[PATCH] D31650: [Analyzer] Detect when function pointer is freed

Daniel Marjamäki via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Wed Apr 5 06:38:58 PDT 2017


danielmarjamaki added a comment.

In https://reviews.llvm.org/D31650#717691, @NoQ wrote:

> Is freeing function pointers always undefined?


I guess not.. however I don't personally see why it would be useful to allocate function pointers with malloc.

>   I wonder what happens if we take some JIT-enabled javascript engine, maybe with some on-stack replacement of theirs, it may `malloc()` a memory and use it as a function, and then eventually it'd need to free it by design. However, because we're analyzing a small part of the program, we may fail to see in the analyzer that the symbolic pointer originally comes from `malloc()`. Would such rare but important users be able to avoid/suppress the warning?

Maybe when writing JIT there is some usecase, I don't know. The code could be rewritten like:

  void *malloc(unsigned long);
  void free(void*);
  
  typedef void (*fnptr)(int);
  
  void allocatedFunctionPointer() {
    void *p = malloc(sizeof(fnptr));
    fnptr p2 = (fnptr)p;
    free(p);
  }

no warning is written about this code.


Repository:
  rL LLVM

https://reviews.llvm.org/D31650





More information about the cfe-commits mailing list