diff options
| author | Ted Kremenek <kremenek@apple.com> | 2012-03-05 23:06:19 +0000 |
|---|---|---|
| committer | Ted Kremenek <kremenek@apple.com> | 2012-03-05 23:06:19 +0000 |
| commit | 9d96f843b889fcc0a98960eeab55abd4bf4f3220 (patch) | |
| tree | d4f1c635eb50dd7b29c22f0d8c120b228871a3ed | |
| parent | bb6e7edd32296962e1c1e2f73f10906a5952c4b5 (diff) | |
| download | bcm5719-llvm-9d96f843b889fcc0a98960eeab55abd4bf4f3220.tar.gz bcm5719-llvm-9d96f843b889fcc0a98960eeab55abd4bf4f3220.zip | |
Teach SimpleSValBuilder that (in the absence of more information) stack memory doesn't alias symbolic memory. This is a heuristic/hack, but works well in practice. Fixes <rdar://problem/10978247>.
llvm-svn: 152065
| -rw-r--r-- | clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp | 18 | ||||
| -rw-r--r-- | clang/test/Analysis/malloc.c | 32 | ||||
| -rw-r--r-- | clang/test/Analysis/ptr-arith.c | 2 |
3 files changed, 51 insertions, 1 deletions
diff --git a/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp b/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp index 5cf9f475c73..d0558f1af44 100644 --- a/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp +++ b/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp @@ -714,6 +714,24 @@ SVal SimpleSValBuilder::evalBinOpLL(ProgramStateRef state, // The two regions are from the same base region. See if they're both a // type of region we know how to compare. + const MemSpaceRegion *LeftMS = LeftBase->getMemorySpace(); + const MemSpaceRegion *RightMS = RightBase->getMemorySpace(); + + // Heuristic: assume that no symbolic region (whose memory space is + // unknown) is on the stack. + // FIXME: we should be able to be more precise once we can do better + // aliasing constraints for symbolic regions, but this is a reasonable, + // albeit unsound, assumption that holds most of the time. + if (isa<StackSpaceRegion>(LeftMS) ^ isa<StackSpaceRegion>(RightMS)) { + switch (op) { + default: + break; + case BO_EQ: + return makeTruthVal(false, resultTy); + case BO_NE: + return makeTruthVal(true, resultTy); + } + } // FIXME: If/when there is a getAsRawOffset() for FieldRegions, this // ElementRegion path and the FieldRegion path below should be unified. diff --git a/clang/test/Analysis/malloc.c b/clang/test/Analysis/malloc.c index bfe1befb530..0bc09ead6bc 100644 --- a/clang/test/Analysis/malloc.c +++ b/clang/test/Analysis/malloc.c @@ -728,6 +728,38 @@ int my_main_warn(FILE *f) { return 0;// expected-warning {{leak}} } +// <rdar://problem/10978247>. +// some people use stack allocated memory as an optimization to avoid +// a heap allocation for small work sizes. This tests the analyzer's +// understanding that the malloc'ed memory is not the same as stackBuffer. +void radar10978247(int myValueSize) { + char stackBuffer[128]; + char *buffer; + + if (myValueSize <= sizeof(stackBuffer)) + buffer = stackBuffer; + else + buffer = malloc(myValueSize); + + // do stuff with the buffer + if (buffer != stackBuffer) + free(buffer); +} + +void radar10978247_positive(int myValueSize) { + char stackBuffer[128]; + char *buffer; + + if (myValueSize <= sizeof(stackBuffer)) + buffer = stackBuffer; + else + buffer = malloc(myValueSize); + + // do stuff with the buffer + if (buffer == stackBuffer) // expected-warning {{leak}} + return; +} + // ---------------------------------------------------------------------------- // Below are the known false positives. diff --git a/clang/test/Analysis/ptr-arith.c b/clang/test/Analysis/ptr-arith.c index 995470a369c..fb37f1c791a 100644 --- a/clang/test/Analysis/ptr-arith.c +++ b/clang/test/Analysis/ptr-arith.c @@ -269,7 +269,7 @@ void symbolic_region(int *p) { int a; if (&a == p) - WARN; // expected-warning{{}} + WARN; // no-warning if (&a != p) WARN; // expected-warning{{}} if (&a > p) |
