blob: 3d59d34f077cbaabd15b35cfe243b1cd90c54a15 [file] [log] [blame]
Ted Kremenek565e4652010-02-05 02:06:54 +00001// RUN: %clang_cc1 -analyze -analyzer-experimental-internal-checks -analyzer-check-objc-mem -analyzer-experimental-checks -analyzer-store=region -verify %s
Eli Friedman2f005522009-11-14 04:23:25 +00002typedef __typeof(sizeof(int)) size_t;
Ted Kremenekc3607752009-11-13 20:03:22 +00003void *malloc(size_t);
4void free(void *);
Zhongxing Xud9c84c82009-12-12 12:29:38 +00005void *realloc(void *ptr, size_t size);
6void *calloc(size_t nmemb, size_t size);
Zhongxing Xufc7ac8f2009-11-13 07:48:11 +00007
8void f1() {
Zhongxing Xuab280992010-05-25 04:59:19 +00009 int *p = malloc(12);
Zhongxing Xufc7ac8f2009-11-13 07:48:11 +000010 return; // expected-warning{{Allocated memory never released. Potential memory leak.}}
11}
12
Ted Kremenekba930872009-11-13 19:53:32 +000013void f1_b() {
Zhongxing Xuab280992010-05-25 04:59:19 +000014 int *p = malloc(12); // expected-warning{{Allocated memory never released. Potential memory leak.}}
Ted Kremenekba930872009-11-13 19:53:32 +000015}
16
Zhongxing Xufc7ac8f2009-11-13 07:48:11 +000017void f2() {
Zhongxing Xuab280992010-05-25 04:59:19 +000018 int *p = malloc(12);
Zhongxing Xufc7ac8f2009-11-13 07:48:11 +000019 free(p);
20 free(p); // expected-warning{{Try to free a memory block that has been released}}
21}
Ted Kremenekc764d4b2009-11-13 20:00:28 +000022
Zhongxing Xu243fde92009-11-17 07:54:15 +000023// This case tests that storing malloc'ed memory to a static variable which is
24// then returned is not leaked. In the absence of known contracts for functions
25// or inter-procedural analysis, this is a conservative answer.
Ted Kremenekc764d4b2009-11-13 20:00:28 +000026int *f3() {
27 static int *p = 0;
Zhongxing Xuab280992010-05-25 04:59:19 +000028 p = malloc(12);
Zhongxing Xu4985e3e2009-11-17 08:58:18 +000029 return p; // no-warning
Ted Kremenekc764d4b2009-11-13 20:00:28 +000030}
31
Zhongxing Xu243fde92009-11-17 07:54:15 +000032// This case tests that storing malloc'ed memory to a static global variable
33// which is then returned is not leaked. In the absence of known contracts for
34// functions or inter-procedural analysis, this is a conservative answer.
Ted Kremenekc764d4b2009-11-13 20:00:28 +000035static int *p_f4 = 0;
36int *f4() {
Zhongxing Xuab280992010-05-25 04:59:19 +000037 p_f4 = malloc(12);
Zhongxing Xu4985e3e2009-11-17 08:58:18 +000038 return p_f4; // no-warning
Ted Kremenekc764d4b2009-11-13 20:00:28 +000039}
Zhongxing Xud9c84c82009-12-12 12:29:38 +000040
41int *f5() {
Zhongxing Xuab280992010-05-25 04:59:19 +000042 int *q = malloc(12);
Zhongxing Xud9c84c82009-12-12 12:29:38 +000043 q = realloc(q, 20);
44 return q; // no-warning
45}
Zhongxing Xub94b81a2009-12-31 06:13:07 +000046
47void f6() {
Zhongxing Xuab280992010-05-25 04:59:19 +000048 int *p = malloc(12);
Zhongxing Xub94b81a2009-12-31 06:13:07 +000049 if (!p)
50 return; // no-warning
51 else
52 free(p);
53}
Zhongxing Xu425c7ed2010-01-18 04:01:40 +000054
55char *doit2();
56void pr6069() {
57 char *buf = doit2();
58 free(buf);
59}
Zhongxing Xu181cc3d2010-02-14 06:49:48 +000060
61void pr6293() {
62 free(0);
63}
Zhongxing Xuc8023782010-03-10 04:58:55 +000064
65void f7() {
66 char *x = (char*) malloc(4);
67 free(x);
68 x[0] = 'a'; // expected-warning{{Use dynamically allocated memory after it is freed.}}
69}
Zhongxing Xuab280992010-05-25 04:59:19 +000070
71void PR6123() {
72 int *x = malloc(11); // expected-warning{{Cast a region whose size is not a multiple of the destination type size.}}
73}
74
75void PR7217() {
76 int *buf = malloc(2); // expected-warning{{Cast a region whose size is not a multiple of the destination type size.}}
77 buf[1] = 'c'; // not crash
78
79}
Zhongxing Xua5ce9662010-06-01 03:01:33 +000080// This tests that malloc() buffers are undefined by default
81char mallocGarbage () {
82 char *buf = malloc(2);
83 char result = buf[1]; // expected-warning{{undefined}}
84 free(buf);
85 return result;
86}
87
88// This tests that calloc() buffers need to be freed
89void callocNoFree () {
90 char *buf = calloc(2,2);
91 return; // expected-warning{{never released}}
92}
93
94// These test that calloc() buffers are zeroed by default
95char callocZeroesGood () {
96 char *buf = calloc(2,2);
97 char result = buf[3]; // no-warning
98 if (buf[1] == 0) {
99 free(buf);
100 }
101 return result; // no-warning
102}
103
104char callocZeroesBad () {
105 char *buf = calloc(2,2);
106 char result = buf[3]; // no-warning
107 if (buf[1] != 0) {
108 free(buf);
109 }
110 return result; // expected-warning{{never released}}
111}