[cfe-commits] r158703 - in /cfe/trunk: lib/StaticAnalyzer/Checkers/MallocChecker.cpp test/Analysis/malloc.mm test/Analysis/system-header-simulator-objc.h
Anna Zaks
ganna at apple.com
Mon Jun 18 22:10:32 PDT 2012
Author: zaks
Date: Tue Jun 19 00:10:32 2012
New Revision: 158703
URL: http://llvm.org/viewvc/llvm-project?rev=158703&view=rev
Log:
[analyzer] Allow pointers to escape into NSPointerArray.
(Fixes radar://11691035 PR13140)
Modified:
cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
cfe/trunk/test/Analysis/malloc.mm
cfe/trunk/test/Analysis/system-header-simulator-objc.h
Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp?rev=158703&r1=158702&r2=158703&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp Tue Jun 19 00:10:32 2012
@@ -1384,6 +1384,16 @@
return false;
}
+ // If the first selector starts with addPointer, insertPointer,
+ // or replacePointer, assume we are dealing with NSPointerArray or similar.
+ // This is similar to C++ containers (vector); we still might want to check
+ // that the pointers get freed, by following the container itself.
+ if (S.getNameForSlot(0).startswith("addPointer") ||
+ S.getNameForSlot(0).startswith("insertPointer") ||
+ S.getNameForSlot(0).startswith("replacePointer")) {
+ return false;
+ }
+
// If the call has a callback as an argument, assume the memory
// can be freed.
if (Call->hasNonZeroCallbackArg())
Modified: cfe/trunk/test/Analysis/malloc.mm
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/malloc.mm?rev=158703&r1=158702&r2=158703&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/malloc.mm (original)
+++ cfe/trunk/test/Analysis/malloc.mm Tue Jun 19 00:10:32 2012
@@ -178,4 +178,27 @@
void testCallWithBlockCallbackInSystem() {
void *l = malloc(12);
SystemHeaderFunctionWithBlockParam(l, ^(void *i) { free(i); }, sizeof(char *));
+}
+
+// Test escape into NSPointerArray. radar://11691035, PR13140
+void foo(NSPointerArray* pointerArray) {
+
+ void* p1 = malloc (1024);
+ if (p1) {
+ [pointerArray addPointer:p1];
+ }
+
+ void* p2 = malloc (1024);
+ if (p2) {
+ [pointerArray insertPointer:p2 atIndex:1];
+ }
+
+ void* p3 = malloc (1024);
+ if (p3) {
+ [pointerArray replacePointerAtIndex:1 withPointer:p3];
+ }
+
+ // Freeing the buffer is allowed.
+ void* buffer = [pointerArray pointerAtIndex:0];
+ free(buffer);
}
\ No newline at end of file
Modified: cfe/trunk/test/Analysis/system-header-simulator-objc.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/system-header-simulator-objc.h?rev=158703&r1=158702&r2=158703&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/system-header-simulator-objc.h (original)
+++ cfe/trunk/test/Analysis/system-header-simulator-objc.h Tue Jun 19 00:10:32 2012
@@ -114,3 +114,11 @@
extern void CFStringAppend(CFMutableStringRef theString, CFStringRef appendedString);
void SystemHeaderFunctionWithBlockParam(void *, void (^block)(void *), unsigned);
+
+ at interface NSPointerArray : NSObject <NSFastEnumeration, NSCopying, NSCoding>
+- (void)addPointer:(void *)pointer;
+- (void)insertPointer:(void *)item atIndex:(NSUInteger)index;
+- (void)replacePointerAtIndex:(NSUInteger)index withPointer:(void *)item;
+- (void *)pointerAtIndex:(NSUInteger)index;
+ at end
+
More information about the cfe-commits
mailing list