1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
|
//===--- MultipleNewInOneExpressionCheck.cpp - clang-tidy------------------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
#include "MultipleNewInOneExpressionCheck.h"
#include "clang/AST/ASTContext.h"
#include "clang/ASTMatchers/ASTMatchFinder.h"
#include "clang/Lex/Lexer.h"
using namespace clang::ast_matchers;
using namespace clang;
namespace {
// Determine if the result of an expression is "stored" in some way.
// It is true if the value is stored into a variable or used as initialization
// or passed to a function or constructor.
// For this use case compound assignments are not counted as a "store" (the 'E'
// expression should have pointer type).
bool isExprValueStored(const Expr *E, ASTContext &C) {
E = E->IgnoreParenCasts();
// Get first non-paren, non-cast parent.
ParentMapContext &PMap = C.getParentMapContext();
DynTypedNodeList P = PMap.getParents(*E);
if (P.size() != 1)
return false;
const Expr *ParentE;
while ((ParentE = P[0].get<Expr>()) && ParentE->IgnoreParenCasts() == E) {
P = PMap.getParents(P[0]);
if (P.size() != 1)
return false;
}
if (const auto *ParentVarD = P[0].get<VarDecl>())
return ParentVarD->getInit()->IgnoreParenCasts() == E;
if (!ParentE)
return false;
if (const auto *BinOp = dyn_cast<BinaryOperator>(ParentE))
return BinOp->getOpcode() == BO_Assign &&
BinOp->getRHS()->IgnoreParenCasts() == E;
return isa<CallExpr, CXXConstructExpr>(ParentE);
}
} // namespace
namespace clang {
namespace tidy {
namespace bugprone {
AST_MATCHER_P(CXXTryStmt, hasHandlerFor,
ast_matchers::internal::Matcher<QualType>, InnerMatcher) {
for (unsigned NH = Node.getNumHandlers(), I = 0; I < NH; ++I) {
const CXXCatchStmt *CatchS = Node.getHandler(I);
// Check for generic catch handler (match anything).
if (CatchS->getCaughtType().isNull())
return true;
ast_matchers::internal::BoundNodesTreeBuilder Result(*Builder);
if (InnerMatcher.matches(CatchS->getCaughtType(), Finder, &Result)) {
*Builder = std::move(Result);
return true;
}
}
return false;
}
AST_MATCHER(CXXNewExpr, mayThrow) {
FunctionDecl *OperatorNew = Node.getOperatorNew();
if (!OperatorNew)
return false;
return !OperatorNew->getType()->castAs<FunctionProtoType>()->isNothrow();
}
void MultipleNewInOneExpressionCheck::registerMatchers(MatchFinder *Finder) {
auto BadAllocType =
recordType(hasDeclaration(cxxRecordDecl(hasName("::std::bad_alloc"))));
auto ExceptionType =
recordType(hasDeclaration(cxxRecordDecl(hasName("::std::exception"))));
auto BadAllocReferenceType = referenceType(pointee(BadAllocType));
auto ExceptionReferenceType = referenceType(pointee(ExceptionType));
auto CatchBadAllocType =
qualType(hasCanonicalType(anyOf(BadAllocType, BadAllocReferenceType,
ExceptionType, ExceptionReferenceType)));
auto BadAllocCatchingTryBlock = cxxTryStmt(hasHandlerFor(CatchBadAllocType));
auto NewExprMayThrow = cxxNewExpr(mayThrow());
auto HasNewExpr1 = expr(anyOf(NewExprMayThrow.bind("new1"),
hasDescendant(NewExprMayThrow.bind("new1"))));
auto HasNewExpr2 = expr(anyOf(NewExprMayThrow.bind("new2"),
hasDescendant(NewExprMayThrow.bind("new2"))));
Finder->addMatcher(
callExpr(
hasAnyArgument(
expr(HasNewExpr1).bind("arg1")),
hasAnyArgument(
expr(HasNewExpr2, unless(equalsBoundNode("arg1"))).bind("arg2")),
hasAncestor(BadAllocCatchingTryBlock)),
this);
Finder->addMatcher(
cxxConstructExpr(
hasAnyArgument(
expr(HasNewExpr1).bind("arg1")),
hasAnyArgument(
expr(HasNewExpr2, unless(equalsBoundNode("arg1"))).bind("arg2")),
unless(isListInitialization()),
hasAncestor(BadAllocCatchingTryBlock)),
this);
Finder->addMatcher(binaryOperator(hasLHS(HasNewExpr1), hasRHS(HasNewExpr2),
unless(hasAnyOperatorName("&&", "||", ",")),
hasAncestor(BadAllocCatchingTryBlock)),
this);
Finder->addMatcher(
cxxNewExpr(mayThrow(),
hasDescendant(NewExprMayThrow.bind("new2_in_new1")),
hasAncestor(BadAllocCatchingTryBlock))
.bind("new1"),
this);
}
void MultipleNewInOneExpressionCheck::check(
const MatchFinder::MatchResult &Result) {
const auto *NewExpr1 = Result.Nodes.getNodeAs<CXXNewExpr>("new1");
const auto *NewExpr2 = Result.Nodes.getNodeAs<CXXNewExpr>("new2");
const auto *NewExpr2InNewExpr1 =
Result.Nodes.getNodeAs<CXXNewExpr>("new2_in_new1");
if (!NewExpr2)
NewExpr2 = NewExpr2InNewExpr1;
assert(NewExpr1 && NewExpr2 && "Bound nodes not found.");
// No warning if both allocations are not stored.
// The value may be intentionally not stored (no deallocations needed or
// self-destructing object).
if (!isExprValueStored(NewExpr1, *Result.Context) &&
!isExprValueStored(NewExpr2, *Result.Context))
return;
// In C++17 sequencing of a 'new' inside constructor arguments of another
// 'new' is fixed. Still a leak can happen if the returned value from the
// first 'new' is not saved (yet) and the second fails.
if (getLangOpts().CPlusPlus17 && NewExpr2InNewExpr1)
diag(NewExpr1->getBeginLoc(),
"memory allocation may leak if an other allocation is sequenced after "
"it and throws an exception")
<< NewExpr1->getSourceRange() << NewExpr2->getSourceRange();
else
diag(NewExpr1->getBeginLoc(),
"memory allocation may leak if an other allocation is sequenced after "
"it and throws an exception; order of these allocations is undefined")
<< NewExpr1->getSourceRange() << NewExpr2->getSourceRange();
}
} // namespace bugprone
} // namespace tidy
} // namespace clang
|
