This is an archive of the discontinued LLVM Phabricator instance.

Differential D41797

[analyzer] Suppress escape of this-pointer during construction.
ClosedPublic

Authored by NoQ on Jan 5 2018, 5:32 PM.

Details

Reviewers
dcoughlin
xazax.hun
a.sidorin
george.karpenkov
szepet
Commits
rG0c79eab03d5b: [analyzer] Suppress "this" pointer escape during construction.
rL322795: [analyzer] Suppress "this" pointer escape during construction.
rC322795: [analyzer] Suppress "this" pointer escape during construction.
Summary

This one's easy. Under -analyzer-config c++-allocator-inlining=true, since D41406, we've teached MallocChecker to use the new callback, check::NewAllocator, which fires between the end of the operator new() call and the beginning of the constructor call. Because the constructor call causes a pointer escape event, during which the pointer returned by operator new() immediately escapes, MallocChecker immediately loses track of the allocated symbol and becomes completely useless. In particular, NewDeleteLeaks suffers a lot.

I'm open to suggestions regarding whether we should suppress this sort of pointer escape on the checker side or globally.

Diff Detail

Repository
rC Clang

Event Timeline

NoQ created this revision.Jan 5 2018, 5:32 PM
Herald added subscribers: cfe-commits, rnkovacs. · View Herald TranscriptJan 5 2018, 5:32 PM
NoQ added a parent revision: D41796: [analyzer] Fix extent modeling for casted operator new values..Jan 5 2018, 5:33 PM
NoQ added a child revision: D41799: [analyzer] PtrArithChecker: Update to use check::NewAllocator.Jan 5 2018, 5:41 PM
xazax.hun added a comment.Jan 9 2018, 6:42 AM

I am fine with suppressing the escape globally.
I did see some code in the wild where the constructors registered the objects with a (global) map.
But I think it is still easier to annotate code that does something unconventional than the other way around.

a.sidorin added a comment.Jan 9 2018, 8:50 AM

Hi Artem,
I think that global suppression is fine. If one really wants to check such escapes, he can implement a separate callback for this.

dcoughlin accepted this revision.Jan 12 2018, 5:08 PM

LGTM!

This revision is now accepted and ready to land.Jan 12 2018, 5:08 PM
Closed by commit rC322795: [analyzer] Suppress "this" pointer escape during construction. (authored by NoQ). · Explain WhyJan 17 2018, 4:46 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
lib/
StaticAnalyzer/
Core/
9 lines
test/
Analysis/
1 line

Diff 130316

lib/StaticAnalyzer/Core/CallEvent.cpp

Show First 20 LinesShow All 666 Lines▼ Show 20 Lines
SVal CXXConstructorCall::getCXXThisVal() const { SVal CXXConstructorCall::getCXXThisVal() const {
if (Data) if (Data)
return loc::MemRegionVal(static_cast<const MemRegion *>(Data)); return loc::MemRegionVal(static_cast<const MemRegion *>(Data));
return UnknownVal(); return UnknownVal();
} }
void CXXConstructorCall::getExtraInvalidatedValues(ValueList &Values, void CXXConstructorCall::getExtraInvalidatedValues(ValueList &Values,
RegionAndSymbolInvalidationTraits *ETraits) const { RegionAndSymbolInvalidationTraits *ETraits) const {
if (Data) if (Data) {
Values.push_back(loc::MemRegionVal(static_cast<const MemRegion *>(Data))); loc::MemRegionVal MV(static_cast<const MemRegion *>(Data));
if (SymbolRef Sym = MV.getAsSymbol(true))
ETraits->setTrait(Sym,
RegionAndSymbolInvalidationTraits::TK_SuppressEscape);
Values.push_back(MV);
}
} }
void CXXConstructorCall::getInitialStackFrameContents( void CXXConstructorCall::getInitialStackFrameContents(
const StackFrameContext *CalleeCtx, const StackFrameContext *CalleeCtx,
BindingsTy &Bindings) const { BindingsTy &Bindings) const {
AnyFunctionCall::getInitialStackFrameContents(CalleeCtx, Bindings); AnyFunctionCall::getInitialStackFrameContents(CalleeCtx, Bindings);
SVal ThisVal = getCXXThisVal(); SVal ThisVal = getCXXThisVal();
▲ Show 20 LinesShow All 531 LinesShow Last 20 Lines

test/Analysis/NewDeleteLeaks-PR19102.cpp

// RUN: %clang_analyze_cc1 -analyzer-checker=core,cplusplus.NewDeleteLeaks -verify %s // RUN: %clang_analyze_cc1 -analyzer-checker=core,cplusplus.NewDeleteLeaks -verify %s
// RUN: %clang_analyze_cc1 -analyzer-checker=core,cplusplus.NewDeleteLeaks -analyzer-config c++-allocator-inlining=true -verify %s
class A0 {}; class A0 {};
class A1 { class A1 {
public: public:
A1(int); A1(int);
}; };
Show All 34 Lines