[analyzer][MallocChecker] Improve warning messages on double-delete errors

Differential Revision: https://reviews.llvm.org/D54834

llvm-svn: 349283

6 files changed, 27 insertions, 19 deletions

diff --git a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
index a5b774fe248..fb770eb9ee4 100644
--- a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
@@ -1431,7 +1431,8 @@ ProgramStateRef MallocChecker::addExtentSize(CheckerContext &C,
 
 void MallocChecker::checkPreStmt(const CXXDeleteExpr *DE,
                                  CheckerContext &C) const {
-
+  // This will regard deleting freed() regions as a use-after-free, rather then
+  // a double-free or double-delete error.
   if (!ChecksEnabled[CK_NewDeleteChecker])
     if (SymbolRef Sym = C.getSVal(DE->getArgument()).getAsSymbol())
       checkUseAfterFree(Sym, C, DE->getArgument());
@@ -1628,7 +1629,8 @@ ProgramStateRef MallocChecker::FreeMemAux(CheckerContext &C,
 }
 
 /// Checks if the previous call to free on the given symbol failed - if free
-/// failed, returns true. Also, returns the corresponding return value symbol.
+/// failed, returns true. Also, stores the corresponding return value symbol in
+/// \p RetStatusSymbol.
 static bool didPreviousFreeFail(ProgramStateRef State,
                                 SymbolRef Sym, SymbolRef &RetStatusSymbol) {
   const SymbolRef *Ret = State->get<FreeReturnValue>(Sym);
@@ -2289,6 +2291,12 @@ void MallocChecker::ReportDoubleFree(CheckerContext &C, SourceRange Range,
   if (!CheckKind.hasValue())
     return;
 
+  // If this is a double delete error, print the appropiate warning message.
+  if (CheckKind == CK_NewDeleteChecker) {
+    ReportDoubleDelete(C, Sym);
+    return;
+  }
+
   if (ExplodedNode *N = C.generateErrorNode()) {
     if (!BT_DoubleFree[*CheckKind])
       BT_DoubleFree[*CheckKind].reset(new BugType(
diff --git a/clang/test/Analysis/Inputs/expected-plists/NewDelete-path-notes.cpp.plist b/clang/test/Analysis/Inputs/expected-plists/NewDelete-path-notes.cpp.plist
index d74d9fc7c67..6a3a3d30c4e 100644
--- a/clang/test/Analysis/Inputs/expected-plists/NewDelete-path-notes.cpp.plist
+++ b/clang/test/Analysis/Inputs/expected-plists/NewDelete-path-notes.cpp.plist
@@ -194,17 +194,17 @@
      </array>
      <key>depth</key><integer>0</integer>
      <key>extended_message</key>
-     <string>Attempt to free released memory</string>
+     <string>Attempt to delete released memory</string>
      <key>message</key>
-     <string>Attempt to free released memory</string>
+     <string>Attempt to delete released memory</string>
     </dict>
    </array>
-   <key>description</key><string>Attempt to free released memory</string>
+   <key>description</key><string>Attempt to delete released memory</string>
    <key>category</key><string>Memory error</string>
-   <key>type</key><string>Double free</string>
+   <key>type</key><string>Double delete</string>
    <key>check_name</key><string>cplusplus.NewDelete</string>
    <!-- This hash is experimental and going to change! -->
-   <key>issue_hash_content_of_line_in_context</key><string>bd8e324d09c70b9e2be6f824a4942e5a</string>
+   <key>issue_hash_content_of_line_in_context</key><string>593b185245106bed5175ccf2753039b2</string>
   <key>issue_context_kind</key><string>function</string>
   <key>issue_context</key><string>test</string>
   <key>issue_hash_function_offset</key><string>8</string>
@@ -423,17 +423,17 @@
      </array>
      <key>depth</key><integer>0</integer>
      <key>extended_message</key>
-     <string>Attempt to free released memory</string>
+     <string>Attempt to delete released memory</string>
      <key>message</key>
-     <string>Attempt to free released memory</string>
+     <string>Attempt to delete released memory</string>
     </dict>
    </array>
-   <key>description</key><string>Attempt to free released memory</string>
+   <key>description</key><string>Attempt to delete released memory</string>
    <key>category</key><string>Memory error</string>
-   <key>type</key><string>Double free</string>
+   <key>type</key><string>Double delete</string>
    <key>check_name</key><string>cplusplus.NewDelete</string>
    <!-- This hash is experimental and going to change! -->
-   <key>issue_hash_content_of_line_in_context</key><string>8bf1a5b9fdae9d86780aa6c4cdce2605</string>
+   <key>issue_hash_content_of_line_in_context</key><string>6484e9b006ede7362edef2187ba6eb37</string>
   <key>issue_context_kind</key><string>function</string>
   <key>issue_context</key><string>test</string>
   <key>issue_hash_function_offset</key><string>3</string>
diff --git a/clang/test/Analysis/Malloc+MismatchedDeallocator+NewDelete.cpp b/clang/test/Analysis/Malloc+MismatchedDeallocator+NewDelete.cpp
index b5e47b3355d..e5176eb50ff 100644
--- a/clang/test/Analysis/Malloc+MismatchedDeallocator+NewDelete.cpp
+++ b/clang/test/Analysis/Malloc+MismatchedDeallocator+NewDelete.cpp
@@ -46,7 +46,7 @@ void testMismatchedDeallocator() {
 void testNewDoubleFree() {
   int *p = new int;
   delete p;
-  delete p; // expected-warning{{Attempt to free released memory}}
+  delete p; // expected-warning{{Attempt to delete released memory}}
 }
 
 void testNewLeak() {
diff --git a/clang/test/Analysis/NewDelete-checker-test.cpp b/clang/test/Analysis/NewDelete-checker-test.cpp
index 620237cd6ed..fcbe2c74023 100644
--- a/clang/test/Analysis/NewDelete-checker-test.cpp
+++ b/clang/test/Analysis/NewDelete-checker-test.cpp
@@ -182,7 +182,7 @@ void testUseThisAfterDelete() {
 void testDoubleDelete() {
   int *p = new int;
   delete p;
-  delete p; // expected-warning{{Attempt to free released memory}}
+  delete p; // expected-warning{{Attempt to delete released memory}}
 }
 
 void testExprDeleteArg() {
diff --git a/clang/test/Analysis/NewDelete-path-notes.cpp b/clang/test/Analysis/NewDelete-path-notes.cpp
index d9fe1976b82..94658360fbc 100644
--- a/clang/test/Analysis/NewDelete-path-notes.cpp
+++ b/clang/test/Analysis/NewDelete-path-notes.cpp
@@ -11,8 +11,8 @@ void test() {
     delete p;
     // expected-note@-1 {{Memory is released}}
 
-  delete p; // expected-warning {{Attempt to free released memory}}
-  // expected-note@-1 {{Attempt to free released memory}}
+  delete p; // expected-warning {{Attempt to delete released memory}}
+  // expected-note@-1 {{Attempt to delete released memory}}
 }
 
 struct Odd {
@@ -24,7 +24,7 @@ struct Odd {
 void test(Odd *odd) {
 	odd->kill(); // expected-note{{Calling 'Odd::kill'}}
                // expected-note@-1 {{Returning; memory was released}}
-	delete odd; // expected-warning {{Attempt to free released memory}}
-              // expected-note@-1 {{Attempt to free released memory}}
+	delete odd; // expected-warning {{Attempt to delete released memory}}
+              // expected-note@-1 {{Attempt to delete released memory}}
 }
 
diff --git a/clang/test/Analysis/dtor.cpp b/clang/test/Analysis/dtor.cpp
index d843f03aada..2ea38e95c87 100644
--- a/clang/test/Analysis/dtor.cpp
+++ b/clang/test/Analysis/dtor.cpp
@@ -528,7 +528,7 @@ struct NonTrivial {
     return *this;
   }
   ~NonTrivial() {
-    delete[] p; // expected-warning {{free released memory}}
+    delete[] p; // expected-warning {{delete released memory}}
   }
 };