[llvm-bugs] [Bug 37370] New: CallEvent::isCalled() failed for a call made by template parameter that is a function pointer

via llvm-bugs llvm-bugs at lists.llvm.org
Tue May 8 08:53:46 PDT 2018 

https://bugs.llvm.org/show_bug.cgi?id=37370

            Bug ID: 37370
           Summary: CallEvent::isCalled() failed for a call made by
                    template parameter that is a function pointer
           Product: clang
           Version: trunk
          Hardware: PC
                OS: Windows NT
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: Static Analyzer
          Assignee: dcoughlin at apple.com
          Reporter: artem.razin at gmail.com
                CC: llvm-bugs at lists.llvm.org, noqnoqneo at gmail.com

While trying create a handle leak detection checker found the following issue.

Here the checkPreCall() call, it checks a call against CloseHandle (used in
Windows API to close handles):

void HandleChecker::checkPreCall(
        const CallEvent &Call,
        CheckerContext &C) const
{
        if (Call.isCalled(_closeHandleFn))
                fprintf(stderr, "It's CloseHandle: ");
        else
                fprintf(stderr, "It's NOT CloseHandle: ");
        Call.dump();
}

It works as expected when a code calls CloseHandle by usual call, or by
pointer, but when CloseHandle address is used as template parameter
Call.isCalled() fails.

The code that was checked to reproduce the behavior is the following:

typedef BOOL (WINAPI *P_CloseHandle)(HANDLE);

template <P_CloseHandle pCloseHandle> struct AutoCloseHandle
{
  AutoCloseHandle(HANDLE h) : _h(h) {}
  ~AutoCloseHandle() { pCloseHandle(_h); };
  HANDLE _h;
};

int main()
{
  AutoCloseHandle<&CloseHandle> autoCloseHandle(NULL);
  return 1;
}

Additionally I've checked Call.getDecl() and Call.getOriginExpr().

Call.getDecl() is NULL for that call. Call.getOriginExpr() is the following:

CallExpr 0x64ecb10 'BOOL':'int'
|-SubstNonTypeTemplateParmExpr 0x64ecac0 'BOOL (*)(HANDLE)
__attribute__((stdcall))'
| `-UnaryOperator 0x64ecaa8 'BOOL (*)(HANDLE) __attribute__((stdcall))' prefix
'&' cannot overflow
|   `-DeclRefExpr 0x64eca90 'BOOL (HANDLE) __attribute__((stdcall))':'BOOL
(HANDLE) __attribute__((stdcall))' lvalue Function 0x57b8890 'CloseHandle'
'BOOL (HANDLE) __attribute__((stdcall))':'BOOL (HANDLE)
__attribute__((stdcall))'
`-ImplicitCastExpr 0x64ecb30 'HANDLE':'void *' <LValueToRValue>
  `-MemberExpr 0x64ecae8 'HANDLE':'void *' lvalue ->_h 0x64dc710
    `-CXXThisExpr 0x64ecad8 'struct AutoCloseHandle<&CloseHandle> *' this

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20180508/12f71101/attachment.html>

More information about the llvm-bugs mailing list