There already is a test case. The bug was revealed when I made changes to the analyzer engine that exposed the problem, which caused one of the test cases to fail.
On Jul 29, 2011, at 10:29 AM, Chris Lattner wrote: > > On Jul 28, 2011, at 4:07 PM, Ted Kremenek wrote: > >> Author: kremenek >> Date: Thu Jul 28 18:07:51 2011 >> New Revision: 136418 >> >> URL: http://llvm.org/viewvc/llvm-project?rev=136418&view=rev >> Log: >> [analyzer] fix bug in malloc checker where the tracked symbol would not >> properly be removed from the state. > > Testcase? > > -Chris > >> >> Modified: >> cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp >> >> Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp >> URL: >> http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp?rev=136418&r1=136417&r2=136418&view=diff >> ============================================================================== >> --- cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp (original) >> +++ cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp Thu Jul 28 >> 18:07:51 2011 >> @@ -578,24 +578,31 @@ >> RegionStateTy RS = state->get<RegionState>(); >> RegionStateTy::Factory &F = state->get_context<RegionState>(); >> >> + bool generateReport = false; >> + >> for (RegionStateTy::iterator I = RS.begin(), E = RS.end(); I != E; ++I) { >> if (SymReaper.isDead(I->first)) { >> - if (I->second.isAllocated()) { >> - if (ExplodedNode *N = C.generateNode()) { >> - if (!BT_Leak) >> - BT_Leak.reset(new BuiltinBug("Memory leak", >> - "Allocated memory never released. Potential memory >> leak.")); >> - // FIXME: where it is allocated. >> - BugReport *R = new BugReport(*BT_Leak, BT_Leak->getDescription(), >> N); >> - C.EmitReport(R); >> - } >> - } >> + if (I->second.isAllocated()) >> + generateReport = true; >> >> // Remove the dead symbol from the map. >> RS = F.remove(RS, I->first); >> + >> } >> } >> - C.generateNode(state->set<RegionState>(RS)); >> + >> + ExplodedNode *N = C.generateNode(state->set<RegionState>(RS)); >> + >> + // FIXME: This does not handle when we have multiple leaks at a single >> + // place. >> + if (N && generateReport) { >> + if (!BT_Leak) >> + BT_Leak.reset(new BuiltinBug("Memory leak", >> + "Allocated memory never released. Potential memory leak.")); >> + // FIXME: where it is allocated. >> + BugReport *R = new BugReport(*BT_Leak, BT_Leak->getDescription(), N); >> + C.EmitReport(R); >> + } >> } >> >> void MallocChecker::checkEndPath(EndOfFunctionNodeBuilder &B, >> >> >> _______________________________________________ >> cfe-commits mailing list >> [email protected] >> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits > _______________________________________________ cfe-commits mailing list [email protected] http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
