[PATCH] D71041: [analyzer][discussion] Talk about escapes

Wed Dec 4 19:10:40 PST 2019

xazax.hun marked an inline comment as done.
xazax.hun added inline comments.

================
Comment at: clang/test/Analysis/fuchsia_handle.cpp:210
+  // Because of arrays, structs, the suggestion is to escape when whe no longer
+  // have any pointer to that symbolic region.
+  if (zx_channel_create(0, get_handle_address(), &sb))
----------------
NoQ wrote:
> NoQ wrote:
> > This has nothing to do with symbolic regions. We can run into this problem even if it's a local variable in the current stack frame:
> > ```lang=c++
> > void foo() {
> >   zx_handle_t sa, sb;
> >   escape(&sb); // Escape *before* create!!
> > 
> >   zx_channel_create(0, &sa, &sb);
> >   zx_handle_close(sa);
> >   close_escaped();
> > }
> > ```
> > 
> > The solution that'll obviously work would be to keep track of all regions that escaped at least once, and then not even start tracking the handle if it's getting placed into a region that causes an escape when written into or has itself escaped before, but that sounds like a huge overkill.
> > 
> > Lemme think. This sounds vaguely familiar but i can't immediately recall what my thoughts were last time i thought about it.
> `$ cat test.c`
> ```lang=c++
> void manage(void **x);
> void free_managed();
> 
> void foo() {
>   void *x;
>   manage(&x);
>   x = malloc(1);
>   free_managed();
> }
> ```
> `$ clang --analyze test.c`
> ```lang=c++
> test.c:8:3: warning: Potential leak of memory pointed to by 'x'
>   free_managed();
>   ^~~~~~~~~~~~~~
> 1 warning generated.
> ```
> Sigh.
Oh, I see. Yeah this one will be fun to deal with 

Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D71041/new/

https://reviews.llvm.org/D71041