<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body><div><div style="font-family: Calibri,sans-serif; font-size: 11pt;">> Perhaps it would make sense to look at the Win32 headers for anything annotated with _Ret_notnull_, _Ret_maybenull_, _Ret_null_, or _Ret_valid_? IIRC, those are for functions that return allocated storage.<br><br>Ahh, that's actually really good idea! I'll also check for _Post_writable_byte_size_ (on malloc) which reminds me that I should add VirtualAlloc and friends to the list.<br><br>It'd be nice if we had a more generic mechanism for this.<br><br>Side note: The VirtualAlloc family of memory APIs are super hard to correctly check. It'd be unreasonably hard for anybody to write a checker for them without parsing the carefully written SAL in the headers. IIRC, even projects that aggressively test & audit their code don't get the virtual memory API usage correct without /analyze.<br><br><br><br><br>sent from my (stupid) windows phone</div></div><div dir="ltr"><hr><span style="font-family: Calibri,sans-serif; font-size: 11pt; font-weight: bold;">From: </span><span style="font-family: Calibri,sans-serif; font-size: 11pt;"><a href="mailto:aaron@aaronballman.com">Aaron Ballman</a></span><br><span style="font-family: Calibri,sans-serif; font-size: 11pt; font-weight: bold;">Sent: </span><span style="font-family: Calibri,sans-serif; font-size: 11pt;">3/8/2016 1:40 PM</span><br><span style="font-family: Calibri,sans-serif; font-size: 11pt; font-weight: bold;">To: </span><span style="font-family: Calibri,sans-serif; font-size: 11pt;"><a href="mailto:test35965@gmail.com"><Alexander G. Riccio></a></span><br><span style="font-family: Calibri,sans-serif; font-size: 11pt; font-weight: bold;">Cc: </span><span style="font-family: Calibri,sans-serif; font-size: 11pt;"><a href="mailto:cfe-dev@lists.llvm.org">cfe-dev</a></span><br><span style="font-family: Calibri,sans-serif; font-size: 11pt; font-weight: bold;">Subject: </span><span style="font-family: Calibri,sans-serif; font-size: 11pt;">Re: [cfe-dev] What memory-allocating functions should we check forleaks?</span><br><br></div>On Fri, Mar 4, 2016 at 5:17 PM, <Alexander G. Riccio> via cfe-dev<br><cfe-dev@lists.llvm.org> wrote:<br>><br>> As a continuation of D17688 (add MSVC variants of strdup to leak checks),<br>> I'm going to add a bunch of other Microsoft functions to the static<br>> analyzer. I'm also going to add tempnam, a cstdlib function that returns a<br>> pointer to memory that must be manually freed.<br>><br>> What other functions should I add?<br>><br>><br>> Currently, I'm going to add:<br>><br>> _free_dbg<br>> _malloc_dbg<br>> _realloc_dbg<br>> _recalloc_dbg<br>> _calloc_dbg<br>> _strdup_dbg<br>> _wcsdup_dbg<br>> _mbsdup<br>> _mbsdup_dbg<br>> tempnam<br>> _tempnam<br>> _tempnam_dbg<br>> _wtempnam<br>> _wtempnam_dbg<br><br>These seem like a good start. The other function you list below would<br>also be nice to provide analysis for eventually. I don't see anything<br>missing from your list that immediately jumps out to me. Perhaps it<br>would make sense to look at the Win32 headers for anything annotated<br>with _Ret_notnull_, _Ret_maybenull_, _Ret_null_, or _Ret_valid_? IIRC,<br>those are for functions that return allocated storage.<br><br>~Aaron<br><br>> A bunch of other functions that I'd like to add, but are non-trivial to add,<br>> so I'll hold off on them for now:<br>><br>> Aligned functions (I think that you're not supposed to mix them with their<br>> non-aligned variants)<br>><br>> _aligned_free<br>> _aligned_free_dbg<br>> _aligned_malloc<br>> _aligned_malloc_dbg<br>> _aligned_msize<br>> _aligned_msize_dbg<br>> _aligned_offset_malloc<br>> _aligned_offset_malloc_dbg<br>> _aligned_offset_realloc<br>> _aligned_offset_realloc_dbg<br>> _aligned_offset_recalloc<br>> _aligned_offset_recalloc_dbg<br>> _aligned_realloc<br>> _aligned_realloc_dbg<br>> _aligned_recalloc<br>> _aligned_recalloc_dbg<br>><br>> Functions that should be freed with a function other than free:<br>><br>> _free_locale<br>><br>> _create_locale<br>> _wcreate_locale<br>><br>> Functions that only return dynamically allocated memory in certain<br>> conditions:<br>><br>> getcwd<br>> _getcwd<br>> _getcwd_dbg<br>> _wgetcwd<br>> _wgetcwd_dbg<br>> _getdcwd<br>> _getdcwd_dbg<br>> _wgetdcwd<br>> _wgetdcwd_dbg<br>> realpath<br>> _fullpath<br>> _fullpath_dbg<br>> _wfullpath<br>> _wfullpath_dbg<br>><br>> Functions that return dynamically allocated memory via an "_Out_"<br>> parameter*:<br>><br>> _dupenv_s<br>> _dupenv_s_dbg<br>> _wdupenv_s<br>> _wdupenv_s_dbg<br>><br>> Functions which may allocate stack or heap:<br>><br>> _malloca (must be freed with _freea)<br>><br>> Functions that return non-freeable memory, if passed NULL, but look like<br>> users should free them. These two are very weird, and therefore it might be<br>> very useful to check:<br>><br>> tmpnam<br>> _wtmpnam<br>><br>><br>> *for the SAL obsessed (like me) it's actually<br>> "_Outptr_result_buffer_maybenull_(*_BufferCount)<br>> _Outptr_result_maybenull_z_".<br>><br>> Sincerely,<br>> Alexander Riccio<br>> --<br>> "Change the world or go home."<br>> about.me/ariccio<br>><br>> If left to my own devices, I will build more.<br>> ⁂<br>><br>> _______________________________________________<br>> cfe-dev mailing list<br>> cfe-dev@lists.llvm.org<br>> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev<br>><br></body></html>