<div dir="ltr">Hi, I've reverted r351508-351514 as they were causing MSan failures on the sanitizer bots. It looks like isLeak is not initialized by one of the RefCountReport constructors and it is not immediately obvious to me what an appropriate value for it is. You can observe the failures <a href="http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux-bootstrap-msan/builds/9894/steps/check-clang%20msan/logs/stdio">here</a>, they look like the following:<div><pre style="font-family:"Courier New",courier,monotype,monospace;font-size:medium"><span class="inbox-inbox-stdout">FAIL: Clang :: Analysis/inlining/path-notes.m (525 of 13800)
******************** TEST 'Clang :: Analysis/inlining/path-notes.m' FAILED ********************
Script:
--
: 'RUN: at line 1'; /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm_build_msan/bin/clang -cc1 -internal-isystem /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm_build_msan/lib/clang/9.0.0/include -nostdsysteminc -analyze -analyzer-constraints=range -analyzer-checker=core,osx.cocoa.NilArg,osx.cocoa.RetainCount -analyzer-output=text -analyzer-config suppress-null-return-paths=false -fblocks -verify /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/test/Analysis/inlining/path-notes.m
: 'RUN: at line 2'; /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm_build_msan/bin/clang -cc1 -internal-isystem /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm_build_msan/lib/clang/9.0.0/include -nostdsysteminc -analyze -analyzer-constraints=range -analyzer-checker=core,osx.cocoa.NilArg,osx.cocoa.RetainCount -analyzer-output=plist-multi-file -analyzer-config suppress-null-return-paths=false -fblocks /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/test/Analysis/inlining/path-notes.m -o /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm_build_msan/tools/clang/test/Analysis/inlining/Output/path-notes.m.tmp.plist
: 'RUN: at line 3'; cat /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm_build_msan/tools/clang/test/Analysis/inlining/Output/path-notes.m.tmp.plist | diff -u -w -I "<string>/" -I "<string>.:" -I "version" /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/test/Analysis/inlining/Inputs/expected-plists/path-notes.m.plist -
--
Exit Code: 77
Command Output (stderr):
--
==93612==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0xa0635a8 in clang::ento::retaincountchecker::RefCountReport::getRanges() /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountDiagnostics.h:65:9
#1 0xa18bb67 in clang::ento::BugReporterVisitor::getDefaultEndPath(clang::ento::BugReporterContext&, clang::ento::ExplodedNode const*, clang::ento::BugReport&) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp:176:27
#2 0xa05cf02 in clang::ento::retaincountchecker::RefCountReportVisitor::getEndPath(clang::ento::BugReporterContext&, clang::ento::ExplodedNode const*, clang::ento::BugReport&) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountDiagnostics.cpp:681:10
#3 0xa15b9aa in generateVisitorsDiagnostics(clang::ento::BugReport*, clang::ento::ExplodedNode const*, clang::ento::BugReporterContext&) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporter.cpp:2564:29
#4 0xa1429dc in findValidReport /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporter.cpp:2621:9
#5 0xa1429dc in clang::ento::GRBugReporter::generatePathDiagnostics(llvm::ArrayRef<clang::ento::PathDiagnosticConsumer*>, llvm::ArrayRef<clang::ento::BugReport*>&) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporter.cpp:2670
#6 0xa14f991 in clang::ento::BugReporter::generateDiagnosticForConsumerMap(clang::ento::BugReport*, llvm::ArrayRef<clang::ento::PathDiagnosticConsumer*>, llvm::ArrayRef<clang::ento::BugReport*>) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporter.cpp:3092:5
#7 0xa13cbc1 in clang::ento::BugReporter::FlushReport(clang::ento::BugReportEquivClass&) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporter.cpp:2948:7
#8 0xa13a171 in clang::ento::BugReporter::FlushReports() /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporter.cpp:2254:5
#9 0x99e9463 in RunPathSensitiveChecks /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:752:24
#10 0x99e9463 in (anonymous namespace)::AnalysisConsumer::HandleCode(clang::Decl*, unsigned int, clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*, llvm::DenseMapInfo<clang::Decl const*> >*) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:716
#11 0x99ca7d6 in HandleDeclsCallGraph /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:507:5
#12 0x99ca7d6 in runAnalysisOnTranslationUnit /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:554
#13 0x99ca7d6 in (anonymous namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:585
#14 0xa5083e5 in clang::ParseAST(clang::Sema&, bool, bool) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/Parse/ParseAST.cpp:170:13
#15 0x7660470 in clang::FrontendAction::Execute() /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/Frontend/FrontendAction.cpp:935:8
#16 0x757956b in clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/Frontend/CompilerInstance.cpp:955:11
#17 0x788b6ea in clang::ExecuteCompilerInvocation(clang::CompilerInstance*) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:268:25
#18 0xb2c545 in cc1_main(llvm::ArrayRef</span><span class="inbox-inbox-stdout"><char const*>, char const*, void*) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/tools/driver/cc1_main.cpp:219:13
</span><span class="inbox-inbox-stdout"> #19 0xb2567e in ExecuteCC1Tool /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/tools/driver/driver.cpp:310:12
#20 0xb2567e in main /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/tools/driver/driver.cpp:382
#21 0x7f65de62a2e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
#22 0xaa6779 in _start (/b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm_build_msan/bin/clang-9+0xaa6779)
SUMMARY: MemorySanitizer: use-of-uninitialized-value /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountDiagnostics.h:65:9 in clang::ento::retaincountchecker::RefCountReport::getRanges()
Exiting
--
********************
Testing: 0
FAIL: Clang :: Analysis/objc-subscript.m (717 of 13800)
******************** TEST 'Clang :: Analysis/objc-subscript.m' FAILED ********************
Script:
--
: 'RUN: at line 1'; /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm_build_msan/bin/clang -cc1 -internal-isystem /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm_build_msan/lib/clang/9.0.0/include -nostdsysteminc -analyze -analyzer-constraints=range -analyzer-checker=core,osx.cocoa.RetainCount -analyzer-store=region -verify -Wno-objc-root-class /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/test/Analysis/objc-subscript.m
--
Exit Code: 77
Command Output (stderr):
--
==94025==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0xa0635a8 in clang::ento::retaincountchecker::RefCountReport::getRanges() /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountDiagnostics.h:65:9
#1 0xa18bb67 in clang::ento::BugReporterVisitor::getDefaultEndPath(clang::ento::BugReporterContext&, clang::ento::ExplodedNode const*, clang::ento::BugReport&) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp:176:27
#2 0xa05cf02 in clang::ento::retaincountchecker::RefCountReportVisitor::getEndPath(clang::ento::BugReporterContext&, clang::ento::ExplodedNode const*, clang::ento::BugReport&) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountDiagnostics.cpp:681:10
#3 0xa15b9aa in generateVisitorsDiagnostics(clang::ento::BugReport*, clang::ento::ExplodedNode const*, clang::ento::BugReporterContext&) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporter.cpp:2564:29
#4 0xa1429dc in findValidReport /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporter.cpp:2621:9
#5 0xa1429dc in clang::ento::GRBugReporter::generatePathDiagnostics(llvm::ArrayRef<clang::ento::PathDiagnosticConsumer*>, llvm::ArrayRef<clang::ento::BugReport*>&) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporter.cpp:2670
#6 0xa14f991 in clang::ento::BugReporter::generateDiagnosticForConsumerMap(clang::ento::BugReport*, llvm::ArrayRef<clang::ento::PathDiagnosticConsumer*>, llvm::ArrayRef<clang::ento::BugReport*>) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporter.cpp:3092:5
#7 0xa13cbc1 in clang::ento::BugReporter::FlushReport(clang::ento::BugReportEquivClass&) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporter.cpp:2948:7
#8 0xa13a171 in clang::ento::BugReporter::FlushReports() /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporter.cpp:2254:5
#9 0x99e9463 in RunPathSensitiveChecks /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:752:24
#10 0x99e9463 in (anonymous namespace)::AnalysisConsumer::HandleCode(clang::Decl*, unsigned int, clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*, llvm::DenseMapInfo<clang::Decl const*> >*) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:716
#11 0x99ca7d6 in HandleDeclsCallGraph /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:507:5
#12 0x99ca7d6 in runAnalysisOnTranslationUnit /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:554
#13 0x99ca7d6 in (anonymous namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:585
#14 0xa5083e5 in clang::ParseAST(clang::Sema&, bool, bool) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/Parse/ParseAST.cpp:170:13
#15 0x7660470 in clang::FrontendAction::Execute() /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/Frontend/FrontendAction.cpp:935:8
#16 0x757956b in clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/Frontend/CompilerInstance.cpp:955:11
#17 0x788b6ea in clang::ExecuteCompilerInvocation(clang::CompilerInstance*) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:268:25
#18 0xb2c545 in cc1_main(llvm::ArrayRef<char const*>, char const*, void*) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/tools/driver/cc1_main.cpp:219:13
#19 0xb2567e in ExecuteCC1Tool /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/tools/driver/driver.cpp:310:12
#20 0xb2567e in main /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/tools/driver/driver.cpp:382
#21 0x7f6b71c1d2e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
#22 0xaa6779 in _start (/b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm_build_msan/bin/clang-9+0xaa6779)
SUMMARY: MemorySanitizer: use-of-uninitialized-value /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountDiagnostics.h:65:9 in clang::ento::retaincountchecker::RefCountReport::getRanges()
Exiting
--
********************
Testing: 0
FAIL: Clang :: Analysis/retain-release-path-notes.m (814 of 13800)
******************** TEST 'Clang :: Analysis/retain-release-path-notes.m' FAILED ********************
Script:
--
: 'RUN: at line 1'; /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm_build_msan/bin/clang -cc1 -internal-isystem /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm_build_msan/lib/clang/9.0.0/include -nostdsysteminc -analyze -analyzer-constraints=range -triple x86_64-apple-darwin10 -analyzer-checker=core,osx.coreFoundation.CFRetainRelease,osx.cocoa.ClassRelease,osx.cocoa.RetainCount -analyzer-store=region -analyzer-output=text -verify /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/test/Analysis/retain-release-path-notes.m
: 'RUN: at line 2'; /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm_build_msan/bin/clang -cc1 -internal-isystem /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm_build_msan/lib/clang/9.0.0/include -nostdsysteminc -analyze -analyzer-constraints=range -triple x86_64-apple-darwin10 -analyzer-checker=core,osx.coreFoundation.CFRetainRelease,osx.cocoa.ClassRelease,osx.cocoa.RetainCount -analyzer-store=region -analyzer-output=plist-multi-file /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/test/Analysis/retain-release-path-notes.m -o /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm_build_msan/tools/clang/test/Analysis/Output/retain-release-path-notes.m.tmp
: 'RUN: at line 3'; cat /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm_build_msan/tools/clang/test/Analysis/Output/retain-release-path-notes.m.tmp | diff -u -w -I "<string>/" -I "<string>.:" -I "version" /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/test/Analysis/Inputs/expected-plists/retain-release-path-notes.m.plist -
--
Exit Code: 77
Command Output (stderr):
--
==94175==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0xa0635a8 in clang::ento::retaincountchecker::RefCountReport::getRanges() /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountDiagnostics.h:65:9
#1 0xa18bb67 in clang::ento::BugReporterVisitor::getDefaultEndPath(clang::ento::BugReporterContext&, clang::ento::ExplodedNode const*, clang::ento::BugReport&) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp:176:27
#2 0xa05cf02 in clang::ento::retaincountchecker::RefCountReportVisitor::getEndPath(clang::ento::BugReporterContext&, clang::ento::ExplodedNode const*, clang::ento::BugReport&) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountDiagnostics.cpp:681:10
#3 0xa15b9aa in generateVisitorsDiagnostics(clang::ento::BugReport*, clang::ento::ExplodedNode const*, clang::ento::BugReporterContext&) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporter.cpp:2564:29
#4 0xa1429dc in findValidReport /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporter.cpp:2621:9
#5 0xa1429dc in clang::ento::GRBugReporter::generatePathDiagnostics(llvm::ArrayRef<clang::ento::PathDiagnosticConsumer*>, llvm::ArrayRef<clang::ento::BugReport*>&) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporter.cpp:2670
#6 0xa14f991 in clang::ento::BugReporter::generateDiagnosticForConsumerMap(clang::ento::BugReport*, llvm::ArrayRef<clang::ento::PathDiagnosticConsumer*>, llvm::ArrayRef<clang::ento::BugReport*>) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Core/B</span><span class="inbox-inbox-stdout">ugReporter.cpp:3092:5
</span><span class="inbox-inbox-stdout"> #7 0xa13cbc1 in clang::ento::BugReporter::FlushReport(clang::ento::BugReportEquivClass&) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporter.cpp:2948:7
#8 0xa13a171 in clang::ento::BugReporter::FlushReports() /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporter.cpp:2254:5
#9 0x99e9463 in RunPathSensitiveChecks /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:752:24
#10 0x99e9463 in (anonymous namespace)::AnalysisConsumer::HandleCode(clang::Decl*, unsigned int, clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*, llvm::DenseMapInfo<clang::Decl const*> >*) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:716
#11 0x99ca7d6 in HandleDeclsCallGraph /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:507:5
#12 0x99ca7d6 in runAnalysisOnTranslationUnit /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:554
#13 0x99ca7d6 in (anonymous namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:585
#14 0xa5083e5 in clang::ParseAST(clang::Sema&, bool, bool) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/Parse/ParseAST.cpp:170:13
#15 0x7660470 in clang::FrontendAction::Execute() /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/Frontend/FrontendAction.cpp:935:8
#16 0x757956b in clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/Frontend/CompilerInstance.cpp:955:11
#17 0x788b6ea in clang::ExecuteCompilerInvocation(clang::CompilerInstance*) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:268:25
#18 0xb2c545 in cc1_main(llvm::ArrayRef<char const*>, char const*, void*) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/tools/driver/cc1_main.cpp:219:13
#19 0xb2567e in ExecuteCC1Tool /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/tools/driver/driver.cpp:310:12
#20 0xb2567e in main /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/tools/driver/driver.cpp:382
#21 0x7f2d9deff2e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
#22 0xaa6779 in _start (/b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm_build_msan/bin/clang-9+0xaa6779)
SUMMARY: MemorySanitizer: use-of-uninitialized-value /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountDiagnostics.h:65:9 in clang::ento::retaincountchecker::RefCountReport::getRanges()
Exiting
--
********************
Testing: 0 .
FAIL: Clang :: Analysis/retain-release.m (870 of 13800)
******************** TEST 'Clang :: Analysis/retain-release.m' FAILED ********************
Script:
--
: 'RUN: at line 1'; rm -f /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm_build_msan/tools/clang/test/Analysis/Output/retain-release.m.tmp.objc.plist /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm_build_msan/tools/clang/test/Analysis/Output/retain-release.m.tmp.objcpp.plist
: 'RUN: at line 2'; /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm_build_msan/bin/clang -cc1 -internal-isystem /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm_build_msan/lib/clang/9.0.0/include -nostdsysteminc -analyze -analyzer-constraints=range -triple x86_64-apple-darwin10 -analyzer-checker=core,osx.coreFoundation.CFRetainRelease -analyzer-checker=osx.cocoa.ClassRelease,osx.cocoa.RetainCount -analyzer-checker=debug.ExprInspection -fblocks -verify /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/test/Analysis/retain-release.m -Wno-objc-root-class -analyzer-output=plist -o /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm_build_msan/tools/clang/test/Analysis/Output/retain-release.m.tmp.objc.plist
: 'RUN: at line 7'; /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm_build_msan/bin/clang -cc1 -internal-isystem /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm_build_msan/lib/clang/9.0.0/include -nostdsysteminc -analyze -analyzer-constraints=range -triple x86_64-apple-darwin10 -analyzer-checker=core,osx.coreFoundation.CFRetainRelease -analyzer-checker=osx.cocoa.ClassRelease,osx.cocoa.RetainCount -analyzer-checker=debug.ExprInspection -fblocks -verify /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/test/Analysis/retain-release.m -Wno-objc-root-class -analyzer-output=plist -o /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm_build_msan/tools/clang/test/Analysis/Output/retain-release.m.tmp.objcpp.plist -x objective-c++ -std=gnu++98
: 'RUN: at line 13'; cat /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm_build_msan/tools/clang/test/Analysis/Output/retain-release.m.tmp.objcpp.plist | diff -u -w -I "<string>/" -I "<string>.:" -I "version" /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/test/Analysis/Inputs/expected-plists/retain-release.m.objcpp.plist -
: 'RUN: at line 14'; cat /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm_build_msan/tools/clang/test/Analysis/Output/retain-release.m.tmp.objc.plist | diff -u -w -I "<string>/" -I "<string>.:" -I "version" /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/test/Analysis/Inputs/expected-plists/retain-release.m.objc.plist -
--
Exit Code: 77
Command Output (stderr):
--
==94235==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0xa0635a8 in clang::ento::retaincountchecker::RefCountReport::getRanges() /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountDiagnostics.h:65:9
#1 0xa18bb67 in clang::ento::BugReporterVisitor::getDefaultEndPath(clang::ento::BugReporterContext&, clang::ento::ExplodedNode const*, clang::ento::BugReport&) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp:176:27
#2 0xa05cf02 in clang::ento::retaincountchecker::RefCountReportVisitor::getEndPath(clang::ento::BugReporterContext&, clang::ento::ExplodedNode const*, clang::ento::BugReport&) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountDiagnostics.cpp:681:10
#3 0xa15b9aa in generateVisitorsDiagnostics(clang::ento::BugReport*, clang::ento::ExplodedNode const*, clang::ento::BugReporterContext&) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporter.cpp:2564:29
#4 0xa1429dc in findValidReport /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporter.cpp:2621:9
#5 0xa1429dc in clang::ento::GRBugReporter::generatePathDiagnostics(llvm::ArrayRef<clang::ento::PathDiagnosticConsumer*>, llvm::ArrayRef<clang::ento::BugReport*>&) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporter.cpp:2670
#6 0xa14f991 in clang::ento::BugReporter::generateDiagnosticForConsumerMap(clang::ento::BugReport*, llvm::ArrayRef<clang::ento::PathDiagnosticConsumer*>, llvm::ArrayRef<clang::ento::BugReport*>) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporter.cpp:3092:5
#7 0xa13cbc1 in clang::ento::BugReporter::FlushReport(clang::ento::BugReportEquivClass&) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporter.cpp:2948:7
#8 0xa13a171 in clang::ento::BugReporter::FlushReports() /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporter.cpp:2254:5
#9 0x99e9463 in RunPathSensitiveChecks /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:752:24
#10 0x99e9463 in (anonymous namespace)::AnalysisConsumer::HandleCode(clang::Decl*, unsigned int, clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*, llvm::DenseMapInfo<clang::Decl const*> >*) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:716
#11 0x99ca7d6 in HandleDeclsCallGraph /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:507:5
#12 0x99ca7d6 in runAnalysisOnTranslationUnit /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:554
#13 0x99ca7d6 in (anonymous namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:585
#14 0xa5083e5 in clang::ParseAST(clang::Sema&, bool, bool) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/Parse/ParseAST.cpp:170:13
#15 0x7660470 in clang::FrontendAction::Execute() /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/Frontend/FrontendAction.cpp:935:8
#16 0x757956b in clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/Frontend/CompilerInstance.cpp:955:11
#17 0x788b6ea in clang::ExecuteCompilerInvocation(clang::CompilerInstance*) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:268:25
#18 0xb2c545 in cc1_main(llvm::ArrayRef<char const*>, char const*, void*) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/tools/driver/cc1_main.cpp:219:13
#19 0xb2567e in ExecuteCC1Tool /b/sanitizer-x86_6</span><span class="inbox-inbox-stdout">4-linux-bootstrap-msan/build/llvm/tools/clang/tools/driver/driver.cpp:310:12
</span><span class="inbox-inbox-stdout"> #20 0xb2567e in main /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/tools/driver/driver.cpp:382
#21 0x7ff6ee07c2e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
#22 0xaa6779 in _start (/b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm_build_msan/bin/clang-9+0xaa6779)
SUMMARY: MemorySanitizer: use-of-uninitialized-value /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountDiagnostics.h:65:9 in clang::ento::retaincountchecker::RefCountReport::getRanges()
Exiting
--
********************
Testing: 0 .
FAIL: Clang :: Analysis/properties.m (1045 of 13800)
******************** TEST 'Clang :: Analysis/properties.m' FAILED ********************
Script:
--
: 'RUN: at line 1'; /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm_build_msan/bin/clang -cc1 -internal-isystem /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm_build_msan/lib/clang/9.0.0/include -nostdsysteminc -analyze -analyzer-constraints=range -analyzer-checker=core,osx.cocoa.RetainCount,osx.cocoa.Dealloc,debug.ExprInspection -analyzer-store=region -verify -Wno-objc-root-class -analyzer-config eagerly-assume=false /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/test/Analysis/properties.m
: 'RUN: at line 2'; /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm_build_msan/bin/clang -cc1 -internal-isystem /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm_build_msan/lib/clang/9.0.0/include -nostdsysteminc -analyze -analyzer-constraints=range -analyzer-checker=core,osx.cocoa.RetainCount,osx.cocoa.Dealloc,debug.ExprInspection -analyzer-store=region -verify -Wno-objc-root-class -fobjc-arc -analyzer-config eagerly-assume=false /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/test/Analysis/properties.m
--
Exit Code: 77
Command Output (stderr):
--
==94119==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0xa0635a8 in clang::ento::retaincountchecker::RefCountReport::getRanges() /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountDiagnostics.h:65:9
#1 0xa18bb67 in clang::ento::BugReporterVisitor::getDefaultEndPath(clang::ento::BugReporterContext&, clang::ento::ExplodedNode const*, clang::ento::BugReport&) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp:176:27
#2 0xa05cf02 in clang::ento::retaincountchecker::RefCountReportVisitor::getEndPath(clang::ento::BugReporterContext&, clang::ento::ExplodedNode const*, clang::ento::BugReport&) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountDiagnostics.cpp:681:10
#3 0xa15b9aa in generateVisitorsDiagnostics(clang::ento::BugReport*, clang::ento::ExplodedNode const*, clang::ento::BugReporterContext&) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporter.cpp:2564:29
#4 0xa1429dc in findValidReport /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporter.cpp:2621:9
#5 0xa1429dc in clang::ento::GRBugReporter::generatePathDiagnostics(llvm::ArrayRef<clang::ento::PathDiagnosticConsumer*>, llvm::ArrayRef<clang::ento::BugReport*>&) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporter.cpp:2670
#6 0xa14f991 in clang::ento::BugReporter::generateDiagnosticForConsumerMap(clang::ento::BugReport*, llvm::ArrayRef<clang::ento::PathDiagnosticConsumer*>, llvm::ArrayRef<clang::ento::BugReport*>) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporter.cpp:3092:5
#7 0xa13cbc1 in clang::ento::BugReporter::FlushReport(clang::ento::BugReportEquivClass&) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporter.cpp:2948:7
#8 0xa13a171 in clang::ento::BugReporter::FlushReports() /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporter.cpp:2254:5
#9 0x99e9463 in RunPathSensitiveChecks /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:752:24
#10 0x99e9463 in (anonymous namespace)::AnalysisConsumer::HandleCode(clang::Decl*, unsigned int, clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*, llvm::DenseMapInfo<clang::Decl const*> >*) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:716
#11 0x99ca7d6 in HandleDeclsCallGraph /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:507:5
#12 0x99ca7d6 in runAnalysisOnTranslationUnit /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:554
#13 0x99ca7d6 in (anonymous namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:585
#14 0xa5083e5 in clang::ParseAST(clang::Sema&, bool, bool) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/Parse/ParseAST.cpp:170:13
#15 0x7660470 in clang::FrontendAction::Execute() /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/Frontend/FrontendAction.cpp:935:8
#16 0x757956b in clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/Frontend/CompilerInstance.cpp:955:11
#17 0x788b6ea in clang::ExecuteCompilerInvocation(clang::CompilerInstance*) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:268:25
#18 0xb2c545 in cc1_main(llvm::ArrayRef<char const*>, char const*, void*) /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/tools/driver/cc1_main.cpp:219:13
#19 0xb2567e in ExecuteCC1Tool /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/tools/driver/driver.cpp:310:12
#20 0xb2567e in main /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/tools/driver/driver.cpp:382
#21 0x7ff5537e82e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
#22 0xaa6779 in _start (/b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm_build_msan/bin/clang-9+0xaa6779)
SUMMARY: MemorySanitizer: use-of-uninitialized-value /b/sanitizer-x86_64-linux-bootstrap-msan/build/llvm/tools/clang/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountDiagnostics.h:65:9 in clang::ento::retaincountchecker::RefCountReport::getRanges()
</span></pre></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Jan 17, 2019 at 7:17 PM George Karpenkov via cfe-commits <<a href="mailto:cfe-commits@lists.llvm.org">cfe-commits@lists.llvm.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Author: george.karpenkov<br>
Date: Thu Jan 17 19:13:53 2019<br>
New Revision: 351514<br>
<br>
URL: <a href="http://llvm.org/viewvc/llvm-project?rev=351514&view=rev" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project?rev=351514&view=rev</a><br>
Log:<br>
[analyzer] Introduce proper diagnostic for freeing unowned object<br>
<br>
Insert a note when the object becomes not (exclusively) owned.<br>
<br>
Differential Revision: <a href="https://reviews.llvm.org/D56891" rel="noreferrer" target="_blank">https://reviews.llvm.org/D56891</a><br>
<br>
Modified:<br>
cfe/trunk/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountChecker.cpp<br>
cfe/trunk/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountChecker.h<br>
cfe/trunk/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountDiagnostics.cpp<br>
cfe/trunk/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountDiagnostics.h<br>
cfe/trunk/test/Analysis/osobject-retain-release.cpp<br>
<br>
Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountChecker.cpp<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountChecker.cpp?rev=351514&r1=351513&r2=351514&view=diff" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountChecker.cpp?rev=351514&r1=351513&r2=351514&view=diff</a><br>
==============================================================================<br>
--- cfe/trunk/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountChecker.cpp (original)<br>
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountChecker.cpp Thu Jan 17 19:13:53 2019<br>
@@ -803,13 +803,16 @@ ProgramStateRef RetainCountChecker::upda<br>
}<br>
<br>
const RefCountBug &<br>
-RetainCountChecker::errorKindToBugKind(RefVal::Kind ErrorKind) const {<br>
+RetainCountChecker::errorKindToBugKind(RefVal::Kind ErrorKind,<br>
+ SymbolRef Sym) const {<br>
switch (ErrorKind) {<br>
case RefVal::ErrorUseAfterRelease:<br>
return useAfterRelease;<br>
case RefVal::ErrorReleaseNotOwned:<br>
return releaseNotOwned;<br>
case RefVal::ErrorDeallocNotOwned:<br>
+ if (Sym->getType()->getPointeeCXXRecordDecl())<br>
+ return freeNotOwned;<br>
return deallocNotOwned;<br>
default:<br>
llvm_unreachable("Unhandled error.");<br>
@@ -836,7 +839,8 @@ void RetainCountChecker::processNonLeakE<br>
return;<br>
<br>
auto report = llvm::make_unique<RefCountReport>(<br>
- errorKindToBugKind(ErrorKind), C.getASTContext().getLangOpts(), N, Sym);<br>
+ errorKindToBugKind(ErrorKind, Sym),<br>
+ C.getASTContext().getLangOpts(), N, Sym);<br>
report->addRange(ErrorRange);<br>
C.emitReport(std::move(report));<br>
}<br>
<br>
Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountChecker.h<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountChecker.h?rev=351514&r1=351513&r2=351514&view=diff" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountChecker.h?rev=351514&r1=351513&r2=351514&view=diff</a><br>
==============================================================================<br>
--- cfe/trunk/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountChecker.h (original)<br>
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountChecker.h Thu Jan 17 19:13:53 2019<br>
@@ -255,6 +255,7 @@ class RetainCountChecker<br>
RefCountBug useAfterRelease{this, RefCountBug::UseAfterRelease};<br>
RefCountBug releaseNotOwned{this, RefCountBug::ReleaseNotOwned};<br>
RefCountBug deallocNotOwned{this, RefCountBug::DeallocNotOwned};<br>
+ RefCountBug freeNotOwned{this, RefCountBug::FreeNotOwned};<br>
RefCountBug overAutorelease{this, RefCountBug::OverAutorelease};<br>
RefCountBug returnNotOwnedForOwned{this, RefCountBug::ReturnNotOwnedForOwned};<br>
RefCountBug leakWithinFunction{this, RefCountBug::LeakWithinFunction};<br>
@@ -336,8 +337,8 @@ public:<br>
RefVal V, ArgEffect E, RefVal::Kind &hasErr,<br>
CheckerContext &C) const;<br>
<br>
-<br>
- const RefCountBug &errorKindToBugKind(RefVal::Kind ErrorKind) const;<br>
+ const RefCountBug &errorKindToBugKind(RefVal::Kind ErrorKind,<br>
+ SymbolRef Sym) const;<br>
<br>
void processNonLeakError(ProgramStateRef St, SourceRange ErrorRange,<br>
RefVal::Kind ErrorKind, SymbolRef Sym,<br>
<br>
Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountDiagnostics.cpp<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountDiagnostics.cpp?rev=351514&r1=351513&r2=351514&view=diff" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountDiagnostics.cpp?rev=351514&r1=351513&r2=351514&view=diff</a><br>
==============================================================================<br>
--- cfe/trunk/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountDiagnostics.cpp (original)<br>
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountDiagnostics.cpp Thu Jan 17 19:13:53 2019<br>
@@ -27,6 +27,8 @@ StringRef RefCountBug::bugTypeToName(Ref<br>
return "Bad release";<br>
case DeallocNotOwned:<br>
return "-dealloc sent to non-exclusively owned object";<br>
+ case FreeNotOwned:<br>
+ return "freeing non-exclusively owned object";<br>
case OverAutorelease:<br>
return "Object autoreleased too many times";<br>
case ReturnNotOwnedForOwned:<br>
@@ -47,6 +49,8 @@ StringRef RefCountBug::getDescription()<br>
"not owned at this point by the caller";<br>
case DeallocNotOwned:<br>
return "-dealloc sent to object that may be referenced elsewhere";<br>
+ case FreeNotOwned:<br>
+ return "'free' called on an object that may be referenced elsewhere";<br>
case OverAutorelease:<br>
return "Object autoreleased too many times";<br>
case ReturnNotOwnedForOwned:<br>
@@ -86,7 +90,8 @@ static std::string getPrettyTypeName(Qua<br>
/// Write information about the type state change to {@code os},<br>
/// return whether the note should be generated.<br>
static bool shouldGenerateNote(llvm::raw_string_ostream &os,<br>
- const RefVal *PrevT, const RefVal &CurrV,<br>
+ const RefVal *PrevT,<br>
+ const RefVal &CurrV,<br>
bool DeallocSent) {<br>
// Get the previous type state.<br>
RefVal PrevV = *PrevT;<br>
@@ -416,6 +421,11 @@ std::shared_ptr<PathDiagnosticPiece><br>
RefCountReportVisitor::VisitNode(const ExplodedNode *N,<br>
BugReporterContext &BRC, BugReport &BR) {<br>
<br>
+ const auto &BT = static_cast<const RefCountBug&>(BR.getBugType());<br>
+<br>
+ bool IsFreeUnowned = BT.getBugType() == RefCountBug::FreeNotOwned ||<br>
+ BT.getBugType() == RefCountBug::DeallocNotOwned;<br>
+<br>
const SourceManager &SM = BRC.getSourceManager();<br>
CallEventManager &CEMgr = BRC.getStateManager().getCallEventManager();<br>
if (auto CE = N->getLocationAs<CallExitBegin>())<br>
@@ -434,7 +444,8 @@ RefCountReportVisitor::VisitNode(const E<br>
const LocationContext *LCtx = N->getLocationContext();<br>
<br>
const RefVal* CurrT = getRefBinding(CurrSt, Sym);<br>
- if (!CurrT) return nullptr;<br>
+ if (!CurrT)<br>
+ return nullptr;<br>
<br>
const RefVal &CurrV = *CurrT;<br>
const RefVal *PrevT = getRefBinding(PrevSt, Sym);<br>
@@ -444,6 +455,12 @@ RefCountReportVisitor::VisitNode(const E<br>
std::string sbuf;<br>
llvm::raw_string_ostream os(sbuf);<br>
<br>
+ if (PrevT && IsFreeUnowned && CurrV.isNotOwned() && PrevT->isOwned()) {<br>
+ os << "Object is now not exclusively owned";<br>
+ auto Pos = PathDiagnosticLocation::create(N->getLocation(), SM);<br>
+ return std::make_shared<PathDiagnosticEventPiece>(Pos, os.str());<br>
+ }<br>
+<br>
// This is the allocation site since the previous node had no bindings<br>
// for this symbol.<br>
if (!PrevT) {<br>
@@ -490,9 +507,9 @@ RefCountReportVisitor::VisitNode(const E<br>
// program point<br>
bool DeallocSent = false;<br>
<br>
- if (N->getLocation().getTag() &&<br>
- N->getLocation().getTag()->getTagDescription().contains(<br>
- RetainCountChecker::DeallocTagDescription)) {<br>
+ const ProgramPointTag *Tag = N->getLocation().getTag();<br>
+ if (Tag && Tag->getTagDescription().contains(<br>
+ RetainCountChecker::DeallocTagDescription)) {<br>
// We only have summaries attached to nodes after evaluating CallExpr and<br>
// ObjCMessageExprs.<br>
const Stmt *S = N->getLocation().castAs<StmtPoint>().getStmt();<br>
<br>
Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountDiagnostics.h<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountDiagnostics.h?rev=351514&r1=351513&r2=351514&view=diff" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountDiagnostics.h?rev=351514&r1=351513&r2=351514&view=diff</a><br>
==============================================================================<br>
--- cfe/trunk/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountDiagnostics.h (original)<br>
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountDiagnostics.h Thu Jan 17 19:13:53 2019<br>
@@ -30,6 +30,7 @@ public:<br>
UseAfterRelease,<br>
ReleaseNotOwned,<br>
DeallocNotOwned,<br>
+ FreeNotOwned,<br>
OverAutorelease,<br>
ReturnNotOwnedForOwned,<br>
LeakWithinFunction,<br>
<br>
Modified: cfe/trunk/test/Analysis/osobject-retain-release.cpp<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/osobject-retain-release.cpp?rev=351514&r1=351513&r2=351514&view=diff" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/osobject-retain-release.cpp?rev=351514&r1=351513&r2=351514&view=diff</a><br>
==============================================================================<br>
--- cfe/trunk/test/Analysis/osobject-retain-release.cpp (original)<br>
+++ cfe/trunk/test/Analysis/osobject-retain-release.cpp Thu Jan 17 19:13:53 2019<br>
@@ -634,3 +634,13 @@ void test_ostypealloc_correct_diagnostic<br>
arr->release(); // expected-note{{Reference count decremented. The object now has a +1 retain count}}<br>
} // expected-note{{Object leaked: object allocated and stored into 'arr' is not referenced later in this execution path and has a retain count of +1}}<br>
// expected-warning@-1{{Potential leak of an object stored into 'arr'}}<br>
+<br>
+void escape_elsewhere(OSObject *obj);<br>
+<br>
+void test_free_on_escaped_object_diagnostics() {<br>
+ OSObject *obj = new OSObject; // expected-note{{Operator 'new' returns an OSObject of type 'OSObject' with a +1 retain count}}<br>
+ escape_elsewhere(obj); // expected-note{{Object is now not exclusively owned}}<br>
+ obj->free(); // expected-note{{'free' called on an object that may be referenced elsewhere}}<br>
+ // expected-warning@-1{{'free' called on an object that may be referenced elsewhere}}<br>
+}<br>
+<br>
<br>
<br>
_______________________________________________<br>
cfe-commits mailing list<br>
<a href="mailto:cfe-commits@lists.llvm.org" target="_blank">cfe-commits@lists.llvm.org</a><br>
<a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits" rel="noreferrer" target="_blank">http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits</a><br>
</blockquote></div>