[cfe-commits] r152065 - in /cfe/trunk: lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp test/Analysis/malloc.c test/Analysis/ptr-arith.c
Ted Kremenek
kremenek at apple.com
Mon Mar 5 15:06:19 PST 2012
Author: kremenek
Date: Mon Mar 5 17:06:19 2012
New Revision: 152065
URL: http://llvm.org/viewvc/llvm-project?rev=152065&view=rev
Log:
Teach SimpleSValBuilder that (in the absence of more information) stack memory doesn't alias symbolic memory. This is a heuristic/hack, but works well in practice. Fixes <rdar://problem/10978247>.
Modified:
cfe/trunk/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
cfe/trunk/test/Analysis/malloc.c
cfe/trunk/test/Analysis/ptr-arith.c
Modified: cfe/trunk/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp?rev=152065&r1=152064&r2=152065&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp Mon Mar 5 17:06:19 2012
@@ -714,6 +714,24 @@
// The two regions are from the same base region. See if they're both a
// type of region we know how to compare.
+ const MemSpaceRegion *LeftMS = LeftBase->getMemorySpace();
+ const MemSpaceRegion *RightMS = RightBase->getMemorySpace();
+
+ // Heuristic: assume that no symbolic region (whose memory space is
+ // unknown) is on the stack.
+ // FIXME: we should be able to be more precise once we can do better
+ // aliasing constraints for symbolic regions, but this is a reasonable,
+ // albeit unsound, assumption that holds most of the time.
+ if (isa<StackSpaceRegion>(LeftMS) ^ isa<StackSpaceRegion>(RightMS)) {
+ switch (op) {
+ default:
+ break;
+ case BO_EQ:
+ return makeTruthVal(false, resultTy);
+ case BO_NE:
+ return makeTruthVal(true, resultTy);
+ }
+ }
// FIXME: If/when there is a getAsRawOffset() for FieldRegions, this
// ElementRegion path and the FieldRegion path below should be unified.
Modified: cfe/trunk/test/Analysis/malloc.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/malloc.c?rev=152065&r1=152064&r2=152065&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/malloc.c (original)
+++ cfe/trunk/test/Analysis/malloc.c Mon Mar 5 17:06:19 2012
@@ -728,6 +728,38 @@
return 0;// expected-warning {{leak}}
}
+// <rdar://problem/10978247>.
+// some people use stack allocated memory as an optimization to avoid
+// a heap allocation for small work sizes. This tests the analyzer's
+// understanding that the malloc'ed memory is not the same as stackBuffer.
+void radar10978247(int myValueSize) {
+ char stackBuffer[128];
+ char *buffer;
+
+ if (myValueSize <= sizeof(stackBuffer))
+ buffer = stackBuffer;
+ else
+ buffer = malloc(myValueSize);
+
+ // do stuff with the buffer
+ if (buffer != stackBuffer)
+ free(buffer);
+}
+
+void radar10978247_positive(int myValueSize) {
+ char stackBuffer[128];
+ char *buffer;
+
+ if (myValueSize <= sizeof(stackBuffer))
+ buffer = stackBuffer;
+ else
+ buffer = malloc(myValueSize);
+
+ // do stuff with the buffer
+ if (buffer == stackBuffer) // expected-warning {{leak}}
+ return;
+}
+
// ----------------------------------------------------------------------------
// Below are the known false positives.
Modified: cfe/trunk/test/Analysis/ptr-arith.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/ptr-arith.c?rev=152065&r1=152064&r2=152065&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/ptr-arith.c (original)
+++ cfe/trunk/test/Analysis/ptr-arith.c Mon Mar 5 17:06:19 2012
@@ -269,7 +269,7 @@
int a;
if (&a == p)
- WARN; // expected-warning{{}}
+ WARN; // no-warning
if (&a != p)
WARN; // expected-warning{{}}
if (&a > p)
More information about the cfe-commits
mailing list