r198710 - [analyzer] Pointers escape into +[NSValue valueWithPointer:]...

Jordan Rose jordan_rose at apple.com
Tue Jan 7 13:39:49 PST 2014 

Author: jrose
Date: Tue Jan  7 15:39:48 2014
New Revision: 198710

URL: http://llvm.org/viewvc/llvm-project?rev=198710&view=rev
Log:
[analyzer] Pointers escape into +[NSValue valueWithPointer:]...

...even though the argument is declared "const void *", because this is
just a way to pass pointers around as objects. (Though NSData is often
a better one.)

PR18262

Modified:
    cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h
    cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
    cfe/trunk/lib/StaticAnalyzer/Core/CallEvent.cpp
    cfe/trunk/test/Analysis/Inputs/system-header-simulator-objc.h
    cfe/trunk/test/Analysis/malloc.m

Modified: cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h?rev=198710&r1=198709&r2=198710&view=diff
==============================================================================
--- cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h (original)
+++ cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h Tue Jan  7 15:39:48 2014
@@ -885,6 +885,8 @@ public:
 
   virtual RuntimeDefinition getRuntimeDefinition() const;
 
+  virtual bool argumentsMayEscape() const;
+
   virtual void getInitialStackFrameContents(const StackFrameContext *CalleeCtx,
                                             BindingsTy &Bindings) const;
 

Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp?rev=198710&r1=198709&r2=198710&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp Tue Jan  7 15:39:48 2014
@@ -1907,7 +1907,8 @@ bool MallocChecker::mayFreeAnyEscapedMem
     // that the pointers get freed by following the container itself.
     if (FirstSlot.startswith("addPointer") ||
         FirstSlot.startswith("insertPointer") ||
-        FirstSlot.startswith("replacePointer")) {
+        FirstSlot.startswith("replacePointer") ||
+        FirstSlot.equals("valueWithPointer")) {
       return true;
     }
 

Modified: cfe/trunk/lib/StaticAnalyzer/Core/CallEvent.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/CallEvent.cpp?rev=198710&r1=198709&r2=198710&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/CallEvent.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Core/CallEvent.cpp Tue Jan  7 15:39:48 2014
@@ -886,6 +886,17 @@ RuntimeDefinition ObjCMethodCall::getRun
   return RuntimeDefinition();
 }
 
+bool ObjCMethodCall::argumentsMayEscape() const {
+  if (isInSystemHeader() && !isInstanceMessage()) {
+    Selector Sel = getSelector();
+    if (Sel.getNumArgs() == 1 &&
+        Sel.getIdentifierInfoForSlot(0)->isStr("valueWithPointer"))
+      return true;
+  }
+
+  return CallEvent::argumentsMayEscape();
+}
+
 void ObjCMethodCall::getInitialStackFrameContents(
                                              const StackFrameContext *CalleeCtx,
                                              BindingsTy &Bindings) const {

Modified: cfe/trunk/test/Analysis/Inputs/system-header-simulator-objc.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/Inputs/system-header-simulator-objc.h?rev=198710&r1=198709&r2=198710&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/Inputs/system-header-simulator-objc.h (original)
+++ cfe/trunk/test/Analysis/Inputs/system-header-simulator-objc.h Tue Jan  7 15:39:48 2014
@@ -66,8 +66,11 @@ typedef struct {
 NSFastEnumerationState;
 @protocol NSFastEnumeration  - (NSUInteger)countByEnumeratingWithState:(NSFastEnumerationState *)state objects:(id *)stackbuf count:(NSUInteger)len;
 @end           @class NSString, NSDictionary;
- at interface NSValue : NSObject <NSCopying, NSCoding>  - (void)getValue:(void *)value;
- at end  @interface NSNumber : NSValue  - (char)charValue;
+ at interface NSValue : NSObject <NSCopying, NSCoding>
++ (NSValue *)valueWithPointer:(const void *)p;
+- (void)getValue:(void *)value;
+ at end
+ at interface NSNumber : NSValue  - (char)charValue;
 - (id)initWithInt:(int)value;
 @end   @class NSString;
 @interface NSArray : NSObject <NSCopying, NSMutableCopying, NSCoding, NSFastEnumeration>  - (NSUInteger)count;

Modified: cfe/trunk/test/Analysis/malloc.m
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/malloc.m?rev=198710&r1=198709&r2=198710&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/malloc.m (original)
+++ cfe/trunk/test/Analysis/malloc.m Tue Jan  7 15:39:48 2014
@@ -49,4 +49,9 @@ void _ArrayCreate() {
 void testNSDataTruePositiveLeak() {
   char *b = (char *)malloc(12);
   NSData *d = [[NSData alloc] initWithBytes: b length: 12]; // expected-warning {{Potential leak of memory pointed to by 'b'}}
+}
+
+id wrapInNSValue() {
+  void *buffer = malloc(4);
+  return [NSValue valueWithPointer:buffer]; // no-warning
 }
\ No newline at end of file

More information about the cfe-commits mailing list