[clang] 9abf6d3 - [analyzer] [MallocChecker] Assume functions with `ownership_returns` return unknown memory (#110115)
via cfe-commits
cfe-commits at lists.llvm.org
Thu Sep 26 05:45:12 PDT 2024
Author: Pavel Skripkin
Date: 2024-09-26T15:45:08+03:00
New Revision: 9abf6d3506c7289e062836cb9f70a9eaa56bcb68
URL: https://github.com/llvm/llvm-project/commit/9abf6d3506c7289e062836cb9f70a9eaa56bcb68
DIFF: https://github.com/llvm/llvm-project/commit/9abf6d3506c7289e062836cb9f70a9eaa56bcb68.diff
LOG: [analyzer] [MallocChecker] Assume functions with `ownership_returns` return unknown memory (#110115)
There is no good way to tell CSA if function with `ownership_returns`
attribute returns initialized or not initialized memory. To make FP rate
lower, let's assume that memory returned from such functions is unknown
and do not reason about it.
In future it would be great to add a way to annotate such behavior
Added:
Modified:
clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
clang/test/Analysis/malloc-annotations.c
Removed:
################################################################################
diff --git a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
index 81ec8e1b516986..3e95db7e97fac8 100644
--- a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
@@ -1811,9 +1811,9 @@ MallocChecker::MallocMemReturnsAttr(CheckerContext &C, const CallEvent &Call,
if (!Att->args().empty()) {
return MallocMemAux(C, Call,
Call.getArgExpr(Att->args_begin()->getASTIndex()),
- UndefinedVal(), State, Family);
+ UnknownVal(), State, Family);
}
- return MallocMemAux(C, Call, UnknownVal(), UndefinedVal(), State, Family);
+ return MallocMemAux(C, Call, UnknownVal(), UnknownVal(), State, Family);
}
ProgramStateRef MallocChecker::MallocBindRetVal(CheckerContext &C,
diff --git a/clang/test/Analysis/malloc-annotations.c b/clang/test/Analysis/malloc-annotations.c
index c2fdf8a5641ae4..c601a0383d2210 100644
--- a/clang/test/Analysis/malloc-annotations.c
+++ b/clang/test/Analysis/malloc-annotations.c
@@ -3,6 +3,7 @@
// RUN: -analyzer-checker=alpha.deadcode.UnreachableCode \
// RUN: -analyzer-checker=alpha.core.CastSize \
// RUN: -analyzer-checker=unix.Malloc \
+// RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -analyzer-config unix.DynamicMemoryModeling:Optimistic=true %s
typedef __typeof(sizeof(int)) size_t;
@@ -23,6 +24,12 @@ void __attribute((ownership_holds(malloc, 1))) my_hold(void *);
void __attribute((ownership_holds(malloc, 1)))
__attribute((ownership_holds(malloc, 1)))
__attribute((ownership_holds(malloc, 3))) my_hold2(void *, void *, void *);
+
+__attribute((ownership_returns(user_malloc, 1))) void *user_malloc(size_t);
+__attribute((ownership_takes(user_malloc, 1))) void user_free(void *);
+
+void clang_analyzer_dump(int);
+
void *my_malloc3(size_t);
void *myglobalpointer;
struct stuff {
@@ -273,3 +280,10 @@ void testMultipleFreeAnnotations(void) {
my_freeBoth(p, q);
}
+void testNoUninitAttr(void) {
+ int *p = user_malloc(sizeof(int));
+ int read = p[0]; // no-warning
+ clang_analyzer_dump(p[0]); // expected-warning{{Unknown}}
+ user_free(p);
+}
+
More information about the cfe-commits
mailing list