[infer] Fix placement_new translation

Summary:
It unsets `var_exp_typ` of `trans_state` during the translations of
placement parameters, so they are translated independently against the
target variable and class of the `new` function.

Reviewed By: mbouaziz, jvillard

Differential Revision: D10161419

fbshipit-source-id: 7f588a91c

infer/src/clang/cTrans.ml

@@ -2798,7 +2798,7 @@ module CTrans_funct (F : CModule_type.CFrontend) : CModule_type.CTranslation = s
         ~f:(fun i -> CAst_utils.get_stmt i source_range)
         cxx_new_expr_info.Clang_ast_t.xnei_placement_args
     in
-    let trans_state_placement = {trans_state_pri with succ_nodes= []} in
+    let trans_state_placement = {trans_state_pri with succ_nodes= []; var_exp_typ= None} in
     let res_trans_placement_control, res_trans_placement_exps =
       instructions trans_state_placement placement_args
     in

infer/tests/codetoanalyze/cpp/bufferoverrun/class.cpp

@@ -119,13 +119,13 @@ struct DummyStruct {};
 inline void* operator new(std::size_t, DummyStruct, void* p) { return p; }
 inline void* operator new(std::size_t, void* p, DummyStruct) { return p; }
 
-void placement_new_overload3_Good_FP() {
+void placement_new_overload3_Good() {
   char* mem = (char*)malloc(sizeof(my_class2));
   my_class2* x = new (DummyStruct{}, mem) my_class2();
   x->a[0] = 0;
 }
 
-void placement_new_overload4_Good_FP() {
+void placement_new_overload4_Good() {
   char* mem = (char*)malloc(sizeof(my_class2));
   my_class2* x = new (mem, DummyStruct{}) my_class2();
   x->a[0] = 0;

infer/tests/codetoanalyze/cpp/bufferoverrun/issues.exp

@@ -13,8 +13,6 @@ codetoanalyze/cpp/bufferoverrun/class.cpp, new_nothrow_Bad, 2, BUFFER_OVERRUN_L1
 codetoanalyze/cpp/bufferoverrun/class.cpp, placement_new_Bad, 3, BUFFER_OVERRUN_L1, no_bucket, ERROR, [Offset: 10 Size: 5]
 codetoanalyze/cpp/bufferoverrun/class.cpp, placement_new_overload1_Bad, 3, BUFFER_OVERRUN_L1, no_bucket, ERROR, [Offset: 10 Size: 5]
 codetoanalyze/cpp/bufferoverrun/class.cpp, placement_new_overload2_Bad, 3, BUFFER_OVERRUN_L1, no_bucket, ERROR, [Offset: 10 Size: 5]
-codetoanalyze/cpp/bufferoverrun/class.cpp, placement_new_overload3_Good_FP, 3, BUFFER_OVERRUN_U5, no_bucket, ERROR, [Unknown value from: my_class2_my_class2,ArrayAccess: Offset: [-oo, +oo] Size: [0, +oo]]
-codetoanalyze/cpp/bufferoverrun/class.cpp, placement_new_overload4_Good_FP, 3, BUFFER_OVERRUN_U5, no_bucket, ERROR, [Unknown value from: my_class2_my_class2,ArrayAccess: Offset: [-oo, +oo] Size: [0, +oo]]
 codetoanalyze/cpp/bufferoverrun/class.cpp, return_class_Bad, 2, BUFFER_OVERRUN_L1, no_bucket, ERROR, [Return,ArrayAccess: Offset: 5 Size: 5]
 codetoanalyze/cpp/bufferoverrun/external.cpp, extern_bad, 5, BUFFER_OVERRUN_U5, no_bucket, ERROR, [Unknown value from: lib,Assignment,ArrayAccess: Offset: [-oo, +oo] Size: [0, +oo]]
 codetoanalyze/cpp/bufferoverrun/external.cpp, extern_bad, 10, BUFFER_OVERRUN_L1, no_bucket, ERROR, [ArrayDeclaration,ArrayAccess: Offset: 30 Size: 10]