From 4917f894fd255d257db0f60b7c6ff94097b7e469 Mon Sep 17 00:00:00 2001 From: Artem Dergachev Date: Mon, 29 May 2017 18:54:02 +0000 Subject: [analyzer] Fix immutable map factory lifetime for partial taint. This should fix the leaks found by asan buildbot in r304162. Also don't store a reference to the factory with every map value, which is the only difference between ImmutableMap and ImmutableMapRef. llvm-svn: 304170 --- clang/lib/StaticAnalyzer/Core/ProgramState.cpp | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) (limited to 'clang/lib/StaticAnalyzer/Core/ProgramState.cpp') diff --git a/clang/lib/StaticAnalyzer/Core/ProgramState.cpp b/clang/lib/StaticAnalyzer/Core/ProgramState.cpp index fc26de1a1f8..3215c3ccd21 100644 --- a/clang/lib/StaticAnalyzer/Core/ProgramState.cpp +++ b/clang/lib/StaticAnalyzer/Core/ProgramState.cpp @@ -703,13 +703,12 @@ ProgramStateRef ProgramState::addPartialTaint(SymbolRef ParentSym, if (SubRegion == SubRegion->getBaseRegion()) return addTaint(ParentSym, Kind); - TaintedSubRegionsRef TaintedSubRegions(0, TSRFactory.getTreeFactory()); - if (const TaintedSubRegionsRef *SavedTaintedRegions = - get(ParentSym)) - TaintedSubRegions = *SavedTaintedRegions; + const TaintedSubRegions *SavedRegs = get(ParentSym); + TaintedSubRegions Regs = + SavedRegs ? *SavedRegs : stateMgr->TSRFactory.getEmptyMap(); - TaintedSubRegions = TaintedSubRegions.add(SubRegion, Kind); - ProgramStateRef NewState = set(ParentSym, TaintedSubRegions); + Regs = stateMgr->TSRFactory.add(Regs, SubRegion, Kind); + ProgramStateRef NewState = set(ParentSym, Regs); assert(NewState); return NewState; } @@ -772,18 +771,16 @@ bool ProgramState::isTainted(SymbolRef Sym, TaintTagType Kind) const { // If this is a SymbolDerived with the same parent symbol as another // tainted SymbolDerived and a region that's a sub-region of that tainted // symbol, it's also tainted. - if (const TaintedSubRegionsRef *SymRegions = - get(SD->getParentSymbol())) { + if (const TaintedSubRegions *Regs = + get(SD->getParentSymbol())) { const TypedValueRegion *R = SD->getRegion(); - for (TaintedSubRegionsRef::iterator I = SymRegions->begin(), - E = SymRegions->end(); - I != E; ++I) { + for (auto I : *Regs) { // FIXME: The logic to identify tainted regions could be more // complete. For example, this would not currently identify // overlapping fields in a union as tainted. To identify this we can // check for overlapping/nested byte offsets. - if (Kind == I->second && - (R == I->first || R->isSubRegionOf(I->first))) + if (Kind == I.second && + (R == I.first || R->isSubRegionOf(I.first))) return true; } } -- cgit v1.2.3