Page MenuHomePhabricator

Infer dereferenceability from malloc and friends

Authored by reames on Thu, Apr 1, 8:55 AM.



Hookup TLI when inferring object size from allocation calls. This allows the analysis to prove dereferenceability for known allocation functions (such as malloc/new/etc) in addition to those marked explicitly with the allocsize attribute.

This is a follow up to 0129cd5 now that the bug fixed by e2c6621e6 is resolved.

As noted in the test, this relies on being able to prove that there is no free between allocation and context (e.g. hoist location). At the moment, this is handled conservatively. I'm working strengthening out ability to reason about no-free regions separately.

Diff Detail

Event Timeline

reames created this revision.Thu, Apr 1, 8:55 AM
reames requested review of this revision.Thu, Apr 1, 8:55 AM
Herald added a project: Restricted Project. · View Herald TranscriptThu, Apr 1, 8:55 AM
This revision is now accepted and ready to land.Thu, Apr 1, 10:46 AM
This revision was automatically updated to reflect the committed changes.