[PATCH] [analyzer] Detect use-after-free scenarios in -dealloc after calling [super dealloc]

Anna Zaks zaks.anna at gmail.com
Thu Sep 4 22:34:07 PDT 2014


I agree with Jordan. We would probably want to create a path sensitive check here instead of using the matchers. Another advantage would be that you would get inter procedural analysis (within the same translation unit), so if the dealloc delegates the deallocation to another method whose implementation is within the same TU, you would get the checking as if the callee has been inlined.

(I am not sure if you watched our presentation about writing path sensitive checkers. If not, I highly recommend it. It's called Building a Checker in 24 hours http://www.llvm.org/devmtg/2012-11/)

http://reviews.llvm.org/D5042






More information about the cfe-commits mailing list