From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTPS id 371583835C26 for ; Wed, 11 May 2022 21:38:23 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 371583835C26 Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-196-38D5cLTnMAWej7Lsyw3t_A-1; Wed, 11 May 2022 17:38:21 -0400 X-MC-Unique: 38D5cLTnMAWej7Lsyw3t_A-1 Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 25BE7185A794 for ; Wed, 11 May 2022 21:38:21 +0000 (UTC) Received: from t14s.localdomain.com (unknown [10.2.16.112]) by smtp.corp.redhat.com (Postfix) with ESMTP id F1BDC553FE2; Wed, 11 May 2022 21:38:20 +0000 (UTC) From: David Malcolm To: gcc-patches@gcc.gnu.org Subject: [committed] analyzer: fix memory leaks Date: Wed, 11 May 2022 17:38:19 -0400 Message-Id: <20220511213819.2657984-1-dmalcolm@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.85 on 10.11.54.9 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII"; x-default=true X-Spam-Status: No, score=-11.9 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_LOW, SPF_HELO_NONE, SPF_NONE, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 May 2022 21:38:25 -0000 These leaks all relate to logging within -fdump-analyzer[-stderr] or are one-time leaks; seen with valgrind. Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu. Tested with valgrind. Pushed to trunk as r13-334-g99988b0e8b57b3. gcc/analyzer/ChangeLog: * checker-path.cc (state_change_event::get_desc): Call maybe_free on label_text temporaries. * diagnostic-manager.cc (diagnostic_manager::prune_for_sm_diagnostic): Likewise. * engine.cc (exploded_graph::~exploded_graph): Fix leak of m_per_point_data and m_per_call_string_data values. Simplify cleanup of m_per_function_stats and m_per_point_data values. (feasibility_state::maybe_update_for_edge): Fix leak of result of superedge::get_description. * region-model-manager.cc (region_model_manager::~region_model_manager): Move cleanup of m_setjmp_values to match the ordering of the fields within region_model_manager. Fix leak of values within m_repeated_values_map, m_bits_within_values_map, m_asm_output_values_map, and m_const_fn_result_values_map. Signed-off-by: David Malcolm --- gcc/analyzer/checker-path.cc | 8 ++++++-- gcc/analyzer/diagnostic-manager.cc | 6 ++++++ gcc/analyzer/engine.cc | 29 +++++++++++++++------------- gcc/analyzer/region-model-manager.cc | 14 +++++++++++--- 4 files changed, 39 insertions(+), 18 deletions(-) diff --git a/gcc/analyzer/checker-path.cc b/gcc/analyzer/checker-path.cc index 779ff80de7c..a61b3ee0675 100644 --- a/gcc/analyzer/checker-path.cc +++ b/gcc/analyzer/checker-path.cc @@ -323,24 +323,28 @@ state_change_event::get_desc (bool can_colorize) const if (m_sval) { label_text sval_desc = m_sval->get_desc (); + label_text result; if (m_origin) { label_text origin_desc = m_origin->get_desc (); - return make_label_text + result = make_label_text (can_colorize, "state of %qs: %qs -> %qs (origin: %qs)", sval_desc.m_buffer, m_from->get_name (), m_to->get_name (), origin_desc.m_buffer); + origin_desc.maybe_free (); } else - return make_label_text + result = make_label_text (can_colorize, "state of %qs: %qs -> %qs (NULL origin)", sval_desc.m_buffer, m_from->get_name (), m_to->get_name ()); + sval_desc.maybe_free (); + return result; } else { diff --git a/gcc/analyzer/diagnostic-manager.cc b/gcc/analyzer/diagnostic-manager.cc index 5bd4cd49cac..2d49a3bc6ad 100644 --- a/gcc/analyzer/diagnostic-manager.cc +++ b/gcc/analyzer/diagnostic-manager.cc @@ -2171,6 +2171,7 @@ diagnostic_manager::prune_for_sm_diagnostic (checker_path *path, log ("considering event %i (%s), with sval: %qs, state: %qs", idx, event_kind_to_string (base_event->m_kind), sval_desc.m_buffer, state->get_name ()); + sval_desc.maybe_free (); } else log ("considering event %i (%s), with global state: %qs", @@ -2238,6 +2239,8 @@ diagnostic_manager::prune_for_sm_diagnostic (checker_path *path, " switching var of interest from %qs to %qs", idx, sval_desc.m_buffer, origin_sval_desc.m_buffer); + sval_desc.maybe_free (); + origin_sval_desc.maybe_free (); } sval = state_change->m_origin; } @@ -2265,6 +2268,7 @@ diagnostic_manager::prune_for_sm_diagnostic (checker_path *path, else log ("filtering event %i: state change to %qs", idx, change_sval_desc.m_buffer); + change_sval_desc.maybe_free (); } else log ("filtering event %i: global state change", idx); @@ -2334,6 +2338,7 @@ diagnostic_manager::prune_for_sm_diagnostic (checker_path *path, " recording critical state for %qs at call" " from %qE in callee to %qE in caller", idx, sval_desc.m_buffer, callee_var, caller_var); + sval_desc.maybe_free (); } if (expr.param_p ()) event->record_critical_state (caller_var, state); @@ -2377,6 +2382,7 @@ diagnostic_manager::prune_for_sm_diagnostic (checker_path *path, " recording critical state for %qs at return" " from %qE in caller to %qE in callee", idx, sval_desc.m_buffer, callee_var, callee_var); + sval_desc.maybe_free (); } if (expr.return_value_p ()) event->record_critical_state (callee_var, state); diff --git a/gcc/analyzer/engine.cc b/gcc/analyzer/engine.cc index e43406e3556..03329324346 100644 --- a/gcc/analyzer/engine.cc +++ b/gcc/analyzer/engine.cc @@ -2340,15 +2340,14 @@ exploded_graph::exploded_graph (const supergraph &sg, logger *logger, exploded_graph::~exploded_graph () { - for (function_stat_map_t::iterator iter = m_per_function_stats.begin (); - iter != m_per_function_stats.end (); - ++iter) - delete (*iter).second; - - for (point_map_t::iterator iter = m_per_point_data.begin (); - iter != m_per_point_data.end (); - ++iter) - delete (*iter).second; + for (auto iter : m_per_point_data) + delete iter.second; + for (auto iter : m_per_function_data) + delete iter.second; + for (auto iter : m_per_function_stats) + delete iter.second; + for (auto iter : m_per_call_string_data) + delete iter.second; } /* Subroutine for use when implementing __attribute__((tainted_args)) @@ -4538,10 +4537,14 @@ feasibility_state::maybe_update_for_edge (logger *logger, if (sedge) { if (logger) - logger->log (" sedge: SN:%i -> SN:%i %s", - sedge->m_src->m_index, - sedge->m_dest->m_index, - sedge->get_description (false)); + { + char *desc = sedge->get_description (false); + logger->log (" sedge: SN:%i -> SN:%i %s", + sedge->m_src->m_index, + sedge->m_dest->m_index, + desc); + free (desc); + } const gimple *last_stmt = src_point.get_supernode ()->get_last_stmt (); if (!m_model.maybe_update_for_edge (*sedge, last_stmt, NULL, out_rc)) diff --git a/gcc/analyzer/region-model-manager.cc b/gcc/analyzer/region-model-manager.cc index 4ec275ecd43..6d248c98fcf 100644 --- a/gcc/analyzer/region-model-manager.cc +++ b/gcc/analyzer/region-model-manager.cc @@ -97,12 +97,12 @@ region_model_manager::~region_model_manager () iter != m_unknowns_map.end (); ++iter) delete (*iter).second; delete m_unknown_NULL; - for (setjmp_values_map_t::iterator iter = m_setjmp_values_map.begin (); - iter != m_setjmp_values_map.end (); ++iter) - delete (*iter).second; for (poisoned_values_map_t::iterator iter = m_poisoned_values_map.begin (); iter != m_poisoned_values_map.end (); ++iter) delete (*iter).second; + for (setjmp_values_map_t::iterator iter = m_setjmp_values_map.begin (); + iter != m_setjmp_values_map.end (); ++iter) + delete (*iter).second; for (initial_values_map_t::iterator iter = m_initial_values_map.begin (); iter != m_initial_values_map.end (); ++iter) delete (*iter).second; @@ -118,6 +118,10 @@ region_model_manager::~region_model_manager () for (sub_values_map_t::iterator iter = m_sub_values_map.begin (); iter != m_sub_values_map.end (); ++iter) delete (*iter).second; + for (auto iter : m_repeated_values_map) + delete iter.second; + for (auto iter : m_bits_within_values_map) + delete iter.second; for (unmergeable_values_map_t::iterator iter = m_unmergeable_values_map.begin (); iter != m_unmergeable_values_map.end (); ++iter) @@ -131,6 +135,10 @@ region_model_manager::~region_model_manager () for (conjured_values_map_t::iterator iter = m_conjured_values_map.begin (); iter != m_conjured_values_map.end (); ++iter) delete (*iter).second; + for (auto iter : m_asm_output_values_map) + delete iter.second; + for (auto iter : m_const_fn_result_values_map) + delete iter.second; /* Delete consolidated regions. */ for (fndecls_map_t::iterator iter = m_fndecls_map.begin (); -- 2.26.3