csa/MismatchedDeallocator: handle custom allocation clasess

Patch introduces support for custom allocation classes in
MismatchedDeallocator.

Patch preserves previous behavior, in which 'malloc' class was handled
as AF_Malloc type.

Author: pskrgag

clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp

@@ -1702,15 +1702,18 @@ MallocChecker::MallocMemReturnsAttr(CheckerContext &C, const CallEvent &Call,
   if (!State)
     return nullptr;
 
-  if (Att->getModule()->getName() != "malloc")
-    return nullptr;
+  // Preseve previous behavior when "malloc" class means AF_Malloc
+  auto attrClassName = Att->getModule()->getName();
+  auto AF = attrClassName == "malloc"
+                ? AF_Malloc
+                : AllocationFamily(AF_Custom, attrClassName);
 
   if (!Att->args().empty()) {
     return MallocMemAux(C, Call,
                         Call.getArgExpr(Att->args_begin()->getASTIndex()),
-                        UndefinedVal(), State, AF_Malloc);
+                        UndefinedVal(), State, AF);
   }
-  return MallocMemAux(C, Call, UnknownVal(), UndefinedVal(), State, AF_Malloc);
+  return MallocMemAux(C, Call, UnknownVal(), UndefinedVal(), State, AF);
 }
 
 ProgramStateRef MallocChecker::MallocMemAux(CheckerContext &C,
@@ -1862,16 +1865,18 @@ ProgramStateRef MallocChecker::FreeMemAttr(CheckerContext &C,
   if (!State)
     return nullptr;
 
-  if (Att->getModule()->getName() != "malloc")
-    return nullptr;
+  // Preseve previous behavior when "malloc" class means AF_Malloc
+  auto attrClassName = Att->getModule()->getName();
+  auto AF = attrClassName == "malloc"
+                ? AF_Malloc
+                : AllocationFamily(AF_Custom, attrClassName);
 
   bool IsKnownToBeAllocated = false;
 
   for (const auto &Arg : Att->args()) {
-    ProgramStateRef StateI =
-        FreeMemAux(C, Call, State, Arg.getASTIndex(),
-                   Att->getOwnKind() == OwnershipAttr::Holds,
-                   IsKnownToBeAllocated, AF_Malloc);
+    ProgramStateRef StateI = FreeMemAux(
+        C, Call, State, Arg.getASTIndex(),
+        Att->getOwnKind() == OwnershipAttr::Holds, IsKnownToBeAllocated, AF);
     if (StateI)
       State = StateI;
   }
@@ -1909,6 +1914,33 @@ static bool didPreviousFreeFail(ProgramStateRef State,
   return false;
 }
 
+static void printOwnershipTakesList(raw_ostream &os, CheckerContext &C,
+                                    const Expr *E) {
+  if (const CallExpr *CE = dyn_cast<CallExpr>(E)) {
+    const FunctionDecl *FD = CE->getDirectCallee();
+    if (!FD)
+      return;
+
+    if (FD->hasAttrs()) {
+      bool attrPrinted = false;
+
+      for (const auto *I : FD->specific_attrs<OwnershipAttr>()) {
+        OwnershipAttr::OwnershipKind OwnKind = I->getOwnKind();
+
+        if (OwnKind == OwnershipAttr::Takes) {
+          if (attrPrinted)
+            os << ", ";
+          else
+            os << ", which takes ownership of ";
+
+          os << '\'' << I->getModule()->getName() << "'";
+          attrPrinted = true;
+        }
+      }
+    }
+  }
+}
+
 static bool printMemFnName(raw_ostream &os, CheckerContext &C, const Expr *E) {
   if (const CallExpr *CE = dyn_cast<CallExpr>(E)) {
     // FIXME: This doesn't handle indirect calls.
@@ -1966,11 +1998,12 @@ static void printExpectedAllocName(raw_ostream &os, AllocationFamily Family) {
   case AF_InnerBuffer:
     os << "container-specific allocator";
     return;
+  case AF_Custom:
+    os << Family.name().value();
+    return;
   case AF_Alloca:
   case AF_None:
     llvm_unreachable("not a deallocation expression");
-  case AF_Custom:
-    llvm_unreachable("not a deallocation expression");
   }
 }
 
@@ -1991,11 +2024,12 @@ static void printExpectedDeallocName(raw_ostream &os, AllocationFamily Family) {
   case AF_InnerBuffer:
     os << "container-specific deallocator";
     return;
+  case AF_Custom:
+    os << "function that takes ownership of '" << Family.name().value() << "\'";
+    return;
   case AF_Alloca:
   case AF_None:
     llvm_unreachable("suspicious argument");
-  case AF_Custom:
-    llvm_unreachable("suspicious argument");
   }
 }
 
@@ -2180,6 +2214,7 @@ MallocChecker::getCheckIfTracked(AllocationFamily Family,
   switch (Family.kind()) {
   case AF_Malloc:
   case AF_Alloca:
+  case AF_Custom:
   case AF_IfNameIndex: {
     if (ChecksEnabled[CK_MallocChecker])
       return CK_MallocChecker;
@@ -2202,7 +2237,6 @@ MallocChecker::getCheckIfTracked(AllocationFamily Family,
       return CK_InnerPointerChecker;
     return std::nullopt;
   }
-  case AF_Custom:
   case AF_None: {
     llvm_unreachable("no family");
   }
@@ -2432,6 +2466,8 @@ void MallocChecker::HandleMismatchedDealloc(CheckerContext &C,
 
         if (printMemFnName(DeallocOs, C, DeallocExpr))
           os << ", not " << DeallocOs.str();
+
+        printOwnershipTakesList(os, C, DeallocExpr);
     }
 
     auto R = std::make_unique<PathSensitiveBugReport>(*BT_MismatchedDealloc,
@@ -3545,6 +3581,7 @@ PathDiagnosticPieceRef MallocBugVisitor::VisitNode(const ExplodedNode *N,
       switch (Family.kind()) {
       case AF_Alloca:
       case AF_Malloc:
+      case AF_Custom:
       case AF_CXXNew:
       case AF_CXXNewArray:
       case AF_IfNameIndex:
@@ -3585,8 +3622,7 @@ PathDiagnosticPieceRef MallocBugVisitor::VisitNode(const ExplodedNode *N,
         }
         Msg = OS.str();
         break;
-        }
-        case AF_Custom:
+      }
         case AF_None:
           llvm_unreachable("Unhandled allocation family!");
         }