[cfe-commits] r159043 - in /cfe/trunk: lib/StaticAnalyzer/Checkers/MallocChecker.cpp test/Analysis/malloc.mm
Anna Zaks
ganna at apple.com
Fri Jun 22 21:56:45 PDT 2012
We are more aggressive in our assumptions here - we assume that the functions will free the memory (indirectly, eventually ~ the memory gets relinquished) and report use-after-free if someone tries to free it after it. Elsewhere, we just stop tracking. I am not sure if it's OK to assume that every ObjC method ending with NoCopy will definitely free. Do you disagree?
Thanks,
Anna.
On Jun 22, 2012, at 7:50 PM, Jordan Rose wrote:
> Can we just go with the same NoCopy convention we have for functions, e.g. anything that ends in "NoCopy" might free memory?
>
>
> On Jun 22, 2012, at 3:42 PM, Anna Zaks wrote:
>
>> Author: zaks
>> Date: Fri Jun 22 17:42:30 2012
>> New Revision: 159043
>>
>> URL: http://llvm.org/viewvc/llvm-project?rev=159043&view=rev
>> Log:
>> [analyzer] Teach malloc checker that initWith[Bytes|Characters}NoCopy
>> relinquish memory.
>>
>> Modified:
>> cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
>> cfe/trunk/test/Analysis/malloc.mm
>>
>> Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
>> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp?rev=159043&r1=159042&r2=159043&view=diff
>> ==============================================================================
>> --- cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp (original)
>> +++ cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp Fri Jun 22 17:42:30 2012
>> @@ -504,7 +504,9 @@
>> // Ex: [NSData dataWithBytesNoCopy:bytes length:10];
>> // Unless 'freeWhenDone' param set to 0.
>> // TODO: Check that the memory was allocated with malloc.
>> - if (S.getNameForSlot(0) == "dataWithBytesNoCopy" &&
>> + if ((S.getNameForSlot(0) == "dataWithBytesNoCopy" ||
>> + S.getNameForSlot(0) == "initWithBytesNoCopy" ||
>> + S.getNameForSlot(0) == "initWithCharactersNoCopy") &&
>> !isFreeWhenDoneSetToZero(Call, S)){
>> unsigned int argIdx = 0;
>> C.addTransition(FreeMemAux(C, Call.getArg(argIdx),
>>
>> Modified: cfe/trunk/test/Analysis/malloc.mm
>> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/malloc.mm?rev=159043&r1=159042&r2=159043&view=diff
>> ==============================================================================
>> --- cfe/trunk/test/Analysis/malloc.mm (original)
>> +++ cfe/trunk/test/Analysis/malloc.mm Fri Jun 22 17:42:30 2012
>> @@ -21,6 +21,16 @@
>> NSData *nsdata = [[NSData alloc] initWithBytesNoCopy:data length:dataLength freeWhenDone:1]; // no-warning
>> }
>>
>> +void testNSStringFreeWhenDoneYES3(NSUInteger dataLength) {
>> + unsigned char *data = (unsigned char *)malloc(42);
>> + NSString *nsstr = [[NSString alloc] initWithBytesNoCopy:data length:dataLength encoding:NSUTF8StringEncoding freeWhenDone:1];
>> +}
>> +
>> +void testNSStringFreeWhenDoneYES4(NSUInteger dataLength) {
>> + unichar *data = (unichar*)malloc(42);
>> + NSString *nsstr = [[NSString alloc] initWithCharactersNoCopy:data length:dataLength freeWhenDone:1];
>> + free(data); //expected-warning {{Attempt to free non-owned memory}}
>> +}
>>
>> void testNSStringFreeWhenDoneYES(NSUInteger dataLength) {
>> unsigned char *data = (unsigned char *)malloc(42);
>>
>>
>> _______________________________________________
>> cfe-commits mailing list
>> cfe-commits at cs.uiuc.edu
>> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
>
More information about the cfe-commits
mailing list