known issue? (using checker-232)

Hi

I’ve bumped into this recently and I can’t find on http://llvm.org/bugs/

leak detected:

NSMutableArray *array = [[NSMutableArray alloc] init];
[array addObject:@“W”];
[array addObject:@“W”];

leak not detected when more then two iterations:
NSMutableArray *array = [[NSMutableArray alloc] init];

int i=0;
for(i=0;i<3;i++)
[array addObject:@“W”];

Is clang looking at a limited number of iterations and deciding defensively not to signal the leak?

Thanks,
Cristi

Hi Cristian,

Sorry for the delayed response. This is indeed expected behavior.

The path analysis in the static analyzer involves essentially unrolling loops a finite number of times. To ensure analysis termination, once a threshold is reached (3 iterations) the analysis of a given path is halted. Since the reference to ‘array’ is live within the loop body, no leak is reported since we do not reach a point in the path where that reference is no longer live.

Fixing this requires gradually improving the analysis of loops, e.g., by increasing the termination threshold for loops of a fixed bound. Changing the handling of loops in the analyzer, however, needs to be done with care as it can substantially effect analysis performance (with a tradeoff of bugs found/missed). It’s something I think deserves more attention in the future.

Cheers,
Ted