[cfe-commits] r136418 - /cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
Ted Kremenek
kremenek at apple.com
Fri Jul 29 11:24:35 PDT 2011
There already is a test case. The bug was revealed when I made changes to the analyzer engine that exposed the problem, which caused one of the test cases to fail.
On Jul 29, 2011, at 10:29 AM, Chris Lattner wrote:
>
> On Jul 28, 2011, at 4:07 PM, Ted Kremenek wrote:
>
>> Author: kremenek
>> Date: Thu Jul 28 18:07:51 2011
>> New Revision: 136418
>>
>> URL: http://llvm.org/viewvc/llvm-project?rev=136418&view=rev
>> Log:
>> [analyzer] fix bug in malloc checker where the tracked symbol would not properly be removed from the state.
>
> Testcase?
>
> -Chris
>
>>
>> Modified:
>> cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
>>
>> Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
>> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp?rev=136418&r1=136417&r2=136418&view=diff
>> ==============================================================================
>> --- cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp (original)
>> +++ cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp Thu Jul 28 18:07:51 2011
>> @@ -578,24 +578,31 @@
>> RegionStateTy RS = state->get<RegionState>();
>> RegionStateTy::Factory &F = state->get_context<RegionState>();
>>
>> + bool generateReport = false;
>> +
>> for (RegionStateTy::iterator I = RS.begin(), E = RS.end(); I != E; ++I) {
>> if (SymReaper.isDead(I->first)) {
>> - if (I->second.isAllocated()) {
>> - if (ExplodedNode *N = C.generateNode()) {
>> - if (!BT_Leak)
>> - BT_Leak.reset(new BuiltinBug("Memory leak",
>> - "Allocated memory never released. Potential memory leak."));
>> - // FIXME: where it is allocated.
>> - BugReport *R = new BugReport(*BT_Leak, BT_Leak->getDescription(), N);
>> - C.EmitReport(R);
>> - }
>> - }
>> + if (I->second.isAllocated())
>> + generateReport = true;
>>
>> // Remove the dead symbol from the map.
>> RS = F.remove(RS, I->first);
>> +
>> }
>> }
>> - C.generateNode(state->set<RegionState>(RS));
>> +
>> + ExplodedNode *N = C.generateNode(state->set<RegionState>(RS));
>> +
>> + // FIXME: This does not handle when we have multiple leaks at a single
>> + // place.
>> + if (N && generateReport) {
>> + if (!BT_Leak)
>> + BT_Leak.reset(new BuiltinBug("Memory leak",
>> + "Allocated memory never released. Potential memory leak."));
>> + // FIXME: where it is allocated.
>> + BugReport *R = new BugReport(*BT_Leak, BT_Leak->getDescription(), N);
>> + C.EmitReport(R);
>> + }
>> }
>>
>> void MallocChecker::checkEndPath(EndOfFunctionNodeBuilder &B,
>>
>>
>> _______________________________________________
>> cfe-commits mailing list
>> cfe-commits at cs.uiuc.edu
>> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
>
More information about the cfe-commits
mailing list