History log of /llvm-project/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp (Results 251 – 275 of 397)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# 13df0362 25-Mar-2013 Anton Yartsev <anton.yartsev@gmail.com>

[analyzer] Adds cplusplus.NewDelete checker that check for memory leaks, double free, and use-after-free problems of memory managed by new/delete.

llvm-svn: 177849


# 6c2af439 13-Mar-2013 Anton Yartsev <anton.yartsev@gmail.com>

[analyzer] fixed the logic changed by r176949

llvm-svn: 176956


# 59ed15b0 13-Mar-2013 Anton Yartsev <anton.yartsev@gmail.com>

Refactoring:
+ Individual Report* method for each bug type
+ Comment improved: missing non-trivial alloca() case annotated
+ 'range' parameter of ReportBadFree() capitalized
+ 'SymbolRef Sym = State-

Refactoring:
+ Individual Report* method for each bug type
+ Comment improved: missing non-trivial alloca() case annotated
+ 'range' parameter of ReportBadFree() capitalized
+ 'SymbolRef Sym = State->getSVal(A, C.getLocationContext()).getAsSymbol();' shorten to 'SymbolRef Sym = C.getSVal(A).getAsSymbol();'

llvm-svn: 176949

show more ...


# 613f3c00 09-Mar-2013 Jordan Rose <jordan_rose@apple.com>

[analyzer] Be more consistent about Objective-C methods that free memory.

Previously, MallocChecker's pointer escape check and its post-call state
update for Objective-C method calls had a fair amou

[analyzer] Be more consistent about Objective-C methods that free memory.

Previously, MallocChecker's pointer escape check and its post-call state
update for Objective-C method calls had a fair amount duplicated logic
and not-entirely-consistent checks. This commit restructures all this to
be more consistent and possibly allow us to be more aggressive in warning
about double-frees.

New policy (applies to system header methods only):
(1) If this is a method we know about, model it as taking/holding ownership
of the passed-in buffer.
(1a) ...unless there's a "freeWhenDone:" parameter with a zero (NO) value.
(2) If there's a "freeWhenDone:" parameter (but it's not a method we know
about), treat the buffer as escaping if the value is non-zero (YES) and
non-escaping if it's zero (NO).
(3) If the first selector piece ends with "NoCopy" (but it's not a method we
know about and there's no "freeWhenDone:" parameter), treat the buffer
as escaping.

The reason that (2) and (3) don't explicitly model the ownership transfer is
because we can't be sure that they will actually free the memory using free(),
and we wouldn't want to emit a spurious "mismatched allocator" warning
(coming in Anton's upcoming patch). In the future, we may have an idea of a
"generic deallocation", i.e. we assume that the deallocator is correct but
still continue tracking the region so that we can warn about double-frees.

Patch by Anton Yartsev, with modifications from me.

llvm-svn: 176744

show more ...


# 87396b9b 21-Feb-2013 David Blaikie <dblaikie@gmail.com>

Replace ProgramPoint llvm::cast support to be well-defined.

See r175462 for another example/more details.

llvm-svn: 175812


# 05785d16 20-Feb-2013 David Blaikie <dblaikie@gmail.com>

Include llvm::Optional in clang/Basic/LLVM.h

Post-commit CR feedback from Jordan Rose regarding r175594.

llvm-svn: 175679


# 2fdacbc5 20-Feb-2013 David Blaikie <dblaikie@gmail.com>

Replace SVal llvm::cast support to be well-defined.

See r175462 for another example/more details.

llvm-svn: 175594


# c89ad07d 07-Feb-2013 Anna Zaks <ganna@apple.com>

[analyzer] Report bugs when freeing memory with offset pointer

The malloc checker will now catch the case when a previously malloc'ed
region is freed, but the pointer passed to free does not point t

[analyzer] Report bugs when freeing memory with offset pointer

The malloc checker will now catch the case when a previously malloc'ed
region is freed, but the pointer passed to free does not point to the
start of the allocated memory. For example:

int *p1 = malloc(sizeof(int));
p1++;
free(p1); // warn

From the "memory.LeakPtrValChanged enhancement to unix.Malloc" entry
in the list of potential checkers.

A patch by Branden Archer!

llvm-svn: 174678

show more ...


# acdc13cb 07-Feb-2013 Anna Zaks <ganna@apple.com>

[analyzer] Add pointer escape type param to checkPointerEscape callback

The checkPointerEscape callback previously did not specify how a
pointer escaped. This change includes an enum which describes

[analyzer] Add pointer escape type param to checkPointerEscape callback

The checkPointerEscape callback previously did not specify how a
pointer escaped. This change includes an enum which describes the
different ways a pointer may escape. This enum is passed to the
checkPointerEscape callback when a pointer escapes. If the escape
is due to a function call, the call is passed. This changes
previous behavior where the call is passed as NULL if the escape
was due to indirectly invalidating the region the pointer referenced.

A patch by Branden Archer!

llvm-svn: 174677

show more ...


# f857950d 12-Jan-2013 Dmitri Gribenko <gribozavr@gmail.com>

Remove useless 'llvm::' qualifier from names like StringRef and others that are
brought into 'clang' namespace by clang/Basic/LLVM.h

llvm-svn: 172323


# a043d0ce 08-Jan-2013 Anna Zaks <ganna@apple.com>

[analyzer] Include the bug uniqueing location in the issue_hash.

The issue here is that if we have 2 leaks reported at the same line for
which we cannot print the corresponding region info, they wil

[analyzer] Include the bug uniqueing location in the issue_hash.

The issue here is that if we have 2 leaks reported at the same line for
which we cannot print the corresponding region info, they will get
treated as the same by issue_hash+description. We need to AUGMENT the
issue_hash with the allocation info to differentiate the two issues.

Add the "hash" (offset from the beginning of a function) representing
allocation site to solve the issue.

We might want to generalize solution in the future when we decide to
track more than just the 2 locations from the diagnostics.

llvm-svn: 171825

show more ...


# 7505b5a6 04-Jan-2013 Ted Kremenek <kremenek@apple.com>

Tighten code. No functionality change.

llvm-svn: 171501


# 6fcefb53 03-Jan-2013 Ted Kremenek <kremenek@apple.com>

Make MallocChecker debug output useful.

llvm-svn: 171439


Revision tags: llvmorg-3.2.0
# dc15415d 20-Dec-2012 Anna Zaks <ganna@apple.com>

[analyzer] Add the pointer escaped callback.

Instead of using several callbacks to identify the pointer escape event,
checkers now can register for the checkPointerEscape.

Converted the Malloc chec

[analyzer] Add the pointer escaped callback.

Instead of using several callbacks to identify the pointer escape event,
checkers now can register for the checkPointerEscape.

Converted the Malloc checker to use the new callback.
SimpleStreamChecker will be converted next.

llvm-svn: 170625

show more ...


# a7b1c47c 11-Dec-2012 Anna Zaks <ganna@apple.com>

[analyzer] Don't generate a summary for "freeWhenDone" if method is
inlined.

Fixes a false positive that occurs if a user writes their own
initWithBytesNoCopy:freeWhenDone wrapper.

llvm-svn: 169795


# bcf90532 06-Dec-2012 Ted Kremenek <kremenek@apple.com>

Only provide explicit getCapturedRegion() and getOriginalRegion() from referenced_vars_iterator.

This is a nice conceptual cleanup.

llvm-svn: 169480


Revision tags: llvmorg-3.2.0-rc3
# 3a02247d 04-Dec-2012 Chandler Carruth <chandlerc@gmail.com>

Sort all of Clang's files under 'lib', and fix up the broken headers
uncovered.

This required manually correcting all of the incorrect main-module
headers I could find, and running the new llvm/util

Sort all of Clang's files under 'lib', and fix up the broken headers
uncovered.

This required manually correcting all of the incorrect main-module
headers I could find, and running the new llvm/utils/sort_includes.py
script over the files.

I also manually added quite a few missing headers that were uncovered by
shuffling the order or moving headers up to be main-module-headers.

llvm-svn: 169237

show more ...


# ea70eb30 01-Dec-2012 Benjamin Kramer <benny.kra@googlemail.com>

Pull the Attr iteration parts out of Attr.h, so including DeclBase.h doesn't pull in all the generated Attr code.

Required to pull some functions out of line, but this shouldn't have a perf impact.

Pull the Attr iteration parts out of Attr.h, so including DeclBase.h doesn't pull in all the generated Attr code.

Required to pull some functions out of line, but this shouldn't have a perf impact.
No functionality change.

llvm-svn: 169092

show more ...


Revision tags: llvmorg-3.2.0-rc2
# ba4c85e5 22-Nov-2012 Benjamin Kramer <benny.kra@googlemail.com>

Make helpers static/anonymous.

llvm-svn: 168500


# f1f26140 15-Nov-2012 Jordan Rose <jordan_rose@apple.com>

[analyzer] MallocChecker: Remove now-unnecessary check::EndPath callback.

Also, don't bother to stop tracking symbols in the return value, either.
They are now properly considered live during checkD

[analyzer] MallocChecker: Remove now-unnecessary check::EndPath callback.

Also, don't bother to stop tracking symbols in the return value, either.
They are now properly considered live during checkDeadSymbols.

llvm-svn: 168067

show more ...


Revision tags: llvmorg-3.2.0-rc1
# a14c1d09 13-Nov-2012 Anna Zaks <ganna@apple.com>

[analyzer] Address Jordan's code review for r167813.

This simplifies logic, fixes a bug, and adds a test case.
Thanks Jordan!

llvm-svn: 167868


# 67291b90 13-Nov-2012 Anna Zaks <ganna@apple.com>

Fix a Malloc Checker FP by tracking return values from initWithCharacter
and other functions.

When these functions return null, the pointer is not freed by
them/ownership is not transfered. So we sh

Fix a Malloc Checker FP by tracking return values from initWithCharacter
and other functions.

When these functions return null, the pointer is not freed by
them/ownership is not transfered. So we should allow the user to free
the pointer by calling another function when the return value is NULL.

llvm-svn: 167813

show more ...


# 0c153cb2 02-Nov-2012 Jordan Rose <jordan_rose@apple.com>

[analyzer] Use nice macros for the common ProgramStateTraits (map, set, list).

Also, move the REGISTER_*_WITH_PROGRAMSTATE macros to ProgramStateTrait.h.

This doesn't get rid of /all/ explicit uses

[analyzer] Use nice macros for the common ProgramStateTraits (map, set, list).

Also, move the REGISTER_*_WITH_PROGRAMSTATE macros to ProgramStateTrait.h.

This doesn't get rid of /all/ explicit uses of ProgramStatePartialTrait,
but it does get a lot of them.

llvm-svn: 167276

show more ...


# e10d5a76 02-Nov-2012 Jordan Rose <jordan_rose@apple.com>

[analyzer] Rename 'EmitReport' to 'emitReport'.

No functionality change.

llvm-svn: 167275


# 40bb1249 01-Nov-2012 Jordan Rose <jordan_rose@apple.com>

[analyzer] Fix typo in r167186.

llvm-svn: 167189


1...<<111213141516