[PATCH] [StaticAnalyzer]Handle Destructor call generated by C++ delete expr

Anna Zaks zaks.anna at gmail.com
Mon Sep 16 09:54:25 PDT 2013

  > When i checked it was being reported at the ending curly brace of the function.

  What is the callback that triggers it?

  If we skip the first time the use-after-free happens, we report the error in the destructor. However, that destructor is called when processing the second delete, so if we report on the first occurrence of use-after-free, the location should be before we called the destructor, not after.

  Can you investigate why that is not the case?

  I assume we talk about this example:

  void testDoubleDeleteClassInstance() {
    DerefClass *foo = new DerefClass();
    delete foo;
    delete foo; // FIXME: We should ideally report warning here instead of inside the destructor.


More information about the cfe-commits mailing list