Summary:
This diff fixes unintentional bottoms in pointer arithmetic of inferbo.
The pointer arithmetic on addresses of variables (not array) just returns
the operand.
Reviewed By: jvillard
Differential Revision: D5060424
fbshipit-source-id: 495d8b8
Summary: Using Conjunction for thread join has known false negatives. Finer grained recording of threading information fixes this.
Reviewed By: sblackshear
Differential Revision: D5111161
fbshipit-source-id: aab483c
Summary:
All files that match the regular-expressions passed via `--skip-analysis-in-path` are just compiled.
With this change, you can also opt for not compiling those files at all, by passing the `--skip-analysis-in-path-skips-compilation` argument
Reviewed By: mbouaziz
Differential Revision: D5121583
fbshipit-source-id: 4e1325a
Summary:
A recent diff tried to replace `L.out "error message"; assert false` with
`failwith "error message"` but infer relies on the type of raised exceptions to
sometimes keep going. A more careful change will be needed but in the meantime
restore the old behaviour.
Reviewed By: jberdine
Differential Revision: D5112969
fbshipit-source-id: 713fe20
Summary:
Recently we changed the binaries we build and use but it wasn't obvious that
some of the old binaries disappeared. For instance, nothing short of `git clean
-xfd` would get rid of "infer/bin/InferPrint", which can lead to frustrating
attempts to make InferPrint not segfault.
Mitigate this in two ways:
- be more strict in the binaries we ignore in .gitignore, so InferPrint would should up in "git status"
- be less strict in the binaries we clean out with `make clean` so that
InferPrint et al. gets deleted by `make clean`
Reviewed By: jberdine
Differential Revision: D5120573
fbshipit-source-id: 44e7954
Summary: There were some leftover uses of the `Tracing` analyzer option. While I was at it, I also rename the `Config` option name.
Reviewed By: jberdine
Differential Revision: D5113489
fbshipit-source-id: 68d5cc8
Summary: The debug HTML for Quandary/thread-safety was still printing the SIL instructions, which is not very helpful. Print the HIL instructions instead.
Reviewed By: jeremydubreil
Differential Revision: D5112696
fbshipit-source-id: a0aa925
Summary:
Try and enforce the following rules:
- stderr is for updating the user about progress or errors
- Introduce Logging.progress that outputs to stderr, but honours --quiet
- Logging.stderr is as before
- Logging.out now prints to stderr (or to log files as before if set up) and
not stdout. If some information should go on stdout then the user should be
able to rely on it (ie, it's not just some progress message). For now only
the summary of the errors is printed on stdout by default.
- Logging.err* functions are gone. If the error is user-visible, it should be
Logging.stderr, or `failwith`. If not, go to the same log file as other
output, which personally I find much more convenient than having to dig through
2 log files every time I'm looking for some output.
Reviewed By: jberdine
Differential Revision: D5095720
fbshipit-source-id: 68999c9
Summary: This fixes a couple of false positives as objects of BufferedReader don't need to be closed if the wrapped reader resource gets closed correctly.
Reviewed By: sblackshear
Differential Revision: D5106596
fbshipit-source-id: 725fb80
Summary:
`infer analyze ...` (and `InferAnalyze` before it) was not actually running the
analysis in parallel, unlike `infer -- analyze`, which we want to deprecate.
Reviewed By: jberdine
Differential Revision: D5095676
fbshipit-source-id: ec28465
Summary: Gflags is a popular library used to create command line arguments. Flags shouldn't flow directly to `exec` etc.
Reviewed By: jvillard, mbouaziz
Differential Revision: D5058393
fbshipit-source-id: ab062f8
Summary: Useful to have Eradicate and Biabduction agree on how to inform that the analysis that some objects are not null.
Reviewed By: sblackshear
Differential Revision: D5075127
fbshipit-source-id: 9e56981
Summary: The Buck cache was not correctly invalidated when switching between the different analysis mode. This was causing the analysis results to be mixed up. This revision should fix this.
Reviewed By: sblackshear
Differential Revision: D5073606
fbshipit-source-id: eb14418
Summary: String are very important for taint analysis, have to make sure that we have the right models/the right behaviors for unknown code.
Reviewed By: jvillard
Differential Revision: D5054832
fbshipit-source-id: 7e7ee07
Summary:
Interestingly, this crashes the build in a vagrant vm:
```
[*ERROR**][2799] findlib: [WARNING] Interface ctl_parser_types.cmi occurs in several directories: ., clang
[*ERROR**][2799] File "clang/ComponentKit.ml", line 1:
[*ERROR**][2799] Error: The files ctl_parser_types.cmi and clang/cFrontend_checkers.cmi
[*ERROR**][2799] make inconsistent assumptions over interface Ctl_parser_types
[*ERROR**][2799] Command exited with code 2.
```
Reviewed By: mbouaziz
Differential Revision: D5070024
fbshipit-source-id: 01f83fc
Summary:
After:
```
$ infer run -- clang -c examples/hello.c
Capturing in make/cc mode...
Found 1 source file to analyze in /home/jul/infer/infer-out
Starting analysis...
legend:
"F" analyzing a file
"." analyzing a procedure
F.
Found 1 issue
examples/hello.c:14: error: NULL_DEREFERENCE
pointer `s` last assigned on line 13 could be null and is dereferenced at line 14, column 3
12. void test() {
13. int* s = NULL;
14. > *s = 42;
15. }
Summary of the reports
NULL_DEREFERENCE: 1
```
Before, legend and analysis run were separated by 2 lines, one is now before
and the other is in the log files only:
```
Capturing in make/cc mode...
Starting analysis...
legend:
"F" analyzing a file
"." analyzing a procedure
Found 1 (out of 1) source files to be analyzed in /home/jul/infer/infer-out
per-procedure parallelism jobs:4
F.
Found 1 issue
examples/hello.c:14: error: NULL_DEREFERENCE
pointer `s` last assigned on line 13 could be null and is dereferenced at line 14, column 3
12. void test() {
13. int* s = NULL;
14. > *s = 42;
15. }
Summary of the reports
NULL_DEREFERENCE: 1
```
Reviewed By: mbouaziz
Differential Revision: D5069590
fbshipit-source-id: 8843422
Summary:
Previously all knowledge of the dynamic length of such arrays was lost to infer:
```
void foo(int len) {
int a[len];
}
```
The translation of this program would make no reference to `len` (except as a
param of `foo`).
Translate this "initialization" using the existing `__set_array_length` infer
builtin, as:
```
# Declare local a[_]
n$0 = len;
__set_array_length(a, len);
```
update-submodule: facebook-clang-plugins
Reviewed By: mbouaziz
Differential Revision: D4969446
fbshipit-source-id: dff860f
Summary: There was no option to trigger this checker so it was not possible to enable it when not running the default list of checkers
Reviewed By: jberdine
Differential Revision: D5057088
fbshipit-source-id: 7af36f5
Summary:
This commit fixes a problem that the buffer overrun checker incorrectly
stops when a global variable (bottom) is involved in control flow.
In the new version, abstract memories return Top for unanalyzed abstract
variables.
Reviewed By: mbouaziz
Differential Revision: D5016447
fbshipit-source-id: 5132448