mutable std::unique_ptr<BugType> BT_doublelock;
mutable std::unique_ptr<BugType> BT_doubleunlock;
mutable std::unique_ptr<BugType> BT_destroylock;
+ mutable std::unique_ptr<BugType> BT_initlock;
mutable std::unique_ptr<BugType> BT_lor;
enum LockingSemantics {
NotApplicable = 0,
void ReleaseLock(CheckerContext &C, const CallExpr *CE, SVal lock) const;
void DestroyLock(CheckerContext &C, const CallExpr *CE, SVal Lock) const;
+ void InitLock(CheckerContext &C, const CallExpr *CE, SVal Lock) const;
void reportUseDestroyedBug(CheckerContext &C, const CallExpr *CE) const;
};
} // end anonymous namespace
else if (FName == "pthread_mutex_destroy" ||
FName == "lck_mtx_destroy")
DestroyLock(C, CE, state->getSVal(CE->getArg(0), LCtx));
+ else if (FName == "pthread_mutex_init")
+ InitLock(C, CE, state->getSVal(CE->getArg(0), LCtx));
}
void PthreadLockChecker::AcquireLock(CheckerContext &C, const CallExpr *CE,
C.emitReport(Report);
}
+void PthreadLockChecker::InitLock(CheckerContext &C, const CallExpr *CE,
+ SVal Lock) const {
+
+ const MemRegion *LockR = Lock.getAsRegion();
+ if (!LockR)
+ return;
+
+ ProgramStateRef State = C.getState();
+
+ const struct LockState *LState = State->get<LockMap>(LockR);
+ if (!LState || LState->isDestroyed()) {
+ State = State->set<LockMap>(LockR, LockState::getUnlocked());
+ C.addTransition(State);
+ return;
+ }
+
+ StringRef Message;
+
+ if (LState->isLocked()) {
+ Message = "This lock is still being held";
+ } else {
+ Message = "This lock has already been initialized";
+ }
+
+ if (!BT_initlock)
+ BT_initlock.reset(new BugType(this, "Init invalid lock",
+ "Lock checker"));
+ ExplodedNode *N = C.generateSink();
+ if (!N)
+ return;
+ BugReport *Report = new BugReport(*BT_initlock, Message, N);
+ Report->addRange(CE->getArg(0)->getSourceRange());
+ C.emitReport(Report);
+}
+
void PthreadLockChecker::reportUseDestroyedBug(CheckerContext &C,
const CallExpr *CE) const {
if (!BT_destroylock)
void *foo;
} pthread_mutex_t;
+typedef struct {
+ void *foo;
+} pthread_mutexattr_t;
+
typedef struct {
void *foo;
} lck_grp_t;
extern int pthread_mutex_unlock(pthread_mutex_t *);
extern int pthread_mutex_trylock(pthread_mutex_t *);
extern int pthread_mutex_destroy(pthread_mutex_t *);
+extern int pthread_mutex_init(pthread_mutex_t *mutex, const pthread_mutexattr_t *mutexattr);
extern int lck_mtx_lock(lck_mtx_t *);
extern int lck_mtx_unlock(lck_mtx_t *);
extern int lck_mtx_try_lock(lck_mtx_t *);
lck_mtx_t lck1, lck2;
lck_grp_t grp1;
+#define NULL 0
+
void
ok1(void)
{
pthread_mutex_destroy(&mtx1); // no-warning
}
+void
+ok16(void)
+{
+ pthread_mutex_init(&mtx1, NULL); // no-warning
+}
+
+void
+ok17(void)
+{
+ pthread_mutex_init(&mtx1, NULL); // no-warning
+ pthread_mutex_init(&mtx2, NULL); // no-warning
+}
+
+void
+ok18(void)
+{
+ pthread_mutex_destroy(&mtx1); // no-warning
+ pthread_mutex_init(&mtx1, NULL); // no-warning
+}
+
+void
+ok19(void)
+{
+ pthread_mutex_destroy(&mtx1); // no-warning
+ pthread_mutex_init(&mtx1, NULL); // no-warning
+ pthread_mutex_destroy(&mtx2); // no-warning
+ pthread_mutex_init(&mtx2, NULL); // no-warning
+}
+
+void
+ok20(void)
+{
+ pthread_mutex_unlock(&mtx1); // no-warning
+ pthread_mutex_destroy(&mtx1); // no-warning
+ pthread_mutex_init(&mtx1, NULL); // no-warning
+ pthread_mutex_destroy(&mtx1); // no-warning
+ pthread_mutex_init(&mtx1, NULL); // no-warning
+}
+
void
bad1(void)
{
lck_mtx_lock(&mtx1); // no-warning
lck_mtx_destroy(&mtx1, &grp1); // expected-warning{{This lock is still locked}}
}
+
+void
+bad24(void)
+{
+ pthread_mutex_init(&mtx1, NULL); // no-warning
+ pthread_mutex_init(&mtx1, NULL); // expected-warning{{This lock has already been initialized}}
+}
+
+void
+bad25(void)
+{
+ pthread_mutex_lock(&mtx1); // no-warning
+ pthread_mutex_init(&mtx1, NULL); // expected-warning{{This lock is still being held}}
+}
+
+void
+bad26(void)
+{
+ pthread_mutex_unlock(&mtx1); // no-warning
+ pthread_mutex_init(&mtx1, NULL); // expected-warning{{This lock has already been initialized}}
+}
projects / clang / commitdiff