granicus.if.org Git - clang/commit

author	Anna Zaks <ganna@apple.com>
	Sat, 19 Jan 2013 02:18:15 +0000 (02:18 +0000)
committer	Anna Zaks <ganna@apple.com>
	Sat, 19 Jan 2013 02:18:15 +0000 (02:18 +0000)
commit	1dfebd9f995066a229c34516eb14bc69c6bcde2c
tree	8440cd3c2a633129cce870843c4b9a63baa5b314	tree \| snapshot
parent	f30527901f84c9bf223db143b216a9061ee9e342	commit \| diff

[analyzer] Suppress warnings coming out of macros defined in sys/queue.h

Suppress the warning by just not emitting the report. The sink node
would get generated, which is fine since we did reach a bad state.

Motivation

Due to the way code is structured in some of these macros, we do not
reason correctly about it and report false positives. Specifically, the
following loop reports a use-after-free. Because of the way the code is
structured inside of the macro, the analyzer assumes that the list can
have cycles, so you end up with use-after-free in the loop, that is
safely deleting elements of the list. (The user does not have a way to
teach the analyzer about shape of data structures.)

SLIST_FOREACH_SAFE(item, &ctx->example_list, example_le, tmpitem) {
if (item->index == 3) { // if you remove each time, no complaints
assert((&ctx->example_list)->slh_first == item);
SLIST_REMOVE(&ctx->example_list, item, example_s, example_le);
free(item);
}
}

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172883 91177308-0d34-0410-b5e6-96231b3b80d8

include/clang/StaticAnalyzer/Core/BugReporter/BugReporter.h		diff \| blob \| history
lib/StaticAnalyzer/Core/BugReporter.cpp		diff \| blob \| history
test/Analysis/diagnostics/false-positive-suppression.c	[new file with mode: 0644]	blob
test/Analysis/diagnostics/include/sys/queue.h	[new file with mode: 0644]	blob