From 1526881ee0d9eead1a0b4ce055c2438c67430243 Mon Sep 17 00:00:00 2001
From: Anna Zaks <ganna@apple.com>
Date: Mon, 20 Feb 2012 22:25:23 +0000
Subject: [PATCH] [analyzer] Make Malloc aware of inter-procedural execution +
 basic tests.

llvm-svn: 150993
---
 .../StaticAnalyzer/Checkers/MallocChecker.cpp |  9 +++-
 clang/test/Analysis/malloc-interprocedural.c  | 54 +++++++++++++++++++
 2 files changed, 61 insertions(+), 2 deletions(-)
 create mode 100644 clang/test/Analysis/malloc-interprocedural.c

diff --git a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
index 38044d1aa9c5..fed64f1b0426 100644
--- a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
@@ -827,6 +827,10 @@ void MallocChecker::checkEndPath(CheckerContext &C) const {
   ProgramStateRef state = C.getState();
   RegionStateTy M = state->get<RegionState>();
 
+  // If inside inlined call, skip it.
+  if (C.getLocationContext()->getParent() != 0)
+    return;
+
   for (RegionStateTy::iterator I = M.begin(), E = M.end(); I != E; ++I) {
     RefState RS = I->second;
     if (RS.isAllocated()) {
@@ -885,8 +889,9 @@ void MallocChecker::checkPreStmt(const ReturnStmt *S, CheckerContext &C) const {
   if (checkUseAfterFree(Sym, C, E))
     return;
 
-  // Check if the symbol is escaping.
-  checkEscape(Sym, E, C);
+  // If this function body is not inlined, check if the symbol is escaping.
+  if (C.getLocationContext()->getParent() == 0)
+    checkEscape(Sym, E, C);
 }
 
 bool MallocChecker::checkUseAfterFree(SymbolRef Sym, CheckerContext &C,
diff --git a/clang/test/Analysis/malloc-interprocedural.c b/clang/test/Analysis/malloc-interprocedural.c
new file mode 100644
index 000000000000..8ae6024d7e0c
--- /dev/null
+++ b/clang/test/Analysis/malloc-interprocedural.c
@@ -0,0 +1,54 @@
+// RUN: %clang_cc1 -analyze -analyzer-checker=unix.Malloc -analyzer-inline-call -analyzer-store=region -verify %s
+
+#include "system-header-simulator.h"
+
+typedef __typeof(sizeof(int)) size_t;
+void *malloc(size_t);
+void *valloc(size_t);
+void free(void *);
+void *realloc(void *ptr, size_t size);
+void *reallocf(void *ptr, size_t size);
+void *calloc(size_t nmemb, size_t size);
+extern void exit(int) __attribute__ ((__noreturn__));
+
+static void my_malloc1(void **d, size_t size) {
+  *d = malloc(size);
+}
+
+static void *my_malloc2(int elevel, size_t size) {
+  void     *data;
+  data = malloc(size);
+  if (data == 0)
+    exit(0);
+  return data;
+}
+
+static void my_free1(void *p) {
+  free(p);
+}
+
+static void test1() {
+  void *data = 0;
+  my_malloc1(&data, 4); // expected-warning {{Memory is never released; potential memory leak}}
+}
+
+static void test2() {
+  void * data = my_malloc2(1, 4);
+  data = my_malloc2(1, 4);// expected-warning {{Memory is never released; potential memory leak}}
+}
+
+static void test3() {
+  void *data = my_malloc2(1, 4);
+  free(data);
+  data = my_malloc2(1, 4);
+  free(data);
+}
+
+int test4() {
+  int *data = (int*)my_malloc2(1, 4);
+  my_free1(data);
+  data = (int *)my_malloc2(1, 4);
+  my_free1(data);
+  return *data; // expected-warning {{Use of memory after it is freed}}
+}
+