Commit Graph

139 Commits

Author SHA1 Message Date
Balázs Kéri 22a084cfa3 [Analyzer] Report every bug if only uniqueing location differs.
Summary:
Two CSA bug reports where only the uniqueing location is different
should be treated as different problems. The role of uniqueing location
is to differentiate bug reports.

Reviewers: Szelethus, baloghadamsoftware, NoQ, vsavchenko, xazax.hun, martong

Reviewed By: NoQ

Subscribers: NoQ, rnkovacs, xazax.hun, baloghadamsoftware, szepet, a.sidorin, mikhail.ramalho, Szelethus, donat.nagy, dkrupp, gamesh411, Charusso, martong, ASDenysPetrov, cfe-commits

Tags: #clang

Differential Revision: https://reviews.llvm.org/D83115
2020-07-15 12:19:25 +02:00
Kirstóf Umann 6bedfaf520 [analyzer][MallocChecker] Fix the incorrect retrieval of the from argument in realloc()
In the added testfile, the from argument was recognized as
&Element{SymRegion{reg_$0<long * global_a>},-1 S64b,long}
instead of
reg_$0<long * global_a>.
2020-06-01 22:38:29 +02:00
Kirstóf Umann 48a8c7dcbf [analyzer] Make buildbots happy 2020-05-21 01:54:50 +02:00
Kirstóf Umann 1d393eac8f [analyzer] Fix a null FunctionDecl dereference bug after D75432 2020-05-21 01:05:15 +02:00
Kirstóf Umann 2e5e42d4ae [analyzer][MallocChecker] When modeling realloc-like functions, don't early return if the argument is symbolic
The very essence of MallocChecker lies in 2 overload sets: the FreeMemAux
functions and the MallocMemAux functions. The former houses most of the error
checking as well (aside from leaks), such as incorrect deallocation. There, we
check whether the argument's MemSpaceRegion is the heap or unknown, and if it
isn't, we know we encountered a bug (aside from a corner case patched by
@balazske in D76830), as specified by MEM34-C.

In ReallocMemAux, which really is the combination of  FreeMemAux and
MallocMemAux, we incorrectly early returned if the memory argument of realloc is
non-symbolic. The problem is, one of the cases where this happens when we know
precisely what the region is, like an array, as demonstrated in the test file.
So, lets get rid of this false negative :^)

Side note, I dislike the warning message and the associated checker name, but
I'll address it in a later patch.

Differential Revision: https://reviews.llvm.org/D79415
2020-05-19 13:59:29 +02:00
Artem Dergachev 3d90e7e8db Revert "[analyzer] Toning down invalidation a bit".
This reverts commit r352473.

The overall idea is great, but it seems to cause unintented consequences
when not only Region Store invalidation but also pointer escape mechanism
was accidentally affected.

Based on discussions in https://reviews.llvm.org/D58121#1452483
and https://reviews.llvm.org/D57230#1434161

Differential Revision: https://reviews.llvm.org/D57230

llvm-svn: 357620
2019-04-03 18:21:16 +00:00
Artem Dergachev b7e33f6404 Revert "[analyzer] Remove the "postponed" hack, deal with derived symbols..."
This reverts commit r341722.

The "postponed" mechanism turns out to be necessary in order to handle
situations when a symbolic region is only kept alive by implicit bindings
in the Store. Otherwise the region is never scanned by the Store's worklist
and the binding gets dropped despite being live, as demonstrated
by the newly added tests.

Differential Revision: https://reviews.llvm.org/D57554

llvm-svn: 353350
2019-02-06 23:56:43 +00:00
Gabor Horvath f41e3d0873 [analyzer] Toning down invalidation a bit
When a function takes the address of a field the analyzer will no longer
assume that the function will change other fields of the enclosing structs.

Differential Revision: https://reviews.llvm.org/D57230

llvm-svn: 352473
2019-01-29 10:27:14 +00:00
Kristof Umann cf6bb77f65 [analyzer][MallocChecker][NFC] Document and reorganize some functions
This patch merely reorganizes some things, and features no functional change.

In detail:

* Provided documentation, or moved existing documentation in more obvious
places.
* Added dividers. (the //===----------===// thing).
* Moved getAllocationFamily, printAllocDeallocName, printExpectedAllocName and
printExpectedDeallocName in the global namespace on top of the file where
AllocationFamily is declared, as they are very strongly related.
* Moved isReleased and MallocUpdateRefState near RefState's definition for the
same reason.
* Realloc modeling was very poor in terms of variable and structure naming, as
well as documentation, so I renamed some of them and added much needed docs.
* Moved function IdentifierInfos to a separate struct, and moved isMemFunction,
isCMemFunction adn isStandardNewDelete inside it. This makes the patch affect
quite a lot of lines, should I extract it to a separate one?
* Moved MallocBugVisitor out of MallocChecker.
* Preferred switches to long else-if branches in some places.
* Neatly organized some RUN: lines.

Differential Revision: https://reviews.llvm.org/D54823

llvm-svn: 349281
2018-12-15 18:34:00 +00:00
Adam Balogh bf966f5237 [Analyzer] alpha.unix.cstring.OutOfBounds checker enable/disable fix
It was not possible to disable alpha.unix.cstring.OutOfBounds checker's reports
since unix.Malloc checker always implicitly enabled the filter. Moreover if the
checker was disabled from command line (-analyzer-disable-checker ..) the out
of bounds warnings were nevertheless emitted under different checker names such
as unix.cstring.NullArg, or unix.Malloc.

This patch fixes the case sot that Malloc checker only enables implicitly the
underlying modeling of strcpy, memcpy etc. but not the warning messages that
would have been emmitted by alpha.unix.cstring.OutOfBounds

Patch by: Dániel Krupp

Differential Revision: https://reviews.llvm.org/D48831

llvm-svn: 337000
2018-07-13 13:44:44 +00:00
Alexander Shaposhnikov 0c352b15d7 [analyzer] Do not attempt to get the pointee of void*
Do not attempt to get the pointee of void* while generating a bug report 
(otherwise it will trigger an assert inside RegionStoreManager::getBinding 
assert(!T->isVoidType() && "Attempting to dereference a void pointer!")).

Test plan: make check-all

Differential revision: https://reviews.llvm.org/D42396

llvm-svn: 323382
2018-01-24 22:17:30 +00:00
Devin Coughlin 2ff57bcd18 [analyzer] Provide a check name when MallocChecker enables CStringChecker
Fix an assertion failure caused by a missing CheckName. The malloc checker
enables "basic" support in the CStringChecker, which causes some CString
bounds checks to be enabled. In this case, make sure that we have a
valid CheckName for the BugType.

llvm-svn: 323052
2018-01-20 23:11:17 +00:00
Gabor Horvath b77bc6bb8b [analyzer] Fix some check's output plist not containing the check name
Differential Revision: https://reviews.llvm.org/D41538

llvm-svn: 321933
2018-01-06 10:51:00 +00:00
Daniel Marjamaki a43a8f5c5e [analyzer] Detect bad free of function pointers
Differential Revision: https://reviews.llvm.org/D31650

llvm-svn: 301913
2017-05-02 11:46:12 +00:00
Dominic Chen 184c6242fa Reland 4: [analyzer] NFC: Update test infrastructure to support multiple constraint managers
Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952.

Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin

Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits

Differential Revision: https://reviews.llvm.org/D30373

llvm-svn: 296895
2017-03-03 18:02:02 +00:00
Dominic Chen 09d66f7528 Revert "Reland 3: [analyzer] NFC: Update test infrastructure to support multiple constraint managers"
This reverts commit ea36f1406e1f36bf456c3f3929839b024128e468.

llvm-svn: 296841
2017-03-02 23:30:53 +00:00
Dominic Chen feaf9ff5ee Reland 3: [analyzer] NFC: Update test infrastructure to support multiple constraint managers
Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952.

Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin

Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits

Differential Revision: https://reviews.llvm.org/D30373

llvm-svn: 296837
2017-03-02 23:05:45 +00:00
Dominic Chen 4a90bf8c3f Revert "Reland 2: [analyzer] NFC: Update test infrastructure to support multiple constraint managers"
This reverts commit f93343c099fff646a2314cc7f4925833708298b1.

llvm-svn: 296836
2017-03-02 22:58:06 +00:00
Dominic Chen 1cb0256a3c Reland 2: [analyzer] NFC: Update test infrastructure to support multiple constraint managers
Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952.

Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin

Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits

Differential Revision: https://reviews.llvm.org/D30373

llvm-svn: 296835
2017-03-02 22:45:24 +00:00
Dominic Chen 00355a51d0 Revert "Reland: [analyzer] NFC: Update test infrastructure to support multiple constraint managers"
This reverts commit 1b28d0b10e1c8feccb971abb6ef7a18bee589830.

llvm-svn: 296422
2017-02-28 01:50:23 +00:00
Dominic Chen 59cd893320 Reland: [analyzer] NFC: Update test infrastructure to support multiple constraint managers
Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952.

Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin

Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits

Differential Revision: https://reviews.llvm.org/D30373

llvm-svn: 296414
2017-02-28 00:02:36 +00:00
Dominic Chen 8589e10c30 Revert "[analyzer] NFC: Update test infrastructure to support multiple constraint managers"
This reverts commit 8e7780b9e59ddaad1800baf533058d2c064d4787.

llvm-svn: 296317
2017-02-27 03:29:25 +00:00
Dominic Chen 02064a3076 [analyzer] NFC: Update test infrastructure to support multiple constraint managers
Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952.

Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin

Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits

Differential Revision: https://reviews.llvm.org/D30373

llvm-svn: 296312
2017-02-27 02:36:15 +00:00
Anton Yartsev 5ac3720620 Fix for PR15623 (corrected r290413 reverted at 290415). The patch eliminates unwanted ProgramState checker data propagation from an operand of the logical operation to operation result.
The patch also simplifies an assume of a constraint of the form: "(exp comparison_op expr) != 0" to true into an assume of "exp comparison_op expr" to true. (And similarly, an assume of the form "(exp comparison_op expr) == 0" to true as an assume of exp comparison_op expr to false.) which improves precision overall.
https://reviews.llvm.org/D22862

llvm-svn: 290505
2016-12-25 00:57:51 +00:00
Anton Yartsev b2a5eb87f8 Revert changes made by r290413 until regression is fixed.
llvm-svn: 290415
2016-12-23 04:09:18 +00:00
Anton Yartsev 1a2a9e3087 Fix for PR15623. The patch eliminates unwanted ProgramState checker data propagation from an operand of the logical operation to operation result.
The patch also simplifies an assume of a constraint of the form: "(exp comparison_op expr) != 0" to true into an assume of "exp comparison_op expr" to true. (And similarly, an assume of the form "(exp comparison_op expr) == 0" to true as an assume of exp comparison_op expr to false.) which improves precision overall.
https://reviews.llvm.org/D22862

llvm-svn: 290413
2016-12-23 03:31:00 +00:00
Artem Dergachev 70247e69b1 [analyzer] Let TK_PreserveContents span across the whole base region.
If an address of a field is passed through a const pointer,
the whole structure's base region should receive the
TK_PreserveContents trait and avoid invalidation.

Additionally, include a few FIXME tests shown up during testing.

Differential Revision: http://reviews.llvm.org/D19057

llvm-svn: 267413
2016-04-25 14:44:25 +00:00
Anna Zaks 30d4668774 [analyzer] Fix missed leak from MSVC specific allocation functions
Add the wide character strdup variants (wcsdup, _wcsdup) and the MSVC
version of alloca (_alloca) and other differently named function used
by the Malloc checker.

A patch by Alexander Riccio!

Differential Revision: http://reviews.llvm.org/D17688

llvm-svn: 262894
2016-03-08 01:21:51 +00:00
Anna Zaks fe1eca5169 [analyzer] Assume escape is possible through system functions taking void*
The analyzer assumes that system functions will not free memory or modify the
arguments in other ways, so we assume that arguments do not escape when
those are called. However, this may lead to false positive leak errors. For
example, in code like this where the pointers added to the rb_tree are freed
later on:

		struct alarm_event *e = calloc(1, sizeof(*e));
<snip>

		rb_tree_insert_node(&alarm_tree, e);

Add a heuristic to assume that calls to system functions taking void*
arguments allow for pointer escape.

llvm-svn: 251449
2015-10-27 20:19:45 +00:00
Devin Coughlin 8177173757 [analyzer] Make realloc(ptr, 0) handling equivalent to malloc(0).
Currently realloc(ptr, 0) is treated as free() which seems to be not correct. C
standard (N1570) establishes equivalent behavior for malloc(0) and realloc(ptr,
0): "7.22.3 Memory management functions calloc, malloc, realloc: If the size of
the space requested is zero, the behavior is implementation-defined: either a
null pointer is  returned, or the behavior is as if the size were some nonzero
value, except that the returned pointer shall not be used to access an object."
The patch equalizes the processing of malloc(0) and realloc(ptr,0). The patch
also enables unix.Malloc checker to detect references to zero-allocated memory
returned by realloc(ptr,0) ("Use of zero-allocated memory" warning).

A patch by Антон Ярцев!

Differential Revision: http://reviews.llvm.org/D9040

llvm-svn: 248336
2015-09-22 22:47:14 +00:00
Devin Coughlin e39bd407ba [analyzer] Add generateErrorNode() APIs to CheckerContext.
The analyzer trims unnecessary nodes from the exploded graph before reporting
path diagnostics. However, in some cases it can trim all nodes (including the
error node), leading to an assertion failure (see
https://llvm.org/bugs/show_bug.cgi?id=24184).

This commit addresses the issue by adding two new APIs to CheckerContext to
explicitly create error nodes. Unless the client provides a custom tag, these
APIs tag the node with the checker's tag -- preventing it from being trimmed.
The generateErrorNode() method creates a sink error node, while
generateNonFatalErrorNode() creates an error node for a path that should
continue being explored.

The intent is that one of these two methods should be used whenever a checker
creates an error node.

This commit updates the checkers to use these APIs. These APIs
(unlike addTransition() and generateSink()) do not take an explicit Pred node.
This is because there are not any error nodes in the checkers that were created
with an explicit different than the default (the CheckerContext's Pred node).

It also changes generateSink() to require state and pred nodes (previously
these were optional) to reduce confusion.

Additionally, there were several cases where checkers did check whether a
generated node could be null; we now explicitly check for null in these places.

This commit also includes a test case written by Ying Yi as part of
http://reviews.llvm.org/D12163 (that patch originally addressed this issue but
was reverted because it introduced false positive regressions).

Differential Revision: http://reviews.llvm.org/D12780

llvm-svn: 247859
2015-09-16 22:03:05 +00:00
Devin Coughlin 00691e3169 Revert "[Static Analyzer] BugReporter.cpp:2869: Assertion failed: !RemainingNodes.empty() && "No error node found in the trimmed graph""
This is making our internal build bot fail because it results in extra warnings being
emitted past what should be sink nodes. (There is actually an example of this in the
updated malloc.c test in the reverted commit.)

I'm working on a patch to fix the original issue by adding a new checker API to explicitly
create error nodes. This API will ensure that error nodes are always tagged in order to
prevent them from being reclaimed.

This reverts commit r246188.

llvm-svn: 247103
2015-09-08 23:50:22 +00:00
Gabor Horvath e9984b28ef [Static Analyzer] BugReporter.cpp:2869: Assertion failed: !RemainingNodes.empty() && "No error node found in the trimmed graph"
The assertion is caused by reusing a “filler” ExplodedNode as an error node.
The “filler” nodes are only used for intermediate processing and are not
essential for analyzer history, so they can be reclaimed when the
ExplodedGraph is trimmed by the “collectNode” function. When a checker finds a
bug, they generate a new transition in the ExplodedGraph. The analyzer will
try to reuse the existing predecessor node. If it cannot, it creates a new
ExplodedNode, which always has a tag to uniquely identify the creation site.
The assertion is caused when the analyzer reuses a “filler” node.

In the test case, some “filler” nodes were reused and then reclaimed later
when the ExplodedGraph was trimmed. This caused an assertion because the node
was needed to generate the report. The “filler” nodes should not be reused as
error nodes. The patch adds a constraint to prevent this happening, which
solves the problem and makes the test cases pass.

Differential Revision: http://reviews.llvm.org/D11433

Patch by Ying Yi!

llvm-svn: 246188
2015-08-27 18:57:00 +00:00
Anton Yartsev b50f4ba461 [analyzer] This implements potential undefbehavior.ZeroAllocDereference checker.
TODO: support realloc(). Currently it is not possible due to the present realloc() handling. Currently RegionState is not being attached to realloc() in case of a zero Size argument. 
llvm-svn: 234889
2015-04-14 14:18:04 +00:00
Anton Yartsev 9907fc9053 [analyzer] Bug fix: do not report leaks for alloca()
llvm-svn: 231314
2015-03-04 23:18:21 +00:00
Jordan Rose 97d2c9cae7 [analyzer] Teach CastSizeChecker about flexible array members.
...as well as fake flexible array members: structs that end in arrays with
length 0 or 1.

Patch by Daniel Fahlgren!

llvm-svn: 201583
2014-02-18 17:06:30 +00:00
Anna Zaks f5308fac1e Fixup to r196593.
This is another regression fixed by reverting r189090.

In this case, the problem is not live variables but the approach that was taken in r189090. This regression was caused by explicitly binding "true" to the condition when we take the true branch. Normally that's okay, but in this case we're planning to reuse that condition as the value of the expression.

llvm-svn: 196599
2013-12-06 19:28:16 +00:00
Anton Yartsev 968c60a554 [analyzer] Better modeling of memcpy by the CStringChecker (PR16731).
New rules of invalidation/escape of the source buffer of memcpy: the source buffer contents is invalidated and escape while the source buffer region itself is neither invalidated, nor escape.
In the current modeling of memcpy the information about allocation state of regions, accessible through the source buffer, is not copied to the destination buffer and we can not track the allocation state of those regions anymore. So we invalidate/escape the source buffer indirect regions in anticipation of their being invalidated for real later. This eliminates false-positive leaks reported by the unix.Malloc and alpha.cplusplus.NewDeleteLeaks checkers for the cases like

char *f() {
  void *x = malloc(47);
  char *a;
  memcpy(&a, &x, sizeof a);
  return a;
}

llvm-svn: 194953
2013-11-17 09:18:48 +00:00
Jordan Rose 60619a639b [analyzer] Assume that strings are no longer than SIZE_MAX/4.
This keeps the analyzer from making silly assumptions, like thinking
strlen(foo)+1 could wrap around to 0. This fixes PR16558.

Patch by Karthik Bhat!

llvm-svn: 188680
2013-08-19 16:27:34 +00:00
Jordan Rose 2f8b0229cb [analyzer] If realloc fails on an escaped region, that region doesn't leak.
When a region is realloc()ed, MallocChecker records whether it was known
to be allocated or not. If it is, and the reallocation fails, the original
region has to be freed. Previously, when an allocated region escaped,
MallocChecker completely stopped tracking it, so a failed reallocation
still (correctly) wouldn't require freeing the original region. Recently,
however, MallocChecker started tracking escaped symbols, so that if it were
freed we could check that the deallocator matched the allocator. This
broke the reallocation model for whether or not a symbol was allocated.

Now, MallocChecker will actually check if a symbol is owned, and only
require freeing after a failed reallocation if it was owned before.

PR16730

llvm-svn: 188468
2013-08-15 17:22:06 +00:00
Jordan Rose 757fbb0b14 [analyzer] Indirect invalidation counts as an escape for leak checkers.
Consider this example:

  char *p = malloc(sizeof(char));
  systemFunction(&p);
  free(p);

In this case, when we call systemFunction, we know (because it's a system
function) that it won't free 'p'. However, we /don't/ know whether or not
it will /change/ 'p', so the analyzer is forced to invalidate 'p', wiping
out any bindings it contains. But now the malloc'd region looks like a
leak, since there are no more bindings pointing to it, and we'll get a
spurious leak warning.

The fix for this is to notice when something is becoming inaccessible due
to invalidation (i.e. an imperfect model, as opposed to being explicitly
overwritten) and stop tracking it at that point. Currently, the best way
to determine this for a call is the "indirect escape" pointer-escape kind.

In practice, all the patch does is take the "system functions don't free
memory" special case and limit it to direct parameters, i.e. just the
arguments to a call and not other regions accessible to them. This is a
conservative change that should only cause us to escape regions more
eagerly, which means fewer leak warnings.

This isn't perfect for several reasons, the main one being that this
example is treated the same as the one above:

  char **p = malloc(sizeof(char *));
  systemFunction(p + 1);
  // leak

Currently, "addresses accessible by offsets of the starting region" and
"addresses accessible through bindings of the starting region" are both
considered "indirect" regions, hence this uniform treatment.

Another issue is our longstanding problem of not distinguishing const and
non-const bindings; if in the first example systemFunction's parameter were
a char * const *, we should know that the function will not overwrite 'p',
and thus we can safely report the leak.

<rdar://problem/13758386>

llvm-svn: 181607
2013-05-10 17:07:16 +00:00
Anna Zaks 93a21a8cfe [analyzer] Keep tracking the pointer after the escape to more aggressively report mismatched deallocator
Test that the path notes do not change. I don’t think we should print a note on escape.

Also, I’ve removed a check that assumed that the family stored in the RefStete could be
AF_None and added an assert in the constructor.

llvm-svn: 179075
2013-04-09 00:30:28 +00:00
Anna Zaks a1de8567fc [analyzer] Shorten the malloc checker’s leak message
As per Ted’s suggestion!

llvm-svn: 178938
2013-04-06 00:41:36 +00:00
Jordan Rose 5d22fcb257 [analyzer] Track malloc'd memory into struct fields.
Due to improper modelling of copy constructors (specifically, their
const reference arguments), we were producing spurious leak warnings
for allocated memory stored in structs. In order to silence this, we
decided to consider storing into a struct to be the same as escaping.
However, the previous commit has fixed this issue and we can now properly
distinguish leaked memory that happens to be in a struct from a buffer
that escapes within a struct wrapper.

Originally applied in r161511, reverted in r174468.
<rdar://problem/12945937>

llvm-svn: 177571
2013-03-20 20:35:57 +00:00
Anna Zaks bda130f02a [analyzer] Use isLiveRegion to determine when SymbolRegionValue is dead.
Fixes a FIXME, improves dead symbol collection, suppresses a false positive,
which resulted from reusing the same symbol twice for simulation of 2 calls to the same function.

Fixing this lead to 2 possible false negatives in CString checker. Since the checker is still alpha and
the solution will not require revert of this commit, move the tests to a FIXME section.

llvm-svn: 177206
2013-03-15 23:34:29 +00:00
Anna Zaks c89ad07d39 [analyzer] Report bugs when freeing memory with offset pointer
The malloc checker will now catch the case when a previously malloc'ed
region is freed, but the pointer passed to free does not point to the
start of the allocated memory. For example:

int *p1 = malloc(sizeof(int));
p1++;
free(p1); // warn

From the "memory.LeakPtrValChanged enhancement to unix.Malloc" entry
in the list of potential checkers.

A patch by Branden Archer!

llvm-svn: 174678
2013-02-07 23:05:47 +00:00
Anna Zaks acdc13cb00 [analyzer] Add pointer escape type param to checkPointerEscape callback
The checkPointerEscape callback previously did not specify how a
pointer escaped. This change includes an enum which describes the
different ways a pointer may escape. This enum is passed to the
checkPointerEscape callback when a pointer escapes. If the escape
is due to a function call, the call is passed. This changes
previous behavior where the call is passed as NULL if the escape
was due to indirectly invalidating the region the pointer referenced.

A patch by Branden Archer!

llvm-svn: 174677
2013-02-07 23:05:43 +00:00
Anna Zaks 258f9357ef [analyzer]Revert part of r161511; suppresses leak false positives in C++
This is a "quick fix".

The underlining issue is that when a const pointer to a struct is passed
into a function, we do not invalidate the pointer fields. This results
in false positives that are common in C++ (since copy constructors are
prevalent). (Silences two llvm false positives.)

llvm-svn: 174468
2013-02-06 00:01:14 +00:00
Jordan Rose 3ba8c792e5 [analyzer] Fix test to work on non-LP64 systems.
Thanks for the original catch in r168303, Takumi.

llvm-svn: 168671
2012-11-27 02:37:49 +00:00
NAKAMURA Takumi d05b01a8df clang/test: Suppress two tests on LLP64 target, Windows x64.
llvm-svn: 168303
2012-11-19 10:00:59 +00:00