<div dir="ltr">This warning seems like a really nice idea, thanks!<div><br></div><div><div>+def warn_operator_new_returns_null : Warning<<br></div><div><div>+ "%0 must not return NULL unless it is declared 'throw()'">,</div>
<div>+ InGroup<OperatorNewReturnsNull>;</div></div><div><br></div></div><div>Rather than "NULL", please say "a null pointer", and please say "declared 'throw()' or 'noexcept'" when we're in C++11 mode.</div>
<div><br></div><div><div>+ llvm::APSInt ReturnValue;</div><div>+</div><div>+ if (!Proto->isNothrow(Context) &&</div><div>+ RetValExp->EvaluateAsInt(ReturnValue, Context,<br></div><div>+ Expr::SE_AllowSideEffects) &&</div>
<div>+ ReturnValue == 0)</div></div><div><div>+ llvm::APSInt ReturnValue;</div><div>+</div><div>+ if (!Proto->isNothrow(Context) &&</div><div>+ RetValExp->EvaluateAsInt(ReturnValue, Context,</div>
<div>+ Expr::SE_AllowSideEffects) &&</div><div>+ ReturnValue == 0)</div></div><div><br></div><div>Please use RetValExp->isNullPointerConstant instead.</div><div><br></div>
<div>Please also add testcases for operator new returning nullptr, and returning expressions such as 1 - 1, and for operator new marked as 'noexcept'.<br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">
On Thu, Jan 9, 2014 at 12:03 PM, Artyom Skrobov <span dir="ltr"><<a href="mailto:Artyom.Skrobov@arm.com" target="_blank">Artyom.Skrobov@arm.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="HOEnZb"><div class="h5">Hello,<br>
<br>
C++03 section 3.7.3.1 item 3 specifies that "If an allocation function<br>
declared with an empty exception-specification, throw(), fails to allocate<br>
storage, it shall return a null pointer. Any other allocation function that<br>
fails to allocate storage shall only indicate failure by throwing an<br>
exception of class std::bad_alloc or a class derived from std::bad_alloc."<br>
<br>
GCC does indeed issue a warning "'operator new' must not return NULL unless<br>
it is declared 'throw()' (or -fcheck-new is in effect)" for blatant<br>
violations of the aforementioned clause. Clang didn't support such a<br>
warning, and implementing the support for -fcheck-new was dismissed in 2012<br>
as "dubious" :<br>
<a href="http://lists.cs.uiuc.edu/pipermail/cfe-dev/2012-November/025646.html" target="_blank">http://lists.cs.uiuc.edu/pipermail/cfe-dev/2012-November/025646.html</a><br>
<br>
There is a related bugzilla ticket at<br>
<a href="http://llvm.org/bugs/show_bug.cgi?id=16557" target="_blank">http://llvm.org/bugs/show_bug.cgi?id=16557</a> where Eric van Gyzen approaches<br>
the issue at hand from a different direction: inserting runtime checks to<br>
ensure the code is "safe" (i.e. not calling the constructor on a null<br>
pointer) even when it's blatantly wrong as per above. We aren't sure about<br>
the validity of that approach (catering for the incorrect code, in addition<br>
to accepting it silently); so instead, we propose a patch that adds the<br>
missing warning, matching GCC's.<br>
<br>
OK to commit?</div></div><br>_______________________________________________<br>
cfe-commits mailing list<br>
<a href="mailto:cfe-commits@cs.uiuc.edu">cfe-commits@cs.uiuc.edu</a><br>
<a href="http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits" target="_blank">http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits</a><br>
<br></blockquote></div><br></div>