diff options
| author | Anna Zaks <ganna@apple.com> | 2012-03-15 21:13:02 +0000 |
|---|---|---|
| committer | Anna Zaks <ganna@apple.com> | 2012-03-15 21:13:02 +0000 |
| commit | 368a0d565f078666ca5bfb7fe08d04648688e4bc (patch) | |
| tree | 8d66a659b31243797f2f1c374a4da344c3e8a1a5 /lib/StaticAnalyzer/Checkers/MallocChecker.cpp | |
| parent | 2b2bbee3071cee1b03520d9bf0c80c4f0bbe60eb (diff) | |
[analyzer] Allow checkers to supply call stack diagnostic hints for the
BugVisitor DiagnosticPieces.
When checkers create a DiagnosticPieceEvent, they can supply an extra
string, which will be concatenated with the call exit message for every
call on the stack between the diagnostic event and the final bug report.
(This is a simple version, which could be/will be further enhanced.)
For example, this is used in Malloc checker to produce the ",
which allocated memory" in the following example:
static char *malloc_wrapper() { // 2. Entered call from 'use'
return malloc(12); // 3. Memory is allocated
}
void use() {
char *v;
v = malloc_wrapper(); // 1. Calling 'malloc_wrappers'
// 4. Returning from 'malloc_wrapper', which allocated memory
} // 5. Memory is never released; potential
memory leak
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152837 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'lib/StaticAnalyzer/Checkers/MallocChecker.cpp')
| -rw-r--r-- | lib/StaticAnalyzer/Checkers/MallocChecker.cpp | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/lib/StaticAnalyzer/Checkers/MallocChecker.cpp b/lib/StaticAnalyzer/Checkers/MallocChecker.cpp index 3f0d3d456e..e071626eb6 100644 --- a/lib/StaticAnalyzer/Checkers/MallocChecker.cpp +++ b/lib/StaticAnalyzer/Checkers/MallocChecker.cpp @@ -1249,6 +1249,7 @@ MallocChecker::MallocBugVisitor::VisitNode(const ExplodedNode *N, const Stmt *S = 0; const char *Msg = 0; + const char *StackMsg = 0; // Retrieve the associated statement. ProgramPoint ProgLoc = N->getLocation(); @@ -1264,14 +1265,18 @@ MallocChecker::MallocBugVisitor::VisitNode(const ExplodedNode *N, return 0; // Find out if this is an interesting point and what is the kind. + // TODO: Replace 'callee' by the function name. if (Mode == Normal) { - if (isAllocated(RS, RSPrev, S)) + if (isAllocated(RS, RSPrev, S)) { Msg = "Memory is allocated"; - else if (isReleased(RS, RSPrev, S)) + StackMsg = ", which allocated memory"; + } else if (isReleased(RS, RSPrev, S)) { Msg = "Memory is released"; - else if (isReallocFailedCheck(RS, RSPrev, S)) { + StackMsg = ", which released memory"; + } else if (isReallocFailedCheck(RS, RSPrev, S)) { Mode = ReallocationFailed; Msg = "Reallocation failed"; + StackMsg = ", where reallocation failed"; } // We are in a special mode if a reallocation failed later in the path. @@ -1291,16 +1296,18 @@ MallocChecker::MallocBugVisitor::VisitNode(const ExplodedNode *N, if (!(FunName.equals("realloc") || FunName.equals("reallocf"))) return 0; Msg = "Attempt to reallocate memory"; + StackMsg = ", which attempted to reallocate memory"; Mode = Normal; } if (!Msg) return 0; + assert(StackMsg); // Generate the extra diagnostic. PathDiagnosticLocation Pos(S, BRC.getSourceManager(), N->getLocationContext()); - return new PathDiagnosticEventPiece(Pos, Msg); + return new PathDiagnosticEventPiece(Pos, Msg, true, StackMsg); } |