[analyzer] Invalidate the region passed to pthread_setspecific() call.
Make this call an exception in ExprEngine::invalidateArguments:
'int pthread_setspecific(ptheread_key k, const void *)' stores
a value into thread local storage. The value can later be retrieved
with 'void *ptheread_getspecific(pthread_key)'. So even thought the
parameter is 'const void *', the region escapes through the
call.
(Here we just blacklist the call in the ExprEngine's default
logic. Another option would be to add a checker which evaluates
the call and triggers the call to invalidate regions.)
Teach the Malloc Checker, which treats all system calls as safe about
the API.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151220 91177308-0d34-0410-b5e6-96231b3b80d8
diff --git a/lib/StaticAnalyzer/Checkers/MallocChecker.cpp b/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
index d9ec668..4ae1dd8 100644
--- a/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
+++ b/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
@@ -1033,9 +1033,19 @@
return false;
}
- // If it's a system call, we know it does not free the memory.
+ // Most system calls, do not free the memory.
SourceManager &SM = ASTC.getSourceManager();
if (SM.isInSystemHeader(FD->getLocation())) {
+ const IdentifierInfo *II = FD->getIdentifier();
+
+ // White list the system functions whose arguments escape.
+ if (II) {
+ StringRef FName = II->getName();
+ if (FName.equals("pthread_setspecific"))
+ return true;
+ }
+
+ // Otherwise, assume that the function does not free memory.
return false;
}
@@ -1052,7 +1062,7 @@
ArrayRef<const MemRegion *> ExplicitRegions,
ArrayRef<const MemRegion *> Regions,
const CallOrObjCMessage *Call) const {
- if (!invalidated)
+ if (!invalidated || invalidated->empty())
return State;
llvm::SmallPtrSet<SymbolRef, 8> WhitelistedSymbols;