[PATCH] [analyzer] Implementation of potential undefbehavior.ZeroAllocDereference checker.

Anna Zaks zaks.anna at gmail.com
Fri Mar 20 18:38:30 PDT 2015 

================
Comment at: lib/StaticAnalyzer/Checkers/MallocChecker.cpp:66
@@ -65,2 +65,3 @@
   unsigned K : 2; // Kind enum, but stored as a bitfield.
-  unsigned Family : 30; // Rest of 32-bit word, currently just an allocation 
+  unsigned ZeroAllocation : 1; // bool, true in case of a zero-size allocation.
+  unsigned Family : 29; // Rest of 32-bit word, currently just an allocation 
----------------
I think you could just fold it into the Kind, by adding AllocatedOfSizeZero or do we think that Relinquished or Escaped should be treated differently if they were zero allocated..?

================
Comment at: lib/StaticAnalyzer/Checkers/MallocChecker.cpp:844
@@ +843,3 @@
+// Performs a 0-sized allocations check.
+ProgramStateRef MallocChecker::ZeroAllocationCheck(CheckerContext &C,
+                                               const Expr *E,
----------------
"ProcessZeroAllocation" ? We are not checking anything here.

================
Comment at: lib/StaticAnalyzer/Checkers/MallocChecker.cpp:889
@@ +888,3 @@
+    const RefState *RS = State->get<RegionState>(Sym);
+    if (!RS || !RS->isAllocated())
+      return State;
----------------
It should not be possible to have non allocated symbol here.. Is it? Maybe we should assert?

================
Comment at: lib/StaticAnalyzer/Checkers/MallocChecker.cpp:1851
@@ +1850,3 @@
+      BT_UseZerroAllocated[*CheckKind].reset(new BugType(
+          CheckNames[*CheckKind], "Use zero allocated", "Memory Error"));
+
----------------
I's call this "Use of zero allocated" or "Zero allocation"

================
Comment at: lib/StaticAnalyzer/Checkers/MallocChecker.cpp:2302
@@ -2171,2 +2301,3 @@
   SymbolRef Sym = l.getLocSymbolInBase();
-  if (Sym)
+  const MemRegion *MR = l.getAsRegion()->StripCasts();
+
----------------
this seems unrelated to the patch. Can it be submitted separately with a testcase that it is trying to address?

http://reviews.llvm.org/D8273

EMAIL PREFERENCES
  http://reviews.llvm.org/settings/panel/emailpreferences/

More information about the cfe-commits mailing list