Cleanup test and impl

steakhal · steakhal · commit d7e9b8867a45 · 2024-05-05T13:55:12.000+02:00
I'd prefer using the definition of FD to check the beginning brace
location.
diff --git a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
@@ -1096,13 +1096,15 @@ static bool isStandardNewDelete(const FunctionDecl *FD) {
       Kind != OO_Array_Delete)
     return false;
 
+  bool HasBody = FD->hasBody(); // Prefer using the definition.
+
   // This is standard if and only if it's not defined in a user file.
   SourceLocation L = FD->getLocation();
+
   // If the header for operator delete is not included, it's still defined
   // in an invalid source location. Check to make sure we don't crash.
-  return !L.isValid() ||
-         (!FD->hasBody() && // FIXME: Still a false alarm after CTU inlining.
-          FD->getASTContext().getSourceManager().isInSystemHeader(L));
+  const auto &SM = FD->getASTContext().getSourceManager();
+  return L.isInvalid() || (!HasBody && SM.isInSystemHeader(L));
 }
 
 //===----------------------------------------------------------------------===//
diff --git a/clang/test/Analysis/Inputs/overloaded-delete-in-header.h b/clang/test/Analysis/Inputs/overloaded-delete-in-header.h
@@ -1,17 +1,18 @@
 #ifndef OVERLOADED_DELETE_IN_HEADER
 #define OVERLOADED_DELETE_IN_HEADER
 
-void clang_analyzer_printState();
-
 struct DeleteInHeader {
-  inline void operator delete(void *ptr) {
-    // No matter whether this header file is included as a system header file
-    // with -isystem or a user header file with -I, ptr should not be marked as
-    // released.
-    clang_analyzer_printState();
-
-    ::operator delete(ptr); // The first place where ptr is marked as released.
-  }
+  int data;
+  static void operator delete(void *ptr);
 };
 
+void DeleteInHeader::operator delete(void *ptr) {
+  DeleteInHeader *self = (DeleteInHeader *)ptr;
+  self->data = 1; // no-warning: Still alive.
+
+  ::operator delete(ptr);
+
+  self->data = 2; // expected-warning {{Use of memory after it is freed [cplusplus.NewDelete]}}
+}
+
 #endif // OVERLOADED_DELETE_IN_SYSTEM_HEADER
diff --git a/clang/test/Analysis/overloaded-delete-in-system-header.cpp b/clang/test/Analysis/overloaded-delete-in-system-header.cpp
@@ -1,25 +1,9 @@
-// issue 62985
-// When 3rd-party header files are included as system headers, their overloaded
-// new and delete operators are also considered as the std ones. However, those
-// overloaded operator functions will also be inlined. This makes the same
-// symbolic memory marked as released twice, which leads to a false uaf alarm.
-//
-// The first run, include as system header. False uaf report before fix.
-//
-// RUN: %clang_analyze_cc1 %s \
-// RUN: -analyzer-checker=core,cplusplus.NewDelete,debug.ExprInspection \
-// RUN:   -isystem %S/Inputs/ 2>&1 | \
-// RUN:   FileCheck %s
-//
-// The second run, include as user header. Should always silent.
-//
-// RUN: %clang_analyze_cc1 %s \
-// RUN: -analyzer-checker=core,cplusplus.NewDelete,debug.ExprInspection \
-// RUN:   -I %S/Inputs/ 2>&1 | \
-// RUN:   FileCheck %s
+// RUN: %clang_analyze_cc1 -isystem %S/Inputs/ -verify %s \
+// RUN:   -analyzer-checker=core,unix.Malloc,cplusplus.NewDelete
+
+// RUN: %clang_analyze_cc1 -I %S/Inputs/ -verify %s \
+// RUN:   -analyzer-checker=core,unix.Malloc,cplusplus.NewDelete
 
 #include "overloaded-delete-in-header.h"
 
 void deleteInHeader(DeleteInHeader *p) { delete p; }
-
-// CHECK-NOT: Released
