#
8ebeb643 |
| 08-Jun-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Minor fixups to r183062
Based on feedback from Jordan.
llvm-svn: 183600
|
Revision tags: llvmorg-3.3.0, llvmorg-3.3.0-rc3 |
|
#
a4bc5e12 |
| 31-May-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc checker should only escape the receiver when “[O init..]” is called.
Jordan has pointed out that it is valuable to warn in cases when the arguments to init escape. For example, NSD
[analyzer] Malloc checker should only escape the receiver when “[O init..]” is called.
Jordan has pointed out that it is valuable to warn in cases when the arguments to init escape. For example, NSData initWithBytes id not going to free the memory.
llvm-svn: 183062
show more ...
|
#
737926ba |
| 31-May-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix a false positive reported on rare strange code, which happens to be in JSONKit
llvm-svn: 183055
|
Revision tags: llvmorg-3.3.0-rc2 |
|
#
757fbb0b |
| 10-May-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Indirect invalidation counts as an escape for leak checkers.
Consider this example:
char *p = malloc(sizeof(char)); systemFunction(&p); free(p);
In this case, when we call systemF
[analyzer] Indirect invalidation counts as an escape for leak checkers.
Consider this example:
char *p = malloc(sizeof(char)); systemFunction(&p); free(p);
In this case, when we call systemFunction, we know (because it's a system function) that it won't free 'p'. However, we /don't/ know whether or not it will /change/ 'p', so the analyzer is forced to invalidate 'p', wiping out any bindings it contains. But now the malloc'd region looks like a leak, since there are no more bindings pointing to it, and we'll get a spurious leak warning.
The fix for this is to notice when something is becoming inaccessible due to invalidation (i.e. an imperfect model, as opposed to being explicitly overwritten) and stop tracking it at that point. Currently, the best way to determine this for a call is the "indirect escape" pointer-escape kind.
In practice, all the patch does is take the "system functions don't free memory" special case and limit it to direct parameters, i.e. just the arguments to a call and not other regions accessible to them. This is a conservative change that should only cause us to escape regions more eagerly, which means fewer leak warnings.
This isn't perfect for several reasons, the main one being that this example is treated the same as the one above:
char **p = malloc(sizeof(char *)); systemFunction(p + 1); // leak
Currently, "addresses accessible by offsets of the starting region" and "addresses accessible through bindings of the starting region" are both considered "indirect" regions, hence this uniform treatment.
Another issue is our longstanding problem of not distinguishing const and non-const bindings; if in the first example systemFunction's parameter were a char * const *, we should know that the function will not overwrite 'p', and thus we can safely report the leak.
<rdar://problem/13758386>
llvm-svn: 181607
show more ...
|
Revision tags: llvmorg-3.3.0-rc1 |
|
#
e4cfcd4e |
| 16-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Improve the malloc checker stack hint message
llvm-svn: 179580
|
#
7af0aa86 |
| 12-Apr-2013 |
Anton Yartsev <anton.yartsev@gmail.com> |
[analyzer] Enable NewDelete checker if NewDeleteLeaks checker is enabled.
llvm-svn: 179428
|
#
c92f2c58 |
| 12-Apr-2013 |
Anton Yartsev <anton.yartsev@gmail.com> |
[analyzer] Makes NewDeleteLeaks checker work independently from NewDelete.
llvm-svn: 179410
|
#
6cea7d9e |
| 12-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer]Print field region even when the base region is not printable
llvm-svn: 179395
|
#
1e2bc9b5 |
| 11-Apr-2013 |
Anton Yartsev <anton.yartsev@gmail.com> |
[analyzer] Refactoring: better doxygen comment; renaming isTrackedFamily to isTrackedByCurrentChecker
llvm-svn: 179242
|
#
07804ef8 |
| 10-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Address Jordan’s review of r179219
llvm-svn: 179235
|
#
cb2ccd6b |
| 10-Apr-2013 |
Anton Yartsev <anton.yartsev@gmail.com> |
[analyzer] Switched to checkPreCall interface for detecting usage after free.
Now the check is also applied to arguments for Objective-C method calls and to 'this' pointer.
llvm-svn: 179230
|
#
7c19abeb |
| 10-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Cleanup leak warnings: do not print the names of variables from other functions.
llvm-svn: 179219
|
#
93a21a8c |
| 09-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Keep tracking the pointer after the escape to more aggressively report mismatched deallocator
Test that the path notes do not change. I don’t think we should print a note on escape.
Also
[analyzer] Keep tracking the pointer after the escape to more aggressively report mismatched deallocator
Test that the path notes do not change. I don’t think we should print a note on escape.
Also, I’ve removed a check that assumed that the family stored in the RefStete could be AF_None and added an assert in the constructor.
llvm-svn: 179075
show more ...
|
#
a1de8567 |
| 06-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Shorten the malloc checker’s leak message
As per Ted’s suggestion!
llvm-svn: 178938
|
#
030bcdd9 |
| 05-Apr-2013 |
Anton Yartsev <anton.yartsev@gmail.com> |
[analyzer] Eliminates all the cases with unknown family.
Now treat AF_None family as impossible in isTrackedFamily()
llvm-svn: 178899
|
#
26330563 |
| 05-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Split new/delete checker into use-after-free and leaks parts.
This splits the leak-checking part of alpha.cplusplus.NewDelete into a separate user-level checker, alpha.cplusplus.NewDelete
[analyzer] Split new/delete checker into use-after-free and leaks parts.
This splits the leak-checking part of alpha.cplusplus.NewDelete into a separate user-level checker, alpha.cplusplus.NewDeleteLeaks. All the difficult false positives we've seen with the new/delete checker have been spurious leak warnings; the use-after-free warnings and mismatched deallocator warnings, while rare, have always been valid.
<rdar://problem/6194569>
llvm-svn: 178890
show more ...
|
#
f0593d67 |
| 05-Apr-2013 |
Anton Yartsev <anton.yartsev@gmail.com> |
[analyzer] Path notes for the MismatchedDeallocator checker.
llvm-svn: 178862
|
#
6e499256 |
| 05-Apr-2013 |
Anton Yartsev <anton.yartsev@gmail.com> |
[analyzer] Check allocation family more precise.
The statement passed to isTrackedFamily() might be a user defined function calling malloc; in this case we got AF_NONE family for this function. Now
[analyzer] Check allocation family more precise.
The statement passed to isTrackedFamily() might be a user defined function calling malloc; in this case we got AF_NONE family for this function. Now the allocation family is derived from Sym, that holds a family of a real allocator.
This commit is also a movement towards getting rid of tracking memory allocating by unknown means.
llvm-svn: 178834
show more ...
|
#
2f91004b |
| 05-Apr-2013 |
Anton Yartsev <anton.yartsev@gmail.com> |
[analyzer] Corrected the switch statement.
llvm-svn: 178831
|
#
717aa0ea |
| 05-Apr-2013 |
Anton Yartsev <anton.yartsev@gmail.com> |
[analyzer] Fully-covered switch for families in isTrackedFamily()
llvm-svn: 178820
|
#
e3377fbc |
| 04-Apr-2013 |
Anton Yartsev <anton.yartsev@gmail.com> |
[analyzer] Reduced the unwanted correlations between checkers living inside MallocChecker.cpp
This fixes an issue pointed to by Jordan: if unix.Malloc and unix.MismatchedDeallocator are both on, the
[analyzer] Reduced the unwanted correlations between checkers living inside MallocChecker.cpp
This fixes an issue pointed to by Jordan: if unix.Malloc and unix.MismatchedDeallocator are both on, then we end up still tracking leaks of memory allocated by new. Moved the guards right before emitting the bug reports to unify and simplify the logic of handling of multiple checkers. Now all the checkers perform their checks regardless of if they were enabled, or not, and it is decided just before the emitting of the report, if it should be emitted. (idea from Anna).
Additional changes: improved test coverage for checker correlations; refactoring: BadDealloc -> MismatchedDealloc
llvm-svn: 178814
show more ...
|
#
333481b9 |
| 28-Mar-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add support for escape of const pointers and use it to allow “newed” pointers to escape
Add a new callback that notifies checkers when a const pointer escapes. Currently, this only works
[analyzer] Add support for escape of const pointers and use it to allow “newed” pointers to escape
Add a new callback that notifies checkers when a const pointer escapes. Currently, this only works for const pointers passed as a top level parameter into a function. We need to differentiate the const pointers escape from regular escape since the content pointed by const pointer will not change; if it’s a file handle, a file cannot be closed; but delete is allowed on const pointers.
This should suppress several false positives reported by the NewDelete checker on llvm codebase.
llvm-svn: 178310
show more ...
|
#
06cbed41 |
| 28-Mar-2013 |
Eric Christopher <echristo@gmail.com> |
Fix order of initialization warning.
llvm-svn: 178255
|
#
05789599 |
| 28-Mar-2013 |
Anton Yartsev <anton.yartsev@gmail.com> |
[analyzer] These implements unix.MismatchedDeallocatorChecker checker. + Improved display names for allocators and deallocators
The checker checks if a deallocation function matches allocation one.
[analyzer] These implements unix.MismatchedDeallocatorChecker checker. + Improved display names for allocators and deallocators
The checker checks if a deallocation function matches allocation one. ('free' for 'malloc', 'delete' for 'new' etc.)
llvm-svn: 178250
show more ...
|
#
8b662704 |
| 28-Mar-2013 |
Anton Yartsev <anton.yartsev@gmail.com> |
[analyzer] For now assume all standard global 'operator new' functions allocate memory in heap. + Improved test coverage for cplusplus.NewDelete checker.
llvm-svn: 178244
|