[cfe-commits] r136694 - in /cfe/trunk: lib/StaticAnalyzer/Checkers/Checkers.td lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp test/Analysis/keychainAPI.m

[Anna Zaks]

Author: zaks
Date: Tue Aug  2 12:11:03 2011
New Revision: 136694

URL: http://llvm.org/viewvc/llvm-project?rev=136694&view=rev
Log:
KeychainAPI checker: only check the paths on which the allocator function returned noErr. (+ minor cleanup)

Modified:
    cfe/trunk/lib/StaticAnalyzer/Checkers/Checkers.td
    cfe/trunk/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp
    cfe/trunk/test/Analysis/keychainAPI.m

Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/Checkers.td
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/Checkers.td?rev=136694&r1=136693&r2=136694&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Checkers/Checkers.td (original)
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/Checkers.td Tue Aug  2 12:11:03 2011
@@ -281,7 +281,7 @@
 let ParentPackage = OSXExperimental in {
 
 def MacOSKeychainAPIChecker : Checker<"KeychainAPI">,
-  InPackage<OSX>,
+  InPackage<OSXExperimental>,
   HelpText<"Check for proper uses of Secure Keychain APIs">,
   DescFile<"MacOSKeychainAPIChecker.cpp">;
 

Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp?rev=136694&r1=136693&r2=136694&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp Tue Aug  2 12:11:03 2011
@@ -119,10 +119,21 @@
   if (idx != InvalidParamVal) {
     SVal Param = State->getSVal(CE->getArg(idx));
     if (const loc::MemRegionVal *X = dyn_cast<loc::MemRegionVal>(&Param)) {
-      SymbolRef V = SM.Retrieve (State->getStore(), *X).getAsSymbol();
+      // Add the symbolic value, which represents the location of the allocated
+      // data, to the set.
+      SymbolRef V = SM.Retrieve(State->getStore(), *X).getAsSymbol();
       if (!V)
         return;
       State = State->add<AllocatedData>(V);
+
+      // We only need to track the value if the function returned noErr(0), so
+      // bind the return value of the function to 0.
+      SValBuilder &Builder = C.getSValBuilder();
+      SVal ZeroVal = Builder.makeZeroVal(Builder.getContext().CharTy);
+      State = State->BindExpr(CE, ZeroVal);
+      assert(State);
+
+      // Proceed from the new state.
       C.addTransition(State);
     }
   }

Modified: cfe/trunk/test/Analysis/keychainAPI.m
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/keychainAPI.m?rev=136694&r1=136693&r2=136694&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/keychainAPI.m (original)
+++ cfe/trunk/test/Analysis/keychainAPI.m Tue Aug  2 12:11:03 2011
@@ -65,7 +65,8 @@
   void *outData;
 
   st = SecKeychainItemCopyContent(2, ptr, ptr, &length, &outData);
-  SecKeychainItemFreeContent(ptr, outData);
+  if (st == noErr)
+    SecKeychainItemFreeContent(ptr, outData);
 
   return 0;
 }