[PATCH] [StaticAnalyzer]Handle Destructor call generated by C++ delete expr
Jordan Rose
jordan_rose at apple.com
Fri Sep 13 17:22:19 PDT 2013
================
Comment at: lib/StaticAnalyzer/Core/ExprEngine.cpp:579-580
@@ +578,4 @@
+ // dont run destructor.
+ if (!ArgVal.isUnknown() &&
+ State->isNull(ArgVal).isConstrainedTrue()) {
+ StmtNodeBuilder Bldr(Pred, Dst, *currBldrCtx);
----------------
The isUnknown() is redundant here...if it's unknown, `isNull` won't result in a known-true outcome.
================
Comment at: lib/StaticAnalyzer/Core/ExprEngine.cpp:586
@@ +585,3 @@
+ VisitCXXDestructor(DE->getDestroyedType(),
+ ArgVal.getAsRegion(),
+ DE, /*IsBase=*/ false,
----------------
Since this might be NULL, we should still fix up VisitCXXDestructor to use UnknownVal instead of unconditionally using a loc::MemRegionVal.
================
Comment at: lib/StaticAnalyzer/Checkers/MallocChecker.cpp:1793-1796
@@ -1792,3 +1792,6 @@
- if (isReleased(Sym, C)) {
+ // FIXME: In case of double delete of class instance. The call to destructor
+ // on second delete result in use of memory after free but doesn't correspond
+ // to any stmt. Currently skipping through handle the same.
+ if (isReleased(Sym, C) && S) {
ReportUseAfterFree(C, S->getSourceRange(), Sym);
----------------
Anna's right here; if we don't have a statement, we can just pass an invalid source range, or perhaps change the argument to ReportUseAfterFree to be an Optional<SourceRange>.
http://llvm-reviews.chandlerc.com/D1594
More information about the cfe-commits
mailing list