From: Anna Zaks Date: Wed, 2 May 2012 00:05:20 +0000 (+0000) Subject: [analyzer] Fix the 'ptr = ptr' false negative in the Malloc checker. X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=93c5a24b517e65eb61481ed866b503f1e37cff20;p=clang [analyzer] Fix the 'ptr = ptr' false negative in the Malloc checker. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155963 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/lib/StaticAnalyzer/Checkers/MallocChecker.cpp b/lib/StaticAnalyzer/Checkers/MallocChecker.cpp index 8bce88a769..55c32ec1eb 100644 --- a/lib/StaticAnalyzer/Checkers/MallocChecker.cpp +++ b/lib/StaticAnalyzer/Checkers/MallocChecker.cpp @@ -137,6 +137,9 @@ public: return true; } + void printState(raw_ostream &Out, ProgramStateRef State, + const char *NL, const char *Sep) const; + private: void initIdentifierInfo(ASTContext &C) const; @@ -1118,7 +1121,11 @@ void MallocChecker::checkBind(SVal loc, SVal val, const Stmt *S, // To test (3), generate a new state with the binding added. If it is // the same state, then it escapes (since the store cannot represent // the binding). - escapes = (state == (state->bindLoc(*regionLoc, val))); + // Do this only if we know that the store is not supposed to generate the + // same state. + SVal StoredVal = state->getSVal(regionLoc->getRegion()); + if (StoredVal != val) + escapes = (state == (state->bindLoc(*regionLoc, val))); } if (!escapes) { // Case 4: We do not currently model what happens when a symbol is @@ -1452,6 +1459,14 @@ MallocChecker::MallocBugVisitor::VisitNode(const ExplodedNode *N, return new PathDiagnosticEventPiece(Pos, Msg, true, StackHint); } +void MallocChecker::printState(raw_ostream &Out, ProgramStateRef State, + const char *NL, const char *Sep) const { + + RegionStateTy RS = State->get(); + + if (!RS.isEmpty()) + Out << "Has Malloc data" << NL; +} #define REGISTER_CHECKER(name) \ void ento::register##name(CheckerManager &mgr) {\ diff --git a/test/Analysis/malloc.c b/test/Analysis/malloc.c index c7ac56a3d0..9c09051c31 100644 --- a/test/Analysis/malloc.c +++ b/test/Analysis/malloc.c @@ -792,6 +792,12 @@ void radar11270219(void) { strcmp(x, y); // no warning } +void radar_11358224_test_double_assign_ints_positive_2() +{ + void *ptr = malloc(16); + ptr = ptr; // expected-warning {{leak}} +} + // ---------------------------------------------------------------------------- // Below are the known false positives.