Warn about dangling interior pointers in GC-enabled apps #4341
Description
| Bugzilla Link | 3969 |
| Version | unspecified |
| OS | MacOS X |
| Reporter | LLVM Bugzilla Contributor |
| CC | @seanm |
Extended Description
Few ObjC objects have methods which return pointers of their internal data, such as -[NSData bytes], -[NSMutableData mutableBytes] and -[NSBitmapImageRep bitmapData]. If such internal pointer is used after the last reference to the object owning that pointer, the owning object might be collected by garbage collector and the interior pointer would become invalid. This situation happens in optimized builds because the compiler can reuse stack slots it determines are no longer used.
This issue has been documented by Apple [1], but currently developer documentation is lacking (e.g. interior pointer issue is not mentioned in documentation of those classes). These bugs are next to impossible to find via debugging, because they happen only in optimized builds and depend on timing and GC activity. That's why it would be very useful if these bugs could be detected via static analysis.
Currently methods returning interior pointers are not annotated in any way in the headers, so the list of those methods should be probably hardcoded into clang. Fortunately, this list is short. In the future, Apple could use some form of annotations (e.g. method attributes) to mark such methods.
A very long discussion about this issue can be found from the objc-language mailing list [2]. Another, bit shorter discussion about these issues can be found from CocoaBuilder [3].
[1] http://developer.apple.com/documentation/Cocoa/Conceptual/GarbageCollection/Articles/gcUsing.html#//apple_ref/doc/uid/TP40008006-SW7
[2] http://lists.apple.com/archives/objc-language/2009/Mar/msg00037.html
[3] http://www.cocoabuilder.com/archive/message/cocoa/2008/2/18/199325