diff options
author | Zhongxing Xu <xuzhongxing@gmail.com> | 2009-11-17 08:58:18 +0000 |
---|---|---|
committer | Zhongxing Xu <xuzhongxing@gmail.com> | 2009-11-17 08:58:18 +0000 |
commit | 4985e3ec81679955e51d537d1186e243f9389d7a (patch) | |
tree | c5f3afb9bf7723e8bd6195b6594a02222f62c2fe | |
parent | 23afaad895486d4a9ea672f497b63ebc4c588955 (diff) |
Add PreVisitReturn to Malloc checker. Now we can recognize returned memory
block.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89071 91177308-0d34-0410-b5e6-96231b3b80d8
-rw-r--r-- | lib/Analysis/MallocChecker.cpp | 26 | ||||
-rw-r--r-- | test/Analysis/malloc.c | 8 |
2 files changed, 30 insertions, 4 deletions
diff --git a/lib/Analysis/MallocChecker.cpp b/lib/Analysis/MallocChecker.cpp index fdd6a3d026..93e708332e 100644 --- a/lib/Analysis/MallocChecker.cpp +++ b/lib/Analysis/MallocChecker.cpp @@ -60,6 +60,7 @@ public: void PostVisitCallExpr(CheckerContext &C, const CallExpr *CE); void EvalDeadSymbols(CheckerContext &C,const Stmt *S,SymbolReaper &SymReaper); void EvalEndPath(GREndPathNodeBuilder &B, void *tag, GRExprEngine &Eng); + void PreVisitReturnStmt(CheckerContext &C, const ReturnStmt *S); private: void MallocMem(CheckerContext &C, const CallExpr *CE); void FreeMem(CheckerContext &C, const CallExpr *CE); @@ -190,3 +191,28 @@ void MallocChecker::EvalEndPath(GREndPathNodeBuilder &B, void *tag, } } } + +void MallocChecker::PreVisitReturnStmt(CheckerContext &C, const ReturnStmt *S) { + const Expr *RetE = S->getRetValue(); + if (!RetE) + return; + + const GRState *state = C.getState(); + + SymbolRef Sym = state->getSVal(RetE).getAsSymbol(); + + if (!Sym) + return; + + const RefState *RS = state->get<RegionState>(Sym); + if (!RS) + return; + + // FIXME: check other cases. + if (RS->isAllocated()) + state = state->set<RegionState>(Sym, RefState::getEscaped(S)); + + ExplodedNode *N = C.GenerateNode(S, state); + if (N) + C.addTransition(N); +} diff --git a/test/Analysis/malloc.c b/test/Analysis/malloc.c index 3dc5843ae0..6a17cba349 100644 --- a/test/Analysis/malloc.c +++ b/test/Analysis/malloc.c @@ -23,8 +23,8 @@ void f2() { // or inter-procedural analysis, this is a conservative answer. int *f3() { static int *p = 0; - p = malloc(10); // will be fixed. - return p; // expected-warning{{Allocated memory never released. Potential memory leak.}} + p = malloc(10); + return p; // no-warning } // This case tests that storing malloc'ed memory to a static global variable @@ -32,6 +32,6 @@ int *f3() { // functions or inter-procedural analysis, this is a conservative answer. static int *p_f4 = 0; int *f4() { - p_f4 = malloc(10); // will be fixed. - return p_f4; // expected-warning{{Allocated memory never released. Potential memory leak.}} + p_f4 = malloc(10); + return p_f4; // no-warning } |