commit 23baa01af443bd53ebe4e43224da6577a286262f
author Zhongxing Xu <xuzhongxing@gmail.com> Tue Nov 17 08:58:18 2009 +0000
committer Zhongxing Xu <xuzhongxing@gmail.com> Tue Nov 17 08:58:18 2009 +0000
tree a1c0fcd49ddd6d3241a01ea3300ce11f9db5a991
parent feedba68b542fb4797875340b22cd81efb9cd0f4

Add PreVisitReturn to Malloc checker. Now we can recognize returned memory
block.

llvm-svn: 89071

clang/lib/Analysis/MallocChecker.cpp

diff --git a/clang/lib/Analysis/MallocChecker.cpp b/clang/lib/Analysis/MallocChecker.cpp
index fdd6a3d..93e7083 100644
--- a/clang/lib/Analysis/MallocChecker.cpp
+++ b/clang/lib/Analysis/MallocChecker.cpp
@@ -60,6 +60,7 @@
   void PostVisitCallExpr(CheckerContext &C, const CallExpr *CE);
   void EvalDeadSymbols(CheckerContext &C,const Stmt *S,SymbolReaper &SymReaper);
   void EvalEndPath(GREndPathNodeBuilder &B, void *tag, GRExprEngine &Eng);
+  void PreVisitReturnStmt(CheckerContext &C, const ReturnStmt *S);
 private:
   void MallocMem(CheckerContext &C, const CallExpr *CE);
   void FreeMem(CheckerContext &C, const CallExpr *CE);
@@ -190,3 +191,28 @@
     }
   }
 }
+
+void MallocChecker::PreVisitReturnStmt(CheckerContext &C, const ReturnStmt *S) {
+  const Expr *RetE = S->getRetValue();
+  if (!RetE)
+    return;
+
+  const GRState *state = C.getState();
+
+  SymbolRef Sym = state->getSVal(RetE).getAsSymbol();
+
+  if (!Sym)
+    return;
+
+  const RefState *RS = state->get<RegionState>(Sym);
+  if (!RS)
+    return;
+
+  // FIXME: check other cases.
+  if (RS->isAllocated())
+    state = state->set<RegionState>(Sym, RefState::getEscaped(S));
+
+  ExplodedNode *N = C.GenerateNode(S, state);
+  if (N)
+    C.addTransition(N);
+}