[PATCH] D64680: [analyzer] MallocChecker: Prevent Integer Set Library false positives
Artem Dergachev via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Fri Jul 12 17:11:26 PDT 2019
NoQ added a comment.
Oh damn, i just realized that this way we track much more pointers than before, because we cannot restrict ourselves to pointers that have been explicitly malloc()ed during analysis. After all, we don't need to see the allocation site to diagnose use-after-free.
I'm afraid that it's going to be too many pointers.
Change of plans: let's suppress the warning when our `free()` is done within the function that has `__isl_take` in its definition. So, like, ascend the chain of location contexts and check your callers when you're about to mark the pointer as released. If any of the callers contain `__isl_take`, mark it as escaped instead.
================
Comment at: clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp:56-58
+ // If this checker does not model the allocation.
+ DoNothing,
+ // Reference to allocated memory.
----------------
We already have `Escaped`, it's the same thing in practice.
================
Comment at: clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp:2937-2942
+ const Stmt *S = PathDiagnosticLocation::getStmt(N);
+
+ if (RS && RS->isDoNothing()) {
+ BR.markInvalid(getTag(), S);
+ return nullptr;
+ }
----------------
{F9551724}
Repository:
rC Clang
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D64680/new/
https://reviews.llvm.org/D64680
More information about the cfe-commits
mailing list