[clang] 587becb - [WebKit checkers] Disallow operator delete in a trivial context. (#185122)

via cfe-commits cfe-commits at lists.llvm.org
Sat Mar 7 01:42:44 PST 2026 

Author: Ryosuke Niwa
Date: 2026-03-07T01:42:39-08:00
New Revision: 587becb624fa32329109f1fe53c6b7d4e93eaf81

URL: https://github.com/llvm/llvm-project/commit/587becb624fa32329109f1fe53c6b7d4e93eaf81
DIFF: https://github.com/llvm/llvm-project/commit/587becb624fa32329109f1fe53c6b7d4e93eaf81.diff

LOG: [WebKit checkers] Disallow operator delete in a trivial context. (#185122)

This PR changes the "trivial function analysis" to disallow `operator
delete` in a "trival" or "nodelete" function or statement. Without this,
the delete operator could deallocate memory for a reference counted
objects, etc...

Added: 
    

Modified: 
    clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp
    clang/test/Analysis/Checkers/WebKit/nodelete-annotation.cpp

Removed: 
    


################################################################################
diff  --git a/clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp b/clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp
index 0b1f30923d49c..d239ed4c8a5ae 100644
--- a/clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp
@@ -886,10 +886,6 @@ class TrivialFunctionAnalysisVisitor
     return IsFunctionTrivial(CE->getConstructor());
   }
 
-  bool VisitCXXDeleteExpr(const CXXDeleteExpr *DE) {
-    return CanTriviallyDestruct(DE->getDestroyedType());
-  }
-
   bool VisitCXXInheritedCtorInitExpr(const CXXInheritedCtorInitExpr *E) {
     return IsFunctionTrivial(E->getConstructor());
   }

diff  --git a/clang/test/Analysis/Checkers/WebKit/nodelete-annotation.cpp b/clang/test/Analysis/Checkers/WebKit/nodelete-annotation.cpp
index faf43178fae9a..6906afb7fa0f6 100644
--- a/clang/test/Analysis/Checkers/WebKit/nodelete-annotation.cpp
+++ b/clang/test/Analysis/Checkers/WebKit/nodelete-annotation.cpp
@@ -70,6 +70,31 @@ void [[clang::annotate_type("webkit.nodelete")]] callsUnsafe() {
   someFunction(); // expected-warning{{A function 'callsUnsafe' has [[clang::annotate_type("webkit.nodelete")]] but it contains code that could destruct an object}}
 }
 
+int* [[clang::annotate_type("webkit.nodelete")]] createsInt() {
+  return new int;
+}
+
+void [[clang::annotate_type("webkit.nodelete")]] destroysInt(int* number) {
+  delete number; // expected-warning{{A function 'destroysInt' has [[clang::annotate_type("webkit.nodelete")]] but it contains code that could destruct an object}}
+}
+
+struct IntPoint {
+  int x { 0 };
+  int y { 0 };
+};
+
+IntPoint* [[clang::annotate_type("webkit.nodelete")]] createsIntPoint() {
+  return new IntPoint[2];
+}
+
+void [[clang::annotate_type("webkit.nodelete")]] destroysIntPoint(IntPoint* point) {
+  delete[] point; // expected-warning{{A function 'destroysIntPoint' has [[clang::annotate_type("webkit.nodelete")]] but it contains code that could destruct an object}}
+}
+
+void [[clang::annotate_type("webkit.nodelete")]] callOperatorDelete(int* number) {
+  ::operator delete(number); // expected-warning{{A function 'callOperatorDelete' has [[clang::annotate_type("webkit.nodelete")]] but it contains code that could destruct an object}}
+}
+
 void [[clang::annotate_type("webkit.nodelete")]] callsUnsafeWithSuppress();
 
 [[clang::suppress]] void callsUnsafeWithSuppress() {
@@ -336,6 +361,7 @@ struct SubData : Data {
 
 void [[clang::annotate_type("webkit.nodelete")]] makeData() {
   RefPtr<Data> constantData[2] = { Data::create() };
+  // expected-warning at -1{{A function 'makeData' has [[clang::annotate_type("webkit.nodelete")]] but it contains code that could destruct an object}}
   RefPtr<Data> data[] = { Data::create() };
 }

More information about the cfe-commits mailing list