NoQ added a comment. In such cases i recommend starting with writing down a test. Like in TDD: first test, //then// code.
The general direction doesn't seem reasonable to me; it introduces some pattern-matching for a specific scenario, but it's unclear why is this scenario a problem on its own. We might eventually do something similar, but I recommend //fully// debugging the false positive - i.e., understanding what exactly is wrong with it, before picking a suppression mechanism. ================ Comment at: clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp:1119-1122 + // Set the symbol's state to Released. + State = State->set<RegionState>( + Sym, RefState::getReleased(NE->isArray() ? AF_CXXNewArray : AF_CXXNew, + NE)); ---------------- I think it's clearly too early for marking the pointer as released. I.e., what about: ```lang=c++ auto x = std::shared_ptr(new int); // the pointer is marked as released use(x.get()); // use-after-free??? ``` Repository: rC Clang CHANGES SINCE LAST ACTION https://reviews.llvm.org/D63093/new/ https://reviews.llvm.org/D63093 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
