2018-08-30 04:29:17 +08:00
|
|
|
// RUN: %clang_analyze_cc1 -std=c++11 -analyzer-checker=core,cplusplus.NewDelete,cplusplus.NewDeleteLeaks,debug.ExprInspection -analyzer-config c++-allocator-inlining=true -std=c++11 -verify -analyzer-config eagerly-assume=false %s
|
2018-01-18 06:34:23 +08:00
|
|
|
|
|
|
|
void clang_analyzer_eval(bool);
|
|
|
|
void clang_analyzer_dump(int);
|
|
|
|
|
|
|
|
typedef __typeof__(sizeof(int)) size_t;
|
|
|
|
|
|
|
|
void *conjure();
|
|
|
|
void exit(int);
|
|
|
|
|
|
|
|
struct S;
|
|
|
|
|
|
|
|
S *global_s;
|
|
|
|
|
|
|
|
// Recursive operator kinda placement new.
|
|
|
|
void *operator new(size_t size, S *place);
|
|
|
|
|
|
|
|
enum class ConstructionKind : char {
|
|
|
|
Garbage,
|
|
|
|
Recursive
|
|
|
|
};
|
|
|
|
|
|
|
|
struct S {
|
|
|
|
public:
|
|
|
|
int x;
|
|
|
|
S(): x(1) {}
|
|
|
|
S(int y): x(y) {}
|
|
|
|
|
|
|
|
S(ConstructionKind k) {
|
|
|
|
switch (k) {
|
|
|
|
case ConstructionKind::Recursive: { // Call one more operator new 'r'ecursively.
|
|
|
|
S *s = new (nullptr) S(5);
|
|
|
|
x = s->x + 1;
|
|
|
|
global_s = s;
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
case ConstructionKind::Garbage: {
|
|
|
|
// Leaves garbage in 'x'.
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
~S() {}
|
|
|
|
};
|
|
|
|
|
|
|
|
// Do not try this at home!
|
|
|
|
void *operator new(size_t size, S *place) {
|
|
|
|
if (!place)
|
|
|
|
return new S();
|
|
|
|
return place;
|
|
|
|
}
|
|
|
|
|
|
|
|
void testThatCharConstructorIndeedYieldsGarbage() {
|
|
|
|
S *s = new S(ConstructionKind::Garbage);
|
|
|
|
clang_analyzer_eval(s->x == 0); // expected-warning{{UNKNOWN}}
|
|
|
|
clang_analyzer_eval(s->x == 1); // expected-warning{{UNKNOWN}}
|
|
|
|
// FIXME: This should warn, but MallocChecker doesn't default-bind regions
|
|
|
|
// returned by standard operator new to garbage.
|
|
|
|
s->x += 1; // no-warning
|
|
|
|
delete s;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void testChainedOperatorNew() {
|
|
|
|
S *s;
|
|
|
|
// * Evaluate standard new.
|
|
|
|
// * Evaluate constructor S(3).
|
|
|
|
// * Bind value for standard new.
|
|
|
|
// * Evaluate our custom new.
|
|
|
|
// * Evaluate constructor S(Garbage).
|
|
|
|
// * Bind value for our custom new.
|
|
|
|
s = new (new S(3)) S(ConstructionKind::Garbage);
|
|
|
|
clang_analyzer_eval(s->x == 3); // expected-warning{{TRUE}}
|
|
|
|
// expected-warning@+9{{Potential leak of memory pointed to by 's'}}
|
|
|
|
|
|
|
|
// * Evaluate standard new.
|
|
|
|
// * Evaluate constructor S(Garbage).
|
|
|
|
// * Bind value for standard new.
|
|
|
|
// * Evaluate our custom new.
|
|
|
|
// * Evaluate constructor S(4).
|
|
|
|
// * Bind value for our custom new.
|
|
|
|
s = new (new S(ConstructionKind::Garbage)) S(4);
|
|
|
|
clang_analyzer_eval(s->x == 4); // expected-warning{{TRUE}}
|
|
|
|
delete s;
|
|
|
|
|
|
|
|
// -> Enter our custom new (nullptr).
|
|
|
|
// * Evaluate standard new.
|
|
|
|
// * Inline constructor S().
|
|
|
|
// * Bind value for standard new.
|
|
|
|
// <- Exit our custom new (nullptr).
|
|
|
|
// * Evaluate constructor S(Garbage).
|
|
|
|
// * Bind value for our custom new.
|
|
|
|
s = new (nullptr) S(ConstructionKind::Garbage);
|
|
|
|
clang_analyzer_eval(s->x == 1); // expected-warning{{TRUE}}
|
|
|
|
delete s;
|
|
|
|
|
|
|
|
// -> Enter our custom new (nullptr).
|
|
|
|
// * Evaluate standard new.
|
|
|
|
// * Inline constructor S().
|
|
|
|
// * Bind value for standard new.
|
|
|
|
// <- Exit our custom new (nullptr).
|
|
|
|
// -> Enter constructor S(Recursive).
|
|
|
|
// -> Enter our custom new (nullptr).
|
|
|
|
// * Evaluate standard new.
|
|
|
|
// * Inline constructor S().
|
|
|
|
// * Bind value for standard new.
|
|
|
|
// <- Exit our custom new (nullptr).
|
|
|
|
// * Evaluate constructor S(5).
|
|
|
|
// * Bind value for our custom new (nullptr).
|
|
|
|
// * Assign that value to global_s.
|
|
|
|
// <- Exit constructor S(Recursive).
|
|
|
|
// * Bind value for our custom new (nullptr).
|
|
|
|
global_s = nullptr;
|
|
|
|
s = new (nullptr) S(ConstructionKind::Recursive);
|
|
|
|
clang_analyzer_eval(global_s); // expected-warning{{TRUE}}
|
|
|
|
clang_analyzer_eval(global_s->x == 5); // expected-warning{{TRUE}}
|
|
|
|
clang_analyzer_eval(s->x == 6); // expected-warning{{TRUE}}
|
|
|
|
delete s;
|
|
|
|
}
|