diff options
| author | Artem Dergachev <artem.dergachev@gmail.com> | 2017-05-29 18:54:02 +0000 |
|---|---|---|
| committer | Artem Dergachev <artem.dergachev@gmail.com> | 2017-05-29 18:54:02 +0000 |
| commit | 4917f894fd255d257db0f60b7c6ff94097b7e469 (patch) | |
| tree | 9ea3ed7be8f31431b25d4a148012a25c27476908 /clang/lib/StaticAnalyzer | |
| parent | 41e01b3c9848bea9b846131ac8d384ba90fd7a7a (diff) | |
| download | bcm5719-llvm-4917f894fd255d257db0f60b7c6ff94097b7e469.tar.gz bcm5719-llvm-4917f894fd255d257db0f60b7c6ff94097b7e469.zip | |
[analyzer] Fix immutable map factory lifetime for partial taint.
This should fix the leaks found by asan buildbot in r304162.
Also don't store a reference to the factory with every map value,
which is the only difference between ImmutableMap and ImmutableMapRef.
llvm-svn: 304170
Diffstat (limited to 'clang/lib/StaticAnalyzer')
| -rw-r--r-- | clang/lib/StaticAnalyzer/Core/ProgramState.cpp | 23 |
1 files changed, 10 insertions, 13 deletions
diff --git a/clang/lib/StaticAnalyzer/Core/ProgramState.cpp b/clang/lib/StaticAnalyzer/Core/ProgramState.cpp index fc26de1a1f8..3215c3ccd21 100644 --- a/clang/lib/StaticAnalyzer/Core/ProgramState.cpp +++ b/clang/lib/StaticAnalyzer/Core/ProgramState.cpp @@ -703,13 +703,12 @@ ProgramStateRef ProgramState::addPartialTaint(SymbolRef ParentSym, if (SubRegion == SubRegion->getBaseRegion()) return addTaint(ParentSym, Kind); - TaintedSubRegionsRef TaintedSubRegions(0, TSRFactory.getTreeFactory()); - if (const TaintedSubRegionsRef *SavedTaintedRegions = - get<DerivedSymTaint>(ParentSym)) - TaintedSubRegions = *SavedTaintedRegions; + const TaintedSubRegions *SavedRegs = get<DerivedSymTaint>(ParentSym); + TaintedSubRegions Regs = + SavedRegs ? *SavedRegs : stateMgr->TSRFactory.getEmptyMap(); - TaintedSubRegions = TaintedSubRegions.add(SubRegion, Kind); - ProgramStateRef NewState = set<DerivedSymTaint>(ParentSym, TaintedSubRegions); + Regs = stateMgr->TSRFactory.add(Regs, SubRegion, Kind); + ProgramStateRef NewState = set<DerivedSymTaint>(ParentSym, Regs); assert(NewState); return NewState; } @@ -772,18 +771,16 @@ bool ProgramState::isTainted(SymbolRef Sym, TaintTagType Kind) const { // If this is a SymbolDerived with the same parent symbol as another // tainted SymbolDerived and a region that's a sub-region of that tainted // symbol, it's also tainted. - if (const TaintedSubRegionsRef *SymRegions = - get<DerivedSymTaint>(SD->getParentSymbol())) { + if (const TaintedSubRegions *Regs = + get<DerivedSymTaint>(SD->getParentSymbol())) { const TypedValueRegion *R = SD->getRegion(); - for (TaintedSubRegionsRef::iterator I = SymRegions->begin(), - E = SymRegions->end(); - I != E; ++I) { + for (auto I : *Regs) { // FIXME: The logic to identify tainted regions could be more // complete. For example, this would not currently identify // overlapping fields in a union as tainted. To identify this we can // check for overlapping/nested byte offsets. - if (Kind == I->second && - (R == I->first || R->isSubRegionOf(I->first))) + if (Kind == I.second && + (R == I.first || R->isSubRegionOf(I.first))) return true; } } |
