From 13304750321cfbf21c18564295d286f071308582 Mon Sep 17 00:00:00 2001 From: Sungkeun Cho Date: Sun, 7 Oct 2018 21:52:59 -0700 Subject: [PATCH] [infer] Fix placement_new translation Summary: It unsets `var_exp_typ` of `trans_state` during the translations of placement parameters, so they are translated independently against the target variable and class of the `new` function. Reviewed By: mbouaziz, jvillard Differential Revision: D10161419 fbshipit-source-id: 7f588a91c --- infer/src/clang/cTrans.ml | 2 +- infer/tests/codetoanalyze/cpp/bufferoverrun/class.cpp | 4 ++-- infer/tests/codetoanalyze/cpp/bufferoverrun/issues.exp | 2 -- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/infer/src/clang/cTrans.ml b/infer/src/clang/cTrans.ml index 18da026a6..badfaddd6 100644 --- a/infer/src/clang/cTrans.ml +++ b/infer/src/clang/cTrans.ml @@ -2798,7 +2798,7 @@ module CTrans_funct (F : CModule_type.CFrontend) : CModule_type.CTranslation = s ~f:(fun i -> CAst_utils.get_stmt i source_range) cxx_new_expr_info.Clang_ast_t.xnei_placement_args in - let trans_state_placement = {trans_state_pri with succ_nodes= []} in + let trans_state_placement = {trans_state_pri with succ_nodes= []; var_exp_typ= None} in let res_trans_placement_control, res_trans_placement_exps = instructions trans_state_placement placement_args in diff --git a/infer/tests/codetoanalyze/cpp/bufferoverrun/class.cpp b/infer/tests/codetoanalyze/cpp/bufferoverrun/class.cpp index 8d4f743b6..08eb7576c 100644 --- a/infer/tests/codetoanalyze/cpp/bufferoverrun/class.cpp +++ b/infer/tests/codetoanalyze/cpp/bufferoverrun/class.cpp @@ -119,13 +119,13 @@ struct DummyStruct {}; inline void* operator new(std::size_t, DummyStruct, void* p) { return p; } inline void* operator new(std::size_t, void* p, DummyStruct) { return p; } -void placement_new_overload3_Good_FP() { +void placement_new_overload3_Good() { char* mem = (char*)malloc(sizeof(my_class2)); my_class2* x = new (DummyStruct{}, mem) my_class2(); x->a[0] = 0; } -void placement_new_overload4_Good_FP() { +void placement_new_overload4_Good() { char* mem = (char*)malloc(sizeof(my_class2)); my_class2* x = new (mem, DummyStruct{}) my_class2(); x->a[0] = 0; diff --git a/infer/tests/codetoanalyze/cpp/bufferoverrun/issues.exp b/infer/tests/codetoanalyze/cpp/bufferoverrun/issues.exp index 336401847..218628f9f 100644 --- a/infer/tests/codetoanalyze/cpp/bufferoverrun/issues.exp +++ b/infer/tests/codetoanalyze/cpp/bufferoverrun/issues.exp @@ -13,8 +13,6 @@ codetoanalyze/cpp/bufferoverrun/class.cpp, new_nothrow_Bad, 2, BUFFER_OVERRUN_L1 codetoanalyze/cpp/bufferoverrun/class.cpp, placement_new_Bad, 3, BUFFER_OVERRUN_L1, no_bucket, ERROR, [Offset: 10 Size: 5] codetoanalyze/cpp/bufferoverrun/class.cpp, placement_new_overload1_Bad, 3, BUFFER_OVERRUN_L1, no_bucket, ERROR, [Offset: 10 Size: 5] codetoanalyze/cpp/bufferoverrun/class.cpp, placement_new_overload2_Bad, 3, BUFFER_OVERRUN_L1, no_bucket, ERROR, [Offset: 10 Size: 5] -codetoanalyze/cpp/bufferoverrun/class.cpp, placement_new_overload3_Good_FP, 3, BUFFER_OVERRUN_U5, no_bucket, ERROR, [Unknown value from: my_class2_my_class2,ArrayAccess: Offset: [-oo, +oo] Size: [0, +oo]] -codetoanalyze/cpp/bufferoverrun/class.cpp, placement_new_overload4_Good_FP, 3, BUFFER_OVERRUN_U5, no_bucket, ERROR, [Unknown value from: my_class2_my_class2,ArrayAccess: Offset: [-oo, +oo] Size: [0, +oo]] codetoanalyze/cpp/bufferoverrun/class.cpp, return_class_Bad, 2, BUFFER_OVERRUN_L1, no_bucket, ERROR, [Return,ArrayAccess: Offset: 5 Size: 5] codetoanalyze/cpp/bufferoverrun/external.cpp, extern_bad, 5, BUFFER_OVERRUN_U5, no_bucket, ERROR, [Unknown value from: lib,Assignment,ArrayAccess: Offset: [-oo, +oo] Size: [0, +oo]] codetoanalyze/cpp/bufferoverrun/external.cpp, extern_bad, 10, BUFFER_OVERRUN_L1, no_bucket, ERROR, [ArrayDeclaration,ArrayAccess: Offset: 30 Size: 10]