[PATCH] [Static Analyzer] Fix false positive in Clang Static Analyzer

Karthik Bhat kv.bhat at samsung.com
Mon Dec 29 05:10:38 PST 2014


Hi jordan_rose, zaks.anna,

Hi All,
We are getting few false positive in our project when we use clang SA.
Consider the below code in mylib.c(library) and main.c -
In lib.c
  int* myFn(const int* v){
    int* k = v;
    return k;
  }

In main.c
  int* myFn(const int* v);

  int main() {
    int* p = (int*)malloc(sizeof(int));
    int* k = myFn(p);
    free(k);
    return 0;
  }

in the above code we don't have any memory leak as free(k) free's the memory allocated by malloc.But we get a false positive (memory leak by 'p') here. The problem seems to be that when we encorter myFn(p) which is a lib call we should have marked p as escaped but we dont seem to do so for malloced region for some reason. Any particular reason we only mark ConstPointerEscaped when it is from NewOrNewArrayFamily?
In this patch have modified the checkConstPointerEscape to mark const pointer as escaped even if it is a malloced region.

Please let me know if this is good to commit or if this check was not handled specifically for some reason. 
Awaiting your valuable inputs.

Thanks and Regards
Karthik Bhat

REPOSITORY
  rL LLVM

http://reviews.llvm.org/D6793

Files:
  lib/StaticAnalyzer/Checkers/MallocChecker.cpp
  test/Analysis/malloc.c
  test/Analysis/malloc.cpp

Index: lib/StaticAnalyzer/Checkers/MallocChecker.cpp
===================================================================
--- lib/StaticAnalyzer/Checkers/MallocChecker.cpp
+++ lib/StaticAnalyzer/Checkers/MallocChecker.cpp
@@ -2276,9 +2276,10 @@
   return true;
 }
 
-static bool checkIfNewOrNewArrayFamily(const RefState *RS) {
+static bool checkIfAllocatedFamily(const RefState *RS) {
   return (RS->getAllocationFamily() == AF_CXXNewArray ||
-          RS->getAllocationFamily() == AF_CXXNew);
+          RS->getAllocationFamily() == AF_CXXNew ||
+          RS->getAllocationFamily() == AF_Malloc);
 }
 
 ProgramStateRef MallocChecker::checkPointerEscape(ProgramStateRef State,
@@ -2293,7 +2294,7 @@
                                               const CallEvent *Call,
                                               PointerEscapeKind Kind) const {
   return checkPointerEscapeAux(State, Escaped, Call, Kind,
-                               &checkIfNewOrNewArrayFamily);
+                               &checkIfAllocatedFamily);
 }
 
 ProgramStateRef MallocChecker::checkPointerEscapeAux(ProgramStateRef State,
Index: test/Analysis/malloc.c
===================================================================
--- test/Analysis/malloc.c
+++ test/Analysis/malloc.c
@@ -1095,7 +1095,7 @@
 void r11160612_2() {
   char *x = malloc(12);
   const_ptr_and_callback(0, x, 12, 0);
-} // expected-warning {{leak}}
+}  // no - warning
 
 // Callback is passed to a function defined in a system header.
 void r11160612_4() {
@@ -1304,7 +1304,7 @@
 void testPassConstPointer() {
   char * string = malloc(sizeof(char)*10);
   passConstPtr(string);
-  return; // expected-warning {{leak}}
+  return;  //no-warning
 }
 
 void testPassConstPointerIndirectly() {
Index: test/Analysis/malloc.cpp
===================================================================
--- test/Analysis/malloc.cpp
+++ test/Analysis/malloc.cpp
@@ -34,7 +34,7 @@
 void r11160612_no_callback() {
   char *x = (char*)malloc(12);
   const_ptr_and_callback_def_param_null(0, x, 12);
-} // expected-warning{{leak}}
+} // no-warning
 
 // Test member function pointer.
 struct CanFreeMemory {
@@ -105,4 +105,4 @@
 void fooNested(const char* name) {
   char* getterName = strdup(name);
   appendWrapperNested(getterName); // no-warning
-}
\ No newline at end of file
+}

EMAIL PREFERENCES
  http://reviews.llvm.org/settings/panel/emailpreferences/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D6793.17667.patch
Type: text/x-patch
Size: 2323 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20141229/cf457645/attachment.bin>


More information about the llvm-commits mailing list