This is an archive of the discontinued LLVM Phabricator instance.

Differential D5313

[analyzer] move NewDeleteLeaks checker from alpha.cplusplus to cplusplus group.
Needs ReviewPublic

Authored by ayartsev on Sep 11 2014, 1:55 PM.

Details

Reviewers
jordan_rose
Summary

Once again ran NeweleteLeaks over the LLVM codebase and addressed all leak reports. The majority of them are related to mangling the address of a pointer, several reports are real leaks, the rest are single rare cases.
Is it OK now to turn the checker on?

Diff Detail

Event Timeline

ayartsev updated this revision to Diff 13594.Sep 11 2014, 1:55 PM
ayartsev retitled this revision from to [analyzer] move NewDeleteLeaks checker from alpha.cplusplus to cplusplus group..
ayartsev updated this object.
ayartsev edited the test plan for this revision. (Show Details)
ayartsev added a reviewer: jordan_rose.
ayartsev added a subscriber: Unknown Object (MLST).
ayartsev added a comment.Sep 11 2014, 2:12 PM

Attached is the report with all the leaks from the last analyzer run (10.09.2014) addressed. Minimal tests are included for all types of false-positives.

NewDeleteLeaks_reports_explained.zip437 KBDownload

jordan_rose edited edge metadata.Sep 16 2014, 9:51 AM

Thanks for running the tests! I'm surprised we have trouble with test4.cpp, but the others all do seem like known issues. I'd like to check with Anna or Ted as well before turning this on for real.

lib/StaticAnalyzer/Core/ExprEngineC.cpp
903 ↗(On Diff #13594)

This snuck in somehow?

ayartsev updated this revision to Diff 13766.Sep 16 2014, 3:29 PM
ayartsev edited edge metadata.
ayartsev added subscribers: krememek, zaks.anna.

Cleaned the patch.
Anna, Ted, do you think the NeweleteLeaks checker is ready for being turned on?

zaks.anna added a comment.Sep 23 2014, 11:35 AM

Anton,

Have you tested this on any C++ codebase other than LLVM? It would be really great to confirm the results by testing this on a different project.

ayartsev added a comment.Oct 14 2014, 2:06 PM

Hi all,

Currently managed to launch the analyzer only on the Ogre
(http://www.ogre3d.org/download/source) codebase using different hacks
and tricks. The analyzer found a single leak - a known type of
false-positives related to the bit mangling. Attached is the report from
the analyzer. I think it's a good result as Ogre extensively allocates
memory in different ways and we haven't got tons of false-positives. To
ensure that the analyzer works correctly I injected a leaky code in the
Ogre codebase and the analyzer successfully found it.

The last weeks I'm trying to launch the analyzer on the QT5 codebase.
Currently found at least 4 defects in the scan-build/ccc-analyzer
scripts preventing me from successful run. Also tried to launch the
analyzer over several small projects but failed. The scan-build is far
from being production-quality. Currently working on the defects.

Anton,

Have you tested this on any C++ codebase other than LLVM? It would be really great to confirm the results by testing this on a different project.

http://reviews.llvm.org/D5313

zaks.anna added a comment.Oct 17 2014, 10:06 PM

Anton,

Thank you for running the extra tests! Please, go ahead and turn on the checker when you are ready.

Thank you,
Anna.

ayartsev added a comment.Oct 21 2014, 5:55 AM

Committed at r220289.

Revision Contents

PathSize
lib/
StaticAnalyzer/
Checkers/
Checkers.td
Checkers.td (revision 217908)
8 lines
test/
Analysis/
Malloc+MismatchedDeallocator+NewDelete.cpp
Malloc+MismatchedDeallocator+NewDelete.cpp (revision 217908)
2 lines
Malloc+NewDelete_intersections.cpp
Malloc+NewDelete_intersections.cpp (revision 217908)
2 lines
NewDelete+MismatchedDeallocator_intersections.cpp
NewDelete+MismatchedDeallocator_intersections.cpp (revision 217908)
2 lines
NewDelete-checker-test.cpp
NewDelete-checker-test.cpp (revision 217908)
2 lines
NewDelete-custom.cpp
NewDelete-custom.cpp (revision 217908)
2 lines
NewDelete-intersections.mm
NewDelete-intersections.mm (revision 217908)
2 lines
NewDelete-variadic.cpp
NewDelete-variadic.cpp (revision 217908)
2 lines
NewDeleteLeaks-PR18394.cpp
NewDeleteLeaks-PR18394.cpp (revision 217908)
2 lines
NewDeleteLeaks-PR19102.cpp
NewDeleteLeaks-PR19102.cpp (revision 217908)
2 lines

Diff 13766

lib/StaticAnalyzer/Checkers/Checkers.td

Context not available.
HelpText<"Check for double-free and use-after-free problems. Traces memory managed by new/delete.">, HelpText<"Check for double-free and use-after-free problems. Traces memory managed by new/delete.">,
DescFile<"MallocChecker.cpp">; DescFile<"MallocChecker.cpp">;
def NewDeleteLeaksChecker : Checker<"NewDeleteLeaks">,
HelpText<"Check for memory leaks. Traces memory managed by new/delete.">,
DescFile<"MallocChecker.cpp">;
} // end: "cplusplus" } // end: "cplusplus"
let ParentPackage = CplusplusAlpha in { let ParentPackage = CplusplusAlpha in {
Context not available.
HelpText<"Check virtual function calls during construction or destruction">, HelpText<"Check virtual function calls during construction or destruction">,
DescFile<"VirtualCallChecker.cpp">; DescFile<"VirtualCallChecker.cpp">;
def NewDeleteLeaksChecker : Checker<"NewDeleteLeaks">,
HelpText<"Check for memory leaks. Traces memory managed by new/delete.">,
DescFile<"MallocChecker.cpp">;
} // end: "alpha.cplusplus" } // end: "alpha.cplusplus"
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
Context not available.

test/Analysis/Malloc+MismatchedDeallocator+NewDelete.cpp

// RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.Malloc,unix.MismatchedDeallocator,cplusplus.NewDelete -std=c++11 -verify %s // RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.Malloc,unix.MismatchedDeallocator,cplusplus.NewDelete -std=c++11 -verify %s
// RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.Malloc,unix.MismatchedDeallocator,cplusplus.NewDelete,alpha.cplusplus.NewDeleteLeaks -DLEAKS -std=c++11 -verify %s // RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.Malloc,unix.MismatchedDeallocator,cplusplus.NewDelete,cplusplus.NewDeleteLeaks -DLEAKS -std=c++11 -verify %s
#include "Inputs/system-header-simulator-for-malloc.h" #include "Inputs/system-header-simulator-for-malloc.h"

test/Analysis/Malloc+NewDelete_intersections.cpp

// RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.Malloc,cplusplus.NewDelete -std=c++11 -verify %s // RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.Malloc,cplusplus.NewDelete -std=c++11 -verify %s
// RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.Malloc,cplusplus.NewDelete,alpha.cplusplus.NewDeleteLeaks -std=c++11 -verify %s // RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.Malloc,cplusplus.NewDelete,cplusplus.NewDeleteLeaks -std=c++11 -verify %s
typedef __typeof(sizeof(int)) size_t; typedef __typeof(sizeof(int)) size_t;
void *malloc(size_t); void *malloc(size_t);

test/Analysis/NewDelete+MismatchedDeallocator_intersections.cpp

// RUN: %clang_cc1 -analyze -analyzer-checker=core,cplusplus.NewDelete,unix.MismatchedDeallocator -std=c++11 -verify %s // RUN: %clang_cc1 -analyze -analyzer-checker=core,cplusplus.NewDelete,unix.MismatchedDeallocator -std=c++11 -verify %s
// RUN: %clang_cc1 -analyze -analyzer-checker=core,cplusplus.NewDelete,alpha.cplusplus.NewDeleteLeaks,unix.MismatchedDeallocator -DLEAKS -std=c++11 -verify %s // RUN: %clang_cc1 -analyze -analyzer-checker=core,cplusplus.NewDelete,cplusplus.NewDeleteLeaks,unix.MismatchedDeallocator -DLEAKS -std=c++11 -verify %s
// expected-no-diagnostics // expected-no-diagnostics
typedef __typeof(sizeof(int)) size_t; typedef __typeof(sizeof(int)) size_t;

test/Analysis/NewDelete-checker-test.cpp

// RUN: %clang_cc1 -analyze -analyzer-checker=core,cplusplus.NewDelete -std=c++11 -fblocks -verify %s // RUN: %clang_cc1 -analyze -analyzer-checker=core,cplusplus.NewDelete -std=c++11 -fblocks -verify %s
// RUN: %clang_cc1 -analyze -analyzer-checker=core,alpha.cplusplus.NewDeleteLeaks -DLEAKS -std=c++11 -fblocks -verify %s // RUN: %clang_cc1 -analyze -analyzer-checker=core,cplusplus.NewDeleteLeaks -DLEAKS -std=c++11 -fblocks -verify %s
#include "Inputs/system-header-simulator-cxx.h" #include "Inputs/system-header-simulator-cxx.h"
typedef __typeof__(sizeof(int)) size_t; typedef __typeof__(sizeof(int)) size_t;

test/Analysis/NewDelete-custom.cpp

// RUN: %clang_cc1 -analyze -analyzer-checker=core,cplusplus.NewDelete,unix.Malloc -std=c++11 -fblocks -verify %s // RUN: %clang_cc1 -analyze -analyzer-checker=core,cplusplus.NewDelete,unix.Malloc -std=c++11 -fblocks -verify %s
// RUN: %clang_cc1 -analyze -analyzer-checker=core,cplusplus.NewDelete,alpha.cplusplus.NewDeleteLeaks,unix.Malloc -std=c++11 -DLEAKS -fblocks -verify %s // RUN: %clang_cc1 -analyze -analyzer-checker=core,cplusplus.NewDelete,cplusplus.NewDeleteLeaks,unix.Malloc -std=c++11 -DLEAKS -fblocks -verify %s
#include "Inputs/system-header-simulator-cxx.h" #include "Inputs/system-header-simulator-cxx.h"
#ifndef LEAKS #ifndef LEAKS

test/Analysis/NewDelete-intersections.mm

// RUN: %clang_cc1 -analyze -analyzer-checker=core,cplusplus.NewDelete -std=c++11 -fblocks -verify %s // RUN: %clang_cc1 -analyze -analyzer-checker=core,cplusplus.NewDelete -std=c++11 -fblocks -verify %s
// RUN: %clang_cc1 -analyze -analyzer-checker=core,cplusplus.NewDelete,alpha.cplusplus.NewDeleteLeaks -std=c++11 -DLEAKS -fblocks -verify %s // RUN: %clang_cc1 -analyze -analyzer-checker=core,cplusplus.NewDelete,cplusplus.NewDeleteLeaks -std=c++11 -DLEAKS -fblocks -verify %s
#include "Inputs/system-header-simulator-cxx.h" #include "Inputs/system-header-simulator-cxx.h"
#include "Inputs/system-header-simulator-objc.h" #include "Inputs/system-header-simulator-objc.h"

test/Analysis/NewDelete-variadic.cpp

// RUN: %clang_cc1 -analyze -analyzer-checker=core,cplusplus.NewDelete,alpha.cplusplus.NewDeleteLeaks,unix.Malloc -std=c++11 -fblocks -verify %s // RUN: %clang_cc1 -analyze -analyzer-checker=core,cplusplus.NewDelete,cplusplus.NewDeleteLeaks,unix.Malloc -std=c++11 -fblocks -verify %s
// expected-no-diagnostics // expected-no-diagnostics
namespace std { namespace std {

test/Analysis/NewDeleteLeaks-PR18394.cpp

// RUN: %clang_cc1 -analyzer-config graph-trim-interval=1 -analyzer-max-loop 1 -analyze -analyzer-checker=core,alpha.cplusplus.NewDeleteLeaks -verify %s // RUN: %clang_cc1 -analyzer-config graph-trim-interval=1 -analyzer-max-loop 1 -analyze -analyzer-checker=core,cplusplus.NewDeleteLeaks -verify %s
// expected-no-diagnostics // expected-no-diagnostics
class A { class A {

test/Analysis/NewDeleteLeaks-PR19102.cpp

// RUN: %clang_cc1 -analyze -analyzer-checker=core,alpha.cplusplus.NewDeleteLeaks -verify %s // RUN: %clang_cc1 -analyze -analyzer-checker=core,cplusplus.NewDeleteLeaks -verify %s
class A0 {}; class A0 {};