[cfe-commits] unix.Malloc static checker improvement: memory.LeakPtrValChanged

Branden Archer b.m.archer4 at gmail.com
Sat Dec 15 21:58:35 PST 2012

I have recently started looking into clang, and was interested in
participating. After taking a look at the potential projects, the static
checking functionality seemed interesting. Specifically, I have taken a
look at the checker "memory.LeakPtrValChanged" mentioned on the list of
potential checkers page.

Warning: As this is my first attempt at hacking clang, I may have gone a
different route than someone with more experience in the project. If
something in my description or patch seems out of place, please let me know!

>From the description, the proposed memory.LeakPtrValChanged checker was to
only consider a pointer to newly allocated data losing its original value.
Through some investigation, I find that MemRegion objects which track
pointers to memory allocations can also maintain any offset currently
applied to the pointer. Using this information, the checker can reason
about invalidated pointers beyond being 'newly allocated'. For example, the
following case can be caught:

int * x = malloc(sizeof(int));
x += 1;

However, the following is valid:

int * x = malloc(sizeof(int));
x += 1;

The attached patch uses the RegionOffset of freed malloc allocations to
determine if the freed pointer has a non-zero offset, and post a warning in
this case. If the offset is symbolic (and thus not known to be non-zero),
no warning is posted. There are tests included to verify the proposed

Note that memory.LeakPtrValChanged mentioned checking both malloc/free and
new/delete, but this patch only considers malloc/free.

Please let me know if the attached patch is appropriate, or if it is
missing something or there is another solution which may be a better fit.

- Branden
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20121216/00f40412/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: leakPtrValChanged.patch
Type: application/octet-stream
Size: 3848 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20121216/00f40412/attachment.obj>

More information about the cfe-commits mailing list