Add a bug visitor to DanglingInternalBuffer checker that places a note at the point where the dangling pointer was obtained.
The visitor is handed over to MallocChecker and attached to the report there.
Details
Diff Detail
Event Timeline
Regarding the visitor:
Maybe rather than looking at the AST, we should check the states, when we started to track the returned symbol?
Using your current design you need to check for the AST twice. Once in the visitor and once in the check.
Also, I wonder if this always give you the right note. Consider the following example:
void deref_after_scope_char() { const char *c; { std::string s; c = s.c_str(); } std::string s; const char *c2 = s.c_str(); consume(c); }
lib/StaticAnalyzer/Checkers/DanglingInternalBufferChecker.cpp | ||
---|---|---|
161 | Why not !=? |
Looks better, thanks!
lib/StaticAnalyzer/Checkers/DanglingInternalBufferChecker.cpp | ||
---|---|---|
65 | Maybe early return here? |
lib/StaticAnalyzer/Checkers/AllocationState.h | ||
---|---|---|
23–25 | I think we should start commenting this stuff up. Like, "This function provides an additional visitor that augments the bug report with information relevant to memory errors caused by misuse of AF_InternalBuffer symbols". |
Looks good tho!
lib/StaticAnalyzer/Checkers/DanglingInternalBufferChecker.cpp | ||
---|---|---|
63–64 | Interesting, so we don't have access to the region with which the symbol is associated, so we have to scan the whole map. Probably we can scan the map only once (eg., in the visitor's consturctor if we also supply the program state) and then do a direct lookup by region? Because it's a premature optimization, i'm in favor of a FIXME. | |
155 | Maybe "pointer to dangling buffer". |
lib/StaticAnalyzer/Checkers/DanglingInternalBufferChecker.cpp | ||
---|---|---|
41 | I am fine with this as is, but I prefer self documenting code in general. Naming this variable PtrToBuf or something like that would conway the same information and render the comment redundant. |
Fixed variable name inside the visitor.
I also clang-formatted the file, sorry for any line number shifting.
I think we should start commenting this stuff up. Like, "This function provides an additional visitor that augments the bug report with information relevant to memory errors caused by misuse of AF_InternalBuffer symbols".