diff options
| author | Anna Zaks <ganna@apple.com> | 2012-02-20 22:25:23 +0000 |
|---|---|---|
| committer | Anna Zaks <ganna@apple.com> | 2012-02-20 22:25:23 +0000 |
| commit | a19581ae489335abf5cf96b253b31ecefe96b8e4 (patch) | |
| tree | ff94fe3880f0cd471fd9d0a66e5ddb3439bb59f5 | |
| parent | 9747b539cdba6e3ede2b927187a909a796336fc9 (diff) | |
[analyzer] Make Malloc aware of inter-procedural execution + basic
tests.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150993 91177308-0d34-0410-b5e6-96231b3b80d8
| -rw-r--r-- | lib/StaticAnalyzer/Checkers/MallocChecker.cpp | 9 | ||||
| -rw-r--r-- | test/Analysis/malloc-interprocedural.c | 54 |
2 files changed, 61 insertions, 2 deletions
diff --git a/lib/StaticAnalyzer/Checkers/MallocChecker.cpp b/lib/StaticAnalyzer/Checkers/MallocChecker.cpp index 38044d1aa9..fed64f1b04 100644 --- a/lib/StaticAnalyzer/Checkers/MallocChecker.cpp +++ b/lib/StaticAnalyzer/Checkers/MallocChecker.cpp @@ -827,6 +827,10 @@ void MallocChecker::checkEndPath(CheckerContext &C) const { ProgramStateRef state = C.getState(); RegionStateTy M = state->get<RegionState>(); + // If inside inlined call, skip it. + if (C.getLocationContext()->getParent() != 0) + return; + for (RegionStateTy::iterator I = M.begin(), E = M.end(); I != E; ++I) { RefState RS = I->second; if (RS.isAllocated()) { @@ -885,8 +889,9 @@ void MallocChecker::checkPreStmt(const ReturnStmt *S, CheckerContext &C) const { if (checkUseAfterFree(Sym, C, E)) return; - // Check if the symbol is escaping. - checkEscape(Sym, E, C); + // If this function body is not inlined, check if the symbol is escaping. + if (C.getLocationContext()->getParent() == 0) + checkEscape(Sym, E, C); } bool MallocChecker::checkUseAfterFree(SymbolRef Sym, CheckerContext &C, diff --git a/test/Analysis/malloc-interprocedural.c b/test/Analysis/malloc-interprocedural.c new file mode 100644 index 0000000000..8ae6024d7e --- /dev/null +++ b/test/Analysis/malloc-interprocedural.c @@ -0,0 +1,54 @@ +// RUN: %clang_cc1 -analyze -analyzer-checker=unix.Malloc -analyzer-inline-call -analyzer-store=region -verify %s + +#include "system-header-simulator.h" + +typedef __typeof(sizeof(int)) size_t; +void *malloc(size_t); +void *valloc(size_t); +void free(void *); +void *realloc(void *ptr, size_t size); +void *reallocf(void *ptr, size_t size); +void *calloc(size_t nmemb, size_t size); +extern void exit(int) __attribute__ ((__noreturn__)); + +static void my_malloc1(void **d, size_t size) { + *d = malloc(size); +} + +static void *my_malloc2(int elevel, size_t size) { + void *data; + data = malloc(size); + if (data == 0) + exit(0); + return data; +} + +static void my_free1(void *p) { + free(p); +} + +static void test1() { + void *data = 0; + my_malloc1(&data, 4); // expected-warning {{Memory is never released; potential memory leak}} +} + +static void test2() { + void * data = my_malloc2(1, 4); + data = my_malloc2(1, 4);// expected-warning {{Memory is never released; potential memory leak}} +} + +static void test3() { + void *data = my_malloc2(1, 4); + free(data); + data = my_malloc2(1, 4); + free(data); +} + +int test4() { + int *data = (int*)my_malloc2(1, 4); + my_free1(data); + data = (int *)my_malloc2(1, 4); + my_free1(data); + return *data; // expected-warning {{Use of memory after it is freed}} +} + |