This revision was automatically updated to reflect the committed changes.
Closed by commit rL291866: [analyzer] Fix false positives in Keychain API
checker (authored by zaks).
Changed prior to commit:
https://reviews.llvm.org/D28330?vs=83160=84194#toc
Repository:
rL LLVM
NoQ accepted this revision.
NoQ added a reviewer: NoQ.
NoQ added a comment.
In https://reviews.llvm.org/D28330#637075, @zaks.anna wrote:
> I did not think of solution #1! It's definitely better than the pattern
> matching I've added here. However, this checker fires so infrequently, that I
>
zaks.anna added a comment.
I did not think of solution #1! It's definitely better than the pattern
matching I've added here. However, this checker fires so infrequently, that I
do not think it's worth investing more time into perfecting it.
I suspect the solution #2 is what this checker was
NoQ added a comment.
> Do not check if the return status has been compared to error (or no error) at
> the time when leaks are reported since the status symbol might no longer be
> alive. Instead, pattern match on the assume and stop tracking allocated
> symbols on error paths.
Aha, i see! So
zaks.anna updated this revision to Diff 83160.
zaks.anna added a comment.
Addressed all comments
https://reviews.llvm.org/D28330
Files:
lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp
test/Analysis/keychainAPI.m
Index: test/Analysis/keychainAPI.m
dcoughlin accepted this revision.
dcoughlin added a comment.
This revision is now accepted and ready to land.
Looks good to me, aside from minor quibbles about capitalization and variable
naming.
Comment at: lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp:502
+
alexshap added inline comments.
Comment at: lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp:527
+ if (ReturnSymbol)
+for (AllocatedDataTy::iterator I = ASet.begin(), E = ASet.end();
+ I != E; ++I) {
alexshap wrote:
alexshap added inline comments.
Comment at: lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp:527
+ if (ReturnSymbol)
+for (AllocatedDataTy::iterator I = ASet.begin(), E = ASet.end();
+ I != E; ++I) {
nit: auto I =
zaks.anna created this revision.
zaks.anna added a reviewer: dcoughlin.
zaks.anna added subscribers: cfe-commits, dergachev.a.
The checker has several false positives that this patch addresses:
1. Do not check if the return status has been compared to error (or no error)
at the time when
