[analyzer] Report leaks at the closing brace of a function body.

This fixes a few cases where we'd emit path notes like this: +---+ 1| v p = malloc(len); ^ |2 +---+ In general this should make path notes more consistent and more correct, especially in cases where the leak happens on the false branch of an if that jumps directly to the end of the function. There are a couple places where the leak is reported farther away from the cause; these are usually cases where there are several levels of nested braces before the end of the function. This still matches our current behavior for when there /is/ a statement after all the braces, though. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168070 91177308-0d34-0410-b5e6-96231b3b80d8
author: Jordan Rose <jordan_rose@apple.com> 2012-11-15 19:11:43 +0000
committer: Jordan Rose <jordan_rose@apple.com> 2012-11-15 19:11:43 +0000
commit: 63bc186d6ac0b44ba4ec6fccb5f471b05c79b666 (patch)
tree: 9002c9a95686003fd8a0ed2875fe5b114d4c4bde /lib/StaticAnalyzer/Core
parent: f34a5791c5c9df0348714e275adb09b8cf858460 (diff)
3 files changed, 24 insertions, 13 deletions
diff --git a/lib/StaticAnalyzer/Core/BugReporter.cpp b/lib/StaticAnalyzer/Core/BugReporter.cpp
index c6689f8536..5c14eaf284 100644
--- a/lib/StaticAnalyzer/Core/BugReporter.cpp
+++ b/lib/StaticAnalyzer/Core/BugReporter.cpp
@@ -1673,6 +1673,9 @@ PathDiagnosticLocation BugReport::getLocation(const SourceManager &SM) const {
       if (const BinaryOperator *B = dyn_cast<BinaryOperator>(S))
         return PathDiagnosticLocation::createOperatorLoc(B, SM);
 
+      if (isa<PostStmtPurgeDeadSymbols>(ErrorNode->getLocation()))
+        return PathDiagnosticLocation::createEnd(S, SM, LC);
+
       return PathDiagnosticLocation::createBegin(S, SM, LC);
     }
   } else {
diff --git a/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp b/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
index a98e8b4922..426d48dae2 100644
--- a/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
+++ b/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
@@ -177,14 +177,15 @@ void ExprEngine::removeDeadOnEndOfFunction(NodeBuilderContext& BC,
     return;
   }
 
-  // Here, we call the Symbol Reaper with 0 stack context telling it to clean up
-  // everything on the stack. We use LastStmt as a diagnostic statement, with 
-  // which the program point will be associated. However, we only want to use
-  // LastStmt as a reference for what to clean up if it's a ReturnStmt;
-  // otherwise, everything is dead.
+  // Here, we destroy the current location context. We use the current
+  // function's entire body as a diagnostic statement, with which the program
+  // point will be associated. However, we only want to use LastStmt as a
+  // reference for what to clean up if it's a ReturnStmt; otherwise, everything
+  // is dead.
   SaveAndRestore<const NodeBuilderContext *> NodeContextRAII(currBldrCtx, &BC);
-  removeDead(Pred, Dst, dyn_cast<ReturnStmt>(LastSt),
-             Pred->getLocationContext(), LastSt,
+  const LocationContext *LCtx = Pred->getLocationContext();
+  removeDead(Pred, Dst, dyn_cast<ReturnStmt>(LastSt), LCtx,
+             LCtx->getAnalysisDeclContext()->getBody(),
              ProgramPoint::PostStmtPurgeDeadSymbolsKind);
 }
 
@@ -289,9 +290,10 @@ void ExprEngine::processCallExit(ExplodedNode *CEBNode) {
     currBldrCtx = &Ctx;
     // Here, we call the Symbol Reaper with 0 statement and callee location
     // context, telling it to clean up everything in the callee's context
-    // (and its children). We use LastSt as a diagnostic statement, which
-    // which the program point will be associated.
-    removeDead(BindedRetNode, CleanedNodes, 0, calleeCtx, LastSt,
+    // (and its children). We use the callee's function body as a diagnostic
+    // statement, with which the program point will be associated.
+    removeDead(BindedRetNode, CleanedNodes, 0, calleeCtx,
+               calleeCtx->getAnalysisDeclContext()->getBody(),
                ProgramPoint::PostStmtPurgeDeadSymbolsKind);
     currBldrCtx = 0;
   } else {
diff --git a/lib/StaticAnalyzer/Core/PathDiagnostic.cpp b/lib/StaticAnalyzer/Core/PathDiagnostic.cpp
index 2ebadcaa23..cfe35251a9 100644
--- a/lib/StaticAnalyzer/Core/PathDiagnostic.cpp
+++ b/lib/StaticAnalyzer/Core/PathDiagnostic.cpp
@@ -588,6 +588,8 @@ PathDiagnosticLocation
   }
   else if (const StmtPoint *SP = dyn_cast<StmtPoint>(&P)) {
     S = SP->getStmt();
+    if (isa<PostStmtPurgeDeadSymbols>(P))
+      return PathDiagnosticLocation::createEnd(S, SMng, P.getLocationContext());
   }
   else if (const PostImplicitCall *PIE = dyn_cast<PostImplicitCall>(&P)) {
     return PathDiagnosticLocation(PIE->getLocation(), SMng);
@@ -619,12 +621,16 @@ PathDiagnosticLocation
 
   while (NI) {
     ProgramPoint P = NI->getLocation();
-    if (const StmtPoint *PS = dyn_cast<StmtPoint>(&P))
+    if (const StmtPoint *PS = dyn_cast<StmtPoint>(&P)) {
       S = PS->getStmt();
-    else if (const BlockEdge *BE = dyn_cast<BlockEdge>(&P))
+      if (isa<PostStmtPurgeDeadSymbols>(P))
+        return PathDiagnosticLocation::createEnd(S, SM,
+                                                 NI->getLocationContext());
+      break;
+    } else if (const BlockEdge *BE = dyn_cast<BlockEdge>(&P)) {
       S = BE->getSrc()->getTerminator();
-    if (S)
       break;
+    }
     NI = NI->succ_empty() ? 0 : *(NI->succ_begin());
   }
author	Jordan Rose <jordan_rose@apple.com>	2012-11-15 19:11:43 +0000
committer	Jordan Rose <jordan_rose@apple.com>	2012-11-15 19:11:43 +0000
commit	63bc186d6ac0b44ba4ec6fccb5f471b05c79b666 (patch)
tree	9002c9a95686003fd8a0ed2875fe5b114d4c4bde /lib/StaticAnalyzer/Core
parent	f34a5791c5c9df0348714e275adb09b8cf858460 (diff)