[PATCH] [StaticAnalyzer]Handle Destructor call generated by C++ delete expr

Karthik Bhat kv.bhat at samsung.com
Tue Sep 17 07:26:07 PDT 2013

  Hi Anna,Jordan,
  Please find initial analysis-
    What is the callback that triggers it?
  checkUseAfterFree is triggered by checkPreCall which is called during VisitCXXDestructor call. The Statement is null as                      CC->getCXXThisExpr() is null here.

  The diagnostic is reported at the ending curly brace in the case if we use an invalid range(or emit without range).
  The reason for that is that currently we do not have a Stmt associated with a destructor call in this case as a result BugReporter getLocation function will return the right brace location (getLocation()->PathDiagnosticLocation::createEndOfPath()->createDeclEnd()).

  To fix this i think we might have to implement getCXXThisExpr in CXXDestructorCall class and return the argument passed to the deleteExpr in case CXXDestructorCall is triggered from a delete call.

  I feel that it is better to take it in steps. What we are trying to achieve in this patch is to call the destructor code when we have a call to delete.
  It would be good we have a separate patch to address the double delete issue we have discussed above but if you feel a single patch would be good i will start to patch double delete issue in this as well.

  Karthik Bhat


More information about the cfe-commits mailing list