[PATCH] D71041: [analyzer][discussion] Talk about escapes

Artem Dergachev via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Wed Dec 4 19:01:06 PST 2019


NoQ added inline comments.


================
Comment at: clang/test/Analysis/fuchsia_handle.cpp:210
+  // Because of arrays, structs, the suggestion is to escape when whe no longer
+  // have any pointer to that symbolic region.
+  if (zx_channel_create(0, get_handle_address(), &sb))
----------------
NoQ wrote:
> This has nothing to do with symbolic regions. We can run into this problem even if it's a local variable in the current stack frame:
> ```lang=c++
> void foo() {
>   zx_handle_t sa, sb;
>   escape(&sb); // Escape *before* create!!
> 
>   zx_channel_create(0, &sa, &sb);
>   zx_handle_close(sa);
>   close_escaped();
> }
> ```
> 
> The solution that'll obviously work would be to keep track of all regions that escaped at least once, and then not even start tracking the handle if it's getting placed into a region that causes an escape when written into or has itself escaped before, but that sounds like a huge overkill.
> 
> Lemme think. This sounds vaguely familiar but i can't immediately recall what my thoughts were last time i thought about it.
`$ cat test.c`
```lang=c++
void manage(void **x);
void free_managed();

void foo() {
  void *x;
  manage(&x);
  x = malloc(1);
  free_managed();
}
```
`$ clang --analyze test.c`
```lang=c++
test.c:8:3: warning: Potential leak of memory pointed to by 'x'
  free_managed();
  ^~~~~~~~~~~~~~
1 warning generated.
```
Sigh.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D71041/new/

https://reviews.llvm.org/D71041





More information about the cfe-commits mailing list