[PATCH] [StaticAnalyzer]Handle Destructor call generated by C++ delete expr

Jordan Rose jordan_rose at apple.com
Fri Sep 20 18:49:22 PDT 2013

  Came up with two more missing tests:

  NoReturnDtor *fooArray = 0;
  delete[] fooArray; // should not call destructor, checked below
  clang_analyzer_eval(true); // expected-warning{{TRUE}}

  NoReturnDtor *p = new NoReturnDtor[2];
  delete[] p; // Calls the base destructor which aborts, checked below
  clang_analyzer_eval(true); // no warn

  The first one works, but the second one doesn't. I know our array handling is weak, but we should probably still understand why. Is it a CFG issue?

Comment at: lib/StaticAnalyzer/Core/ExprEngine.cpp:580
@@ +579,3 @@
+  if (State->isNull(ArgVal).isConstrainedTrue()) {
+    QualType DTy = DE->getDestroyedType();
+    const CXXDestructorDecl *Dtor = DTy->getAsCXXRecordDecl()->getDestructor();
This is now missing the part that drills down to the base element. Since we don't care about qualifiers, we can just use getBaseElementTypeUnsafe. (No one's actually checking that all PostImplicitCalls have a valid decl, but they probably should.)


More information about the cfe-commits mailing list