diff options
| author | Anna Zaks <ganna@apple.com> | 2013-01-19 02:18:15 +0000 |
|---|---|---|
| committer | Anna Zaks <ganna@apple.com> | 2013-01-19 02:18:15 +0000 |
| commit | 1dfebd9f995066a229c34516eb14bc69c6bcde2c (patch) | |
| tree | 8440cd3c2a633129cce870843c4b9a63baa5b314 /lib/StaticAnalyzer/Core | |
| parent | f30527901f84c9bf223db143b216a9061ee9e342 (diff) | |
[analyzer] Suppress warnings coming out of macros defined in sys/queue.h
Suppress the warning by just not emitting the report. The sink node
would get generated, which is fine since we did reach a bad state.
Motivation
Due to the way code is structured in some of these macros, we do not
reason correctly about it and report false positives. Specifically, the
following loop reports a use-after-free. Because of the way the code is
structured inside of the macro, the analyzer assumes that the list can
have cycles, so you end up with use-after-free in the loop, that is
safely deleting elements of the list. (The user does not have a way to
teach the analyzer about shape of data structures.)
SLIST_FOREACH_SAFE(item, &ctx->example_list, example_le, tmpitem) {
if (item->index == 3) { // if you remove each time, no complaints
assert((&ctx->example_list)->slh_first == item);
SLIST_REMOVE(&ctx->example_list, item, example_s, example_le);
free(item);
}
}
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172883 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'lib/StaticAnalyzer/Core')
| -rw-r--r-- | lib/StaticAnalyzer/Core/BugReporter.cpp | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/lib/StaticAnalyzer/Core/BugReporter.cpp b/lib/StaticAnalyzer/Core/BugReporter.cpp index 8e6bc69cc4..d64aa39feb 100644 --- a/lib/StaticAnalyzer/Core/BugReporter.cpp +++ b/lib/StaticAnalyzer/Core/BugReporter.cpp @@ -2137,7 +2137,32 @@ void BugReporter::Register(BugType *BT) { BugTypes = F.add(BugTypes, BT); } +bool BugReporter::suppressReport(BugReport *R) { + const Stmt *S = R->getStmt(); + if (!S) + return false; + + // Here we suppress false positives coming from system macros. This list is + // based on known issues. + + // Skip reports within the sys/queue.h macros as we do not have the ability to + // reason about data structure shapes. + SourceManager &SM = getSourceManager(); + SourceLocation Loc = S->getLocStart(); + while (Loc.isMacroID()) { + if (SM.isInSystemMacro(Loc) && + (SM.getFilename(SM.getSpellingLoc(Loc)).endswith("sys/queue.h"))) + return true; + Loc = SM.getSpellingLoc(Loc); + } + + return false; +} + void BugReporter::emitReport(BugReport* R) { + if (suppressReport(R)) + return; + // Compute the bug report's hash to determine its equivalence class. llvm::FoldingSetNodeID ID; R->Profile(ID); |