[infer][cpp] Fixed the error message for dangling pointer dereference when the dereference comes from C++ `delete` operator

Reviewed By: jeremydubreil Differential Revision: D5347641 fbshipit-source-id: 455693e
8 years ago · 10f1969bcf
parent afc8c1b762
commit 10f1969bcf
4 changed files with 22 additions and 1 deletions
--- a/infer/src/backend/errdesc.ml
+++ b/infer/src/backend/errdesc.ml
@ -912,7 +912,8 @@ let _explain_access tenv
        if verbose then (L.d_str "explain_dereference Binop.Leteref "; Sil.d_exp e; L.d_ln ());
        Some e
    | Some Sil.Call (_, Exp.Const (Const.Cfun fn), [(e, _)], _, _)
-      when String.equal (Typ.Procname.to_string fn) "free" ->
+      when List.exists ~f:(Typ.Procname.equal fn)
+          [BuiltinDecl.free; BuiltinDecl.__delete; BuiltinDecl.__delete_array] ->
        if verbose then (L.d_str "explain_dereference Sil.Call "; Sil.d_exp e; L.d_ln ());
        Some e
    | Some Sil.Call (_, (Exp.Var _ as e), _, _, _) ->
--- a/infer/tests/codetoanalyze/cpp/errors/Makefile
+++ b/infer/tests/codetoanalyze/cpp/errors/Makefile
@ -25,6 +25,7 @@ SOURCES = \
  $(wildcard npe/*.cpp) \
  $(wildcard numeric/*.cpp) \
  $(wildcard overwrite_attribute/*.cpp) \
+  $(wildcard pointers/*.cpp) \
  $(wildcard resource_leaks/*.cpp) \
  $(wildcard shared/attributes/*.cpp) \
  $(wildcard shared/conditional/*.cpp) \
--- a/infer/tests/codetoanalyze/cpp/errors/issues.exp
+++ b/infer/tests/codetoanalyze/cpp/errors/issues.exp
@ -52,6 +52,8 @@ codetoanalyze/cpp/errors/numeric/min_max.cpp, max_int_div0, 0, DIVIDE_BY_ZERO, [
 codetoanalyze/cpp/errors/numeric/min_max.cpp, min_X_div0, 2, DIVIDE_BY_ZERO, [start of procedure min_X_div0(),start of procedure X,return from a call to X_X,start of procedure X,return from a call to X_X]
 codetoanalyze/cpp/errors/numeric/min_max.cpp, min_int_div0, 0, DIVIDE_BY_ZERO, [start of procedure min_int_div0()]
 codetoanalyze/cpp/errors/overwrite_attribute/main.cpp, testSetIntValue, 3, DIVIDE_BY_ZERO, [start of procedure testSetIntValue(),start of procedure setIntValue(),return from a call to setIntValue]
+codetoanalyze/cpp/errors/pointers/unintialized.cpp, uninitialized_dangling_bad, 2, DANGLING_POINTER_DEREFERENCE, [start of procedure uninitialized_dangling_bad()]
+codetoanalyze/cpp/errors/pointers/unintialized.cpp, uninitialized_dangling_bad, 2, UNINITIALIZED_VALUE, [start of procedure uninitialized_dangling_bad()]
 codetoanalyze/cpp/errors/resource_leaks/raii.cpp, resource_leak, 7, RESOURCE_LEAK, [start of procedure resource_leak(),Condition is false]
 codetoanalyze/cpp/errors/smart_ptr/const_volatile_type.cpp, test_const1, 3, NULL_DEREFERENCE, [start of procedure test_const1()]
 codetoanalyze/cpp/errors/smart_ptr/const_volatile_type.cpp, test_const2, 2, NULL_DEREFERENCE, [start of procedure test_const2()]
--- a/infer/tests/codetoanalyze/cpp/errors/pointers/unintialized.cpp
+++ b/infer/tests/codetoanalyze/cpp/errors/pointers/unintialized.cpp
@ -0,0 +1,17 @@
+/*
+ * Copyright (c) 2017 - present Facebook, Inc.
+ * All rights reserved.
+ *
+ * This source code is licensed under the BSD style license found in the
+ * LICENSE file in the root directory of this source tree. An additional grant
+ * of patent rights can be found in the PATENTS file in the same directory.
+ */
+void initialized_no_dangling_ok() {
+  int* p = new int(42);
+  delete p;
+}
+
+void uninitialized_dangling_bad() {
+  int* p;
+  delete p;
+}