NoQ added a comment.
Oh damn, i just realized that this way we track much more pointers than before,
because we cannot restrict ourselves to pointers that have been explicitly
malloc()ed during analysis. After all, we don't need to see the allocation site
to diagnose use-after-free.
I'm afraid that it's going to be too many pointers.
Change of plans: let's suppress the warning when our `free()` is done within
the function that has `__isl_take` in its definition. So, like, ascend the
chain of location contexts and check your callers when you're about to mark the
pointer as released. If any of the callers contain `__isl_take`, mark it as
escaped instead.
================
Comment at: clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp:56-58
+ // If this checker does not model the allocation.
+ DoNothing,
+ // Reference to allocated memory.
----------------
We already have `Escaped`, it's the same thing in practice.
================
Comment at: clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp:2937-2942
+ const Stmt *S = PathDiagnosticLocation::getStmt(N);
+
+ if (RS && RS->isDoNothing()) {
+ BR.markInvalid(getTag(), S);
+ return nullptr;
+ }
----------------
{F9551724}
Repository:
rC Clang
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D64680/new/
https://reviews.llvm.org/D64680
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
