Training courses

Kernel and Embedded Linux

Bootlin training courses

Embedded Linux, kernel,
Yocto Project, Buildroot, real-time,
graphics, boot time, debugging...

Bootlin logo

Elixir Cross Referencer

// RUN: %clang_analyze_cc1 -std=c++11 -analyzer-checker=core,cplusplus.NewDelete,cplusplus.NewDeleteLeaks,debug.ExprInspection -analyzer-config c++-allocator-inlining=true -std=c++11 -verify %s

void clang_analyzer_eval(bool);
void clang_analyzer_dump(int);

typedef __typeof__(sizeof(int)) size_t;

void *conjure();
void exit(int);

struct S;

S *global_s;

// Recursive operator kinda placement new.
void *operator new(size_t size, S *place);

enum class ConstructionKind : char {
  Garbage,
  Recursive
};

struct S {
public:
  int x;
  S(): x(1) {}
  S(int y): x(y) {}

  S(ConstructionKind k) {
    switch (k) {
    case ConstructionKind::Recursive: { // Call one more operator new 'r'ecursively.
      S *s = new (nullptr) S(5);
      x = s->x + 1;
      global_s = s;
      return;
    }
    case ConstructionKind::Garbage: {
      // Leaves garbage in 'x'.
    }
    }
  }
  ~S() {}
};

// Do not try this at home!
void *operator new(size_t size, S *place) {
  if (!place)
    return new S();
  return place;
}

void testThatCharConstructorIndeedYieldsGarbage() {
  S *s = new S(ConstructionKind::Garbage);
  clang_analyzer_eval(s->x == 0); // expected-warning{{UNKNOWN}}
  clang_analyzer_eval(s->x == 1); // expected-warning{{UNKNOWN}}
  // FIXME: This should warn, but MallocChecker doesn't default-bind regions
  // returned by standard operator new to garbage.
  s->x += 1; // no-warning
  delete s;
}


void testChainedOperatorNew() {
  S *s;
  // * Evaluate standard new.
  // * Evaluate constructor S(3).
  // * Bind value for standard new.
  // * Evaluate our custom new.
  // * Evaluate constructor S(Garbage).
  // * Bind value for our custom new.
  s = new (new S(3)) S(ConstructionKind::Garbage);
  clang_analyzer_eval(s->x == 3); // expected-warning{{TRUE}}
  // expected-warning@+9{{Potential leak of memory pointed to by 's'}}

  // * Evaluate standard new.
  // * Evaluate constructor S(Garbage).
  // * Bind value for standard new.
  // * Evaluate our custom new.
  // * Evaluate constructor S(4).
  // * Bind value for our custom new.
  s = new (new S(ConstructionKind::Garbage)) S(4);
  clang_analyzer_eval(s->x == 4); // expected-warning{{TRUE}}
  delete s;

  // -> Enter our custom new (nullptr).
  //   * Evaluate standard new.
  //   * Inline constructor S().
  //   * Bind value for standard new.
  // <- Exit our custom new (nullptr).
  // * Evaluate constructor S(Garbage).
  // * Bind value for our custom new.
  s = new (nullptr) S(ConstructionKind::Garbage);
  clang_analyzer_eval(s->x == 1); // expected-warning{{TRUE}}
  delete s;

  // -> Enter our custom new (nullptr).
  //   * Evaluate standard new.
  //   * Inline constructor S().
  //   * Bind value for standard new.
  // <- Exit our custom new (nullptr).
  // -> Enter constructor S(Recursive).
  //   -> Enter our custom new (nullptr).
  //     * Evaluate standard new.
  //     * Inline constructor S().
  //     * Bind value for standard new.
  //   <- Exit our custom new (nullptr).
  //   * Evaluate constructor S(5).
  //   * Bind value for our custom new (nullptr).
  //   * Assign that value to global_s.
  // <- Exit constructor S(Recursive).
  // * Bind value for our custom new (nullptr).
  global_s = nullptr;
  s = new (nullptr) S(ConstructionKind::Recursive);
  clang_analyzer_eval(global_s); // expected-warning{{TRUE}}
  clang_analyzer_eval(global_s->x == 5); // expected-warning{{TRUE}}
  clang_analyzer_eval(s->x == 6); // expected-warning{{TRUE}}
  delete s;
}