[NFC][analyzer] Rewrite comment header of MallocChecker #165443
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit rewrites the big comment block at the beginning of MallocChecker because it contained lots of obsolete and inaccurate information. I see that this block is a bit verbose (especially compared to the analogous comments in other checkers), but as this is one of the most complex checker families, I think it's useful to give this overview at the beginning of the source file.
llvmbot
added
clang
|
@llvm/pr-subscribers-clang Author: Donát Nagy (NagyDonat) ChangesThis commit rewrites the big comment block at the beginning of MallocChecker because it contained lots of obsolete and inaccurate information. I see that this block is a bit verbose (especially compared to the analogous comments in other checkers), but as this is one of the most complex checker families, I think it's useful to give this overview at the beginning of the source file. Full diff: https://github.com/llvm/llvm-project/pull/165443.diff 1 Files Affected:
diff --git a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
index 70baab54df563..ec7ef237b7c31 100644
--- a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
@@ -6,41 +6,45 @@
//
//===----------------------------------------------------------------------===//
//
-// This file defines a variety of memory management related checkers, such as
+// This file defines checkers that report memory management errors such as
// leak, double free, and use-after-free.
//
-// The following checkers are defined here:
+// The logic for modeling memory allocations is implemented in the checker
+// family which is called 'MallocChecker' for historical reasons. (This name is
+// inaccurate, something like 'DynamicMemory' would be more precise.)
//
-// * MallocChecker
-// Despite its name, it models all sorts of memory allocations and
-// de- or reallocation, including but not limited to malloc, free,
-// relloc, new, delete. It also reports on a variety of memory misuse
-// errors.
-// Many other checkers interact very closely with this checker, in fact,
-// most are merely options to this one. Other checkers may register
-// MallocChecker, but do not enable MallocChecker's reports (more details
-// to follow around its field, ChecksEnabled).
-// It also has a boolean "Optimistic" checker option, which if set to true
-// will cause the checker to model user defined memory management related
-// functions annotated via the attribute ownership_takes, ownership_holds
-// and ownership_returns.
+// The reports produced by this backend are exposed through several frontends:
+// * MallocChecker: reports all misuse of dynamic memory allocated by
+// malloc, related functions (like calloc, realloc etc.) and the functions
+// annotated by ownership_returns. (Here the name "MallocChecker" is
+// reasonably accurate; don't confuse this checker frontend with the whole
+// misnamed family.)
+// * NewDeleteChecker: reports most misuse (anything but memory leaks) of
+// memory managed by the C++ operators new and new[].
+// * NewDeleteLeaksChecker: reports leaks of dynamic memory allocated by
+// the C++ operators new and new[].
+// * MismatchedDeallocatorChecker: reports situations where the allocation
+// and deallocation is mismatched, e.g. memory allocated via malloc is
+// passed to operator delete.
+// * InnerPointerChecker: reports use of pointers to the internal buffer of
+// a std::string instance after operations that invalidate them.
+// * TaintedAllocChecker: reports situations where the size argument of a
+// memory allocation function or array new operator is tainted (i.e. comes
+// from an untrusted source and can be controlled by an attacker).
//
-// * NewDeleteChecker
-// Enables the modeling of new, new[], delete, delete[] in MallocChecker,
-// and checks for related double-free and use-after-free errors.
+// In addition to these frontends this file also defines the registration
+// functions for "unix.DynamicMemoryModeling". This registers the callbacks of
+// the checker family MallocChecker without enabling any of the frontends and
+// and handle two checker options which are attached to this "modeling
+// checker" because they affect multiple checker frontends.
//
-// * NewDeleteLeaksChecker
-// Checks for leaks related to new, new[], delete, delete[].
-// Depends on NewDeleteChecker.
-//
-// * MismatchedDeallocatorChecker
-// Enables checking whether memory is deallocated with the corresponding
-// allocation function in MallocChecker, such as malloc() allocated
-// regions are only freed by free(), new by delete, new[] by delete[].
-//
-// InnerPointerChecker interacts very closely with MallocChecker, but unlike
-// the above checkers, it has it's own file, hence the many InnerPointerChecker
-// related headers and non-static functions.
+// Note that what the users see as the checker "cplusplus.InnerPointer" is a
+// combination of the frontend InnerPointerChecker (within this family) which
+// emits the bug reports and a separate checker class (also named
+// InnerPointerChecker) which is defined in InnerPointerChecker.cpp and does a
+// significant part of the modeling. This cooperation is enabled by several
+// non-static helper functions that are defined within this translation unit
+// and used in InnerPointerChecker.cpp.
//
//===----------------------------------------------------------------------===//
|
|
@llvm/pr-subscribers-clang-static-analyzer-1 Author: Donát Nagy (NagyDonat) ChangesThis commit rewrites the big comment block at the beginning of MallocChecker because it contained lots of obsolete and inaccurate information. I see that this block is a bit verbose (especially compared to the analogous comments in other checkers), but as this is one of the most complex checker families, I think it's useful to give this overview at the beginning of the source file. Full diff: https://github.com/llvm/llvm-project/pull/165443.diff 1 Files Affected:
diff --git a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
index 70baab54df563..ec7ef237b7c31 100644
--- a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
@@ -6,41 +6,45 @@
//
//===----------------------------------------------------------------------===//
//
-// This file defines a variety of memory management related checkers, such as
+// This file defines checkers that report memory management errors such as
// leak, double free, and use-after-free.
//
-// The following checkers are defined here:
+// The logic for modeling memory allocations is implemented in the checker
+// family which is called 'MallocChecker' for historical reasons. (This name is
+// inaccurate, something like 'DynamicMemory' would be more precise.)
//
-// * MallocChecker
-// Despite its name, it models all sorts of memory allocations and
-// de- or reallocation, including but not limited to malloc, free,
-// relloc, new, delete. It also reports on a variety of memory misuse
-// errors.
-// Many other checkers interact very closely with this checker, in fact,
-// most are merely options to this one. Other checkers may register
-// MallocChecker, but do not enable MallocChecker's reports (more details
-// to follow around its field, ChecksEnabled).
-// It also has a boolean "Optimistic" checker option, which if set to true
-// will cause the checker to model user defined memory management related
-// functions annotated via the attribute ownership_takes, ownership_holds
-// and ownership_returns.
+// The reports produced by this backend are exposed through several frontends:
+// * MallocChecker: reports all misuse of dynamic memory allocated by
+// malloc, related functions (like calloc, realloc etc.) and the functions
+// annotated by ownership_returns. (Here the name "MallocChecker" is
+// reasonably accurate; don't confuse this checker frontend with the whole
+// misnamed family.)
+// * NewDeleteChecker: reports most misuse (anything but memory leaks) of
+// memory managed by the C++ operators new and new[].
+// * NewDeleteLeaksChecker: reports leaks of dynamic memory allocated by
+// the C++ operators new and new[].
+// * MismatchedDeallocatorChecker: reports situations where the allocation
+// and deallocation is mismatched, e.g. memory allocated via malloc is
+// passed to operator delete.
+// * InnerPointerChecker: reports use of pointers to the internal buffer of
+// a std::string instance after operations that invalidate them.
+// * TaintedAllocChecker: reports situations where the size argument of a
+// memory allocation function or array new operator is tainted (i.e. comes
+// from an untrusted source and can be controlled by an attacker).
//
-// * NewDeleteChecker
-// Enables the modeling of new, new[], delete, delete[] in MallocChecker,
-// and checks for related double-free and use-after-free errors.
+// In addition to these frontends this file also defines the registration
+// functions for "unix.DynamicMemoryModeling". This registers the callbacks of
+// the checker family MallocChecker without enabling any of the frontends and
+// and handle two checker options which are attached to this "modeling
+// checker" because they affect multiple checker frontends.
//
-// * NewDeleteLeaksChecker
-// Checks for leaks related to new, new[], delete, delete[].
-// Depends on NewDeleteChecker.
-//
-// * MismatchedDeallocatorChecker
-// Enables checking whether memory is deallocated with the corresponding
-// allocation function in MallocChecker, such as malloc() allocated
-// regions are only freed by free(), new by delete, new[] by delete[].
-//
-// InnerPointerChecker interacts very closely with MallocChecker, but unlike
-// the above checkers, it has it's own file, hence the many InnerPointerChecker
-// related headers and non-static functions.
+// Note that what the users see as the checker "cplusplus.InnerPointer" is a
+// combination of the frontend InnerPointerChecker (within this family) which
+// emits the bug reports and a separate checker class (also named
+// InnerPointerChecker) which is defined in InnerPointerChecker.cpp and does a
+// significant part of the modeling. This cooperation is enabled by several
+// non-static helper functions that are defined within this translation unit
+// and used in InnerPointerChecker.cpp.
//
//===----------------------------------------------------------------------===//
|
|
Reviewing this PR is low priority: it only modifies a comment and I'm reasonably confident that the new text is more accurate than the old one, so I'm planning to merge this within a few days if nobody objects. (But feel free to offer suggestions or clarifications if you have time to look at this.) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This commit rewrites the big comment block at the beginning of MallocChecker because it contained lots of obsolete and inaccurate information. I see that this block is a bit verbose (especially compared to the analogous comments in other checkers), but as this is one of the most complex checker families, I think it's useful to give this overview at the beginning of the source file.