.io.StringReader`, `java.io.ByteArrayInputStream` and `java.io.ByteArrayOutputStream`.
Test Plan: Infer CI. Some resource leak should also disappear on Instagram.
Summary:
@public
Sorting the fields in structs and classes. Was needed in the backend and forgotten.
Fixes the github issue https://github.com/facebook/infer/issues/90.
Test Plan: Added a new test that shows that we now get a spec for the example from the github issue.
Summary:
@public
Add some logging to the script and capture modules so it is easier to troubleshoot.
What will be logged:
versions of infer, platform, versions of java, build systems etc.
In the future we will add more info that we might find useful while troubleshooting
Test Plan:
run infer with gradle, ant, buck, xcode, mvn and see the logging output
Run symbolic link pointing to infer:
[INFO] Path to infer script /Users/akotulski/tmp/infer_link (/Users/akotulski/infer/infer/bin/infer)
Summary:
@public
The models for Java no longer require to keep the original fields since we now make the union of the fields from the models and the fields from the code to analyze.
Test Plan: Infer CI. No functional change intended.
Summary:
@public
The empty string '' is a valid classpath information. This diff parses it and skips it when detecting the parts of the classpath. This case is happening when analyzing Buck. This one be one possibility why Infer does not load any bytecode in some cases, leading the
TODO: print error message
failure happening with the release (now `Failed to load any Java source code`).
Test Plan: Infer CI.
Summary:
@public
Adds a small example of a Ant project in order to test that there is not regresssion when modifying the toplevel scripts
Test Plan:
cd infer/tests/codetoanalyze/java/infer
ant clean && infer -- ant compile
Summary:
@public
This will enable support for the same set of arguments already supported by the `make` module, e.g. `--frontend-stats`, `--frontend-debug`
Test Plan:
Tested on an Xcode project with the `-fs` argument, and checked that `.astlog` files have been generated on the same location of the .o files
infer -fs -- xcodebuild -workspace Project.xcworkspace -scheme Project -sdk iphonesimulator
Summary:
@public
Attaching the resource attribute to the object allows to more easily remove this attribute during the symbolic execution when the resource is passed as a argument, e.g. with `res.close()` or when this resource is passed around via a skipped function.
Test Plan: Infer CI.
Summary:
@public
This adds basic support for function attributes in Sil, and for translating
attributes from the clang frontend to these new Sil attributes. For now only
the sentinel attribute is translated.
Note that attributes normally have parameters, but they are currently missing
from the clang plugin.
Test Plan:
Add
(match Sil.get_sentinel_func_attribute_value (Cfg.Procdesc.get_attributes callee_pdesc).Sil.func_attributes with
| Some _ -> L.out "found sentinel attribute!\n"
| _ -> ());
between lines 947 and 948 of symbExec.ml, then analyze a file containing:
int add_all_ints(int a, ...) __attribute__ ((sentinel));
int foo(void) { return add_all_ints(1, 2, 3, (void *)0); }
then `grep 'found sentinel' infer-out/log/analyzer_out`
-> the sentinel attribute is correctly passed from the frontend to the backend.
Summary:
@public
- Remove `No such file or directory` unrelated errors when building Infer for Java only:
line 0: cd: infer/../facebook-clang-plugin: No such file or directory
- Remove makefile comments from stdout
Test Plan:
Ran this command without any checkout of `facebook-clang-plugins`
make -C infer java
The misleading error messages are gone.
Summary:
@public
This is a workaround to a clang crash that happens whenever `-fmodules` and `YojsonASTExporter` are used together.
This workaround, uses the `-plugin` argument instead of `-add-plugin` one for the clang frontend, and as a result of that, it overrides the default action of clang, which means no object files are emitted, but just the AST.
To generate the missing data needed by the subsequent building phases of xcodebuild, we run Apple's clang.
Test Plan:
Compiled project containing Pods and `@import`, through a command of the form:
infer -- xcodebuild -workspace project_name.xcworkspace -scheme project_name -sdk iphonesimulator
Summary:
@public
The clang location information is described in an incremental way: each location information is a delta with respect to the previous one in the AST. This is based on a the visit of the AST nodes which corresponds to the order in which the lines are printed with the standard clang AST dump:
clang -cc1 -ast-dump filename.c
This diff adds a preprocessing phase to the front-end so that location information is composed during a visit, and explicit location information is used instead.
In the case of include files, we report the last known location before including the file.
The current file for a function is the file where it is defined. So if a function is entirely defined in a .h file, then the location information will consistently be about the .h file. If instead a function is defined in the source file being analyzed, and some AST nodes come from macro expansion, line information will refer to the original file.
The front-end tests reveal that the location information was incorrect in a few dot files.
Test Plan: arc unit, after having fixed the wrong location in the existing .dot files
Summary:
report_number is zero before the conditions
Closes https://github.com/facebook/infer/pull/74
Github Author: Chase choi <cs09gi@gmail.com>
Test Plan: Imported from GitHub, without a `Test Plan:` line.
Summary:
While working on building a quick Homebrew formula for this, I ran into symlink-related issues around the libs folder. This seems to fix it with minimal impact.
Closes https://github.com/facebook/infer/pull/13
Github Author: Dan Ambrisco <dambrisco@gmail.com>
Test Plan: Imported from GitHub, without a `Test Plan:` line.
Summary:
@public
This adds a script `inferTraceBugs` to `infer/bin/` that
1. shows the list of bugs found by Infer to the user
2. asks which one to display
3. asks what max level of nested procedure calls to display
4. shows the error trace of that bug with some lines of context in the source
code
Also has some options to script more easily, for instance when calling it from
inside an editor to navigate the sources.
Test Plan:
infer -o out -- gcc -c hello.c
inferTraceBugs -o out
also tested on OpenSSL.
In emacs, run `M-x compile` from the directory where `infer-out` is, then enter custom compilation command:
inferTraceBugs --select 0 --max-level max --no-source
Then navigate the trace with `M-g n`.
Summary:
@public
Even though internally we recover from these errors, we still show them on
standard output. Redirect errors to /dev/null instead.
Test Plan:
infer -- buck build target
doesn't complain that git crashes on non-git repositories.
Summary:
@public
This changes "Starting analysis" into
"Starting analysis (Infer version XXX)".
Test Plan:
infer -- clang -c hello.c
shows "Starting analysis (Infer version git-6b9fb8838bcabd2af881554d296963a849b14f50)"
Summary:
@public
We were counting the number of matches for `infer-out/captured/*/*.cfg`, but
some ways of running infer (eg, inferJ) do not produce cfgs. Instead, count the
number of directorys `infer-out/captured/*/`.
Test Plan:
make -C infer java
reports the number of models analysed instead of 0.