This is an archive of the discontinued LLVM Phabricator instance.

Differential D18073

Add memory allocating functions
Needs ReviewPublic

Authored by ariccio on Mar 10 2016, 5:31 PM.

Details

Reviewers
dcoughlin
aaron.ballman
echristo
zaks.anna
Summary

As discussed...

Diff Detail

Event Timeline

ariccio updated this revision to Diff 50384.Mar 10 2016, 5:31 PM
ariccio retitled this revision from to Add memory allocating functions.
ariccio updated this object.
ariccio added reviewers: zaks.anna, dcoughlin, aaron.ballman.
ariccio added a subscriber: cfe-commits.
zaks.anna edited edge metadata.Mar 10 2016, 5:44 PM

Since we are adding support for so many new APIs that are only available on Windows, could you please condition checking them only when we build for Windows. You probably can look and Language Options to figure that out.

Also, we should not duplicate all of our tests. Instead, we should add a single test per added API checking that it is modeling the operation we think it should model.

ariccio added a comment.Mar 10 2016, 11:04 PM
In D18073#372697, @zaks.anna wrote:

Since we are adding support for so many new APIs that are only available on Windows, could you please condition checking them only when we build for Windows. You probably can look and Language Options to figure that out.

Is there a problem with checking them on linux/OSX also?

Also, we should not duplicate all of our tests. Instead, we should add a single test per added API checking that it is modeling the operation we think it should model.

So should I dump the _dbg versions from the tests?

zaks.anna added a comment.Mar 29 2016, 4:32 PM

Also, we should not duplicate all of our tests. Instead, we should add a single test per added API checking that it is modeling the operation we think it
should model.

So should I dump the _dbg versions from the tests?

No but do not duplicate all of the tests. Please, add a single test per API you are adding.

ariccio added a comment.Apr 1 2016, 5:01 PM

I'm sorry, I'm confused.

As an example, for _wcsdup_dbg, I've added testWinWcsdupDbg, testWinWcsdupDbgContentIsDefined, and testWinWideDbgLeakWithinReturn. Which ones should I drop for that API?

ariccio added a comment.Apr 4 2016, 2:36 PM

Here's my confusion: don't we kinda have to duplicate tests? After all these functions are essentially duplicate functions.

zaks.anna added a comment.Apr 4 2016, 2:40 PM

Can you add one test per new function, which tests that the function if modeled correctly. Please, do not duplicate all tests that contain a function with it's windows variants.

Hope this is more clear.

ariccio added a comment.Apr 4 2016, 3:01 PM

So for _wcsdup_dbg, I should leave only testWinWcsdupDbg?

ariccio added a comment.Apr 5 2016, 8:02 PM

Maybe I'm being thick headed and I can't see it - sorry if I am - but I'm still a bit confused. Can you tell me what I should do in the _wcsdup_dbg example?

zaks.anna added a comment.Apr 5 2016, 9:32 PM

So for _wcsdup_dbg, I should leave only testWinWcsdupDbg?

Yes.

Also, since there will be many of these "alternate" functions, could you create a separate test file for them?

ariccio added a comment.Apr 6 2016, 12:22 PM
In D18073#392972, @zaks.anna wrote:

So for _wcsdup_dbg, I should leave only testWinWcsdupDbg?

Yes.

Ok, that I can do. Will upload patch later this afternoon/tonight.

In D18073#392972, @zaks.anna wrote:

Also, since there will be many of these "alternate" functions, could you create a separate test file for them?

But, that contradicts removing them? Huh?

zaks.anna added a comment.Apr 6 2016, 1:07 PM

You will have to add one test function to smoke test that the newly added API is modeled correctly. We also have a lot of existing tests that verify that each of the original APIs (malloc. free, new) function correctly in all possible settings. What is the contradiction in asking to add the smoke tests in a separate file?

ariccio updated this revision to Diff 52876.Apr 6 2016, 5:51 PM
ariccio edited edge metadata.

Fewer added test functions.

ariccio added a comment.Apr 6 2016, 11:14 PM
In D18073#393613, @zaks.anna wrote:

You will have to add one test function to smoke test that the newly added API is modeled correctly.

Isn't that what I've already done?

We also have a lot of existing tests that verify that each of the original APIs (malloc. free, new) function correctly in all possible settings.
What is the contradiction in asking to add the smoke tests in a separate file?

Ahh, I was confused as to whether you wanted me to remove them entirely - moving them to a different file is self-consistent. I'm not exactly sure of the benefit of moving these tests to a separate file?

Sidenote: As someone who has worked a little bit with electronics and simple hardware design & construction, I love this use of "smoke test".

ariccio updated this revision to Diff 53193.Apr 10 2016, 11:18 PM

I'm not actually sure why I didn't want to split these off into a separate file, but now I finally have. Is this what you were looking for?

zaks.anna added a comment.Apr 12 2016, 12:55 PM

"Since we are adding support for so many new APIs that are only available on Windows, could you please condition checking them only when we build for Windows. You probably can look and Language Options to figure that out."

malloc-uses.c -> "alternative-malloc-api.c" ?

ariccio updated this revision to Diff 53495.Apr 12 2016, 4:58 PM

Changed the new file name.

ariccio added a comment.Apr 12 2016, 5:01 PM
In D18073#398882, @zaks.anna wrote:

"Since we are adding support for so many new APIs that are only available on Windows, could you please condition checking them only when we build for Windows. You probably can look and Language Options to figure that out."

malloc-uses.c -> "alternative-malloc-api.c" ?

Sorry for being so thickheaded about that the first go-around, I'm not entirely sure what was up with me. I've changed the name of the file, but I haven't yet figured out how to set up the Windows only tests to run on Windows only. I'm assuming I can't simply:

#if defined(_WIN32)

[...]

#endif

...because lit doesn't define _WIN32 for me. Which Language Options should I look in?

aaron.ballman edited edge metadata.Apr 14 2016, 9:20 AM
In D18073#399270, @ariccio wrote:
In D18073#398882, @zaks.anna wrote:

"Since we are adding support for so many new APIs that are only available on Windows, could you please condition checking them only when we build for Windows. You probably can look and Language Options to figure that out."

malloc-uses.c -> "alternative-malloc-api.c" ?

Sorry for being so thickheaded about that the first go-around, I'm not entirely sure what was up with me. I've changed the name of the file, but I haven't yet figured out how to set up the Windows only tests to run on Windows only. I'm assuming I can't simply:

#if defined(_WIN32)

[...]

#endif

...because lit doesn't define _WIN32 for me. Which Language Options should I look in?

I believe that you can specify a triple using -triple i386-pc-win32 or something similar to force the compilation to be for a Windows target.

ariccio updated this revision to Diff 53995.Apr 16 2016, 3:29 PM
ariccio edited edge metadata.

So, duh, it turns out I can use _WIN32 to conditionally test.

aaron.ballman added a comment.Apr 21 2016, 2:27 PM

This looks reasonable to me, but you should wait for @zaks.anna to sign off.

zaks.anna added a comment.Apr 23 2016, 3:20 PM

"Since we are adding support for so many new APIs that are only available on Windows, could you please condition checking them only when we build for Windows. You probably can look and Language Options to figure that out."

By this, I was suggesting that we should be conditionally checking for Windows functions in the checker, not only the tests. Are these all of the Windows-specific functions that will be added to the Malloc checker or do you plan on adding more? If there are more variants, I definitely think we should conditionally check (in the checker).

Regarding tests, they should reflect what is in the checker. Currently, the checker will support '_mbsdup' on all architectures, but the tests only check it on Windows.

llvm/tools/clang/test/Analysis/malloc.c
1576

This is not Windows-only!

ariccio updated this revision to Diff 55366.Apr 27 2016, 6:05 PM

Conditionally check Windows methods on Windows.

Is this what you're thinking of? It's kinda ugly - I was hoping to avoid the #ifs - but it does only check the Windows functions on Windows builds only.

ariccio marked an inline comment as done.Apr 27 2016, 6:06 PM

Wrongly #if defined out test is now fixed.

zaks.anna added a comment.Apr 30 2016, 9:40 AM

You conditionally defined when you build ON Windows machine, not when you build FOR Windows. You should be able to query the compiler to check which targets it's building for.

ariccio updated this revision to Diff 55774.May 1 2016, 9:48 PM

Only check for MSVC-specific functions when actually building FOR MSVC (i.e. isWindowsMSVCEnvironment).

Sidenote: is there any reason why none of the ASTContext&s are constified in this file?

ariccio added a comment.May 23 2016, 2:06 PM

I should elaborate. The principle of operation of this latest patch is that the FunctionDecl in IsCMemFunction should never return a nullptr IdentifierInfo* from getIdentifier (is that a valid assumption?)... Thus, when`! isWindowsMSVCEnvironment`, I leave the Windows-only memory allocating functions initialized to nullptr, which will never equal a non-null IdentifierInfo*, and never trigger on a non-Windows platform.

ariccio added a comment.Jun 22 2016, 4:32 PM

Bump?

ariccio added reviewers: echristo, dblaikie.Aug 1 2016, 12:33 PM

Bump?

dcoughlin edited edge metadata.Aug 2 2016, 4:22 PM
In D18073#437171, @ariccio wrote:

I should elaborate. The principle of operation of this latest patch is that the FunctionDecl in IsCMemFunction should never return a nullptr IdentifierInfo* from getIdentifier (is that a valid assumption?)

No. The identifier info will be null for C++ operators.

Thus, when`! isWindowsMSVCEnvironment`, I leave the Windows-only memory allocating functions initialized to nullptr, which will never equal a non-null IdentifierInfo*, and never trigger on a non-Windows platform.

It is probably better to be explicit about this.

llvm/tools/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
0–1

Can you initialized these in the order the fields are declared? This will avoid warnings with '-Wreorder' enabled.

llvm/tools/clang/test/Analysis/alternative-malloc-api.c
3

You should add a second RUN line here with the "-triple x86_64-windows -fms-compatibility" flags added to test analyzing with a windows target on all host platforms.

dcoughlin requested changes to this revision.Aug 4 2016, 3:21 PM
dcoughlin edited edge metadata.
This revision now requires changes to proceed.Aug 4 2016, 3:21 PM
ariccio added a comment.EditedAug 8 2016, 5:13 PM
In D18073#504216, @dcoughlin wrote:

No. The identifier info will be null for C++ operators.

I assume you mean operator new/new[]/delete/delete[] by C++ operators? If so, maybe I can FD->getOverloadedOperator() and then check it against OO_New, OO_Array_New, OO_Delete, & OO_Array_Delete?

Edit: isStandardNewDelete would do that work for me.

dblaikie removed a reviewer: dblaikie.Aug 9 2016, 10:30 AM
ariccio updated this revision to Diff 76993.Nov 6 2016, 2:10 PM
ariccio edited edge metadata.
ariccio marked an inline comment as done.

I think this addresses the previous issues, and it passes all tests, although I haven't yet fixed the wreorder issue (I just missed it, and I'mma rerun tests in a second).

Herald added a subscriber: mehdi_amini. · View Herald TranscriptNov 6 2016, 2:10 PM
ariccio added a comment.Nov 6 2016, 2:17 PM

Nevermind, the order is correct!

dcoughlin added a comment.Nov 6 2016, 7:44 PM

Thanks for iterating on the patch! Some comments in-line.

llvm/tools/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
569

Please add a space here to align with the rest of the comment.

622

The identifier info is null for other operators as well (e.g., +).
If you want to bail early when the identifier for a function is null, you should do so directly instead of trying to enumerate all cases.

For example:

if (!FunI)
  return false;

This will be future-proof in case additional additional kinds of function declarations are added without identifiers.

648

The indentation seems off here.

664

You should remove this assert.

Since you have guaranteed that you are targeting windows before checking and you initially II_win_alloca to a non-null value when targeting windows it can never be the case that II_win_alloca will be null here.

814

Do you want to do the same early bailout for an operator here also?

850

I don't think the !isStandardNewDelete() is needed here.

Also, this is triggering -Wlogical-op-parentheses for me when building with clang.

859

Same here.

866

Same here.

874

Same here.

881

Same here.

1183

You should remove the commented-out code.

1185

The explanation in the assert is not correct. This invariant holds because Sema guarantees that the module is not null when checking the attribute. See handleOwnershipAttr() for details.

1191

The '!isStandardNewDelete` check doesn't make any sense here. The code is dealing with the identifier in specified attribute and not the name of the called function.

1285

Same here.

llvm/tools/clang/test/Analysis/alternative-malloc-api.c
88

I don't know the answer to this. Perhaps @zaks.anna recalls -- it looks like she wrote the test that this was copied from. But I don't think this comment adds much, do you?

95

Same here.

Revision Contents

PathSize
llvm/
tools/
clang/
lib/
StaticAnalyzer/
Checkers/
5666 lines
test/
Analysis/
101 lines
78 lines

Diff 76993

llvm/tools/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp

//=== MallocChecker.cpp - A malloc/free checker -------------------*- C++ -*--// //=== MallocChecker.cpp - A malloc/free checker -------------------*- C++ -*--//
dcoughlinUnsubmitted
Not Done
ReplyInline Actions

Can you initialized these in the order the fields are declared? This will avoid warnings with '-Wreorder' enabled.

dcoughlin: Can you initialized these in the order the fields are declared? This will avoid warnings with '…
// //
// The LLVM Compiler Infrastructure // The LLVM Compiler Infrastructure
// //
// This file is distributed under the University of Illinois Open Source // This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details. // License. See LICENSE.TXT for details.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// //
▲ Show 20 LinesShow All 157 Lines▼ Show 20 Linesclass MallocChecker : public Checker<check::DeadSymbols,
check::Location, check::Location,
eval::Assume> eval::Assume>
{ {
public: public:
MallocChecker() MallocChecker()
: II_alloca(nullptr), II_win_alloca(nullptr), II_malloc(nullptr), : II_alloca(nullptr), II_win_alloca(nullptr), II_malloc(nullptr),
II_free(nullptr), II_realloc(nullptr), II_calloc(nullptr), II_free(nullptr), II_realloc(nullptr), II_calloc(nullptr),
II_valloc(nullptr), II_reallocf(nullptr), II_strndup(nullptr), II_valloc(nullptr), II_reallocf(nullptr), II_strndup(nullptr),
II_strdup(nullptr), II_win_strdup(nullptr), II_kmalloc(nullptr), II_strdup(nullptr), II_kmalloc(nullptr),
II_if_nameindex(nullptr), II_if_freenameindex(nullptr), II_if_nameindex(nullptr), II_if_freenameindex(nullptr),
II_wcsdup(nullptr), II_win_wcsdup(nullptr) {} II_wcsdup(nullptr), II_tempnam(nullptr), II_wtempnam(nullptr),
II_win_wcsdup(nullptr), II_malloc_dbg(nullptr), II_free_dbg(nullptr),
II_realloc_dbg(nullptr), II_calloc_dbg(nullptr),
II_wcsdup_dbg(nullptr), II_strdup_dbg(nullptr), II_mbsdup(nullptr),
II_mbsdup_dbg(nullptr), II_win_tempnam(nullptr),
II_win_tempnam_dbg(nullptr),
II_wtempnam_dbg(nullptr), II_win_strdup(nullptr) {}
/// In pessimistic mode, the checker assumes that it does not know which /// In pessimistic mode, the checker assumes that it does not know which
/// functions might free the memory. /// functions might free the memory.
enum CheckKind { enum CheckKind {
CK_MallocChecker, CK_MallocChecker,
CK_NewDeleteChecker, CK_NewDeleteChecker,
CK_NewDeleteLeaksChecker, CK_NewDeleteLeaksChecker,
CK_MismatchedDeallocatorChecker, CK_MismatchedDeallocatorChecker,
▲ Show 20 LinesShow All 43 Lines▼ Show 20 Linesprivate:
mutable std::unique_ptr<BugType> BT_UseFree[CK_NumCheckKinds]; mutable std::unique_ptr<BugType> BT_UseFree[CK_NumCheckKinds];
mutable std::unique_ptr<BugType> BT_BadFree[CK_NumCheckKinds]; mutable std::unique_ptr<BugType> BT_BadFree[CK_NumCheckKinds];
mutable std::unique_ptr<BugType> BT_FreeAlloca[CK_NumCheckKinds]; mutable std::unique_ptr<BugType> BT_FreeAlloca[CK_NumCheckKinds];
mutable std::unique_ptr<BugType> BT_MismatchedDealloc; mutable std::unique_ptr<BugType> BT_MismatchedDealloc;
mutable std::unique_ptr<BugType> BT_OffsetFree[CK_NumCheckKinds]; mutable std::unique_ptr<BugType> BT_OffsetFree[CK_NumCheckKinds];
mutable std::unique_ptr<BugType> BT_UseZerroAllocated[CK_NumCheckKinds]; mutable std::unique_ptr<BugType> BT_UseZerroAllocated[CK_NumCheckKinds];
mutable IdentifierInfo *II_alloca, *II_win_alloca, *II_malloc, *II_free, mutable IdentifierInfo *II_alloca, *II_win_alloca, *II_malloc, *II_free,
*II_realloc, *II_calloc, *II_valloc, *II_reallocf, *II_realloc, *II_calloc, *II_valloc, *II_reallocf,
*II_strndup, *II_strdup, *II_win_strdup, *II_kmalloc, *II_strndup, *II_strdup, *II_kmalloc,
*II_if_nameindex, *II_if_freenameindex, *II_wcsdup, *II_if_nameindex, *II_if_freenameindex, *II_wcsdup,
*II_win_wcsdup; *II_tempnam, *II_wtempnam, *II_win_wcsdup,
*II_malloc_dbg, *II_free_dbg, *II_realloc_dbg,
*II_calloc_dbg, *II_wcsdup_dbg, *II_strdup_dbg,
*II_mbsdup, *II_mbsdup_dbg, *II_win_tempnam,
*II_win_tempnam_dbg, *II_wtempnam_dbg, *II_win_strdup;
mutable Optional<uint64_t> KernelZeroFlagVal; mutable Optional<uint64_t> KernelZeroFlagVal;
void initIdentifierInfo(ASTContext &C) const; void initIdentifierInfo(ASTContext &C) const;
/// \brief Determine family of a deallocation expression. /// \brief Determine family of a deallocation expression.
AllocationFamily getAllocationFamily(CheckerContext &C, const Stmt *S) const; AllocationFamily getAllocationFamily(CheckerContext &C, const Stmt *S) const;
/// \brief Print names of allocators and deallocators. /// \brief Print names of allocators and deallocators.
▲ Show 20 LinesShow All 293 Lines▼ Show 20 Linesvoid MallocChecker::initIdentifierInfo(ASTContext &Ctx) const {
II_free = &Ctx.Idents.get("free"); II_free = &Ctx.Idents.get("free");
II_realloc = &Ctx.Idents.get("realloc"); II_realloc = &Ctx.Idents.get("realloc");
II_reallocf = &Ctx.Idents.get("reallocf"); II_reallocf = &Ctx.Idents.get("reallocf");
II_calloc = &Ctx.Idents.get("calloc"); II_calloc = &Ctx.Idents.get("calloc");
II_valloc = &Ctx.Idents.get("valloc"); II_valloc = &Ctx.Idents.get("valloc");
II_strdup = &Ctx.Idents.get("strdup"); II_strdup = &Ctx.Idents.get("strdup");
II_strndup = &Ctx.Idents.get("strndup"); II_strndup = &Ctx.Idents.get("strndup");
II_wcsdup = &Ctx.Idents.get("wcsdup"); II_wcsdup = &Ctx.Idents.get("wcsdup");
II_kmalloc = &Ctx.Idents.get("kmalloc"); II_kmalloc = &Ctx.Idents.get("kmalloc");
II_if_nameindex = &Ctx.Idents.get("if_nameindex"); II_if_nameindex = &Ctx.Idents.get("if_nameindex");
II_if_freenameindex = &Ctx.Idents.get("if_freenameindex"); II_if_freenameindex = &Ctx.Idents.get("if_freenameindex");
II_tempnam = &Ctx.Idents.get("tempnam");
//MSVC uses `_`-prefixed instead, so we check for them too. // MSVC uses `_`-prefixed instead, so we check for them too.
// Thus, when !isWindowsMSVCEnvironment, I leave the Windows-only memory
// allocating functions initialized to nullptr, which will never equal a
//non-null IdentifierInfo*, and never trigger on a non-Windows platform.
dcoughlinUnsubmitted
Not Done
ReplyInline Actions

Please add a space here to align with the rest of the comment.

dcoughlin: Please add a space here to align with the rest of the comment.
if (Ctx.getTargetInfo().getTriple().isWindowsMSVCEnvironment()) {
II_win_tempnam = &Ctx.Idents.get("_tempnam");
II_mbsdup = &Ctx.Idents.get("_mbsdup");
II_win_strdup = &Ctx.Idents.get("_strdup"); II_win_strdup = &Ctx.Idents.get("_strdup");
II_win_wcsdup = &Ctx.Idents.get("_wcsdup"); II_win_wcsdup = &Ctx.Idents.get("_wcsdup");
II_win_alloca = &Ctx.Idents.get("_alloca"); II_win_alloca = &Ctx.Idents.get("_alloca");
II_malloc_dbg = &Ctx.Idents.get("_malloc_dbg");
II_free_dbg = &Ctx.Idents.get("_free_dbg");
II_realloc_dbg = &Ctx.Idents.get("_realloc_dbg");
II_calloc_dbg = &Ctx.Idents.get("_calloc_dbg");
II_wcsdup_dbg = &Ctx.Idents.get("_wcsdup_dbg");
II_strdup_dbg = &Ctx.Idents.get("_strdup_dbg");
II_mbsdup_dbg = &Ctx.Idents.get("_mbsdup_dbg");
II_win_tempnam_dbg = &Ctx.Idents.get("_tempnam_dbg");
II_wtempnam = &Ctx.Idents.get("_wtempnam");
II_wtempnam_dbg = &Ctx.Idents.get("_wtempnam_dbg");
}
} }
bool MallocChecker::isMemFunction(const FunctionDecl *FD, ASTContext &C) const { bool MallocChecker::isMemFunction(const FunctionDecl *FD, ASTContext &C) const {
if (isCMemFunction(FD, C, AF_Malloc, MemoryOperationKind::MOK_Any)) if (isCMemFunction(FD, C, AF_Malloc, MemoryOperationKind::MOK_Any))
return true; return true;
if (isCMemFunction(FD, C, AF_IfNameIndex, MemoryOperationKind::MOK_Any)) if (isCMemFunction(FD, C, AF_IfNameIndex, MemoryOperationKind::MOK_Any))
return true; return true;
Show All 15 Lines if (!FD)
return false; return false;
bool CheckFree = (MemKind == MemoryOperationKind::MOK_Any || bool CheckFree = (MemKind == MemoryOperationKind::MOK_Any ||
MemKind == MemoryOperationKind::MOK_Free); MemKind == MemoryOperationKind::MOK_Free);
bool CheckAlloc = (MemKind == MemoryOperationKind::MOK_Any || bool CheckAlloc = (MemKind == MemoryOperationKind::MOK_Any ||
MemKind == MemoryOperationKind::MOK_Allocate); MemKind == MemoryOperationKind::MOK_Allocate);
if (FD->getKind() == Decl::Function) { if (FD->getKind() == Decl::Function) {
if(isStandardNewDelete(FD, C))
dcoughlinUnsubmitted
Not Done
ReplyInline Actions

The identifier info is null for other operators as well (e.g., +).
If you want to bail early when the identifier for a function is null, you should do so directly instead of trying to enumerate all cases.

For example:

if (!FunI)
  return false;

This will be future-proof in case additional additional kinds of function declarations are added without identifiers.

dcoughlin: The identifier info is null for other operators as well (e.g., +). If you want to bail early…
return false;
const IdentifierInfo *FunI = FD->getIdentifier(); const IdentifierInfo *FunI = FD->getIdentifier();
initIdentifierInfo(C); initIdentifierInfo(C);
if (Family == AF_Malloc && CheckFree) { if (Family == AF_Malloc && CheckFree) {
if (FunI == II_free || FunI == II_realloc || FunI == II_reallocf) if (FunI == II_free || FunI == II_realloc || FunI == II_reallocf ||
(C.getTargetInfo().getTriple().isWindowsMSVCEnvironment() &&
(FunI == II_free_dbg || FunI == II_realloc_dbg)))
return true; return true;
} }
if (Family == AF_Malloc && CheckAlloc) { if (Family == AF_Malloc && CheckAlloc) {
if (FunI == II_malloc || FunI == II_realloc || FunI == II_reallocf || if (FunI == II_malloc || FunI == II_realloc || FunI == II_reallocf ||
FunI == II_calloc || FunI == II_valloc || FunI == II_strdup || FunI == II_calloc || FunI == II_valloc || FunI == II_strdup ||
FunI == II_win_strdup || FunI == II_strndup || FunI == II_wcsdup || FunI == II_strndup || FunI == II_wcsdup || FunI == II_kmalloc ||
FunI == II_win_wcsdup || FunI == II_kmalloc) FunI == II_wtempnam || FunI == II_tempnam ||
(C.getTargetInfo().getTriple().isWindowsMSVCEnvironment() &&
(FunI == II_malloc_dbg || FunI == II_realloc_dbg ||
FunI == II_win_wcsdup || FunI == II_calloc_dbg ||
FunI == II_wcsdup_dbg || FunI == II_strdup_dbg ||
FunI == II_mbsdup || FunI == II_mbsdup_dbg ||
FunI == II_win_tempnam || FunI == II_win_tempnam_dbg ||
FunI == II_win_strdup || FunI == II_wtempnam_dbg))) {
return true; return true;
} }
}
dcoughlinUnsubmitted
Not Done
ReplyInline Actions

The indentation seems off here.

dcoughlin: The indentation seems off here.
if (Family == AF_IfNameIndex && CheckFree) { if (Family == AF_IfNameIndex && CheckFree) {
if (FunI == II_if_freenameindex) if (FunI == II_if_freenameindex)
return true; return true;
} }
if (Family == AF_IfNameIndex && CheckAlloc) { if (Family == AF_IfNameIndex && CheckAlloc) {
if (FunI == II_if_nameindex) if (FunI == II_if_nameindex)
return true; return true;
} }
if (Family == AF_Alloca && CheckAlloc) { if (Family == AF_Alloca && CheckAlloc) {
if (FunI == II_alloca || FunI == II_win_alloca) if (FunI == II_alloca ||
(C.getTargetInfo().getTriple().isWindowsMSVCEnvironment()
&& FunI == II_win_alloca)) {
assert(!isStandardNewDelete(FD, C) && "We should not reach this point"
dcoughlinUnsubmitted
Not Done
ReplyInline Actions

You should remove this assert.

Since you have guaranteed that you are targeting windows before checking and you initially II_win_alloca to a non-null value when targeting windows it can never be the case that II_win_alloca will be null here.

dcoughlin: You should remove this assert. Since you have guaranteed that you are targeting windows before…
"with a C++ operator.");
return true; return true;
} }
} }
}
if (Family != AF_Malloc) if (Family != AF_Malloc)
return false; return false;
if (IsOptimistic && FD->hasAttrs()) { if (IsOptimistic && FD->hasAttrs()) {
for (const auto *I : FD->specific_attrs<OwnershipAttr>()) { for (const auto *I : FD->specific_attrs<OwnershipAttr>()) {
OwnershipAttr::OwnershipKind OwnKind = I->getOwnKind(); OwnershipAttr::OwnershipKind OwnKind = I->getOwnKind();
if(OwnKind == OwnershipAttr::Takes || OwnKind == OwnershipAttr::Holds) { if(OwnKind == OwnershipAttr::Takes || OwnKind == OwnershipAttr::Holds) {
▲ Show 20 LinesShow All 128 Lines▼ Show 20 Linesvoid MallocChecker::checkPostStmt(const CallExpr *CE, CheckerContext &C) const {
if (!FD) if (!FD)
return; return;
ProgramStateRef State = C.getState(); ProgramStateRef State = C.getState();
bool ReleasedAllocatedMemory = false; bool ReleasedAllocatedMemory = false;
if (FD->getKind() == Decl::Function) { if (FD->getKind() == Decl::Function) {
initIdentifierInfo(C.getASTContext()); initIdentifierInfo(C.getASTContext());
IdentifierInfo *FunI = FD->getIdentifier(); IdentifierInfo *FunI = FD->getIdentifier();
dcoughlinUnsubmitted
Not Done
ReplyInline Actions

Do you want to do the same early bailout for an operator here also?

dcoughlin: Do you want to do the same early bailout for an operator here also?
if (FunI == II_malloc) { if (FunI == II_malloc ||
(C.getASTContext().getTargetInfo().getTriple().isWindowsMSVCEnvironment()
&& FunI == II_malloc_dbg)) {
if (CE->getNumArgs() < 1) if (CE->getNumArgs() < 1)
return; return;
if (CE->getNumArgs() < 3) { if (CE->getNumArgs() < 3) {
State = MallocMemAux(C, CE, CE->getArg(0), UndefinedVal(), State); State = MallocMemAux(C, CE, CE->getArg(0), UndefinedVal(), State);
if (CE->getNumArgs() == 1) if (CE->getNumArgs() == 1)
State = ProcessZeroAllocation(C, CE, 0, State); State = ProcessZeroAllocation(C, CE, 0, State);
} else if (CE->getNumArgs() == 3) { } else if (CE->getNumArgs() == 3) {
llvm::Optional<ProgramStateRef> MaybeState = llvm::Optional<ProgramStateRef> MaybeState =
Show All 12 Lines if (FunI == II_malloc ||
State = MaybeState.getValue(); State = MaybeState.getValue();
else else
State = MallocMemAux(C, CE, CE->getArg(0), UndefinedVal(), State); State = MallocMemAux(C, CE, CE->getArg(0), UndefinedVal(), State);
} else if (FunI == II_valloc) { } else if (FunI == II_valloc) {
if (CE->getNumArgs() < 1) if (CE->getNumArgs() < 1)
return; return;
State = MallocMemAux(C, CE, CE->getArg(0), UndefinedVal(), State); State = MallocMemAux(C, CE, CE->getArg(0), UndefinedVal(), State);
State = ProcessZeroAllocation(C, CE, 0, State); State = ProcessZeroAllocation(C, CE, 0, State);
} else if (FunI == II_realloc) { } else if (FunI == II_realloc ||
(C.getASTContext().getTargetInfo().getTriple().isWindowsMSVCEnvironment()
&& FunI == II_realloc_dbg) &&
!isStandardNewDelete(FD, C.getASTContext())) {
dcoughlinUnsubmitted
Not Done
ReplyInline Actions

I don't think the !isStandardNewDelete() is needed here.

Also, this is triggering -Wlogical-op-parentheses for me when building with clang.

dcoughlin: I don't think the `!isStandardNewDelete()` is needed here. Also, this is triggering -Wlogical…
State = ReallocMem(C, CE, false, State); State = ReallocMem(C, CE, false, State);
State = ProcessZeroAllocation(C, CE, 1, State); State = ProcessZeroAllocation(C, CE, 1, State);
} else if (FunI == II_reallocf) { } else if (FunI == II_reallocf) {
State = ReallocMem(C, CE, true, State); State = ReallocMem(C, CE, true, State);
State = ProcessZeroAllocation(C, CE, 1, State); State = ProcessZeroAllocation(C, CE, 1, State);
} else if (FunI == II_calloc) { } else if (FunI == II_calloc ||
((C.getASTContext().getTargetInfo().getTriple().isWindowsMSVCEnvironment() &&
FunI == II_calloc_dbg)) &&
!isStandardNewDelete(FD, C.getASTContext())) {
dcoughlinUnsubmitted
Not Done
ReplyInline Actions

Same here.

dcoughlin: Same here.
State = CallocMem(C, CE, State); State = CallocMem(C, CE, State);
State = ProcessZeroAllocation(C, CE, 0, State); State = ProcessZeroAllocation(C, CE, 0, State);
State = ProcessZeroAllocation(C, CE, 1, State); State = ProcessZeroAllocation(C, CE, 1, State);
} else if (FunI == II_free) { } else if (FunI == II_free ||
((C.getASTContext().getTargetInfo().getTriple().isWindowsMSVCEnvironment() &&
FunI == II_free_dbg)) &&
!isStandardNewDelete(FD, C.getASTContext())) {
dcoughlinUnsubmitted
Not Done
ReplyInline Actions

Same here.

dcoughlin: Same here.
State = FreeMemAux(C, CE, State, 0, false, ReleasedAllocatedMemory); State = FreeMemAux(C, CE, State, 0, false, ReleasedAllocatedMemory);
} else if (FunI == II_strdup || FunI == II_win_strdup || } else if (FunI == II_strdup || FunI == II_wcsdup || FunI == II_tempnam ||
FunI == II_wcsdup || FunI == II_win_wcsdup) { FunI == II_wtempnam || (C.getASTContext().getTargetInfo().getTriple().isWindowsMSVCEnvironment() && (FunI == II_win_wcsdup ||
FunI == II_wcsdup_dbg || FunI == II_win_strdup ||
FunI == II_strdup_dbg || FunI == II_mbsdup ||
FunI == II_mbsdup_dbg || FunI == II_win_tempnam ||
FunI == II_win_tempnam_dbg || FunI == II_wtempnam_dbg)) &&
!isStandardNewDelete(FD, C.getASTContext())) {
dcoughlinUnsubmitted
Not Done
ReplyInline Actions

Same here.

dcoughlin: Same here.
State = MallocUpdateRefState(C, CE, State); State = MallocUpdateRefState(C, CE, State);
} else if (FunI == II_strndup) { } else if (FunI == II_strndup) {
State = MallocUpdateRefState(C, CE, State); State = MallocUpdateRefState(C, CE, State);
} else if (FunI == II_alloca || FunI == II_win_alloca) { } else if (FunI == II_alloca ||
(C.getASTContext().getTargetInfo().getTriple().isWindowsMSVCEnvironment() &&
FunI == II_win_alloca) &&
!isStandardNewDelete(FD, C.getASTContext())) {
dcoughlinUnsubmitted
Not Done
ReplyInline Actions

Same here.

dcoughlin: Same here.
if (CE->getNumArgs() < 1) if (CE->getNumArgs() < 1)
return; return;
State = MallocMemAux(C, CE, CE->getArg(0), UndefinedVal(), State, State = MallocMemAux(C, CE, CE->getArg(0), UndefinedVal(), State,
AF_Alloca); AF_Alloca);
State = ProcessZeroAllocation(C, CE, 0, State); State = ProcessZeroAllocation(C, CE, 0, State);
} else if (isStandardNewDelete(FD, C.getASTContext())) { } else if (isStandardNewDelete(FD, C.getASTContext())) {
// Process direct calls to operator new/new[]/delete/delete[] functions // Process direct calls to operator new/new[]/delete/delete[] functions
// as distinct from new/new[]/delete/delete[] expressions that are // as distinct from new/new[]/delete/delete[] expressions that are
▲ Show 20 LinesShow All 285 Lines▼ Show 20 Lines
ProgramStateRef ProgramStateRef
MallocChecker::MallocMemReturnsAttr(CheckerContext &C, const CallExpr *CE, MallocChecker::MallocMemReturnsAttr(CheckerContext &C, const CallExpr *CE,
const OwnershipAttr *Att, const OwnershipAttr *Att,
ProgramStateRef State) const { ProgramStateRef State) const {
if (!State) if (!State)
return nullptr; return nullptr;
if (Att->getModule() != II_malloc) //const FunctionDecl *FD = C.getCalleeDecl(CE);
dcoughlinUnsubmitted
Not Done
ReplyInline Actions

You should remove the commented-out code.

dcoughlin: You should remove the commented-out code.
//const IdentifierInfo *FI = FD->getIdentifier();
assert(Att->getModule() != nullptr && "Only C++ operators should have a null"
dcoughlinUnsubmitted
Not Done
ReplyInline Actions

The explanation in the assert is not correct. This invariant holds because Sema guarantees that the module is not null when checking the attribute. See handleOwnershipAttr() for details.

dcoughlin: The explanation in the assert is not correct. This invariant holds because Sema guarantees that…
"IdentifierInfo. We should not reach "
"this point with a C++ operator.");
if (Att->getModule() != II_malloc &&
(Att->getModule() != II_malloc_dbg) &&
!isStandardNewDelete(C.getCalleeDecl(CE), C.getASTContext()))
dcoughlinUnsubmitted
Not Done
ReplyInline Actions

The '!isStandardNewDelete` check doesn't make any sense here. The code is dealing with the identifier in specified attribute and not the name of the called function.

dcoughlin: The '!isStandardNewDelete` check doesn't make any sense here. The code is dealing with the…
return nullptr; return nullptr;
OwnershipAttr::args_iterator I = Att->args_begin(), E = Att->args_end(); OwnershipAttr::args_iterator I = Att->args_begin(), E = Att->args_end();
if (I != E) { if (I != E) {
return MallocMemAux(C, CE, CE->getArg(*I), UndefinedVal(), State); return MallocMemAux(C, CE, CE->getArg(*I), UndefinedVal(), State);
} }
return MallocMemAux(C, CE, UnknownVal(), UndefinedVal(), State); return MallocMemAux(C, CE, UnknownVal(), UndefinedVal(), State);
} }
▲ Show 20 LinesShow All 77 Lines▼ Show 20 Lines
ProgramStateRef MallocChecker::FreeMemAttr(CheckerContext &C, ProgramStateRef MallocChecker::FreeMemAttr(CheckerContext &C,
const CallExpr *CE, const CallExpr *CE,
const OwnershipAttr *Att, const OwnershipAttr *Att,
ProgramStateRef State) const { ProgramStateRef State) const {
if (!State) if (!State)
return nullptr; return nullptr;
if (Att->getModule() != II_malloc) assert(Att->getModule() != nullptr && "Only C++ operators should have a null"
dcoughlinUnsubmitted
Not Done
ReplyInline Actions

Same here.

dcoughlin: Same here.
"IdentifierInfo. We should not reach "
"this point with a C++ operator.");
if (Att->getModule() != II_malloc && (Att->getModule() != II_malloc_dbg))
return nullptr; return nullptr;
bool ReleasedAllocated = false; bool ReleasedAllocated = false;
for (const auto &Arg : Att->args()) { for (const auto &Arg : Att->args()) {
ProgramStateRef StateI = FreeMemAux(C, CE, State, Arg, ProgramStateRef StateI = FreeMemAux(C, CE, State, Arg,
Att->getOwnKind() == OwnershipAttr::Holds, Att->getOwnKind() == OwnershipAttr::Holds,
ReleasedAllocated); ReleasedAllocated);
▲ Show 20 LinesShow All 1,577 LinesShow Last 20 Lines

llvm/tools/clang/test/Analysis/alternative-malloc-api.c

// RUN: %clang_cc1 -analyze -analyzer-checker=core,alpha.deadcode.UnreachableCode,alpha.core.CastSize,unix.Malloc,debug.ExprInspection -analyzer-store=region -verify %s
// RUN: %clang_cc1 -analyze -analyzer-checker=core,alpha.deadcode.UnreachableCode,alpha.core.CastSize,unix.Malloc,debug.ExprInspection -analyzer-store=region -triple x86_64-windows -fms-compatibility -verify %s
dcoughlinUnsubmitted
Done
ReplyInline Actions

You should add a second RUN line here with the "-triple x86_64-windows -fms-compatibility" flags added to test analyzing with a windows target on all host platforms.

dcoughlin: You should add a second RUN line here with the "-triple x86_64-windows -fms-compatibility"…
#include "Inputs/system-header-simulator.h"
// Without -fms-compatibility, wchar_t isn't a builtin type. MSVC defines
// _WCHAR_T_DEFINED if wchar_t is available. Microsoft recommends that you use
// the builtin type: "Using the typedef version can cause portability
// problems", but we're ok here because we're not actually running anything.
// Also of note is this cryptic warning: "The wchar_t type is not supported
// when you compile C code".
//
// See the docs for more:
// https://msdn.microsoft.com/en-us/library/dh8che7s.aspx
#if !defined(_WCHAR_T_DEFINED)
// "Microsoft implements wchar_t as a two-byte unsigned value"
typedef unsigned short wchar_t;
#define _WCHAR_T_DEFINED
#endif // !defined(_WCHAR_T_DEFINED)
void free(void *);
char *tempnam(const char *dir, const char *pfx);
void testTempnamLeak(const char* dir, const char* prefix) {
char* fileName = tempnam(dir, prefix);
}// expected-warning {{Potential leak of memory pointed to by}}
void testTempnamNoLeak(const char* dir, const char* prefix) {
char* fileName = tempnam(dir, prefix);
free(fileName);// no warning
}
// What does "ContentIsDefined" refer to?
void testTempnamNoLeakContentIsDefined(const char* dir, const char* prefix) {
char* fileName = tempnam(dir, prefix);
char result = fileName[0];// no warning
free(fileName);
}
#if defined(_WIN32)
char *_tempnam(const char *dir, const char *prefix);
wchar_t *_wtempnam(const wchar_t *dir, const wchar_t *prefix);
char *_tempnam_dbg(const char *dir, const char *prefix, int blockType,
const char *filename, int linenumber);
wchar_t *_wtempnam_dbg(const wchar_t *dir, const wchar_t *prefix,
int blockType, const char *filename, int linenumber);
void testWinTempnamLeak(const char* dir, const char* prefix) {
char* fileName = _tempnam(dir, prefix);
}// expected-warning {{Potential leak of memory pointed to by}}
void testWinTempnamDbgLeak(const char* dir, const char* prefix) {
char* fileName = _tempnam_dbg(dir, prefix, 0, __FILE__, __LINE__);
}// expected-warning {{Potential leak of memory pointed to by}}
void testWinWideTempnamLeak(const wchar_t* dir, const wchar_t* prefix) {
wchar_t* fileName = _wtempnam(dir, prefix);
}// expected-warning {{Potential leak of memory pointed to by}}
void testWinWideTempnaDbgmLeak(const wchar_t* dir, const wchar_t* prefix) {
wchar_t* fileName = _wtempnam_dbg(dir, prefix, 0, __FILE__, __LINE__);
}// expected-warning {{Potential leak of memory pointed to by}}
void testWinTempnamNoLeak(const char* dir, const char* prefix) {
char* fileName = _tempnam(dir, prefix);
free(fileName);// no warning
}
void testWinTempnamDbgNoLeak(const char* dir, const char* prefix) {
char* fileName = _tempnam_dbg(dir, prefix, 0, __FILE__, __LINE__);
free(fileName);// no warning
}
void testWinWideTempnamNoLeak(const wchar_t* dir, const wchar_t* prefix) {
wchar_t* fileName = _wtempnam(dir, prefix);
free(fileName);// no warning
}
void testWinWideTempnamDbgNoLeak(const wchar_t* dir, const wchar_t* prefix) {
wchar_t* fileName = _wtempnam_dbg(dir, prefix, 0, __FILE__, __LINE__);
free(fileName);// no warning
}
// What does "ContentIsDefined" refer to?
dcoughlinUnsubmitted
Not Done
ReplyInline Actions

I don't know the answer to this. Perhaps @zaks.anna recalls -- it looks like she wrote the test that this was copied from. But I don't think this comment adds much, do you?

dcoughlin: I don't know the answer to this. Perhaps @zaks.anna recalls -- it looks like she wrote the test…
void testWinTempnamNoLeakContentIsDefined(const char* dir, const char* prefix) {
char* fileName = _tempnam(dir, prefix);
char result = fileName[0];// no warning
free(fileName);
}
// What does "ContentIsDefined" refer to?
dcoughlinUnsubmitted
Not Done
ReplyInline Actions

Same here.

dcoughlin: Same here.
void testWinWideTempnamNoLeakContentIsDefined(const wchar_t* dir, const wchar_t* prefix) {
wchar_t* fileName = _wtempnam(dir, prefix);
wchar_t result = fileName[0];// no warning
free(fileName);
}
#endif //defined(_WIN32)

llvm/tools/clang/test/Analysis/malloc.c

Show All 29 Lines
char *strdup(const char *s); char *strdup(const char *s);
wchar_t *wcsdup(const wchar_t *s); wchar_t *wcsdup(const wchar_t *s);
char *strndup(const char *s, size_t n); char *strndup(const char *s, size_t n);
int memcmp(const void *s1, const void *s2, size_t n); int memcmp(const void *s1, const void *s2, size_t n);
// Windows variants // Windows variants
char *_strdup(const char *strSource); char *_strdup(const char *strSource);
wchar_t *_wcsdup(const wchar_t *strSource); wchar_t *_wcsdup(const wchar_t *strSource);
unsigned char *_mbsdup(const unsigned char *strSource);
void *_alloca(size_t size); void *_alloca(size_t size);
void *_calloc_dbg(size_t num, size_t size, int blockType,
const char *filename, int linenumber);
char *_strdup_dbg(const char *strSource, int blockType,
const char *filename, int linenumber);
wchar_t *_wcsdup_dbg(const wchar_t *strSource, int blockType,
const char *filename, int linenumber);
unsigned char *_mbsdup_dbg(const unsigned char *strSource, int blockType,
const char *filename, int linenumber);
// Very frequently used debug versions
void _free_dbg(void *userData, int blockType);
void _malloc_dbg(size_t size, int blockType, const char *filename,
int linenumber);
void *_realloc_dbg(void *userData, size_t newSize,
int blockType, const char *filename, int linenumber);
void myfoo(int *p); void myfoo(int *p);
void myfooint(int p); void myfooint(int p);
char *fooRetPtr(); char *fooRetPtr();
void f1() { void f1() {
int *p = malloc(12); int *p = malloc(12);
return; // expected-warning{{Potential leak of memory pointed to by 'p'}} return; // expected-warning{{Potential leak of memory pointed to by 'p'}}
} }
▲ Show 20 LinesShow All 238 Lines▼ Show 20 Lines
void CheckUseZeroAllocated5() { void CheckUseZeroAllocated5() {
int *p = calloc(0, 2); int *p = calloc(0, 2);
*p = 1; // expected-warning {{Use of zero-allocated memory}} *p = 1; // expected-warning {{Use of zero-allocated memory}}
free(p); free(p);
} }
void CheckUseZeroAllocated6() { void CheckUseZeroAllocated6() {
int *p = calloc(2, 0); int *p = _calloc_dbg(0, 2, 0, __FILE__, __LINE__);
*p = 1; // expected-warning {{Use of zero-allocated memory}} *p = 1; // expected-warning {{Use of zero-allocated memory}}
free(p); free(p);
} }
void CheckUseZeroAllocated7() { void CheckUseZeroAllocated7() {
int *p = realloc(0, 0); int *p = calloc(2, 0);
*p = 1; // expected-warning {{Use of zero-allocated memory}} *p = 1; // expected-warning {{Use of zero-allocated memory}}
free(p); free(p);
} }
void CheckUseZeroAllocated8() { void CheckUseZeroAllocated8() {
int *p = _calloc_dbg(2, 0, 0, __FILE__, __LINE__);
*p = 1; // expected-warning {{Use of zero-allocated memory}}
free(p);
}
void CheckUseZeroAllocated9() {
int *p = realloc(0, 0);
*p = 1; // expected-warning {{Use of zero-allocated memory}}
free(p);
}
void CheckUseZeroAllocated10() {
int *p = malloc(8); int *p = malloc(8);
int *q = realloc(p, 0); int *q = realloc(p, 0);
*q = 1; // expected-warning {{Use of zero-allocated memory}} *q = 1; // expected-warning {{Use of zero-allocated memory}}
free(q); free(q);
} }
void CheckUseZeroAllocated9() { void CheckUseZeroAllocated11() {
int *p = realloc(0, 0); int *p = realloc(0, 0);
int *q = realloc(p, 0); int *q = realloc(p, 0);
*q = 1; // expected-warning {{Use of zero-allocated memory}} *q = 1; // expected-warning {{Use of zero-allocated memory}}
free(q); free(q);
} }
void CheckUseZeroAllocatedPathNoWarn(_Bool b) { void CheckUseZeroAllocatedPathNoWarn(_Bool b) {
int s = 0; int s = 0;
▲ Show 20 LinesShow All 800 Lines▼ Show 20 Linesvoid testWcsdup(const wchar_t *s, unsigned validIndex) {
s2[validIndex + 1] = 'b'; s2[validIndex + 1] = 'b';
} // expected-warning {{Potential leak of memory pointed to by}} } // expected-warning {{Potential leak of memory pointed to by}}
void testWinWcsdup(const wchar_t *s, unsigned validIndex) { void testWinWcsdup(const wchar_t *s, unsigned validIndex) {
wchar_t *s2 = _wcsdup(s); wchar_t *s2 = _wcsdup(s);
s2[validIndex + 1] = 'b'; s2[validIndex + 1] = 'b';
} // expected-warning {{Potential leak of memory pointed to by}} } // expected-warning {{Potential leak of memory pointed to by}}
void testWinMbsdup(const unsigned char *s, unsigned validIndex) {
unsigned char *s2 = _mbsdup(s);
s2[validIndex + 1] = 'b';
} // expected-warning {{Potential leak of memory pointed to by}}
void testWinMbsdupDbg(const unsigned char *s, unsigned validIndex) {
unsigned char *s2 = _mbsdup_dbg(s, 0, __FILE__, __LINE__);
s2[validIndex + 1] = 'b';
} // expected-warning {{Potential leak of memory pointed to by}}
void testStrdupDbg(const char *s, unsigned validIndex) {
char *s2 = _strdup_dbg(s, 0, __FILE__, __LINE__);
s2[validIndex + 1] = 'b';
} // expected-warning {{Potential leak of memory pointed to by}}
void testWinWcsdupDbg(const wchar_t *s, unsigned validIndex) {
wchar_t *s2 = _wcsdup_dbg(s, 0, __FILE__, __LINE__);
s2[validIndex + 1] = 'b';
} // expected-warning {{Potential leak of memory pointed to by}}
int testStrndup(const char *s, unsigned validIndex, unsigned size) { int testStrndup(const char *s, unsigned validIndex, unsigned size) {
char *s2 = strndup(s, size); char *s2 = strndup(s, size);
s2 [validIndex + 1] = 'b'; s2 [validIndex + 1] = 'b';
if (s2[validIndex] != 'a') if (s2[validIndex] != 'a')
return 0; return 0;
else else
return 1;// expected-warning {{Potential leak of memory pointed to by}} return 1;// expected-warning {{Potential leak of memory pointed to by}}
} }
Show All 17 Lines
} }
void testWinWcsdupContentIsDefined(const wchar_t *s, unsigned validIndex) { void testWinWcsdupContentIsDefined(const wchar_t *s, unsigned validIndex) {
wchar_t *s2 = _wcsdup(s); wchar_t *s2 = _wcsdup(s);
wchar_t result = s2[1];// no warning wchar_t result = s2[1];// no warning
free(s2); free(s2);
} }
void testWinMbsdupContentIsDefined(const unsigned char *s, unsigned validIndex) {
unsigned char *s2 = _mbsdup(s);
unsigned char result = s2[1];// no warning
free(s2);
}
// ---------------------------------------------------------------------------- // ----------------------------------------------------------------------------
// Test the system library functions to which the pointer can escape. // Test the system library functions to which the pointer can escape.
// This tests false positive suppression. // This tests false positive suppression.
// For now, we assume memory passed to pthread_specific escapes. // For now, we assume memory passed to pthread_specific escapes.
// TODO: We could check that if a new pthread binding is set, the existing // TODO: We could check that if a new pthread binding is set, the existing
// binding must be freed; otherwise, a memory leak can occur. // binding must be freed; otherwise, a memory leak can occur.
void testPthereadSpecificEscape(pthread_key_t key) { void testPthereadSpecificEscape(pthread_key_t key) {
▲ Show 20 LinesShow All 334 Lines▼ Show 20 Lines if (newPtr == 0) {
if (ptr) if (ptr)
free(ptr); // no-warning free(ptr); // no-warning
} }
return newPtr; return newPtr;
} }
char *testLeakWithinReturn(char *str) { char *testLeakWithinReturn(char *str) {
return strdup(strdup(str)); // expected-warning{{leak}} return strdup(strdup(str)); // expected-warning{{leak}}
zaks.annaUnsubmitted
Done
ReplyInline Actions

This is not Windows-only!

zaks.anna: This is not Windows-only!
} }
wchar_t *testWideLeakWithinReturn(wchar_t *str) {
return wcsdup(wcsdup(str)); // expected-warning{{leak}}
}
char *testWinLeakWithinReturn(char *str) { char *testWinLeakWithinReturn(char *str) {
return _strdup(_strdup(str)); // expected-warning{{leak}} return _strdup(_strdup(str)); // expected-warning{{leak}}
} }
wchar_t *testWinWideLeakWithinReturn(wchar_t *str) { wchar_t *testWinWideLeakWithinReturn(wchar_t *str) {
return _wcsdup(_wcsdup(str)); // expected-warning{{leak}} return _wcsdup(_wcsdup(str)); // expected-warning{{leak}}
} }
unsigned char *testWinMbsLeakWithinReturn(unsigned char *str) {
return _mbsdup(_mbsdup(str)); // expected-warning{{leak}}
}
void passConstPtr(const char * ptr); void passConstPtr(const char * ptr);
void testPassConstPointer() { void testPassConstPointer() {
char * string = malloc(sizeof(char)*10); char * string = malloc(sizeof(char)*10);
passConstPtr(string); passConstPtr(string);
return; // expected-warning {{leak}} return; // expected-warning {{leak}}
} }
▲ Show 20 LinesShow All 260 LinesShow Last 20 Lines