[all-commits] [llvm/llvm-project] d6d84b: [analyzer] Handle builtin functions in MallocCheck...

NagyDonat via All-commits all-commits at lists.llvm.org
Tue Apr 16 01:41:48 PDT 2024 

  Branch: refs/heads/main
  Home:   https://github.com/llvm/llvm-project
  Commit: d6d84b5d1448e4f2e24b467a0abcf42fe9d543e9
      https://github.com/llvm/llvm-project/commit/d6d84b5d1448e4f2e24b467a0abcf42fe9d543e9
  Author: NagyDonat <donat.nagy at ericsson.com>
  Date:   2024-04-16 (Tue, 16 Apr 2024)

  Changed paths:
    M clang/lib/StaticAnalyzer/Checkers/BuiltinFunctionChecker.cpp
    M clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
    M clang/test/Analysis/Inputs/system-header-simulator-cxx.h
    M clang/test/Analysis/cxx-uninitialized-object-ptr-ref.cpp
    M clang/test/Analysis/exercise-ps.c
    M clang/test/Analysis/explain-svals.cpp
    A clang/test/Analysis/malloc-std-namespace.cpp
    M clang/test/Analysis/malloc.c
    M clang/test/Analysis/malloc.cpp
    M clang/test/Analysis/stack-addr-ps.c
    M clang/test/Analysis/stackaddrleak.c

  Log Message:
  -----------
  [analyzer] Handle builtin functions in MallocChecker (#88416)

This commit ensures that the `CallDescription`s in `MallocChecker` are
matched with the mode `CDM::CLibrary`, so:
- they don't match methods or functions within user-defined namespaces;
- they also match builtin variants of these functions (if any), so the
checker can model `__builtin_alloca()` like `alloca()`.

This change fixes https://github.com/llvm/llvm-project/issues/81597. New
tests were added to verify that `std::malloc` and `std::free` (from
`<cstdlib>`) are modeled, but a method that's named e.g. `free` isn't
confused with the memory release function.

The responsibility for modeling `__builtin_alloca` and
`__builtin_alloca_with_align` was moved from `BuiltinFunctionChecker` to
`MallocChecker`, to avoid buggy interactions between the checkers and
ensure that the builtin and non-builtin variants are handled by exactly
the same logic.

This change might be a step backwards for the users who don't have
`unix.Malloc` enabled; but I suspect that `__builtin_alloca()` is so
rare that it would be a waste of time to implement backwards
compatibility for them.

There were several test files that relied on `__builtin_alloca()` calls
to get an `AllocaRegion`, these were modified to enable `unix.Malloc`.
One of these files (cxx-uninitialized-object-ptr-ref.cpp) had some tests
that relied on the fact that `malloc()` was treated as a "black box" in
them, these were updated to use `calloc()` (to get initialized memory)
and `free()` (to avoid memory leak reports).

While I was developing this change, I found a very suspicious assert in
`MallocChecker`. As it isn't blocking the goals of this commit, I just
marked it with a FIXME, but I'll try to investigate and fix it in a
follow-up change.



To unsubscribe from these emails, change your notification settings at https://github.com/llvm/llvm-project/settings/notifications

More information about the All-commits mailing list