[cfe-dev] Query Regarding RetainCountChecker | Clang Static Analyzer
Malhar Thakkar via cfe-dev
cfe-dev at lists.llvm.org
Mon Jun 19 20:55:27 PDT 2017
Dear all,
Consider the following hypothetical test cases (using the Integer Set
Library objects and annotations) which is passed through the
RetainCountChecker.
*// Case 1*
*#define __isl_give **__attribute__((cf_returns_retained))*
*#define __isl_take __attribute__((cf_consumed))*
*// Declaration of isl_basic_map_cow(). Definition is in another .c file
and hence is not visible to the static analyzer.*
__isl_give isl_basic_map *isl_basic_map_cow(__isl_take isl_basic_map *bmap);
__isl_give isl_basic_map **foo*(__isl_take isl_basic_map *bmap) {
isl_basic_map *temp = bmap;
bmap = isl_basic_map_cow(bmap);
free(bmap);
return temp; *// Leak warning is raised for 'bmap' here.*
}
*// Case 2*
*#define __isl_give **__attribute__((cf_returns_retained))*
*#define __isl_take __attribute__((cf_consumed))*
*// Declaration of isl_basic_map_cow(). **Definition is in another .c file
and hence is not visible to the static analyzer.*
__isl_give isl_basic_map *isl_basic_map_cow(__isl_take isl_basic_map *bmap);
__isl_give isl_basic_map **foo*(__isl_take isl_basic_map *bmap) {
isl_basic_map *temp = bmap;
bmap = isl_basic_map_cow(bmap);
free(bmap);
return bmap; *// Use-after-free warning is raised for 'bmap' here.*
}
My question:
- Looking at the warnings raised in both the cases. could someone please
explain me why is a leak warning being raised in Case 1?
isl_basic_map_cow() returns an object with a +1 retain count which is then
freed.
Thank you.
Regards,
Malhar Thakkar
ᐧ
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20170620/f235baaf/attachment.html>
More information about the cfe-dev
mailing list