diff options
| author | Dan Liew <daniel.liew@imperial.ac.uk> | 2015-12-16 18:13:11 +0000 |
|---|---|---|
| committer | Dan Liew <daniel.liew@imperial.ac.uk> | 2015-12-18 11:22:50 +0000 |
| commit | 53ff7a002a8213a5d5e778bef2a895998d9890e1 (patch) | |
| tree | 026a4f1b16c1996755954f7824e0d10f8ed0ef8e /lib/Core/MemoryManager.h | |
| parent | 7e75fa79b2e76251c2cd417a7eae8a7620b014ae (diff) | |
| download | klee-53ff7a002a8213a5d5e778bef2a895998d9890e1.tar.gz | |
Fix memory leaks of ``Array`` objects detected by ASan.
Some of these leaks were introduced by the factory constructor for Array objects (f049ff3bc04daead8c3bb9f06e89e71e2054c82a) but a few others have been around for far longer. This leak was fixed by introducing a ``ArrayCache`` object which has two purposes * Retains ownership of all created ``Array`` objects and destroys them when the ``ArrayCache`` destructor is called. * Mimic the caching behaviour for symbolic arrays that was introduced by f049ff3bc04daead8c3bb9f06e89e71e2054c82a where arrays with the same name and size get "uniqued". The Executor now maintains a ``arrayCache`` member that it uses and passes by pointer to objects that need to construct ``Array`` objects (i.e. ``ObjectState``). This way when the Executor is destroyed all the ``Array`` objects get freed which seems like the right time to do this. For Kleaver the ``ParserImpl`` has a ``TheArrayCache`` member that is used for building ``Array`` objects. This means that the Parser must live as long as the built expressions will be used otherwise we will have a use after free. I'm not sure this is the right design choice. It might be better to transfer ownership of the ``Array`` objects to the root ``Decl`` returned by the parser.
Diffstat (limited to 'lib/Core/MemoryManager.h')
| -rw-r--r-- | lib/Core/MemoryManager.h | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/Core/MemoryManager.h b/lib/Core/MemoryManager.h index f398db62..01683443 100644 --- a/lib/Core/MemoryManager.h +++ b/lib/Core/MemoryManager.h @@ -19,14 +19,16 @@ namespace llvm { namespace klee { class MemoryObject; + class ArrayCache; class MemoryManager { private: typedef std::set<MemoryObject*> objects_ty; objects_ty objects; + ArrayCache *const arrayCache; public: - MemoryManager() {} + MemoryManager(ArrayCache *arrayCache) : arrayCache(arrayCache) {} ~MemoryManager(); MemoryObject *allocate(uint64_t size, bool isLocal, bool isGlobal, @@ -35,6 +37,7 @@ namespace klee { const llvm::Value *allocSite); void deallocate(const MemoryObject *mo); void markFreed(MemoryObject *mo); + ArrayCache *getArrayCache() const { return arrayCache; } }; } // End klee namespace |