mirrors/llvm-project
0
0
Fork 0
mirror of https://github.com/llvm/llvm-project.git synced 2025-04-25 09:36:06 +00:00
Code Issues Projects Releases Wiki Activity
llvm-project/clang/test/Analysis/void-call-exit-modelling.c
Arseniy Zaostrovnykh dddeec4bec
[analyzer] Avoid out-of-order node traversal on void return (#117863) 
The motivating example: https://compiler-explorer.com/z/WjsxYfs43
```C++
#include <stdlib.h>
void inf_loop_break_callee() {
  void* data = malloc(10);
  while (1) {
    (void)data; // line 3
    break; // -> execution continues on line 3 ?!!
  }
}
```

To correct the flow steps in this example (see the fixed version in the
added test case) I changed two things in the engine:
- Make `processCallExit` create a new StmtPoint only for return
  statements. If the last non-jump statement is not a return statement,
  e.g. `(void)data;`, it is no longer inserted in the exploded graph after
  the function exit.
- Skip the purge program points. In the example above, purge
  points are still inserted after the `break;` executes. Now, when the bug
  reporter is looking for the next statement executed after the function
  execution is finished, it will ignore the purge program points, so it
  won't confusingly pick the `(void)data;` statement.

CPP-5778
2024-11-27 14:27:31 +01:00

27 lines
1.1 KiB
C
Raw Blame History

// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.Malloc -analyzer-output text -verify %s
typedef __typeof(sizeof(int)) size_t;
void *malloc(size_t size);
void inf_loop_break_callee() {
void* data = malloc(10); // expected-note{{Memory is allocated}}
while (1) { // expected-note{{Loop condition is true}}
(void)data;
break; // No note that we jump to the line above from this break
} // expected-note@-1{{Execution jumps to the end of the function}}
} // expected-warning{{Potential leak of memory pointed to by 'data'}}
// expected-note@-1 {{Potential leak of memory pointed to by 'data'}}
void inf_loop_break_caller() {
inf_loop_break_callee(); // expected-note{{Calling 'inf_loop_break_callee'}}
}
void inf_loop_break_top() {
void* data = malloc(10); // expected-note{{Memory is allocated}}
while (1) { // expected-note{{Loop condition is true}}
(void)data;
break; // No note that we jump to the line above from this break
} // expected-note@-1{{Execution jumps to the end of the function}}
} // expected-warning{{Potential leak of memory pointed to by 'data'}}
// expected-note@-1 {{Potential leak of memory pointed to by 'data'}}
Reference in New Issue View Git Blame Copy Permalink