[analyzer] Malloc Checker: Give up when a pointer escapes into a struct.

We are not properly handling the memory regions that escape into struct fields, which led to a bunch of false positives. Be conservative here and give up when a pointer escapes into a struct. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150658 91177308-0d34-0410-b5e6-96231b3b80d8
author: Anna Zaks <ganna@apple.com> 2012-02-16 03:40:57 +0000
committer: Anna Zaks <ganna@apple.com> 2012-02-16 03:40:57 +0000
commit: ac593008c2035fa241c80352a0c97c5d853facbf (patch)
tree: d9b078fe29b1649bf05cadcfbc78efe5e78338e4 /lib/StaticAnalyzer/Checkers/MallocChecker.cpp
parent: 74e1ad93fa8d6347549bcb10279fdf1fbc775321 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/StaticAnalyzer/Checkers/MallocChecker.cpp b/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
index 88a0613a78..a14057980f 100644
--- a/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
+++ b/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
@@ -924,6 +924,12 @@ void MallocChecker::checkBind(SVal loc, SVal val, const Stmt *S,
       // the binding).
       escapes = (state == (state->bindLoc(*regionLoc, val)));
     }
+    if (!escapes) {
+      // Case 4: We do not currently model what happens when a symbol is
+      // assigned to a struct field, so be conservative here and let the symbol
+      // go. TODO: This could definitely be improved upon.
+      escapes = !isa<VarRegion>(regionLoc->getRegion());
+    }
   }
 
   // If our store can represent the binding and we aren't storing to something
author	Anna Zaks <ganna@apple.com>	2012-02-16 03:40:57 +0000
committer	Anna Zaks <ganna@apple.com>	2012-02-16 03:40:57 +0000
commit	ac593008c2035fa241c80352a0c97c5d853facbf (patch)
tree	d9b078fe29b1649bf05cadcfbc78efe5e78338e4 /lib/StaticAnalyzer/Checkers/MallocChecker.cpp
parent	74e1ad93fa8d6347549bcb10279fdf1fbc775321 (diff)