[PATCH] D43791: [analyzer] Suppress MallocChecker positives in destructors with atomics.
Artem Dergachev via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Mon Feb 26 15:18:37 PST 2018
NoQ created this revision.
NoQ added reviewers: dcoughlin, xazax.hun, a.sidorin, george.karpenkov, szepet.
Herald added subscribers: cfe-commits, rnkovacs.
This patch is a targeted suppression heuristic for false positives `MallocChecker` produces when a shared / reference-counting pointer is copied (including, but not limited to, `llvm::IntrusiveRefCntPtr`). The program increments the reference count through an atomic `fetch_add` (which is often the C++11 `std::atomic<T>::fetch_add()` that executes the respective C11 atomic when inlined), then decrements it via `fetch_sub` (or via `fetch_add` while adding -1), then sees if the reference count is zero by comparing the value returned by `fetch_sub` to 1, then deletes the object if the reference count is indeed zero.
These false positives get amplified by inlining temporary destructors, but even in code without any temporary destructors these positives are reproducible, as the tests suggest.
We cannot easily model the comparison to 1 correctly: even if we model all atomic expressions precisely, the original reference count may still have been symbolic to begin with. And if we tried to assume that no overflows occur on reference counts, this would still require pattern-matching heuristics to figure out if a certain variable is a reference counter.
The proposed fix is to suppress `MallocChecker` positives that are caused by releasing memory in a destructor stack frame (or its children stack frames) after performing any C11 atomic `fetch_add` or `fetch_sub` in that destructor's stack frame (or its children stack frames). This is done in a visitor suppression.
Repository:
rC Clang
https://reviews.llvm.org/D43791
Files:
lib/StaticAnalyzer/Checkers/MallocChecker.cpp
test/Analysis/NewDelete-atomics.cpp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D43791.135995.patch
Type: text/x-patch
Size: 6465 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20180226/11111c2e/attachment.bin>
More information about the cfe-commits
mailing list