Charusso updated this revision to Diff 206344.
Charusso marked an inline comment as done.
Charusso added a comment.
- Better comment.
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D63720/new/
https://reviews.llvm.org/D63720
Files:
clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
clang/test/Analysis/symbol-escape.cpp
Index: clang/test/Analysis/symbol-escape.cpp
===================================================================
--- /dev/null
+++ clang/test/Analysis/symbol-escape.cpp
@@ -0,0 +1,33 @@
+// RUN: %clang_analyze_cc1 \
+// RUN: -analyzer-checker=core,cplusplus.NewDeleteLeaks \
+// RUN: -verify %s
+
+// expected-no-diagnostics: Whenever we cannot evaluate an operation we escape
+// the operands. After the evaluation it would be an
+// Unknown value and the tracking would be lost.
+
+typedef unsigned __INTPTR_TYPE__ uintptr_t;
+
+class C {};
+
+C *simple_escape_in_bitwise_op(C *Foo) {
+ C *Bar = new C();
+ Bar = reinterpret_cast<C *>(reinterpret_cast<uintptr_t>(Bar) & 0x1);
+ (void)Bar;
+ // no-warning: "Potential leak of memory pointed to by 'Bar'" was here.
+
+ return Bar;
+}
+
+C **indirect_escape_in_bitwise_op() {
+ C *Qux = new C();
+ C **Baz = &Qux;
+ Baz = reinterpret_cast<C **>(reinterpret_cast<uintptr_t>(Baz) | 0x1);
+ Baz = reinterpret_cast<C **>(reinterpret_cast<uintptr_t>(Baz) &
+ ~static_cast<uintptr_t>(0x1));
+ // no-warning: "Potential leak of memory pointed to by 'Qux'" was here.
+
+ delete *Baz;
+ return Baz;
+}
+
Index: clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
+++ clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
@@ -100,6 +100,10 @@
SVal Result = evalBinOp(state, Op, LeftV, RightV, B->getType());
if (!Result.isUnknown()) {
state = state->BindExpr(B, LCtx, Result);
+ } else {
+ // If we cannot evaluate the operation escape the operands.
+ state = escapeValue(state, LeftV, PSK_EscapeOther);
+ state = escapeValue(state, RightV, PSK_EscapeOther);
}
Bldr.generateNode(B, *it, state);
Index: clang/test/Analysis/symbol-escape.cpp
===================================================================
--- /dev/null
+++ clang/test/Analysis/symbol-escape.cpp
@@ -0,0 +1,33 @@
+// RUN: %clang_analyze_cc1 \
+// RUN: -analyzer-checker=core,cplusplus.NewDeleteLeaks \
+// RUN: -verify %s
+
+// expected-no-diagnostics: Whenever we cannot evaluate an operation we escape
+// the operands. After the evaluation it would be an
+// Unknown value and the tracking would be lost.
+
+typedef unsigned __INTPTR_TYPE__ uintptr_t;
+
+class C {};
+
+C *simple_escape_in_bitwise_op(C *Foo) {
+ C *Bar = new C();
+ Bar = reinterpret_cast<C *>(reinterpret_cast<uintptr_t>(Bar) & 0x1);
+ (void)Bar;
+ // no-warning: "Potential leak of memory pointed to by 'Bar'" was here.
+
+ return Bar;
+}
+
+C **indirect_escape_in_bitwise_op() {
+ C *Qux = new C();
+ C **Baz = &Qux;
+ Baz = reinterpret_cast<C **>(reinterpret_cast<uintptr_t>(Baz) | 0x1);
+ Baz = reinterpret_cast<C **>(reinterpret_cast<uintptr_t>(Baz) &
+ ~static_cast<uintptr_t>(0x1));
+ // no-warning: "Potential leak of memory pointed to by 'Qux'" was here.
+
+ delete *Baz;
+ return Baz;
+}
+
Index: clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
+++ clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
@@ -100,6 +100,10 @@
SVal Result = evalBinOp(state, Op, LeftV, RightV, B->getType());
if (!Result.isUnknown()) {
state = state->BindExpr(B, LCtx, Result);
+ } else {
+ // If we cannot evaluate the operation escape the operands.
+ state = escapeValue(state, LeftV, PSK_EscapeOther);
+ state = escapeValue(state, RightV, PSK_EscapeOther);
}
Bldr.generateNode(B, *it, state);
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
