Bug Summary

File:tools/clang/tools/extra/clang-query/QueryParser.cpp
Warning:line 288, column 1
Potential leak of memory pointed to by 'Q.Obj'

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name QueryParser.cpp -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=cplusplus -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -mrelocation-model pic -pic-level 2 -mthread-model posix -relaxed-aliasing -fmath-errno -masm-verbose -mconstructor-aliases -munwind-tables -fuse-init-array -target-cpu x86-64 -dwarf-column-info -debugger-tuning=gdb -momit-leaf-frame-pointer -ffunction-sections -fdata-sections -resource-dir /usr/lib/llvm-8/lib/clang/8.0.0 -D _DEBUG -D _GNU_SOURCE -D __STDC_CONSTANT_MACROS -D __STDC_FORMAT_MACROS -D __STDC_LIMIT_MACROS -I /build/llvm-toolchain-snapshot-8~svn345461/build-llvm/tools/clang/tools/extra/clang-query -I /build/llvm-toolchain-snapshot-8~svn345461/tools/clang/tools/extra/clang-query -I /build/llvm-toolchain-snapshot-8~svn345461/tools/clang/include -I /build/llvm-toolchain-snapshot-8~svn345461/build-llvm/tools/clang/include -I /build/llvm-toolchain-snapshot-8~svn345461/build-llvm/include -I /build/llvm-toolchain-snapshot-8~svn345461/include -U NDEBUG -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/6.3.0/../../../../include/c++/6.3.0 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/6.3.0/../../../../include/x86_64-linux-gnu/c++/6.3.0 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/6.3.0/../../../../include/x86_64-linux-gnu/c++/6.3.0 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/6.3.0/../../../../include/c++/6.3.0/backward -internal-isystem /usr/include/clang/8.0.0/include/ -internal-isystem /usr/local/include -internal-isystem /usr/lib/llvm-8/lib/clang/8.0.0/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -O2 -Wno-unused-parameter -Wwrite-strings -Wno-missing-field-initializers -Wno-long-long -Wno-maybe-uninitialized -Wno-comment -std=c++11 -fdeprecated-macro -fdebug-compilation-dir /build/llvm-toolchain-snapshot-8~svn345461/build-llvm/tools/clang/tools/extra/clang-query -ferror-limit 19 -fmessage-length 0 -fvisibility-inlines-hidden -fobjc-runtime=gcc -fno-common -fdiagnostics-show-option -vectorize-loops -vectorize-slp -analyzer-output=html -analyzer-config stable-report-filename=true -o /tmp/scan-build-2018-10-27-211344-32123-1 -x c++ /build/llvm-toolchain-snapshot-8~svn345461/tools/clang/tools/extra/clang-query/QueryParser.cpp -faddrsig
1//===---- QueryParser.cpp - clang-query command parser --------------------===//
2//
3// The LLVM Compiler Infrastructure
4//
5// This file is distributed under the University of Illinois Open Source
6// License. See LICENSE.TXT for details.
7//
8//===----------------------------------------------------------------------===//
9
10#include "QueryParser.h"
11#include "Query.h"
12#include "QuerySession.h"
13#include "clang/ASTMatchers/Dynamic/Parser.h"
14#include "clang/Basic/CharInfo.h"
15#include "llvm/ADT/StringRef.h"
16#include "llvm/ADT/StringSwitch.h"
17#include <set>
18
19using namespace llvm;
20using namespace clang::ast_matchers::dynamic;
21
22namespace clang {
23namespace query {
24
25// Lex any amount of whitespace followed by a "word" (any sequence of
26// non-whitespace characters) from the start of region [Begin,End). If no word
27// is found before End, return StringRef(). Begin is adjusted to exclude the
28// lexed region.
29StringRef QueryParser::lexWord() {
30 while (true) {
31 if (Begin == End)
32 return StringRef(Begin, 0);
33
34 if (!isWhitespace(*Begin))
35 break;
36
37 ++Begin;
38 }
39
40 if (*Begin == '#') {
41 End = Begin;
42 return StringRef();
43 }
44
45 const char *WordBegin = Begin;
46
47 while (true) {
48 ++Begin;
49
50 if (Begin == End || isWhitespace(*Begin))
51 return StringRef(WordBegin, Begin - WordBegin);
52 }
53}
54
55// This is the StringSwitch-alike used by lexOrCompleteWord below. See that
56// function for details.
57template <typename T> struct QueryParser::LexOrCompleteWord {
58 StringRef Word;
59 StringSwitch<T> Switch;
60
61 QueryParser *P;
62 // Set to the completion point offset in Word, or StringRef::npos if
63 // completion point not in Word.
64 size_t WordCompletionPos;
65
66 // Lexes a word and stores it in Word. Returns a LexOrCompleteWord<T> object
67 // that can be used like a llvm::StringSwitch<T>, but adds cases as possible
68 // completions if the lexed word contains the completion point.
69 LexOrCompleteWord(QueryParser *P, StringRef &OutWord)
70 : Word(P->lexWord()), Switch(Word), P(P),
71 WordCompletionPos(StringRef::npos) {
72 OutWord = Word;
73 if (P->CompletionPos && P->CompletionPos <= Word.data() + Word.size()) {
74 if (P->CompletionPos < Word.data())
75 WordCompletionPos = 0;
76 else
77 WordCompletionPos = P->CompletionPos - Word.data();
78 }
79 }
80
81 LexOrCompleteWord &Case(llvm::StringLiteral CaseStr, const T &Value,
82 bool IsCompletion = true) {
83
84 if (WordCompletionPos == StringRef::npos)
85 Switch.Case(CaseStr, Value);
86 else if (CaseStr.size() != 0 && IsCompletion && WordCompletionPos <= CaseStr.size() &&
87 CaseStr.substr(0, WordCompletionPos) ==
88 Word.substr(0, WordCompletionPos))
89 P->Completions.push_back(LineEditor::Completion(
90 (CaseStr.substr(WordCompletionPos) + " ").str(), CaseStr));
91 return *this;
92 }
93
94 T Default(T Value) { return Switch.Default(Value); }
95};
96
97QueryRef QueryParser::parseSetBool(bool QuerySession::*Var) {
98 StringRef ValStr;
99 unsigned Value = LexOrCompleteWord<unsigned>(this, ValStr)
100 .Case("false", 0)
101 .Case("true", 1)
102 .Default(~0u);
103 if (Value == ~0u) {
8
Taking true branch
104 return new InvalidQuery("expected 'true' or 'false', got '" + ValStr + "'");
9
Memory is allocated
105 }
106 return new SetQuery<bool>(Var, Value);
107}
108
109QueryRef QueryParser::parseSetOutputKind() {
110 StringRef ValStr;
111 unsigned OutKind = LexOrCompleteWord<unsigned>(this, ValStr)
112 .Case("diag", OK_Diag)
113 .Case("print", OK_Print)
114 .Case("detailed-ast", OK_DetailedAST)
115 .Case("dump", OK_DetailedAST)
116 .Default(~0u);
117 if (OutKind == ~0u) {
118 return new InvalidQuery(
119 "expected 'diag', 'print', 'detailed-ast' or 'dump', got '" + ValStr +
120 "'");
121 }
122
123 switch (OutKind) {
124 case OK_DetailedAST:
125 return new SetExclusiveOutputQuery(&QuerySession::DetailedASTOutput);
126 case OK_Diag:
127 return new SetExclusiveOutputQuery(&QuerySession::DiagOutput);
128 case OK_Print:
129 return new SetExclusiveOutputQuery(&QuerySession::PrintOutput);
130 }
131
132 llvm_unreachable("Invalid output kind")::llvm::llvm_unreachable_internal("Invalid output kind", "/build/llvm-toolchain-snapshot-8~svn345461/tools/clang/tools/extra/clang-query/QueryParser.cpp"
, 132)
;
133}
134
135QueryRef QueryParser::endQuery(QueryRef Q) {
136 const char *Extra = Begin;
137 if (!lexWord().empty())
138 return new InvalidQuery("unexpected extra input: '" +
139 StringRef(Extra, End - Extra) + "'");
140 return Q;
141}
142
143namespace {
144
145enum ParsedQueryKind {
146 PQK_Invalid,
147 PQK_Comment,
148 PQK_NoOp,
149 PQK_Help,
150 PQK_Let,
151 PQK_Match,
152 PQK_Set,
153 PQK_Unlet,
154 PQK_Quit
155};
156
157enum ParsedQueryVariable {
158 PQV_Invalid,
159 PQV_Output,
160 PQV_BindRoot,
161 PQV_PrintMatcher
162};
163
164QueryRef makeInvalidQueryFromDiagnostics(const Diagnostics &Diag) {
165 std::string ErrStr;
166 llvm::raw_string_ostream OS(ErrStr);
167 Diag.printToStreamFull(OS);
168 return new InvalidQuery(OS.str());
169}
170
171} // namespace
172
173QueryRef QueryParser::completeMatcherExpression() {
174 std::vector<MatcherCompletion> Comps = Parser::completeExpression(
175 StringRef(Begin, End - Begin), CompletionPos - Begin, nullptr,
176 &QS.NamedValues);
177 for (auto I = Comps.begin(), E = Comps.end(); I != E; ++I) {
178 Completions.push_back(LineEditor::Completion(I->TypedText, I->MatcherDecl));
179 }
180 return QueryRef();
181}
182
183QueryRef QueryParser::doParse() {
184 StringRef CommandStr;
185 ParsedQueryKind QKind = LexOrCompleteWord<ParsedQueryKind>(this, CommandStr)
186 .Case("", PQK_NoOp)
187 .Case("#", PQK_Comment, /*IsCompletion=*/false)
188 .Case("help", PQK_Help)
189 .Case("l", PQK_Let, /*IsCompletion=*/false)
190 .Case("let", PQK_Let)
191 .Case("m", PQK_Match, /*IsCompletion=*/false)
192 .Case("match", PQK_Match)
193 .Case("q", PQK_Quit, /*IsCompletion=*/false)
194 .Case("quit", PQK_Quit)
195 .Case("set", PQK_Set)
196 .Case("unlet", PQK_Unlet)
197 .Default(PQK_Invalid);
198
199 switch (QKind) {
2
Control jumps to 'case PQK_Set:' at line 243
200 case PQK_Comment:
201 case PQK_NoOp:
202 return new NoOpQuery;
203
204 case PQK_Help:
205 return endQuery(new HelpQuery);
206
207 case PQK_Quit:
208 return endQuery(new QuitQuery);
209
210 case PQK_Let: {
211 StringRef Name = lexWord();
212
213 if (Name.empty())
214 return new InvalidQuery("expected variable name");
215
216 if (CompletionPos)
217 return completeMatcherExpression();
218
219 Diagnostics Diag;
220 ast_matchers::dynamic::VariantValue Value;
221 if (!Parser::parseExpression(StringRef(Begin, End - Begin), nullptr,
222 &QS.NamedValues, &Value, &Diag)) {
223 return makeInvalidQueryFromDiagnostics(Diag);
224 }
225
226 return new LetQuery(Name, Value);
227 }
228
229 case PQK_Match: {
230 if (CompletionPos)
231 return completeMatcherExpression();
232
233 Diagnostics Diag;
234 auto MatcherSource = StringRef(Begin, End - Begin).trim();
235 Optional<DynTypedMatcher> Matcher = Parser::parseMatcherExpression(
236 MatcherSource, nullptr, &QS.NamedValues, &Diag);
237 if (!Matcher) {
238 return makeInvalidQueryFromDiagnostics(Diag);
239 }
240 return new MatchQuery(MatcherSource, *Matcher);
241 }
242
243 case PQK_Set: {
244 StringRef VarStr;
245 ParsedQueryVariable Var =
246 LexOrCompleteWord<ParsedQueryVariable>(this, VarStr)
247 .Case("output", PQV_Output)
248 .Case("bind-root", PQV_BindRoot)
249 .Case("print-matcher", PQV_PrintMatcher)
250 .Default(PQV_Invalid);
251 if (VarStr.empty())
3
Assuming the condition is false
4
Taking false branch
252 return new InvalidQuery("expected variable name");
253 if (Var == PQV_Invalid)
5
Taking false branch
254 return new InvalidQuery("unknown variable: '" + VarStr + "'");
255
256 QueryRef Q;
257 switch (Var) {
6
Control jumps to 'case PQV_PrintMatcher:' at line 264
258 case PQV_Output:
259 Q = parseSetOutputKind();
260 break;
261 case PQV_BindRoot:
262 Q = parseSetBool(&QuerySession::BindRoot);
263 break;
264 case PQV_PrintMatcher:
265 Q = parseSetBool(&QuerySession::PrintMatcher);
7
Calling 'QueryParser::parseSetBool'
10
Returned allocated memory
266 break;
11
Execution continues on line 271
267 case PQV_Invalid:
268 llvm_unreachable("Invalid query kind")::llvm::llvm_unreachable_internal("Invalid query kind", "/build/llvm-toolchain-snapshot-8~svn345461/tools/clang/tools/extra/clang-query/QueryParser.cpp"
, 268)
;
269 }
270
271 return endQuery(Q);
272 }
273
274 case PQK_Unlet: {
275 StringRef Name = lexWord();
276
277 if (Name.empty())
278 return new InvalidQuery("expected variable name");
279
280 return endQuery(new LetQuery(Name, VariantValue()));
281 }
282
283 case PQK_Invalid:
284 return new InvalidQuery("unknown command: " + CommandStr);
285 }
286
287 llvm_unreachable("Invalid query kind")::llvm::llvm_unreachable_internal("Invalid query kind", "/build/llvm-toolchain-snapshot-8~svn345461/tools/clang/tools/extra/clang-query/QueryParser.cpp"
, 287)
;
288}
12
Potential leak of memory pointed to by 'Q.Obj'
289
290QueryRef QueryParser::parse(StringRef Line, const QuerySession &QS) {
291 return QueryParser(Line, QS).doParse();
292}
293
294std::vector<LineEditor::Completion>
295QueryParser::complete(StringRef Line, size_t Pos, const QuerySession &QS) {
296 QueryParser P(Line, QS);
297 P.CompletionPos = Line.data() + Pos;
298
299 P.doParse();
1
Calling 'QueryParser::doParse'
300 return P.Completions;
301}
302
303} // namespace query
304} // namespace clang