This is an archive of the discontinued LLVM Phabricator instance.

Differential D14170

Fix false positive warning about memory leak for QApplication::postEvent
ClosedPublic

Authored by Dushistov on Oct 28 2015, 6:28 PM.

Details

Reviewers
dcoughlin
Ayal
zaks.anna
xazax.hun
Commits
rG03f483353c76: [analyzer] Fix false warning about memory leak for QApplication::postEvent
rC256887: [analyzer] Fix false warning about memory leak for QApplication::postEvent
rL256887: [analyzer] Fix false warning about memory leak for QApplication::postEvent
Summary

Recent version of clang (3.7) start complain about such code:
void send(QObject *obj)
{

QKeyEvent *event = new QKeyEvent(QEvent::KeyRelease, Qt::Key_Tab, Qt::NoModifier);
qApp->postEvent(obj, event);

}

warning: Potential leak of memory pointed to by 'event'

This is false positive, because of according to Qt documentation Qt take care about memory allocated for QEvent:
http://doc.qt.io/qt-4.8/qcoreapplication.html#postEvent

Because of Qt popular enought I suggest to handle postEvent case in MallocChecker

Diff Detail

Repository
rL LLVM

Event Timeline

Dushistov updated this revision to Diff 38705.Oct 28 2015, 6:28 PM
Dushistov retitled this revision from to Fix false positive warning about memory leak for QApplication::postEvent.
Dushistov updated this object.
Dushistov added reviewers: Ayal, zaks.anna, dcoughlin, xazax.hun.
Dushistov added a subscriber: cfe-commits.
zaks.anna edited edge metadata.Nov 2 2015, 1:13 PM

This needs a test case. You can either extend ./test/Analysis/malloc.cpp or add another QT specific test file.

Thanks!
Anna.

Dushistov updated this revision to Diff 39009.Nov 2 2015, 5:12 PM
Dushistov edited edge metadata.

I added test case and move it to separate file, because of
1)it require additional option -analyzer-checker=cplusplus to trigger warning
2)Simple emulation of qt type system not work (not trigger any warning), so I add preprocessored file.

zaks.anna added a comment.Nov 4 2015, 11:22 AM

Test cases need to be small and self contained.
You might be having a problem with reproducing with a simple test case, where you define QCoreApplication::postEvent in the test file because it is not considered to be in the system header. You can use special pragmas for that. See ./test/Analysis/Inputs, where we have a bunch of .h files declaring system APIs. Please add another file for QT there.

lib/StaticAnalyzer/Checkers/MallocChecker.cpp
2516 ↗(On Diff #39009)

http://llvm.org/docs/CodingStandards.html#id16

Dushistov updated this revision to Diff 39264.Nov 4 2015, 2:51 PM

I reduce testcase to almost minimal variant.

Dushistov updated this revision to Diff 39265.Nov 4 2015, 2:55 PM

Fix line length issue

Dushistov marked an inline comment as done.Nov 11 2015, 1:52 PM
Dushistov updated this revision to Diff 39985.Nov 11 2015, 3:42 PM

mistype, actually I want to use '&&' here, not '||' to not create std::string,
if match failed.

xazax.hun added inline comments.Nov 17 2015, 1:05 AM
lib/StaticAnalyzer/Checkers/MallocChecker.cpp
2514 ↗(On Diff #39985)

Shouldn't you use == instead of endswith here?

Dushistov updated this revision to Diff 40485.Nov 18 2015, 1:54 AM

Replace 'endswith' with 'operator==', also update test to check that all four ways to call postEvent not produce warning

Dushistov marked an inline comment as done.Nov 18 2015, 1:54 AM
Dushistov added a comment.Nov 18 2015, 1:55 AM

apply all suggestions

zaks.anna added inline comments.Nov 18 2015, 6:47 PM
test/Analysis/qt_malloc.cpp
11 ↗(On Diff #40485)

Should the leak be reported when the object is passed to QApplication::postEvent?

In this test, 'event' escapes during one of these calls and the rest of the calls are not tested/make no difference. If you want to test that 'event' escapes when each of them is called, you'd need to test each of them with a different object.

Dushistov updated this revision to Diff 40596.Nov 18 2015, 7:18 PM

Make test for usage of different variants of postEvent more robust.

Dushistov marked an inline comment as done.Nov 18 2015, 7:20 PM

Should the leak be reported when the object is passed to QApplication::postEvent?

No, QApplication::postEvent == QCoreApplication::postEvent, it is just the same function,
because of QApplication inherit from QCoreApplication, and not introduce it's own postEvent.

In this test, 'event' escapes during one of these calls and the rest of the calls are not tested/make no >difference.

fixed

zaks.anna accepted this revision.Nov 18 2015, 8:59 PM
zaks.anna edited edge metadata.

Thanks!
LGTM. I'll commit.

This revision is now accepted and ready to land.Nov 18 2015, 8:59 PM
Closed by commit rL256887: [analyzer] Fix false warning about memory leak for QApplication::postEvent (authored by zaks). · Explain WhyJan 5 2016, 4:36 PM
This revision was automatically updated to reflect the committed changes.
RKSimon mentioned this in rG2bc2e2e9fe25: [MallocChecker] Remove duplicate QCoreApplication::postEvent check. NFCI..Oct 27 2020, 6:20 AM

Revision Contents

PathSize
cfe/
trunk/
lib/
StaticAnalyzer/
Checkers/
10 lines
test/
Analysis/
Inputs/
16 lines
15 lines

Diff 44070

cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp

Show First 20 LinesShow All 2,502 Lines▼ Show 20 Linesbool MallocChecker::mayFreeAnyEscapedMemoryOrIsModeledExplicitly(
if (FName == "CGBitmapContextCreate" || if (FName == "CGBitmapContextCreate" ||
FName == "CGBitmapContextCreateWithData" || FName == "CGBitmapContextCreateWithData" ||
FName == "CVPixelBufferCreateWithBytes" || FName == "CVPixelBufferCreateWithBytes" ||
FName == "CVPixelBufferCreateWithPlanarBytes" || FName == "CVPixelBufferCreateWithPlanarBytes" ||
FName == "OSAtomicEnqueue") { FName == "OSAtomicEnqueue") {
return true; return true;
} }
if (FName == "postEvent" &&
FD->getQualifiedNameAsString() == "QCoreApplication::postEvent") {
return true;
}
if (FName == "postEvent" &&
FD->getQualifiedNameAsString() == "QCoreApplication::postEvent") {
return true;
}
// Handle cases where we know a buffer's /address/ can escape. // Handle cases where we know a buffer's /address/ can escape.
// Note that the above checks handle some special cases where we know that // Note that the above checks handle some special cases where we know that
// even though the address escapes, it's still our responsibility to free the // even though the address escapes, it's still our responsibility to free the
// buffer. // buffer.
if (Call->argumentsMayEscape()) if (Call->argumentsMayEscape())
return true; return true;
// Otherwise, assume that the function does not free memory. // Otherwise, assume that the function does not free memory.
▲ Show 20 LinesShow All 216 LinesShow Last 20 Lines

cfe/trunk/test/Analysis/Inputs/qt-simulator.h

#pragma clang system_header
struct QObject {
};
struct QEvent {
enum Type { None };
QEvent(Type) {}
};
struct QCoreApplication : public QObject {
static void postEvent(QObject *receiver, QEvent *event);
static QCoreApplication *instance();
};
struct QApplication : public QCoreApplication {};

cfe/trunk/test/Analysis/qt_malloc.cpp

// RUN: %clang_cc1 -analyze -analyzer-checker=core,alpha.deadcode.UnreachableCode,alpha.core.CastSize,unix.Malloc,cplusplus -analyzer-store=region -verify %s
// expected-no-diagnostics
#include "Inputs/qt-simulator.h"
void send(QObject *obj)
{
QEvent *e1 = new QEvent(QEvent::None);
static_cast<QApplication *>(QCoreApplication::instance())->postEvent(obj, e1);
QEvent *e2 = new QEvent(QEvent::None);
QCoreApplication::instance()->postEvent(obj, e2);
QEvent *e3 = new QEvent(QEvent::None);
QCoreApplication::postEvent(obj, e3);
QEvent *e4 = new QEvent(QEvent::None);
QApplication::postEvent(obj, e4);
}