[PATCH] D45149: MallocChecker, adding specific BSD calls

Sun Apr 1 14:36:04 PDT 2018

NoQ added a comment.

Nice, thanks.

================
Comment at: lib/StaticAnalyzer/Checkers/MallocChecker.cpp:662-676
     if (Family == AF_Malloc && CheckAlloc) {
       if (FunI == II_malloc || FunI == II_realloc || FunI == II_reallocf ||
           FunI == II_calloc || FunI == II_valloc || FunI == II_strdup ||
           FunI == II_win_strdup || FunI == II_strndup || FunI == II_wcsdup ||
           FunI == II_win_wcsdup || FunI == II_kmalloc ||
           FunI == II_g_malloc || FunI == II_g_malloc0 || 
           FunI == II_g_realloc || FunI == II_g_try_malloc || 
----------------
These lists are getting long, i guess they should be refactored into a simple `II` -> `Kind` pointer map lookup eventually.

================
Comment at: lib/StaticAnalyzer/Checkers/MallocChecker.cpp:890-891
       State = ProcessZeroAllocation(C, CE, 1, State);
-    } else if (FunI == II_free || FunI == II_g_free) {
+    } else if (FunI == II_recallocarray) {
+      State = CallocMem(C, CE, State, true);
+      State = ProcessZeroAllocation(C, CE, 0, State);
----------------
The moved array is not all zeros, just the new part, right? It should be more accurate to realloc() here. Not sure if we actually model realloc() by moving memory contents (at least, i'm sure we're not modeling it perfectly). If we simply invalidate the newly allocated region, it should be fine to simply re-use `ReallocMemAux()` here. If we try to mark the newly added bytes as uninitialized, then you might need to pass a flag to zero-initialize them instead.

Repository:
  rC Clang

https://reviews.llvm.org/D45149