[PATCH] D75430: [analyzer][NFC] Introduce CXXDeallocatorCall, deploy it in MallocChecker

Artem Dergachev via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Tue Mar 3 20:10:02 PST 2020 

NoQ added a comment.

I love where this is going.

> the reason behind this is that neither does `preStmt<CXXDeleteExpr>` have a `postStmt<CXXDeleteExpr>` pair. But I have no clue why that is :^)

I'm pretty sure it's forgotten :/



================
Comment at: clang/include/clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h:67
   CE_CXXAllocator,
+  CE_CXXDeallocator,
   CE_BEG_FUNCTION_CALLS = CE_Function,
----------------
After this you probably received compiler warnings saying "case isn't covered in switch". You'll need to clean them up.

Another thing to do would be to update `CallEventManager`'s `getCall()` and `getCaller()` methods that'd allow the users to construct the new `CallEvent` easily without thinking about what specific kind of call event it is.


================
Comment at: clang/include/clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h:958
+
+  unsigned getNumArgs() const override { return getDecl()->getNumParams(); }
+
----------------
Charusso wrote:
> `return getOriginExpr()->getNumArgs()`
This wouldn't compile. `CXXDeleteExpr` is not a `CallExpr`.

It sounds like there are currently [[ http://www.cplusplus.com/reference/new/operator%20delete/ | five different `operator delete`s ]]:
{F11474783}

And, unlike `operator new`, there's no option to provide custom "placement" arguments.

So i think the logic in this patch is correct but we should do some custom logic for all 5 cases in the `getArgExpr` method, where argument expressions for the extra arguments will have to be conjured out of thin air (or we might as well return null).


================
Comment at: clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp:853
+      CDE, Pred->getState(), Pred->getLocationContext());
+  getCheckerManager().runCheckersForPreCall(Dst, Pred, *Call, *this);
 }
----------------
Yes, we should absolutely have `PostCall` here as well, even if nothing happens in between.

And once it's there, the next major step would be to invoke `ExprEngine::evalCall()` instead if the operator was overloaded, so that we could //inline// the deallocator (or evaluate it conservatively, which might also be of value as it would invalidate the necessary globals).


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D75430/new/

https://reviews.llvm.org/D75430

More information about the cfe-commits mailing list