[clang] [analyzer][NFC] Add tests for and refactor StackAddrEscapeChecker 1/3 (PR #105652)

Arseniy Zaostrovnykh via cfe-commits cfe-commits at lists.llvm.org
Tue Aug 27 05:38:30 PDT 2024


================
@@ -374,13 +395,13 @@ void StackAddrEscapeChecker::checkEndFunction(const ReturnStmt *RS,
 
     // Generate a report for this bug.
     const StringRef CommonSuffix =
-        "upon returning to the caller.  This will be a dangling reference";
+        " upon returning to the caller.  This will be a dangling reference";
----------------
necto wrote:

I found this style in a few other messages:

> Call to 'dispatch_once' uses the local variable 'once' for the predicate value.  Using such transient memory for the predicate is potentially dangerous.  Perhaps you intended to declare the variable as 'static'?

[link](https://github.com/llvm/llvm-project/blob/main/clang/test/Analysis/dispatch-once.m#L24)

> Object leaked: object allocated and stored into 'object' is returned from a function whose name ('CFGetRuleViolation') does not contain 'Copy' or 'Create'.  This violates the naming convention rules given in the Memory Management Guide for Core Foundation

[link](https://github.com/llvm/llvm-project/blob/main/clang/test/Analysis/retain-release-path-notes.m#L115C61-L115C316)

> The return value from the call to 'setuid' is not checked.  If an error occurs in 'setuid', the following code may execute with unexpected privileges

[link](https://github.com/llvm/llvm-project/blob/main/clang/test/Analysis/security-syntax-checks.m#L103)

> Function 'rand' is obsolete because it implements a poor random number generator.  Use 'arc4random' instead

[link](https://github.com/llvm/llvm-project/blob/main/clang/test/Analysis/security-syntax-checks.m#L138)

Overall, if lit-test messages stats is of any indication, it is pretty balanced:

    grep -R 'warning{.*\.  [A-Za-z]' clang/test/ | wc -l
    
-> 20 (double space after dot)
     
    grep -R 'warning{.*\. [A-Za-z]' clang/test/ | wc -l
    
-> 26 (single space after dot)

https://github.com/llvm/llvm-project/pull/105652


More information about the cfe-commits mailing list