[cfe-dev] Prevent RetainCountChecker from Analyzing Function Bodies when They Have Certain Annotate Attribute

Malhar Thakkar via cfe-dev cfe-dev at lists.llvm.org
Tue Jul 11 05:02:27 PDT 2017 

On Tue, Jul 11, 2017 at 5:03 PM, Sven Verdoolaege <skimo-cfe at kotnet.org>
wrote:

> On Tue, Jul 11, 2017 at 10:33:06AM +0530, Malhar Thakkar wrote:
> > Hence, although evalCall() works perfectly for ISL, we may not be able to
> > generalize it for other C codebases.
>
> I think it's reasonable to assume that frameworks that shield off
> free for reference counting, would also shield off malloc
> in order to initialize the reference counting.
> Of course, this may just be a lack of imagination on my part.
> Do you have any examples of frameworks that could use your
> annotations where this is not the case?
>
Well, I haven't come across/thought of any such codebase which doesn't
shield off malloc which is why I created a hypothetical test case. Now that
you mention it, it does seem reasonable to assume that frameworks would
shield off malloc as well. Also, keeping MallocChecker aside, there are a
lot of other checkers which may create some issues if there are additional
side-effects (as Dr. Artem mentioned) in such annotated functions. However,
I guess it may be safe to assume that there are no such additional
side-effects in such "trusted" functions.

>
> skimo
>

Now, I was experimenting a bit more with evalCall-ing based on annotations
and although this works like a charm for functions of the type obj_free()
and obj_cow(), it is unable to avoid the problems created by obj_copy().
This is probably because of the lack of a core-foundation annotation which
is analogous to isl_keep.
Consider the following example.


#define __isl_give __attribute__((cf_returns_retained))
#define __isl_take __attribute__((cf_consumed))
#define __isl_null
#define __isl_keep
#define NULL 0

typedef struct
{
  int ref;
} isl_basic_map;

__isl_give isl_basic_map *isl_basic_map_cow(__isl_take isl_basic_map *bmap);
__isl_null isl_basic_map *isl_basic_map_free(__isl_take isl_basic_map
*bmap);

__attribute__((annotate("rc_ownership_trusted_implementation"))) __isl_give
isl_basic_map *isl_basic_map_copy(__isl_keep isl_basic_map *bmap)
{
  if (!bmap)
    return NULL;

  bmap->ref++;
  return bmap;
}

void
test_use_after_release_with_trusted_implementation_annotate_attribute(__isl_take
isl_basic_map *bmap) {
  bmap = isl_basic_map_cow(bmap);
  isl_basic_map *temp = isl_basic_map_cow(isl_basic_map_copy(bmap)); *//
Here, the analyzer states "Object released".*
  isl_basic_map *temp2 = isl_basic_map_cow(bmap); *// Use-after-release for
'bmap' raised here.*
  isl_basic_map_free(temp2);
  isl_basic_map_free(temp);
}

Hence, I need more clarity as to what assumptions the checker/analyzer
makes when it doesn't see any annotation associated with an object.


Regards,
Malhar



ᐧ
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20170711/87954df0/attachment.html>

More information about the cfe-dev mailing list