replica
/
hanchenye-llvm-project
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[analyzer] Assume 'new' never returns NULL if it could throw an exception. 

This is actually required by the C++ standard in
[basic.stc.dynamic.allocation]p3:

  If an allocation function declared with a non-throwing
  exception-specification fails to allocate storage, it shall return a
  null pointer. Any other allocation function that fails to allocate
  storage shall indicate failure only by throwing an exception of a type
  that would match a handler of type std::bad_alloc.

We don't bother checking for the specific exception type, but just go off
the operator new prototype. This should help with a certain class of lazy
initalization false positives.

<rdar://problem/12115221>

llvm-svn: 166363
This commit is contained in:
Jordan Rose 2012-10-20 02:32:51 +00:00
parent 8f68817738
commit 3957fd5858
2 changed files with 83 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
View File

@ -229,6 +229,18 @@ void ExprEngine::VisitCXXNewExpr(const CXXNewExpr *CNE, ExplodedNode *Pred,
// we should be using the usual pre-/(default-)eval-/post-call checks here. // we should be using the usual pre-/(default-)eval-/post-call checks here.
State = Call->invalidateRegions(blockCount); State = Call->invalidateRegions(blockCount);
// If we're compiling with exceptions enabled, and this allocation function
// is not declared as non-throwing, failures /must/ be signalled by
// exceptions, and thus the return value will never be NULL.
// C++11 [basic.stc.dynamic.allocation]p3.
FunctionDecl *FD = CNE->getOperatorNew();
if (FD && getContext().getLangOpts().CXXExceptions) {
QualType Ty = FD->getType();
if (const FunctionProtoType *ProtoType = Ty->getAs<FunctionProtoType>())
if (!ProtoType->isNothrow(getContext()))
State = State->assume(symVal, true);
}
if (CNE->isArray()) { if (CNE->isArray()) {
// FIXME: allocating an array requires simulating the constructors. // FIXME: allocating an array requires simulating the constructors.
// For now, just return a symbolicated region. // For now, just return a symbolicated region.
@ -246,7 +258,6 @@ void ExprEngine::VisitCXXNewExpr(const CXXNewExpr *CNE, ExplodedNode *Pred,
// CXXNewExpr, we need to make sure that the constructed object is not // CXXNewExpr, we need to make sure that the constructed object is not
// immediately invalidated here. (The placement call should happen before // immediately invalidated here. (The placement call should happen before
// the constructor call anyway.) // the constructor call anyway.)
FunctionDecl *FD = CNE->getOperatorNew();
if (FD && FD->isReservedGlobalPlacementOperator()) { if (FD && FD->isReservedGlobalPlacementOperator()) {
// Non-array placement new should always return the placement location. // Non-array placement new should always return the placement location.
SVal PlacementLoc = State->getSVal(CNE->getPlacementArg(0), LCtx); SVal PlacementLoc = State->getSVal(CNE->getPlacementArg(0), LCtx);

71
clang/test/Analysis/new-with-exceptions.cpp Normal file
View File

@ -0,0 +1,71 @@
// RUN: %clang_cc1 -analyze -analyzer-checker=core,debug.ExprInspection -analyzer-store region -std=c++11 -fexceptions -fcxx-exceptions -verify -DEXCEPTIONS %s
// RUN: %clang_cc1 -analyze -analyzer-checker=core,debug.ExprInspection -analyzer-store region -std=c++11 -verify %s
void clang_analyzer_eval(bool);
typedef __typeof__(sizeof(int)) size_t;
extern "C" void *malloc(size_t);
// This is the standard placement new.
inline void* operator new(size_t, void* __p) throw()
{
return __p;
}
struct NoThrow {
void *operator new(size_t) throw();
};
struct NoExcept {
void *operator new(size_t) noexcept;
};
struct DefaultThrow {
void *operator new(size_t);
};
struct ExplicitThrow {
void *operator new(size_t) throw(int);
};
void testNew() {
clang_analyzer_eval(new NoThrow); // expected-warning{{UNKNOWN}}
clang_analyzer_eval(new NoExcept); // expected-warning{{UNKNOWN}}
clang_analyzer_eval(new DefaultThrow);
clang_analyzer_eval(new ExplicitThrow);
#ifdef EXCEPTIONS
// expected-warning@-3 {{TRUE}}
// expected-warning@-3 {{TRUE}}
#else
// expected-warning@-6 {{UNKNOWN}}
// expected-warning@-6 {{UNKNOWN}}
#endif
}
void testNewArray() {
clang_analyzer_eval(new NoThrow[2]);
clang_analyzer_eval(new NoExcept[2]);
clang_analyzer_eval(new DefaultThrow[2]);
clang_analyzer_eval(new ExplicitThrow[2]);
#ifdef EXCEPTIONS
// expected-warning@-5 {{TRUE}}
// expected-warning@-5 {{TRUE}}
// expected-warning@-5 {{TRUE}}
// expected-warning@-5 {{TRUE}}
#else
// expected-warning@-10 {{UNKNOWN}}
// expected-warning@-10 {{UNKNOWN}}
// expected-warning@-10 {{UNKNOWN}}
// expected-warning@-10 {{UNKNOWN}}
#endif
}
extern void *operator new[](size_t, int) noexcept;
void testNewArrayNoThrow() {
clang_analyzer_eval(new (1) NoThrow[2]); // expected-warning{{UNKNOWN}}
clang_analyzer_eval(new (1) NoExcept[2]); // expected-warning{{UNKNOWN}}
clang_analyzer_eval(new (1) DefaultThrow[2]); // expected-warning{{UNKNOWN}}
clang_analyzer_eval(new (1) ExplicitThrow[2]); // expected-warning{{UNKNOWN}}
}