commit 43859f66cdc360ab093cdde67401a7640a4bc05c
author Jordy Rose <jediknil@belkadan.com> Mon Jun 07 19:32:37 2010 +0000
committer Jordy Rose <jediknil@belkadan.com> Mon Jun 07 19:32:37 2010 +0000
tree 630bbed6fb62b68752d09596b0b69bb7871c7832
parent 79ba509b0106fd0a1ff832baeb1fdb5430527efe

Catch free()s on non-regions and regions known to be not from malloc(), by checking the symbol type and memory space.



git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@105547 91177308-0d34-0410-b5e6-96231b3b80d8

test/Analysis/free.c

diff --git a/test/Analysis/free.c b/test/Analysis/free.c
new file mode 100644
index 0000000..60bb3f2
--- /dev/null
+++ b/test/Analysis/free.c
@@ -0,0 +1,71 @@
+// RUN: %clang_cc1 -analyze -analyzer-experimental-internal-checks -analyzer-check-objc-mem -analyzer-store=region -analyzer-experimental-checks -fblocks -verify %s
+void free(void *);
+
+void t1 () {
+  int a[] = { 1 };
+  free(a); // expected-warning {{Argument to free() is the address of the local variable 'a', which is not memory allocated by malloc()}}
+}
+
+void t2 () {
+  int a = 1;
+  free(&a); // expected-warning {{Argument to free() is the address of the local variable 'a', which is not memory allocated by malloc()}}
+}
+
+void t3 () {
+  static int a[] = { 1 };
+  free(a); // expected-warning {{Argument to free() is the address of the static variable 'a', which is not memory allocated by malloc()}}
+}
+
+void t4 (char *x) {
+  free(x); // no-warning
+}
+
+void t5 () {
+  extern char *ptr();
+  free(ptr()); // no-warning
+}
+
+void t6 () {
+  free((void*)1000); // expected-warning {{Argument to free() is a constant address (1000), which is not memory allocated by malloc()}}
+}
+
+void t7 (char **x) {
+  free(*x); // no-warning
+}
+
+void t8 (char **x) {
+  // ugh
+  free((*x)+8); // no-warning
+}
+
+void t9 () {
+label:
+  free(&&label); // expected-warning {{Argument to free() is the address of the label 'label', which is not memory allocated by malloc()}}
+}
+
+void t10 () {
+  free((void*)&t10); // expected-warning {{Argument to free() is the address of the function 't10', which is not memory allocated by malloc()}}
+}
+
+void t11 () {
+  char *p = (char*)__builtin_alloca(2);
+  free(p); // expected-warning {{Argument to free() was allocated by alloca(), not malloc()}}
+}
+
+void t12 () {
+  free(^{return;}); // expected-warning {{Argument to free() is a block, which is not memory allocated by malloc()}}
+}
+
+void t13 (char a) {
+  free(&a); // expected-warning {{Argument to free() is the address of the parameter 'a', which is not memory allocated by malloc()}}
+}
+
+static int someGlobal[2];
+void t14 () {
+  free(someGlobal); // expected-warning {{Argument to free() is the address of the global variable 'someGlobal', which is not memory allocated by malloc()}}
+}
+
+void t15 (char **x, int offset) {
+  // Unknown value
+  free(x[offset]); // no-warning
+}