[PATCH] D64680: [analyzer] MallocChecker: Prevent Integer Set Library false positives

Csaba Dabis via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Fri Jul 12 17:33:22 PDT 2019


Charusso added a comment.

In D64680#1584076 <https://reviews.llvm.org/D64680#1584076>, @NoQ wrote:

> Change of plans: let's suppress the warning when our `free()` is done within the function that has `__isl_take` in its definition. So, like, ascend the chain of location contexts and check your callers when you're about to mark the pointer as released. If any of the callers contain `__isl_take`, mark it as escaped instead.


I think if the `__isl_*` macro is in use it should be used in the immediate StackFrame. Btw: some magic happened and with the previous approach we did not suppress some reports, now we do. Thanks!



================
Comment at: clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp:56-58
+    // If this checker does not model the allocation.
+    DoNothing,
+    // Reference to allocated memory.
----------------
NoQ wrote:
> We already have `Escaped`, it's the same thing in practice.
It is more strict than `Escaped`, also it made for the purpose of `PSK_EscapeOther` to force out we lost the entire pointer and do not make false warnings of use-after-free.


================
Comment at: clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp:2937-2942
+  const Stmt *S = PathDiagnosticLocation::getStmt(N);
+
+  if (RS && RS->isDoNothing()) {
+    BR.markInvalid(getTag(), S);
+    return nullptr;
+  }
----------------
NoQ wrote:
> {F9551724}
I wanted to make it bulletproof, but your meme-proof is way more better.


CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D64680/new/

https://reviews.llvm.org/D64680





More information about the cfe-commits mailing list