[clang] [analyzer] MallocChecker – Fix false positive leak for smart pointers in temporary objects (PR #152751)
Balazs Benics via cfe-commits
cfe-commits at lists.llvm.org
Sat Aug 9 07:11:01 PDT 2025
================
@@ -1096,6 +1100,41 @@ class StopTrackingCallback final : public SymbolVisitor {
return true;
}
};
+
+/// EscapeTrackedCallback - A SymbolVisitor that marks allocated symbols as
+/// escaped.
+///
+/// This visitor is used to suppress false positive leak reports when smart
+/// pointers are nested in temporary objects passed by value to functions. When
+/// the analyzer can't see the destructor calls for temporary objects, it may
+/// incorrectly report leaks for memory that will be properly freed by the smart
+/// pointer destructors.
+///
+/// The visitor traverses reachable symbols from a given set of memory regions
+/// (typically smart pointer field regions) and marks any allocated symbols as
+/// escaped. Escaped symbols are not reported as leaks by checkDeadSymbols.
+///
+/// Usage:
+/// auto Scan =
+/// State->scanReachableSymbols<EscapeTrackedCallback>(RootRegions);
+/// ProgramStateRef NewState = Scan.getState();
+/// if (NewState != State) C.addTransition(NewState);
+class EscapeTrackedCallback final : public SymbolVisitor {
----------------
steakhal wrote:
Its usually makes such APIs a lot easier to use if you keep the ctor private, and only expose a single static method which would internally create the visitor, do the visitation and finally just return the resulting State.
It could just take a `State` alongside a `ArrayRef<const MemRegion *>` root regions.
This could be used:
`State = EscapeTrackedRegionsReachableFrom(SmartPtrFieldRoots, State);`
There is no way it could be misused this way.
https://github.com/llvm/llvm-project/pull/152751
More information about the cfe-commits
mailing list