infer/src/base/IssueType.ml (10 lines): - line 498: register ~enabled:false ~id:"DANGLING_POINTER_DEREFERENCE" Error Biabduction (* TODO *) - line 528: register ~enabled:false ~id:"DIVIDE_BY_ZERO" Error Biabduction (* TODO *) ~user_documentation:"" - line 568: Eradicate (* TODO *) ~user_documentation:"" - line 587: ~hum:"@Nullsafe annotation is redundant" Advice Eradicate (* TODO *) ~user_documentation:"" - line 592: ~hum:"@Nullsafe annotation is inconsistent with outer class" Warning Eradicate (* TODO *) - line 598: Eradicate (* TODO *) ~user_documentation:"" - line 619: ~hum:"Nullsafe mode: unchecked usage of a value" Warning Eradicate (* TODO *) - line 625: ~hum:"Nullsafe mode: unchecked usage of unvetted third-party" Warning Eradicate (* TODO *) - line 636: ~enabled:false Info Eradicate (* TODO *) ~user_documentation:"" - line 652: (* Should be enabled for special integrations *) ~enabled:false Advice Eradicate (* TODO *) infer/src/erlang/ErlangTranslator.ml (10 lines): - line 154: (* TODO: Cover all cases. *) - line 207: (* TODO: add Pulse model for this function T93361792 *) - line 436: (* TODO: handle exceptions T95448111 *) - line 580: (* TODO: proper modeling of equal vs exactly equal T95767672 *) - line 583: (* TODO: proper modeling of not equal vs exactly not equal T95767672 *) - line 601: make_simple_eager Mod (* TODO: check semantics of Rem vs Mod *) - line 856: (* TODO: add Pulse model for this function T93361792 *) - line 932: (* TODO: what should be the order of updates? *) - line 1079: (* TODO: handle exceptions T95448111 *) - line 1245: (* TODO: only mark public if exported. *) infer/src/erlang/ErlangAst.ml (9 lines): - line 11: (* TODO: validation, including basic type-checking *) - line 65: type type_specifier = (* TODO *) unit [@@deriving sexp_of] - line 157: | Map (* TODO: associations *) - line 162: | Record of string (* TODO: fields*) - line 164: | Remote of {module_: string; type_: string} (* TODO: arguments *) - line 165: | String (* TODO: replace this with [char()] when we model strings as lists. *) - line 168: | UserDefined of string (* TODO: arguments *) - line 185: (* TODO: Add types, and specs. *) - line 196: | Type of {name: string; type_: type_} (* TODO: arguments*) sledge/semantics/llvm_to_llair_sem_propScript.sml (8 lines): - line 638: (* TODO: unimplemented GEP stuff *) - line 670: (* TODO: unimplemented GEP stuff *) - line 950: (* TODO: pointer to int and int to pointer casts *) - line 970: (* TODO: identify some lemmas to cut down on the duplicated proof in the very - line 1142: (* TODO: prog_ok should enforce that the type is consistent *) - line 1513: (* TODO: need to know that stuck LLVM instructions translate to stuck - line 1944: (* TODO: LLVM "eval" gets stuck *) - line 2005: (* TODO: this won't be true once calls are added *) sledge/semantics/llairScript.sml (8 lines): - line 273: (* TODO: Nondet I guess we need to know the type here *) - line 274: (* TODO: Label *) - line 284: (* TODO Question: What if size <> vals? *) - line 300: (* TODO Question: Should the same integer with two different sizes be equal *) - line 442: (* TODO memset *) - line 451: (* TODO Question: should we allow overlap? *) - line 458: (* TODO memmove *) - line 535: (* TODO Throw *) infer/src/erlang/ErlangJsonParser.ml (8 lines): - line 420: | `List [`String "bin_element"; _anno; expression; size; (* TODO *) _type_specifier_list] -> - line 487: (* TODO: assert [_module] is current module *) - line 573: (* TODO: associations *) - line 593: (* TODO: fields *) - line 614: (* TODO: arguments *) - line 617: (* TODO: arguments *) - line 621: (* TODO: add more types *) - line 725: (* TODO *) sledge/semantics/llvm_to_llairScript.sml (7 lines): - line 123: (* TODO *) - line 150: (* TODO *) - line 212: (* TODO: Finish *) - line 224: (* TODO: Finish *) - line 278: (* TODO *) - line 344: (* TODO: exceptional return address *) - line 426: (* TODO: calculate these from the produced llair, and not the llvm *) sledge/semantics/llvmScript.sml (7 lines): - line 566: (* TODO *) - line 614: (* TODO Question is the number to allocate interpreted as a signed or - line 703: (* TODO *) - line 705: (* TODO *) - line 707: (* TODO *) - line 709: (* TODO *) - line 711: (* TODO *) infer/src/absint/HilExp.ml (6 lines): - line 396: (* TODO: doing this properly will require taking account of language-specific coercion - line 409: (* TODO: handle signedness *) - line 416: (* TODO: this will need to behave differently depending on whether we're in C++ or Java *) - line 478: let index_typ = (* TODO: bogus *) StdTyp.void in - line 558: (* TODO: this is a hack than can disappear once we have proper AccessExpressions (t23176430) *) - line 653: (* TODO: handle bitshifting cases, port eval_binop from RacerD.ml *) infer/src/pulse/PulsePathCondition.ml (5 lines): - line 115: (* TODO: add to non-formula domains? *) - line 168: (* TODO: this doesn't actually do "and" (it doesn't even take the caller interval into account) *) - line 186: (* TODO: it could be that the same value already had a binding; in that case we want to - line 223: (* TODO: it could be that the same value already had a binding if several variables from the - line 262: (* TODO: normalize here? *) infer/src/clang/cTrans.ml (5 lines): - line 868: (* TODO: For now, it does not generate the initializers for static local variables. This is - line 2611: (* TODO (T28898377): instead, we should extend trans_state with a list of maybe-throwing - line 3119: (* TODO: we shouldn't add that for global variables? *) - line 3930: (* TODO: Structs are missing copy constructor instructions when passed by value *) - line 4122: (* FIXME (t10135167): call destructor on deleted pointer if it's not null *) infer/src/biabduction/SymExec.ml (5 lines): - line 611: (* TODO (#15748878): Fix conflict with method overloading by encoding in the procedure name - line 821: (* TODO: (t7147096) extend this to detect mutual recursion *) - line 1505: (* FIXME (T19882766): we need to disable this for Java because it breaks too many tests *) - line 1508: (* FIXME (T19882766): we need to disable this for Java because it breaks too many tests *) - line 1511: (* FIXME: we need to work around a frontend hack for std::shared_ptr infer/src/java/jSourceParser.mly (4 lines): - line 153: | LBRACKET enum_constant_list RBRACKET // TODO add optional comma - line 186: | identifier LPAREN formal_parameter_list RPAREN // TODO add receive_parameter - line 251: | identifier LPAREN formal_parameter_list RPAREN dims? //TODO add receiver_parameter - line 303: // TODO: add labeled_statement facebook-clang-plugins/libtooling/ASTExporter.h (4 lines): - line 593: // TODO: lastLocColumn - line 1024: // // FIXME: do not use the local dump method - line 1029: // // FIXME: do not use the local dump method - line 4272: // FIXME: don't dump false when value is dependent website/static/odoc/1.1.0/odoc.css (4 lines): - line 385: /* FIXME: Does not work in Firefox. */ - line 395: /* Records and variants FIXME */ - line 432: /* FIXME remove */ - line 447: /* FIXME random other things to review. */ infer/src/pulse/PulseFormula.ml (4 lines): - line 1573: (** TODO: at the moment this doesn't try to discover and return new equalities implied by the - line 1734: (* TODO: we may want to keep the "simpler" representative for [v_new] between [l1] and [l2] *) - line 2185: (* TODO: we could probably be less coarse than keeping *all* restricted variables. This - line 2329: (* TODO: doing [QuantifierElimination.eliminate_vars; DeadVariables.eliminate] a few times may infer/src/quandary/TaintAnalysis.ml (4 lines): - line 179: (* TODO: group by matching call sites, remember all access paths *) - line 256: (* TODO: resolve footprint identifier to formal name *) - line 351: (* TODO (T23832636): fail hard here *) - line 738: (* TODO: tmp to focus on invariant 1 *) website/static/odoc/1.0.0/odoc.css (4 lines): - line 385: /* FIXME: Does not work in Firefox. */ - line 395: /* Records and variants FIXME */ - line 432: /* FIXME remove */ - line 447: /* FIXME random other things to review. */ infer/src/clang/cType_to_sil_type.ml (3 lines): - line 179: (* TODO desugar to qualtype *) - line 190: (* TODO desugar to qualtyp *) - line 196: (* TODO desugar typedeftype to qualtype *) infer/src/pulse/PulseOperations.ml (2 lines): - line 304: Ok (astate, (AbstractValue.mk_fresh (), (* TODO history *) ValueHistory.epoch)) - line 754: TODO: this can make use miss reporting memory leaks if another error is found *) infer/src/bufferoverrun/polynomials.ml (2 lines): - line 174: (* TODO: avoid creating zipped map *) - line 456: (* TODO: improve this for comparable symbols *) infer/src/pulse/PulseTopl.ml (2 lines): - line 211: (* TODO: include a hash of the automaton in a summary to avoid caching problems. *) - line 212: (* TODO: limit the number of simple_states to some configurable number (default ~5) *) infer/src/absint/ConcurrencyModels.ml (2 lines): - line 167: (* TODO std::try_lock *) - line 185: (* TODO std::scoped_lock *) website/static/odoc/next/odoc.css (2 lines): - line 496: /* FIXME: Does not work in Firefox. */ - line 506: /* Records and variants FIXME */ infer/src/clang/cScope.ml (2 lines): - line 199: , [ _init (* TODO: ignored here because ignored in [CTrans] *) - line 249: | ContinueStmt (stmt_info, _) (* TODO: GotoStmt *) -> infer/src/pulse/PulseDiagnostic.ml (2 lines): - line 329: (* TODO: say what line the source happened in the current function *) - line 476: (* TODO: the sink trace includes the history for the source in its own value history, infer/src/biabduction/Dom.ml (2 lines): - line 1623: L.d_str "TODO: " ; - line 1735: L.d_str "TODO: " ; infer/src/checkers/fragmentRetainsViewChecker.ml (2 lines): - line 52: (* TODO: complain if onDestroyView is not defined, yet the Fragment has View fields *) - line 53: (* TODO: handle fields nullified in callees in the same file *) infer/src/erlang/ErlangEnvironment.ml (2 lines): - line 115: (* TODO: might remove this later when we have tests *) - line 124: (* TODO: might remove this later when we have tests *) infer/src/IR/Procname.ml (2 lines): - line 670: (* TODO: deprecate this unfortunately named function and use is_clang instead *) - line 852: (* TODO: add cases for obj-c, c, c++ *) infer/src/java/jTrans.ml (2 lines): - line 96: (* TODO (T28155039): understand why fields cannot be found here *) - line 157: (* TODO (#4040807): Needs to add the JBir temporary variables since other parts of the infer/src/quandary/JavaTrace.ml (2 lines): - line 244: (* TODO: may not want to taint numbers or Enum's *) - line 472: (* TODO: separate non-injection sinks for PreparedStatement's *) infer/src/istd/UnionFind.ml (1 line): - line 66: let merge reprs x ~into:y = (* TODO: implement path compression *) XMap.add x y reprs infer/src/IR/ErlangTypeName.ml (1 line): - line 10: (* TODO: Add other types as they are needed by translation (otherwise it's dead code). *) infer/src/backend/preanal.ml (1 line): - line 51: TODO: handle calls into superclasses. infer/src/integration/Driver.ml (1 line): - line 216: (* Create a dummy bugs.txt file for backwards compatibility. TODO: Stop doing that one day. *) infer/models/c/src/libc_basic.c (1 line): - line 1685: // TODO: this function has been disabled because it cannot be compiled with infer/src/checkers/functionPointers.ml (1 line): - line 52: (* TODO: handle multiple procnames, e.g. with non-determinism branching *) ) infer/src/java/jSourceFileInfo.mll (1 line): - line 198: () ; (* TODO : record field location *) infer/src/cost/hoisting.ml (1 line): - line 109: (* Note: we report the innermost loop for hoisting out. TODO: Future infer/src/bufferoverrun/symb.ml (1 line): - line 156: (* TODO depending on the result, the call might represent multiple values *) infer/src/nullsafe/eradicateChecks.ml (1 line): - line 499: TODO (T5280249): investigate why argument lists can be of different length. *) infer/src/java/jProgramDesc.ml (1 line): - line 78: (* TODO T28155039 Figure out when and what to log *) infer/src/bufferoverrun/bufferOverrunModels.ml (1 line): - line 294: (* TODO: Raise an exception when given unexpected arguments. Before that, we need infer/src/erlang/ErlangTypes.ml (1 line): - line 89: such cases before. TODO: check for cycles in a validation step (T115271156) *) infer/src/pulse/PulseTaintOperations.ml (1 line): - line 26: (* TODO: write our own json handling using [Yojson] directly as atdgen generated parsers ignore infer/src/cost/costModels.ml (1 line): - line 441: (* TODO: T72085946; take the cost of function into account *) infer/src/pulse/PulseBaseDomain.ml (1 line): - line 23: (* TODO: we could record that 0 is an invalid address at this point but this makes the infer/src/erlang/ErlangScopes.ml (1 line): - line 80: (* TODO: support local variables in list comprehensions: T105967634 *) infer/src/unit/analyzerTester.ml (1 line): - line 36: (* TODO (t10287763): indent bodies of if/while *) infer/src/IR/JavaClassName.ml (1 line): - line 94: TODO: redesign this API so this case is modelled directly infer/src/erlang/ErlangAstValidator.ml (1 line): - line 317: (* TODO: validate other forms, e.g., type constraints *) infer/src/pulse/Pulse.ml (1 line): - line 583: (* TODO: Initial global constants only once *) infer/src/pulse/PulseModelsImport.ml (1 line): - line 178: (* TODO: lookup dynamic type; currently not set in C++, should update model of [new] *) infer/src/pulse/PulseAbductiveDomain.ml (1 line): - line 703: TODO: this should be part of [live_addresses] since all these addresses are actually infer/src/IR/Typ.ml (1 line): - line 271: (* TODO: size_t should be implementation-dependent. *) sledge/semantics/llvm_ssaScript.sml (1 line): - line 62: (* TODO: revisit throw when dealing with exceptions *) infer/src/absint/TaintTrace.ml (1 line): - line 138: (* TODO: pick the shortest path to a sink here instead (t14242809) *) infer/src/nullsafe/typeErr.ml (1 line): - line 234: (* TODO: this could be specified more precisely *) infer/src/concurrency/RacerDProcAnalysis.ml (1 line): - line 42: (* TODO: check for constants, which are functional? *) infer/src/nullsafe/models.ml (1 line): - line 38: (* TODO: convert the implementation that does not use PatternMatch *) infer/src/pulse/PulseInterproc.ml (1 line): - line 568: (TODO: record in the pre when a location is written to instead of just comparing values infer/src/backend/ClosuresSubstitution.ml (1 line): - line 40: | Closure _ (* TODO: implement for C++ lambdas *) -> infer/src/biabduction/interproc.ml (1 line): - line 126: (* TODO: reimplement compute_distance_to_exit_node in ProcCfg, and use that instead *) infer/src/pulse/PulseTaint.ml (1 line): - line 18: (* TODO: name of the formal / actual *) [@@deriving compare, equal] infer/src/clang/cFrontend_decl.ml (1 line): - line 243: (* TODO: some form of logging *) infer/src/backend/InferAnalyzeJson.ml (1 line): - line 152: (*TODO: need to check the usage of "None" *) infer/src/base/Logging.ml (1 line): - line 344: (* TODO T114149430 *) infer/src/pulse/PulseCItv.ml (1 line): - line 267: (TODO: we might want to keep only one of these, which would be a kind of recency model of infer/src/biabduction/Match.mli (1 line): - line 18: (* TODO: missing documentation *) infer/src/nullsafe/ErrorRenderingUtils.ml (1 line): - line 214: (* TODO: currently we do not support third-party annotations for fields. Because of this, infer/src/biabduction/Tabulation.ml (1 line): - line 641: (* TODO (t4893479): make this check less angelic *) infer/src/bufferoverrun/bufferOverrunDomain.ml (1 line): - line 790: (* TODO take range of multiplied one with log scale *) infer/src/java/jTransType.ml (1 line): - line 176: (* TODO (#6711750): fix type equality for arrays before failing here *) infer/src/pulse/PulseBaseAddressAttributes.ml (1 line): - line 216: (* TODO: merging attributes together can produce contradictory attributes, eg [MustBeValid] + infer/src/biabduction/Prover.ml (1 line): - line 2286: (* TODO: add appropriate fields *) infer/src/biabduction/Rearrange.mli (1 line): - line 13: exception (* TODO: this description is not clear *) infer/models/cpp/src/c_src/libc_basic.c (1 line): - line 1685: // TODO: this function has been disabled because it cannot be compiled with infer/src/bufferoverrun/bufferOverrunUtils.ml (1 line): - line 134: let traces = TraceSet.bottom (* TODO: location of field declaration *) in infer/src/clang/cTrans_utils.ml (1 line): - line 505: (* TODO: call user defined `new` when there is more than one placement argument *) infer/src/pulse/PulseModelsErlang.ml (1 line): - line 578: (* TODO: see T110841433 *) infer/src/clang/cArithmetic_trans.ml (1 line): - line 111: (* C++20 spaceship operator <=>, TODO *) infer/src/pulse/PulseSummary.ml (1 line): - line 62: contain the reason for invalidation and thus we will filter out the report. TODO: infer/src/topl/ToplAst.ml (1 line): - line 37: (Now ensured by parser. TODO: refactor to ensure with types.) *) infer/src/absint/Scheduler.ml (1 line): - line 80: (* TODO: could do this slightly more efficiently by keeping a list of priority zero nodes for infer/src/pulse/PulseModelsOptional.ml (1 line): - line 51: (* TODO: call the copy constructor of a value *) infer/src/pulse/PulseDecompiler.ml (1 line): - line 23: (* TODO: could add more kinds of operations too to show "x + y" or "x + 4", or even "x + infer/src/pulse/PulseModelsCpp.ml (1 line): - line 41: (* TODO: actually allocate an array *) facebook-clang-plugins/libtooling/atdlib/ATDWriter.h (1 line): - line 340: // TODO: unicode and other control chars infer/src/checkers/LithoDomain.ml (1 line): - line 194: (* TODO: sort chain by inserted order *) infer/src/nullsafe/typeCheck.ml (1 line): - line 538: (* TODO: This condition should be extracted into a dedicated rule *)