[cfe-dev] [Static Analyzer] Retain count checker does not warn about parameters that might leak

Tobias Grosser via cfe-dev cfe-dev at lists.llvm.org
Wed Sep 7 16:25:22 PDT 2016 

Hi,

I have just been looking into using the clang analyzer retain counter to
check the use of a reference counting library we use as part of the LLVM
Polly project. This seems to work surprisingly well for now and most of
the basic (and not so basic) errors are correctly found. However, it
seems that function arguments are never considered as possibly leaking.
Here a small example:

struct obj;                                                              
typedef struct obj obj;                                                  
                                                                                 
#define ___give __attribute__((cf_returns_retained))                     
#define ___take __attribute__((cf_consumed))                             
#define ___take                          
                                                                                 
__give obj *alloc();
__give obj *obj_copy(___keep obj *o);                                    
void obj_free(___take obj *o);                                           
                                                                                 
void error_reported() {                                                  
  obj *o = alloc();                                                      
}                                                                        
                                                                                 
void leak_ignored(___take obj *o) {                                      
} 

For the function error_reported, the memory leak is correctly warned
about. However, for leak_ignored, no warning is issued. Is this behavior
correct or should the checker report a memory leak here as well?

For my use case, I would like that all function arguments passed with
__take (consumed) are required to be freed in the function (or passed
back as return value), whereas arguments passed as __keep (not consumed)
would need to be copied before they can be used as return value or
passed to any __isl_take function.

My feeling is that I can add this functionality easily by correctly
initializing the state of function arguments. However, as a newcomer to
the clang static analyzer I am not sure where to do this. Is
checkBeginFunction the right location (I fail to even find a way to
obtain the function we currently work on here) or are there more
specialized callbacks that are called when each of the functions
arguments is evaluated?

I probably need to dig deeper into this to make this happen, but as this
is likely a pretty trivial problem for our static analysis experts, I
wanted to check if anybody has some input or hints that might help me
here?

Best,
Tobias

More information about the cfe-dev mailing list