//===--- MultipleNewInOneExpressionCheck.cpp - clang-tidy------------------===// // // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // See https://llvm.org/LICENSE.txt for license information. // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // //===----------------------------------------------------------------------===// #include "MultipleNewInOneExpressionCheck.h" #include "clang/AST/ASTContext.h" #include "clang/ASTMatchers/ASTMatchFinder.h" #include "clang/Lex/Lexer.h" using namespace clang::ast_matchers; namespace clang::tidy::bugprone { namespace { // Determine if the result of an expression is "stored" in some way. // It is true if the value is stored into a variable or used as initialization // or passed to a function or constructor. // For this use case compound assignments are not counted as a "store" (the 'E' // expression should have pointer type). bool isExprValueStored(const Expr *E, ASTContext &C) { E = E->IgnoreParenCasts(); // Get first non-paren, non-cast parent. ParentMapContext &PMap = C.getParentMapContext(); DynTypedNodeList P = PMap.getParents(*E); if (P.size() != 1) return false; const Expr *ParentE = nullptr; while ((ParentE = P[0].get()) && ParentE->IgnoreParenCasts() == E) { P = PMap.getParents(P[0]); if (P.size() != 1) return false; } if (const auto *ParentVarD = P[0].get()) return ParentVarD->getInit()->IgnoreParenCasts() == E; if (!ParentE) return false; if (const auto *BinOp = dyn_cast(ParentE)) return BinOp->getOpcode() == BO_Assign && BinOp->getRHS()->IgnoreParenCasts() == E; return isa(ParentE); } } // namespace AST_MATCHER_P(CXXTryStmt, hasHandlerFor, ast_matchers::internal::Matcher, InnerMatcher) { for (unsigned NH = Node.getNumHandlers(), I = 0; I < NH; ++I) { const CXXCatchStmt *CatchS = Node.getHandler(I); // Check for generic catch handler (match anything). if (CatchS->getCaughtType().isNull()) return true; ast_matchers::internal::BoundNodesTreeBuilder Result(*Builder); if (InnerMatcher.matches(CatchS->getCaughtType(), Finder, &Result)) { *Builder = std::move(Result); return true; } } return false; } AST_MATCHER(CXXNewExpr, mayThrow) { FunctionDecl *OperatorNew = Node.getOperatorNew(); if (!OperatorNew) return false; return !OperatorNew->getType()->castAs()->isNothrow(); } void MultipleNewInOneExpressionCheck::registerMatchers(MatchFinder *Finder) { auto BadAllocType = recordType(hasDeclaration(cxxRecordDecl(hasName("::std::bad_alloc")))); auto ExceptionType = recordType(hasDeclaration(cxxRecordDecl(hasName("::std::exception")))); auto BadAllocReferenceType = referenceType(pointee(BadAllocType)); auto ExceptionReferenceType = referenceType(pointee(ExceptionType)); auto CatchBadAllocType = qualType(hasCanonicalType(anyOf(BadAllocType, BadAllocReferenceType, ExceptionType, ExceptionReferenceType))); auto BadAllocCatchingTryBlock = cxxTryStmt(hasHandlerFor(CatchBadAllocType)); auto NewExprMayThrow = cxxNewExpr(mayThrow()); auto HasNewExpr1 = expr(anyOf(NewExprMayThrow.bind("new1"), hasDescendant(NewExprMayThrow.bind("new1")))); auto HasNewExpr2 = expr(anyOf(NewExprMayThrow.bind("new2"), hasDescendant(NewExprMayThrow.bind("new2")))); Finder->addMatcher( callExpr( hasAnyArgument( expr(HasNewExpr1).bind("arg1")), hasAnyArgument( expr(HasNewExpr2, unless(equalsBoundNode("arg1"))).bind("arg2")), hasAncestor(BadAllocCatchingTryBlock)), this); Finder->addMatcher( cxxConstructExpr( hasAnyArgument( expr(HasNewExpr1).bind("arg1")), hasAnyArgument( expr(HasNewExpr2, unless(equalsBoundNode("arg1"))).bind("arg2")), unless(isListInitialization()), hasAncestor(BadAllocCatchingTryBlock)), this); Finder->addMatcher(binaryOperator(hasLHS(HasNewExpr1), hasRHS(HasNewExpr2), unless(hasAnyOperatorName("&&", "||", ",")), hasAncestor(BadAllocCatchingTryBlock)), this); Finder->addMatcher( cxxNewExpr(mayThrow(), hasDescendant(NewExprMayThrow.bind("new2_in_new1")), hasAncestor(BadAllocCatchingTryBlock)) .bind("new1"), this); } void MultipleNewInOneExpressionCheck::check( const MatchFinder::MatchResult &Result) { const auto *NewExpr1 = Result.Nodes.getNodeAs("new1"); const auto *NewExpr2 = Result.Nodes.getNodeAs("new2"); const auto *NewExpr2InNewExpr1 = Result.Nodes.getNodeAs("new2_in_new1"); if (!NewExpr2) NewExpr2 = NewExpr2InNewExpr1; assert(NewExpr1 && NewExpr2 && "Bound nodes not found."); // No warning if both allocations are not stored. // The value may be intentionally not stored (no deallocations needed or // self-destructing object). if (!isExprValueStored(NewExpr1, *Result.Context) && !isExprValueStored(NewExpr2, *Result.Context)) return; // In C++17 sequencing of a 'new' inside constructor arguments of another // 'new' is fixed. Still a leak can happen if the returned value from the // first 'new' is not saved (yet) and the second fails. if (getLangOpts().CPlusPlus17 && NewExpr2InNewExpr1) diag(NewExpr1->getBeginLoc(), "memory allocation may leak if an other allocation is sequenced after " "it and throws an exception") << NewExpr1->getSourceRange() << NewExpr2->getSourceRange(); else diag(NewExpr1->getBeginLoc(), "memory allocation may leak if an other allocation is sequenced after " "it and throws an exception; order of these allocations is undefined") << NewExpr1->getSourceRange() << NewExpr2->getSourceRange(); } } // namespace clang::tidy::bugprone