Author: rksimon Date: Fri Dec 21 02:11:23 2018 New Revision: 349894 URL: http://llvm.org/viewvc/llvm-project?rev=349894&view=rev Log: Revert rL349876 from cfe/trunk: [analyzer] Perform escaping in RetainCountChecker on type mismatch even for inlined functions
The fix done in D55465 did not previously apply when the function was inlined. rdar://46889541 Differential Revision: https://reviews.llvm.org/D55976 ........ Fixes broken buildbot: http://lab.llvm.org:8011/builders/llvm-clang-x86_64-expensive-checks-win/builds/14764 Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountChecker.cpp cfe/trunk/test/Analysis/osobject-retain-release.cpp Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountChecker.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountChecker.cpp?rev=349894&r1=349893&r2=349894&view=diff ============================================================================== --- cfe/trunk/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountChecker.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountChecker.cpp Fri Dec 21 02:11:23 2018 @@ -502,25 +502,6 @@ static Optional<RefVal> refValFromRetEff return None; } -static bool isPointerToObject(QualType QT) { - QualType PT = QT->getPointeeType(); - if (!PT.isNull()) - if (PT->getAsCXXRecordDecl()) - return true; - return false; -} - -/// Whether the tracked value should be escaped on a given call. -/// OSObjects are escaped when passed to void * / etc. -static bool shouldEscapeArgumentOnCall(const CallEvent &CE, unsigned ArgIdx, - const RefVal *TrackedValue) { - if (TrackedValue->getObjKind() != RetEffect::OS) - return false; - if (ArgIdx >= CE.parameters().size()) - return false; - return !isPointerToObject(CE.parameters()[ArgIdx]->getType()); -} - // We don't always get the exact modeling of the function with regards to the // retain count checker even when the function is inlined. For example, we need // to stop tracking the symbols which were marked with StopTrackingHard. @@ -531,16 +512,11 @@ void RetainCountChecker::processSummaryO // Evaluate the effect of the arguments. for (unsigned idx = 0, e = CallOrMsg.getNumArgs(); idx != e; ++idx) { - SVal V = CallOrMsg.getArgSVal(idx); - - if (SymbolRef Sym = V.getAsLocSymbol()) { - bool ShouldRemoveBinding = Summ.getArg(idx) == StopTrackingHard; - if (const RefVal *T = getRefBinding(state, Sym)) - if (shouldEscapeArgumentOnCall(CallOrMsg, idx, T)) - ShouldRemoveBinding = true; - - if (ShouldRemoveBinding) + if (Summ.getArg(idx) == StopTrackingHard) { + SVal V = CallOrMsg.getArgSVal(idx); + if (SymbolRef Sym = V.getAsLocSymbol()) { state = removeRefBinding(state, Sym); + } } } @@ -598,6 +574,25 @@ static ProgramStateRef updateOutParamete return State; } +static bool isPointerToObject(QualType QT) { + QualType PT = QT->getPointeeType(); + if (!PT.isNull()) + if (PT->getAsCXXRecordDecl()) + return true; + return false; +} + +/// Whether the tracked value should be escaped on a given call. +/// OSObjects are escaped when passed to void * / etc. +static bool shouldEscapeArgumentOnCall(const CallEvent &CE, unsigned ArgIdx, + const RefVal *TrackedValue) { + if (TrackedValue->getObjKind() != RetEffect::OS) + return false; + if (ArgIdx >= CE.parameters().size()) + return false; + return !isPointerToObject(CE.parameters()[ArgIdx]->getType()); +} + void RetainCountChecker::checkSummary(const RetainSummary &Summ, const CallEvent &CallOrMsg, CheckerContext &C) const { Modified: cfe/trunk/test/Analysis/osobject-retain-release.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/osobject-retain-release.cpp?rev=349894&r1=349893&r2=349894&view=diff ============================================================================== --- cfe/trunk/test/Analysis/osobject-retain-release.cpp (original) +++ cfe/trunk/test/Analysis/osobject-retain-release.cpp Fri Dec 21 02:11:23 2018 @@ -90,10 +90,7 @@ struct OSMetaClassBase { static OSObject *safeMetaCast(const OSObject *inst, const OSMetaClass *meta); }; -typedef unsigned long MYTYPE; - void escape(void *); -void escape_with_source(MYTYPE p) {} bool coin(); bool os_consume_violation_two_args(OS_CONSUME OSObject *obj, bool extra) { @@ -142,13 +139,6 @@ void test_escaping_into_voidstar() { escape(obj); } -void test_escape_has_source() { - OSObject *obj = new OSObject; - if (obj) - escape_with_source((MYTYPE)obj); - return; -} - void test_no_infinite_check_recursion(MyArray *arr) { OSObject *input = new OSObject; OSObject *o = arr->generateObject(input); _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits