Author: Ryosuke Niwa Date: 2026-03-07T01:42:39-08:00 New Revision: 587becb624fa32329109f1fe53c6b7d4e93eaf81
URL: https://github.com/llvm/llvm-project/commit/587becb624fa32329109f1fe53c6b7d4e93eaf81 DIFF: https://github.com/llvm/llvm-project/commit/587becb624fa32329109f1fe53c6b7d4e93eaf81.diff LOG: [WebKit checkers] Disallow operator delete in a trivial context. (#185122) This PR changes the "trivial function analysis" to disallow `operator delete` in a "trival" or "nodelete" function or statement. Without this, the delete operator could deallocate memory for a reference counted objects, etc... Added: Modified: clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp clang/test/Analysis/Checkers/WebKit/nodelete-annotation.cpp Removed: ################################################################################ diff --git a/clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp b/clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp index 0b1f30923d49c..d239ed4c8a5ae 100644 --- a/clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp @@ -886,10 +886,6 @@ class TrivialFunctionAnalysisVisitor return IsFunctionTrivial(CE->getConstructor()); } - bool VisitCXXDeleteExpr(const CXXDeleteExpr *DE) { - return CanTriviallyDestruct(DE->getDestroyedType()); - } - bool VisitCXXInheritedCtorInitExpr(const CXXInheritedCtorInitExpr *E) { return IsFunctionTrivial(E->getConstructor()); } diff --git a/clang/test/Analysis/Checkers/WebKit/nodelete-annotation.cpp b/clang/test/Analysis/Checkers/WebKit/nodelete-annotation.cpp index faf43178fae9a..6906afb7fa0f6 100644 --- a/clang/test/Analysis/Checkers/WebKit/nodelete-annotation.cpp +++ b/clang/test/Analysis/Checkers/WebKit/nodelete-annotation.cpp @@ -70,6 +70,31 @@ void [[clang::annotate_type("webkit.nodelete")]] callsUnsafe() { someFunction(); // expected-warning{{A function 'callsUnsafe' has [[clang::annotate_type("webkit.nodelete")]] but it contains code that could destruct an object}} } +int* [[clang::annotate_type("webkit.nodelete")]] createsInt() { + return new int; +} + +void [[clang::annotate_type("webkit.nodelete")]] destroysInt(int* number) { + delete number; // expected-warning{{A function 'destroysInt' has [[clang::annotate_type("webkit.nodelete")]] but it contains code that could destruct an object}} +} + +struct IntPoint { + int x { 0 }; + int y { 0 }; +}; + +IntPoint* [[clang::annotate_type("webkit.nodelete")]] createsIntPoint() { + return new IntPoint[2]; +} + +void [[clang::annotate_type("webkit.nodelete")]] destroysIntPoint(IntPoint* point) { + delete[] point; // expected-warning{{A function 'destroysIntPoint' has [[clang::annotate_type("webkit.nodelete")]] but it contains code that could destruct an object}} +} + +void [[clang::annotate_type("webkit.nodelete")]] callOperatorDelete(int* number) { + ::operator delete(number); // expected-warning{{A function 'callOperatorDelete' has [[clang::annotate_type("webkit.nodelete")]] but it contains code that could destruct an object}} +} + void [[clang::annotate_type("webkit.nodelete")]] callsUnsafeWithSuppress(); [[clang::suppress]] void callsUnsafeWithSuppress() { @@ -336,6 +361,7 @@ struct SubData : Data { void [[clang::annotate_type("webkit.nodelete")]] makeData() { RefPtr<Data> constantData[2] = { Data::create() }; + // expected-warning@-1{{A function 'makeData' has [[clang::annotate_type("webkit.nodelete")]] but it contains code that could destruct an object}} RefPtr<Data> data[] = { Data::create() }; } _______________________________________________ cfe-commits mailing list [email protected] https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
