Handle case when points-to set is top

goblint · Jul 8, 2023 · ee80fd1 · ee80fd1
1 parent acb1ca8
commit ee80fd1
Showing 1 changed file with 11 additions and 7 deletions.
diff --git a/src/analyses/base.ml b/src/analyses/base.ml
@@ -1999,13 +1999,17 @@ struct
 
   let check_free_of_non_heap_mem ctx special_fn ptr =
     let points_to_set = ctx.ask (Queries.MayPointTo ptr) in
-    let exists_non_heap_var =
-      Queries.LS.elements points_to_set
-      |> List.map fst
-      |> List.exists (fun var -> not (ctx.ask (Queries.IsHeapVar var)))
-    in
-    if exists_non_heap_var then
-      M.warn ~category:(Behavior (Undefined InvalidMemoryDeallocation)) ~tags:[CWE 590] "Free of non-dynamically allocated memory in function %s for pointer %a" special_fn.vname d_exp ptr
+    begin try
+        let exists_non_heap_var =
+          (* elements throws Unsupported if the points-to set is top *)
+          Queries.LS.elements points_to_set
+          |> List.map fst
+          |> List.exists (fun var -> not (ctx.ask (Queries.IsHeapVar var)))
+        in
+        if exists_non_heap_var then
+          M.warn ~category:(Behavior (Undefined InvalidMemoryDeallocation)) ~tags:[CWE 590] "Free of non-dynamically allocated memory in function %s for pointer %a" special_fn.vname d_exp ptr
+      with _ -> M.warn ~category:(Behavior (Undefined InvalidMemoryDeallocation)) ~tags:[CWE 590] "Points-to set for pointer %a in function %s is top. Potential free of non-dynamically allocated memory may occur" d_exp ptr special_fn.vname
+    end
 
   let special ctx (lv:lval option) (f: varinfo) (args: exp list) =
     let invalidate_ret_lv st = match lv with