[PATCH] [analyzer][Review request] Partial fix for PR19102.
Антон Ярцев
anton.yartsev at gmail.com
Wed Jul 23 06:58:55 PDT 2014
Simplified the check, an un-consumed new is now treated a leak unless the constructor has a parameter of a pointer-to-record type. The check is not expensive and covers LLVM cases.
Did not added -Wunused-like new warning for now. Do you think this warning is needed apart from the checker? Doubt it ever be used. Anyway I think it is better to implement the warning as a separate patch as the change is not analyzer specific.
Is there a way to get the constructor inlined when it is called from a new expression? ExprEngine::VisitCXXConstructExpr() always left 'wasInlined' equal 'false'.
http://reviews.llvm.org/D4025
Files:
lib/StaticAnalyzer/Checkers/MallocChecker.cpp
test/Analysis/NewDeleteLeaks-PR19102.cpp
Index: lib/StaticAnalyzer/Checkers/MallocChecker.cpp
===================================================================
--- lib/StaticAnalyzer/Checkers/MallocChecker.cpp
+++ lib/StaticAnalyzer/Checkers/MallocChecker.cpp
@@ -15,6 +15,7 @@
#include "ClangSACheckers.h"
#include "InterCheckerAPI.h"
#include "clang/AST/Attr.h"
+#include "clang/AST/ParentMap.h"
#include "clang/Basic/SourceManager.h"
#include "clang/Basic/TargetInfo.h"
#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
@@ -753,6 +754,44 @@
C.addTransition(State);
}
+static QualType getDeepPointeeType(QualType T) {
+ QualType Result = T, PointeeType = T->getPointeeType();
+ while (!PointeeType.isNull()) {
+ Result = PointeeType;
+ PointeeType = PointeeType->getPointeeType();
+ }
+ return Result;
+}
+
+static bool treatUnusedNewEscaped(const CXXNewExpr *NE) {
+
+ const CXXConstructExpr* ConstructE = NE->getConstructExpr();
+ if (!ConstructE)
+ return false;
+
+ QualType ConstructedTy = NE->getAllocatedType().getCanonicalType();
+ if (!ConstructedTy->getAsCXXRecordDecl())
+ return false;
+
+ CXXConstructorDecl* CtorD = ConstructE->getConstructor();
+
+ // Iterate over the constructor parameters.
+ for (const auto *CtorParam : CtorD->params()) {
+
+ QualType CtorParamPointeeT = CtorParam->getType()->getPointeeType();
+ if (CtorParamPointeeT.isNull())
+ continue;
+
+ CtorParamPointeeT = getDeepPointeeType(CtorParamPointeeT).
+ getCanonicalType().getUnqualifiedType();
+
+ if (CtorParamPointeeT->getAsCXXRecordDecl())
+ return true;
+ }
+
+ return false;
+}
+
void MallocChecker::checkPostStmt(const CXXNewExpr *NE,
CheckerContext &C) const {
@@ -763,6 +802,10 @@
checkUseAfterFree(Sym, C, *I);
if (!isStandardNewDelete(NE->getOperatorNew(), C.getASTContext()))
+ return;
+
+ ParentMap &PM = C.getLocationContext()->getParentMap();
+ if (!PM.isConsumedExpr(NE) && treatUnusedNewEscaped(NE))
return;
ProgramStateRef State = C.getState();
Index: test/Analysis/NewDeleteLeaks-PR19102.cpp
===================================================================
--- test/Analysis/NewDeleteLeaks-PR19102.cpp
+++ test/Analysis/NewDeleteLeaks-PR19102.cpp
@@ -0,0 +1,24 @@
+// RUN: %clang_cc1 -analyze -analyzer-checker=core,alpha.cplusplus.NewDeleteLeaks -verify %s
+
+class A0 {};
+
+class A1 {
+public:
+ A1(int);
+};
+
+struct S{};
+class A2 {
+public:
+ A2();
+ A2(int, S**);
+};
+
+void test() {
+ new int; // expected-warning at +1 {{Potential memory leak}}
+ new A0; // expected-warning at +1 {{Potential memory leak}}
+ new A1(0); // expected-warning at +1 {{Potential memory leak}}
+ new A2; // expected-warning at +1 {{Potential memory leak}}
+ S* s = new S;
+ new A2(1, &s); // no warning
+}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D4025.11808.patch
Type: text/x-patch
Size: 2848 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20140723/8bd78eb2/attachment.bin>
More information about the cfe-commits
mailing list