History log of /llvm-project/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp (Results 226 – 250 of 397)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# 8ebeb643 08-Jun-2013 Anna Zaks <ganna@apple.com>

[analyzer] Minor fixups to r183062

Based on feedback from Jordan.

llvm-svn: 183600


Revision tags: llvmorg-3.3.0, llvmorg-3.3.0-rc3
# a4bc5e12 31-May-2013 Anna Zaks <ganna@apple.com>

[analyzer] Malloc checker should only escape the receiver when “[O init..]” is called.

Jordan has pointed out that it is valuable to warn in cases when the arguments to init escape.
For example, NSD

[analyzer] Malloc checker should only escape the receiver when “[O init..]” is called.

Jordan has pointed out that it is valuable to warn in cases when the arguments to init escape.
For example, NSData initWithBytes id not going to free the memory.

llvm-svn: 183062

show more ...


# 737926ba 31-May-2013 Anna Zaks <ganna@apple.com>

[analyzer] Fix a false positive reported on rare strange code, which happens to be in JSONKit

llvm-svn: 183055


Revision tags: llvmorg-3.3.0-rc2
# 757fbb0b 10-May-2013 Jordan Rose <jordan_rose@apple.com>

[analyzer] Indirect invalidation counts as an escape for leak checkers.

Consider this example:

char *p = malloc(sizeof(char));
systemFunction(&p);
free(p);

In this case, when we call systemF

[analyzer] Indirect invalidation counts as an escape for leak checkers.

Consider this example:

char *p = malloc(sizeof(char));
systemFunction(&p);
free(p);

In this case, when we call systemFunction, we know (because it's a system
function) that it won't free 'p'. However, we /don't/ know whether or not
it will /change/ 'p', so the analyzer is forced to invalidate 'p', wiping
out any bindings it contains. But now the malloc'd region looks like a
leak, since there are no more bindings pointing to it, and we'll get a
spurious leak warning.

The fix for this is to notice when something is becoming inaccessible due
to invalidation (i.e. an imperfect model, as opposed to being explicitly
overwritten) and stop tracking it at that point. Currently, the best way
to determine this for a call is the "indirect escape" pointer-escape kind.

In practice, all the patch does is take the "system functions don't free
memory" special case and limit it to direct parameters, i.e. just the
arguments to a call and not other regions accessible to them. This is a
conservative change that should only cause us to escape regions more
eagerly, which means fewer leak warnings.

This isn't perfect for several reasons, the main one being that this
example is treated the same as the one above:

char **p = malloc(sizeof(char *));
systemFunction(p + 1);
// leak

Currently, "addresses accessible by offsets of the starting region" and
"addresses accessible through bindings of the starting region" are both
considered "indirect" regions, hence this uniform treatment.

Another issue is our longstanding problem of not distinguishing const and
non-const bindings; if in the first example systemFunction's parameter were
a char * const *, we should know that the function will not overwrite 'p',
and thus we can safely report the leak.

<rdar://problem/13758386>

llvm-svn: 181607

show more ...


Revision tags: llvmorg-3.3.0-rc1
# e4cfcd4e 16-Apr-2013 Anna Zaks <ganna@apple.com>

[analyzer] Improve the malloc checker stack hint message

llvm-svn: 179580


# 7af0aa86 12-Apr-2013 Anton Yartsev <anton.yartsev@gmail.com>

[analyzer] Enable NewDelete checker if NewDeleteLeaks checker is enabled.

llvm-svn: 179428


# c92f2c58 12-Apr-2013 Anton Yartsev <anton.yartsev@gmail.com>

[analyzer] Makes NewDeleteLeaks checker work independently from NewDelete.

llvm-svn: 179410


# 6cea7d9e 12-Apr-2013 Anna Zaks <ganna@apple.com>

[analyzer]Print field region even when the base region is not printable

llvm-svn: 179395


# 1e2bc9b5 11-Apr-2013 Anton Yartsev <anton.yartsev@gmail.com>

[analyzer] Refactoring: better doxygen comment; renaming isTrackedFamily to isTrackedByCurrentChecker

llvm-svn: 179242


# 07804ef8 10-Apr-2013 Anna Zaks <ganna@apple.com>

[analyzer] Address Jordan’s review of r179219

llvm-svn: 179235


# cb2ccd6b 10-Apr-2013 Anton Yartsev <anton.yartsev@gmail.com>

[analyzer] Switched to checkPreCall interface for detecting usage after free.

Now the check is also applied to arguments for Objective-C method calls and to 'this' pointer.

llvm-svn: 179230


# 7c19abeb 10-Apr-2013 Anna Zaks <ganna@apple.com>

[analyzer] Cleanup leak warnings: do not print the names of variables from other functions.

llvm-svn: 179219


# 93a21a8c 09-Apr-2013 Anna Zaks <ganna@apple.com>

[analyzer] Keep tracking the pointer after the escape to more aggressively report mismatched deallocator

Test that the path notes do not change. I don’t think we should print a note on escape.

Also

[analyzer] Keep tracking the pointer after the escape to more aggressively report mismatched deallocator

Test that the path notes do not change. I don’t think we should print a note on escape.

Also, I’ve removed a check that assumed that the family stored in the RefStete could be
AF_None and added an assert in the constructor.

llvm-svn: 179075

show more ...


# a1de8567 06-Apr-2013 Anna Zaks <ganna@apple.com>

[analyzer] Shorten the malloc checker’s leak message

As per Ted’s suggestion!

llvm-svn: 178938


# 030bcdd9 05-Apr-2013 Anton Yartsev <anton.yartsev@gmail.com>

[analyzer] Eliminates all the cases with unknown family.

Now treat AF_None family as impossible in isTrackedFamily()

llvm-svn: 178899


# 26330563 05-Apr-2013 Jordan Rose <jordan_rose@apple.com>

[analyzer] Split new/delete checker into use-after-free and leaks parts.

This splits the leak-checking part of alpha.cplusplus.NewDelete into a
separate user-level checker, alpha.cplusplus.NewDelete

[analyzer] Split new/delete checker into use-after-free and leaks parts.

This splits the leak-checking part of alpha.cplusplus.NewDelete into a
separate user-level checker, alpha.cplusplus.NewDeleteLeaks. All the
difficult false positives we've seen with the new/delete checker have been
spurious leak warnings; the use-after-free warnings and mismatched
deallocator warnings, while rare, have always been valid.

<rdar://problem/6194569>

llvm-svn: 178890

show more ...


# f0593d67 05-Apr-2013 Anton Yartsev <anton.yartsev@gmail.com>

[analyzer] Path notes for the MismatchedDeallocator checker.

llvm-svn: 178862


# 6e499256 05-Apr-2013 Anton Yartsev <anton.yartsev@gmail.com>

[analyzer] Check allocation family more precise.

The statement passed to isTrackedFamily() might be a user defined function calling malloc; in this case we got AF_NONE family for this function.
Now

[analyzer] Check allocation family more precise.

The statement passed to isTrackedFamily() might be a user defined function calling malloc; in this case we got AF_NONE family for this function.
Now the allocation family is derived from Sym, that holds a family of a real allocator.

This commit is also a movement towards getting rid of tracking memory allocating by unknown means.

llvm-svn: 178834

show more ...


# 2f91004b 05-Apr-2013 Anton Yartsev <anton.yartsev@gmail.com>

[analyzer] Corrected the switch statement.

llvm-svn: 178831


# 717aa0ea 05-Apr-2013 Anton Yartsev <anton.yartsev@gmail.com>

[analyzer] Fully-covered switch for families in isTrackedFamily()

llvm-svn: 178820


# e3377fbc 04-Apr-2013 Anton Yartsev <anton.yartsev@gmail.com>

[analyzer] Reduced the unwanted correlations between checkers living inside MallocChecker.cpp

This fixes an issue pointed to by Jordan: if unix.Malloc and unix.MismatchedDeallocator are both on, the

[analyzer] Reduced the unwanted correlations between checkers living inside MallocChecker.cpp

This fixes an issue pointed to by Jordan: if unix.Malloc and unix.MismatchedDeallocator are both on, then we end up still tracking leaks of memory allocated by new.
Moved the guards right before emitting the bug reports to unify and simplify the logic of handling of multiple checkers. Now all the checkers perform their checks regardless of if they were enabled, or not, and it is decided just before the emitting of the report, if it should be emitted. (idea from Anna).

Additional changes:
improved test coverage for checker correlations;
refactoring: BadDealloc -> MismatchedDealloc

llvm-svn: 178814

show more ...


# 333481b9 28-Mar-2013 Anna Zaks <ganna@apple.com>

[analyzer] Add support for escape of const pointers and use it to allow “newed” pointers to escape

Add a new callback that notifies checkers when a const pointer escapes. Currently, this only works

[analyzer] Add support for escape of const pointers and use it to allow “newed” pointers to escape

Add a new callback that notifies checkers when a const pointer escapes. Currently, this only works
for const pointers passed as a top level parameter into a function. We need to differentiate the const
pointers escape from regular escape since the content pointed by const pointer will not change;
if it’s a file handle, a file cannot be closed; but delete is allowed on const pointers.

This should suppress several false positives reported by the NewDelete checker on llvm codebase.

llvm-svn: 178310

show more ...


# 06cbed41 28-Mar-2013 Eric Christopher <echristo@gmail.com>

Fix order of initialization warning.

llvm-svn: 178255


# 05789599 28-Mar-2013 Anton Yartsev <anton.yartsev@gmail.com>

[analyzer] These implements unix.MismatchedDeallocatorChecker checker.
+ Improved display names for allocators and deallocators

The checker checks if a deallocation function matches allocation one.

[analyzer] These implements unix.MismatchedDeallocatorChecker checker.
+ Improved display names for allocators and deallocators

The checker checks if a deallocation function matches allocation one. ('free' for 'malloc', 'delete' for 'new' etc.)

llvm-svn: 178250

show more ...


# 8b662704 28-Mar-2013 Anton Yartsev <anton.yartsev@gmail.com>

[analyzer] For now assume all standard global 'operator new' functions allocate memory in heap.
+ Improved test coverage for cplusplus.NewDelete checker.

llvm-svn: 178244


12345678910>>...16