Analyzer doesn't know sizeof(id)==sizeof(NSObject *), causes false +ve

[llvmbot]

Bugzilla Link	15836
Version	3.9
OS	All
Reporter	LLVM Bugzilla Contributor
CC	@belkadan,@xiangzhai

Extended Description

This is tested with Xcode 4.6.2's analyzer, I haven't had the opportunity to test with clang trunk yet.

Test case:

import <Foundation/Foundation.h>

int main(int argc, const char * argv[]) {

@​autoreleasepool {
    __unsafe_unretained NSObject **objectArray = (__unsafe_unretained NSObject **)malloc(sizeof(id) * 10);
    free(objectArray);
}
return 0;

}

Actual result:

Result of 'malloc' is converted to a pointer of type 'NSObject *__unsafe_unretained', which is incompatible with sizeof operand type 'id'

Expected result:

There shouldn't be an issue. The type outside the malloc() call is a pointer to an object of the same size as the type inside the sizeof() macro—a pointer to an Objective-C object.

Workaround:

change the type inside sizeof to "NSObject *". This suppresses the analyzer report, which specifically occurs when the analyzer compares 'id' to a typed ObjC object pointer.

[xiangzhai]

Hi llvm developers,

The same story for QChar http://www.leetcode.cn/2016/11/analyzing-code-for-kde-qt-open-source-components.html#qtbase

llvm/tools/clang/lib/StaticAnalyzer/Checkers/MallocSizeofChecker.cpp wrongly BR.EmitBasicReport(D, this, "Allocator sizeof operand mismatch",
categories::UnixAPI, OS.str(), L, Ranges);

in the function of checkASTCodeBody! because sizeof(ushort) is equals to sizeof(QChar), it is better to run the sizeof() really for Static Analyzer ;-)

Regards, Leslie Zhai

[belkadan]

Seems reasonable. Cloned to rdar://problem/13727776.

[llvmbot]

I haven't tested with trunk because the compiler I do have crashed trying to build clang from trunk. I've filed that as rdar://problem/13726184 for Apple types.

[llvmbot]

assigned to @tkremenek