<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jul 11, 2017 at 4:48 AM, Devin Coughlin <span dir="ltr"><<a href="mailto:devin.coughlin@gmail.com" target="_blank">devin.coughlin@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="gmail-"><br>
> On Jul 10, 2017, at 6:26 AM, Malhar Thakkar via cfe-dev <<a href="mailto:cfe-dev@lists.llvm.org">cfe-dev@lists.llvm.org</a>> wrote:<br>
><br>
> Dear Dr. Alexandre,<br>
><br>
> The leak warning is raised by MallocChecker and not the RetainCountChecker (which performs reference counting).<br>
> Adding 'rc_ownership_trusted_<wbr>implementation' annotation to 'bar' and returning true (successfully evaluating 'bar') from evalCall() callback in RetainCountChecker prevents the analyzer from analyzing bar's body. This causes problems for the MallocChecker as it is unable to find a call to 'free' for the call to 'malloc' in foo().<br>
<br>
</span>How does allocation work in ISL?</blockquote><div>The internal mechanism is not made visible to the users. I believe allocation is performed by either isl_malloc_or_die(), isl_calloc_or_die() or isl_realloc_or_die(). Only the declarations of these functions are visible to the users/developers. </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Are data structures allocated through library-provided functions that create an instance of the data structure?</blockquote><div>Yes. </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Or does client code call malloc() directly? If the first, the library-provided allocations functions could also be annotated a trusted. Then, if these are annotated they won’t be inlined and the malloc checker won’t see the malloc site — so there won’t be a diagnostic about a leak.<br></blockquote><div>What I meant to say with my previous emails is using evalCall() for ISL works perfectly but say, if we want to generalize for other codebases written in C, evalCall() might not work. Find an example below to see why that might not work. </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<span class="gmail-"><br>
<br>
> Using evalCall(), we'll be able to suppress leak false positives raised in ISL due to obj_free(), obj_cow() and obj_copy(). Now, we want our solution (to suppress such false positives) to be as generalized as possible. By generalized, I mean using the same "trusted" annotation across different codebases.<br>
> However, this approach (using evalCall()) can't be generalized for other codebases in C as it's possible for some codebase to have code similar to the one mentioned in my previous email. Such a test-case will result in the MallocChecker raising false positives.<br>
<br>
</span>Can you give a specific example of the problem you are envisioning with evalCall()? Are you worried about other checkers wanting to also evaluate the call?<br>
<span class="gmail-HOEnZb"><font color="#888888"><br>
Devin</font></span></blockquote><div><br></div><div>Consider the following example which might constitute a small part of some hypothetical codebase in C.</div><div><br></div><div>Checking for 'rc_ownership_trusted_implementation' in evalCall() suppresses leak warnings raised by RetainCountChecker (along some path which assumes the predicate in the second 'if' branch of 'bar' to be true) but MallocChecker is unable to find a 'free' for the 'malloc' it has seen in 'foo' for r (as the analyzer doesn't analyze the body of 'bar' due to evalCall() performed in RetainCountChecker).</div><div><br></div><div>Hence, although evalCall() works perfectly for ISL, we may not be able to generalize it for other C codebases.</div><div> </div><div style="font-family:monospace;font-size:10.4px;color:rgb(51,51,51)"><b></b></div><div class="gmail_quote"></div></div><div><div class="hljs cpp" style="display:block;overflow-x:auto;padding:0.5em;color:rgb(51,51,51);background:rgb(248,248,248);font-family:monospace"><div class="gmail_quote"><div class="gmail_quote"><span style="color:rgb(31,113,153)">#</span><span class="hljs-meta-keyword" style="color:rgb(31,113,153);font-weight:bold">include</span><span style="color:rgb(31,113,153)"> </span><span class="hljs-meta-string" style="color:rgb(77,153,191)"><stdlib.h></span><br></div></div><div class="gmail_quote"><div class="gmail_quote"><span class="hljs-meta" style="color:rgb(31,113,153)">typedef struct</span></div><div class="gmail_quote"><span class="hljs-meta" style="color:rgb(31,113,153)">{</span></div><div class="gmail_quote"><span style="white-space:pre"><span class="hljs-meta" style="color:rgb(31,113,153)"> </span></span><span class="hljs-meta" style="color:rgb(31,113,153)">int ref_count;</span></div><div class="gmail_quote"><span class="hljs-meta" style="color:rgb(31,113,153)">} rc_struct;</span></div><div class="gmail_quote"><span class="hljs-meta" style="color:rgb(31,113,153)">void free(void *);</span></div><div class="gmail_quote"><br></div><div class="gmail_quote"><span class="hljs-meta" style="color:rgb(31,113,153)">__attribute__((annotate(<span class="hljs-string" style="color:rgb(136,0,0)">"rc_ownership_trusted_implementation"</span>))) rc_struct *bar(rc_struct *r) {</span></div><div class="gmail_quote"><span class="hljs-meta" style="color:rgb(31,113,153)"> if (!r)</span></div><div class="gmail_quote"><span class="hljs-meta" style="color:rgb(31,113,153)"> return NULL;</span></div><div class="gmail_quote"><br></div><div class="gmail_quote"><span class="hljs-meta" style="color:rgb(31,113,153)"> if (--r->ref_count > 0)</span></div><div class="gmail_quote"><span class="hljs-meta" style="color:rgb(31,113,153)"> return NULL;</span></div><div class="gmail_quote"><br></div><div class="gmail_quote"><span class="hljs-meta" style="color:rgb(31,113,153)"> free(r);</span></div><div class="gmail_quote"><span class="hljs-meta" style="color:rgb(31,113,153)"> return NULL;</span></div><div class="gmail_quote"><span class="hljs-meta" style="color:rgb(31,113,153)">}</span></div><div class="gmail_quote"><br></div><div class="gmail_quote"><span class="hljs-meta" style="color:rgb(31,113,153)">void foo() {</span></div><div class="gmail_quote"><span style="white-space:pre"><span class="hljs-meta" style="color:rgb(31,113,153)"> </span></span><span class="hljs-meta" style="color:rgb(31,113,153)">rc_struct *r = (rc_struct *)malloc(sizeof(rc_struct));</span></div><div class="gmail_quote"><span style="white-space:pre"><span class="hljs-meta" style="color:rgb(31,113,153)"> </span></span><span class="hljs-meta" style="color:rgb(31,113,153)">bar(r);</span></div><div class="gmail_quote"><span class="hljs-meta" style="color:rgb(31,113,153)">} // Leak warning raised for 'r' by MallocChecker.</span></div></div></div></div><br><div class="gmail_quote"><div class="gmail_quote"></div><br><div></div></div><br></div></div><div hspace="streak-pt-mark" style="max-height:1px"><img alt="" style="width:0px;max-height:0px;overflow:hidden" src="https://mailfoogae.appspot.com/t?sender=aY3MxM2IxMDMxQGlpdGguYWMuaW4%3D&type=zerocontent&guid=e307d79b-a04b-497f-bc55-43f0915316cc"><font color="#ffffff" size="1">ᐧ</font></div>