[LLVMbugs] [Bug 12137] New: Add attribute annotations to indicate malloc transfer ownership to static analyzer

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Wed Feb 29 09:43:24 PST 2012 

http://llvm.org/bugs/show_bug.cgi?id=12137

             Bug #: 12137
           Summary: Add attribute annotations to indicate malloc transfer
                    ownership to static analyzer
           Product: clang
           Version: trunk
          Platform: Macintosh
        OS/Version: Windows XP
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: Static Analyzer
        AssignedTo: kremenek at apple.com
        ReportedBy: tjw at me.com
                CC: llvmbugs at cs.uiuc.edu
    Classification: Unclassified


Split off from <http://llvm.org/bugs/show_bug.cgi?id=12101>

There are several false positives indicated by the malloc/free static analyzer
checks where we are storing a malloc'd pointer in a data structure and then
later arranging for it to be freed.

For example, we allocate a context struct to pass to funopen() in
<https://github.com/omnigroup/OmniGroup/blob/master/Frameworks/OmniFoundation/CoreFoundationExtensions/CFData-OFFileIO.m>
and it is freed in the supplied 'close' callback. Likewise, we maintain
uniquing table in
<https://github.com/omnigroup/OmniGroup/blob/master/Frameworks/OmniFoundation/XML/OFXMLInternedStringTable.m>
with malloc'd blocks as the CFDictionary keys (and the key callback release
function frees them).

In both these cases, the system API we are calling has no malloc/free ownership
implications that should be considered the default. So, we should have
attributes that let us write helper functions to inform the static analyzer of
our intentions and let us hide the false positives.

One possible approach I mentioned in the previous bug was:

#if defined(__has_feature) &&
__has_feature(attribute_transfer_malloc_ownership)
#define OBTRANSFER_MALLOC_OWNERSHIP(argIndex)
__attribute__((transfer_malloc_ownership))
#else
#define OBTRANSFER_MALLOC_OWNERSHIP(argIndex)
#endif

static inline void *OBTransferMallocOwnership(void *ptr)
OBTRANSFER_MALLOC_OWNERSHIP(1); // First argument has malloc ownership
transfered
static inline void *OBTransferMallocOwnership(void *ptr)
{
    return ptr;
}


... and then in the CFData-OFFileIO.m example:


    FILE *f = funopen(OBTransferMallocOwnership(ctx), _CFData_readfn,
NULL/*writefn*/, _CFData_seekfn, _CFData_closefn);

Apparently there is a second experimental malloc/free checker that does have
annotations (unix.experimental.MallocWithAnnotations), so using those same
annotations may make sense (mentioned in
<http://comments.gmane.org/gmane.comp.compilers.clang.devel/9323>)

-- 
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the llvm-bugs mailing list