[PATCH] D49361: [analyzer][WIP] Detect pointers escaped after return statement execution in MallocChecker
Artem Dergachev via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Sun Jul 15 22:05:09 PDT 2018
NoQ added a comment.
Aha, so the destructors are called //after// the return statement! Makes sense.
The return statement is available in `ExprEngine::processEndOfFunction()`, so i guess we could improve the `checkEndFunction()` callback to provide it, and then we wouldn't need any of those extra state traits: the returned expression would be a sub-expression of the return statement and the return value would be, well, the value of the returned expression (hopefully). The procedure of adding more arguments to a callback is a bit annoying but straightforward.
I guess it'd be great to add a MallocChecker-only test. It should be possible by mocking a simple object that frees memory in its destructor (in a manner that the Analyzer can understand by inlining all methods of the object) and then returning that memory.
> The warning is emitted at the end of the function, which might be confusing.
I'm afraid it might be hard to fix; path-sensitive reports are usually thrown against the node and that node is already too far and the return statement node is too early.
@george.karpenkov would your `getEndPath()`-fu help here?
More information about the cfe-commits