[PATCH] [StaticAnalyzer]Handle Destructor call generated by C++ delete expr

Jordan Rose jordan_rose at apple.com
Thu Sep 12 09:34:41 PDT 2013

  I don't think this is the right approach; see comments.

  Also, nitpick: it'd be nice if the tests also followed the LLVM style and general spacing rules. Watch for "delte" typos too.

Comment at: lib/StaticAnalyzer/Checkers/MallocChecker.cpp:1793
@@ -1792,3 +1792,3 @@
-  if (isReleased(Sym, C)) {
+  if (isReleased(Sym, C) && S) {
     ReportUseAfterFree(C, S->getSourceRange(), Sym);
I'm not sure this is the right fix; we definitely still want to report this. Please mark this with a FIXME comment, at least.

Comment at: lib/StaticAnalyzer/Core/ExprEngineCXX.cpp:299-307
@@ -298,2 +298,11 @@
   // invalidate the entire array).
+  // If the memory region is null do not call the
+  // destructors. Return a node with state same as previous node.
+  // Do not process further.
+  if (!Dest) {
+    StmtNodeBuilder Bldr(Pred, Dst, *currBldrCtx);
+    Bldr.generateNode(S, Pred, State);
+    return;
+  }
   SVal DestVal = loc::MemRegionVal(Dest);
This is wrong; if the MemRegion* is null that might just mean we can't model it (the UnknownVal case). That's unusual, but it doesn't mean we shouldn't run the destructor. This check should go in `ProcessDeleteDtor`, where you can actually check if the given argument value is null.


More information about the cfe-commits mailing list