[analyzer] Make Malloc aware of inter-procedural execution + basic

tests. llvm-svn: 150993
2012-02-20 22:25:23 +00:00 · 2012-02-20 22:25:23 +00:00 · 1526881ee0
parent f4ca30d74b
commit 1526881ee0
2 changed files with 61 additions and 2 deletions
--- a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
@ -827,6 +827,10 @@ void MallocChecker::checkEndPath(CheckerContext &C) const {
  ProgramStateRef state = C.getState();
  RegionStateTy M = state->get<RegionState>();

+  // If inside inlined call, skip it.
+  if (C.getLocationContext()->getParent() != 0)
+    return;
+
  for (RegionStateTy::iterator I = M.begin(), E = M.end(); I != E; ++I) {
    RefState RS = I->second;
    if (RS.isAllocated()) {
@ -885,8 +889,9 @@ void MallocChecker::checkPreStmt(const ReturnStmt *S, CheckerContext &C) const {
  if (checkUseAfterFree(Sym, C, E))
    return;

-  // Check if the symbol is escaping.
-  checkEscape(Sym, E, C);
+  // If this function body is not inlined, check if the symbol is escaping.
+  if (C.getLocationContext()->getParent() == 0)
+    checkEscape(Sym, E, C);
 }

 bool MallocChecker::checkUseAfterFree(SymbolRef Sym, CheckerContext &C,
--- a/clang/test/Analysis/malloc-interprocedural.c
+++ b/clang/test/Analysis/malloc-interprocedural.c
@ -0,0 +1,54 @@
+// RUN: %clang_cc1 -analyze -analyzer-checker=unix.Malloc -analyzer-inline-call -analyzer-store=region -verify %s
+
+#include "system-header-simulator.h"
+
+typedef __typeof(sizeof(int)) size_t;
+void *malloc(size_t);
+void *valloc(size_t);
+void free(void *);
+void *realloc(void *ptr, size_t size);
+void *reallocf(void *ptr, size_t size);
+void *calloc(size_t nmemb, size_t size);
+extern void exit(int) __attribute__ ((__noreturn__));
+
+static void my_malloc1(void **d, size_t size) {
+  *d = malloc(size);
+}
+
+static void *my_malloc2(int elevel, size_t size) {
+  void     *data;
+  data = malloc(size);
+  if (data == 0)
+    exit(0);
+  return data;
+}
+
+static void my_free1(void *p) {
+  free(p);
+}
+
+static void test1() {
+  void *data = 0;
+  my_malloc1(&data, 4); // expected-warning {{Memory is never released; potential memory leak}}
+}
+
+static void test2() {
+  void * data = my_malloc2(1, 4);
+  data = my_malloc2(1, 4);// expected-warning {{Memory is never released; potential memory leak}}
+}
+
+static void test3() {
+  void *data = my_malloc2(1, 4);
+  free(data);
+  data = my_malloc2(1, 4);
+  free(data);
+}
+
+int test4() {
+  int *data = (int*)my_malloc2(1, 4);
+  my_free1(data);
+  data = (int *)my_malloc2(1, 4);
+  my_free1(data);
+  return *data; // expected-warning {{Use of memory after it is freed}}
+}
+