[cfe-commits] r164276 - in /cfe/trunk: lib/StaticAnalyzer/Checkers/MallocChecker.cpp test/Analysis/malloc-interprocedural.c
Jordan Rose
jordan_rose at apple.com
Wed Sep 19 18:55:32 PDT 2012
Author: jrose
Date: Wed Sep 19 20:55:32 2012
New Revision: 164276
URL: http://llvm.org/viewvc/llvm-project?rev=164276&view=rev
Log:
[analyzer] MallocChecker should not do post-call checks on inlined functions.
If someone provides their own function called 'strdup', or 'reallocf', or
even 'malloc', and we inlined it, the inlining should have given us all the
malloc-related information we need. If we then try to attach new information
to the return value, we could end up with spurious warnings.
<rdar://problem/12317671>
Modified:
cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
cfe/trunk/test/Analysis/malloc-interprocedural.c
Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp?rev=164276&r1=164275&r2=164276&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp Wed Sep 19 20:55:32 2012
@@ -442,6 +442,9 @@
}
void MallocChecker::checkPostStmt(const CallExpr *CE, CheckerContext &C) const {
+ if (C.wasInlined)
+ return;
+
const FunctionDecl *FD = C.getCalleeDecl(CE);
if (!FD)
return;
Modified: cfe/trunk/test/Analysis/malloc-interprocedural.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/malloc-interprocedural.c?rev=164276&r1=164275&r2=164276&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/malloc-interprocedural.c (original)
+++ cfe/trunk/test/Analysis/malloc-interprocedural.c Wed Sep 19 20:55:32 2012
@@ -1,4 +1,4 @@
-// RUN: %clang_cc1 -analyze -analyzer-checker=unix.Malloc -analyzer-inline-max-stack-depth=5 -analyzer-inline-max-function-size=6 -verify %s
+// RUN: %clang_cc1 -analyze -analyzer-checker=unix.Malloc -analyzer-inline-max-stack-depth=5 -verify %s
#include "Inputs/system-header-simulator.h"
@@ -9,7 +9,10 @@
void *realloc(void *ptr, size_t size);
void *reallocf(void *ptr, size_t size);
void *calloc(size_t nmemb, size_t size);
-extern void exit(int) __attribute__ ((__noreturn__));
+
+void exit(int) __attribute__ ((__noreturn__));
+void *memcpy(void * restrict s1, const void * restrict s2, size_t n);
+size_t strlen(const char *);
static void my_malloc1(void **d, size_t size) {
*d = malloc(size);
@@ -96,3 +99,34 @@
fooWithEmptyReturn(12);
return *x; // expected-warning {{Use of memory after it is freed}}
}
+
+
+// If we inline any of the malloc-family functions, the checker shouldn't also
+// try to do additional modeling. <rdar://problem/12317671>
+char *strndup(const char *str, size_t n) {
+ if (!str)
+ return 0;
+
+ // DO NOT FIX. This is to test that we are actually using the inlined
+ // behavior!
+ if (n < 5)
+ return 0;
+
+ size_t length = strlen(str);
+ if (length < n)
+ n = length;
+
+ char *result = malloc(n + 1);
+ memcpy(result, str, n);
+ result[n] = '\0';
+ return result;
+}
+
+void useStrndup(size_t n) {
+ if (n == 0)
+ (void)strndup(0, 20); // no-warning
+ else if (n < 5)
+ (void)strndup("hi there", n); // no-warning
+ else
+ (void)strndup("hi there", n); // expected-warning{{leak}}
+}
More information about the cfe-commits
mailing list