Re: [PATCH] D9040: [analyzer] Make realloc(ptr, 0) handling equivalent to malloc(0).

Антон Ярцев via cfe-commits Tue, 25 Aug 2015 15:13:42 -0700

ayartsev added a comment.

Please review!



================
Comment at: lib/StaticAnalyzer/Checkers/MallocChecker.cpp:158
@@ +157,3 @@
+/// zero-allocated memory returned by 'realloc(ptr, 0)'.
+struct ReallocSizeZero {
+  void Profile(llvm::FoldingSetNodeID &ID) const {
----------------
zaks.anna wrote:
> This struct does not contain any fields. What's its purpose?
This struct is a flag that if attached indicates a zero-size reallocation. 
Improved class description in the updated patch.

================
Comment at: lib/StaticAnalyzer/Checkers/MallocChecker.cpp:524
@@ -511,2 +523,3 @@
 REGISTER_MAP_WITH_PROGRAMSTATE(ReallocPairs, SymbolRef, ReallocPair)
+REGISTER_MAP_WITH_PROGRAMSTATE(ReallocSizeZeroFlag, SymbolRef, ReallocSizeZero)
 
----------------
zaks.anna wrote:
> Maybe you should use a set of SymbolRefs instead?
This may produce false-positives as you explained me in D8273. Here is a 
modified example from D8273:

```
  if (b)
    s= 10;
  else
    s = 0;
  int *p = malloc(8);
  int *q = realloc(p, s);
  if (b)
    *q = 1;
```
If the checker explores "realloc(p, s)" along the "s=0" path and add it to the 
set we'll get a false-positive along the "s=10" path later.

Included corresponding tests to the updated patch.


http://reviews.llvm.org/D9040



_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

Re: [PATCH] D9040: [analyzer] Make realloc(ptr, 0) handling equivalent to malloc(0).

Reply via email to