[cfe-dev] [Analyzer] Pointer escape vs. pointer invalidation on function call
Aleksei Sidorin via cfe-dev
cfe-dev at lists.llvm.org
Thu May 25 10:07:09 PDT 2017
Hi all,
I have some questions about CSA invalidation behaviour for the case
where some arguments can escape after call.
1. There is a condition in CallEvent::invalidateRegions():
if (!argumentsMayEscape())
findPtrToConstParams(PreserveArgs, *this);
The contents of PreserveArgs changed by findPtrToConstParams() is used
later for setting a special invalidation trait for its items:
TK_PreserveContents. But, as I understand, if some pointer passed to
function can escape, all the pointers passed to function get invalidated
independently on can they escape or not. Why we don't just filter the
escaping regions and invalidate them but invalidate all the pointers
instead?
2. For AnyFunctionCall, we think that void* arguments of can escape:
if (CallEvent::argumentsMayEscape() || hasVoidPointerToNonConstArg())
return true;
But because of (1), this means that all other pointers passed to such
function (including pointers to const) are invalidated. Checkers that
use argumentsMayEscape() method explicitly check that the call is
located in system header. So, should we move the check for system header
into argumentsMayEscape()? It looks like the commit that introduced this
behaviour was targeting system header functions only. And should we
avoid the invalidation of pointers to constant memory if some pointer
argument can escape?
--
Best regards,
Aleksei Sidorin,
SRR, Samsung Electronics
More information about the cfe-dev
mailing list