Home

[analyzer] Handle the M_ZERO and __GFP_ZERO flags in kernel mallocs.

Press ? to show keyboard shortcuts.
Committed
jroseMar 26 2014, 10:05 AM
Parents
rL204831: Recommit r204493 with a fix to look in both clang and llvm directories.
Branches
Unknown
Tags
Unknown
Subscribers
None
Projects
None
Description

[analyzer] Handle the M_ZERO and __GFP_ZERO flags in kernel mallocs.

Add M_ZERO awareness to malloc() static analysis in Clang for FreeBSD,
NetBSD, and OpenBSD in a similar fashion to O_CREAT for open(2).
These systems have a three-argument malloc() in the kernel where the
third argument contains flags; the M_ZERO flag will zero-initialize the
allocated buffer.

This should reduce the number of false positives when running static
analysis on BSD kernels.

Additionally, add kmalloc() (Linux kernel malloc()) and treat __GFP_ZERO
like M_ZERO on Linux.

Future work involves a better method of checking for named flags without
hardcoding values.

Patch by Conrad Meyer, with minor modifications by me.

rL204832

cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp

Loading...

cfe/trunk/lib/StaticAnalyzer/Checkers/UnixAPIChecker.cpp

Loading...

cfe/trunk/test/Analysis/kmalloc-linux.c

Loading...

cfe/trunk/test/Analysis/malloc-three-arg.c

Loading...

Add Comment