std::string ShortDescription;
std::string Description;
PathDiagnosticLocation Location;
+ PathDiagnosticLocation UniqueingLocation;
const ExplodedNode *ErrorNode;
SmallVector<SourceRange, 4> Ranges;
ExtraTextList ExtraText;
: BT(bt), Description(desc), Location(l), ErrorNode(0),
Callbacks(F.getEmptyList()) {}
+ /// \brief Create a BugReport with a custom uniqueing location.
+ ///
+ /// The reports that have the same report location, description, bug type, and
+ /// ranges are uniqued - only one of the equivalent reports will be presented
+ /// to the user. This method allows to rest the location which should be used
+ /// for uniquing reports. For example, memory leaks checker, could set this to
+ /// the allocation site, rather then the location where the bug is reported.
+ BugReport(BugType& bt, StringRef desc, const ExplodedNode *errornode,
+ PathDiagnosticLocation LocationToUnique)
+ : BT(bt), Description(desc), UniqueingLocation(LocationToUnique),
+ ErrorNode(errornode), Callbacks(F.getEmptyList()) {}
+
virtual ~BugReport();
const BugType& getBugType() const { return BT; }
static bool SummarizeRegion(raw_ostream &os, const MemRegion *MR);
void ReportBadFree(CheckerContext &C, SVal ArgVal, SourceRange range) const;
+ /// Find the location of the allocation for Sym on the path leading to the
+ /// exploded node N.
+ const Stmt *getAllocationSite(const ExplodedNode *N, SymbolRef Sym,
+ CheckerContext &C) const;
+
void reportLeak(SymbolRef Sym, ExplodedNode *N, CheckerContext &C) const;
/// The bug visitor which allows us to print extra diagnostics along the
return MallocMemAux(C, CE, TotalSize, zeroVal, state);
}
+const Stmt *
+MallocChecker::getAllocationSite(const ExplodedNode *N, SymbolRef Sym,
+ CheckerContext &C) const {
+ // Walk the ExplodedGraph backwards and find the first node that referred to
+ // the tracked symbol.
+ const ExplodedNode *AllocNode = N;
+
+ while (N) {
+ if (!N->getState()->get<RegionState>(Sym))
+ break;
+ AllocNode = N;
+ N = N->pred_empty() ? NULL : *(N->pred_begin());
+ }
+
+ ProgramPoint P = AllocNode->getLocation();
+ return cast<clang::PostStmt>(P).getStmt();
+}
+
void MallocChecker::reportLeak(SymbolRef Sym, ExplodedNode *N,
CheckerContext &C) const {
assert(N);
BT_Leak->setSuppressOnSink(true);
}
+ // Most bug reports are cached at the location where they occurred.
+ // With leaks, we want to unique them by the location where they were
+ // allocated, and only report a single path.
+ const Stmt *AllocStmt = getAllocationSite(N, Sym, C);
+ PathDiagnosticLocation LocUsedForUniqueing =
+ PathDiagnosticLocation::createBegin(AllocStmt, C.getSourceManager(),
+ N->getLocationContext());
+
BugReport *R = new BugReport(*BT_Leak,
- "Memory is never released; potential memory leak", N);
+ "Memory is never released; potential memory leak", N, LocUsedForUniqueing);
R->addVisitor(new MallocBugVisitor(Sym));
C.EmitReport(R);
}
}
}
- ExplodedNode *N = C.addTransition(state->set<RegionState>(RS));
+ // Generate leak node.
+ static SimpleProgramPointTag Tag("MallocChecker : DeadSymbolsLeak");
+ ExplodedNode *N = C.addTransition(C.getState(), C.getPredecessor(), &Tag);
- if (N && generateReport) {
+ if (generateReport) {
for (llvm::SmallVector<SymbolRef, 2>::iterator
I = Errors.begin(), E = Errors.end(); I != E; ++I) {
reportLeak(*I, N, C);
}
}
+ C.addTransition(state->set<RegionState>(RS), N);
}
void MallocChecker::checkEndPath(CheckerContext &C) const {