[LLVMbugs] [Bug 7538] New: Failure to detect obj-c overreleased block

Wed, 30 Jun 2010 21:49:55 -0700 

http://llvm.org/bugs/show_bug.cgi?id=7538

           Summary: Failure to detect obj-c overreleased block
           Product: clang
           Version: unspecified
          Platform: Macintosh
        OS/Version: MacOS X
            Status: NEW
          Severity: normal
          Priority: P
         Component: Static Analyzer
        AssignedTo: [email protected]
        ReportedBy: [email protected]
                CC: [email protected]


Originally on stackoverflow as
http://stackoverflow.com/questions/3154598/use-of-ivar-in-block-returned-to-other-object
- the solution is to add a copy before the block autorelease, but analyzer does
not produce a warning.

I have found a crash in an iPhone application with target iOS 4 that changes
depending on the type of build. 

The debugger is giving me nothing much to go on, it stops at

 UIViewController *result = [self factory](self);
with EXC_BAD_ACCESS. self is a class inheriting from NSObject (shown below as
NSObjectInheritor). Zombies are enabled. I've tried changing method factory
three ways with the following results.

This crashes in both debug and ad hoc builds...

- (FactoryMethod) factory;
{
    return [^ UIViewController * (NSObjectInheritor *newThing)
    {
      return [[ViewControllerClass alloc] initWithStuff:(boolValue ? foo :
bar)];
    } autorelease];
}
This works in debug builds but crashes in ad hoc...

- (FactoryMethod) factory;
{
  return [^ UIViewController * (NSObjectInheritor *newThing)
  {
    if(boolValue)
    {
      return [[ViewControllerClass alloc] initWithStuff:foo];
    }
    else
    {
      return [[ViewControllerClass alloc] initWithStuff:bar];
    }
  } autorelease];
}
This works in both debug and ad hoc but is very ugly and redundant:

- (FactoryMethod) factory;
{
  if(boolValue)
  {
    return [^ UIViewController * (NSObjectInheritor *newThing)
    {
      return [[ViewControllerClass alloc] initWithStuff:foo];
    } autorelease];
  }
  else
  {
    return [^ UIViewController * (NSObjectInheritor *newThing)
    {
      return [[[ViewControllerClass alloc] initWithStuff:bar];
    } autorelease];
  }
}
My theory is that boolValue becomes inaccessible at the time the returned block
is executed. It is

@interface SubclassOfNSObjectInheritor : NSObjectInheritor
{
  BOOL boolValue;
}

@property (readonly) BOOL boolValue;
(YES or NO assigned in SubclassOfNSObjectInheritor's init of course) and

@synthesize boolValue;
in SubclassOfNSObjectInheritor's implementation.

-- 
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
_______________________________________________
LLVMbugs mailing list
[email protected]
http://lists.cs.uiuc.edu/mailman/listinfo/llvmbugs

Reply via email to