[cfe-dev] Query Regarding RetainCountChecker | Clang Static Analyzer

Malhar Thakkar via cfe-dev cfe-dev at lists.llvm.org
Tue Jun 20 09:03:38 PDT 2017 

On Tue, Jun 20, 2017 at 9:30 PM, Artem Dergachev <noqnoqneo at gmail.com>
wrote:

> These warnings seem reasonable to me, because we can be certain that
> free() doesn't decrement reference counts - instead it frees the memory
> (release doesn't imply freeing the memory - something else may still
> retain). So `bmap' is freed but not released, therefore we have a warning
> from RetainCountChecker regarding a memory leak *and*, in case 2, a warning
> from MallocChecker regarding use-after-free.


Oh, I see. Thank you so much. :)

Regards,
Malhar

>
>
> On 6/20/17 6:55 AM, Malhar Thakkar via cfe-dev wrote:
>
>> Dear all,
>>
>> Consider the following hypothetical test cases (using the Integer Set
>> Library objects and annotations) which is passed through the
>> RetainCountChecker.
>>
>>
>> *// Case 1*
>> *#define __isl_give **__attribute__((cf_returns_retained))*
>> *#define __isl_take __attribute__((cf_consumed))*
>> *
>> *
>> *// Declaration of isl_basic_map_cow(). Definition is in another .c file
>> and hence is not visible to the static analyzer.*
>> __isl_give isl_basic_map *isl_basic_map_cow(__isl_take isl_basic_map
>> *bmap);
>>
>>
>> __isl_give isl_basic_map **foo*(__isl_take isl_basic_map *bmap) {
>> isl_basic_map *temp = bmap;
>> bmap = isl_basic_map_cow(bmap);
>> free(bmap);
>> return temp; *// Leak warning is raised for 'bmap' here.*
>> }
>>
>> *// Case 2*
>> *#define __isl_give **__attribute__((cf_returns_retained))*
>> *#define __isl_take __attribute__((cf_consumed))*
>> *
>> *
>> *// Declaration of isl_basic_map_cow(). **Definition is in another .c
>> file and hence is not visible to the static analyzer.*
>> __isl_give isl_basic_map *isl_basic_map_cow(__isl_take isl_basic_map
>> *bmap);
>>
>>
>> __isl_give isl_basic_map **foo*(__isl_take isl_basic_map *bmap) {
>> isl_basic_map *temp = bmap;
>> bmap = isl_basic_map_cow(bmap);
>> free(bmap);
>> return bmap; *// Use-after-free warning is raised for 'bmap' here.*
>> }
>>
>> My question:
>>
>>   * Looking at the warnings raised in both the cases. could someone
>>     please explain me why is a leak warning being raised in Case 1?
>>     isl_basic_map_cow() returns an object with a +1 retain count which
>>     is then freed.
>>
>>
>> Thank you.
>>
>>
>> Regards,
>> Malhar Thakkar
>>
>>>>
>>
>> _______________________________________________
>> cfe-dev mailing list
>> cfe-dev at lists.llvm.org
>> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
>>
>
>
ᐧ
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20170620/88042db6/attachment.html>

More information about the cfe-dev mailing list