diff options
| author | Anna Zaks <ganna@apple.com> | 2012-03-30 05:48:16 +0000 |
|---|---|---|
| committer | Anna Zaks <ganna@apple.com> | 2012-03-30 05:48:16 +0000 |
| commit | 90ab9bfa111fcf567a089ec35f232708466df647 (patch) | |
| tree | c64b8a97c2673daffe987b2bba10b76b07af40f9 | |
| parent | 54fd4a076695a480ca55f2c35444fc82842a5bc7 (diff) | |
| download | bcm5719-llvm-90ab9bfa111fcf567a089ec35f232708466df647.tar.gz bcm5719-llvm-90ab9bfa111fcf567a089ec35f232708466df647.zip | |
[analyzer]Malloc,RetainRelease: Allow pointer to escape via NSMapInsert.
Fixes a false positive (radar://11152419). The current solution of
adding the info into 3 places is quite ugly. Pending a generic pointer
escapes callback.
llvm-svn: 153731
| -rw-r--r-- | clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp | 5 | ||||
| -rw-r--r-- | clang/lib/StaticAnalyzer/Checkers/RetainCountChecker.cpp | 7 | ||||
| -rw-r--r-- | clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp | 4 | ||||
| -rw-r--r-- | clang/test/Analysis/malloc.mm | 19 | ||||
| -rw-r--r-- | clang/test/Analysis/retain-release.mm | 19 | ||||
| -rw-r--r-- | clang/test/Analysis/system-header-simulator-objc.h | 1 |
6 files changed, 55 insertions, 0 deletions
diff --git a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp index 7b9adb7c157..7456af23441 100644 --- a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp @@ -1262,6 +1262,11 @@ bool MallocChecker::doesNotFreeMemory(const CallOrObjCMessage *Call, return false; } + // Whitelist NSXXInsertXX, for example NSMapInsertIfAbsent, since they can + // be deallocated by NSMapRemove. + if (FName.startswith("NS") && (FName.find("Insert") != StringRef::npos)) + return false; + // Otherwise, assume that the function does not free memory. // Most system calls, do not free the memory. return true; diff --git a/clang/lib/StaticAnalyzer/Checkers/RetainCountChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/RetainCountChecker.cpp index a6d33ad2a0f..7fa6975478b 100644 --- a/clang/lib/StaticAnalyzer/Checkers/RetainCountChecker.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/RetainCountChecker.cpp @@ -993,6 +993,13 @@ const RetainSummary * RetainSummaryManager::getSummary(const FunctionDecl *FD) { // libdispatch finalizers. ScratchArgs = AF.add(ScratchArgs, 1, StopTracking); S = getPersistentSummary(RetEffect::MakeNoRet(), DoNothing, DoNothing); + } else if (FName.startswith("NS") && + (FName.find("Insert") != StringRef::npos)) { + // Whitelist NSXXInsertXX, for example NSMapInsertIfAbsent, since they can + // be deallocated by NSMapRemove. (radar://11152419) + ScratchArgs = AF.add(ScratchArgs, 1, StopTracking); + ScratchArgs = AF.add(ScratchArgs, 2, StopTracking); + S = getPersistentSummary(RetEffect::MakeNoRet(), DoNothing, DoNothing); } // Did we get a summary? diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp b/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp index fead0862fa8..16f5d0bb1a4 100644 --- a/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp +++ b/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp @@ -245,9 +245,13 @@ static void findPtrToConstParams(llvm::SmallSet<unsigned, 1> &PreserveArgs, // in buffer. // - Many CF containers allow objects to escape through custom // allocators/deallocators upon container construction. + // - NSXXInsertXX, for example NSMapInsertIfAbsent, since they can + // be deallocated by NSMapRemove. if (FName == "pthread_setspecific" || FName == "funopen" || FName.endswith("NoCopy") || + (FName.startswith("NS") && + (FName.find("Insert") != StringRef::npos)) || Call.isCFCGAllowingEscape(FName)) return; } diff --git a/clang/test/Analysis/malloc.mm b/clang/test/Analysis/malloc.mm index fe14edeedd1..d2409ac1609 100644 --- a/clang/test/Analysis/malloc.mm +++ b/clang/test/Analysis/malloc.mm @@ -106,6 +106,25 @@ void testBlocks() { myBlock(3); } +// Test NSMapInsert. +@interface NSMapTable : NSObject <NSCopying, NSCoding, NSFastEnumeration> +@end +extern void *NSMapGet(NSMapTable *table, const void *key); +extern void NSMapInsert(NSMapTable *table, const void *key, const void *value); +extern void NSMapInsertKnownAbsent(NSMapTable *table, const void *key, const void *value); +char *strdup(const char *s); + +NSString * radar11152419(NSString *string1, NSMapTable *map) { + const char *strkey = "key"; + NSString *string = ( NSString *)NSMapGet(map, strkey); + if (!string) { + string = [string1 copy]; + NSMapInsert(map, strdup(strkey), (void*)string); // no warning + NSMapInsertKnownAbsent(map, strdup(strkey), (void*)string); // no warning + } + return string; +} + // Test that we handle pointer escaping through OSAtomicEnqueue. typedef volatile struct { void *opaque1; diff --git a/clang/test/Analysis/retain-release.mm b/clang/test/Analysis/retain-release.mm index c463f8ada9e..01727ea6443 100644 --- a/clang/test/Analysis/retain-release.mm +++ b/clang/test/Analysis/retain-release.mm @@ -111,6 +111,7 @@ typedef struct _NSZone NSZone; @protocol NSObject - (BOOL)isEqual:(id)object; - (id)retain; +- (id)copy; - (oneway void)release; - (id)autorelease; @end @protocol NSCopying - (id)copyWithZone:(NSZone *)zone; @@ -347,3 +348,21 @@ int rdar10553686_positive(void) return 0; } +@interface NSMapTable : NSObject <NSCopying, NSCoding, NSFastEnumeration> +@end +extern void *NSMapGet(NSMapTable *table, const void *key); +extern void NSMapInsert(NSMapTable *table, const void *key, const void *value); +extern void NSMapInsertKnownAbsent(NSMapTable *table, const void *key, const void *value); +char *strdup(const char *s); + +NSString * radar11152419(NSString *string1, NSString *key1, NSMapTable *map) { + NSString *string = ( NSString *)NSMapGet(map, key1); + if (!string) { + string = [string1 copy]; + NSString *key = [key1 copy]; + NSMapInsert(map, (void*) key, (void*)string); // no warning + NSMapInsertKnownAbsent(map, (void*)key, (void*)string); // no warning + } + return string; +} + diff --git a/clang/test/Analysis/system-header-simulator-objc.h b/clang/test/Analysis/system-header-simulator-objc.h index 3fe21920aef..92d5899abf8 100644 --- a/clang/test/Analysis/system-header-simulator-objc.h +++ b/clang/test/Analysis/system-header-simulator-objc.h @@ -39,6 +39,7 @@ typedef struct _NSZone NSZone; @protocol NSObject - (BOOL)isEqual:(id)object; - (id)retain; +- (id)copy; - (oneway void)release; - (id)autorelease; - (id)init; |
