Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

incorrect modeling of std::optional in cplusplus.NewDelete leads to incorrect warnings #119415

Open
vtjnash opened this issue Dec 10, 2024 · 1 comment
Open

incorrect modeling of std::optional in cplusplus.NewDelete leads to incorrect warnings #119415

vtjnash opened this issue Dec 10, 2024 · 1 comment
Labels
clang:static analyzer

Comments

@vtjnash
Copy link
Member

vtjnash commented Dec 10, 2024
edited by VoltrexKeyva
Loading

The clang-analyzer incorrectly models the default ~ function for a union object (it calls ~ on some of the options, in contradiction to the C++ standard and actual implementation which does not call ~ on any fields). This results in declaration of double-frees (or lost memory) which don't actually occur at runtime for sample code like this.
cat dtor-test.cpp

#include <iostream>
#include <optional>

class C {
  int *once;
public:
  C(int) {
    std::cout << "C Ctor" << std::endl;
    once = new int[3];
  }
  C(C&&) = delete;
  ~C() {
    std::cout << "C Dtor" << std::endl;
    delete[] once;
  }
};

int main() {
  std::optional<C> S{1};
  return 0;
}
$ clang++ -fPIE -std=c++20 dtor-test.cpp  && ./a.out # demo that clang++ runs correctly
C Ctor
C Dtor
$ g++ -fPIE -std=c++20 dtor-test.cpp  && ./a.out # demo that g++ runs correctly
C Ctor
C Dtor
$ clang++ --analyze -analyzer-output=text -std=c++20 dtor-test.cpp # demo that clang-analyzer is wrong
dtor-test.cpp:14:5: warning: Attempt to free released memory [cplusplus.NewDelete]
   14 |     delete[] once;
      |     ^

from JuliaLang/julia#56130 (comment)
@llvmbot
Copy link
Member

llvmbot commented Dec 10, 2024

@llvm/issue-subscribers-clang-static-analyzer

Author: Jameson Nash (vtjnash)

The clang-analyzer incorrectly models the default `~` function for a `union` object (it calls `~` on some of the options, in contradiction to the C++ standard and actual implementation which does not call `~` on any fields). This results in declaration of double-frees (or lost memory) which don't actually occur at runtime for sample code like this. ```c++ $ cat dtor-test.cpp #include <iostream> #include <optional>

class C {
int *once;
public:
C(int) {
std::cout << "C Ctor" << std::endl;
once = new int[3];
}
C(C&&) = delete;
~C() {
std::cout << "C Dtor" << std::endl;
delete[] once;
}
};

int main() {
std::optional<C> S{1};
return 0;
}

$ clang++ -fPIE -std=c++20 dtor-test.cpp && ./a.out # demo that clang++ runs correctly
C Ctor
C Dtor
$ g++ -fPIE -std=c++20 dtor-test.cpp && ./a.out # demo that g++ runs correctly
C Ctor
C Dtor
$ clang++ --analyze -analyzer-output=text -std=c++20 dtor-test.cpp # demo that clang-analyzer is wrong
dtor-test.cpp:14:5: warning: Attempt to free released memory [cplusplus.NewDelete]
14 | delete[] once;
| ^

from https://github.com/JuliaLang/julia/pull/56130#issuecomment-2518550050
</details>

@LinZhihao-723 LinZhihao-723 mentioned this issue Jan 5, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
clang:static analyzer
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vtjnash @llvmbot