[analyzer] Assume escape is possible through system functions taking void*
The analyzer assumes that system functions will not free memory or modify the arguments in other ways, so we assume that arguments do not escape when those are called. However, this may lead to false positive leak errors. For example, in code like this where the pointers added to the rb_tree are freed later on: struct alarm_event *e = calloc(1, sizeof(*e)); <snip> rb_tree_insert_node(&alarm_tree, e); Add a heuristic to assume that calls to system functions taking void* arguments allow for pointer escape. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@251449 91177308-0d34-0410-b5e6-96231b3b80d8
Showing
- include/clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h 7 additions, 0 deletionsinclude/clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h
- lib/StaticAnalyzer/Checkers/MallocChecker.cpp 1 addition, 1 deletionlib/StaticAnalyzer/Checkers/MallocChecker.cpp
- lib/StaticAnalyzer/Core/CallEvent.cpp 29 additions, 12 deletionslib/StaticAnalyzer/Core/CallEvent.cpp
- test/Analysis/Inputs/system-header-simulator.h 6 additions, 0 deletionstest/Analysis/Inputs/system-header-simulator.h
- test/Analysis/malloc.c 17 additions, 0 deletionstest/Analysis/malloc.c
Loading
Please register or sign in to comment