From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dmalcolm@sourceware.org>
Received: by sourceware.org (Postfix, from userid 2209)
 id 9E3E4385AE6E; Wed, 27 Jul 2022 21:55:33 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 9E3E4385AE6E
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="utf-8"
From: David Malcolm <dmalcolm@gcc.gnu.org>
To: gcc-cvs@gcc.gnu.org
Subject: [gcc r12-8633] analyzer: fix memory leaks
X-Act-Checkin: gcc
X-Git-Author: David Malcolm <dmalcolm@redhat.com>
X-Git-Refname: refs/heads/releases/gcc-12
X-Git-Oldrev: 05530fcea07a9ee5c7501867f3f11f0fbc504a06
X-Git-Newrev: 1d38fa564edeae1e69e2ad8aa651e9452a6d687a
Message-Id: <20220727215533.9E3E4385AE6E@sourceware.org>
Date: Wed, 27 Jul 2022 21:55:33 +0000 (GMT)
X-BeenThere: gcc-cvs@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-cvs mailing list <gcc-cvs.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-cvs>,
 <mailto:gcc-cvs-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-cvs/>
List-Help: <mailto:gcc-cvs-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-cvs>,
 <mailto:gcc-cvs-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jul 2022 21:55:33 -0000

https://gcc.gnu.org/g:1d38fa564edeae1e69e2ad8aa651e9452a6d687a

commit r12-8633-g1d38fa564edeae1e69e2ad8aa651e9452a6d687a
Author: David Malcolm <dmalcolm@redhat.com>
Date:   Wed Jul 27 17:38:53 2022 -0400

    analyzer: fix memory leaks
    
    (cherry picked from r13-334-g99988b0e8b57b3)
    
    These leaks all relate to logging within -fdump-analyzer[-stderr]
    or are one-time leaks; seen with valgrind.
    
    gcc/analyzer/ChangeLog:
            * checker-path.cc (state_change_event::get_desc): Call maybe_free
            on label_text temporaries.
            * diagnostic-manager.cc
            (diagnostic_manager::prune_for_sm_diagnostic): Likewise.
            * engine.cc (exploded_graph::~exploded_graph): Fix leak of
            m_per_point_data and m_per_call_string_data values.  Simplify
            cleanup of m_per_function_stats and m_per_point_data values.
            (feasibility_state::maybe_update_for_edge): Fix leak of result of
            superedge::get_description.
            * region-model-manager.cc
            (region_model_manager::~region_model_manager): Move cleanup of
            m_setjmp_values to match the ordering of the fields within
            region_model_manager.  Fix leak of values within
            m_repeated_values_map, m_bits_within_values_map,
            m_asm_output_values_map, and m_const_fn_result_values_map.
    
    Signed-off-by: David Malcolm <dmalcolm@redhat.com>

Diff:
---
 gcc/analyzer/checker-path.cc         |  8 ++++++--
 gcc/analyzer/diagnostic-manager.cc   |  6 ++++++
 gcc/analyzer/engine.cc               | 29 ++++++++++++++++-------------
 gcc/analyzer/region-model-manager.cc | 14 +++++++++++---
 4 files changed, 39 insertions(+), 18 deletions(-)

diff --git a/gcc/analyzer/checker-path.cc b/gcc/analyzer/checker-path.cc
index 779ff80de7c..a61b3ee0675 100644
--- a/gcc/analyzer/checker-path.cc
+++ b/gcc/analyzer/checker-path.cc
@@ -323,24 +323,28 @@ state_change_event::get_desc (bool can_colorize) const
   if (m_sval)
     {
       label_text sval_desc = m_sval->get_desc ();
+      label_text result;
       if (m_origin)
 	{
 	  label_text origin_desc = m_origin->get_desc ();
-	  return make_label_text
+	  result = make_label_text
 	    (can_colorize,
 	     "state of %qs: %qs -> %qs (origin: %qs)",
 	     sval_desc.m_buffer,
 	     m_from->get_name (),
 	     m_to->get_name (),
 	     origin_desc.m_buffer);
+	  origin_desc.maybe_free ();
 	}
       else
-	return make_label_text
+	result = make_label_text
 	  (can_colorize,
 	   "state of %qs: %qs -> %qs (NULL origin)",
 	   sval_desc.m_buffer,
 	   m_from->get_name (),
 	   m_to->get_name ());
+      sval_desc.maybe_free ();
+      return result;
     }
   else
     {
diff --git a/gcc/analyzer/diagnostic-manager.cc b/gcc/analyzer/diagnostic-manager.cc
index 5bd4cd49cac..2d49a3bc6ad 100644
--- a/gcc/analyzer/diagnostic-manager.cc
+++ b/gcc/analyzer/diagnostic-manager.cc
@@ -2171,6 +2171,7 @@ diagnostic_manager::prune_for_sm_diagnostic (checker_path *path,
 		  log ("considering event %i (%s), with sval: %qs, state: %qs",
 		       idx, event_kind_to_string (base_event->m_kind),
 		       sval_desc.m_buffer, state->get_name ());
+		  sval_desc.maybe_free ();
 		}
 	      else
 		log ("considering event %i (%s), with global state: %qs",
@@ -2238,6 +2239,8 @@ diagnostic_manager::prune_for_sm_diagnostic (checker_path *path,
 			     " switching var of interest from %qs to %qs",
 			     idx, sval_desc.m_buffer,
 			     origin_sval_desc.m_buffer);
+			sval_desc.maybe_free ();
+			origin_sval_desc.maybe_free ();
 		      }
 		    sval = state_change->m_origin;
 		  }
@@ -2265,6 +2268,7 @@ diagnostic_manager::prune_for_sm_diagnostic (checker_path *path,
 			else
 			  log ("filtering event %i: state change to %qs",
 			       idx, change_sval_desc.m_buffer);
+			change_sval_desc.maybe_free ();
 		      }
 		    else
 		      log ("filtering event %i: global state change", idx);
@@ -2334,6 +2338,7 @@ diagnostic_manager::prune_for_sm_diagnostic (checker_path *path,
 			 " recording critical state for %qs at call"
 			 " from %qE in callee to %qE in caller",
 			 idx, sval_desc.m_buffer, callee_var, caller_var);
+		    sval_desc.maybe_free ();
 		  }
 		if (expr.param_p ())
 		  event->record_critical_state (caller_var, state);
@@ -2377,6 +2382,7 @@ diagnostic_manager::prune_for_sm_diagnostic (checker_path *path,
 			     " recording critical state for %qs at return"
 			     " from %qE in caller to %qE in callee",
 			     idx, sval_desc.m_buffer, callee_var, callee_var);
+			sval_desc.maybe_free ();
 		      }
 		    if (expr.return_value_p ())
 		      event->record_critical_state (callee_var, state);
diff --git a/gcc/analyzer/engine.cc b/gcc/analyzer/engine.cc
index e43406e3556..03329324346 100644
--- a/gcc/analyzer/engine.cc
+++ b/gcc/analyzer/engine.cc
@@ -2340,15 +2340,14 @@ exploded_graph::exploded_graph (const supergraph &sg, logger *logger,
 
 exploded_graph::~exploded_graph ()
 {
-  for (function_stat_map_t::iterator iter = m_per_function_stats.begin ();
-       iter != m_per_function_stats.end ();
-       ++iter)
-    delete (*iter).second;
-
-  for (point_map_t::iterator iter = m_per_point_data.begin ();
-       iter != m_per_point_data.end ();
-       ++iter)
-    delete (*iter).second;
+  for (auto iter : m_per_point_data)
+    delete iter.second;
+  for (auto iter : m_per_function_data)
+    delete iter.second;
+  for (auto iter : m_per_function_stats)
+    delete iter.second;
+  for (auto iter : m_per_call_string_data)
+    delete iter.second;
 }
 
 /* Subroutine for use when implementing __attribute__((tainted_args))
@@ -4538,10 +4537,14 @@ feasibility_state::maybe_update_for_edge (logger *logger,
   if (sedge)
     {
       if (logger)
-	logger->log ("  sedge: SN:%i -> SN:%i %s",
-		     sedge->m_src->m_index,
-		     sedge->m_dest->m_index,
-		     sedge->get_description (false));
+	{
+	  char *desc = sedge->get_description (false);
+	  logger->log ("  sedge: SN:%i -> SN:%i %s",
+		       sedge->m_src->m_index,
+		       sedge->m_dest->m_index,
+		       desc);
+	  free (desc);
+	}
 
       const gimple *last_stmt = src_point.get_supernode ()->get_last_stmt ();
       if (!m_model.maybe_update_for_edge (*sedge, last_stmt, NULL, out_rc))
diff --git a/gcc/analyzer/region-model-manager.cc b/gcc/analyzer/region-model-manager.cc
index 4ec275ecd43..6d248c98fcf 100644
--- a/gcc/analyzer/region-model-manager.cc
+++ b/gcc/analyzer/region-model-manager.cc
@@ -97,12 +97,12 @@ region_model_manager::~region_model_manager ()
        iter != m_unknowns_map.end (); ++iter)
     delete (*iter).second;
   delete m_unknown_NULL;
-  for (setjmp_values_map_t::iterator iter = m_setjmp_values_map.begin ();
-       iter != m_setjmp_values_map.end (); ++iter)
-    delete (*iter).second;
   for (poisoned_values_map_t::iterator iter = m_poisoned_values_map.begin ();
        iter != m_poisoned_values_map.end (); ++iter)
     delete (*iter).second;
+  for (setjmp_values_map_t::iterator iter = m_setjmp_values_map.begin ();
+       iter != m_setjmp_values_map.end (); ++iter)
+    delete (*iter).second;
   for (initial_values_map_t::iterator iter = m_initial_values_map.begin ();
        iter != m_initial_values_map.end (); ++iter)
     delete (*iter).second;
@@ -118,6 +118,10 @@ region_model_manager::~region_model_manager ()
   for (sub_values_map_t::iterator iter = m_sub_values_map.begin ();
        iter != m_sub_values_map.end (); ++iter)
     delete (*iter).second;
+  for (auto iter : m_repeated_values_map)
+    delete iter.second;
+  for (auto iter : m_bits_within_values_map)
+    delete iter.second;
   for (unmergeable_values_map_t::iterator iter
 	 = m_unmergeable_values_map.begin ();
        iter != m_unmergeable_values_map.end (); ++iter)
@@ -131,6 +135,10 @@ region_model_manager::~region_model_manager ()
   for (conjured_values_map_t::iterator iter = m_conjured_values_map.begin ();
        iter != m_conjured_values_map.end (); ++iter)
     delete (*iter).second;
+  for (auto iter : m_asm_output_values_map)
+    delete iter.second;
+  for (auto iter : m_const_fn_result_values_map)
+    delete iter.second;
 
   /* Delete consolidated regions.  */
   for (fndecls_map_t::iterator iter = m_fndecls_map.begin ();