From db6ca05a6b84c79356c22031b6ec13af76dadad0 Mon Sep 17 00:00:00 2001 From: Artem Dergachev Date: Thu, 18 Jan 2018 01:01:56 +0000 Subject: [analyzer] NFC: RetainCount: Protect from dumping raw region to path notes. MemRegion::getString() is a wrapper around MemRegion::dump(), which is not user-friendly and should never be used for diagnostic messages. Actual cases where raw dumps were reaching the user were unintentionally fixed in r315736; these were noticed accidentally and shouldn't be reproducible anymore. For now RetainCountChecker only tracks pointers through variable regions, and for those dumps are "fine". However, we should still use a less dangerous method for producing our path notes. This patch replaces the dump with printing a variable name, asserting that this is indeed a variable. Differential Revision: https://reviews.llvm.org/D42015 llvm-svn: 322799 --- clang/lib/StaticAnalyzer/Checkers/RetainCountChecker.cpp | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'clang/lib/StaticAnalyzer/Checkers/RetainCountChecker.cpp') diff --git a/clang/lib/StaticAnalyzer/Checkers/RetainCountChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/RetainCountChecker.cpp index ec2eb819ee8..bf5945c58cf 100644 --- a/clang/lib/StaticAnalyzer/Checkers/RetainCountChecker.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/RetainCountChecker.cpp @@ -1929,6 +1929,12 @@ static bool isNumericLiteralExpression(const Expr *E) { isa(E); } +static std::string describeRegion(const MemRegion *MR) { + // Once we support more storage locations for bindings, + // this would need to be improved. + return cast(MR)->getDecl()->getName(); +} + /// Returns true if this stack frame is for an Objective-C method that is a /// property getter or setter whose body has been synthesized by the analyzer. static bool isSynthesizedAccessor(const StackFrameContext *SFC) { @@ -2395,7 +2401,7 @@ CFRefLeakReportVisitor::getEndPath(BugReporterContext &BRC, if (FirstBinding) { os << "object allocated and stored into '" - << FirstBinding->getString() << '\''; + << describeRegion(FirstBinding) << '\''; } else os << "allocated object"; @@ -2523,7 +2529,7 @@ void CFRefLeakReport::createDescription(CheckerContext &Ctx, bool GCEnabled, boo os << "of an object"; if (AllocBinding) { - os << " stored into '" << AllocBinding->getString() << '\''; + os << " stored into '" << describeRegion(AllocBinding) << '\''; if (IncludeAllocationLine) { FullSourceLoc SL(AllocStmt->getLocStart(), Ctx.getSourceManager()); os << " (allocated on line " << SL.getSpellingLineNumber() << ")"; -- cgit v1.2.3