Blame - test/Analysis/malloc.c - platform/external/clang

blob: b4c1314b34cfea1f79941a22f2e6b498dd8756d2 [file] [log] [blame]

Ted Kremenek	565e465	2010-02-05 02:06:54 +0000	[diff] [blame]	1	// RUN: %clang_cc1 -analyze -analyzer-experimental-internal-checks -analyzer-check-objc-mem -analyzer-experimental-checks -analyzer-store=region -verify %s
Eli Friedman	2f00552	2009-11-14 04:23:25 +0000	[diff] [blame]	2	typedef __typeof(sizeof(int)) size_t;
Ted Kremenek	c360775	2009-11-13 20:03:22 +0000	[diff] [blame]	3	void *malloc(size_t);
				4	void free(void *);
Zhongxing Xu	d9c84c8	2009-12-12 12:29:38 +0000	[diff] [blame]	5	void realloc(void ptr, size_t size);
				6	void *calloc(size_t nmemb, size_t size);
Zhongxing Xu	fc7ac8f	2009-11-13 07:48:11 +0000	[diff] [blame]	7
				8	void f1() {
Zhongxing Xu	ab28099	2010-05-25 04:59:19 +0000	[diff] [blame]	9	int *p = malloc(12);
Zhongxing Xu	fc7ac8f	2009-11-13 07:48:11 +0000	[diff] [blame]	10	return; // expected-warning{{Allocated memory never released. Potential memory leak.}}
				11	}
				12
Ted Kremenek	ba93087	2009-11-13 19:53:32 +0000	[diff] [blame]	13	void f1_b() {
Zhongxing Xu	ab28099	2010-05-25 04:59:19 +0000	[diff] [blame]	14	int *p = malloc(12); // expected-warning{{Allocated memory never released. Potential memory leak.}}
Ted Kremenek	ba93087	2009-11-13 19:53:32 +0000	[diff] [blame]	15	}
				16
Zhongxing Xu	fc7ac8f	2009-11-13 07:48:11 +0000	[diff] [blame]	17	void f2() {
Zhongxing Xu	ab28099	2010-05-25 04:59:19 +0000	[diff] [blame]	18	int *p = malloc(12);
Zhongxing Xu	fc7ac8f	2009-11-13 07:48:11 +0000	[diff] [blame]	19	free(p);
				20	free(p); // expected-warning{{Try to free a memory block that has been released}}
				21	}
Ted Kremenek	c764d4b	2009-11-13 20:00:28 +0000	[diff] [blame]	22
Zhongxing Xu	243fde9	2009-11-17 07:54:15 +0000	[diff] [blame]	23	// This case tests that storing malloc'ed memory to a static variable which is
				24	// then returned is not leaked. In the absence of known contracts for functions
				25	// or inter-procedural analysis, this is a conservative answer.
Ted Kremenek	c764d4b	2009-11-13 20:00:28 +0000	[diff] [blame]	26	int *f3() {
				27	static int *p = 0;
Zhongxing Xu	ab28099	2010-05-25 04:59:19 +0000	[diff] [blame]	28	p = malloc(12);
Zhongxing Xu	4985e3e	2009-11-17 08:58:18 +0000	[diff] [blame]	29	return p; // no-warning
Ted Kremenek	c764d4b	2009-11-13 20:00:28 +0000	[diff] [blame]	30	}
				31
Zhongxing Xu	243fde9	2009-11-17 07:54:15 +0000	[diff] [blame]	32	// This case tests that storing malloc'ed memory to a static global variable
				33	// which is then returned is not leaked. In the absence of known contracts for
				34	// functions or inter-procedural analysis, this is a conservative answer.
Ted Kremenek	c764d4b	2009-11-13 20:00:28 +0000	[diff] [blame]	35	static int *p_f4 = 0;
				36	int *f4() {
Zhongxing Xu	ab28099	2010-05-25 04:59:19 +0000	[diff] [blame]	37	p_f4 = malloc(12);
Zhongxing Xu	4985e3e	2009-11-17 08:58:18 +0000	[diff] [blame]	38	return p_f4; // no-warning
Ted Kremenek	c764d4b	2009-11-13 20:00:28 +0000	[diff] [blame]	39	}
Zhongxing Xu	d9c84c8	2009-12-12 12:29:38 +0000	[diff] [blame]	40
				41	int *f5() {
Zhongxing Xu	ab28099	2010-05-25 04:59:19 +0000	[diff] [blame]	42	int *q = malloc(12);
Zhongxing Xu	d9c84c8	2009-12-12 12:29:38 +0000	[diff] [blame]	43	q = realloc(q, 20);
				44	return q; // no-warning
				45	}
Zhongxing Xu	b94b81a	2009-12-31 06:13:07 +0000	[diff] [blame]	46
				47	void f6() {
Zhongxing Xu	ab28099	2010-05-25 04:59:19 +0000	[diff] [blame]	48	int *p = malloc(12);
Zhongxing Xu	b94b81a	2009-12-31 06:13:07 +0000	[diff] [blame]	49	if (!p)
				50	return; // no-warning
				51	else
				52	free(p);
				53	}
Zhongxing Xu	425c7ed	2010-01-18 04:01:40 +0000	[diff] [blame]	54
				55	char *doit2();
				56	void pr6069() {
				57	char *buf = doit2();
				58	free(buf);
				59	}
Zhongxing Xu	181cc3d	2010-02-14 06:49:48 +0000	[diff] [blame]	60
				61	void pr6293() {
				62	free(0);
				63	}
Zhongxing Xu	c802378	2010-03-10 04:58:55 +0000	[diff] [blame]	64
				65	void f7() {
				66	char x = (char) malloc(4);
				67	free(x);
				68	x[0] = 'a'; // expected-warning{{Use dynamically allocated memory after it is freed.}}
				69	}
Zhongxing Xu	ab28099	2010-05-25 04:59:19 +0000	[diff] [blame]	70
				71	void PR6123() {
				72	int *x = malloc(11); // expected-warning{{Cast a region whose size is not a multiple of the destination type size.}}
				73	}
				74
				75	void PR7217() {
				76	int *buf = malloc(2); // expected-warning{{Cast a region whose size is not a multiple of the destination type size.}}
				77	buf[1] = 'c'; // not crash
Zhongxing Xu	ab28099	2010-05-25 04:59:19 +0000	[diff] [blame]	78	}
Jordy Rose	c580f2e	2010-06-20 04:30:57 +0000	[diff] [blame]	79
				80	void mallocCastToVoid() {
				81	void *p = malloc(2);
				82	const void *cp = p; // not crash
				83	free(p);
				84	}
				85
				86	void mallocCastToFP() {
				87	void *p = malloc(2);
				88	void (*fp)() = p; // not crash
				89	free(p);
				90	}
				91
Zhongxing Xu	a5ce966	2010-06-01 03:01:33 +0000	[diff] [blame]	92	// This tests that malloc() buffers are undefined by default
				93	char mallocGarbage () {
				94	char *buf = malloc(2);
				95	char result = buf[1]; // expected-warning{{undefined}}
				96	free(buf);
				97	return result;
				98	}
				99
				100	// This tests that calloc() buffers need to be freed
				101	void callocNoFree () {
				102	char *buf = calloc(2,2);
				103	return; // expected-warning{{never released}}
				104	}
				105
				106	// These test that calloc() buffers are zeroed by default
				107	char callocZeroesGood () {
				108	char *buf = calloc(2,2);
				109	char result = buf[3]; // no-warning
				110	if (buf[1] == 0) {
				111	free(buf);
				112	}
				113	return result; // no-warning
				114	}
				115
				116	char callocZeroesBad () {
				117	char *buf = calloc(2,2);
				118	char result = buf[3]; // no-warning
				119	if (buf[1] != 0) {
				120	free(buf);
				121	}
				122	return result; // expected-warning{{never released}}
				123	}