Skip to content
Normal view History Permalink
CFRefCount.cpp 32.5 KiB
Newer Older
Ted Kremenek's avatar
CF ref. count checker: Register memory leaks at the end of a path.  
Ted Kremenek committed
1001 1002 
}
Ted Kremenek's avatar
Add some boilerplate to report memory leaks at the end of an analyzed function.  
Ted Kremenek committed
1003 1004 
// End-of-path.
Ted Kremenek's avatar
CF ref. count checker: Register memory leaks at the end of a path.  
Ted Kremenek committed
1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 


ValueState* CFRefCount::HandleSymbolDeath(ValueStateManager& VMgr,
                                          ValueState* St, SymbolID sid,
                                          RefVal V, bool& hasLeak) {
    
  hasLeak = V.isOwned() || V.isNotOwned() && V.getCount() > 0;

  if (!hasLeak)
    return NukeBinding(VMgr, St, sid);
  
  RefBindings B = GetRefBindings(*St);
  ValueState StImpl = *St;  
  StImpl.CheckerState = RefBFactory.Add(B, sid, RefVal::makeLeak()).getRoot();
  return VMgr.getPersistentState(StImpl);
}

void CFRefCount::EvalEndPath(GRExprEngine& Eng,
Ted Kremenek's avatar
Add some boilerplate to report memory leaks at the end of an analyzed function.  
Ted Kremenek committed
1023 1024 
                             GREndPathNodeBuilder<ValueState>& Builder) {
Ted Kremenek's avatar
CF ref. count checker: Register memory leaks at the end of a path.  
Ted Kremenek committed
1025 1026 
  ValueState* St = Builder.getState();
  RefBindings B = GetRefBindings(*St);
Ted Kremenek's avatar
Add some boilerplate to report memory leaks at the end of an analyzed function.  
Ted Kremenek committed
1027
Ted Kremenek's avatar
CF ref. count checker: Register memory leaks at the end of a path.  
Ted Kremenek committed
1028 
  llvm::SmallVector<SymbolID, 10> Leaked;
Ted Kremenek's avatar
Add some boilerplate to report memory leaks at the end of an analyzed function.  
Ted Kremenek committed
1029
Ted Kremenek's avatar
CF ref. count checker: Register memory leaks at the end of a path.  
Ted Kremenek committed
1030 1031 
  for (RefBindings::iterator I = B.begin(), E = B.end(); I != E; ++I) {
    bool hasLeak = false;
Ted Kremenek's avatar
Add some boilerplate to report memory leaks at the end of an analyzed function.  
Ted Kremenek committed
1032
Ted Kremenek's avatar
CF ref. count checker: Register memory leaks at the end of a path.  
Ted Kremenek committed
1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 
    St = HandleSymbolDeath(Eng.getStateManager(), St,
                           (*I).first, (*I).second, hasLeak);
    
    if (hasLeak) Leaked.push_back((*I).first);
  }
      
  ExplodedNode<ValueState>* N = Builder.MakeNode(St);
  
  for (llvm::SmallVector<SymbolID, 10>::iterator I=Leaked.begin(),
       E = Leaked.end(); I != E; ++I)
    Leaks.push_back(std::make_pair(*I, N));
Ted Kremenek's avatar
Add some boilerplate to report memory leaks at the end of an analyzed function.  
Ted Kremenek committed
1044 1045 
}
Ted Kremenek's avatar
Added main skeleton for CFRetain transfer function logic.  
Ted Kremenek committed
1046 1047 

CFRefCount::RefBindings CFRefCount::Update(RefBindings B, SymbolID sym,
Ted Kremenek's avatar
Added main logic for typestate tracking for the CFRetain checker.  
Ted Kremenek committed
1048 
                                           RefVal V, ArgEffect E,
Ted Kremenek's avatar
Implemented toll-free bridging support for CF Reference count checker.  
Ted Kremenek committed
1049 
                                           RefVal::Kind& hasErr) {
Ted Kremenek's avatar
Added main skeleton for CFRetain transfer function logic.  
Ted Kremenek committed
1050
Ted Kremenek's avatar
Added main logic for typestate tracking for the CFRetain checker.  
Ted Kremenek committed
1051 1052 
  // FIXME: This dispatch can potentially be sped up by unifiying it into
  //  a single switch statement.  Opt for simplicity for now.
Ted Kremenek's avatar
Added main skeleton for CFRetain transfer function logic.  
Ted Kremenek committed
1053
Ted Kremenek's avatar
Added main logic for typestate tracking for the CFRetain checker.  
Ted Kremenek committed
1054 1055 1056 1057 1058 
  switch (E) {
    default:
      assert (false && "Unhandled CFRef transition.");
      
    case DoNothing:
Ted Kremenek's avatar
Prototype (pre-alpha) implementation of CFRef checker.  
Ted Kremenek committed
1059 1060 
      if (V.getKind() == RefVal::Released) {
        V = RefVal::makeUseAfterRelease();
Ted Kremenek's avatar
Implemented toll-free bridging support for CF Reference count checker.  
Ted Kremenek committed
1061 
        hasErr = V.getKind();
Ted Kremenek's avatar
Prototype (pre-alpha) implementation of CFRef checker.  
Ted Kremenek committed
1062 1063 1064 
        break;
      }
Ted Kremenek's avatar
Added main logic for typestate tracking for the CFRetain checker.  
Ted Kremenek committed
1065 1066 1067 1068 1069 1070 1071 1072 
      return B;
      
    case IncRef:      
      switch (V.getKind()) {
        default:
          assert(false);

        case RefVal::Owned:
Ted Kremenek's avatar
Fixed some logic errors in the CF ref count checker; we now can detect simple  
Ted Kremenek committed
1073 1074 
          V = RefVal::makeOwned(V.getCount()+1);
          break;
Ted Kremenek's avatar
Simplify CF ref. count checker state machine.  
Ted Kremenek committed
1075
Ted Kremenek's avatar
Added main logic for typestate tracking for the CFRetain checker.  
Ted Kremenek committed
1076 
        case RefVal::NotOwned:
Ted Kremenek's avatar
Simplify CF ref. count checker state machine.  
Ted Kremenek committed
1077 
          V = RefVal::makeNotOwned(V.getCount()+1);
Ted Kremenek's avatar
Added main logic for typestate tracking for the CFRetain checker.  
Ted Kremenek committed
1078 1079 1080 1081 
          break;
          
        case RefVal::Released:
          V = RefVal::makeUseAfterRelease();
Ted Kremenek's avatar
Implemented toll-free bridging support for CF Reference count checker.  
Ted Kremenek committed
1082 
          hasErr = V.getKind();
Ted Kremenek's avatar
Added main logic for typestate tracking for the CFRetain checker.  
Ted Kremenek committed
1083 1084 1085 
          break;
      }
Ted Kremenek's avatar
Fixed some logic errors in the CF ref count checker; we now can detect simple  
Ted Kremenek committed
1086 1087 
      break;
Ted Kremenek's avatar
Added main logic for typestate tracking for the CFRetain checker.  
Ted Kremenek committed
1088 1089 1090 1091 1092 1093 
    case DecRef:
      switch (V.getKind()) {
        default:
          assert (false);
          
        case RefVal::Owned: {
Ted Kremenek's avatar
Simplify CF ref. count checker state machine.  
Ted Kremenek committed
1094 1095 
          signed Count = ((signed) V.getCount()) - 1;
          V = Count >= 0 ? RefVal::makeOwned(Count) : RefVal::makeReleased();
Ted Kremenek's avatar
Added main logic for typestate tracking for the CFRetain checker.  
Ted Kremenek committed
1096 1097 1098 
          break;
        }
Ted Kremenek's avatar
Simplify CF ref. count checker state machine.  
Ted Kremenek committed
1099 1100 1101 1102 1103 1104 1105 
        case RefVal::NotOwned: {
          signed Count = ((signed) V.getCount()) - 1;
          
          if (Count >= 0)
            V = RefVal::makeNotOwned(Count);
          else {
            V = RefVal::makeReleaseNotOwned();
Ted Kremenek's avatar
Implemented toll-free bridging support for CF Reference count checker.  
Ted Kremenek committed
1106 
            hasErr = V.getKind();
Ted Kremenek's avatar
Simplify CF ref. count checker state machine.  
Ted Kremenek committed
1107 
          }
Ted Kremenek's avatar
Added main logic for typestate tracking for the CFRetain checker.  
Ted Kremenek committed
1108 1109 
          
          break;
Ted Kremenek's avatar
Simplify CF ref. count checker state machine.  
Ted Kremenek committed
1110 
        }
Ted Kremenek's avatar
Added main logic for typestate tracking for the CFRetain checker.  
Ted Kremenek committed
1111 1112 1113 

        case RefVal::Released:
          V = RefVal::makeUseAfterRelease();
Ted Kremenek's avatar
Implemented toll-free bridging support for CF Reference count checker.  
Ted Kremenek committed
1114 
          hasErr = V.getKind();
Ted Kremenek's avatar
Added main logic for typestate tracking for the CFRetain checker.  
Ted Kremenek committed
1115 1116 
          break;          
      }
Ted Kremenek's avatar
Fixed some logic errors in the CF ref count checker; we now can detect simple  
Ted Kremenek committed
1117 1118 
      
      break;
Ted Kremenek's avatar
Added main logic for typestate tracking for the CFRetain checker.  
Ted Kremenek committed
1119 1120 1121 
  }

  return RefBFactory.Add(B, sym, V);
Ted Kremenek's avatar
Added main skeleton for CFRetain transfer function logic.  
Ted Kremenek committed
1122 1123 
}
Ted Kremenek's avatar
Added some boilerplate for emitting warnings from the CF-reference count checker.  
Ted Kremenek committed
1124 1125 

//===----------------------------------------------------------------------===//
Ted Kremenek's avatar
Hooked up initial reference-count checks to the BugReporter interface.  
Ted Kremenek committed
1126 
// Error reporting.
Ted Kremenek's avatar
Added some boilerplate for emitting warnings from the CF-reference count checker.  
Ted Kremenek committed
1127 1128 
//===----------------------------------------------------------------------===//
Ted Kremenek's avatar
Hooked up initial reference-count checks to the BugReporter interface.  
Ted Kremenek committed
1129 
void UseAfterRelease::EmitWarnings(BugReporter& BR) {
Ted Kremenek's avatar
Added some boilerplate for emitting warnings from the CF-reference count checker.  
Ted Kremenek committed
1130
Ted Kremenek's avatar
Hooked up initial reference-count checks to the BugReporter interface.  
Ted Kremenek committed
1131 1132 1133 
  for (CFRefCount::use_after_iterator I = TF.use_after_begin(),
        E = TF.use_after_end(); I != E; ++I) {
Ted Kremenek's avatar
Hooked up the dead-store checker to the BugReporter interface. Now dead-store  
Ted Kremenek committed
1134 
    RangedBugReport report(*this, I->first);
Ted Kremenek's avatar
Use RangedBugReport to report better ranges for reference count errors.  
Ted Kremenek committed
1135 
    report.addRange(I->second->getSourceRange());
Ted Kremenek's avatar
Hooked up the dead-store checker to the BugReporter interface. Now dead-store  
Ted Kremenek committed
1136 
    BR.EmitPathWarning(report);
Ted Kremenek's avatar
Added some boilerplate for emitting warnings from the CF-reference count checker.  
Ted Kremenek committed
1137 
  }
Ted Kremenek's avatar
Hooked up initial reference-count checks to the BugReporter interface.  
Ted Kremenek committed
1138 1139 1140 
}

void BadRelease::EmitWarnings(BugReporter& BR) {
Ted Kremenek's avatar
Added some boilerplate for emitting warnings from the CF-reference count checker.  
Ted Kremenek committed
1141
Ted Kremenek's avatar
Hooked up initial reference-count checks to the BugReporter interface.  
Ted Kremenek committed
1142 1143 1144 
  for (CFRefCount::bad_release_iterator I = TF.bad_release_begin(),
       E = TF.bad_release_end(); I != E; ++I) {
Ted Kremenek's avatar
Hooked up the dead-store checker to the BugReporter interface. Now dead-store  
Ted Kremenek committed
1145 
    RangedBugReport report(*this, I->first);
Ted Kremenek's avatar
Use RangedBugReport to report better ranges for reference count errors.  
Ted Kremenek committed
1146 
    report.addRange(I->second->getSourceRange());
Ted Kremenek's avatar
Hooked up the dead-store checker to the BugReporter interface. Now dead-store  
Ted Kremenek committed
1147 
    BR.EmitPathWarning(report);
Ted Kremenek's avatar
Use RangedBugReport to report better ranges for reference count errors.  
Ted Kremenek committed
1148
Ted Kremenek's avatar
Hooked up initial reference-count checks to the BugReporter interface.  
Ted Kremenek committed
1149 1150 
  }  
}
Ted Kremenek's avatar
Added some boilerplate for emitting warnings from the CF-reference count checker.  
Ted Kremenek committed
1151
Ted Kremenek's avatar
Added main skeleton for CFRetain transfer function logic.  
Ted Kremenek committed
1152 
//===----------------------------------------------------------------------===//
Ted Kremenek's avatar
Refactored all logic to run the GRSimpleVals and CFRef checker into a common  
Ted Kremenek committed
1153 
// Transfer function creation for external clients.
Ted Kremenek's avatar
Added main skeleton for CFRetain transfer function logic.  
Ted Kremenek committed
1154 1155 
//===----------------------------------------------------------------------===//
Ted Kremenek's avatar
Fix some bonehead bugs in summary generation in CFRefCount.  
Ted Kremenek committed
1156 1157 1158 
GRTransferFuncs* clang::MakeCFRefCountTF(ASTContext& Ctx) {
  return new CFRefCount(Ctx);
}
Show full blame