[cfe-dev] known issue? (using checker-232)

Ted Kremenek kremenek at apple.com
Mon Jan 4 18:21:59 CST 2010


Hi Cristian,

Sorry for the delayed response.  This is indeed expected behavior.

The path analysis in the static analyzer involves essentially unrolling loops a finite number of times.  To ensure analysis termination, once a threshold is reached (3 iterations) the analysis of a given path is halted.  Since the reference to 'array' is live within the loop body, no leak is reported since we do not reach a point in the path where that reference is no longer live.

Fixing this requires gradually improving the analysis of loops, e.g., by increasing the termination threshold for loops of a fixed bound.  Changing the handling of loops in the analyzer, however, needs to be done with care as it can substantially effect analysis performance (with a tradeoff of bugs found/missed).  It's something I think deserves more attention in the future.

Cheers,
Ted

On Dec 31, 2009, at 12:01 AM, Cristian Draghici wrote:

> Hi
> 
> I've bumped into this recently and I can't find on http://llvm.org/bugs/
> 
> leak detected:
> 
>        NSMutableArray *array = [[NSMutableArray alloc] init];
>         [array addObject:@"W"];
>         [array addObject:@"W"];
> 
> leak not detected when more then two iterations:
>         NSMutableArray *array = [[NSMutableArray alloc] init];
> 
>         int i=0;
>         for(i=0;i<3;i++)
>                 [array addObject:@"W"];
> 
> Is clang looking at a limited number of iterations and deciding defensively not to signal the leak?
> 
> Thanks,
> Cristi
> 
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.cs.uiuc.edu/pipermail/cfe-dev/attachments/20100104/064c1c48/attachment.html 


More information about the cfe-dev mailing list