This is an archive of the discontinued LLVM Phabricator instance.

Thanks for the patches! I've commandeered this revision to be able to update the diff to merge the two patch files into one. You should commandeer it back by using the 'Commandeer Revision' action.

By the way, there are instructions for how to create and upload diffs using Phabricator at http://llvm.org/docs/Phabricator.html#requesting-a-review-via-the-web-interface

Merge the two patches into one diff.

dcoughlin added inline comments.Aug 12 2016, 11:36 AM

lib/StaticAnalyzer/Checkers/MallocChecker.cpp
593	It looks like you are using tabs here. The LLVM style guide calls for spaces. http://llvm.org/docs/CodingStandards.html#use-spaces-instead-of-tabs If you haven't seen it, the clang-format tool can help automatically format code to conform to LLVM's expected style.
950	It looks like this method has recently been renamed "parameters()" and so your patch doesn't compile. Are you using top of trunk from the llvm.org repo?
1296	I think it would good to add a test that covers this code. There are analogous tests in test/Analysis/free.c -- that would be a good place for this added test.
1309	Should there be a test for this case, as well? This would be exercised if code is allocated with kmalloc() and then freed in some way other than kfree (such as free() or delete). There are analogous tests in the MismatchedDeallocator test files.
2206	There are tabs on these two lines, as well.

NoQ added a subscriber: NoQ.Aug 12 2016, 12:47 PM

I agree that more tests would be good. Where should I put them? Should it be in a separate file or should I just have kmalloc/kfree tests next to the malloc/free ones?

I would recommend putting the tests in existing test files next to tests that for similar diagnostics for other allocation/free schemes. So the test for printExpectedAllocName() should go in test/Analysis/free.c and the test for printExpectedDeallocName() should probably go in test/Analysis/MismatchedDeallocator-checker-test.mm.

One more thing, obviously it should mimic malloc/free's behavior in complaining about delete/new being used. Should it also complain about free/malloc being used? I can't imagine that would be something people would usually intend to do, but I don't think it's really "incorrect." Thought?

In D23375#527291, @andrewmw94 wrote:

One more thing, obviously it should mimic malloc/free's behavior in complaining about delete/new being used. Should it also complain about free/malloc being used? I can't imagine that would be something people would usually intend to do, but I don't think it's really "incorrect." Thought?

I'm not familiar with linux kernel programming. Is free() available in the kernel? If someone did define their own free() and used it with kmalloc'd memory, would they consider this a false positive?

Revision Contents

Path

Size

lib/

StaticAnalyzer/

Checkers/

MallocChecker.cpp

26 lines

test/

Analysis/

kmalloc-linux.c

7 lines

Diff 67862

lib/StaticAnalyzer/Checkers/MallocChecker.cpp

Show All 38 Lines

// Used to check correspondence between allocators and deallocators.		// Used to check correspondence between allocators and deallocators.
enum AllocationFamily {		enum AllocationFamily {
AF_None,		AF_None,
AF_Malloc,		AF_Malloc,
AF_CXXNew,		AF_CXXNew,
AF_CXXNewArray,		AF_CXXNewArray,
AF_IfNameIndex,		AF_IfNameIndex,
		AF_KMalloc,
AF_Alloca		AF_Alloca
};		};

class RefState {		class RefState {
enum Kind { // Reference to allocated memory.		enum Kind { // Reference to allocated memory.
Allocated,		Allocated,
// Reference to zero-allocated memory.		// Reference to zero-allocated memory.
AllocatedOfSizeZero,		AllocatedOfSizeZero,
▲ Show 20 Lines • Show All 113 Lines • ▼ Show 20 Lines	class MallocChecker : public Checker<check::DeadSymbols,
eval::Assume>		eval::Assume>
{		{
public:		public:
MallocChecker()		MallocChecker()
: II_alloca(nullptr), II_win_alloca(nullptr), II_malloc(nullptr),		: II_alloca(nullptr), II_win_alloca(nullptr), II_malloc(nullptr),
II_free(nullptr), II_realloc(nullptr), II_calloc(nullptr),		II_free(nullptr), II_realloc(nullptr), II_calloc(nullptr),
II_valloc(nullptr), II_reallocf(nullptr), II_strndup(nullptr),		II_valloc(nullptr), II_reallocf(nullptr), II_strndup(nullptr),
II_strdup(nullptr), II_win_strdup(nullptr), II_kmalloc(nullptr),		II_strdup(nullptr), II_win_strdup(nullptr), II_kmalloc(nullptr),
II_if_nameindex(nullptr), II_if_freenameindex(nullptr),		II_kfree(nullptr), II_if_nameindex(nullptr),
II_wcsdup(nullptr), II_win_wcsdup(nullptr) {}		II_if_freenameindex(nullptr), II_wcsdup(nullptr),
		II_win_wcsdup(nullptr) {}

/// In pessimistic mode, the checker assumes that it does not know which		/// In pessimistic mode, the checker assumes that it does not know which
/// functions might free the memory.		/// functions might free the memory.
enum CheckKind {		enum CheckKind {
CK_MallocChecker,		CK_MallocChecker,
CK_NewDeleteChecker,		CK_NewDeleteChecker,
CK_NewDeleteLeaksChecker,		CK_NewDeleteLeaksChecker,
CK_MismatchedDeallocatorChecker,		CK_MismatchedDeallocatorChecker,
▲ Show 20 Lines • Show All 44 Lines • ▼ Show 20 Lines	private:
mutable std::unique_ptr<BugType> BT_BadFree[CK_NumCheckKinds];		mutable std::unique_ptr<BugType> BT_BadFree[CK_NumCheckKinds];
mutable std::unique_ptr<BugType> BT_FreeAlloca[CK_NumCheckKinds];		mutable std::unique_ptr<BugType> BT_FreeAlloca[CK_NumCheckKinds];
mutable std::unique_ptr<BugType> BT_MismatchedDealloc;		mutable std::unique_ptr<BugType> BT_MismatchedDealloc;
mutable std::unique_ptr<BugType> BT_OffsetFree[CK_NumCheckKinds];		mutable std::unique_ptr<BugType> BT_OffsetFree[CK_NumCheckKinds];
mutable std::unique_ptr<BugType> BT_UseZerroAllocated[CK_NumCheckKinds];		mutable std::unique_ptr<BugType> BT_UseZerroAllocated[CK_NumCheckKinds];
mutable IdentifierInfo II_alloca, II_win_alloca, II_malloc, II_free,		mutable IdentifierInfo II_alloca, II_win_alloca, II_malloc, II_free,
II_realloc, II_calloc, II_valloc, II_reallocf,		II_realloc, II_calloc, II_valloc, II_reallocf,
II_strndup, II_strdup, II_win_strdup, II_kmalloc,		II_strndup, II_strdup, II_win_strdup, II_kmalloc,
II_if_nameindex, II_if_freenameindex, *II_wcsdup,		II_kfree, II_if_nameindex, *II_if_freenameindex,
*II_win_wcsdup;		II_wcsdup, II_win_wcsdup;
mutable Optional<uint64_t> KernelZeroFlagVal;		mutable Optional<uint64_t> KernelZeroFlagVal;

void initIdentifierInfo(ASTContext &C) const;		void initIdentifierInfo(ASTContext &C) const;

/// \brief Determine family of a deallocation expression.		/// \brief Determine family of a deallocation expression.
AllocationFamily getAllocationFamily(CheckerContext &C, const Stmt *S) const;		AllocationFamily getAllocationFamily(CheckerContext &C, const Stmt *S) const;

/// \brief Print names of allocators and deallocators.		/// \brief Print names of allocators and deallocators.
Show All 34 Lines	static ProgramStateRef MallocMemAux(CheckerContext &C, const CallExpr *CE,
const Expr *SizeEx, SVal Init,		const Expr *SizeEx, SVal Init,
ProgramStateRef State,		ProgramStateRef State,
AllocationFamily Family = AF_Malloc);		AllocationFamily Family = AF_Malloc);
static ProgramStateRef MallocMemAux(CheckerContext &C, const CallExpr *CE,		static ProgramStateRef MallocMemAux(CheckerContext &C, const CallExpr *CE,
SVal SizeEx, SVal Init,		SVal SizeEx, SVal Init,
ProgramStateRef State,		ProgramStateRef State,
AllocationFamily Family = AF_Malloc);		AllocationFamily Family = AF_Malloc);

// Check if this malloc() for special flags. At present that means M_ZERO or		// Check this malloc() for special flags. At present that means M_ZERO or
// __GFP_ZERO (in which case, treat it like calloc).		// __GFP_ZERO (in which case, treat it like calloc).
llvm::Optional<ProgramStateRef>		llvm::Optional<ProgramStateRef>
performKernelMalloc(const CallExpr *CE, CheckerContext &C,		performKernelMalloc(const CallExpr *CE, CheckerContext &C,
const ProgramStateRef &State) const;		const ProgramStateRef &State) const;

/// Update the RefState to reflect the new memory allocation.		/// Update the RefState to reflect the new memory allocation.
static ProgramStateRef		static ProgramStateRef
MallocUpdateRefState(CheckerContext &C, const Expr *E, ProgramStateRef State,		MallocUpdateRefState(CheckerContext &C, const Expr *E, ProgramStateRef State,
▲ Show 20 Lines • Show All 240 Lines • ▼ Show 20 Lines	void MallocChecker::initIdentifierInfo(ASTContext &Ctx) const {
II_realloc = &Ctx.Idents.get("realloc");		II_realloc = &Ctx.Idents.get("realloc");
II_reallocf = &Ctx.Idents.get("reallocf");		II_reallocf = &Ctx.Idents.get("reallocf");
II_calloc = &Ctx.Idents.get("calloc");		II_calloc = &Ctx.Idents.get("calloc");
II_valloc = &Ctx.Idents.get("valloc");		II_valloc = &Ctx.Idents.get("valloc");
II_strdup = &Ctx.Idents.get("strdup");		II_strdup = &Ctx.Idents.get("strdup");
II_strndup = &Ctx.Idents.get("strndup");		II_strndup = &Ctx.Idents.get("strndup");
II_wcsdup = &Ctx.Idents.get("wcsdup");		II_wcsdup = &Ctx.Idents.get("wcsdup");
II_kmalloc = &Ctx.Idents.get("kmalloc");		II_kmalloc = &Ctx.Idents.get("kmalloc");
		II_kfree = &Ctx.Idents.get("kfree");
II_if_nameindex = &Ctx.Idents.get("if_nameindex");		II_if_nameindex = &Ctx.Idents.get("if_nameindex");
II_if_freenameindex = &Ctx.Idents.get("if_freenameindex");		II_if_freenameindex = &Ctx.Idents.get("if_freenameindex");

//MSVC uses `_`-prefixed instead, so we check for them too.		//MSVC uses `_`-prefixed instead, so we check for them too.
II_win_strdup = &Ctx.Idents.get("_strdup");		II_win_strdup = &Ctx.Idents.get("_strdup");
II_win_wcsdup = &Ctx.Idents.get("_wcsdup");		II_win_wcsdup = &Ctx.Idents.get("_wcsdup");
II_win_alloca = &Ctx.Idents.get("_alloca");		II_win_alloca = &Ctx.Idents.get("_alloca");
}		}
Show All 26 Lines	bool MallocChecker::isCMemFunction(const FunctionDecl *FD,
bool CheckAlloc = (MemKind == MemoryOperationKind::MOK_Any \|\|		bool CheckAlloc = (MemKind == MemoryOperationKind::MOK_Any \|\|
MemKind == MemoryOperationKind::MOK_Allocate);		MemKind == MemoryOperationKind::MOK_Allocate);

if (FD->getKind() == Decl::Function) {		if (FD->getKind() == Decl::Function) {
const IdentifierInfo *FunI = FD->getIdentifier();		const IdentifierInfo *FunI = FD->getIdentifier();
initIdentifierInfo(C);		initIdentifierInfo(C);

if (Family == AF_Malloc && CheckFree) {		if (Family == AF_Malloc && CheckFree) {
if (FunI == II_free \|\| FunI == II_realloc \|\| FunI == II_reallocf)		if (FunI == II_free \|\| FunI == II_realloc \|\|
		FunI == II_reallocf \|\| FunI == II_kfree)
		dcoughlinUnsubmitted Not Done Reply Inline Actions It looks like you are using tabs here. The LLVM style guide calls for spaces. http://llvm.org/docs/CodingStandards.html#use-spaces-instead-of-tabs If you haven't seen it, the clang-format tool can help automatically format code to conform to LLVM's expected style. dcoughlin: It looks like you are using tabs here. The LLVM style guide calls for spaces. http://llvm.
return true;		return true;
}		}

if (Family == AF_Malloc && CheckAlloc) {		if (Family == AF_Malloc && CheckAlloc) {
if (FunI == II_malloc \|\| FunI == II_realloc \|\| FunI == II_reallocf \|\|		if (FunI == II_malloc \|\| FunI == II_realloc \|\| FunI == II_reallocf \|\|
FunI == II_calloc \|\| FunI == II_valloc \|\| FunI == II_strdup \|\|		FunI == II_calloc \|\| FunI == II_valloc \|\| FunI == II_strdup \|\|
FunI == II_win_strdup \|\| FunI == II_strndup \|\| FunI == II_wcsdup \|\|		FunI == II_win_strdup \|\| FunI == II_strndup \|\| FunI == II_wcsdup \|\|
FunI == II_win_wcsdup \|\| FunI == II_kmalloc)		FunI == II_win_wcsdup \|\| FunI == II_kmalloc)
▲ Show 20 Lines • Show All 193 Lines • ▼ Show 20 Lines	if (FunI == II_malloc) {
State = ProcessZeroAllocation(C, CE, 1, State);		State = ProcessZeroAllocation(C, CE, 1, State);
} else if (FunI == II_reallocf) {		} else if (FunI == II_reallocf) {
State = ReallocMem(C, CE, true, State);		State = ReallocMem(C, CE, true, State);
State = ProcessZeroAllocation(C, CE, 1, State);		State = ProcessZeroAllocation(C, CE, 1, State);
} else if (FunI == II_calloc) {		} else if (FunI == II_calloc) {
State = CallocMem(C, CE, State);		State = CallocMem(C, CE, State);
State = ProcessZeroAllocation(C, CE, 0, State);		State = ProcessZeroAllocation(C, CE, 0, State);
State = ProcessZeroAllocation(C, CE, 1, State);		State = ProcessZeroAllocation(C, CE, 1, State);
} else if (FunI == II_free) {		} else if (FunI == II_free \|\| FunI == II_kfree) {
State = FreeMemAux(C, CE, State, 0, false, ReleasedAllocatedMemory);		State = FreeMemAux(C, CE, State, 0, false, ReleasedAllocatedMemory);
} else if (FunI == II_strdup \|\| FunI == II_win_strdup \|\|		} else if (FunI == II_strdup \|\| FunI == II_win_strdup \|\|
FunI == II_wcsdup \|\| FunI == II_win_wcsdup) {		FunI == II_wcsdup \|\| FunI == II_win_wcsdup) {
State = MallocUpdateRefState(C, CE, State);		State = MallocUpdateRefState(C, CE, State);
} else if (FunI == II_strndup) {		} else if (FunI == II_strndup) {
State = MallocUpdateRefState(C, CE, State);		State = MallocUpdateRefState(C, CE, State);
} else if (FunI == II_alloca \|\| FunI == II_win_alloca) {		} else if (FunI == II_alloca \|\| FunI == II_win_alloca) {
State = MallocMemAux(C, CE, CE->getArg(0), UndefinedVal(), State,		State = MallocMemAux(C, CE, CE->getArg(0), UndefinedVal(), State,
▲ Show 20 Lines • Show All 130 Lines • ▼ Show 20 Lines	if (!ConstructE)
return false;		return false;

if (!NE->getAllocatedType()->getAsCXXRecordDecl())		if (!NE->getAllocatedType()->getAsCXXRecordDecl())
return false;		return false;

const CXXConstructorDecl *CtorD = ConstructE->getConstructor();		const CXXConstructorDecl *CtorD = ConstructE->getConstructor();

// Iterate over the constructor parameters.		// Iterate over the constructor parameters.
for (const auto *CtorParam : CtorD->parameters()) {		for (const auto *CtorParam : CtorD->params()) {
		dcoughlinUnsubmitted Not Done Reply Inline Actions It looks like this method has recently been renamed "parameters()" and so your patch doesn't compile. Are you using top of trunk from the llvm.org repo? dcoughlin: It looks like this method has recently been renamed "parameters()" and so your patch doesn't…

QualType CtorParamPointeeT = CtorParam->getType()->getPointeeType();		QualType CtorParamPointeeT = CtorParam->getType()->getPointeeType();
if (CtorParamPointeeT.isNull())		if (CtorParamPointeeT.isNull())
continue;		continue;

CtorParamPointeeT = getDeepPointeeType(CtorParamPointeeT);		CtorParamPointeeT = getDeepPointeeType(CtorParamPointeeT);

if (CtorParamPointeeT->getAsCXXRecordDecl())		if (CtorParamPointeeT->getAsCXXRecordDecl())
▲ Show 20 Lines • Show All 329 Lines • ▼ Show 20 Lines	void MallocChecker::printExpectedAllocName(raw_ostream &os, CheckerContext &C,
const Expr *E) const {		const Expr *E) const {
AllocationFamily Family = getAllocationFamily(C, E);		AllocationFamily Family = getAllocationFamily(C, E);

switch(Family) {		switch(Family) {
case AF_Malloc: os << "malloc()"; return;		case AF_Malloc: os << "malloc()"; return;
case AF_CXXNew: os << "'new'"; return;		case AF_CXXNew: os << "'new'"; return;
case AF_CXXNewArray: os << "'new[]'"; return;		case AF_CXXNewArray: os << "'new[]'"; return;
case AF_IfNameIndex: os << "'if_nameindex()'"; return;		case AF_IfNameIndex: os << "'if_nameindex()'"; return;
		case AF_KMalloc: os <<"kmalloc()"; return;
		dcoughlinUnsubmitted Not Done Reply Inline Actions I think it would good to add a test that covers this code. There are analogous tests in test/Analysis/free.c -- that would be a good place for this added test. dcoughlin: I think it would good to add a test that covers this code. There are analogous tests in…
case AF_Alloca:		case AF_Alloca:
case AF_None: llvm_unreachable("not a deallocation expression");		case AF_None: llvm_unreachable("not a deallocation expression");
}		}
}		}

void MallocChecker::printExpectedDeallocName(raw_ostream &os,		void MallocChecker::printExpectedDeallocName(raw_ostream &os,
AllocationFamily Family) const {		AllocationFamily Family) const {
switch(Family) {		switch(Family) {
case AF_Malloc: os << "free()"; return;		case AF_Malloc: os << "free()"; return;
case AF_CXXNew: os << "'delete'"; return;		case AF_CXXNew: os << "'delete'"; return;
case AF_CXXNewArray: os << "'delete[]'"; return;		case AF_CXXNewArray: os << "'delete[]'"; return;
case AF_IfNameIndex: os << "'if_freenameindex()'"; return;		case AF_IfNameIndex: os << "'if_freenameindex()'"; return;
		case AF_KMalloc: os << "kfree()"; return;
		dcoughlinUnsubmitted Not Done Reply Inline Actions Should there be a test for this case, as well? This would be exercised if code is allocated with kmalloc() and then freed in some way other than kfree (such as free() or delete). There are analogous tests in the MismatchedDeallocator test files. dcoughlin: Should there be a test for this case, as well? This would be exercised if code is allocated…
case AF_Alloca:		case AF_Alloca:
case AF_None: llvm_unreachable("suspicious argument");		case AF_None: llvm_unreachable("suspicious argument");
}		}
}		}

ProgramStateRef MallocChecker::FreeMemAux(CheckerContext &C,		ProgramStateRef MallocChecker::FreeMemAux(CheckerContext &C,
const Expr *ArgExpr,		const Expr *ArgExpr,
const Expr *ParentExpr,		const Expr *ParentExpr,
▲ Show 20 Lines • Show All 146 Lines • ▼ Show 20 Lines
}		}

Optional<MallocChecker::CheckKind>		Optional<MallocChecker::CheckKind>
MallocChecker::getCheckIfTracked(AllocationFamily Family,		MallocChecker::getCheckIfTracked(AllocationFamily Family,
bool IsALeakCheck) const {		bool IsALeakCheck) const {
switch (Family) {		switch (Family) {
case AF_Malloc:		case AF_Malloc:
case AF_Alloca:		case AF_Alloca:
		case AF_KMalloc:
case AF_IfNameIndex: {		case AF_IfNameIndex: {
if (ChecksEnabled[CK_MallocChecker])		if (ChecksEnabled[CK_MallocChecker])
return CK_MallocChecker;		return CK_MallocChecker;

return Optional<MallocChecker::CheckKind>();		return Optional<MallocChecker::CheckKind>();
}		}
case AF_CXXNew:		case AF_CXXNew:
case AF_CXXNewArray: {		case AF_CXXNewArray: {
▲ Show 20 Lines • Show All 717 Lines • ▼ Show 20 Lines	if (const AnyFunctionCall *FC = dyn_cast<AnyFunctionCall>(&Call)) {
const FunctionDecl *FD = FC->getDecl();		const FunctionDecl *FD = FC->getDecl();
if (!FD)		if (!FD)
return;		return;

ASTContext &Ctx = C.getASTContext();		ASTContext &Ctx = C.getASTContext();
if (ChecksEnabled[CK_MallocChecker] &&		if (ChecksEnabled[CK_MallocChecker] &&
(isCMemFunction(FD, Ctx, AF_Malloc, MemoryOperationKind::MOK_Free) \|\|		(isCMemFunction(FD, Ctx, AF_Malloc, MemoryOperationKind::MOK_Free) \|\|
isCMemFunction(FD, Ctx, AF_IfNameIndex,		isCMemFunction(FD, Ctx, AF_IfNameIndex,
MemoryOperationKind::MOK_Free)))		MemoryOperationKind::MOK_Free) \|\|
		dcoughlinUnsubmitted Not Done Reply Inline Actions There are tabs on these two lines, as well. dcoughlin: There are tabs on these two lines, as well.
		isCMemFunction(FD, Ctx, AF_KMalloc, MemoryOperationKind::MOK_Free)))
return;		return;

if (ChecksEnabled[CK_NewDeleteChecker] &&		if (ChecksEnabled[CK_NewDeleteChecker] &&
isStandardNewDelete(FD, Ctx))		isStandardNewDelete(FD, Ctx))
return;		return;
}		}

// Check if the callee of a method is deleted.		// Check if the callee of a method is deleted.
▲ Show 20 Lines • Show All 547 Lines • Show Last 20 Lines

test/Analysis/kmalloc-linux.c

	// RUN: %clang -target x86_64-unknown-linux --analyze %s			// RUN: %clang -target x86_64-unknown-linux --analyze %s

	#include "Inputs/system-header-simulator.h"			#include "Inputs/system-header-simulator.h"

	#define __GFP_ZERO 0x8000			#define __GFP_ZERO 0x8000
	#define NULL ((void *)0)			#define NULL ((void *)0)

	void *kmalloc(size_t, int);			void *kmalloc(size_t, int);
				void *kfree(size_t);

	struct test {			struct test {
	};			};

	void foo(struct test *);			void foo(struct test *);

	void test_zeroed() {			void test_zeroed() {
	struct test *list, t;			struct test *list, t;
	int i;			int i;

	list = kmalloc(sizeof(list) 10, __GFP_ZERO);			list = kmalloc(sizeof(list) 10, __GFP_ZERO);
	if (list == NULL)			if (list == NULL)
	return;			return;

	for (i = 0; i < 10; i++) {			for (i = 0; i < 10; i++) {
	t = list[i];			t = list[i];
	foo(t);			foo(t);
	}			}
	free(list); // no-warning			kfree(list); // no-warning
	}			}

	void test_nonzero() {			void test_nonzero() {
	struct test *list, t;			struct test *list, t;
	int i;			int i;

	list = kmalloc(sizeof(list) 10, 0);			list = kmalloc(sizeof(list) 10, 0);
	if (list == NULL)			if (list == NULL)
	return;			return;

	for (i = 0; i < 10; i++) {			for (i = 0; i < 10; i++) {
	t = list[i]; // expected-warning{{undefined}}			t = list[i]; // expected-warning{{undefined}}
	foo(t);			foo(t);
	}			}
	free(list);			kfree(list);
	}			}

	void test_indeterminate(int flags) {			void test_indeterminate(int flags) {
	struct test *list, t;			struct test *list, t;
	int i;			int i;

	list = kmalloc(sizeof(list) 10, flags);			list = kmalloc(sizeof(list) 10, flags);
	if (list == NULL)			if (list == NULL)
	return;			return;

	for (i = 0; i < 10; i++) {			for (i = 0; i < 10; i++) {
	t = list[i]; // expected-warning{{undefined}}			t = list[i]; // expected-warning{{undefined}}
	foo(t);			foo(t);
	}			}
	free(list);			kfree(list);
	}			}

This is an archive of the discontinued LLVM Phabricator instance.

Add kfree( ) to MallocChecker.cppNeeds ReviewPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 67862

lib/StaticAnalyzer/Checkers/MallocChecker.cpp

test/Analysis/kmalloc-linux.c

Add kfree( ) to MallocChecker.cpp
Needs ReviewPublic