diff options
| author | Artem Dergachev <artem.dergachev@gmail.com> | 2018-01-18 00:44:41 +0000 |
|---|---|---|
| committer | Artem Dergachev <artem.dergachev@gmail.com> | 2018-01-18 00:44:41 +0000 |
| commit | 0c79eab03d5bd5b74ee6d30d663bdf4a07764a04 (patch) | |
| tree | 25afcccaf580c483bc5314f65a64e2ff094b133b | |
| parent | 5e27cce46729ab431da4e503c651763a0798e5a5 (diff) | |
| download | bcm5719-llvm-0c79eab03d5bd5b74ee6d30d663bdf4a07764a04.tar.gz bcm5719-llvm-0c79eab03d5bd5b74ee6d30d663bdf4a07764a04.zip | |
[analyzer] Suppress "this" pointer escape during construction.
Pointer escape event notifies checkers that a pointer can no longer be reliably
tracked by the analyzer. For example, if a pointer is passed into a function
that has no body available, or written into a global, MallocChecker would
no longer report memory leaks for such pointer.
In case of operator new() under -analyzer-config c++-allocator-inlining=true,
MallocChecker would start tracking the pointer allocated by operator new()
only to immediately meet a pointer escape event notifying the checker that the
pointer has escaped into a constructor (assuming that the body of the
constructor is not available) and immediately stop tracking it. Even though
it is theoretically possible for such constructor to put "this" into
a global container that would later be freed, we prefer to preserve the old
behavior of MallocChecker, i.e. a memory leak warning, in order to
be able to find any memory leaks in C++ at all. In fact, c++-allocator-inlining
*reduces* the amount of false positives coming from this-pointers escaping in
constructors, because it'd be able to inline constructors in some cases.
With other checkers working similarly, we simply suppress the escape event for
this-value of the constructor, regardless of analyzer options.
Differential Revision: https://reviews.llvm.org/D41797
rdar://problem/12180598
llvm-svn: 322795
| -rw-r--r-- | clang/lib/StaticAnalyzer/Core/CallEvent.cpp | 9 | ||||
| -rw-r--r-- | clang/test/Analysis/NewDeleteLeaks-PR19102.cpp | 1 |
2 files changed, 8 insertions, 2 deletions
diff --git a/clang/lib/StaticAnalyzer/Core/CallEvent.cpp b/clang/lib/StaticAnalyzer/Core/CallEvent.cpp index 776369be9db..76b9630c3b5 100644 --- a/clang/lib/StaticAnalyzer/Core/CallEvent.cpp +++ b/clang/lib/StaticAnalyzer/Core/CallEvent.cpp @@ -672,8 +672,13 @@ SVal CXXConstructorCall::getCXXThisVal() const { void CXXConstructorCall::getExtraInvalidatedValues(ValueList &Values, RegionAndSymbolInvalidationTraits *ETraits) const { - if (Data) - Values.push_back(loc::MemRegionVal(static_cast<const MemRegion *>(Data))); + if (Data) { + loc::MemRegionVal MV(static_cast<const MemRegion *>(Data)); + if (SymbolRef Sym = MV.getAsSymbol(true)) + ETraits->setTrait(Sym, + RegionAndSymbolInvalidationTraits::TK_SuppressEscape); + Values.push_back(MV); + } } void CXXConstructorCall::getInitialStackFrameContents( diff --git a/clang/test/Analysis/NewDeleteLeaks-PR19102.cpp b/clang/test/Analysis/NewDeleteLeaks-PR19102.cpp index 502db6122f5..625b2d4b7af 100644 --- a/clang/test/Analysis/NewDeleteLeaks-PR19102.cpp +++ b/clang/test/Analysis/NewDeleteLeaks-PR19102.cpp @@ -1,4 +1,5 @@ // RUN: %clang_analyze_cc1 -analyzer-checker=core,cplusplus.NewDeleteLeaks -verify %s +// RUN: %clang_analyze_cc1 -analyzer-checker=core,cplusplus.NewDeleteLeaks -analyzer-config c++-allocator-inlining=true -verify %s class A0 {}; |
