[PATCH] [analyzer] Implementation of potential undefbehavior.ZeroAllocDereference checker.

Антон Ярцев anton.yartsev at gmail.com
Sat Mar 21 06:32:30 PDT 2015 

Thanks for review!


================
Comment at: lib/StaticAnalyzer/Checkers/MallocChecker.cpp:66
@@ -65,2 +65,3 @@
   unsigned K : 2; // Kind enum, but stored as a bitfield.
-  unsigned Family : 30; // Rest of 32-bit word, currently just an allocation 
+  unsigned ZeroAllocation : 1; // bool, true in case of a zero-size allocation.
+  unsigned Family : 29; // Rest of 32-bit word, currently just an allocation 
----------------
zaks.anna wrote:
> I think you could just fold it into the Kind, by adding AllocatedOfSizeZero or do we think that Relinquished or Escaped should be treated differently if they were zero allocated..?
Implemented with a new AllocatedOfSizeZero kind. Theoretically Relinquished may be treated differently if we would like to track usage of zero-allocated memory after relinquish but there are no cases yet.

================
Comment at: lib/StaticAnalyzer/Checkers/MallocChecker.cpp:844
@@ +843,3 @@
+// Performs a 0-sized allocations check.
+ProgramStateRef MallocChecker::ZeroAllocationCheck(CheckerContext &C,
+                                               const Expr *E,
----------------
zaks.anna wrote:
> "ProcessZeroAllocation" ? We are not checking anything here.
Fixed!

================
Comment at: lib/StaticAnalyzer/Checkers/MallocChecker.cpp:889
@@ +888,3 @@
+    const RefState *RS = State->get<RegionState>(Sym);
+    if (!RS || !RS->isAllocated())
+      return State;
----------------
zaks.anna wrote:
> It should not be possible to have non allocated symbol here.. Is it? Maybe we should assert?
Agree, done!

================
Comment at: lib/StaticAnalyzer/Checkers/MallocChecker.cpp:1851
@@ +1850,3 @@
+      BT_UseZerroAllocated[*CheckKind].reset(new BugType(
+          CheckNames[*CheckKind], "Use zero allocated", "Memory Error"));
+
----------------
zaks.anna wrote:
> I's call this "Use of zero allocated" or "Zero allocation"
Done!

================
Comment at: lib/StaticAnalyzer/Checkers/MallocChecker.cpp:2302
@@ -2171,2 +2301,3 @@
   SymbolRef Sym = l.getLocSymbolInBase();
-  if (Sym)
+  const MemRegion *MR = l.getAsRegion()->StripCasts();
+
----------------
zaks.anna wrote:
> this seems unrelated to the patch. Can it be submitted separately with a testcase that it is trying to address?
Cleaned.

http://reviews.llvm.org/D8273

EMAIL PREFERENCES
  http://reviews.llvm.org/settings/panel/emailpreferences/

More information about the cfe-commits mailing list