diff options
| author | Anna Zaks <ganna@apple.com> | 2012-02-23 01:05:27 +0000 |
|---|---|---|
| committer | Anna Zaks <ganna@apple.com> | 2012-02-23 01:05:27 +0000 |
| commit | 07de9c12f398d65d124cf1bdc0c9465a7d944e47 (patch) | |
| tree | 122ebe83f19e7f0b1a1aca4334c6453d78e32ab8 /clang/test/Analysis | |
| parent | 8634d73e17cfab25cc77f9dc6d80bb84724a2dc7 (diff) | |
| download | bcm5719-llvm-07de9c12f398d65d124cf1bdc0c9465a7d944e47.tar.gz bcm5719-llvm-07de9c12f398d65d124cf1bdc0c9465a7d944e47.zip | |
[analyzer] Invalidate the region passed to pthread_setspecific() call.
Make this call an exception in ExprEngine::invalidateArguments:
'int pthread_setspecific(ptheread_key k, const void *)' stores
a value into thread local storage. The value can later be retrieved
with 'void *ptheread_getspecific(pthread_key)'. So even thought the
parameter is 'const void *', the region escapes through the
call.
(Here we just blacklist the call in the ExprEngine's default
logic. Another option would be to add a checker which evaluates
the call and triggers the call to invalidate regions.)
Teach the Malloc Checker, which treats all system calls as safe about
the API.
llvm-svn: 151220
Diffstat (limited to 'clang/test/Analysis')
| -rw-r--r-- | clang/test/Analysis/malloc.c | 10 | ||||
| -rw-r--r-- | clang/test/Analysis/system-header-simulator.h | 4 |
2 files changed, 14 insertions, 0 deletions
diff --git a/clang/test/Analysis/malloc.c b/clang/test/Analysis/malloc.c index 1923305fe20..4e42657c197 100644 --- a/clang/test/Analysis/malloc.c +++ b/clang/test/Analysis/malloc.c @@ -677,6 +677,16 @@ void testStrdupContentIsDefined(const char *s, unsigned validIndex) { free(s2); } +// Test the system library functions to which the pointer can escape. + +// For now, we assume memory passed to pthread_specific escapes. +// TODO: We could check that if a new pthread binding is set, the existing +// binding must be freed; otherwise, a memory leak can occur. +void testPthereadSpecificEscape(pthread_key_t key) { + void *buf = malloc(12); + pthread_setspecific(key, buf); // no warning +} + // Below are the known false positives. // TODO: There should be no warning here. This one might be difficult to get rid of. diff --git a/clang/test/Analysis/system-header-simulator.h b/clang/test/Analysis/system-header-simulator.h index 1dd9c5b6074..472cb5a6160 100644 --- a/clang/test/Analysis/system-header-simulator.h +++ b/clang/test/Analysis/system-header-simulator.h @@ -11,3 +11,7 @@ unsigned long strlen(const char *); char *strcpy(char *restrict s1, const char *restrict s2); +typedef unsigned long __darwin_pthread_key_t; +typedef __darwin_pthread_key_t pthread_key_t; +int pthread_setspecific(pthread_key_t , + const void *); |
