rnkovacs updated this revision to Diff 150625. rnkovacs marked an inline comment as done. rnkovacs edited the summary of this revision. rnkovacs added a comment. Herald added a subscriber: mikhail.ramalho.
Fixed naming and added an extra pass for regions left behind by incomplete destructors. https://reviews.llvm.org/D47416 Files: lib/StaticAnalyzer/Checkers/DanglingInternalBufferChecker.cpp Index: lib/StaticAnalyzer/Checkers/DanglingInternalBufferChecker.cpp =================================================================== --- lib/StaticAnalyzer/Checkers/DanglingInternalBufferChecker.cpp +++ lib/StaticAnalyzer/Checkers/DanglingInternalBufferChecker.cpp @@ -26,7 +26,8 @@ namespace { -class DanglingInternalBufferChecker : public Checker<check::PostCall> { +class DanglingInternalBufferChecker : public Checker<check::DeadSymbols, + check::PostCall> { CallDescription CStrFn; public: @@ -36,6 +37,9 @@ /// corresponding string object region in the ProgramState. Mark the symbol /// released if the string object is destroyed. void checkPostCall(const CallEvent &Call, CheckerContext &C) const; + + /// Clean up the ProgramState map. + void checkDeadSymbols(SymbolReaper &SymReaper, CheckerContext &C) const; }; } // end anonymous namespace @@ -76,12 +80,32 @@ // FIXME: What if Origin is null? const Expr *Origin = Call.getOriginExpr(); State = allocation_state::markReleased(State, *StrBufferPtr, Origin); + State = State->remove<RawPtrMap>(TypedR); C.addTransition(State); return; } } } +void DanglingInternalBufferChecker::checkDeadSymbols(SymbolReaper &SymReaper, + CheckerContext &C) const { + if (!SymReaper.hasDeadSymbols()) + return; + + ProgramStateRef State = C.getState(); + RawPtrMapTy RPM = State->get<RawPtrMap>(); + for (const auto Entry : RPM) { + if (SymReaper.isDead(Entry.second)) + State = State->remove<RawPtrMap>(Entry.first); + if (!SymReaper.isLiveRegion(Entry.first)) + // Due to incomplete destructor support, some dead regions might still + // remain in the program state map. Clean them up. + State = State->remove<RawPtrMap>(Entry.first); + } + + C.addTransition(State); +} + void ento::registerDanglingInternalBufferChecker(CheckerManager &Mgr) { registerNewDeleteChecker(Mgr); Mgr.registerChecker<DanglingInternalBufferChecker>();
Index: lib/StaticAnalyzer/Checkers/DanglingInternalBufferChecker.cpp =================================================================== --- lib/StaticAnalyzer/Checkers/DanglingInternalBufferChecker.cpp +++ lib/StaticAnalyzer/Checkers/DanglingInternalBufferChecker.cpp @@ -26,7 +26,8 @@ namespace { -class DanglingInternalBufferChecker : public Checker<check::PostCall> { +class DanglingInternalBufferChecker : public Checker<check::DeadSymbols, + check::PostCall> { CallDescription CStrFn; public: @@ -36,6 +37,9 @@ /// corresponding string object region in the ProgramState. Mark the symbol /// released if the string object is destroyed. void checkPostCall(const CallEvent &Call, CheckerContext &C) const; + + /// Clean up the ProgramState map. + void checkDeadSymbols(SymbolReaper &SymReaper, CheckerContext &C) const; }; } // end anonymous namespace @@ -76,12 +80,32 @@ // FIXME: What if Origin is null? const Expr *Origin = Call.getOriginExpr(); State = allocation_state::markReleased(State, *StrBufferPtr, Origin); + State = State->remove<RawPtrMap>(TypedR); C.addTransition(State); return; } } } +void DanglingInternalBufferChecker::checkDeadSymbols(SymbolReaper &SymReaper, + CheckerContext &C) const { + if (!SymReaper.hasDeadSymbols()) + return; + + ProgramStateRef State = C.getState(); + RawPtrMapTy RPM = State->get<RawPtrMap>(); + for (const auto Entry : RPM) { + if (SymReaper.isDead(Entry.second)) + State = State->remove<RawPtrMap>(Entry.first); + if (!SymReaper.isLiveRegion(Entry.first)) + // Due to incomplete destructor support, some dead regions might still + // remain in the program state map. Clean them up. + State = State->remove<RawPtrMap>(Entry.first); + } + + C.addTransition(State); +} + void ento::registerDanglingInternalBufferChecker(CheckerManager &Mgr) { registerNewDeleteChecker(Mgr); Mgr.registerChecker<DanglingInternalBufferChecker>();
_______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits