NoQ added inline comments.
================ Comment at: clang/test/Analysis/fuchsia_handle.cpp:210 + // Because of arrays, structs, the suggestion is to escape when whe no longer + // have any pointer to that symbolic region. + if (zx_channel_create(0, get_handle_address(), &sb)) ---------------- NoQ wrote: > This has nothing to do with symbolic regions. We can run into this problem > even if it's a local variable in the current stack frame: > ```lang=c++ > void foo() { > zx_handle_t sa, sb; > escape(&sb); // Escape *before* create!! > > zx_channel_create(0, &sa, &sb); > zx_handle_close(sa); > close_escaped(); > } > ``` > > The solution that'll obviously work would be to keep track of all regions > that escaped at least once, and then not even start tracking the handle if > it's getting placed into a region that causes an escape when written into or > has itself escaped before, but that sounds like a huge overkill. > > Lemme think. This sounds vaguely familiar but i can't immediately recall what > my thoughts were last time i thought about it. `$ cat test.c` ```lang=c++ void manage(void **x); void free_managed(); void foo() { void *x; manage(&x); x = malloc(1); free_managed(); } ``` `$ clang --analyze test.c` ```lang=c++ test.c:8:3: warning: Potential leak of memory pointed to by 'x' free_managed(); ^~~~~~~~~~~~~~ 1 warning generated. ``` Sigh. Repository: rG LLVM Github Monorepo CHANGES SINCE LAST ACTION https://reviews.llvm.org/D71041/new/ https://reviews.llvm.org/D71041 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits