Jordy Rose | 17a38e2 | 2011-09-02 05:55:19 +0000 | [diff] [blame] | 1 | // RUN: %clang_cc1 -analyze -analyzer-checker=core,osx.cocoa.RetainCount -analyzer-store=region -analyzer-max-loop 6 -verify %s |
Ted Kremenek | 0964a06 | 2009-01-21 06:57:53 +0000 | [diff] [blame] | 2 | |
| 3 | //===----------------------------------------------------------------------===// |
| 4 | // The following code is reduced using delta-debugging from |
| 5 | // Foundation.h (Mac OS X). |
| 6 | // |
| 7 | // It includes the basic definitions for the test cases below. |
| 8 | // Not including Foundation.h directly makes this test case both svelte and |
| 9 | // portable to non-Mac platforms. |
| 10 | //===----------------------------------------------------------------------===// |
| 11 | |
| 12 | typedef unsigned int __darwin_natural_t; |
| 13 | typedef unsigned long UInt32; |
| 14 | typedef signed long CFIndex; |
| 15 | typedef const void * CFTypeRef; |
| 16 | typedef const struct __CFString * CFStringRef; |
| 17 | typedef const struct __CFAllocator * CFAllocatorRef; |
| 18 | extern const CFAllocatorRef kCFAllocatorDefault; |
| 19 | extern CFTypeRef CFRetain(CFTypeRef cf); |
| 20 | extern void CFRelease(CFTypeRef cf); |
| 21 | typedef struct { |
| 22 | } |
| 23 | CFArrayCallBacks; |
| 24 | extern const CFArrayCallBacks kCFTypeArrayCallBacks; |
| 25 | typedef const struct __CFArray * CFArrayRef; |
| 26 | typedef struct __CFArray * CFMutableArrayRef; |
| 27 | extern CFMutableArrayRef CFArrayCreateMutable(CFAllocatorRef allocator, CFIndex capacity, const CFArrayCallBacks *callBacks); |
| 28 | extern const void *CFArrayGetValueAtIndex(CFArrayRef theArray, CFIndex idx); |
| 29 | typedef const struct __CFDictionary * CFDictionaryRef; |
| 30 | typedef UInt32 CFStringEncoding; |
| 31 | enum { |
| 32 | kCFStringEncodingMacRoman = 0, kCFStringEncodingWindowsLatin1 = 0x0500, kCFStringEncodingISOLatin1 = 0x0201, kCFStringEncodingNextStepLatin = 0x0B01, kCFStringEncodingASCII = 0x0600, kCFStringEncodingUnicode = 0x0100, kCFStringEncodingUTF8 = 0x08000100, kCFStringEncodingNonLossyASCII = 0x0BFF , kCFStringEncodingUTF16 = 0x0100, kCFStringEncodingUTF16BE = 0x10000100, kCFStringEncodingUTF16LE = 0x14000100, kCFStringEncodingUTF32 = 0x0c000100, kCFStringEncodingUTF32BE = 0x18000100, kCFStringEncodingUTF32LE = 0x1c000100 }; |
| 33 | extern CFStringRef CFStringCreateWithCString(CFAllocatorRef alloc, const char *cStr, CFStringEncoding encoding); |
| 34 | typedef double CFTimeInterval; |
| 35 | typedef CFTimeInterval CFAbsoluteTime; |
| 36 | typedef const struct __CFDate * CFDateRef; |
| 37 | extern CFDateRef CFDateCreate(CFAllocatorRef allocator, CFAbsoluteTime at); |
| 38 | extern CFAbsoluteTime CFDateGetAbsoluteTime(CFDateRef theDate); |
| 39 | typedef __darwin_natural_t natural_t; |
| 40 | typedef natural_t mach_port_name_t; |
| 41 | typedef mach_port_name_t mach_port_t; |
| 42 | typedef signed char BOOL; |
| 43 | typedef struct _NSZone NSZone; |
| 44 | @class NSInvocation, NSMethodSignature, NSCoder, NSString, NSEnumerator; |
Ted Kremenek | 47dcd06 | 2009-10-15 23:44:02 +0000 | [diff] [blame] | 45 | @protocol NSObject |
| 46 | - (BOOL)isEqual:(id)object; |
Ted Kremenek | 0964a06 | 2009-01-21 06:57:53 +0000 | [diff] [blame] | 47 | - (id)retain; |
| 48 | - (oneway void)release; |
| 49 | @end @protocol NSCopying - (id)copyWithZone:(NSZone *)zone; |
| 50 | @end @protocol NSCoding - (void)encodeWithCoder:(NSCoder *)aCoder; |
Ted Kremenek | 47dcd06 | 2009-10-15 23:44:02 +0000 | [diff] [blame] | 51 | @end |
| 52 | @interface NSObject <NSObject> {} |
Ted Kremenek | 074ae35 | 2010-08-02 21:59:12 +0000 | [diff] [blame] | 53 | - (id)init; |
Ted Kremenek | 47dcd06 | 2009-10-15 23:44:02 +0000 | [diff] [blame] | 54 | + (id)allocWithZone:(NSZone *)zone; |
| 55 | + (id)alloc; |
| 56 | - (void)dealloc; |
| 57 | @end |
| 58 | typedef float CGFloat; |
Ted Kremenek | 0964a06 | 2009-01-21 06:57:53 +0000 | [diff] [blame] | 59 | typedef double NSTimeInterval; |
| 60 | @interface NSDate : NSObject <NSCopying, NSCoding> - (NSTimeInterval)timeIntervalSinceReferenceDate; |
| 61 | @end enum { |
| 62 | NSObjCNoType = 0, NSObjCVoidType = 'v', NSObjCCharType = 'c', NSObjCShortType = 's', NSObjCLongType = 'l', NSObjCLonglongType = 'q', NSObjCFloatType = 'f', NSObjCDoubleType = 'd', NSObjCBoolType = 'B', NSObjCSelectorType = ':', NSObjCObjectType = '@', NSObjCStructType = '{', NSObjCPointerType = '^', NSObjCStringType = '*', NSObjCArrayType = '[', NSObjCUnionType = '(', NSObjCBitfield = 'b' } |
| 63 | __attribute__((deprecated)); |
| 64 | typedef int kern_return_t; |
| 65 | typedef kern_return_t mach_error_t; |
| 66 | typedef mach_port_t io_object_t; |
| 67 | typedef io_object_t io_service_t; |
| 68 | typedef struct __DASession * DASessionRef; |
| 69 | extern DASessionRef DASessionCreate( CFAllocatorRef allocator ); |
| 70 | typedef struct __DADisk * DADiskRef; |
| 71 | extern DADiskRef DADiskCreateFromBSDName( CFAllocatorRef allocator, DASessionRef session, const char * name ); |
| 72 | extern DADiskRef DADiskCreateFromIOMedia( CFAllocatorRef allocator, DASessionRef session, io_service_t media ); |
| 73 | extern CFDictionaryRef DADiskCopyDescription( DADiskRef disk ); |
| 74 | extern DADiskRef DADiskCopyWholeDisk( DADiskRef disk ); |
| 75 | @interface NSAppleEventManager : NSObject { |
| 76 | } |
| 77 | @end enum { |
Chandler Carruth | 21206d5 | 2011-02-23 23:34:11 +0000 | [diff] [blame] | 78 | kDAReturnSuccess = 0, kDAReturnError = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x01, kDAReturnBusy = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x02, kDAReturnBadArgument = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x03, kDAReturnExclusiveAccess = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x04, kDAReturnNoResources = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x05, kDAReturnNotFound = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x06, kDAReturnNotMounted = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x07, kDAReturnNotPermitted = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x08, kDAReturnNotPrivileged = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x09, kDAReturnNotReady = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x0A, kDAReturnNotWritable = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x0B, kDAReturnUnsupported = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x0C }; |
Ted Kremenek | 0964a06 | 2009-01-21 06:57:53 +0000 | [diff] [blame] | 79 | typedef mach_error_t DAReturn; |
| 80 | typedef const struct __DADissenter * DADissenterRef; |
| 81 | extern DADissenterRef DADissenterCreate( CFAllocatorRef allocator, DAReturn status, CFStringRef string ); |
Ted Kremenek | 47dcd06 | 2009-10-15 23:44:02 +0000 | [diff] [blame] | 82 | @interface NSNumber : NSObject |
Ted Kremenek | 473e167 | 2009-10-16 00:30:49 +0000 | [diff] [blame] | 83 | - (id)initWithInt:(int)value; |
| 84 | @end |
| 85 | typedef unsigned long NSUInteger; |
| 86 | @interface NSArray : NSObject |
| 87 | -(id) initWithObjects:(const id *)objects count:(NSUInteger) cnt; |
| 88 | @end |
Ted Kremenek | 0964a06 | 2009-01-21 06:57:53 +0000 | [diff] [blame] | 89 | |
| 90 | //===----------------------------------------------------------------------===// |
| 91 | // Test cases. |
| 92 | //===----------------------------------------------------------------------===// |
| 93 | |
| 94 | // Test to see if we *issue* an error when we store the pointer |
| 95 | // to a struct. This differs from basic store. |
| 96 | |
Chris Lattner | e030358 | 2010-01-09 20:43:19 +0000 | [diff] [blame] | 97 | CFAbsoluteTime CFAbsoluteTimeGetCurrent(void); |
| 98 | |
Ted Kremenek | 0964a06 | 2009-01-21 06:57:53 +0000 | [diff] [blame] | 99 | struct foo { |
| 100 | NSDate* f; |
| 101 | }; |
| 102 | |
Ted Kremenek | de5b4fb | 2012-03-27 01:12:45 +0000 | [diff] [blame] | 103 | // FIXME: We should be warning about a use-after-free here, but we |
| 104 | // temporarily "escape" retain counted objects stored to structs very eagerly |
| 105 | // until we can properly tell whether they have escaped via a return value |
| 106 | // or not. |
Ted Kremenek | 0964a06 | 2009-01-21 06:57:53 +0000 | [diff] [blame] | 107 | CFAbsoluteTime f4() { |
| 108 | struct foo x; |
| 109 | |
| 110 | CFAbsoluteTime t = CFAbsoluteTimeGetCurrent(); |
| 111 | CFDateRef date = CFDateCreate(0, t); |
| 112 | [((NSDate*) date) retain]; |
| 113 | CFRelease(date); |
| 114 | CFDateGetAbsoluteTime(date); // no-warning |
| 115 | x.f = (NSDate*) date; |
| 116 | [((NSDate*) date) release]; |
Ted Kremenek | de5b4fb | 2012-03-27 01:12:45 +0000 | [diff] [blame] | 117 | // FIXME: the following line should warn. |
| 118 | t = CFDateGetAbsoluteTime(date); // no-warning |
Ted Kremenek | 0964a06 | 2009-01-21 06:57:53 +0000 | [diff] [blame] | 119 | return t; |
| 120 | } |
| 121 | |
Ted Kremenek | f27893a | 2009-03-05 05:14:55 +0000 | [diff] [blame] | 122 | // Test that assigning to an self.ivar loses track of an object. |
| 123 | // This is a temporary hack to reduce false positives. |
| 124 | @interface Test3 : NSObject { |
| 125 | id myObj; |
| 126 | } |
| 127 | - (void)test_self_assign_ivar; |
| 128 | @end |
| 129 | |
| 130 | @implementation Test3 |
| 131 | - (void)test_self_assign_ivar { |
| 132 | CFAbsoluteTime t = CFAbsoluteTimeGetCurrent(); |
| 133 | CFDateRef date = CFDateCreate(0, t); // no-warning |
| 134 | myObj = (id) date; |
| 135 | } |
| 136 | @end |
| 137 | |
Ted Kremenek | 473e167 | 2009-10-16 00:30:49 +0000 | [diff] [blame] | 138 | //===------------------------------------------------------------------------------------------===// |
| 139 | // <rdar://problem/7257223> (also <rdar://problem/7283470>) - False positive due to not invalidating |
| 140 | // the reference count of a tracked region that was itself invalidated. |
| 141 | //===------------------------------------------------------------------------------------------===// |
Ted Kremenek | 159c53d | 2009-10-14 01:54:16 +0000 | [diff] [blame] | 142 | |
| 143 | typedef struct __rdar_7257223 { CFDateRef x; } RDar7257223; |
| 144 | void rdar_7257223_aux(RDar7257223 *p); |
| 145 | |
Ted Kremenek | 159c53d | 2009-10-14 01:54:16 +0000 | [diff] [blame] | 146 | CFDateRef rdar7257223_Create(void) { |
| 147 | RDar7257223 s; |
| 148 | CFAbsoluteTime t = CFAbsoluteTimeGetCurrent(); |
| 149 | s.x = CFDateCreate(0, t); // no-warning |
| 150 | rdar_7257223_aux(&s); |
| 151 | return s.x; |
| 152 | } |
| 153 | |
| 154 | CFDateRef rdar7257223_Create_2(void) { |
| 155 | RDar7257223 s; |
| 156 | CFAbsoluteTime t = CFAbsoluteTimeGetCurrent(); |
| 157 | s.x = CFDateCreate(0, t); // no-warning |
| 158 | return s.x; |
| 159 | } |
Ted Kremenek | f27893a | 2009-03-05 05:14:55 +0000 | [diff] [blame] | 160 | |
Ted Kremenek | 47dcd06 | 2009-10-15 23:44:02 +0000 | [diff] [blame] | 161 | void rdar7283470(void) { |
| 162 | NSNumber *numbers[] = { |
| 163 | [[NSNumber alloc] initWithInt:1], // no-warning |
| 164 | [[NSNumber alloc] initWithInt:2], // no-warning |
| 165 | [[NSNumber alloc] initWithInt:3], // no-warning |
| 166 | [[NSNumber alloc] initWithInt:4], // no-warning |
| 167 | [[NSNumber alloc] initWithInt:5] // no-warning |
| 168 | }; |
| 169 | |
| 170 | for (unsigned i = 0 ; i < sizeof(numbers) / sizeof(numbers[0]) ; ++i) |
| 171 | [numbers[i] release]; |
| 172 | } |
| 173 | |
| 174 | void rdar7283470_positive(void) { |
| 175 | NSNumber *numbers[] = { |
| 176 | [[NSNumber alloc] initWithInt:1], // expected-warning{{leak}} |
| 177 | [[NSNumber alloc] initWithInt:2], // expected-warning{{leak}} |
| 178 | [[NSNumber alloc] initWithInt:3], // expected-warning{{leak}} |
| 179 | [[NSNumber alloc] initWithInt:4], // expected-warning{{leak}} |
| 180 | [[NSNumber alloc] initWithInt:5] // expected-warning{{leak}} |
| 181 | }; |
| 182 | } |
| 183 | |
Ted Kremenek | 473e167 | 2009-10-16 00:30:49 +0000 | [diff] [blame] | 184 | void rdar7283470_2(void) { |
| 185 | NSNumber *numbers[] = { |
| 186 | [[NSNumber alloc] initWithInt:1], // no-warning |
| 187 | [[NSNumber alloc] initWithInt:2], // no-warning |
| 188 | [[NSNumber alloc] initWithInt:3], // no-warning |
| 189 | [[NSNumber alloc] initWithInt:4], // no-warning |
| 190 | [[NSNumber alloc] initWithInt:5] // no-warning |
| 191 | }; |
| 192 | |
| 193 | NSArray *s_numbers =[[NSArray alloc] initWithObjects:&numbers[0] count:sizeof(numbers) / sizeof(numbers[0])]; |
| 194 | |
| 195 | for (unsigned i = 0 ; i < sizeof(numbers) / sizeof(numbers[0]) ; ++i) |
| 196 | [numbers[i] release]; |
| 197 | |
| 198 | [s_numbers release]; |
| 199 | } |
| 200 | |
| 201 | void rdar7283470_2_positive(void) { |
| 202 | NSNumber *numbers[] = { |
| 203 | [[NSNumber alloc] initWithInt:1], // no-warning |
| 204 | [[NSNumber alloc] initWithInt:2], // no-warning |
| 205 | [[NSNumber alloc] initWithInt:3], // no-warning |
| 206 | [[NSNumber alloc] initWithInt:4], // no-warning |
| 207 | [[NSNumber alloc] initWithInt:5] // no-warning |
| 208 | }; |
| 209 | |
| 210 | NSArray *s_numbers =[[NSArray alloc] initWithObjects: &numbers[0] count:sizeof(numbers) / sizeof(numbers[0])]; // expected-warning{{leak}} |
| 211 | |
| 212 | for (unsigned i = 0 ; i < sizeof(numbers) / sizeof(numbers[0]) ; ++i) |
| 213 | [numbers[i] release]; |
| 214 | } |
| 215 | |
Ted Kremenek | 75a2d94 | 2010-04-01 00:15:55 +0000 | [diff] [blame] | 216 | void pr6699(int x) { |
| 217 | CFDateRef values[2]; |
| 218 | values[0] = values[1] = 0; |
| 219 | |
| 220 | if (x) { |
| 221 | CFAbsoluteTime t = CFAbsoluteTimeGetCurrent(); |
| 222 | values[1] = CFDateCreate(0, t); |
| 223 | } |
| 224 | |
| 225 | if (values[1]) { |
| 226 | // A bug in RegionStore::RemoveDeadBindings caused 'values[1]' to get prematurely |
| 227 | // pruned from the store. |
| 228 | CFRelease(values[1]); // no-warning |
| 229 | } |
| 230 | } |
| 231 | |
Ted Kremenek | 074ae35 | 2010-08-02 21:59:12 +0000 | [diff] [blame] | 232 | // <rdar://problem/8261992> Idempotent operation checker false positive with ObjC ivars |
| 233 | @interface R8261992 : NSObject { |
| 234 | @package int myIvar; |
| 235 | } |
| 236 | @end |
| 237 | |
| 238 | static void R8261992_ChangeMyIvar(R8261992 *tc) { |
| 239 | tc->myIvar = 5; |
| 240 | } |
| 241 | |
| 242 | void R8261992_test(R8261992 *tc) { |
| 243 | int temp = tc->myIvar; |
| 244 | // The ivar binding for tc->myIvar gets invalidated. |
| 245 | R8261992_ChangeMyIvar(tc); |
| 246 | tc->myIvar = temp; // no-warning |
| 247 | tc = [[R8261992 alloc] init]; |
| 248 | temp = tc->myIvar; // no-warning |
| 249 | // The ivar binding for tc->myIvar gets invalidated. |
| 250 | R8261992_ChangeMyIvar(tc); |
| 251 | tc->myIvar = temp; |
| 252 | [tc release]; // no-warning |
| 253 | // did we analyze this? |
| 254 | int *p = 0x0; |
| 255 | *p = 0xDEADBEEF; // expected-warning{{null}} |
| 256 | } |
| 257 | |