Author: dergachev Date: Thu Apr 26 19:16:03 2018 New Revision: 331014 URL: http://llvm.org/viewvc/llvm-project?rev=331014&view=rev Log: [analyzer] Fix operator delete[] array-type-sub-expression handling.
Avoid crash when the sub-expression of operator delete[] is of array type. This is not the same as simply using a delete[] syntax. We're still not properly calling destructors in this case in the analyzer. Differential Revision: https://reviews.llvm.org/D46146 Modified: cfe/trunk/lib/StaticAnalyzer/Core/ExprEngine.cpp cfe/trunk/test/Analysis/new.cpp Modified: cfe/trunk/lib/StaticAnalyzer/Core/ExprEngine.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/ExprEngine.cpp?rev=331014&r1=331013&r2=331014&view=diff ============================================================================== --- cfe/trunk/lib/StaticAnalyzer/Core/ExprEngine.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Core/ExprEngine.cpp Thu Apr 26 19:16:03 2018 @@ -1086,12 +1086,14 @@ void ExprEngine::ProcessDeleteDtor(const // This workaround will just run the first destructor (which will still // invalidate the entire array). CallOpts.IsArrayCtorOrDtor = true; + // Yes, it may even be a multi-dimensional array. + while (const auto *AT = getContext().getAsArrayType(DTy)) + DTy = AT->getElementType(); if (ArgR) ArgR = getStoreManager().GetElementZeroRegion(cast<SubRegion>(ArgR), DTy); } - VisitCXXDestructor(DE->getDestroyedType(), ArgR, DE, /*IsBase=*/false, - Pred, Dst, CallOpts); + VisitCXXDestructor(DTy, ArgR, DE, /*IsBase=*/false, Pred, Dst, CallOpts); } void ExprEngine::ProcessBaseDtor(const CFGBaseDtor D, Modified: cfe/trunk/test/Analysis/new.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/new.cpp?rev=331014&r1=331013&r2=331014&view=diff ============================================================================== --- cfe/trunk/test/Analysis/new.cpp (original) +++ cfe/trunk/test/Analysis/new.cpp Thu Apr 26 19:16:03 2018 @@ -274,6 +274,24 @@ void test_var_delete() { clang_analyzer_eval(true); // expected-warning{{TRUE}} } +void test_array_delete() { + class C { + public: + ~C() {} + }; + + auto c1 = new C[2][3]; + delete[] c1; // no-crash // no-warning + + C c2[4]; + // FIXME: Should warn. + delete[] &c2; // no-crash + + C c3[7][6]; + // FIXME: Should warn. + delete[] &c3; // no-crash +} + void testDeleteNull() { NoReturnDtor *foo = 0; delete foo; // should not call destructor, checked below _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
