r174468 - [analyzer]Revert part of r161511; suppresses leak false positives in C++

Anna Zaks ganna at apple.com
Tue Feb 5 16:01:14 PST 2013 

Author: zaks
Date: Tue Feb  5 18:01:14 2013
New Revision: 174468

URL: http://llvm.org/viewvc/llvm-project?rev=174468&view=rev
Log:
[analyzer]Revert part of r161511; suppresses leak false positives in C++

This is a "quick fix".

The underlining issue is that when a const pointer to a struct is passed
into a function, we do not invalidate the pointer fields. This results
in false positives that are common in C++ (since copy constructors are
prevalent). (Silences two llvm false positives.)

Modified:
    cfe/trunk/lib/StaticAnalyzer/Core/ExprEngine.cpp
    cfe/trunk/test/Analysis/malloc-annotations.c
    cfe/trunk/test/Analysis/malloc.c
    cfe/trunk/test/Analysis/malloc.cpp

Modified: cfe/trunk/lib/StaticAnalyzer/Core/ExprEngine.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/ExprEngine.cpp?rev=174468&r1=174467&r2=174468&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/ExprEngine.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Core/ExprEngine.cpp Tue Feb  5 18:01:14 2013
@@ -1627,6 +1627,12 @@ ProgramStateRef ExprEngine::processPoint
       if (StoredVal != Val)
         escapes = (State == (State->bindLoc(*regionLoc, Val)));
     }
+    if (!escapes) {
+      // Case 4: We do not currently model what happens when a symbol is
+      // assigned to a struct field, so be conservative here and let the symbol
+      // go. TODO: This could definitely be improved upon.
+      escapes = !isa<VarRegion>(regionLoc->getRegion());
+    }
   }
 
   // If our store can represent the binding and we aren't storing to something

Modified: cfe/trunk/test/Analysis/malloc-annotations.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/malloc-annotations.c?rev=174468&r1=174467&r2=174468&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/malloc-annotations.c (original)
+++ cfe/trunk/test/Analysis/malloc-annotations.c Tue Feb  5 18:01:14 2013
@@ -70,11 +70,6 @@ void af1_c() {
   myglobalpointer = my_malloc(12); // no-warning
 }
 
-void af1_d() {
-  struct stuff mystuff;
-  mystuff.somefield = my_malloc(12);
-} // expected-warning{{Memory is never released; potential leak}}
-
 // Test that we can pass out allocated memory via pointer-to-pointer.
 void af1_e(void **pp) {
   *pp = my_malloc(42); // no-warning
@@ -267,3 +262,14 @@ void testMultipleFreeAnnotations() {
   my_freeBoth(p, q);
 }
 
+// ----------------------------------------------------------------------------
+
+// False negatives.
+
+// Pending on removal of the escaping on assignment to struct fields.
+void af1_d() {
+  struct stuff mystuff;
+  mystuff.somefield = my_malloc(12);
+} // missing warning
+
+

Modified: cfe/trunk/test/Analysis/malloc.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/malloc.c?rev=174468&r1=174467&r2=174468&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/malloc.c (original)
+++ cfe/trunk/test/Analysis/malloc.c Tue Feb  5 18:01:14 2013
@@ -530,12 +530,6 @@ int *testMalloc3() {
   return y; // no-warning
 }
 
-void testStructLeak() {
-  StructWithPtr St;
-  St.memP = malloc(12);
-  return; // expected-warning {{Memory is never released; potential leak of memory pointed to by 'St.memP'}}
-}
-
 void testElemRegion1() {
   char *x = (void*)malloc(2);
   int *ix = (int*)x;
@@ -934,18 +928,6 @@ int cmpHeapAllocationToUnknown() {
   return 0;
 }
 
-void localArrayTest() {
-  char *p = (char*)malloc(12);
-  char *ArrayL[12];
-  ArrayL[0] = p;
-} // expected-warning {{leak}}
-
-void localStructTest() {
-  StructWithPtr St;
-  StructWithPtr *pSt = &St;
-  pSt->memP = malloc(12);
-} // expected-warning{{Memory is never released; potential leak}}
-
 #ifdef __INTPTR_TYPE__
 // Test double assignment through integers.
 typedef __INTPTR_TYPE__ intptr_t;
@@ -1053,3 +1035,25 @@ void testMallocWithParam(int **p) {
 void testMallocWithParam_2(int **p) {
   *p = (int*) malloc(sizeof(int));
 }
+
+// Pending on removal of the escaping on assignment to struct fields.
+void testStructLeak() {
+  StructWithPtr St;
+  St.memP = malloc(12);
+  return; // missing warning
+}
+
+void localArrayTest() {
+  char *p = (char*)malloc(12);
+  char *ArrayL[12];
+  ArrayL[0] = p;
+} // missing warning
+
+void localStructTest() {
+  StructWithPtr St;
+  StructWithPtr *pSt = &St;
+  pSt->memP = malloc(12);
+} // missing warning
+
+
+

Modified: cfe/trunk/test/Analysis/malloc.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/malloc.cpp?rev=174468&r1=174467&r2=174468&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/malloc.cpp (original)
+++ cfe/trunk/test/Analysis/malloc.cpp Tue Feb  5 18:01:14 2013
@@ -60,3 +60,10 @@ namespace PR13751 {
   }
 }
 
+struct X { void *a; };
+
+struct X get() {
+  struct X result;
+  result.a = malloc(4);
+  return result; // no-warning
+}

More information about the cfe-commits mailing list