From 10f1969bcf214f7961ae8cb3e039c26df557ff80 Mon Sep 17 00:00:00 2001 From: Jia Chen Date: Fri, 30 Jun 2017 09:50:38 -0700 Subject: [PATCH] [infer][cpp] Fixed the error message for dangling pointer dereference when the dereference comes from C++ `delete` operator Reviewed By: jeremydubreil Differential Revision: D5347641 fbshipit-source-id: 455693e --- infer/src/backend/errdesc.ml | 3 ++- infer/tests/codetoanalyze/cpp/errors/Makefile | 1 + infer/tests/codetoanalyze/cpp/errors/issues.exp | 2 ++ .../cpp/errors/pointers/unintialized.cpp | 17 +++++++++++++++++ 4 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 infer/tests/codetoanalyze/cpp/errors/pointers/unintialized.cpp diff --git a/infer/src/backend/errdesc.ml b/infer/src/backend/errdesc.ml index e808a7733..817a3e2cb 100644 --- a/infer/src/backend/errdesc.ml +++ b/infer/src/backend/errdesc.ml @@ -912,7 +912,8 @@ let _explain_access tenv if verbose then (L.d_str "explain_dereference Binop.Leteref "; Sil.d_exp e; L.d_ln ()); Some e | Some Sil.Call (_, Exp.Const (Const.Cfun fn), [(e, _)], _, _) - when String.equal (Typ.Procname.to_string fn) "free" -> + when List.exists ~f:(Typ.Procname.equal fn) + [BuiltinDecl.free; BuiltinDecl.__delete; BuiltinDecl.__delete_array] -> if verbose then (L.d_str "explain_dereference Sil.Call "; Sil.d_exp e; L.d_ln ()); Some e | Some Sil.Call (_, (Exp.Var _ as e), _, _, _) -> diff --git a/infer/tests/codetoanalyze/cpp/errors/Makefile b/infer/tests/codetoanalyze/cpp/errors/Makefile index f6794ce7b..86029ce20 100644 --- a/infer/tests/codetoanalyze/cpp/errors/Makefile +++ b/infer/tests/codetoanalyze/cpp/errors/Makefile @@ -25,6 +25,7 @@ SOURCES = \ $(wildcard npe/*.cpp) \ $(wildcard numeric/*.cpp) \ $(wildcard overwrite_attribute/*.cpp) \ + $(wildcard pointers/*.cpp) \ $(wildcard resource_leaks/*.cpp) \ $(wildcard shared/attributes/*.cpp) \ $(wildcard shared/conditional/*.cpp) \ diff --git a/infer/tests/codetoanalyze/cpp/errors/issues.exp b/infer/tests/codetoanalyze/cpp/errors/issues.exp index b5c27d905..45a3d754d 100644 --- a/infer/tests/codetoanalyze/cpp/errors/issues.exp +++ b/infer/tests/codetoanalyze/cpp/errors/issues.exp @@ -52,6 +52,8 @@ codetoanalyze/cpp/errors/numeric/min_max.cpp, max_int_div0, 0, DIVIDE_BY_ZERO, [ codetoanalyze/cpp/errors/numeric/min_max.cpp, min_X_div0, 2, DIVIDE_BY_ZERO, [start of procedure min_X_div0(),start of procedure X,return from a call to X_X,start of procedure X,return from a call to X_X] codetoanalyze/cpp/errors/numeric/min_max.cpp, min_int_div0, 0, DIVIDE_BY_ZERO, [start of procedure min_int_div0()] codetoanalyze/cpp/errors/overwrite_attribute/main.cpp, testSetIntValue, 3, DIVIDE_BY_ZERO, [start of procedure testSetIntValue(),start of procedure setIntValue(),return from a call to setIntValue] +codetoanalyze/cpp/errors/pointers/unintialized.cpp, uninitialized_dangling_bad, 2, DANGLING_POINTER_DEREFERENCE, [start of procedure uninitialized_dangling_bad()] +codetoanalyze/cpp/errors/pointers/unintialized.cpp, uninitialized_dangling_bad, 2, UNINITIALIZED_VALUE, [start of procedure uninitialized_dangling_bad()] codetoanalyze/cpp/errors/resource_leaks/raii.cpp, resource_leak, 7, RESOURCE_LEAK, [start of procedure resource_leak(),Condition is false] codetoanalyze/cpp/errors/smart_ptr/const_volatile_type.cpp, test_const1, 3, NULL_DEREFERENCE, [start of procedure test_const1()] codetoanalyze/cpp/errors/smart_ptr/const_volatile_type.cpp, test_const2, 2, NULL_DEREFERENCE, [start of procedure test_const2()] diff --git a/infer/tests/codetoanalyze/cpp/errors/pointers/unintialized.cpp b/infer/tests/codetoanalyze/cpp/errors/pointers/unintialized.cpp new file mode 100644 index 000000000..af1b90ffb --- /dev/null +++ b/infer/tests/codetoanalyze/cpp/errors/pointers/unintialized.cpp @@ -0,0 +1,17 @@ +/* + * Copyright (c) 2017 - present Facebook, Inc. + * All rights reserved. + * + * This source code is licensed under the BSD style license found in the + * LICENSE file in the root directory of this source tree. An additional grant + * of patent rights can be found in the PATENTS file in the same directory. + */ +void initialized_no_dangling_ok() { + int* p = new int(42); + delete p; +} + +void uninitialized_dangling_bad() { + int* p; + delete p; +}