Skip to content

Commit eabe979

Browse files
authored
[clang][docs] Further improve the docs of the ownership_returns attribute (llvm#191197)
This addresses: llvm#191005 (comment) llvm#191005 (comment) I've reviewed the uses of "argument" and "parameter" and tried to consolidate them to the best of my abilities. This patch fixes up llvm#191005
1 parent ef31b27 commit eabe979

File tree

2 files changed

+17
-13
lines changed

2 files changed

+17
-13
lines changed

clang/docs/analyzer/user-docs/Annotations.rst

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -183,10 +183,10 @@ This attribute may appear at most once per function declaration.
183183

184184
.. code-block:: c
185185
186-
// Without size parameter:
186+
// Without size argument:
187187
void __attribute((ownership_returns(malloc))) *my_malloc(size_t sz);
188188
189-
// With size parameter (parameter 1 is the allocation size in bytes):
189+
// With size argument (describes that the 1st parameter represents the allocation size in bytes):
190190
void __attribute((ownership_returns(malloc, 1))) *my_sized_malloc(size_t sz);
191191
192192
Attribute 'ownership_takes' (Clang-specific)
@@ -207,7 +207,7 @@ Use this attribute to mark functions that take ownership of memory and will deal
207207
208208
void __attribute((ownership_holds(malloc, 2))) store_in_table(int key, record_t *val);
209209
210-
The annotations ``ownership_takes`` and ``ownership_holds`` both prevent memory leak reports (concerning the specified argument); the difference between them is that using taken memory is a use-after-free error, while using held memory is assumed to be legitimate.
210+
The annotations ``ownership_takes`` and ``ownership_holds`` both prevent memory leak reports (concerning the specified parameter); the difference between them is that using taken memory is a use-after-free error, while using held memory is assumed to be legitimate.
211211

212212
Mac OS X API Annotations
213213
________________________

clang/include/clang/Basic/AttrDocs.td

Lines changed: 14 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1640,24 +1640,28 @@ the Clang Static Analyzer makes sure that allocating functions annotated with
16401640
safely deallocated with the standard ``free()``.
16411641

16421642
* Use ``ownership_returns`` to mark a function as an allocating function.
1643-
It takes 1 or 2 parameters.
1644-
The first parameter is a user-provided identifier representing the "kind" of the allocation.
1645-
This is basically what is enforced when checking the deallocation.
1646-
The second parameter is optional.
1643+
It takes 1 or 2 arguments.
1644+
The first argument is a user-provided identifier representing the "kind" of the allocation.
1645+
This is basically what is enforced when checking the deallocation. This is mandatory.
1646+
The second argument is optional.
16471647
It represents the index of the parameter that represents the allocation size in bytes (counting from 1).
16481648
The referenced parameter must have some integral type.
16491649
This attribute may appear at most once per declaration.
1650-
If forward declarations have this attribute, those must have the same parameters.
1650+
If this argument is not set, then tooling, such as the Clang Static Analyzer,
1651+
won't be able to reason about the size of the allocation, thus check potential out-of-bounds accesses.
1652+
However, such tooling could still warn if the wrong deallocation function
1653+
was used for the ``ownership_returns`` attributed resource.
1654+
If forward declarations have this attribute, those must have the same arguments.
16511655
* Use ``ownership_takes`` to mark a function as a deallocating function. Takes 2
1652-
parameters: the allocation type, and the index of the parameter that is being
1656+
arguments: the allocation type, and the index of the parameter that is being
16531657
deallocated (counting from 1).
16541658
* Use ``ownership_holds`` to mark that a function takes over the ownership of a
16551659
piece of memory and will free it at some unspecified point in the future. Like
1656-
``ownership_takes``, this takes 2 parameters: the allocation type, and the
1660+
``ownership_takes``, this takes 2 arguments: the allocation type, and the
16571661
index of the parameter whose ownership will be taken over (counting from 1).
16581662

16591663
The annotations ``ownership_takes`` and ``ownership_holds`` both prevent memory
1660-
leak reports (concerning the specified argument); the difference between them
1664+
leak reports (concerning the specified parameter); the difference between them
16611665
is that using taken memory is a use-after-free error, while using held memory
16621666
is assumed to be legitimate.
16631667

@@ -1672,10 +1676,10 @@ Example:
16721676
// 'sz' (parameter 1) is the allocation size.
16731677
void __attribute((ownership_returns(malloc, 1))) *my_sized_malloc(size_t sz);
16741678

1675-
// Denotes that my_free will deallocate its parameter using free().
1679+
// Denotes that my_free will deallocate its argument using free().
16761680
void __attribute((ownership_takes(malloc, 1))) my_free(void *);
16771681

1678-
// Denotes that my_hold will take over the ownership of its parameter that was
1682+
// Denotes that my_hold will take over the ownership of its argument that was
16791683
// allocated via malloc().
16801684
void __attribute((ownership_holds(malloc, 1))) my_hold(void *);
16811685

0 commit comments

Comments
 (0)