C++: Placement new does not necessarily require a delete.

geoffw0 · geoffw0 · commit 9986206dc68c · 2019-12-17T15:28:21.000Z
diff --git a/cpp/ql/src/Critical/MemoryMayNotBeFreed.ql b/cpp/ql/src/Critical/MemoryMayNotBeFreed.ql
@@ -25,7 +25,6 @@ predicate mayCallFunction(Expr call, Function f) {
 predicate allocCallOrIndirect(Expr e) {
   // direct alloc call
   e.(AllocationExpr).requiresDealloc() and
-  not exists(e.(NewOrNewArrayExpr).getPlacementPointer()) and
   // We are only interested in alloc calls that are
   // actually freed somehow, as MemoryNeverFreed
   // will catch those that aren't.
diff --git a/cpp/ql/src/Critical/MemoryNeverFreed.ql b/cpp/ql/src/Critical/MemoryNeverFreed.ql
@@ -14,6 +14,5 @@ import MemoryFreed
 from AllocationExpr alloc
 where
   alloc.requiresDealloc() and
-  not exists(alloc.(NewOrNewArrayExpr).getPlacementPointer()) and
   not allocMayBeFreed(alloc)
 select alloc, "This memory is never freed"
diff --git a/cpp/ql/src/semmle/code/cpp/models/implementations/Allocation.qll b/cpp/ql/src/semmle/code/cpp/models/implementations/Allocation.qll
@@ -273,6 +273,8 @@ class NewAllocationExpr extends AllocationExpr, NewExpr {
   NewAllocationExpr() { this instanceof NewExpr }
 
   override int getSizeBytes() { result = getAllocatedType().getSize() }
+
+  override predicate requiresDealloc() { not exists(getPlacementPointer()) }
 }
 
 /**
@@ -293,4 +295,6 @@ class NewArrayAllocationExpr extends AllocationExpr, NewArrayExpr {
   }
 
   override int getSizeBytes() { result = getAllocatedType().getSize() }
+
+  override predicate requiresDealloc() { not exists(getPlacementPointer()) }
 }
diff --git a/cpp/ql/src/semmle/code/cpp/models/interfaces/Allocation.qll b/cpp/ql/src/semmle/code/cpp/models/interfaces/Allocation.qll
@@ -36,7 +36,9 @@ abstract class AllocationFunction extends Function {
 
   /**
    * Whether or not this allocation requires a corresponding deallocation of
-   * some sort (most do, but `alloca` for example does not).
+   * some sort (most do, but `alloca` for example does not).  If it is unclear,
+   * we default to no (for example a placement `new` allocation may or may not
+   * require a corresponding `delete`).
    */
   predicate requiresDealloc() { any() }
 }
@@ -72,7 +74,9 @@ abstract class AllocationExpr extends Expr {
 
   /**
    * Whether or not this allocation requires a corresponding deallocation of
-   * some sort (most do, but `alloca` for example does not).
+   * some sort (most do, but `alloca` for example does not).  If it is unclear,
+   * we default to no (for example a placement `new` allocation may or may not
+   * require a corresponding `delete`).
    */
   predicate requiresDealloc() { any() }
 }

Original file line number	Diff line number	Diff line change
`@@ -273,6 +273,8 @@ class NewAllocationExpr extends AllocationExpr, NewExpr {`
`273`	`273`	`NewAllocationExpr() { this instanceof NewExpr }`
`274`	`274`
`275`	`275`	`override int getSizeBytes() { result = getAllocatedType().getSize() }`
	`276`	`+`
	`277`	`+ override predicate requiresDealloc() { not exists(getPlacementPointer()) }`
`276`	`278`	`}`
`277`	`279`
`278`	`280`	`/**`
`@@ -293,4 +295,6 @@ class NewArrayAllocationExpr extends AllocationExpr, NewArrayExpr {`
`293`	`295`	`}`
`294`	`296`
`295`	`297`	`override int getSizeBytes() { result = getAllocatedType().getSize() }`
	`298`	`+`
	`299`	`+ override predicate requiresDealloc() { not exists(getPlacementPointer()) }`
`296`	`300`	`}`