From 6b33c6f2349f74f0a70d5447e2c3eb0913aba902 Mon Sep 17 00:00:00 2001
From: Jordan Rose <jordan_rose@apple.com>
Date: Wed, 26 Mar 2014 17:05:46 +0000
Subject: [analyzer] Handle the M_ZERO and __GFP_ZERO flags in kernel mallocs.

Add M_ZERO awareness to malloc() static analysis in Clang for FreeBSD,
NetBSD, and OpenBSD in a similar fashion to O_CREAT for open(2).
These systems have a three-argument malloc() in the kernel where the
third argument contains flags; the M_ZERO flag will zero-initialize the
allocated buffer.

This should reduce the number of false positives when running static
analysis on BSD kernels.

Additionally, add kmalloc() (Linux kernel malloc()) and treat __GFP_ZERO
like M_ZERO on Linux.

Future work involves a better method of checking for named flags without
hardcoding values.

Patch by Conrad Meyer, with minor modifications by me.

llvm-svn: 204832
---
 clang/test/Analysis/kmalloc-linux.c | 58 +++++++++++++++++++++++++++++++++++++
 1 file changed, 58 insertions(+)
 create mode 100644 clang/test/Analysis/kmalloc-linux.c

(limited to 'clang/test/Analysis/kmalloc-linux.c')

diff --git a/clang/test/Analysis/kmalloc-linux.c b/clang/test/Analysis/kmalloc-linux.c
new file mode 100644
index 00000000000..87c1107a102
--- /dev/null
+++ b/clang/test/Analysis/kmalloc-linux.c
@@ -0,0 +1,58 @@
+// RUN: %clang -target x86_64-unknown-linux --analyze %s
+
+#include "Inputs/system-header-simulator.h"
+
+#define __GFP_ZERO 0x8000
+#define NULL ((void *)0)
+
+void *kmalloc(size_t, int);
+
+struct test {
+};
+
+void foo(struct test *);
+
+void test_zeroed() {
+  struct test **list, *t;
+  int i;
+
+  list = kmalloc(sizeof(*list) * 10, __GFP_ZERO);
+  if (list == NULL)
+    return;
+
+  for (i = 0; i < 10; i++) {
+    t = list[i];
+    foo(t);
+  }
+  free(list); // no-warning
+}
+
+void test_nonzero() {
+  struct test **list, *t;
+  int i;
+
+  list = kmalloc(sizeof(*list) * 10, 0);
+  if (list == NULL)
+    return;
+
+  for (i = 0; i < 10; i++) {
+    t = list[i]; // expected-warning{{undefined}}
+    foo(t);
+  }
+  free(list);
+}
+
+void test_indeterminate(int flags) {
+  struct test **list, *t;
+  int i;
+
+  list = kmalloc(sizeof(*list) * 10, flags);
+  if (list == NULL)
+    return;
+
+  for (i = 0; i < 10; i++) {
+    t = list[i]; // expected-warning{{undefined}}
+    foo(t);
+  }
+  free(list);
+}
-- 
cgit v1.2.3