[analyzer] operator new: Fix path diagnostics around the operator call.

Implements finding appropriate source locations for intermediate diagnostic
pieces in path-sensitive bug reports that need to descend into an inlined
operator new() call that was called via new-expression. The diagnostics have
worked correctly when operator new() was called "directly".

Differential Revision: https://reviews.llvm.org/D41409
rdar://problem/12180598

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@322791 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/StaticAnalyzer/Core/PathDiagnostic.cpp b/lib/StaticAnalyzer/Core/PathDiagnostic.cpp
index fac0d380d47c4a01a54ae090279b75d3d2ad223f..b03517c02a80387f41e18f8598bed346f316821a 100644 (file)
--- a/lib/StaticAnalyzer/Core/PathDiagnostic.cpp
+++ b/lib/StaticAnalyzer/Core/PathDiagnostic.cpp
@@ -574,8 +574,11 @@ getLocationForCaller(const StackFrameContext *SFC,
       return PathDiagnosticLocation::createEnd(CallerBody, SM, CallerCtx);
     return PathDiagnosticLocation::create(CallerInfo->getDecl(), SM);
   }
+  case CFGElement::NewAllocator: {
+    const CFGNewAllocator &Alloc = Source.castAs<CFGNewAllocator>();
+    return PathDiagnosticLocation(Alloc.getAllocatorExpr(), SM, CallerCtx);
+  }
   case CFGElement::TemporaryDtor:
-  case CFGElement::NewAllocator:
     llvm_unreachable("not yet implemented!");
   case CFGElement::LifetimeEnds:
   case CFGElement::LoopExit:

diff --git a/test/Analysis/new-ctor-malloc.cpp b/test/Analysis/new-ctor-malloc.cpp
index d07242c92ae252c91a83f3e97fbebbc14374cf7a..74b1e21a5c97f30b5219d4f8a0e661d4f46604fb 100644 (file)
--- a/test/Analysis/new-ctor-malloc.cpp
+++ b/test/Analysis/new-ctor-malloc.cpp
@@ -1,4 +1,4 @@
-// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection,unix.Malloc -analyzer-config c++-allocator-inlining=true -std=c++11 -verify %s
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection,unix.Malloc -analyzer-config c++-allocator-inlining=true -analyzer-output=text -std=c++11 -verify %s
 
 void clang_analyzer_eval(bool);
 
@@ -7,12 +7,15 @@ typedef __typeof__(sizeof(int)) size_t;
 void *malloc(size_t size);
 
 void *operator new(size_t size) throw() {
-  void *x = malloc(size);
-  if (!x)
+  void *x = malloc(size); // expected-note {{Memory is allocated}}
+  if (!x) // expected-note    {{Assuming 'x' is non-null}}
+          // expected-note@-1 {{Taking false branch}}
     return nullptr;
   return x;
 }
 
 void checkNewAndConstructorInlining() {
-  int *s = new int;
+  int *s = new int; // expected-note   {{Calling 'operator new'}}
+                    // expected-note@-1{{Returning from 'operator new'}}
 } // expected-warning {{Potential leak of memory pointed to by 's'}}
+  // expected-note@-1 {{Potential leak of memory pointed to by 's'}}