Nice! time to revisit http://llvm.org/bugs/show_bug.cgi?id=8395#c3 ?
Dmitry 2013/8/15 Jordan Rose <[email protected]>: > Author: jrose > Date: Thu Aug 15 12:22:06 2013 > New Revision: 188468 > > URL: http://llvm.org/viewvc/llvm-project?rev=188468&view=rev > Log: > [analyzer] If realloc fails on an escaped region, that region doesn't leak. > > When a region is realloc()ed, MallocChecker records whether it was known > to be allocated or not. If it is, and the reallocation fails, the original > region has to be freed. Previously, when an allocated region escaped, > MallocChecker completely stopped tracking it, so a failed reallocation > still (correctly) wouldn't require freeing the original region. Recently, > however, MallocChecker started tracking escaped symbols, so that if it were > freed we could check that the deallocator matched the allocator. This > broke the reallocation model for whether or not a symbol was allocated. > > Now, MallocChecker will actually check if a symbol is owned, and only > require freeing after a failed reallocation if it was owned before. > > PR16730 > > Modified: > cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp > cfe/trunk/test/Analysis/malloc.c > > Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp > URL: > http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp?rev=188468&r1=188467&r2=188468&view=diff > ============================================================================== > --- cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp (original) > +++ cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp Thu Aug 15 > 12:22:06 2013 > @@ -1060,7 +1060,7 @@ ProgramStateRef MallocChecker::FreeMemAu > } > } > > - ReleasedAllocated = (RsBase != 0); > + ReleasedAllocated = (RsBase != 0) && RsBase->isAllocated(); > > // Clean out the info on previous call to free return info. > State = State->remove<FreeReturnValue>(SymBase); > > Modified: cfe/trunk/test/Analysis/malloc.c > URL: > http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/malloc.c?rev=188468&r1=188467&r2=188468&view=diff > ============================================================================== > --- cfe/trunk/test/Analysis/malloc.c (original) > +++ cfe/trunk/test/Analysis/malloc.c Thu Aug 15 12:22:06 2013 > @@ -1207,6 +1207,16 @@ void freeMemory() { > } > } > > +// PR16730 > +void testReallocEscaped(void **memory) { > + *memory = malloc(47); > + char *new_memory = realloc(*memory, 47); > + if (new_memory != 0) { > + *memory = new_memory; > + } > +} > + > + > // > ---------------------------------------------------------------------------- > // False negatives. > > > > _______________________________________________ > cfe-commits mailing list > [email protected] > http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits _______________________________________________ cfe-commits mailing list [email protected] http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
