[PATCH] [StaticAnalyzer]Handle Destructor call generated by C++ delete expr

Wed Sep 4 00:58:41 PDT 2013

Hi jordan_rose,

Hi Jordan,
Thanks for committing the previous patch. Now that we have modified CFG to handle dtor call corresponding to delete call  we can proceed and link the same with Core.

Adding patch to handle destructor call generated by C++ delete expression in SA Core.

Please let me know your comments on the same and if it is good to commit.

Thanks
Karthik Bhat

http://llvm-reviews.chandlerc.com/D1594

Files:
  test/Analysis/new.cpp
  include/clang/Analysis/CFG.h
  lib/StaticAnalyzer/Core/ExprEngine.cpp
  lib/StaticAnalyzer/Core/CallEvent.cpp

Index: test/Analysis/new.cpp
===================================================================

--- test/Analysis/new.cpp
+++ test/Analysis/new.cpp
@@ -206,3 +206,19 @@
   }
   return 1;
 }
+
+// Test modelling destructor call on call to delete
+class DestTest{
+  public:
+    int y;
+    int k;
+    DestTest() {};
+    ~DestTest() {k = k/y;}; //expected-warning{{Division by zero}}
+};
+
+void testCallToDestructor() {
+  DestTest* b = new DestTest();
+  b->y = 0;
+  b->k = 1;
+  delete b; // This results in divide by zero in destructor
+}
Index: include/clang/Analysis/CFG.h
===================================================================
--- include/clang/Analysis/CFG.h
+++ include/clang/Analysis/CFG.h
@@ -203,6 +203,11 @@
   const CXXDeleteExpr *getDeleteExpr() {
     return static_cast<CXXDeleteExpr *>(Data2.getPointer());
   }
+  
+  // Get Delete expression which triggered the destructor call.
+  const CXXDeleteExpr *getDeleteExpr() const {
+    return static_cast<CXXDeleteExpr *>(Data2.getPointer());
+  }
 
 
 private:
Index: lib/StaticAnalyzer/Core/ExprEngine.cpp
===================================================================
--- lib/StaticAnalyzer/Core/ExprEngine.cpp
+++ lib/StaticAnalyzer/Core/ExprEngine.cpp
@@ -569,7 +569,14 @@
 void ExprEngine::ProcessDeleteDtor(const CFGDeleteDtor Dtor,
                                    ExplodedNode *Pred,
                                    ExplodedNodeSet &Dst) {
-  //TODO: Handle DeleteDtor
+  const LocationContext *LCtx = Pred->getLocationContext();
+  const CXXDeleteExpr *DE = Dtor.getDeleteExpr();
+  const Stmt* Arg = cast<Stmt>(DE->getArgument());
+  SVal ArgVal = Pred->getState()->getSVal(Arg, LCtx);
+  VisitCXXDestructor(DE->getDestroyedType(),
+                     ArgVal.castAs<loc::MemRegionVal>().getRegion(),
+                     DE, /*IsBase=*/ false,
+                     Pred, Dst);
 }
 
 void ExprEngine::ProcessBaseDtor(const CFGBaseDtor D,
Index: lib/StaticAnalyzer/Core/CallEvent.cpp
===================================================================
--- lib/StaticAnalyzer/Core/CallEvent.cpp
+++ lib/StaticAnalyzer/Core/CallEvent.cpp
@@ -957,6 +957,8 @@
   const Stmt *Trigger;
   if (Optional<CFGAutomaticObjDtor> AutoDtor = E.getAs<CFGAutomaticObjDtor>())
     Trigger = AutoDtor->getTriggerStmt();
+  else if (Optional<CFGDeleteDtor> DeleteDtor = E.getAs<CFGDeleteDtor>())
+    Trigger = cast<Stmt>(DeleteDtor->getDeleteExpr());
   else
     Trigger = Dtor->getBody();
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D1594.1.patch
Type: text/x-patch
Size: 2483 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20130904/1c7ac594/attachment.bin>
