blob: 917381341a4be809493f83b50a1d78a527a6ef6e [file] [log] [blame]
Jordy Rose17a38e22011-09-02 05:55:19 +00001// RUN: %clang_cc1 -analyze -analyzer-checker=core,osx.cocoa.RetainCount -analyzer-store=region -analyzer-max-loop 6 -verify %s
Ted Kremenek0964a062009-01-21 06:57:53 +00002
3//===----------------------------------------------------------------------===//
4// The following code is reduced using delta-debugging from
5// Foundation.h (Mac OS X).
6//
7// It includes the basic definitions for the test cases below.
8// Not including Foundation.h directly makes this test case both svelte and
9// portable to non-Mac platforms.
10//===----------------------------------------------------------------------===//
11
12typedef unsigned int __darwin_natural_t;
13typedef unsigned long UInt32;
14typedef signed long CFIndex;
15typedef const void * CFTypeRef;
16typedef const struct __CFString * CFStringRef;
17typedef const struct __CFAllocator * CFAllocatorRef;
18extern const CFAllocatorRef kCFAllocatorDefault;
19extern CFTypeRef CFRetain(CFTypeRef cf);
20extern void CFRelease(CFTypeRef cf);
21typedef struct {
22}
23CFArrayCallBacks;
24extern const CFArrayCallBacks kCFTypeArrayCallBacks;
25typedef const struct __CFArray * CFArrayRef;
26typedef struct __CFArray * CFMutableArrayRef;
27extern CFMutableArrayRef CFArrayCreateMutable(CFAllocatorRef allocator, CFIndex capacity, const CFArrayCallBacks *callBacks);
28extern const void *CFArrayGetValueAtIndex(CFArrayRef theArray, CFIndex idx);
29typedef const struct __CFDictionary * CFDictionaryRef;
30typedef UInt32 CFStringEncoding;
31enum {
32kCFStringEncodingMacRoman = 0, kCFStringEncodingWindowsLatin1 = 0x0500, kCFStringEncodingISOLatin1 = 0x0201, kCFStringEncodingNextStepLatin = 0x0B01, kCFStringEncodingASCII = 0x0600, kCFStringEncodingUnicode = 0x0100, kCFStringEncodingUTF8 = 0x08000100, kCFStringEncodingNonLossyASCII = 0x0BFF , kCFStringEncodingUTF16 = 0x0100, kCFStringEncodingUTF16BE = 0x10000100, kCFStringEncodingUTF16LE = 0x14000100, kCFStringEncodingUTF32 = 0x0c000100, kCFStringEncodingUTF32BE = 0x18000100, kCFStringEncodingUTF32LE = 0x1c000100 };
33extern CFStringRef CFStringCreateWithCString(CFAllocatorRef alloc, const char *cStr, CFStringEncoding encoding);
34typedef double CFTimeInterval;
35typedef CFTimeInterval CFAbsoluteTime;
36typedef const struct __CFDate * CFDateRef;
37extern CFDateRef CFDateCreate(CFAllocatorRef allocator, CFAbsoluteTime at);
38extern CFAbsoluteTime CFDateGetAbsoluteTime(CFDateRef theDate);
39typedef __darwin_natural_t natural_t;
40typedef natural_t mach_port_name_t;
41typedef mach_port_name_t mach_port_t;
42typedef signed char BOOL;
43typedef struct _NSZone NSZone;
44@class NSInvocation, NSMethodSignature, NSCoder, NSString, NSEnumerator;
Ted Kremenek47dcd062009-10-15 23:44:02 +000045@protocol NSObject
46- (BOOL)isEqual:(id)object;
Ted Kremenek0964a062009-01-21 06:57:53 +000047- (id)retain;
48- (oneway void)release;
49@end @protocol NSCopying - (id)copyWithZone:(NSZone *)zone;
50@end @protocol NSCoding - (void)encodeWithCoder:(NSCoder *)aCoder;
Ted Kremenek47dcd062009-10-15 23:44:02 +000051@end
52@interface NSObject <NSObject> {}
Ted Kremenek074ae352010-08-02 21:59:12 +000053- (id)init;
Ted Kremenek47dcd062009-10-15 23:44:02 +000054+ (id)allocWithZone:(NSZone *)zone;
55+ (id)alloc;
56- (void)dealloc;
57@end
58typedef float CGFloat;
Ted Kremenek0964a062009-01-21 06:57:53 +000059typedef double NSTimeInterval;
60@interface NSDate : NSObject <NSCopying, NSCoding> - (NSTimeInterval)timeIntervalSinceReferenceDate;
61@end enum {
62NSObjCNoType = 0, NSObjCVoidType = 'v', NSObjCCharType = 'c', NSObjCShortType = 's', NSObjCLongType = 'l', NSObjCLonglongType = 'q', NSObjCFloatType = 'f', NSObjCDoubleType = 'd', NSObjCBoolType = 'B', NSObjCSelectorType = ':', NSObjCObjectType = '@', NSObjCStructType = '{', NSObjCPointerType = '^', NSObjCStringType = '*', NSObjCArrayType = '[', NSObjCUnionType = '(', NSObjCBitfield = 'b' }
63__attribute__((deprecated));
64typedef int kern_return_t;
65typedef kern_return_t mach_error_t;
66typedef mach_port_t io_object_t;
67typedef io_object_t io_service_t;
68typedef struct __DASession * DASessionRef;
69extern DASessionRef DASessionCreate( CFAllocatorRef allocator );
70typedef struct __DADisk * DADiskRef;
71extern DADiskRef DADiskCreateFromBSDName( CFAllocatorRef allocator, DASessionRef session, const char * name );
72extern DADiskRef DADiskCreateFromIOMedia( CFAllocatorRef allocator, DASessionRef session, io_service_t media );
73extern CFDictionaryRef DADiskCopyDescription( DADiskRef disk );
74extern DADiskRef DADiskCopyWholeDisk( DADiskRef disk );
75@interface NSAppleEventManager : NSObject {
76}
77@end enum {
Chandler Carruth21206d52011-02-23 23:34:11 +000078kDAReturnSuccess = 0, kDAReturnError = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x01, kDAReturnBusy = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x02, kDAReturnBadArgument = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x03, kDAReturnExclusiveAccess = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x04, kDAReturnNoResources = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x05, kDAReturnNotFound = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x06, kDAReturnNotMounted = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x07, kDAReturnNotPermitted = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x08, kDAReturnNotPrivileged = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x09, kDAReturnNotReady = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x0A, kDAReturnNotWritable = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x0B, kDAReturnUnsupported = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x0C };
Ted Kremenek0964a062009-01-21 06:57:53 +000079typedef mach_error_t DAReturn;
80typedef const struct __DADissenter * DADissenterRef;
81extern DADissenterRef DADissenterCreate( CFAllocatorRef allocator, DAReturn status, CFStringRef string );
Ted Kremenek47dcd062009-10-15 23:44:02 +000082@interface NSNumber : NSObject
Ted Kremenek473e1672009-10-16 00:30:49 +000083- (id)initWithInt:(int)value;
84@end
85typedef unsigned long NSUInteger;
86@interface NSArray : NSObject
87-(id) initWithObjects:(const id *)objects count:(NSUInteger) cnt;
88@end
Ted Kremenek0964a062009-01-21 06:57:53 +000089
90//===----------------------------------------------------------------------===//
91// Test cases.
92//===----------------------------------------------------------------------===//
93
94// Test to see if we *issue* an error when we store the pointer
95// to a struct. This differs from basic store.
96
Chris Lattnere0303582010-01-09 20:43:19 +000097CFAbsoluteTime CFAbsoluteTimeGetCurrent(void);
98
Ted Kremenek0964a062009-01-21 06:57:53 +000099struct foo {
100 NSDate* f;
101};
102
Ted Kremenekde5b4fb2012-03-27 01:12:45 +0000103// FIXME: We should be warning about a use-after-free here, but we
104// temporarily "escape" retain counted objects stored to structs very eagerly
105// until we can properly tell whether they have escaped via a return value
106// or not.
Ted Kremenek0964a062009-01-21 06:57:53 +0000107CFAbsoluteTime f4() {
108 struct foo x;
109
110 CFAbsoluteTime t = CFAbsoluteTimeGetCurrent();
111 CFDateRef date = CFDateCreate(0, t);
112 [((NSDate*) date) retain];
113 CFRelease(date);
114 CFDateGetAbsoluteTime(date); // no-warning
115 x.f = (NSDate*) date;
116 [((NSDate*) date) release];
Ted Kremenekde5b4fb2012-03-27 01:12:45 +0000117 // FIXME: the following line should warn.
118 t = CFDateGetAbsoluteTime(date); // no-warning
Ted Kremenek0964a062009-01-21 06:57:53 +0000119 return t;
120}
121
Ted Kremenekf27893a2009-03-05 05:14:55 +0000122// Test that assigning to an self.ivar loses track of an object.
123// This is a temporary hack to reduce false positives.
124@interface Test3 : NSObject {
125 id myObj;
126}
127- (void)test_self_assign_ivar;
128@end
129
130@implementation Test3
131- (void)test_self_assign_ivar {
132 CFAbsoluteTime t = CFAbsoluteTimeGetCurrent();
133 CFDateRef date = CFDateCreate(0, t); // no-warning
134 myObj = (id) date;
135}
136@end
137
Ted Kremenek473e1672009-10-16 00:30:49 +0000138//===------------------------------------------------------------------------------------------===//
139// <rdar://problem/7257223> (also <rdar://problem/7283470>) - False positive due to not invalidating
140// the reference count of a tracked region that was itself invalidated.
141//===------------------------------------------------------------------------------------------===//
Ted Kremenek159c53d2009-10-14 01:54:16 +0000142
143typedef struct __rdar_7257223 { CFDateRef x; } RDar7257223;
144void rdar_7257223_aux(RDar7257223 *p);
145
Ted Kremenek159c53d2009-10-14 01:54:16 +0000146CFDateRef rdar7257223_Create(void) {
147 RDar7257223 s;
148 CFAbsoluteTime t = CFAbsoluteTimeGetCurrent();
149 s.x = CFDateCreate(0, t); // no-warning
150 rdar_7257223_aux(&s);
151 return s.x;
152}
153
154CFDateRef rdar7257223_Create_2(void) {
155 RDar7257223 s;
156 CFAbsoluteTime t = CFAbsoluteTimeGetCurrent();
157 s.x = CFDateCreate(0, t); // no-warning
158 return s.x;
159}
Ted Kremenekf27893a2009-03-05 05:14:55 +0000160
Ted Kremenek47dcd062009-10-15 23:44:02 +0000161void rdar7283470(void) {
162 NSNumber *numbers[] = {
163 [[NSNumber alloc] initWithInt:1], // no-warning
164 [[NSNumber alloc] initWithInt:2], // no-warning
165 [[NSNumber alloc] initWithInt:3], // no-warning
166 [[NSNumber alloc] initWithInt:4], // no-warning
167 [[NSNumber alloc] initWithInt:5] // no-warning
168 };
169
170 for (unsigned i = 0 ; i < sizeof(numbers) / sizeof(numbers[0]) ; ++i)
171 [numbers[i] release];
172}
173
174void rdar7283470_positive(void) {
175 NSNumber *numbers[] = {
176 [[NSNumber alloc] initWithInt:1], // expected-warning{{leak}}
177 [[NSNumber alloc] initWithInt:2], // expected-warning{{leak}}
178 [[NSNumber alloc] initWithInt:3], // expected-warning{{leak}}
179 [[NSNumber alloc] initWithInt:4], // expected-warning{{leak}}
180 [[NSNumber alloc] initWithInt:5] // expected-warning{{leak}}
181 };
182}
183
Ted Kremenek473e1672009-10-16 00:30:49 +0000184void rdar7283470_2(void) {
185 NSNumber *numbers[] = {
186 [[NSNumber alloc] initWithInt:1], // no-warning
187 [[NSNumber alloc] initWithInt:2], // no-warning
188 [[NSNumber alloc] initWithInt:3], // no-warning
189 [[NSNumber alloc] initWithInt:4], // no-warning
190 [[NSNumber alloc] initWithInt:5] // no-warning
191 };
192
193 NSArray *s_numbers =[[NSArray alloc] initWithObjects:&numbers[0] count:sizeof(numbers) / sizeof(numbers[0])];
194
195 for (unsigned i = 0 ; i < sizeof(numbers) / sizeof(numbers[0]) ; ++i)
196 [numbers[i] release];
197
198 [s_numbers release];
199}
200
201void rdar7283470_2_positive(void) {
202 NSNumber *numbers[] = {
203 [[NSNumber alloc] initWithInt:1], // no-warning
204 [[NSNumber alloc] initWithInt:2], // no-warning
205 [[NSNumber alloc] initWithInt:3], // no-warning
206 [[NSNumber alloc] initWithInt:4], // no-warning
207 [[NSNumber alloc] initWithInt:5] // no-warning
208 };
209
210 NSArray *s_numbers =[[NSArray alloc] initWithObjects: &numbers[0] count:sizeof(numbers) / sizeof(numbers[0])]; // expected-warning{{leak}}
211
212 for (unsigned i = 0 ; i < sizeof(numbers) / sizeof(numbers[0]) ; ++i)
213 [numbers[i] release];
214}
215
Ted Kremenek75a2d942010-04-01 00:15:55 +0000216void pr6699(int x) {
217 CFDateRef values[2];
218 values[0] = values[1] = 0;
219
220 if (x) {
221 CFAbsoluteTime t = CFAbsoluteTimeGetCurrent();
222 values[1] = CFDateCreate(0, t);
223 }
224
225 if (values[1]) {
226 // A bug in RegionStore::RemoveDeadBindings caused 'values[1]' to get prematurely
227 // pruned from the store.
228 CFRelease(values[1]); // no-warning
229 }
230}
231
Ted Kremenek074ae352010-08-02 21:59:12 +0000232// <rdar://problem/8261992> Idempotent operation checker false positive with ObjC ivars
233@interface R8261992 : NSObject {
234 @package int myIvar;
235}
236@end
237
238static void R8261992_ChangeMyIvar(R8261992 *tc) {
239 tc->myIvar = 5;
240}
241
242void R8261992_test(R8261992 *tc) {
243 int temp = tc->myIvar;
244 // The ivar binding for tc->myIvar gets invalidated.
245 R8261992_ChangeMyIvar(tc);
246 tc->myIvar = temp; // no-warning
247 tc = [[R8261992 alloc] init];
248 temp = tc->myIvar; // no-warning
249 // The ivar binding for tc->myIvar gets invalidated.
250 R8261992_ChangeMyIvar(tc);
251 tc->myIvar = temp;
252 [tc release]; // no-warning
253 // did we analyze this?
254 int *p = 0x0;
255 *p = 0xDEADBEEF; // expected-warning{{null}}
256}
257