[cfe-commits] r150993 - in /cfe/trunk: lib/StaticAnalyzer/Checkers/MallocChecker.cpp test/Analysis/malloc-interprocedural.c
Anna Zaks
ganna at apple.com
Mon Feb 20 14:25:24 PST 2012
Author: zaks
Date: Mon Feb 20 16:25:23 2012
New Revision: 150993
URL: http://llvm.org/viewvc/llvm-project?rev=150993&view=rev
Log:
[analyzer] Make Malloc aware of inter-procedural execution + basic
tests.
Added:
cfe/trunk/test/Analysis/malloc-interprocedural.c
Modified:
cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp?rev=150993&r1=150992&r2=150993&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp Mon Feb 20 16:25:23 2012
@@ -827,6 +827,10 @@
ProgramStateRef state = C.getState();
RegionStateTy M = state->get<RegionState>();
+ // If inside inlined call, skip it.
+ if (C.getLocationContext()->getParent() != 0)
+ return;
+
for (RegionStateTy::iterator I = M.begin(), E = M.end(); I != E; ++I) {
RefState RS = I->second;
if (RS.isAllocated()) {
@@ -885,8 +889,9 @@
if (checkUseAfterFree(Sym, C, E))
return;
- // Check if the symbol is escaping.
- checkEscape(Sym, E, C);
+ // If this function body is not inlined, check if the symbol is escaping.
+ if (C.getLocationContext()->getParent() == 0)
+ checkEscape(Sym, E, C);
}
bool MallocChecker::checkUseAfterFree(SymbolRef Sym, CheckerContext &C,
Added: cfe/trunk/test/Analysis/malloc-interprocedural.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/malloc-interprocedural.c?rev=150993&view=auto
==============================================================================
--- cfe/trunk/test/Analysis/malloc-interprocedural.c (added)
+++ cfe/trunk/test/Analysis/malloc-interprocedural.c Mon Feb 20 16:25:23 2012
@@ -0,0 +1,54 @@
+// RUN: %clang_cc1 -analyze -analyzer-checker=unix.Malloc -analyzer-inline-call -analyzer-store=region -verify %s
+
+#include "system-header-simulator.h"
+
+typedef __typeof(sizeof(int)) size_t;
+void *malloc(size_t);
+void *valloc(size_t);
+void free(void *);
+void *realloc(void *ptr, size_t size);
+void *reallocf(void *ptr, size_t size);
+void *calloc(size_t nmemb, size_t size);
+extern void exit(int) __attribute__ ((__noreturn__));
+
+static void my_malloc1(void **d, size_t size) {
+ *d = malloc(size);
+}
+
+static void *my_malloc2(int elevel, size_t size) {
+ void *data;
+ data = malloc(size);
+ if (data == 0)
+ exit(0);
+ return data;
+}
+
+static void my_free1(void *p) {
+ free(p);
+}
+
+static void test1() {
+ void *data = 0;
+ my_malloc1(&data, 4); // expected-warning {{Memory is never released; potential memory leak}}
+}
+
+static void test2() {
+ void * data = my_malloc2(1, 4);
+ data = my_malloc2(1, 4);// expected-warning {{Memory is never released; potential memory leak}}
+}
+
+static void test3() {
+ void *data = my_malloc2(1, 4);
+ free(data);
+ data = my_malloc2(1, 4);
+ free(data);
+}
+
+int test4() {
+ int *data = (int*)my_malloc2(1, 4);
+ my_free1(data);
+ data = (int *)my_malloc2(1, 4);
+ my_free1(data);
+ return *data; // expected-warning {{Use of memory after it is freed}}
+}
+
More information about the cfe-commits
mailing list