mirrors/llvm-project
0
0
Fork 0
mirror of https://github.com/llvm/llvm-project.git synced 2025-04-26 21:16:05 +00:00
Code Issues Projects Releases Wiki Activity
llvm-project/clang/test/Analysis/incorrect-checker-names.cpp
Arseniy Zaostrovnykh 190449a5d2
[analyzer] Detect leaks of stack addresses via output params, indirect globals 3/3 (#105648) 
Fix some false negatives of StackAddrEscapeChecker:
- Output parameters
  ```
  void top(int **out) {
    int local = 42;
    *out = &local; // Noncompliant
  }
  ```
- Indirect global pointers
  ```
  int **global;

  void top() {
    int local = 42;
    *global = &local; // Noncompliant
  }
  ```

Note that now StackAddrEscapeChecker produces a diagnostic if a function
with an output parameter is analyzed as top-level or as a callee. I took
special care to make sure the reports point to the same primary location
and, in many cases, feature the same primary message. That is the
motivation to modify Core/BugReporter.cpp and Core/ExplodedGraph.cpp

To avoid false positive reports when a global indirect pointer is
assigned a local address, invalidated, and then reset, I rely on the
fact that the invalidation symbol will be a DerivedSymbol of a
ConjuredSymbol that refers to the same memory region.

The checker still has a false negative for non-trivial escaping via a
returned value. It requires a more sophisticated traversal akin to
scanReachableSymbols, which out of the scope of this change.

CPP-4734

---------

This is the last of the 3 stacked PRs, it must not be merged before
https://github.com/llvm/llvm-project/pull/105652 and
https://github.com/llvm/llvm-project/pull/105653
2024-08-28 08:36:59 +02:00

21 lines
1.1 KiB
C++
Raw Blame History

// RUN: %clang_analyze_cc1 -verify %s -fblocks \
// RUN: -analyzer-checker=core \
// RUN: -analyzer-output=text
int* stack_addr_escape_base() {
int x = 0;
// FIXME: This shouldn't be tied to a modeling checker.
return &x; // expected-warning{{Address of stack memory associated with local variable 'x' returned to caller [core.StackAddressEscape]}}
// expected-note-re@-1{{{{^Address of stack memory associated with local variable 'x' returned to caller$}}}}
// Just a regular compiler warning.
// expected-warning@-3{{address of stack memory associated with local variable 'x' returned}}
}
char const *p;
void f0() {
char const str[] = "This will change";
p = str;
} // expected-warning@-1{{Address of stack memory associated with local variable 'str' is still referred to by the global variable 'p' upon returning to the caller. This will be a dangling reference [core.StackAddressEscape]}}
// expected-note@-2{{Address of stack memory associated with local variable 'str' is still referred to by the global variable 'p' upon returning to the caller. This will be a dangling reference}}
Reference in New Issue View Git Blame Copy Permalink