Infer# is an interprocedural and scalable static code analyzer for C#. Via the capabilities of Facebook's Infer, this tool detects null dereferences, resource leaks, and thread-safety violations. It also performs taint flow tracking to detect critical security vulnerabilities like SQL injections.
MIT License
727
stars
29
forks
source link
Fix False Positive Null Dereferences on Reference Primitives #146
We were observing false positive null derefs in the following case:
assign(out int x) {
x = 0;
}
useAssign(out int x) {
assign(x);
x = GetHashCode();
}
This was because the original translation invoked assign(&x) rather than assign(x); in other words, it passed a reference to a parameter already passed by reference, rather than the correct behavior of passing the value of a parameter passed by reference. When we assign 0 to the value of a reference to a reference parameter, we are assigning 0 to the reference (or NULL) rather than 0 to the parameter value, hence Pulse can later report the null dereference.
We were observing false positive null derefs in the following case:
assign(out int x) { x = 0; }
useAssign(out int x) { assign(x); x = GetHashCode(); }
This was because the original translation invoked assign(&x) rather than assign(x); in other words, it passed a reference to a parameter already passed by reference, rather than the correct behavior of passing the value of a parameter passed by reference. When we assign 0 to the value of a reference to a reference parameter, we are assigning 0 to the reference (or NULL) rather than 0 to the parameter value, hence Pulse can later report the null dereference.