diff options
| author | Anna Zaks <ganna@apple.com> | 2012-02-14 00:26:13 +0000 |
|---|---|---|
| committer | Anna Zaks <ganna@apple.com> | 2012-02-14 00:26:13 +0000 |
| commit | ad01ef5fb99bd021f8bf1bc4d3fafdb6ff69aa10 (patch) | |
| tree | 350db20f4e60647d335622e2a24fcb7d0ec9c54f /clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp | |
| parent | a97aa92ab2e11812ce1b7fa460d09b527b8b0563 (diff) | |
| download | bcm5719-llvm-ad01ef5fb99bd021f8bf1bc4d3fafdb6ff69aa10.tar.gz bcm5719-llvm-ad01ef5fb99bd021f8bf1bc4d3fafdb6ff69aa10.zip | |
[analyzer] Malloc Checker: realloc: add dependency between the symbols
in realloc map.
If there is no dependency, the reallocated ptr will get garbage
collected before we know that realloc failed, which would lead us to
missing a memory leak warning.
Also added new test cases, which we can handle now.
Plus minor cleanups.
llvm-svn: 150446
Diffstat (limited to 'clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp')
| -rw-r--r-- | clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp | 15 |
1 files changed, 6 insertions, 9 deletions
diff --git a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp index 9329d5251f1..7cbb49e2d8f 100644 --- a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp @@ -409,17 +409,12 @@ ProgramStateRef MallocChecker::FreeMemAux(CheckerContext &C, if (!isa<Loc>(location)) return 0; - // FIXME: Technically using 'Assume' here can result in a path - // bifurcation. In such cases we need to return two states, not just one. + // The explicit NULL case, no operation is performed. ProgramStateRef notNullState, nullState; llvm::tie(notNullState, nullState) = state->assume(location); - - // The explicit NULL case, no operation is performed. if (nullState && !notNullState) return 0; - assert(notNullState); - // Unknown values could easily be okay // Undefined values are handled elsewhere if (ArgVal.isUnknownOrUndef()) @@ -490,8 +485,8 @@ ProgramStateRef MallocChecker::FreeMemAux(CheckerContext &C, // Normal free. if (Hold) - return notNullState->set<RegionState>(Sym, RefState::getRelinquished(CE)); - return notNullState->set<RegionState>(Sym, RefState::getReleased(CE)); + return state->set<RegionState>(Sym, RefState::getRelinquished(CE)); + return state->set<RegionState>(Sym, RefState::getReleased(CE)); } bool MallocChecker::SummarizeValue(raw_ostream &os, SVal V) { @@ -685,6 +680,7 @@ void MallocChecker::ReallocMem(CheckerContext &C, const CallExpr *CE) const { // If size was equal to 0, either NULL or a pointer suitable to be passed // to free() is returned. stateFree = stateFree->set<ReallocPairs>(ToPtr, FromPtr); + C.getSymbolManager().addSymbolDependency(ToPtr, FromPtr); C.addTransition(stateFree); return; } @@ -697,6 +693,7 @@ void MallocChecker::ReallocMem(CheckerContext &C, const CallExpr *CE) const { if (!stateRealloc) return; stateRealloc = stateRealloc->set<ReallocPairs>(ToPtr, FromPtr); + C.getSymbolManager().addSymbolDependency(ToPtr, FromPtr); C.addTransition(stateRealloc); return; } @@ -918,7 +915,7 @@ ProgramStateRef MallocChecker::evalAssume(ProgramStateRef state, if (RS->isReleased()) state = state->set<RegionState>(I.getData(), RefState::getAllocateUnchecked(RS->getStmt())); - if (RS->isAllocated()) + else if (RS->isAllocated()) state = state->set<RegionState>(I.getData(), RefState::getReleased(RS->getStmt())); } |
