GSoC Final Report | ISL Memory Management Using Clang Static Analyzer

Hello everyone,

This is the final report of my GSoC project. The aim of my project was to add support to RetainCountChecker to perform reference counting of objects in frameworks written in C, primarily for the Integer Set Library (ISL).

My work in this GSoC project primarily involved the following two tasks:

  • Analyze how the RetainCountChecker performs (in terms of true/false positives and true/false negatives) on the ISL codebase.

  • Fix most of the true positives (due to missing annotations) and false positives by adding certain functionalities to the RetainCountChecker.

Patches submitted to clang and ISL:

  • Missing annotations in various functions in ISL resulted in a lot of leak warnings for reference counted objects. To suppress these warnings, I submitted patches to add missing annotations to such functions.

  • False positives were raised when the RetainCountChecker analyzed the bodies of functions (which perform reference counting) of the form obj_free(), obj_copy() and obj_cow(). To prevent such false positives, I submitted this patch. This patch makes the checker trust the implementations of these functions and hence, prevents it to analyze the bodies of these functions.

  • Diagnostic notes emitted by the RetainCountChecker were specific to Core Foundation and Objective-C objects. To support more generalized reference counting annotations and emit more generalized diagnostic notes, I submitted this patch.

  • Original RetainCountChecker did not have the functionality of performing reference counting of function parameters on the callee-side which can prove to be very useful for various kinds of debugging. This patch adds that functionality.

Analysis of building the ISL codebase with Clang Static Analyzer during various stages can be found here. Note that the “View Report” hyperlinks will not work on your systems since their paths are pertaining to my local system.

Usage- Download the latest clang source code by git clone http://llvm.org/git/clang.git and build it from source.

  • Download the latest ISL source code by git clone git://repo.or.cz/isl.git

  • Prepend obj_free(), obj_cow() and obj_free() functions in ISL with attribute((annotate(“rc_ownership_trusted_implementation”)) as mentioned above.

  • Run the following scripts (in order) in the ISL home directory to build it using Clang Static Analyzer.

  • $LLVM_BUILD/bin/scan-build --use-analyzer $LLVM_BUILD/bin/clang --use-cc $LLVM_BUILD/bin/clang -o <output_folder_path> -enable-checker osx.cocoa.RetainCount ./configure CC=“gcc” CFLAGS=‘-Wno-nullability-completeness -I/usr/local/include’

  • $LLVM_BUILD/bin/scan-build --use-analyzer $LLVM_BUILD/bin/clang --use-cc $LLVM_BUILD/bin/clang -o <output_folder_path> -enable-checker osx.cocoa.RetainCount make CC=“gcc” CFLAGS=‘-Wno-nullability-completeness -I/usr/local/include -I/$ISL_SRC -D__isl_give=“attribute((annotate("rc_ownership_returns_retained")))” -D__isl_take=“attribute((annotate("rc_ownership_consumed")))”’

  • Run $LLVM_BUILD/bin/scan-view on the output directory to view the results.

Let me know your thoughts on my final report.

Thank you.

Regards,
Malhar Thakkar