History log of /external/clang/test/Analysis/simple-stream-checks.c
Revision Date Author Comments (<<< Hide modified files) (Show modified files >>>)
374ae320b87c15b0262c40e5c46e8990111df5ca 10-May-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Indirect invalidation counts as an escape for leak checkers.

Consider this example:

char *p = malloc(sizeof(char));
systemFunction(&p);
free(p);

In this case, when we call systemFunction, we know (because it's a system
function) that it won't free 'p'. However, we /don't/ know whether or not
it will /change/ 'p', so the analyzer is forced to invalidate 'p', wiping
out any bindings it contains. But now the malloc'd region looks like a
leak, since there are no more bindings pointing to it, and we'll get a
spurious leak warning.

The fix for this is to notice when something is becoming inaccessible due
to invalidation (i.e. an imperfect model, as opposed to being explicitly
overwritten) and stop tracking it at that point. Currently, the best way
to determine this for a call is the "indirect escape" pointer-escape kind.

In practice, all the patch does is take the "system functions don't free
memory" special case and limit it to direct parameters, i.e. just the
arguments to a call and not other regions accessible to them. This is a
conservative change that should only cause us to escape regions more
eagerly, which means fewer leak warnings.

This isn't perfect for several reasons, the main one being that this
example is treated the same as the one above:

char **p = malloc(sizeof(char *));
systemFunction(p + 1);
// leak

Currently, "addresses accessible by offsets of the starting region" and
"addresses accessible through bindings of the starting region" are both
considered "indirect" regions, hence this uniform treatment.

Another issue is our longstanding problem of not distinguishing const and
non-const bindings; if in the first example systemFunction's parameter were
a char * const *, we should know that the function will not overwrite 'p',
and thus we can safely report the leak.

<rdar://problem/13758386>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@181607 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/test/Analysis/simple-stream-checks.c
74f6982232c25ae723b1cc5abc59665a10867f21 20-Mar-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Track malloc'd memory into struct fields.

Due to improper modelling of copy constructors (specifically, their
const reference arguments), we were producing spurious leak warnings
for allocated memory stored in structs. In order to silence this, we
decided to consider storing into a struct to be the same as escaping.
However, the previous commit has fixed this issue and we can now properly
distinguish leaked memory that happens to be in a struct from a buffer
that escapes within a struct wrapper.

Originally applied in r161511, reverted in r174468.
<rdar://problem/12945937>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177571 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/test/Analysis/simple-stream-checks.c
233e26acc0ff2a1098f4c813f69286fce840a422 08-Feb-2013 Anna Zaks <ganna@apple.com> [analyzer] Add pointer escape type param to checkPointerEscape callback

The checkPointerEscape callback previously did not specify how a
pointer escaped. This change includes an enum which describes the
different ways a pointer may escape. This enum is passed to the
checkPointerEscape callback when a pointer escapes. If the escape
is due to a function call, the call is passed. This changes
previous behavior where the call is passed as NULL if the escape
was due to indirectly invalidating the region the pointer referenced.

A patch by Branden Archer!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174677 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/test/Analysis/simple-stream-checks.c
63bc186d6ac0b44ba4ec6fccb5f471b05c79b666 15-Nov-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Report leaks at the closing brace of a function body.

This fixes a few cases where we'd emit path notes like this:

+---+
1| v
p = malloc(len);
^ |2
+---+

In general this should make path notes more consistent and more correct,
especially in cases where the leak happens on the false branch of an if
that jumps directly to the end of the function. There are a couple places
where the leak is reported farther away from the cause; these are usually
cases where there are several levels of nested braces before the end of
the function. This still matches our current behavior for when there /is/
a statement after all the braces, though.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168070 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/test/Analysis/simple-stream-checks.c
35d4a09efbdc313b02f05612e6501a7ec7d3a37d 06-Nov-2012 Anna Zaks <ganna@apple.com> [analyzer] Add symbol escapes logic to the SimpleStreamChecker.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167439 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/test/Analysis/simple-stream-checks.c
8501b7a1c4c4a9ba0ea6cb8e500e601ef3759deb 03-Nov-2012 Anna Zaks <ganna@apple.com> [analyzer] Run remove dead on end of path.

This will simplify checkers that need to register for leaks. Currently,
they have to register for both: check dead and check end of path.

I've modified the SymbolReaper to consider everything on the stack dead
if the input StackLocationContext is 0.

(This is a bit disruptive, so I'd like to flash out all the issues
asap.)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167352 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/test/Analysis/simple-stream-checks.c
32133cfb333510ba94aff040067713c0b32d58c5 31-Oct-2012 Anna Zaks <ganna@apple.com> [analyzer] SimpleStreamChecker - remove evalAssume and other refinements

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167099 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/test/Analysis/simple-stream-checks.c
d65e55d691655462880ffd51c10784955ab6a362 29-Oct-2012 Anna Zaks <ganna@apple.com> [analyzer] Add SimpleStreamChecker.

This is an example checker for catching fopen fclose API misuses.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166976 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/test/Analysis/simple-stream-checks.c