================
@@ -3551,21 +3551,25 @@ PathDiagnosticPieceRef
MallocBugVisitor::VisitNode(const ExplodedNode *N,
const LocationContext *CurrentLC = N->getLocationContext();
- // If we find an atomic fetch_add or fetch_sub within the destructor in which
- // the pointer was released (before the release), this is likely a destructor
- // of a shared pointer.
+ // If we find an atomic fetch_add or fetch_sub within the function in which
+ // the pointer was released (before the release), this is likely a release
+ // point of reference-counted object (like shared pointer).
+ //
// Because we don't model atomics, and also because we don't know that the
// original reference count is positive, we should not report use-after-frees
- // on objects deleted in such destructors. This can probably be improved
+ // on objects deleted in such functions. This can probably be improved
// through better shared pointer modeling.
- if (ReleaseDestructorLC && (ReleaseDestructorLC == CurrentLC ||
- ReleaseDestructorLC->isParentOf(CurrentLC))) {
+ if (ReleaseFunctionLC && (ReleaseFunctionLC == CurrentLC ||
+ ReleaseFunctionLC->isParentOf(CurrentLC))) {
if (const auto *AE = dyn_cast<AtomicExpr>(S)) {
// Check for manual use of atomic builtins.
AtomicExpr::AtomicOp Op = AE->getOp();
if (Op == AtomicExpr::AO__c11_atomic_fetch_add ||
Op == AtomicExpr::AO__c11_atomic_fetch_sub) {
BR.markInvalid(getTag(), S);
+ // After report is considered invalid there is no need to proceed
+ // futher.
+ return nullptr;
----------------
NagyDonat wrote:
Thanks for adding this early return, and please add another one after the other
`markInvalid()` call (which is 12 lines below this one).
https://github.com/llvm/llvm-project/pull/104599
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
