Page MenuHomePhabricator

[analyzer] RetainCount: Allow offsets in return values.
ClosedPublic

Authored by NoQ on Apr 22 2019, 7:36 PM.

Details

Summary

Because RetainCountChecker has custom "local" reasoning about escapes, it has a separate facility to deal with tracked symbols at end of analysis and check them for leaks regardless of whether they're dead or not. This facility iterates over the list of tracked symbols and reports them as leaks, but it needs to treat the return value specially.

Some custom allocators tend to return the value with an offset, storing extra metadata at the beginning of the buffer. In this case the return value would be a non-base region. In order to avoid false positives, we still need to find the original symbol within the return value, otherwise it'll be unable to match it to the item in the list of tracked symbols.

I don't really understand how this whole facility works in general. In particular, i don't understand why doesn't it take the function's contract into account (i.e., should this function generally return at +0 or at +1?), but the fix still seems to make sense to me.

Diff Detail

Repository
rC Clang

Event Timeline

NoQ created this revision.Apr 22 2019, 7:36 PM
Herald added a project: Restricted Project. · View Herald TranscriptApr 22 2019, 7:36 PM
dcoughlin accepted this revision.Apr 23 2019, 9:31 PM
This revision is now accepted and ready to land.Apr 23 2019, 9:31 PM
This revision was automatically updated to reflect the committed changes.