[analyzer] RetainCountChecker: recognize that OSObject can be created directly using an operator "new"

Differential Revision: https://reviews.llvm.org/D55076

llvm-svn: 347949

3 files changed, 24 insertions, 4 deletions

diff --git a/clang/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountDiagnostics.cpp b/clang/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountDiagnostics.cpp
index da47513e303..cffbf58dff7 100644
--- a/clang/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountDiagnostics.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountDiagnostics.cpp
@@ -137,6 +137,8 @@ static void generateDiagnosticsForCallLike(
     } else {
       os << "function call";
     }
+  } else if (const auto *NE = dyn_cast<CXXNewExpr>(S)){
+    os << "Operator new";
   } else {
     assert(isa<ObjCMessageExpr>(S));
     CallEventManager &Mgr = CurrSt->getStateManager().getCallEventManager();
diff --git a/clang/lib/StaticAnalyzer/Core/RetainSummaryManager.cpp b/clang/lib/StaticAnalyzer/Core/RetainSummaryManager.cpp
index fc4544f843d..357bc67559a 100644
--- a/clang/lib/StaticAnalyzer/Core/RetainSummaryManager.cpp
+++ b/clang/lib/StaticAnalyzer/Core/RetainSummaryManager.cpp
@@ -124,10 +124,8 @@ RetainSummaryManager::generateSummary(const FunctionDecl *FD,
   }
 
   const IdentifierInfo *II = FD->getIdentifier();
-  if (!II)
-    return getDefaultSummary();
 
-  StringRef FName = II->getName();
+  StringRef FName = II ? II->getName() : "";
 
   // Strip away preceding '_'.  Doing this here will effect all the checks
   // down below.
@@ -304,6 +302,9 @@ RetainSummaryManager::generateSummary(const FunctionDecl *FD,
 
       if (FName == "retain")
         return getOSSummaryRetainRule(FD);
+
+      if (MD->getOverloadedOperator() == OO_New)
+        return getOSSummaryCreateRule(MD);
     }
   }
 
@@ -491,9 +492,11 @@ RetainSummaryManager::getSummary(const CallEvent &Call,
   case CE_CXXConstructor:
     Summ = getFunctionSummary(cast<CXXConstructorCall>(Call).getDecl());
     break;
+  case CE_CXXAllocator:
+    Summ = getFunctionSummary(cast<CXXAllocatorCall>(Call).getDecl());
+    break;
   case CE_Block:
   case CE_CXXDestructor:
-  case CE_CXXAllocator:
     // FIXME: These calls are currently unsupported.
     return getPersistentStopSummary();
   case CE_ObjCMessage: {
diff --git a/clang/test/Analysis/osobject-retain-release.cpp b/clang/test/Analysis/osobject-retain-release.cpp
index ca5dfbf707c..81cf2a1f210 100644
--- a/clang/test/Analysis/osobject-retain-release.cpp
+++ b/clang/test/Analysis/osobject-retain-release.cpp
@@ -23,6 +23,9 @@ struct OSObject {
   static OSObject *getObject();
   static OSObject *GetObject();
 
+
+  static void * operator new(unsigned long size);
+
   static const OSMetaClass * const metaClass;
 };
 
@@ -62,6 +65,18 @@ struct OSMetaClassBase {
   static OSObject *safeMetaCast(const OSObject *inst, const OSMetaClass *meta);
 };
 
+unsigned int check_leak_explicit_new() {
+  OSArray *arr = new OSArray; // expected-note{{Operator new returns an OSObject of type struct OSArray * with a +1 retain count}}
+  return arr->getCount(); // expected-note{{Object leaked: allocated object of type struct OSArray * is not referenced later in this execution path and has a retain count of +1}}
+                          // expected-warning@-1{{Potential leak of an object of type struct OSArray *}}
+}
+
+unsigned int check_leak_factory() {
+  OSArray *arr = OSArray::withCapacity(10); // expected-note{{Call to function 'OSArray::withCapacity' returns an OSObject of type struct OSArray * with a +1 retain count}}
+  return arr->getCount(); // expected-note{{Object leaked: object allocated and stored into 'arr' is not referenced later in this execution path and has a retain count of +1}}
+                          // expected-warning@-1{{Potential leak of an object stored into 'arr'}}
+}
+
 void check_get_object() {
   OSObject::getObject();
 }