Analyzer doesn't know sizeof(id)==sizeof(NSObject *), causes false +ve

[Quuxplusone]

Bugzilla Link	PR15836
Status	NEW
Importance	P normal
Reported by	Graham Lee (iamleeg@gmail.com)
Reported on	2013-04-24 07:52:49 -0700
Last modified on	2016-12-07 01:55:52 -0800
Version	3.9
Hardware	PC All
CC	jrose@belkadan.com, llvm-bugs@lists.llvm.org, zhaixiang@loongson.cn
Fixed by commit(s)
Attachments
Blocks
Blocked by
See also

This is tested with Xcode 4.6.2's analyzer, I haven't had the opportunity to
test with clang trunk yet.

Test case:

#import <Foundation/Foundation.h>

int main(int argc, const char * argv[])
{

    @autoreleasepool {
        __unsafe_unretained NSObject **objectArray = (__unsafe_unretained NSObject **)malloc(sizeof(id) * 10);
        free(objectArray);
    }
    return 0;
}

Actual result:

Result of 'malloc' is converted to a pointer of type 'NSObject
*__unsafe_unretained', which is incompatible with sizeof operand type 'id'

Expected result:

There shouldn't be an issue. The type outside the malloc() call is a pointer to
an object of the same size as the type inside the sizeof() macro—a pointer to
an Objective-C object.

Workaround:

change the type inside sizeof to "NSObject *". This suppresses the analyzer
report, which specifically occurs when the analyzer compares 'id' to a typed
ObjC object pointer.

[Quuxplusone]

I haven't tested with trunk because the compiler I do have crashed trying to build clang from trunk. I've filed that as rdar://problem/13726184 for Apple types.

[Quuxplusone]

Seems reasonable. Cloned to rdar://problem/13727776.

[Quuxplusone]

Hi llvm developers,

The same story for QChar http://www.leetcode.cn/2016/11/analyzing-code-for-kde-
qt-open-source-components.html#qtbase

llvm/tools/clang/lib/StaticAnalyzer/Checkers/MallocSizeofChecker.cpp *wrongly*
BR.EmitBasicReport(D, this, "Allocator sizeof operand mismatch",
                           categories::UnixAPI, OS.str(), L, Ranges);

in the function of checkASTCodeBody! because sizeof(ushort) is equals to
sizeof(QChar), it is better to run the sizeof() really for Static Analyzer ;-)

Regards,
Leslie Zhai