NoQ added inline comments.
================
Comment at: clang/test/Analysis/fuchsia_handle.cpp:210
+ // Because of arrays, structs, the suggestion is to escape when whe no longer
+ // have any pointer to that symbolic region.
+ if (zx_channel_create(0, get_handle_address(), &sb))
----------------
NoQ wrote:
> This has nothing to do with symbolic regions. We can run into this problem
> even if it's a local variable in the current stack frame:
> ```lang=c++
> void foo() {
> zx_handle_t sa, sb;
> escape(&sb); // Escape *before* create!!
>
> zx_channel_create(0, &sa, &sb);
> zx_handle_close(sa);
> close_escaped();
> }
> ```
>
> The solution that'll obviously work would be to keep track of all regions
> that escaped at least once, and then not even start tracking the handle if
> it's getting placed into a region that causes an escape when written into or
> has itself escaped before, but that sounds like a huge overkill.
>
> Lemme think. This sounds vaguely familiar but i can't immediately recall what
> my thoughts were last time i thought about it.
`$ cat test.c`
```lang=c++
void manage(void **x);
void free_managed();
void foo() {
void *x;
manage(&x);
x = malloc(1);
free_managed();
}
```
`$ clang --analyze test.c`
```lang=c++
test.c:8:3: warning: Potential leak of memory pointed to by 'x'
free_managed();
^~~~~~~~~~~~~~
1 warning generated.
```
Sigh.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D71041/new/
https://reviews.llvm.org/D71041
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
