Author: szelethus Date: Sat Dec 15 10:41:37 2018 New Revision: 349283 URL: http://llvm.org/viewvc/llvm-project?rev=349283&view=rev Log: [analyzer][MallocChecker] Improve warning messages on double-delete errors
Differential Revision: https://reviews.llvm.org/D54834 Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp cfe/trunk/test/Analysis/Inputs/expected-plists/NewDelete-path-notes.cpp.plist cfe/trunk/test/Analysis/Malloc+MismatchedDeallocator+NewDelete.cpp cfe/trunk/test/Analysis/NewDelete-checker-test.cpp cfe/trunk/test/Analysis/NewDelete-path-notes.cpp cfe/trunk/test/Analysis/dtor.cpp Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp?rev=349283&r1=349282&r2=349283&view=diff ============================================================================== --- cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp Sat Dec 15 10:41:37 2018 @@ -1431,7 +1431,8 @@ ProgramStateRef MallocChecker::addExtent void MallocChecker::checkPreStmt(const CXXDeleteExpr *DE, CheckerContext &C) const { - + // This will regard deleting freed() regions as a use-after-free, rather then + // a double-free or double-delete error. if (!ChecksEnabled[CK_NewDeleteChecker]) if (SymbolRef Sym = C.getSVal(DE->getArgument()).getAsSymbol()) checkUseAfterFree(Sym, C, DE->getArgument()); @@ -1628,7 +1629,8 @@ ProgramStateRef MallocChecker::FreeMemAu } /// Checks if the previous call to free on the given symbol failed - if free -/// failed, returns true. Also, returns the corresponding return value symbol. +/// failed, returns true. Also, stores the corresponding return value symbol in +/// \p RetStatusSymbol. static bool didPreviousFreeFail(ProgramStateRef State, SymbolRef Sym, SymbolRef &RetStatusSymbol) { const SymbolRef *Ret = State->get<FreeReturnValue>(Sym); @@ -2289,6 +2291,12 @@ void MallocChecker::ReportDoubleFree(Che if (!CheckKind.hasValue()) return; + // If this is a double delete error, print the appropiate warning message. + if (CheckKind == CK_NewDeleteChecker) { + ReportDoubleDelete(C, Sym); + return; + } + if (ExplodedNode *N = C.generateErrorNode()) { if (!BT_DoubleFree[*CheckKind]) BT_DoubleFree[*CheckKind].reset(new BugType( Modified: cfe/trunk/test/Analysis/Inputs/expected-plists/NewDelete-path-notes.cpp.plist URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/Inputs/expected-plists/NewDelete-path-notes.cpp.plist?rev=349283&r1=349282&r2=349283&view=diff ============================================================================== --- cfe/trunk/test/Analysis/Inputs/expected-plists/NewDelete-path-notes.cpp.plist (original) +++ cfe/trunk/test/Analysis/Inputs/expected-plists/NewDelete-path-notes.cpp.plist Sat Dec 15 10:41:37 2018 @@ -194,17 +194,17 @@ </array> <key>depth</key><integer>0</integer> <key>extended_message</key> - <string>Attempt to free released memory</string> + <string>Attempt to delete released memory</string> <key>message</key> - <string>Attempt to free released memory</string> + <string>Attempt to delete released memory</string> </dict> </array> - <key>description</key><string>Attempt to free released memory</string> + <key>description</key><string>Attempt to delete released memory</string> <key>category</key><string>Memory error</string> - <key>type</key><string>Double free</string> + <key>type</key><string>Double delete</string> <key>check_name</key><string>cplusplus.NewDelete</string> <!-- This hash is experimental and going to change! --> - <key>issue_hash_content_of_line_in_context</key><string>bd8e324d09c70b9e2be6f824a4942e5a</string> + <key>issue_hash_content_of_line_in_context</key><string>593b185245106bed5175ccf2753039b2</string> <key>issue_context_kind</key><string>function</string> <key>issue_context</key><string>test</string> <key>issue_hash_function_offset</key><string>8</string> @@ -423,17 +423,17 @@ </array> <key>depth</key><integer>0</integer> <key>extended_message</key> - <string>Attempt to free released memory</string> + <string>Attempt to delete released memory</string> <key>message</key> - <string>Attempt to free released memory</string> + <string>Attempt to delete released memory</string> </dict> </array> - <key>description</key><string>Attempt to free released memory</string> + <key>description</key><string>Attempt to delete released memory</string> <key>category</key><string>Memory error</string> - <key>type</key><string>Double free</string> + <key>type</key><string>Double delete</string> <key>check_name</key><string>cplusplus.NewDelete</string> <!-- This hash is experimental and going to change! --> - <key>issue_hash_content_of_line_in_context</key><string>8bf1a5b9fdae9d86780aa6c4cdce2605</string> + <key>issue_hash_content_of_line_in_context</key><string>6484e9b006ede7362edef2187ba6eb37</string> <key>issue_context_kind</key><string>function</string> <key>issue_context</key><string>test</string> <key>issue_hash_function_offset</key><string>3</string> Modified: cfe/trunk/test/Analysis/Malloc+MismatchedDeallocator+NewDelete.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/Malloc%2BMismatchedDeallocator%2BNewDelete.cpp?rev=349283&r1=349282&r2=349283&view=diff ============================================================================== --- cfe/trunk/test/Analysis/Malloc+MismatchedDeallocator+NewDelete.cpp (original) +++ cfe/trunk/test/Analysis/Malloc+MismatchedDeallocator+NewDelete.cpp Sat Dec 15 10:41:37 2018 @@ -46,7 +46,7 @@ void testMismatchedDeallocator() { void testNewDoubleFree() { int *p = new int; delete p; - delete p; // expected-warning{{Attempt to free released memory}} + delete p; // expected-warning{{Attempt to delete released memory}} } void testNewLeak() { Modified: cfe/trunk/test/Analysis/NewDelete-checker-test.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/NewDelete-checker-test.cpp?rev=349283&r1=349282&r2=349283&view=diff ============================================================================== --- cfe/trunk/test/Analysis/NewDelete-checker-test.cpp (original) +++ cfe/trunk/test/Analysis/NewDelete-checker-test.cpp Sat Dec 15 10:41:37 2018 @@ -182,7 +182,7 @@ void testUseThisAfterDelete() { void testDoubleDelete() { int *p = new int; delete p; - delete p; // expected-warning{{Attempt to free released memory}} + delete p; // expected-warning{{Attempt to delete released memory}} } void testExprDeleteArg() { Modified: cfe/trunk/test/Analysis/NewDelete-path-notes.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/NewDelete-path-notes.cpp?rev=349283&r1=349282&r2=349283&view=diff ============================================================================== --- cfe/trunk/test/Analysis/NewDelete-path-notes.cpp (original) +++ cfe/trunk/test/Analysis/NewDelete-path-notes.cpp Sat Dec 15 10:41:37 2018 @@ -11,8 +11,8 @@ void test() { delete p; // expected-note@-1 {{Memory is released}} - delete p; // expected-warning {{Attempt to free released memory}} - // expected-note@-1 {{Attempt to free released memory}} + delete p; // expected-warning {{Attempt to delete released memory}} + // expected-note@-1 {{Attempt to delete released memory}} } struct Odd { @@ -24,7 +24,7 @@ struct Odd { void test(Odd *odd) { odd->kill(); // expected-note{{Calling 'Odd::kill'}} // expected-note@-1 {{Returning; memory was released}} - delete odd; // expected-warning {{Attempt to free released memory}} - // expected-note@-1 {{Attempt to free released memory}} + delete odd; // expected-warning {{Attempt to delete released memory}} + // expected-note@-1 {{Attempt to delete released memory}} } Modified: cfe/trunk/test/Analysis/dtor.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/dtor.cpp?rev=349283&r1=349282&r2=349283&view=diff ============================================================================== --- cfe/trunk/test/Analysis/dtor.cpp (original) +++ cfe/trunk/test/Analysis/dtor.cpp Sat Dec 15 10:41:37 2018 @@ -528,7 +528,7 @@ struct NonTrivial { return *this; } ~NonTrivial() { - delete[] p; // expected-warning {{free released memory}} + delete[] p; // expected-warning {{delete released memory}} } }; _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
