From 7c595b6e32a15db71e28cd65408a8b90f35302cf Mon Sep 17 00:00:00 2001
From: Artem Dergachev <artem.dergachev@gmail.com>
Date: Fri, 16 Dec 2016 12:21:55 +0000
Subject: [PATCH] [analyzer] Add another exception for Qt in MallocChecker

Treat pointers passed to QObject::connectImpl() as escaping.

rdar://problem/29550440

Differential Revision: https://reviews.llvm.org/D27717


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@289939 91177308-0d34-0410-b5e6-96231b3b80d8
---
 lib/StaticAnalyzer/Checkers/MallocChecker.cpp |  5 +++++
 test/Analysis/Inputs/qt-simulator.h           | 17 +++++++++++++++++
 test/Analysis/qt_malloc.cpp                   |  8 +++++++-
 3 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/lib/StaticAnalyzer/Checkers/MallocChecker.cpp b/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
index a00fd1d421..07c607212d 100644
--- a/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
+++ b/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
@@ -2579,6 +2579,11 @@ bool MallocChecker::mayFreeAnyEscapedMemoryOrIsModeledExplicitly(
     return true;
   }
 
+  if (FName == "connectImpl" &&
+      FD->getQualifiedNameAsString() == "QObject::connectImpl") {
+    return true;
+  }
+
   // Handle cases where we know a buffer's /address/ can escape.
   // Note that the above checks handle some special cases where we know that
   // even though the address escapes, it's still our responsibility to free the
diff --git a/test/Analysis/Inputs/qt-simulator.h b/test/Analysis/Inputs/qt-simulator.h
index d1d6c0356b..a3c7387d20 100644
--- a/test/Analysis/Inputs/qt-simulator.h
+++ b/test/Analysis/Inputs/qt-simulator.h
@@ -1,6 +1,23 @@
 #pragma clang system_header
 
+namespace QtPrivate {
+struct QSlotObjectBase {};
+}
+
+namespace Qt {
+enum ConnectionType {};
+}
+
+struct QMetaObject {
+  struct Connection {};
+};
+
 struct QObject {
+  static QMetaObject::Connection connectImpl(const QObject *, void **,
+                                             const QObject *, void **,
+                                             QtPrivate::QSlotObjectBase *,
+                                             Qt::ConnectionType,
+                                             const int *, const QMetaObject *);
 };
 
 struct QEvent {
diff --git a/test/Analysis/qt_malloc.cpp b/test/Analysis/qt_malloc.cpp
index d29835f73f..200556ea30 100644
--- a/test/Analysis/qt_malloc.cpp
+++ b/test/Analysis/qt_malloc.cpp
@@ -1,4 +1,4 @@
-// RUN: %clang_cc1 -analyze -analyzer-checker=core,alpha.deadcode.UnreachableCode,alpha.core.CastSize,unix.Malloc,cplusplus -analyzer-store=region -verify %s
+// RUN: %clang_cc1 -std=c++11 -analyze -analyzer-checker=core,alpha.deadcode.UnreachableCode,alpha.core.CastSize,unix.Malloc,cplusplus -analyzer-store=region -verify %s
 // expected-no-diagnostics
 #include "Inputs/qt-simulator.h"
 
@@ -13,3 +13,9 @@ void send(QObject *obj)
   QEvent *e4 = new QEvent(QEvent::None);
   QApplication::postEvent(obj, e4);
 }
+
+void connect(QObject *obj) {
+  obj->connectImpl(nullptr, nullptr, nullptr, nullptr,
+                   new QtPrivate::QSlotObjectBase(), (Qt::ConnectionType)0,
+                   nullptr, nullptr);
+}
-- 
2.40.0