[analyzer] Adds cplusplus.NewDelete checker that check for memory leaks, double free, and use-after-free problems of memory managed by new/delete.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177849 91177308-0d34-0410-b5e6-96231b3b80d8
author: Anton Yartsev <anton.yartsev@gmail.com> 2013-03-25 01:35:45 +0000
committer: Anton Yartsev <anton.yartsev@gmail.com> 2013-03-25 01:35:45 +0000
commit: 2de19edab6001d2c17720d02fe0760b9b452192a (patch)
tree: f792075065beedffec03e05b22968e81b285448c /test
parent: 8f7bfb40b72f478d83b018a280f99c0386576ae3 (diff)
5 files changed, 557 insertions, 8 deletions
diff --git a/test/Analysis/Inputs/system-header-simulator-cxx.h b/test/Analysis/Inputs/system-header-simulator-cxx.h
index faca0b41aa..03de527a02 100644
--- a/test/Analysis/Inputs/system-header-simulator-cxx.h
+++ b/test/Analysis/Inputs/system-header-simulator-cxx.h
@@ -59,4 +59,28 @@ namespace std {
       return 0;
     }
   };
+
+  class bad_alloc : public exception {
+    public:
+    bad_alloc() throw();
+    bad_alloc(const bad_alloc&) throw();
+    bad_alloc& operator=(const bad_alloc&) throw();
+    virtual const char* what() const throw() {
+      return 0;
+    }
+  };
+
+  struct nothrow_t {};
+
+  extern const nothrow_t nothrow;
 }
+
+void* operator new(std::size_t, const std::nothrow_t&) throw();
+void* operator new[](std::size_t, const std::nothrow_t&) throw();
+void operator delete(void*, const std::nothrow_t&) throw();
+void operator delete[](void*, const std::nothrow_t&) throw();
+
+void* operator new (std::size_t size, void* ptr) throw() { return ptr; };
+void* operator new[] (std::size_t size, void* ptr) throw() { return ptr; };
+void operator delete (void* ptr, void*) throw() {};
+void operator delete[] (void* ptr, void*) throw() {};
diff --git a/test/Analysis/NewDelete-checker-test.mm b/test/Analysis/NewDelete-checker-test.mm
new file mode 100644
index 0000000000..417e9770b8
--- /dev/null
+++ b/test/Analysis/NewDelete-checker-test.mm
@@ -0,0 +1,156 @@
+// RUN: %clang_cc1 -analyze -analyzer-checker=core,cplusplus.NewDelete -analyzer-store region -std=c++11 -fblocks -verify %s
+#include "Inputs/system-header-simulator-cxx.h"
+#include "Inputs/system-header-simulator-objc.h"
+
+typedef __typeof__(sizeof(int)) size_t;
+extern "C" void *malloc(size_t);
+extern "C" void free(void *);
+int *global;
+
+//------------------
+// check for leaks
+//------------------
+
+void testGlobalExprNewBeforeOverload1() {
+  int *p = new int;
+} // expected-warning{{Memory is never released; potential leak}}
+
+void testGlobalExprNewBeforeOverload2() {
+  int *p = ::new int;
+} // expected-warning{{Memory is never released; potential leak}}
+
+void testGlobalOpNewBeforeOverload() {
+  void *p = operator new(0);
+} // expected-warning{{Memory is never released; potential leak}}
+
+void testMemIsOnHeap() {
+  int *p = new int;
+  if (global != p)
+    global = p;
+} // expected-warning{{Memory is never released; potential leak}}
+//FIXME: currently a memory region for 'new' is not a heap region, that lead to 
+//false-positive 'memory leak' ('global != p' is not evaluated to true and 'p'
+//does not escape)
+
+void *operator new(std::size_t);
+void *operator new(std::size_t, double d);
+void *operator new[](std::size_t);
+void *operator new[](std::size_t, double d);
+
+void testExprPlacementNew() {
+  int i;
+  int *p1 = new(&i) int; // no warn - standard placement new
+
+  int *p2 = new(1.0) int; // no warn - overloaded placement new
+
+  int *p3 = new (std::nothrow) int;
+} // expected-warning{{Memory is never released; potential leak}}
+
+void testExprPlacementNewArray() {
+  int i;
+  int *p1 = new(&i) int[1]; // no warn - standard placement new[]
+
+  int *p2 = new(1.0) int[1]; // no warn - overloaded placement new[]
+
+  int *p3 = new (std::nothrow) int[1];
+} // expected-warning{{Memory is never released; potential leak}}
+
+void testCustomOpNew() {
+  void *p = operator new(0); // no warn - call to a custom new
+}
+
+void testGlobalExprNew() {
+  void *p = ::new int; // no warn - call to a custom new
+}
+
+void testCustomExprNew() {
+  int *p = new int; // no warn - call to a custom new
+}
+
+void testGlobalExprNewArray() {
+  void *p = ::new int[1]; // no warn - call to a custom new
+}
+
+void testOverloadedExprNewArray() {
+  int *p = new int[1]; // no warn - call to a custom new
+}
+
+//---------------
+// other checks
+//---------------
+
+void f(int *);
+
+void testUseAfterDelete() {
+  int *p = new int;
+  delete p;
+  f(p); // expected-warning{{Use of memory after it is freed}}
+}
+
+void testDeleteAlloca() {
+  int *p = (int *)__builtin_alloca(sizeof(int));
+  delete p; // expected-warning{{Argument to free() was allocated by alloca(), not malloc()}}
+}
+
+void testDoubleDelete() {
+  int *p = new int;
+  delete p;
+  delete p; // expected-warning{{Attempt to free released memory}}
+}
+
+void testExprDeleteArg() {
+  int i;
+  delete &i; // expected-warning{{Argument to free() is the address of the local variable 'i', which is not memory allocated by malloc()}}
+} // FIXME: 'free()' -> 'delete'; 'malloc()' -> 'new'
+
+void testExprDeleteArrArg() {
+  int i;
+  delete[] &i; // expected-warning{{Argument to free() is the address of the local variable 'i', which is not memory allocated by malloc()}}
+} // FIXME: 'free()' -> 'delete[]'; 'malloc()' -> 'new[]'
+
+void testAllocDeallocNames() {
+  int *p = new(std::nothrow) int[1];
+  delete[] (++p); // expected-warning{{Argument to free() is offset by 4 bytes from the start of memory allocated by malloc()}}
+} // FIXME: 'free()' -> 'delete[]'; 'malloc()' -> 'new[]'
+
+//----------------------------------------------------------------------------
+// Check for intersections with unix.Malloc and unix.MallocWithAnnotations 
+// checkers bounded with cplusplus.NewDelete.
+//----------------------------------------------------------------------------
+
+// malloc()/free() are subjects of unix.Malloc and unix.MallocWithAnnotations
+void testMallocFreeNoWarn() {
+  int i;
+  free(&i); // no-warning
+
+  int *p1 = (int *)malloc(sizeof(int));
+  free(++p1); // no-warning
+
+  int *p2 = (int *)malloc(sizeof(int));
+  free(p2);
+  free(p2); // no-warning
+
+  int *p3 = (int *)malloc(sizeof(int)); // no-warning
+}
+
+void testFreeNewed() {
+  int *p = new int;
+  free(p); // pointer escaped, no-warning
+}
+
+void testObjcFreeNewed() {
+  int *p = new int;
+  NSData *nsdata = [NSData dataWithBytesNoCopy:p length:sizeof(int) freeWhenDone:1]; // pointer escaped, no-warning
+}
+
+void testFreeAfterDelete() {
+  int *p = new int;  
+  delete p;
+  free(p); // expected-warning{{Use of memory after it is freed}}
+}
+
+void testStandardPlacementNewAfterDelete() {
+  int *p = new int;  
+  delete p;
+  p = new(p) int; // expected-warning{{Use of memory after it is freed}}
+}
diff --git a/test/Analysis/NewDelete-path-notes.cpp b/test/Analysis/NewDelete-path-notes.cpp
new file mode 100644
index 0000000000..296170a541
--- /dev/null
+++ b/test/Analysis/NewDelete-path-notes.cpp
@@ -0,0 +1,323 @@
+// RUN: %clang_cc1 -analyze -analyzer-checker=cplusplus.NewDelete -analyzer-output=text -verify %s
+// RUN: %clang_cc1 -analyze -analyzer-checker=cplusplus.NewDelete -analyzer-output=plist %s -o %t.plist
+// RUN: FileCheck --input-file=%t.plist %s
+
+void test() {
+  int *p = new int;
+  // expected-note@-1 {{Memory is allocated}}
+  if (p)
+    // expected-note@-1 {{Assuming 'p' is non-null}}
+    // expected-note@-2 {{Taking true branch}}
+    delete p;
+    // expected-note@-1 {{Memory is released}}
+
+  delete p; // expected-warning {{Attempt to free released memory}}
+  // expected-note@-1 {{Attempt to free released memory}}
+}
+
+// CHECK:  <key>diagnostics</key>
+// CHECK-NEXT:<array>
+// CHECK-NEXT: <dict>
+// CHECK-NEXT:  <key>path</key>
+// CHECK-NEXT:  <array>
+// CHECK-NEXT:   <dict>
+// CHECK-NEXT:    <key>kind</key><string>control</string>
+// CHECK-NEXT:    <key>edges</key>
+// CHECK-NEXT:     <array>
+// CHECK-NEXT:      <dict>
+// CHECK-NEXT:       <key>start</key>
+// CHECK-NEXT:        <array>
+// CHECK-NEXT:         <dict>
+// CHECK-NEXT:          <key>line</key><integer>6</integer>
+// CHECK-NEXT:          <key>col</key><integer>3</integer>
+// CHECK-NEXT:          <key>file</key><integer>0</integer>
+// CHECK-NEXT:         </dict>
+// CHECK-NEXT:         <dict>
+// CHECK-NEXT:          <key>line</key><integer>6</integer>
+// CHECK-NEXT:          <key>col</key><integer>5</integer>
+// CHECK-NEXT:          <key>file</key><integer>0</integer>
+// CHECK-NEXT:         </dict>
+// CHECK-NEXT:        </array>
+// CHECK-NEXT:       <key>end</key>
+// CHECK-NEXT:        <array>
+// CHECK-NEXT:         <dict>
+// CHECK-NEXT:          <key>line</key><integer>6</integer>
+// CHECK-NEXT:          <key>col</key><integer>12</integer>
+// CHECK-NEXT:          <key>file</key><integer>0</integer>
+// CHECK-NEXT:         </dict>
+// CHECK-NEXT:         <dict>
+// CHECK-NEXT:          <key>line</key><integer>6</integer>
+// CHECK-NEXT:          <key>col</key><integer>14</integer>
+// CHECK-NEXT:          <key>file</key><integer>0</integer>
+// CHECK-NEXT:         </dict>
+// CHECK-NEXT:        </array>
+// CHECK-NEXT:      </dict>
+// CHECK-NEXT:     </array>
+// CHECK-NEXT:   </dict>
+// CHECK-NEXT:   <dict>
+// CHECK-NEXT:    <key>kind</key><string>event</string>
+// CHECK-NEXT:    <key>location</key>
+// CHECK-NEXT:    <dict>
+// CHECK-NEXT:     <key>line</key><integer>6</integer>
+// CHECK-NEXT:     <key>col</key><integer>12</integer>
+// CHECK-NEXT:     <key>file</key><integer>0</integer>
+// CHECK-NEXT:    </dict>
+// CHECK-NEXT:    <key>ranges</key>
+// CHECK-NEXT:    <array>
+// CHECK-NEXT:      <array>
+// CHECK-NEXT:       <dict>
+// CHECK-NEXT:        <key>line</key><integer>6</integer>
+// CHECK-NEXT:        <key>col</key><integer>12</integer>
+// CHECK-NEXT:        <key>file</key><integer>0</integer>
+// CHECK-NEXT:       </dict>
+// CHECK-NEXT:       <dict>
+// CHECK-NEXT:        <key>line</key><integer>6</integer>
+// CHECK-NEXT:        <key>col</key><integer>18</integer>
+// CHECK-NEXT:        <key>file</key><integer>0</integer>
+// CHECK-NEXT:       </dict>
+// CHECK-NEXT:      </array>
+// CHECK-NEXT:    </array>
+// CHECK-NEXT:    <key>depth</key><integer>0</integer>
+// CHECK-NEXT:    <key>extended_message</key>
+// CHECK-NEXT:    <string>Memory is allocated</string>
+// CHECK-NEXT:    <key>message</key>
+// CHECK-NEXT:    <string>Memory is allocated</string>
+// CHECK-NEXT:   </dict>
+// CHECK-NEXT:   <dict>
+// CHECK-NEXT:    <key>kind</key><string>control</string>
+// CHECK-NEXT:    <key>edges</key>
+// CHECK-NEXT:     <array>
+// CHECK-NEXT:      <dict>
+// CHECK-NEXT:       <key>start</key>
+// CHECK-NEXT:        <array>
+// CHECK-NEXT:         <dict>
+// CHECK-NEXT:          <key>line</key><integer>6</integer>
+// CHECK-NEXT:          <key>col</key><integer>12</integer>
+// CHECK-NEXT:          <key>file</key><integer>0</integer>
+// CHECK-NEXT:         </dict>
+// CHECK-NEXT:         <dict>
+// CHECK-NEXT:          <key>line</key><integer>6</integer>
+// CHECK-NEXT:          <key>col</key><integer>14</integer>
+// CHECK-NEXT:          <key>file</key><integer>0</integer>
+// CHECK-NEXT:         </dict>
+// CHECK-NEXT:        </array>
+// CHECK-NEXT:       <key>end</key>
+// CHECK-NEXT:        <array>
+// CHECK-NEXT:         <dict>
+// CHECK-NEXT:          <key>line</key><integer>8</integer>
+// CHECK-NEXT:          <key>col</key><integer>3</integer>
+// CHECK-NEXT:          <key>file</key><integer>0</integer>
+// CHECK-NEXT:         </dict>
+// CHECK-NEXT:         <dict>
+// CHECK-NEXT:          <key>line</key><integer>8</integer>
+// CHECK-NEXT:          <key>col</key><integer>4</integer>
+// CHECK-NEXT:          <key>file</key><integer>0</integer>
+// CHECK-NEXT:         </dict>
+// CHECK-NEXT:        </array>
+// CHECK-NEXT:      </dict>
+// CHECK-NEXT:     </array>
+// CHECK-NEXT:   </dict>
+// CHECK-NEXT:   <dict>
+// CHECK-NEXT:    <key>kind</key><string>control</string>
+// CHECK-NEXT:    <key>edges</key>
+// CHECK-NEXT:     <array>
+// CHECK-NEXT:      <dict>
+// CHECK-NEXT:       <key>start</key>
+// CHECK-NEXT:        <array>
+// CHECK-NEXT:         <dict>
+// CHECK-NEXT:          <key>line</key><integer>8</integer>
+// CHECK-NEXT:          <key>col</key><integer>3</integer>
+// CHECK-NEXT:          <key>file</key><integer>0</integer>
+// CHECK-NEXT:         </dict>
+// CHECK-NEXT:         <dict>
+// CHECK-NEXT:          <key>line</key><integer>8</integer>
+// CHECK-NEXT:          <key>col</key><integer>4</integer>
+// CHECK-NEXT:          <key>file</key><integer>0</integer>
+// CHECK-NEXT:         </dict>
+// CHECK-NEXT:        </array>
+// CHECK-NEXT:       <key>end</key>
+// CHECK-NEXT:        <array>
+// CHECK-NEXT:         <dict>
+// CHECK-NEXT:          <key>line</key><integer>8</integer>
+// CHECK-NEXT:          <key>col</key><integer>7</integer>
+// CHECK-NEXT:          <key>file</key><integer>0</integer>
+// CHECK-NEXT:         </dict>
+// CHECK-NEXT:         <dict>
+// CHECK-NEXT:          <key>line</key><integer>8</integer>
+// CHECK-NEXT:          <key>col</key><integer>7</integer>
+// CHECK-NEXT:          <key>file</key><integer>0</integer>
+// CHECK-NEXT:         </dict>
+// CHECK-NEXT:        </array>
+// CHECK-NEXT:      </dict>
+// CHECK-NEXT:     </array>
+// CHECK-NEXT:   </dict>
+// CHECK-NEXT:   <dict>
+// CHECK-NEXT:    <key>kind</key><string>event</string>
+// CHECK-NEXT:    <key>location</key>
+// CHECK-NEXT:    <dict>
+// CHECK-NEXT:     <key>line</key><integer>8</integer>
+// CHECK-NEXT:     <key>col</key><integer>7</integer>
+// CHECK-NEXT:     <key>file</key><integer>0</integer>
+// CHECK-NEXT:    </dict>
+// CHECK-NEXT:    <key>ranges</key>
+// CHECK-NEXT:    <array>
+// CHECK-NEXT:      <array>
+// CHECK-NEXT:       <dict>
+// CHECK-NEXT:        <key>line</key><integer>8</integer>
+// CHECK-NEXT:        <key>col</key><integer>7</integer>
+// CHECK-NEXT:        <key>file</key><integer>0</integer>
+// CHECK-NEXT:       </dict>
+// CHECK-NEXT:       <dict>
+// CHECK-NEXT:        <key>line</key><integer>8</integer>
+// CHECK-NEXT:        <key>col</key><integer>7</integer>
+// CHECK-NEXT:        <key>file</key><integer>0</integer>
+// CHECK-NEXT:       </dict>
+// CHECK-NEXT:      </array>
+// CHECK-NEXT:    </array>
+// CHECK-NEXT:    <key>depth</key><integer>0</integer>
+// CHECK-NEXT:    <key>extended_message</key>
+// CHECK-NEXT:    <string>Assuming &apos;p&apos; is non-null</string>
+// CHECK-NEXT:    <key>message</key>
+// CHECK-NEXT:    <string>Assuming &apos;p&apos; is non-null</string>
+// CHECK-NEXT:   </dict>
+// CHECK-NEXT:   <dict>
+// CHECK-NEXT:    <key>kind</key><string>control</string>
+// CHECK-NEXT:    <key>edges</key>
+// CHECK-NEXT:     <array>
+// CHECK-NEXT:      <dict>
+// CHECK-NEXT:       <key>start</key>
+// CHECK-NEXT:        <array>
+// CHECK-NEXT:         <dict>
+// CHECK-NEXT:          <key>line</key><integer>8</integer>
+// CHECK-NEXT:          <key>col</key><integer>7</integer>
+// CHECK-NEXT:          <key>file</key><integer>0</integer>
+// CHECK-NEXT:         </dict>
+// CHECK-NEXT:         <dict>
+// CHECK-NEXT:          <key>line</key><integer>8</integer>
+// CHECK-NEXT:          <key>col</key><integer>7</integer>
+// CHECK-NEXT:          <key>file</key><integer>0</integer>
+// CHECK-NEXT:         </dict>
+// CHECK-NEXT:        </array>
+// CHECK-NEXT:       <key>end</key>
+// CHECK-NEXT:        <array>
+// CHECK-NEXT:         <dict>
+// CHECK-NEXT:          <key>line</key><integer>11</integer>
+// CHECK-NEXT:          <key>col</key><integer>5</integer>
+// CHECK-NEXT:          <key>file</key><integer>0</integer>
+// CHECK-NEXT:         </dict>
+// CHECK-NEXT:         <dict>
+// CHECK-NEXT:          <key>line</key><integer>11</integer>
+// CHECK-NEXT:          <key>col</key><integer>10</integer>
+// CHECK-NEXT:          <key>file</key><integer>0</integer>
+// CHECK-NEXT:         </dict>
+// CHECK-NEXT:        </array>
+// CHECK-NEXT:      </dict>
+// CHECK-NEXT:     </array>
+// CHECK-NEXT:   </dict>
+// CHECK-NEXT:   <dict>
+// CHECK-NEXT:    <key>kind</key><string>event</string>
+// CHECK-NEXT:    <key>location</key>
+// CHECK-NEXT:    <dict>
+// CHECK-NEXT:     <key>line</key><integer>11</integer>
+// CHECK-NEXT:     <key>col</key><integer>5</integer>
+// CHECK-NEXT:     <key>file</key><integer>0</integer>
+// CHECK-NEXT:    </dict>
+// CHECK-NEXT:    <key>ranges</key>
+// CHECK-NEXT:    <array>
+// CHECK-NEXT:      <array>
+// CHECK-NEXT:       <dict>
+// CHECK-NEXT:        <key>line</key><integer>11</integer>
+// CHECK-NEXT:        <key>col</key><integer>5</integer>
+// CHECK-NEXT:        <key>file</key><integer>0</integer>
+// CHECK-NEXT:       </dict>
+// CHECK-NEXT:       <dict>
+// CHECK-NEXT:        <key>line</key><integer>11</integer>
+// CHECK-NEXT:        <key>col</key><integer>12</integer>
+// CHECK-NEXT:        <key>file</key><integer>0</integer>
+// CHECK-NEXT:       </dict>
+// CHECK-NEXT:      </array>
+// CHECK-NEXT:    </array>
+// CHECK-NEXT:    <key>depth</key><integer>0</integer>
+// CHECK-NEXT:    <key>extended_message</key>
+// CHECK-NEXT:    <string>Memory is released</string>
+// CHECK-NEXT:    <key>message</key>
+// CHECK-NEXT:    <string>Memory is released</string>
+// CHECK-NEXT:   </dict>
+// CHECK-NEXT:   <dict>
+// CHECK-NEXT:    <key>kind</key><string>control</string>
+// CHECK-NEXT:    <key>edges</key>
+// CHECK-NEXT:     <array>
+// CHECK-NEXT:      <dict>
+// CHECK-NEXT:       <key>start</key>
+// CHECK-NEXT:        <array>
+// CHECK-NEXT:         <dict>
+// CHECK-NEXT:          <key>line</key><integer>11</integer>
+// CHECK-NEXT:          <key>col</key><integer>5</integer>
+// CHECK-NEXT:          <key>file</key><integer>0</integer>
+// CHECK-NEXT:         </dict>
+// CHECK-NEXT:         <dict>
+// CHECK-NEXT:          <key>line</key><integer>11</integer>
+// CHECK-NEXT:          <key>col</key><integer>10</integer>
+// CHECK-NEXT:          <key>file</key><integer>0</integer>
+// CHECK-NEXT:         </dict>
+// CHECK-NEXT:        </array>
+// CHECK-NEXT:       <key>end</key>
+// CHECK-NEXT:        <array>
+// CHECK-NEXT:         <dict>
+// CHECK-NEXT:          <key>line</key><integer>14</integer>
+// CHECK-NEXT:          <key>col</key><integer>3</integer>
+// CHECK-NEXT:          <key>file</key><integer>0</integer>
+// CHECK-NEXT:         </dict>
+// CHECK-NEXT:         <dict>
+// CHECK-NEXT:          <key>line</key><integer>14</integer>
+// CHECK-NEXT:          <key>col</key><integer>8</integer>
+// CHECK-NEXT:          <key>file</key><integer>0</integer>
+// CHECK-NEXT:         </dict>
+// CHECK-NEXT:        </array>
+// CHECK-NEXT:      </dict>
+// CHECK-NEXT:     </array>
+// CHECK-NEXT:   </dict>
+// CHECK-NEXT:   <dict>
+// CHECK-NEXT:    <key>kind</key><string>event</string>
+// CHECK-NEXT:    <key>location</key>
+// CHECK-NEXT:    <dict>
+// CHECK-NEXT:     <key>line</key><integer>14</integer>
+// CHECK-NEXT:     <key>col</key><integer>3</integer>
+// CHECK-NEXT:     <key>file</key><integer>0</integer>
+// CHECK-NEXT:    </dict>
+// CHECK-NEXT:    <key>ranges</key>
+// CHECK-NEXT:    <array>
+// CHECK-NEXT:      <array>
+// CHECK-NEXT:       <dict>
+// CHECK-NEXT:        <key>line</key><integer>14</integer>
+// CHECK-NEXT:        <key>col</key><integer>3</integer>
+// CHECK-NEXT:        <key>file</key><integer>0</integer>
+// CHECK-NEXT:       </dict>
+// CHECK-NEXT:       <dict>
+// CHECK-NEXT:        <key>line</key><integer>14</integer>
+// CHECK-NEXT:        <key>col</key><integer>10</integer>
+// CHECK-NEXT:        <key>file</key><integer>0</integer>
+// CHECK-NEXT:       </dict>
+// CHECK-NEXT:      </array>
+// CHECK-NEXT:    </array>
+// CHECK-NEXT:    <key>depth</key><integer>0</integer>
+// CHECK-NEXT:    <key>extended_message</key>
+// CHECK-NEXT:    <string>Attempt to free released memory</string>
+// CHECK-NEXT:    <key>message</key>
+// CHECK-NEXT:    <string>Attempt to free released memory</string>
+// CHECK-NEXT:   </dict>
+// CHECK-NEXT:  </array>
+// CHECK-NEXT:  <key>description</key><string>Attempt to free released memory</string>
+// CHECK-NEXT:  <key>category</key><string>Memory Error</string>
+// CHECK-NEXT:  <key>type</key><string>Double free</string>
+// CHECK-NEXT: <key>issue_context_kind</key><string>function</string>
+// CHECK-NEXT: <key>issue_context</key><string>test</string>
+// CHECK-NEXT: <key>issue_hash</key><string>9</string>
+// CHECK-NEXT: <key>location</key>
+// CHECK-NEXT: <dict>
+// CHECK-NEXT:  <key>line</key><integer>14</integer>
+// CHECK-NEXT:  <key>col</key><integer>3</integer>
+// CHECK-NEXT:  <key>file</key><integer>0</integer>
+// CHECK-NEXT: </dict>
+// CHECK-NEXT: </dict>
+// CHECK-NEXT:</array>
diff --git a/test/Analysis/inline.cpp b/test/Analysis/inline.cpp
index 27853dc2aa..a16fa00d12 100644
--- a/test/Analysis/inline.cpp
+++ b/test/Analysis/inline.cpp
@@ -288,6 +288,7 @@ namespace OperatorNew {
     IntWrapper *obj = new IntWrapper(42);
     // should be TRUE
     clang_analyzer_eval(obj->value == 42); // expected-warning{{UNKNOWN}}
+    delete obj;
   }
 
   void testPlacement() {
diff --git a/test/Analysis/new.cpp b/test/Analysis/new.cpp
index fdd16da3dc..701ac8bc55 100644
--- a/test/Analysis/new.cpp
+++ b/test/Analysis/new.cpp
@@ -1,9 +1,11 @@
 // RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.Malloc,debug.ExprInspection -analyzer-store region -std=c++11 -verify %s
+#include "Inputs/system-header-simulator-cxx.h"
 
 void clang_analyzer_eval(bool);
 
 typedef __typeof__(sizeof(int)) size_t;
 extern "C" void *malloc(size_t);
+extern "C" void free(void *);
 
 int someGlobal;
 void testImplicitlyDeclaredGlobalNew() {
@@ -19,13 +21,6 @@ void testImplicitlyDeclaredGlobalNew() {
   clang_analyzer_eval(someGlobal == 0); // expected-warning{{TRUE}}
 }
 
-
-// This is the standard placement new.
-inline void* operator new(size_t, void* __p) throw()
-{
-  return __p;
-}
-
 void *testPlacementNew() {
   int *x = (int *)malloc(sizeof(int));
   *x = 1;
@@ -73,7 +68,6 @@ void testScalarInitialization() {
   clang_analyzer_eval(*n == 0); // expected-warning{{TRUE}}
 }
 
-
 struct PtrWrapper {
   int *x;
 
@@ -85,6 +79,55 @@ PtrWrapper *testNewInvalidation() {
   return new PtrWrapper(static_cast<int *>(malloc(4)));
 }
 
+//--------------------------------------------------------------------
+// Check for intersection with other checkers from MallocChecker.cpp 
+// bounded with unix.Malloc
+//--------------------------------------------------------------------
+
+// new/delete oparators are subjects of cplusplus.NewDelete.
+void testNewDeleteNoWarn() {
+  int i;
+  delete &i; // no-warning
+
+  int *p1 = new int;
+  delete ++p1; // no-warning
+
+  int *p2 = new int;
+  delete p2;
+  delete p2; // no-warning
+
+  int *p3 = new int; // no-warning
+}
+
+// unix.Malloc does not know about operators new/delete.
+void testDeleteMallocked() {
+  int *x = (int *)malloc(sizeof(int));
+  delete x; // FIXME: Shoud detect pointer escape and keep silent after 'delete' is modeled properly.
+} // expected-warning{{Memory is never released; potential leak}}
+
+void testDeleteOpAfterFree() {
+  int *p = (int *)malloc(sizeof(int));
+  free(p);
+  operator delete(p); // expected-warning{{Use of memory after it is freed}}
+}
+
+void testDeleteAfterFree() {
+  int *p = (int *)malloc(sizeof(int));
+  free(p);
+  delete p; // expected-warning{{Use of memory after it is freed}}
+}
+
+void testStandardPlacementNewAfterFree() {
+  int *p = (int *)malloc(sizeof(int));
+  free(p);
+  p = new(p) int; // expected-warning{{Use of memory after it is freed}}
+}
+
+void testCustomPlacementNewAfterFree() {
+  int *p = (int *)malloc(sizeof(int));
+  free(p);
+  p = new(0, p) int; // expected-warning{{Use of memory after it is freed}}
+}
 
 //--------------------------------
 // Incorrectly-modelled behavior
@@ -95,8 +138,10 @@ int testNoInitialization() {
 
   // Should warn that *n is uninitialized.
   if (*n) { // no-warning
+    delete n;
     return 0;
   }
+  delete n;
   return 1;
 }
author	Anton Yartsev <anton.yartsev@gmail.com>	2013-03-25 01:35:45 +0000
committer	Anton Yartsev <anton.yartsev@gmail.com>	2013-03-25 01:35:45 +0000
commit	2de19edab6001d2c17720d02fe0760b9b452192a (patch)
tree	f792075065beedffec03e05b22968e81b285448c /test
parent	8f7bfb40b72f478d83b018a280f99c0386576ae3 (diff)