Index: lib/StaticAnalyzer/Checkers/DanglingInternalBufferChecker.cpp =================================================================== --- lib/StaticAnalyzer/Checkers/DanglingInternalBufferChecker.cpp +++ lib/StaticAnalyzer/Checkers/DanglingInternalBufferChecker.cpp @@ -26,7 +26,8 @@ namespace { -class DanglingInternalBufferChecker : public Checker { +class DanglingInternalBufferChecker : public Checker { CallDescription CStrFn; public: @@ -36,6 +37,9 @@ /// corresponding string object region in the ProgramState. Mark the symbol /// released if the string object is destroyed. void checkPostCall(const CallEvent &Call, CheckerContext &C) const; + + /// Clean up the ProgramState map. + void checkDeadSymbols(SymbolReaper &SymReaper, CheckerContext &C) const; }; } // end anonymous namespace @@ -76,12 +80,32 @@ // FIXME: What if Origin is null? const Expr *Origin = Call.getOriginExpr(); State = allocation_state::markReleased(State, *StrBufferPtr, Origin); + State = State->remove(TypedR); C.addTransition(State); return; } } } +void DanglingInternalBufferChecker::checkDeadSymbols(SymbolReaper &SymReaper, + CheckerContext &C) const { + if (!SymReaper.hasDeadSymbols()) + return; + + ProgramStateRef State = C.getState(); + RawPtrMapTy RPM = State->get(); + for (const auto Entry : RPM) { + if (SymReaper.isDead(Entry.second)) + State = State->remove(Entry.first); + if (!SymReaper.isLiveRegion(Entry.first)) + // Due to incomplete destructor support, some dead regions might still + // remain in the program state map. Clean them up. + State = State->remove(Entry.first); + } + + C.addTransition(State); +} + void ento::registerDanglingInternalBufferChecker(CheckerManager &Mgr) { registerNewDeleteChecker(Mgr); Mgr.registerChecker();