[PATCH] D9040: [analyzer] Make realloc(ptr, 0) handling equivalent to malloc(0).
Антон Ярцев via cfe-commits
cfe-commits at lists.llvm.org
Tue Aug 25 15:13:17 PDT 2015
ayartsev added a comment.
Please review!
================
Comment at: lib/StaticAnalyzer/Checkers/MallocChecker.cpp:158
@@ +157,3 @@
+/// zero-allocated memory returned by 'realloc(ptr, 0)'.
+struct ReallocSizeZero {
+ void Profile(llvm::FoldingSetNodeID &ID) const {
----------------
zaks.anna wrote:
> This struct does not contain any fields. What's its purpose?
This struct is a flag that if attached indicates a zero-size reallocation. Improved class description in the updated patch.
================
Comment at: lib/StaticAnalyzer/Checkers/MallocChecker.cpp:524
@@ -511,2 +523,3 @@
REGISTER_MAP_WITH_PROGRAMSTATE(ReallocPairs, SymbolRef, ReallocPair)
+REGISTER_MAP_WITH_PROGRAMSTATE(ReallocSizeZeroFlag, SymbolRef, ReallocSizeZero)
----------------
zaks.anna wrote:
> Maybe you should use a set of SymbolRefs instead?
This may produce false-positives as you explained me in D8273. Here is a modified example from D8273:
```
if (b)
s= 10;
else
s = 0;
int *p = malloc(8);
int *q = realloc(p, s);
if (b)
*q = 1;
```
If the checker explores "realloc(p, s)" along the "s=0" path and add it to the set we'll get a false-positive along the "s=10" path later.
Included corresponding tests to the updated patch.
http://reviews.llvm.org/D9040
More information about the cfe-commits
mailing list