[clang] [NFC][analyzer][docs] Document MallocChecker's ownership attributes (PR #121759)
DonĂ¡t Nagy via cfe-commits
cfe-commits at lists.llvm.org
Mon Jan 6 05:08:06 PST 2025
================
@@ -1389,6 +1389,68 @@ Query for this attribute with ``__has_attribute(overloadable)``.
}];
}
+def OwnershipDocs : Documentation {
+ let Heading = "ownership_holds, ownership_returns, ownership_takes (Clang "
+ "Static Analyzer)";
+ let Category = DocCatFunction;
+ let Content = [{
+
+.. note::
+
+ In order for the Clang Static Analyzer to acknowledge these attributes, the
+ ``Optimistic`` config needs to be set to true for the checker
+ ``unix.DynamicMemoryModeling``:
+
+ ``-Xclang -analyzer-config -Xclang unix.DynamicMemoryModeling:Optimistic=true``
+
+These attributes are used by the Clang Static Analyzer's dynamic memory modeling
+facilities to mark custom allocating/deallocating functions.
+
+All 3 attributes' first parameter of type string is the type of the allocation:
+``malloc``, ``new``, etc. to allow for catching mismatched deallocation bugs to
+be found.
+
+* Use ``ownership_returns`` to mark a function as an allocating function. Takes
+ 1 parameter to denote the allocation type.
+* Use ``ownership_takes`` to mark a function as a deallocating function. Takes 2
+ parameters: the allocation type, and the index of the parameter that is being
+ deallocated (counting from 1).
+* Use ``ownership_holds`` to mark that a function takes over the ownership of a
+ piece of memory. The analyzer will assume that the memory is not leaked even
+ if it finds that the last pointer referencing it went out of scope (almost as
+ if it was freed). Takes 2 parameters: the allocation type, and the index of
+ the parameter whose ownership will be taken over (counting from 1).
----------------
NagyDonat wrote:
```suggestion
* Use ``ownership_holds`` to mark that a function takes over the ownership of a
piece of memory and will free it at some unspecified point in the future. Like
``ownership_takes``, this takes 2 parameters: the allocation type, and the
index of the parameter whose ownership will be taken over (counting from 1).
The annotations ``ownership_takes`` and ``ownership_holds`` both prevent memory
leak reports (concerning the specified argument); the difference between them
is that using taken memory is a use-after-free error, while using held memory
is assumed to be legitimate.
```
https://github.com/llvm/llvm-project/pull/121759
More information about the cfe-commits
mailing list