r188468 - [analyzer] If realloc fails on an escaped region, that region doesn't leak.
Jordan Rose
jordan_rose at apple.com
Thu Aug 15 10:56:17 PDT 2013
Hopefully we'll get a generalized ownership checker for that -- see http://clang-analyzer.llvm.org/open_projects.html.
Jordan
On Aug 15, 2013, at 10:54 , Дмитрий Дьяченко <dimhen at gmail.com> wrote:
> Nice!
>
> time to revisit http://llvm.org/bugs/show_bug.cgi?id=8395#c3 ?
>
> Dmitry
>
> 2013/8/15 Jordan Rose <jordan_rose at apple.com>:
>> Author: jrose
>> Date: Thu Aug 15 12:22:06 2013
>> New Revision: 188468
>>
>> URL: http://llvm.org/viewvc/llvm-project?rev=188468&view=rev
>> Log:
>> [analyzer] If realloc fails on an escaped region, that region doesn't leak.
>>
>> When a region is realloc()ed, MallocChecker records whether it was known
>> to be allocated or not. If it is, and the reallocation fails, the original
>> region has to be freed. Previously, when an allocated region escaped,
>> MallocChecker completely stopped tracking it, so a failed reallocation
>> still (correctly) wouldn't require freeing the original region. Recently,
>> however, MallocChecker started tracking escaped symbols, so that if it were
>> freed we could check that the deallocator matched the allocator. This
>> broke the reallocation model for whether or not a symbol was allocated.
>>
>> Now, MallocChecker will actually check if a symbol is owned, and only
>> require freeing after a failed reallocation if it was owned before.
>>
>> PR16730
>>
>> Modified:
>> cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
>> cfe/trunk/test/Analysis/malloc.c
>>
>> Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
>> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp?rev=188468&r1=188467&r2=188468&view=diff
>> ==============================================================================
>> --- cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp (original)
>> +++ cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp Thu Aug 15 12:22:06 2013
>> @@ -1060,7 +1060,7 @@ ProgramStateRef MallocChecker::FreeMemAu
>> }
>> }
>>
>> - ReleasedAllocated = (RsBase != 0);
>> + ReleasedAllocated = (RsBase != 0) && RsBase->isAllocated();
>>
>> // Clean out the info on previous call to free return info.
>> State = State->remove<FreeReturnValue>(SymBase);
>>
>> Modified: cfe/trunk/test/Analysis/malloc.c
>> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/malloc.c?rev=188468&r1=188467&r2=188468&view=diff
>> ==============================================================================
>> --- cfe/trunk/test/Analysis/malloc.c (original)
>> +++ cfe/trunk/test/Analysis/malloc.c Thu Aug 15 12:22:06 2013
>> @@ -1207,6 +1207,16 @@ void freeMemory() {
>> }
>> }
>>
>> +// PR16730
>> +void testReallocEscaped(void **memory) {
>> + *memory = malloc(47);
>> + char *new_memory = realloc(*memory, 47);
>> + if (new_memory != 0) {
>> + *memory = new_memory;
>> + }
>> +}
>> +
>> +
>> // ----------------------------------------------------------------------------
>> // False negatives.
>>
>>
>>
>> _______________________________________________
>> cfe-commits mailing list
>> cfe-commits at cs.uiuc.edu
>> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
More information about the cfe-commits
mailing list