Author: zaks Date: Thu Dec 15 16:55:18 2016 New Revision: 289886 URL: http://llvm.org/viewvc/llvm-project?rev=289886&view=rev Log: [analyzer] Teach the analyzer that pointers can escape into __cxa_demangle
This fixes a reported false positive in the malloc checker. Differential Revision: https://reviews.llvm.org/D27599 Modified: cfe/trunk/lib/StaticAnalyzer/Core/CallEvent.cpp cfe/trunk/test/Analysis/Inputs/system-header-simulator-cxx.h cfe/trunk/test/Analysis/malloc.cpp Modified: cfe/trunk/lib/StaticAnalyzer/Core/CallEvent.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/CallEvent.cpp?rev=289886&r1=289885&r2=289886&view=diff ============================================================================== --- cfe/trunk/lib/StaticAnalyzer/Core/CallEvent.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Core/CallEvent.cpp Thu Dec 15 16:55:18 2016 @@ -382,6 +382,11 @@ bool AnyFunctionCall::argumentsMayEscape if (II->isStr("funopen")) return true; + // - __cxa_demangle - can reallocate memory and can return the pointer to + // the input buffer. + if (II->isStr("__cxa_demangle")) + return true; + StringRef FName = II->getName(); // - CoreFoundation functions that end with "NoCopy" can free a passed-in Modified: cfe/trunk/test/Analysis/Inputs/system-header-simulator-cxx.h URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/Inputs/system-header-simulator-cxx.h?rev=289886&r1=289885&r2=289886&view=diff ============================================================================== --- cfe/trunk/test/Analysis/Inputs/system-header-simulator-cxx.h (original) +++ cfe/trunk/test/Analysis/Inputs/system-header-simulator-cxx.h Thu Dec 15 16:55:18 2016 @@ -240,3 +240,12 @@ void* operator new (std::size_t size, vo void* operator new[] (std::size_t size, void* ptr) throw() { return ptr; }; void operator delete (void* ptr, void*) throw() {}; void operator delete[] (void* ptr, void*) throw() {}; + +namespace __cxxabiv1 { +extern "C" { +extern char *__cxa_demangle(const char *mangled_name, + char *output_buffer, + size_t *length, + int *status); +}} +namespace abi = __cxxabiv1; Modified: cfe/trunk/test/Analysis/malloc.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/malloc.cpp?rev=289886&r1=289885&r2=289886&view=diff ============================================================================== --- cfe/trunk/test/Analysis/malloc.cpp (original) +++ cfe/trunk/test/Analysis/malloc.cpp Thu Dec 15 16:55:18 2016 @@ -1,6 +1,8 @@ // RUN: %clang_cc1 -w -analyze -analyzer-checker=core,alpha.deadcode.UnreachableCode,alpha.core.CastSize,unix.Malloc,cplusplus.NewDelete -analyzer-store=region -verify %s // RUN: %clang_cc1 -triple i386-unknown-linux-gnu -w -analyze -analyzer-checker=core,alpha.deadcode.UnreachableCode,alpha.core.CastSize,unix.Malloc,cplusplus.NewDelete -analyzer-store=region -verify %s +#include "Inputs/system-header-simulator-cxx.h" + typedef __typeof(sizeof(int)) size_t; void *malloc(size_t); void free(void *); @@ -125,3 +127,15 @@ namespace PR31226 { p->m(); // no-crash // no-warning } } + +// Allow __cxa_demangle to escape. +char* test_cxa_demangle(const char* sym) { + size_t funcnamesize = 256; + char* funcname = (char*)malloc(funcnamesize); + int status; + char* ret = abi::__cxa_demangle(sym, funcname, &funcnamesize, &status); + if (status == 0) { + funcname = ret; + } + return funcname; // no-warning +} _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
