Silencing an analyzer warning

CURL *handle = curl_easy_init();
RequestInfo *result = [[[RequestInfo alloc] init] autorelease];

// Keep a pointer to this object around so that curl can give it back to us in callbacks
curl_easy_setopt(handle, CURLOPT_PRIVATE, CFRetain(result)));

The static analyzer tells us that result is leaked (which, without it knowing about curl, it does look like). However, it's not actually being leaked and gets cleaned up later when we clean up the CURL handle. Is there any way to silence this analyzer warning? We'd like to get our project analyzer-warning free and require no warnings before committing things.

-- Joe Ranieri

There is currently no good way to silence warnings using attributes or pragmas, but you should be able to get around the issue with a wrapper function:

  static inline CFTypeRef CFRetainForCurl(CFTypeRef obj) { CFRetain(obj); return obj; }
  ...
  curl_easy_setopt(handle, CURLOPT_PRIVATE, CFRetainForCurl(result));

This isn't a permanent solution; it's essentially relying on a deficiency in the analyzer when it comes to wrapper functions (and so eventually a leak will be reported for this case as well). However, the plan is to eventually add pragma support (or something like that) to silence specific analyzer warnings.

Wouldn't it make more sense to add annotations to the analyzer so that
users can annotate that curl_easy_setopt steals a reference from its
third argument or that the caller promises to release that argument at
the same time as they release 'handle'? Then the analyzer would have
enough information to complain when a caller _forgot_ to CFRetain that
argument, instead of just hiding both kinds of mistakes.

Obviously an escape hatch is useful too, for cases that don't have
analyzer support yet, but it shouldn't be the long-term fix.

Jeffrey

Yes, an annotation would make more sense in this case. This particular checker employs has the cf_retains_retained and ns_returns_retained attributes to make it smarter about return values.

This case is a little trickier, however, as it isn't a blanket property of curl_easy_setopt, but in how it is used in this particular instance.