[cfe-commits] r159043 - in /cfe/trunk: lib/StaticAnalyzer/Checkers/MallocChecker.cpp test/Analysis/malloc.mm

Anna Zaks ganna at apple.com
Mon Jun 25 10:36:19 PDT 2012 

On Jun 24, 2012, at 4:56 PM, Ted Kremenek wrote:

> It's not an official convention for ObjC methods, it's just a heuristic.  How about first looking at the actual SDKs and grepping for methods with this naming style and seeing (a) how many there are and (b) whether the heuristic holds?
> 

I could not find other publicly exposed ObjC methods that end with "NoCopy" other than NSString and NSData.
There are a few CF functions with that name; however, they all have different conventions - some take a deallocator, which can choose not to free memory(CFString, CFStream), others just share the pointer (OSData, OSString).

In this case, we model that the function DOES free memory (and report errors if someone tries to free it afterwards). Not only do I need to know that the function with this name will definitely free, but also which argument is pointing to the buffer. It's hard to do this by doing simple keyword matching on the name.

Anna.
> On Jun 22, 2012, at 7:50 PM, Jordan Rose <jordan_rose at apple.com> wrote:
> 
>> Can we just go with the same NoCopy convention we have for functions, e.g. anything that ends in "NoCopy" might free memory?
>> 
>> 
>> On Jun 22, 2012, at 3:42 PM, Anna Zaks wrote:
>> 
>>> Author: zaks
>>> Date: Fri Jun 22 17:42:30 2012
>>> New Revision: 159043
>>> 
>>> URL: http://llvm.org/viewvc/llvm-project?rev=159043&view=rev
>>> Log:
>>> [analyzer] Teach malloc checker that initWith[Bytes|Characters}NoCopy 
>>> relinquish memory.
>>> 
>>> Modified:
>>>  cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
>>>  cfe/trunk/test/Analysis/malloc.mm
>>> 
>>> Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
>>> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp?rev=159043&r1=159042&r2=159043&view=diff
>>> ==============================================================================
>>> --- cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp (original)
>>> +++ cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp Fri Jun 22 17:42:30 2012
>>> @@ -504,7 +504,9 @@
>>> // Ex:  [NSData dataWithBytesNoCopy:bytes length:10];
>>> // Unless 'freeWhenDone' param set to 0.
>>> // TODO: Check that the memory was allocated with malloc.
>>> -  if (S.getNameForSlot(0) == "dataWithBytesNoCopy" &&
>>> +  if ((S.getNameForSlot(0) == "dataWithBytesNoCopy" ||
>>> +       S.getNameForSlot(0) == "initWithBytesNoCopy" ||
>>> +       S.getNameForSlot(0) == "initWithCharactersNoCopy") &&
>>>     !isFreeWhenDoneSetToZero(Call, S)){
>>>   unsigned int argIdx  = 0;
>>>   C.addTransition(FreeMemAux(C, Call.getArg(argIdx),
>>> 
>>> Modified: cfe/trunk/test/Analysis/malloc.mm
>>> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/malloc.mm?rev=159043&r1=159042&r2=159043&view=diff
>>> ==============================================================================
>>> --- cfe/trunk/test/Analysis/malloc.mm (original)
>>> +++ cfe/trunk/test/Analysis/malloc.mm Fri Jun 22 17:42:30 2012
>>> @@ -21,6 +21,16 @@
>>> NSData *nsdata = [[NSData alloc] initWithBytesNoCopy:data length:dataLength freeWhenDone:1]; // no-warning
>>> }
>>> 
>>> +void testNSStringFreeWhenDoneYES3(NSUInteger dataLength) {
>>> +  unsigned char *data = (unsigned char *)malloc(42);
>>> +  NSString *nsstr = [[NSString alloc] initWithBytesNoCopy:data length:dataLength encoding:NSUTF8StringEncoding freeWhenDone:1];
>>> +}
>>> +
>>> +void testNSStringFreeWhenDoneYES4(NSUInteger dataLength) {
>>> +  unichar *data = (unichar*)malloc(42);
>>> +  NSString *nsstr = [[NSString alloc] initWithCharactersNoCopy:data length:dataLength freeWhenDone:1];
>>> +  free(data); //expected-warning {{Attempt to free non-owned memory}}
>>> +}
>>> 
>>> void testNSStringFreeWhenDoneYES(NSUInteger dataLength) {
>>> unsigned char *data = (unsigned char *)malloc(42);
>>> 
>>> 
>>> _______________________________________________
>>> cfe-commits mailing list
>>> cfe-commits at cs.uiuc.edu
>>> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
>> 
>> _______________________________________________
>> cfe-commits mailing list
>> cfe-commits at cs.uiuc.edu
>> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits

More information about the cfe-commits mailing list