https://bugs.llvm.org/show_bug.cgi?id=50771
Bug ID: 50771
Summary: Static analyzer ignores calls through function
pointers
Product: clang
Version: trunk
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P
Component: Static Analyzer
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected], [email protected]
We observed this with Google Test, which stores a pointer to a function
destroying a object in a data structure, and then releases data by calling
through that pointer. A reduced test case is this:
void MatcherBase() {
void* shared = new int();
void (*shared_destroy)(void*) = [](void* p) { delete static_cast<int*>(p); };
shared_destroy(shared);
} // warning: Potential leak of memory pointed to by 'shared'
[cplusplus.NewDeleteLeaks]
The warning disappears when changing the type of shared_destroy to auto, so
we're not converting to a function pointer type but rather keeping an object of
lambda type. Then the call at the end is a direct call and inlined. Similarly
for a global function shared_destroy.
Now I guess that tracing calls through function pointers would be pretty hard,
because then control flow would depend on data flow in a way that's not
amenable to a constrain solver. But we could at least treat the function
pointer call like an opaque call, which also makes the warning disappear:
void shared_destroy(void* p);
void MatcherBase() {
void* shared = new int();
shared_destroy(shared);
} // no warning.
--
You are receiving this mail because:
You are on the CC list for the bug._______________________________________________
llvm-bugs mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
