[clang] [analyzer] Add an ownership change visitor to StreamChecker (PR #94957)
Balazs Benics via cfe-commits
cfe-commits at lists.llvm.org
Tue Jun 11 08:48:11 PDT 2024
=?utf-8?q?Kristóf?= Umann <dkszelethus at gmail.com>,
=?utf-8?q?Kristóf?= Umann <dkszelethus at gmail.com>,
=?utf-8?q?Kristóf?= Umann <dkszelethus at gmail.com>
Message-ID:
In-Reply-To: <llvm.org/llvm/llvm-project/pull/94957 at github.com>
================
@@ -696,6 +730,69 @@ struct StreamOperationEvaluator {
} // end anonymous namespace
+//===----------------------------------------------------------------------===//
+// Definition of NoStreamStateChangeVisitor.
+//===----------------------------------------------------------------------===//
+
+namespace {
+class NoStreamStateChangeVisitor final : public NoOwnershipChangeVisitor {
+protected:
+ /// Syntactically checks whether the callee is a freeing function. Since
+ /// we have no path-sensitive information on this call (we would need a
+ /// CallEvent instead of a CallExpr for that), its possible that a
+ /// freeing function was called indirectly through a function pointer,
+ /// but we are not able to tell, so this is a best effort analysis.
+ bool isFreeingCallAsWritten(const CallExpr &Call) const {
+ const auto *StreamChk = static_cast<const StreamChecker *>(&Checker);
+ if (StreamChk->FCloseDesc.matchesAsWritten(Call))
+ return true;
+
+ return false;
+ }
+
+ bool doesFnIntendToHandleOwnership(const Decl *Callee,
+ ASTContext &ACtx) override {
+ using namespace clang::ast_matchers;
+ const FunctionDecl *FD = dyn_cast<FunctionDecl>(Callee);
+
+ auto Matches =
+ match(findAll(callExpr().bind("call")), *FD->getBody(), ACtx);
+ for (BoundNodes Match : Matches) {
+ if (const auto *Call = Match.getNodeAs<CallExpr>("call"))
+ if (isFreeingCallAsWritten(*Call))
+ return true;
+ }
----------------
steakhal wrote:
Couldn't we rely on the CallGraph for determining this?
My problem with the approach that it only looks at direct callees of the given function.
What if we have the "freeing" function wrapped by some other function?
-- I guess, then we eventually get there and that's gonna be the direct callee. So it will only affect the place of the new note - which makes sense.
I guess I already answered my question :D
No actions expected.
https://github.com/llvm/llvm-project/pull/94957
More information about the cfe-commits
mailing list