Skip to content
Snippets Groups Projects
Commit d708bacd authored by Anna Zaks's avatar Anna Zaks
Browse files

[analyzer] KeyChainAPI: unique the leaks by allocation site. 

(Very similar to the previous change in malloc.)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151297 91177308-0d34-0410-b5e6-96231b3b80d8
parent f64bc202
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp
+ 60
21
View file @ d708bacd
...@@ -59,7 +59,7 @@ public: ...@@ -59,7 +59,7 @@ public:
void checkPreStmt(const ReturnStmt *S, CheckerContext &C) const; void checkPreStmt(const ReturnStmt *S, CheckerContext &C) const;
void checkPostStmt(const CallExpr *S, CheckerContext &C) const; void checkPostStmt(const CallExpr *S, CheckerContext &C) const;
void checkDeadSymbols(SymbolReaper &SR, CheckerContext &C) const; void checkDeadSymbols(SymbolReaper &SR, CheckerContext &C) const;
void checkEndPath(CheckerContext &Ctx) const; void checkEndPath(CheckerContext &C) const;
private: private:
typedef std::pair<SymbolRef, const AllocationState*> AllocationPair; typedef std::pair<SymbolRef, const AllocationState*> AllocationPair;
...@@ -101,8 +101,13 @@ private: ...@@ -101,8 +101,13 @@ private:
const Expr *ArgExpr, const Expr *ArgExpr,
CheckerContext &C) const; CheckerContext &C) const;
/// Find the allocation site for Sym on the path leading to the node N.
const Stmt *getAllocationSite(const ExplodedNode *N, SymbolRef Sym,
CheckerContext &C) const;
BugReport *generateAllocatedDataNotReleasedReport(const AllocationPair &AP, BugReport *generateAllocatedDataNotReleasedReport(const AllocationPair &AP,
ExplodedNode *N) const; ExplodedNode *N,
CheckerContext &C) const;
/// Check if RetSym evaluates to an error value in the current state. /// Check if RetSym evaluates to an error value in the current state.
bool definitelyReturnedError(SymbolRef RetSym, bool definitelyReturnedError(SymbolRef RetSym,
...@@ -498,19 +503,46 @@ void MacOSKeychainAPIChecker::checkPreStmt(const ReturnStmt *S, ...@@ -498,19 +503,46 @@ void MacOSKeychainAPIChecker::checkPreStmt(const ReturnStmt *S,
C.addTransition(state); C.addTransition(state);
} }
const Stmt *
MacOSKeychainAPIChecker::getAllocationSite(const ExplodedNode *N,
SymbolRef Sym,
CheckerContext &C) const {
// Walk the ExplodedGraph backwards and find the first node that referred to
// the tracked symbol.
const ExplodedNode *AllocNode = N;
while (N) {
if (!N->getState()->get<AllocatedData>(Sym))
break;
AllocNode = N;
N = N->pred_empty() ? NULL : *(N->pred_begin());
}
ProgramPoint P = AllocNode->getLocation();
return cast<clang::PostStmt>(P).getStmt();
}
BugReport *MacOSKeychainAPIChecker:: BugReport *MacOSKeychainAPIChecker::
generateAllocatedDataNotReleasedReport(const AllocationPair &AP, generateAllocatedDataNotReleasedReport(const AllocationPair &AP,
ExplodedNode *N) const { ExplodedNode *N,
CheckerContext &C) const {
const ADFunctionInfo &FI = FunctionsToTrack[AP.second->AllocatorIdx]; const ADFunctionInfo &FI = FunctionsToTrack[AP.second->AllocatorIdx];
initBugType(); initBugType();
SmallString<70> sbuf; SmallString<70> sbuf;
llvm::raw_svector_ostream os(sbuf); llvm::raw_svector_ostream os(sbuf);
os << "Allocated data is not released: missing a call to '" os << "Allocated data is not released: missing a call to '"
<< FunctionsToTrack[FI.DeallocatorIdx].Name << "'."; << FunctionsToTrack[FI.DeallocatorIdx].Name << "'.";
BugReport *Report = new BugReport(*BT, os.str(), N);
// Most bug reports are cached at the location where they occurred.
// With leaks, we want to unique them by the location where they were
// allocated, and only report a single path.
const Stmt *AllocStmt = getAllocationSite(N, AP.first, C);
PathDiagnosticLocation LocUsedForUniqueing =
PathDiagnosticLocation::createBegin(AllocStmt, C.getSourceManager(),
N->getLocationContext());
BugReport *Report = new BugReport(*BT, os.str(), N, LocUsedForUniqueing);
Report->addVisitor(new SecKeychainBugVisitor(AP.first)); Report->addVisitor(new SecKeychainBugVisitor(AP.first));
Report->addRange(SourceRange());
return Report; return Report;
} }
...@@ -536,27 +568,31 @@ void MacOSKeychainAPIChecker::checkDeadSymbols(SymbolReaper &SR, ...@@ -536,27 +568,31 @@ void MacOSKeychainAPIChecker::checkDeadSymbols(SymbolReaper &SR,
continue; continue;
Errors.push_back(std::make_pair(I->first, &I->second)); Errors.push_back(std::make_pair(I->first, &I->second));
} }
if (!Changed) if (!Changed) {
// Generate the new, cleaned up state.
C.addTransition(State);
return; return;
}
// Generate the new, cleaned up state. static SimpleProgramPointTag Tag("MacOSKeychainAPIChecker : DeadSymbolsLeak");
ExplodedNode *N = C.addTransition(State); ExplodedNode *N = C.addTransition(C.getState(), C.getPredecessor(), &Tag);
if (!N)
return;
// Generate the error reports. // Generate the error reports.
for (AllocationPairVec::iterator I = Errors.begin(), E = Errors.end(); for (AllocationPairVec::iterator I = Errors.begin(), E = Errors.end();
I != E; ++I) { I != E; ++I) {
C.EmitReport(generateAllocatedDataNotReleasedReport(*I, N)); C.EmitReport(generateAllocatedDataNotReleasedReport(*I, N, C));
} }
// Generate the new, cleaned up state.
C.addTransition(State, N);
} }
// TODO: Remove this after we ensure that checkDeadSymbols are always called. // TODO: Remove this after we ensure that checkDeadSymbols are always called.
void MacOSKeychainAPIChecker::checkEndPath(CheckerContext &Ctx) const { void MacOSKeychainAPIChecker::checkEndPath(CheckerContext &C) const {
ProgramStateRef state = Ctx.getState(); ProgramStateRef state = C.getState();
// If inside inlined call, skip it. // If inside inlined call, skip it.
if (Ctx.getLocationContext()->getParent() != 0) if (C.getLocationContext()->getParent() != 0)
return; return;
AllocatedSetTy AS = state->get<AllocatedData>(); AllocatedSetTy AS = state->get<AllocatedData>();
...@@ -574,25 +610,28 @@ void MacOSKeychainAPIChecker::checkEndPath(CheckerContext &Ctx) const { ...@@ -574,25 +610,28 @@ void MacOSKeychainAPIChecker::checkEndPath(CheckerContext &Ctx) const {
// allocation, do not report. // allocation, do not report.
if (state->getSymVal(I.getKey()) || if (state->getSymVal(I.getKey()) ||
definitelyReturnedError(I->second.Region, state, definitelyReturnedError(I->second.Region, state,
Ctx.getSValBuilder())) { C.getSValBuilder())) {
continue; continue;
} }
Errors.push_back(std::make_pair(I->first, &I->second)); Errors.push_back(std::make_pair(I->first, &I->second));
} }
// If no change, do not generate a new state. // If no change, do not generate a new state.
if (!Changed) if (!Changed) {
C.addTransition(state);
return; return;
}
ExplodedNode *N = Ctx.addTransition(state); static SimpleProgramPointTag Tag("MacOSKeychainAPIChecker : EndPathLeak");
if (!N) ExplodedNode *N = C.addTransition(C.getState(), C.getPredecessor(), &Tag);
return;
// Generate the error reports. // Generate the error reports.
for (AllocationPairVec::iterator I = Errors.begin(), E = Errors.end(); for (AllocationPairVec::iterator I = Errors.begin(), E = Errors.end();
I != E; ++I) { I != E; ++I) {
Ctx.EmitReport(generateAllocatedDataNotReleasedReport(*I, N)); C.EmitReport(generateAllocatedDataNotReleasedReport(*I, N, C));
} }
C.addTransition(state, N);
} }
......
test/Analysis/keychainAPI.m
+ 11
2
View file @ d708bacd
...@@ -370,9 +370,18 @@ void allocAndFree1() { ...@@ -370,9 +370,18 @@ void allocAndFree1() {
my_FreeParam(ptr, outData); my_FreeParam(ptr, outData);
} }
void allocNoFree2() { void consumeChar(char);
void allocNoFree2(int x) {
OSStatus st = 0; OSStatus st = 0;
void *outData = my_AllocateReturn(&st); // expected-warning{{Allocated data is not released:}} void *outData = my_AllocateReturn(&st);
if (x) {
consumeChar(*(char*)outData); // expected-warning{{Allocated data is not released:}}
return;
} else {
consumeChar(*(char*)outData);
}
return;
} }
void allocAndFree2(void *attrList) { void allocAndFree2(void *attrList) {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment