[cfe-commits] r105602 - in /cfe/trunk: lib/Checker/CMakeLists.txt lib/Checker/GRExprEngineExperimentalChecks.cpp lib/Checker/GRExprEngineInternalChecks.h lib/Checker/StackAddrLeakChecker.cpp test/Analysis/stackaddrleak.c

Zhongxing Xu xuzhongxing at gmail.com
Tue Jun 8 20:04:28 PDT 2010 

>
> +              // The variable is declared in the function scope which we
> are
> +              // leaving. Keeping this variable's address in a global
> variable
> +              // is dangerous.
> +              // FIXME: Currently VarRegion does not carry context
> information.
> +              // So we cannot tell if the local variable instance is in
> the
> +              // current stack frame.
>
>
> I don't think this is true.  I think you can look at the memory space of
> the VarRegion.  Is that not the case?
>
>
>From the memory space region of a VarRegion, we can only know if it's on the
stack or global. We can't know which CallStackFrame it is in. Consider code:

int *p;

void foo(int x) {
  if (x == 1) {
    p = &x;
    foo(2);
  }
}

void bar(void) {
  foo(1);
}

bar calls foo[1], foo calls foo[2]. When we leave the inner most call of
foo[2], the value of 'p' is still valid. We should only emit one warning for
this example. But now we emit two.

$ clang -cc1 -analyze -analyzer-check-objc-mem -analyzer-store region
-analyze-function bar -analyzer-inline-call
-analyzer-experimental-internal-checks stack2.c
stack2.c:6:5: warning: Stack address was saved into a global variable. This
is dangerous because the address will become invalid after returning from
the function.
    foo(2);
    ^~~~~~
stack2.c:4:3: warning: Stack address was saved into a global variable. This
is dangerous because the address will become invalid after returning from
the function.
  if (x == 1) {
  ^
2 warnings generated.

This also explains your questions above. I can't get the LocationContext
from MemRegionVal. I can only get their enclosing DeclContext and match the
DeclContext with the Decl of the LocationContext of the current program
point.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20100609/4d4dd716/attachment.html>

More information about the cfe-commits mailing list