[llvm-bugs] [Bug 30756] New: Bug (memory leak) detected with maxloop=4 is undetected for maxloop > 4

via llvm-bugs llvm-bugs at lists.llvm.org
Fri Oct 21 01:23:50 PDT 2016 

https://llvm.org/bugs/show_bug.cgi?id=30756

            Bug ID: 30756
           Summary: Bug (memory leak) detected with maxloop=4 is
                    undetected for maxloop > 4
           Product: clang
           Version: 3.9
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: Static Analyzer
          Assignee: kremenek at apple.com
          Reporter: mishugj at gmail.com
                CC: llvm-bugs at lists.llvm.org
    Classification: Unclassified

Created attachment 17472
  --> https://llvm.org/bugs/attachment.cgi?id=17472&action=edit
C file with memory leak

When running static analyzer against attached file, if using default maxloop
(4), a bug is detected (with incorrect location in report), but if running on
the same file with maxloop greater then 4 (tested with 20, 10, 5), the bug is
not detected.

My syste details:
$ uname -a
Linux harlequin 3.16.7-ckt11 #2 Thu Aug 20 08:44:53 UTC 2015 i686 GNU/Linux
$ cat /etc/debian_version 
8.6
$ apt-cache show clang-3.9 | grep Version
Version: 1:3.9~svn281634-1~exp1

Bug reproduction:
$ cat Makefile
.PHONY: clean

test.o: test.c
    $(CC) -O1 -c $^

clean:
    @rm -rf test.o
$ make clean && scan-build-3.9 -maxloop 4 make
scan-build: Using '/usr/lib/llvm-3.9/bin/clang' for static analysis
/usr/share/clang/scan-build-3.9/bin/../libexec/ccc-analyzer -O1 -c test.c
test.c:172:5: warning: Potential leak of memory pointed to by 'recycle_map'
    entries_free(entries);
    ^~~~~~~~~~~~
1 warning generated.
scan-build: 1 bug found.
scan-build: Run 'scan-view /tmp/scan-build-2016-10-21-081646-1919-1' to examine
bug reports.
$ make clean && scan-build-3.9 -maxloop 5 make
scan-build: Using '/usr/lib/llvm-3.9/bin/clang' for static analysis
/usr/share/clang/scan-build-3.9/bin/../libexec/ccc-analyzer -O1 -c test.c
scan-build: Removing directory '/tmp/scan-build-2016-10-21-081719-1936-1'
because it contains no reports.
scan-build: No bugs found.

My expectation is that by increasing maximum loop count, the static analyzer
would try harder in finding bugs (at the cost of more memory & time). It would
also be expected that a possible bug detected with an lower loop limit be
invalidated when having a bigger loop limit (which would allow for more
analysis to prune suspects as unlikely). Yet, the bug reported above at maximum
loop 4 is a REAL bug (there IS a memory leak), so no amount of maximum loop
increasing should make clang static analyzer discard it (if it was already able
to detect it with maxloop 4).

Also, notice that the reporting when the bug is detected (maxloop 4) is
unexpected -- the memory leak is in indeed recycle_map but the location of the
error is wrong.

Note: The test file is as minimized as possible (for me). I removed most
standard headers (except <assert.h>) to reduce system dependence in triggering
this bug. I've tried to remove some more seemingly unrelated functionality but
doing so failed to reproduce the bug.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20161021/4612dc71/attachment.html>

More information about the llvm-bugs mailing list