r188468 - [analyzer] If realloc fails on an escaped region, that region doesn't leak.

Дмитрий Дьяченко dimhen at gmail.com
Thu Aug 15 11:10:42 PDT 2013


Hopefully :)

Thanks,
Dmitry

2013/8/15 Jordan Rose <jordan_rose at apple.com>:
> Hopefully we'll get a generalized ownership checker for that -- see http://clang-analyzer.llvm.org/open_projects.html.
>
> Jordan
>
>
> On Aug 15, 2013, at 10:54 , Дмитрий Дьяченко <dimhen at gmail.com> wrote:
>
>> Nice!
>>
>> time to revisit http://llvm.org/bugs/show_bug.cgi?id=8395#c3 ?
>>
>> Dmitry
>>
>> 2013/8/15 Jordan Rose <jordan_rose at apple.com>:
>>> Author: jrose
>>> Date: Thu Aug 15 12:22:06 2013
>>> New Revision: 188468
>>>
>>> URL: http://llvm.org/viewvc/llvm-project?rev=188468&view=rev
>>> Log:
>>> [analyzer] If realloc fails on an escaped region, that region doesn't leak.
>>>
>>> When a region is realloc()ed, MallocChecker records whether it was known
>>> to be allocated or not. If it is, and the reallocation fails, the original
>>> region has to be freed. Previously, when an allocated region escaped,
>>> MallocChecker completely stopped tracking it, so a failed reallocation
>>> still (correctly) wouldn't require freeing the original region. Recently,
>>> however, MallocChecker started tracking escaped symbols, so that if it were
>>> freed we could check that the deallocator matched the allocator. This
>>> broke the reallocation model for whether or not a symbol was allocated.
>>>
>>> Now, MallocChecker will actually check if a symbol is owned, and only
>>> require freeing after a failed reallocation if it was owned before.
>>>
>>> PR16730
>>>
>>> Modified:
>>>    cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
>>>    cfe/trunk/test/Analysis/malloc.c
>>>
>>> Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
>>> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp?rev=188468&r1=188467&r2=188468&view=diff
>>> ==============================================================================
>>> --- cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp (original)
>>> +++ cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp Thu Aug 15 12:22:06 2013
>>> @@ -1060,7 +1060,7 @@ ProgramStateRef MallocChecker::FreeMemAu
>>>     }
>>>   }
>>>
>>> -  ReleasedAllocated = (RsBase != 0);
>>> +  ReleasedAllocated = (RsBase != 0) && RsBase->isAllocated();
>>>
>>>   // Clean out the info on previous call to free return info.
>>>   State = State->remove<FreeReturnValue>(SymBase);
>>>
>>> Modified: cfe/trunk/test/Analysis/malloc.c
>>> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/malloc.c?rev=188468&r1=188467&r2=188468&view=diff
>>> ==============================================================================
>>> --- cfe/trunk/test/Analysis/malloc.c (original)
>>> +++ cfe/trunk/test/Analysis/malloc.c Thu Aug 15 12:22:06 2013
>>> @@ -1207,6 +1207,16 @@ void freeMemory() {
>>>   }
>>> }
>>>
>>> +// PR16730
>>> +void testReallocEscaped(void **memory) {
>>> +  *memory = malloc(47);
>>> +  char *new_memory = realloc(*memory, 47);
>>> +  if (new_memory != 0) {
>>> +    *memory = new_memory;
>>> +  }
>>> +}
>>> +
>>> +
>>> // ----------------------------------------------------------------------------
>>> // False negatives.
>>>
>>>
>>>
>>> _______________________________________________
>>> cfe-commits mailing list
>>> cfe-commits at cs.uiuc.edu
>>> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
>




More information about the cfe-commits mailing list