clang static analyzer fails to find bug it found previously

I’ve just realized that the checker’s package changed after the commit, so it’s now called alpha.cplusplus.NewDelete.

Hi Anna,

I had seen this already, as mentioned in my previous post. I get the same diagnostics with and without this checker enabled.

I have verified (using the verbose scan-build output) that the –enable-checker option is being processed and an -analyze-checker option is being passed to clang++ for this file (near the end of the command line). I noticed that the format of this option is different than the “-analyzer-checker=…” format used for the other checkers, but I don’t know if it is a significant difference.

‘/mingw/bin/clang++’ ‘-cc1’ ‘-triple’ ‘i686-pc-mingw32’ ‘-analyze’ ‘-disable-free’ ‘-disable-llvm-verifier’ ‘-main-file-name’ 'astyl

e_main.cpp’ ‘-analyzer-store=region’ ‘-analyzer-opt-analyze-nested-blocks’ ‘-analyzer-eagerly-assume’ ‘-analyzer-checker=core’ '-ana

lyzer-checker=unix’ ‘-analyzer-checker=deadcode’ ‘-analyzer-checker=security.insecureAPI.UncheckedReturn’ '-analyzer-checker=securit

y.insecureAPI.getpw’ ‘-analyzer-checker=security.insecureAPI.gets’ ‘-analyzer-checker=security.insecureAPI.mktemp’ '-analyzer-checke

r=security.insecureAPI.mkstemp’ ‘-analyzer-checker=security.insecureAPI.vfork’ ‘-analyzer-output’ ‘plist’ ‘-w’ ‘-mrelocation-model’

‘static’ ‘-mdisable-fp-elim’ ‘-fmath-errno’ ‘-mconstructor-aliases’ ‘-target-cpu’ ‘pentium4’ ‘-resource-dir’ 'C:/MinGW/bin..\lib\cl

ang\3.3’ ‘-fdeprecated-macro’ ‘-fno-dwarf-directory-asm’ ‘-fdebug-compilation-dir’ ‘c:/cmd_line_tools/AStyle/build/gcc’ '-ferror-lim

it’ ‘19’ ‘-fmessage-length’ ‘0’ ‘-mstackrealign’ ‘-fno-use-cxa-atexit’ ‘-fobjc-runtime=gcc’ ‘-fobjc-default-synthesize-properties’ ’

-fcxx-exceptions’ ‘-fexceptions’ ‘-fdiagnostics-show-option’ ‘-backend-option’ ‘-vectorize-loops’ ‘-analyzer-display-progress’ '-ana

lyzer-checker’ ‘alpha.cplusplus.NewDelete’ ‘-analyzer-output=html’ ‘-o’ 'C:/Users/DennisC/AppData/Local/Temp/scan-build-2013-04-03-8

’ ‘-x’ ‘c++’ ‘c:/cmd_line_tools/AStyle/src/astyle_main.cpp’

I also noticed that the analyzer is seeing the problematic function. So _WIN32 must be defined.

ANALYZE (Syntax): c:/cmd_line_tools/AStyle/src/astyle_main.cpp getNumberFormat

Was the behavior of this checker changed when it was demoted to alpha status?

Dennis Cote

I did not see your second email before sending that the checker should be in alpha package.

Can you try inserting a bogus leak into the function and see if it is reported. This way we will know if the issue if the checker is on or off.

Anna.

From: Anna Zaks

I've just realized that the checker's package changed after the commit, so it's now called alpha.cplusplus.NewDelete.

Hi Anna,

I had seen this already, as mentioned in my previous post. I get the same diagnostics with and without this checker enabled.

I have verified (using the verbose scan-build output) that the –enable-checker option is being processed and an -analyze-checker option is being passed to clang++ for this file (near the end of the command line). I noticed that the format of this option is different than the “-analyzer-checker=…” format used for the other checkers, but I don’t know if it is a significant difference.

'/mingw/bin/clang++' '-cc1' '-triple' 'i686-pc-mingw32' '-analyze' '-disable-free' '-disable-llvm-verifier' '-main-file-name' 'astyl
e_main.cpp' '-analyzer-store=region' '-analyzer-opt-analyze-nested-blocks' '-analyzer-eagerly-assume' '-analyzer-checker=core' '-ana
lyzer-checker=unix' '-analyzer-checker=deadcode' '-analyzer-checker=security.insecureAPI.UncheckedReturn' '-analyzer-checker=securit
y.insecureAPI.getpw' '-analyzer-checker=security.insecureAPI.gets' '-analyzer-checker=security.insecureAPI.mktemp' '-analyzer-checke
r=security.insecureAPI.mkstemp' '-analyzer-checker=security.insecureAPI.vfork' '-analyzer-output' 'plist' '-w' '-mrelocation-model'
'static' '-mdisable-fp-elim' '-fmath-errno' '-mconstructor-aliases' '-target-cpu' 'pentium4' '-resource-dir' 'C:/MinGW/bin\..\lib\cl
ang\3.3' '-fdeprecated-macro' '-fno-dwarf-directory-asm' '-fdebug-compilation-dir' 'c:/cmd_line_tools/AStyle/build/gcc' '-ferror-lim
it' '19' '-fmessage-length' '0' '-mstackrealign' '-fno-use-cxa-atexit' '-fobjc-runtime=gcc' '-fobjc-default-synthesize-properties' '
-fcxx-exceptions' '-fexceptions' '-fdiagnostics-show-option' '-backend-option' '-vectorize-loops' '-analyzer-display-progress' '-ana
lyzer-checker' 'alpha.cplusplus.NewDelete' '-analyzer-output=html' '-o' 'C:/Users/DennisC/AppData/Local/Temp/scan-build-2013-04-03-8
' '-x' 'c++' 'c:/cmd_line_tools/AStyle/src/astyle_main.cpp'

I also noticed that the analyzer is seeing the problematic function. So _WIN32 must be defined.

ANALYZE (Syntax): c:/cmd_line_tools/AStyle/src/astyle_main.cpp getNumberFormat

Was the behavior of this checker changed when it was demoted to alpha status?

The behavior of the analyzer is changing all the time; we did made changes to suppress possible false positives coming from new/delete checker.
Can you attach a preprocessed file for this source file? Otherwise we cannot tell for sure.

Here is one possibility. Do you pass outBuf as const pointer to one of the calls between 'new' and 'return'? We've added a suppression for this recently.

Anna.

Hi Anna,

I added the following line to the beginning of the function to create an unpaired new. I used the nothrow array variation of new since that is what is used where I am having the problem.

char* bogus = new(nothrow) char[100];

I got an additional “Value stored to ‘bogus’ during its initialization is never read” error report, but nothing about the memory leak.

I then tried a basic new without the nothrow argument and the leak was detected and reported. The source has always used the nothrow argument to new, and the leak was detected in the past.

It looks like a regression in the checker. It seems to work for ‘new’ but not for ‘new(nothrow)’ any longer.

Dennis Cote

CC-ing Anton who is developing the checker.

Anna.

It is also entirely possible that scan-build is not passing down the --enable-checker flag correctly; when I run Clang manually with the checker enabled, I do see the warning.

Also, heads-up: I just renamed the leaks part of the checker to alpha.cplusplus.NewDeleteLeaks, so please use that instead.