[tests] [23/n] Copy NPE test about dynamic dispatch in ObjC to Pulse

Summary: We copy a test over from biabduction to Pulse that shows that we can miss null dereferences because of not handling dynamic dispatch of ObjC classes. (This is implemented only in biabduction).

Reviewed By: jvillard

Differential Revision: D32359531

fbshipit-source-id: bc2ec10cd

Author: dulmarod

infer/tests/codetoanalyze/objc/pulse/issues.exp

@@ -44,6 +44,7 @@ codetoanalyze/objc/pulse/null_deref/NPENilBlocks.m, BlockA.paramAssignNilBad:, 3
 codetoanalyze/objc/pulse/null_deref/NPENilBlocks.m, BlockA.paramReassignNilBad:, 6, NIL_BLOCK_CALL, no_bucket, ERROR, [is the null pointer,assigned,assigned,invalid access occurs here]
 codetoanalyze/objc/pulse/null_deref/NPENilBlocks.m, calldoSomethingThenCallbackWithNilBad, 2, NIL_BLOCK_CALL, no_bucket, ERROR, [is the null pointer,when calling `BlockA.doSomethingThenCallback:` here,parameter `my_block` of BlockA.doSomethingThenCallback:,invalid access occurs here]
 codetoanalyze/objc/pulse/null_deref/NPENilBlocks.m, nilBlockCallCFuntionBad, 4, NIL_BLOCK_CALL, no_bucket, ERROR, [is the null pointer,assigned,invalid access occurs here]
+codetoanalyze/objc/pulse/null_deref/dynamic_dispatch.m, DynamicDispatchMain.no_dynamic_dispatch_npe_bad, 2, NULLPTR_DEREFERENCE, no_bucket, ERROR, [in call to `DynamicDispatchMain.get_ddclass_from_instance:`,in call to `PInstance.get_ddclass`,is the null pointer,returned,return from call to `PInstance.get_ddclass`,returned,return from call to `DynamicDispatchMain.get_ddclass_from_instance:`,invalid access occurs here]
 codetoanalyze/objc/pulse/uninit.m, Uninit.call_setter_c_struct_bad, 3, PULSE_UNINITIALIZED_VALUE, no_bucket, ERROR, [struct field address `x` created,when calling `Uninit.setS:` here,parameter `s` of Uninit.setS:,read to uninitialized value occurs here]
 codetoanalyze/objc/pulse/use_after_free.m, PulseTest.use_after_free_simple_in_objc_method_bad:, 2, USE_AFTER_FREE, no_bucket, ERROR, [invalidation part of the trace starts here,parameter `x` of PulseTest.use_after_free_simple_in_objc_method_bad:,was invalidated by call to `free()`,use-after-lifetime part of the trace starts here,parameter `x` of PulseTest.use_after_free_simple_in_objc_method_bad:,invalid access occurs here]
 codetoanalyze/objc/pulse/use_after_free.m, use_after_free_simple_bad, 2, USE_AFTER_FREE, no_bucket, ERROR, [invalidation part of the trace starts here,parameter `x` of use_after_free_simple_bad,was invalidated by call to `free()`,use-after-lifetime part of the trace starts here,parameter `x` of use_after_free_simple_bad,invalid access occurs here]

infer/tests/codetoanalyze/objc/pulse/null_deref/dynamic_dispatch.m

@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) Facebook, Inc. and its affiliates.
+ *
+ * This source code is licensed under the MIT license found in the
+ * LICENSE file in the root directory of this source tree.
+ */
+#import <Foundation/Foundation.h>
+
+@interface DynamicDispatchClass : NSObject
+@end
+
+@implementation DynamicDispatchClass {
+ @public
+  int x;
+}
+
+@end
+
+@protocol P
+
+- (DynamicDispatchClass*)get_ddclass;
+
+@end
+
+@interface PInstance : NSObject<P>
+
+@end
+
+@implementation PInstance
+
+- (DynamicDispatchClass*)get_ddclass {
+  return nil;
+}
+
+@end
+
+@interface DynamicDispatchMain : NSObject
+
+@end
+
+@implementation DynamicDispatchMain
+
+- (DynamicDispatchClass*)get_ddclass_from:(id<P>)object {
+  return [object get_ddclass];
+}
+
+// Pulse doesn't find the null deref in this example because it doesn't handle
+// dynamic dispatch
+- (int)dynamic_dispatch_npe_bad_FN {
+  PInstance* object = [PInstance new];
+  return [self get_ddclass_from:object]->x;
+}
+
+- (DynamicDispatchClass*)get_ddclass_from_instance:(PInstance*)object {
+  return [object get_ddclass];
+}
+
+- (int)no_dynamic_dispatch_npe_bad {
+  PInstance* object = [PInstance new];
+  return [self get_ddclass_from_instance:object]->x;
+}
+
+@end