diff options
| author | Anna Zaks <ganna@apple.com> | 2012-02-23 01:05:27 +0000 |
|---|---|---|
| committer | Anna Zaks <ganna@apple.com> | 2012-02-23 01:05:27 +0000 |
| commit | 07de9c12f398d65d124cf1bdc0c9465a7d944e47 (patch) | |
| tree | 122ebe83f19e7f0b1a1aca4334c6453d78e32ab8 /clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp | |
| parent | 8634d73e17cfab25cc77f9dc6d80bb84724a2dc7 (diff) | |
| download | bcm5719-llvm-07de9c12f398d65d124cf1bdc0c9465a7d944e47.tar.gz bcm5719-llvm-07de9c12f398d65d124cf1bdc0c9465a7d944e47.zip | |
[analyzer] Invalidate the region passed to pthread_setspecific() call.
Make this call an exception in ExprEngine::invalidateArguments:
'int pthread_setspecific(ptheread_key k, const void *)' stores
a value into thread local storage. The value can later be retrieved
with 'void *ptheread_getspecific(pthread_key)'. So even thought the
parameter is 'const void *', the region escapes through the
call.
(Here we just blacklist the call in the ExprEngine's default
logic. Another option would be to add a checker which evaluates
the call and triggers the call to invalidate regions.)
Teach the Malloc Checker, which treats all system calls as safe about
the API.
llvm-svn: 151220
Diffstat (limited to 'clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp')
| -rw-r--r-- | clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp index d9ec668b418..4ae1dd81efa 100644 --- a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp @@ -1033,9 +1033,19 @@ bool MallocChecker::hasUnknownBehavior(const FunctionDecl *FD, return false; } - // If it's a system call, we know it does not free the memory. + // Most system calls, do not free the memory. SourceManager &SM = ASTC.getSourceManager(); if (SM.isInSystemHeader(FD->getLocation())) { + const IdentifierInfo *II = FD->getIdentifier(); + + // White list the system functions whose arguments escape. + if (II) { + StringRef FName = II->getName(); + if (FName.equals("pthread_setspecific")) + return true; + } + + // Otherwise, assume that the function does not free memory. return false; } @@ -1052,7 +1062,7 @@ MallocChecker::checkRegionChanges(ProgramStateRef State, ArrayRef<const MemRegion *> ExplicitRegions, ArrayRef<const MemRegion *> Regions, const CallOrObjCMessage *Call) const { - if (!invalidated) + if (!invalidated || invalidated->empty()) return State; llvm::SmallPtrSet<SymbolRef, 8> WhitelistedSymbols; |
