Symbols are cleaned up from the program state map when they go out of scope.
Memory regions are cleaned up when the corresponding object is destroyed, and
additionally in checkDeadSymbols in case destructor modeling was incomplete.
Details
- Reviewers
NoQ xazax.hun george.karpenkov - Commits
- rG7ff6a8a3168a: [analyzer] Clean up the program state map of DanglingInternalBufferChecker.
rC334352: [analyzer] Clean up the program state map of DanglingInternalBufferChecker.
rL334352: [analyzer] Clean up the program state map of DanglingInternalBufferChecker.
Diff Detail
Event Timeline
Yep, great stuff!
I guess, please add a comment on incomplete destructor support in the CFG and/or analyzer core that may cause the region to be never cleaned up. Or perform an extra cleanup pass - not sure if it's worth it, but it should be easy and safe.
lib/StaticAnalyzer/Checkers/DanglingInternalBufferChecker.cpp | ||
---|---|---|
94 | It's kinda weird that something that's not a const MemRegion * is called "Region". I'd rather use a neutral term like "Item". |
Fixed naming and added an extra pass for regions left behind by incomplete destructors.
lib/StaticAnalyzer/Checkers/DanglingInternalBufferChecker.cpp | ||
---|---|---|
89–91 | This optimization is in fact incorrect due to an old bug that i didn't yet get to fixing: D18860. The proposed patch would most likely remove the check anyway, because the set of dead symbols is not well-defined. So i think we shouldn't add it. | |
95 | For the same reason (D18860), it should be more correct to use !isLive(). Otherwise you may miss some symbols. | |
97–100 | I mildly advocate for braces here because that's as many as three lines to wrap. |
This optimization is in fact incorrect due to an old bug that i didn't yet get to fixing: D18860. The proposed patch would most likely remove the check anyway, because the set of dead symbols is not well-defined. So i think we shouldn't add it.