blob: 4fe6bca4a44a4556330fbb90a13ddaf0dc3a45e9 [file] [log] [blame]
Dominic Chen184c6242017-03-03 18:02:02 +00001// RUN: %clang_analyze_cc1 -triple x86_64-apple-darwin10 -analyzer-checker=core,osx.coreFoundation.CFRetainRelease,osx.cocoa.ClassRelease,osx.cocoa.RetainCount -fblocks -verify %s
Ted Kremeneka2bbac32012-02-07 00:24:33 +00002
3//===----------------------------------------------------------------------===//
4// The following code is reduced using delta-debugging from Mac OS X headers:
5//
6// #include <Cocoa/Cocoa.h>
7// #include <CoreFoundation/CoreFoundation.h>
8// #include <DiskArbitration/DiskArbitration.h>
9// #include <QuartzCore/QuartzCore.h>
10// #include <Quartz/Quartz.h>
11// #include <IOKit/IOKitLib.h>
12//
13// It includes the basic definitions for the test cases below.
14//===----------------------------------------------------------------------===//
Devin Coughlinbac49e52017-07-19 04:10:44 +000015#define NULL 0
Ted Kremeneka2bbac32012-02-07 00:24:33 +000016typedef unsigned int __darwin_natural_t;
17typedef unsigned long uintptr_t;
18typedef unsigned int uint32_t;
19typedef unsigned long long uint64_t;
20typedef unsigned int UInt32;
21typedef signed long CFIndex;
22typedef CFIndex CFByteOrder;
23typedef struct {
24 CFIndex location;
25 CFIndex length;
26} CFRange;
27static __inline__ __attribute__((always_inline)) CFRange CFRangeMake(CFIndex loc, CFIndex len) {
28 CFRange range;
29 range.location = loc;
30 range.length = len;
31 return range;
32}
33typedef const void * CFTypeRef;
34typedef const struct __CFString * CFStringRef;
35typedef const struct __CFAllocator * CFAllocatorRef;
36extern const CFAllocatorRef kCFAllocatorDefault;
37extern CFTypeRef CFRetain(CFTypeRef cf);
38extern void CFRelease(CFTypeRef cf);
39typedef struct {
40}
41CFArrayCallBacks;
42extern const CFArrayCallBacks kCFTypeArrayCallBacks;
43typedef const struct __CFArray * CFArrayRef;
44typedef struct __CFArray * CFMutableArrayRef;
45extern CFMutableArrayRef CFArrayCreateMutable(CFAllocatorRef allocator, CFIndex capacity, const CFArrayCallBacks *callBacks);
46extern const void *CFArrayGetValueAtIndex(CFArrayRef theArray, CFIndex idx);
47extern void CFArrayAppendValue(CFMutableArrayRef theArray, const void *value);
48typedef struct {
49}
50CFDictionaryKeyCallBacks;
51extern const CFDictionaryKeyCallBacks kCFTypeDictionaryKeyCallBacks;
52typedef struct {
53}
54CFDictionaryValueCallBacks;
55extern const CFDictionaryValueCallBacks kCFTypeDictionaryValueCallBacks;
56typedef const struct __CFDictionary * CFDictionaryRef;
57typedef struct __CFDictionary * CFMutableDictionaryRef;
58extern CFMutableDictionaryRef CFDictionaryCreateMutable(CFAllocatorRef allocator, CFIndex capacity, const CFDictionaryKeyCallBacks *keyCallBacks, const CFDictionaryValueCallBacks *valueCallBacks);
59typedef UInt32 CFStringEncoding;
60enum {
61kCFStringEncodingMacRoman = 0, kCFStringEncodingWindowsLatin1 = 0x0500, kCFStringEncodingISOLatin1 = 0x0201, kCFStringEncodingNextStepLatin = 0x0B01, kCFStringEncodingASCII = 0x0600, kCFStringEncodingUnicode = 0x0100, kCFStringEncodingUTF8 = 0x08000100, kCFStringEncodingNonLossyASCII = 0x0BFF , kCFStringEncodingUTF16 = 0x0100, kCFStringEncodingUTF16BE = 0x10000100, kCFStringEncodingUTF16LE = 0x14000100, kCFStringEncodingUTF32 = 0x0c000100, kCFStringEncodingUTF32BE = 0x18000100, kCFStringEncodingUTF32LE = 0x1c000100 };
62extern CFStringRef CFStringCreateWithCString(CFAllocatorRef alloc, const char *cStr, CFStringEncoding encoding);
63typedef double CFTimeInterval;
64typedef CFTimeInterval CFAbsoluteTime;
65extern CFAbsoluteTime CFAbsoluteTimeGetCurrent(void);
66typedef const struct __CFDate * CFDateRef;
67extern CFDateRef CFDateCreate(CFAllocatorRef allocator, CFAbsoluteTime at);
68extern CFAbsoluteTime CFDateGetAbsoluteTime(CFDateRef theDate);
69typedef __darwin_natural_t natural_t;
70typedef natural_t mach_port_name_t;
71typedef mach_port_name_t mach_port_t;
72typedef int kern_return_t;
73typedef kern_return_t mach_error_t;
74enum {
75kCFNumberSInt8Type = 1, kCFNumberSInt16Type = 2, kCFNumberSInt32Type = 3, kCFNumberSInt64Type = 4, kCFNumberFloat32Type = 5, kCFNumberFloat64Type = 6, kCFNumberCharType = 7, kCFNumberShortType = 8, kCFNumberIntType = 9, kCFNumberLongType = 10, kCFNumberLongLongType = 11, kCFNumberFloatType = 12, kCFNumberDoubleType = 13, kCFNumberCFIndexType = 14, kCFNumberNSIntegerType = 15, kCFNumberCGFloatType = 16, kCFNumberMaxType = 16 };
76typedef CFIndex CFNumberType;
77typedef const struct __CFNumber * CFNumberRef;
78extern CFNumberRef CFNumberCreate(CFAllocatorRef allocator, CFNumberType theType, const void *valuePtr);
79typedef const struct __CFAttributedString *CFAttributedStringRef;
80typedef struct __CFAttributedString *CFMutableAttributedStringRef;
81extern CFAttributedStringRef CFAttributedStringCreate(CFAllocatorRef alloc, CFStringRef str, CFDictionaryRef attributes) ;
82extern CFMutableAttributedStringRef CFAttributedStringCreateMutableCopy(CFAllocatorRef alloc, CFIndex maxLength, CFAttributedStringRef aStr) ;
83extern void CFAttributedStringSetAttribute(CFMutableAttributedStringRef aStr, CFRange range, CFStringRef attrName, CFTypeRef value) ;
84typedef signed char BOOL;
85typedef unsigned long NSUInteger;
86@class NSString, Protocol;
87extern void NSLog(NSString *format, ...) __attribute__((format(__NSString__, 1, 2)));
88typedef struct _NSZone NSZone;
89@class NSInvocation, NSMethodSignature, NSCoder, NSString, NSEnumerator;
90@protocol NSObject
91- (BOOL)isEqual:(id)object;
92- (id)retain;
93- (oneway void)release;
94- (id)autorelease;
95- (id)init;
96@end @protocol NSCopying - (id)copyWithZone:(NSZone *)zone;
97@end @protocol NSMutableCopying - (id)mutableCopyWithZone:(NSZone *)zone;
98@end @protocol NSCoding - (void)encodeWithCoder:(NSCoder *)aCoder;
99@end
100@interface NSObject <NSObject> {}
101+ (id)allocWithZone:(NSZone *)zone;
102+ (id)alloc;
103- (void)dealloc;
104@end
105@interface NSObject (NSCoderMethods)
106- (id)awakeAfterUsingCoder:(NSCoder *)aDecoder;
107@end
108extern id NSAllocateObject(Class aClass, NSUInteger extraBytes, NSZone *zone);
109typedef struct {
110}
111NSFastEnumerationState;
112@protocol NSFastEnumeration - (NSUInteger)countByEnumeratingWithState:(NSFastEnumerationState *)state objects:(id *)stackbuf count:(NSUInteger)len;
113@end @class NSString, NSDictionary;
114@interface NSValue : NSObject <NSCopying, NSCoding> - (void)getValue:(void *)value;
115@end @interface NSNumber : NSValue - (char)charValue;
116- (id)initWithInt:(int)value;
117@end @class NSString;
118@interface NSArray : NSObject <NSCopying, NSMutableCopying, NSCoding, NSFastEnumeration> - (NSUInteger)count;
119@end @interface NSArray (NSArrayCreation) + (id)array;
120@end @interface NSAutoreleasePool : NSObject {
121}
122- (void)drain;
123@end extern NSString * const NSBundleDidLoadNotification;
124typedef double NSTimeInterval;
125@interface NSDate : NSObject <NSCopying, NSCoding> - (NSTimeInterval)timeIntervalSinceReferenceDate;
126@end typedef unsigned short unichar;
127@interface NSString : NSObject <NSCopying, NSMutableCopying, NSCoding>
128- (NSUInteger)length;
129- (NSString *)stringByAppendingString:(NSString *)aString;
130- ( const char *)UTF8String;
131- (id)initWithUTF8String:(const char *)nullTerminatedCString;
132+ (id)stringWithUTF8String:(const char *)nullTerminatedCString;
133@end @class NSString, NSURL, NSError;
134@interface NSData : NSObject <NSCopying, NSMutableCopying, NSCoding> - (NSUInteger)length;
135+ (id)dataWithBytesNoCopy:(void *)bytes length:(NSUInteger)length;
136+ (id)dataWithBytesNoCopy:(void *)bytes length:(NSUInteger)length freeWhenDone:(BOOL)b;
137@end @class NSLocale, NSDate, NSCalendar, NSTimeZone, NSError, NSArray, NSMutableDictionary;
138@interface NSDictionary : NSObject <NSCopying, NSMutableCopying, NSCoding, NSFastEnumeration> - (NSUInteger)count;
139@end @interface NSMutableDictionary : NSDictionary - (void)removeObjectForKey:(id)aKey;
140- (void)setObject:(id)anObject forKey:(id)aKey;
141@end @interface NSMutableDictionary (NSMutableDictionaryCreation) + (id)dictionaryWithCapacity:(NSUInteger)numItems;
142@end typedef double CGFloat;
143struct CGSize {
144};
145typedef struct CGSize CGSize;
146struct CGRect {
147};
148typedef struct CGRect CGRect;
149typedef mach_port_t io_object_t;
150typedef char io_name_t[128];
151typedef io_object_t io_iterator_t;
152typedef io_object_t io_service_t;
153typedef struct IONotificationPort * IONotificationPortRef;
154typedef void (*IOServiceMatchingCallback)( void * refcon, io_iterator_t iterator );
155io_service_t IOServiceGetMatchingService( mach_port_t masterPort, CFDictionaryRef matching );
156kern_return_t IOServiceGetMatchingServices( mach_port_t masterPort, CFDictionaryRef matching, io_iterator_t * existing );
157kern_return_t IOServiceAddNotification( mach_port_t masterPort, const io_name_t notificationType, CFDictionaryRef matching, mach_port_t wakePort, uintptr_t reference, io_iterator_t * notification ) __attribute__((deprecated));
158kern_return_t IOServiceAddMatchingNotification( IONotificationPortRef notifyPort, const io_name_t notificationType, CFDictionaryRef matching, IOServiceMatchingCallback callback, void * refCon, io_iterator_t * notification );
159CFMutableDictionaryRef IOServiceMatching( const char * name );
160CFMutableDictionaryRef IOServiceNameMatching( const char * name );
161CFMutableDictionaryRef IOBSDNameMatching( mach_port_t masterPort, uint32_t options, const char * bsdName );
162CFMutableDictionaryRef IOOpenFirmwarePathMatching( mach_port_t masterPort, uint32_t options, const char * path );
163CFMutableDictionaryRef IORegistryEntryIDMatching( uint64_t entryID );
164typedef struct __DASession * DASessionRef;
165extern DASessionRef DASessionCreate( CFAllocatorRef allocator );
166typedef struct __DADisk * DADiskRef;
167extern DADiskRef DADiskCreateFromBSDName( CFAllocatorRef allocator, DASessionRef session, const char * name );
168extern DADiskRef DADiskCreateFromIOMedia( CFAllocatorRef allocator, DASessionRef session, io_service_t media );
169extern CFDictionaryRef DADiskCopyDescription( DADiskRef disk );
170extern DADiskRef DADiskCopyWholeDisk( DADiskRef disk );
171@interface NSTask : NSObject - (id)init;
172@end typedef struct CGColorSpace *CGColorSpaceRef;
173typedef struct CGImage *CGImageRef;
174typedef struct CGLayer *CGLayerRef;
175@interface NSResponder : NSObject <NSCoding> {
176}
177@end @protocol NSAnimatablePropertyContainer - (id)animator;
178@end extern NSString *NSAnimationTriggerOrderIn ;
179@interface NSView : NSResponder <NSAnimatablePropertyContainer> {
180}
181@end @protocol NSValidatedUserInterfaceItem - (SEL)action;
182@end @protocol NSUserInterfaceValidations - (BOOL)validateUserInterfaceItem:(id <NSValidatedUserInterfaceItem>)anItem;
183@end @class NSDate, NSDictionary, NSError, NSException, NSNotification;
184@interface NSApplication : NSResponder <NSUserInterfaceValidations> {
185}
186@end enum {
187NSTerminateCancel = 0, NSTerminateNow = 1, NSTerminateLater = 2 };
188typedef NSUInteger NSApplicationTerminateReply;
189@protocol NSApplicationDelegate <NSObject> @optional - (NSApplicationTerminateReply)applicationShouldTerminate:(NSApplication *)sender;
190@end @class NSAttributedString, NSEvent, NSFont, NSFormatter, NSImage, NSMenu, NSText, NSView, NSTextView;
191@interface NSCell : NSObject <NSCopying, NSCoding> {
192}
193@end @class NSTextField, NSPanel, NSArray, NSWindow, NSImage, NSButton, NSError;
194typedef struct {
195}
196CVTimeStamp;
197@interface CIImage : NSObject <NSCoding, NSCopying> {
198}
199typedef int CIFormat;
200@end enum {
201kDAReturnSuccess = 0, kDAReturnError = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x01, kDAReturnBusy = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x02, kDAReturnBadArgument = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x03, kDAReturnExclusiveAccess = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x04, kDAReturnNoResources = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x05, kDAReturnNotFound = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x06, kDAReturnNotMounted = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x07, kDAReturnNotPermitted = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x08, kDAReturnNotPrivileged = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x09, kDAReturnNotReady = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x0A, kDAReturnNotWritable = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x0B, kDAReturnUnsupported = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x0C };
202typedef mach_error_t DAReturn;
203typedef const struct __DADissenter * DADissenterRef;
204extern DADissenterRef DADissenterCreate( CFAllocatorRef allocator, DAReturn status, CFStringRef string );
205@interface CIContext: NSObject {
206}
207- (CGImageRef)createCGImage:(CIImage *)im fromRect:(CGRect)r;
208- (CGImageRef)createCGImage:(CIImage *)im fromRect:(CGRect)r format:(CIFormat)f colorSpace:(CGColorSpaceRef)cs;
209- (CGLayerRef)createCGLayerWithSize:(CGSize)size info:(CFDictionaryRef)d;
210@end extern NSString* const QCRendererEventKey;
211@protocol QCCompositionRenderer - (NSDictionary*) attributes;
212@end @interface QCRenderer : NSObject <QCCompositionRenderer> {
213}
214- (id) createSnapshotImageOfType:(NSString*)type;
215@end extern NSString* const QCViewDidStartRenderingNotification;
216@interface QCView : NSView <QCCompositionRenderer> {
217}
218- (id) createSnapshotImageOfType:(NSString*)type;
219@end enum {
220ICEXIFOrientation1 = 1, ICEXIFOrientation2 = 2, ICEXIFOrientation3 = 3, ICEXIFOrientation4 = 4, ICEXIFOrientation5 = 5, ICEXIFOrientation6 = 6, ICEXIFOrientation7 = 7, ICEXIFOrientation8 = 8, };
221@class ICDevice;
222@protocol ICDeviceDelegate <NSObject> @required - (void)didRemoveDevice:(ICDevice*)device;
223@end extern NSString *const ICScannerStatusWarmingUp;
224@class ICScannerDevice;
225@protocol ICScannerDeviceDelegate <ICDeviceDelegate> @optional - (void)scannerDeviceDidBecomeAvailable:(ICScannerDevice*)scanner;
226@end
227
228typedef long unsigned int __darwin_size_t;
229typedef __darwin_size_t size_t;
230typedef unsigned long CFTypeID;
231struct CGPoint {
232 CGFloat x;
233 CGFloat y;
234};
235typedef struct CGPoint CGPoint;
236typedef struct CGGradient *CGGradientRef;
237typedef uint32_t CGGradientDrawingOptions;
238extern CFTypeID CGGradientGetTypeID(void);
239extern CGGradientRef CGGradientCreateWithColorComponents(CGColorSpaceRef
240 space, const CGFloat components[], const CGFloat locations[], size_t count);
241extern CGGradientRef CGGradientCreateWithColors(CGColorSpaceRef space,
242 CFArrayRef colors, const CGFloat locations[]);
243extern CGGradientRef CGGradientRetain(CGGradientRef gradient);
244extern void CGGradientRelease(CGGradientRef gradient);
245typedef struct CGContext *CGContextRef;
246extern void CGContextDrawLinearGradient(CGContextRef context,
247 CGGradientRef gradient, CGPoint startPoint, CGPoint endPoint,
248 CGGradientDrawingOptions options);
249extern CGColorSpaceRef CGColorSpaceCreateDeviceRGB(void);
250
251@interface NSMutableArray : NSObject
252- (void)addObject:(id)object;
253+ (id)array;
254@end
255
Anna Zaks75de3232012-02-28 22:39:22 +0000256enum {
257 NSASCIIStringEncoding = 1,
258 NSNEXTSTEPStringEncoding = 2,
259 NSJapaneseEUCStringEncoding = 3,
260 NSUTF8StringEncoding = 4,
261 NSISOLatin1StringEncoding = 5,
262 NSSymbolStringEncoding = 6,
263 NSNonLossyASCIIStringEncoding = 7,
264};
265typedef struct __CFString * CFMutableStringRef;
266typedef NSUInteger NSStringEncoding;
267
268extern CFStringRef CFStringCreateWithCStringNoCopy(CFAllocatorRef alloc, const char *cStr, CFStringEncoding encoding, CFAllocatorRef contentsDeallocator);
Ted Kremeneka2bbac32012-02-07 00:24:33 +0000269
Devin Coughlinbac49e52017-07-19 04:10:44 +0000270typedef struct {
271 int ref;
272} isl_basic_map;
273
Ted Kremeneka2bbac32012-02-07 00:24:33 +0000274//===----------------------------------------------------------------------===//
275// Test cases.
276//===----------------------------------------------------------------------===//
277
278void foo(id x) {
279 [x retain];
280}
281
282void bar(id x) {
283 [x release];
284}
285
286void test() {
287 NSString *s = [[NSString alloc] init]; // expected-warning {{Potential leak}}
288 foo(s);
289 foo(s);
290 bar(s);
291}
Devin Coughlinbac49e52017-07-19 04:10:44 +0000292
Ted Kremeneka2bbac32012-02-07 00:24:33 +0000293void test_neg() {
294 NSString *s = [[NSString alloc] init]; // no-warning
295 foo(s);
296 foo(s);
297 bar(s);
298 bar(s);
299 bar(s);
300}
301
Devin Coughlinb2d82552017-07-25 17:17:09 +0000302__attribute__((annotate("rc_ownership_returns_retained"))) isl_basic_map *isl_basic_map_cow(__attribute__((annotate("rc_ownership_consumed"))) isl_basic_map *bmap);
Devin Coughlinbac49e52017-07-19 04:10:44 +0000303void free(void *);
304
Devin Coughlina179e172017-08-17 04:19:07 +0000305void callee_side_parameter_checking_leak(__attribute__((annotate("rc_ownership_consumed"))) isl_basic_map *bmap) { // expected-warning {{Potential leak of an object}}
306}
307
Devin Coughlinbac49e52017-07-19 04:10:44 +0000308// As 'isl_basic_map_free' is annotated with 'rc_ownership_trusted_implementation', RetainCountChecker trusts its
309// implementation and doesn't analyze its body. If the annotation 'rc_ownership_trusted_implementation' is removed,
310// a leak warning is raised by RetainCountChecker as the analyzer is unable to detect a decrement in the reference
311// count of 'bmap' along the path in 'isl_basic_map_free' assuming the predicate of the second 'if' branch to be
312// true or assuming both the predicates in the function to be false.
Devin Coughlinb2d82552017-07-25 17:17:09 +0000313__attribute__((annotate("rc_ownership_trusted_implementation"))) isl_basic_map *isl_basic_map_free(__attribute__((annotate("rc_ownership_consumed"))) isl_basic_map *bmap) {
Devin Coughlinbac49e52017-07-19 04:10:44 +0000314 if (!bmap)
315 return NULL;
316
317 if (--bmap->ref > 0)
318 return NULL;
319
320 free(bmap);
321 return NULL;
322}
323
324// As 'isl_basic_map_copy' is annotated with 'rc_ownership_trusted_implementation', RetainCountChecker trusts its
325// implementation and doesn't analyze its body. If that annotation is removed, a 'use-after-release' warning might
326// be raised by RetainCountChecker as the pointer which is passed as an argument to this function and the pointer
327// which is returned from the function point to the same memory location.
Devin Coughlinb2d82552017-07-25 17:17:09 +0000328__attribute__((annotate("rc_ownership_trusted_implementation"))) __attribute__((annotate("rc_ownership_returns_retained"))) isl_basic_map *isl_basic_map_copy(isl_basic_map *bmap) {
Devin Coughlinbac49e52017-07-19 04:10:44 +0000329 if (!bmap)
330 return NULL;
331
332 bmap->ref++;
333 return bmap;
334}
335
Devin Coughlinb2d82552017-07-25 17:17:09 +0000336void test_use_after_release_with_trusted_implementation_annotate_attribute(__attribute__((annotate("rc_ownership_consumed"))) isl_basic_map *bmap) {
Devin Coughlinbac49e52017-07-19 04:10:44 +0000337 // After this call, 'bmap' has a +1 reference count.
338 bmap = isl_basic_map_cow(bmap);
339 // After the call to 'isl_basic_map_copy', 'bmap' has a +1 reference count.
340 isl_basic_map *temp = isl_basic_map_cow(isl_basic_map_copy(bmap));
341 // After this call, 'bmap' has a +0 reference count.
342 isl_basic_map *temp2 = isl_basic_map_cow(bmap); // no-warning
343 isl_basic_map_free(temp2);
344 isl_basic_map_free(temp);
345}
346
Devin Coughlinb2d82552017-07-25 17:17:09 +0000347void test_leak_with_trusted_implementation_annotate_attribute(__attribute__((annotate("rc_ownership_consumed"))) isl_basic_map *bmap) {
Devin Coughlinbac49e52017-07-19 04:10:44 +0000348 // After this call, 'bmap' has a +1 reference count.
349 bmap = isl_basic_map_cow(bmap); // no-warning
350 // After this call, 'bmap' has a +0 reference count.
351 isl_basic_map_free(bmap);
352}
353
Devin Coughlina179e172017-08-17 04:19:07 +0000354void callee_side_parameter_checking_incorrect_rc_decrement(isl_basic_map *bmap) {
355 isl_basic_map_free(bmap); // expected-warning {{Incorrect decrement of the reference count}}
356}
357
358__attribute__((annotate("rc_ownership_returns_retained"))) isl_basic_map *callee_side_parameter_checking_return_notowned_object(isl_basic_map *bmap) {
359 return bmap; // expected-warning {{Object with a +0 retain count returned to caller where a +1 (owning) retain count is expected}}
360}
361
362__attribute__((annotate("rc_ownership_returns_retained"))) isl_basic_map *callee_side_parameter_checking_assign_consumed_parameter_leak_return(__attribute__((annotate("rc_ownership_consumed"))) isl_basic_map *bmap1, __attribute__((annotate("rc_ownership_consumed"))) isl_basic_map *bmap2) { // expected-warning {{Potential leak of an object}}
363 bmap1 = bmap2;
364 isl_basic_map_free(bmap2);
365 return bmap1;
366}
367
368__attribute__((annotate("rc_ownership_returns_retained"))) isl_basic_map *callee_side_parameter_checking_assign_consumed_parameter_leak(__attribute__((annotate("rc_ownership_consumed"))) isl_basic_map *bmap1, __attribute__((annotate("rc_ownership_consumed"))) isl_basic_map *bmap2) { // expected-warning {{Potential leak of an object}}
369 bmap1 = bmap2;
370 isl_basic_map_free(bmap1);
371 return bmap2;
372}
373
374__attribute__((annotate("rc_ownership_returns_retained"))) isl_basic_map *error_path_leak(__attribute__((annotate("rc_ownership_consumed"))) isl_basic_map *bmap1, __attribute__((annotate("rc_ownership_consumed"))) isl_basic_map *bmap2) { // expected-warning {{Potential leak of an object}}
375 bmap1 = isl_basic_map_cow(bmap1);
376 if (!bmap1 || !bmap2)
377 goto error;
378
379 isl_basic_map_free(bmap2);
380 return bmap1;
381error:
382 return isl_basic_map_free(bmap1);
383}
384
Ted Kremenekef31f372012-02-25 02:09:09 +0000385//===----------------------------------------------------------------------===//
386// Test returning retained and not-retained values.
387//===----------------------------------------------------------------------===//
388
Anna Zaks75de3232012-02-28 22:39:22 +0000389// On return (intraprocedural), assume CF objects are leaked.
390CFStringRef test_return_ratained_CF(char *bytes) {
391 CFStringRef str;
392 return CFStringCreateWithCStringNoCopy(0, bytes, NSNEXTSTEPStringEncoding, 0); // expected-warning {{leak}}
393}
394
395// On return (intraprocedural), assume NSObjects are not leaked.
396id test_return_retained_NS() {
397 return [[NSString alloc] init]; // no-warning
Ted Kremenekef31f372012-02-25 02:09:09 +0000398}
399
400void test_test_return_retained() {
Anna Zaks75de3232012-02-28 22:39:22 +0000401 id x = test_return_retained_NS(); // expected-warning {{leak}}
Ted Kremenekef31f372012-02-25 02:09:09 +0000402 [x retain];
403 [x release];
404}
Ted Kremenek161046e2012-03-23 06:26:56 +0000405
406//===----------------------------------------------------------------------===//
407// Test not applying "double effects" from inlining and RetainCountChecker summaries.
408// If we inline a call, we should already see its retain/release semantics.
409//===----------------------------------------------------------------------===//
410
411__attribute__((cf_returns_retained)) CFStringRef test_return_inline(CFStringRef x) {
412 CFRetain(x);
413 return x;
414}
415
416void test_test_return_inline(char *bytes) {
417 CFStringRef str = CFStringCreateWithCStringNoCopy(0, bytes, NSNEXTSTEPStringEncoding, 0);
418 // After this call, 'str' really has +2 reference count.
419 CFStringRef str2 = test_return_inline(str);
420 // After this call, 'str' really has a +1 reference count.
421 CFRelease(str);
422 // After this call, 'str2' and 'str' has a +0 reference count.
423 CFRelease(str2);
424}
425
426void test_test_return_inline_2(char *bytes) {
427 CFStringRef str = CFStringCreateWithCStringNoCopy(0, bytes, NSNEXTSTEPStringEncoding, 0); // expected-warning {{leak}}
428 // After this call, 'str' really has +2 reference count.
429 CFStringRef str2 = test_return_inline(str);
430 // After this call, 'str' really has a +1 reference count.
431 CFRelease(str);
432}
433
Anna Zaks4e255b62012-11-12 22:06:24 +0000434extern CFStringRef getString(void);
435CFStringRef testCovariantReturnType(void) __attribute__((cf_returns_retained));
Ted Kremenek161046e2012-03-23 06:26:56 +0000436
Anna Zaks4e255b62012-11-12 22:06:24 +0000437void usetestCovariantReturnType() {
438 CFStringRef S = ((void*)0);
439 S = testCovariantReturnType();
440 if (S)
441 CFRelease(S);
442}
Ted Kremenek161046e2012-03-23 06:26:56 +0000443
Anna Zaks4e255b62012-11-12 22:06:24 +0000444CFStringRef testCovariantReturnType() {
445 CFStringRef Str = ((void*)0);
446 Str = getString();
447 if (Str) {
448 CFRetain(Str);
449 }
450 return Str;
451}
Anna Zaksb13d21b2013-03-26 18:57:58 +0000452
453// Test that we reanalyze ObjC methods which have been inlined. When reanalyzing
454// them, make sure we inline very small functions.
Anna Zaksb13d21b2013-03-26 18:57:58 +0000455id returnInputParam(id x) {
456 return x;
457}
Anna Zaksb13d21b2013-03-26 18:57:58 +0000458
Anna Zaksfb0a6322013-03-26 23:58:52 +0000459@interface MyClass : NSObject
460- (id)test_reanalyze_as_top_level;
461- (void)test_inline_tiny_when_reanalyzing;
462- (void)inline_test_reanalyze_as_top_level;
463@end
464
465@implementation MyClass
466- (void)test_inline_tiny_when_reanalyzing {
467 id x = [[NSString alloc] init]; // no-warning
468 x = returnInputParam(x);
Anna Zaksb13d21b2013-03-26 18:57:58 +0000469 [x release];
470}
471
Anna Zaksfb0a6322013-03-26 23:58:52 +0000472- (id)test_reanalyze_as_top_level {
473 // This method does not follow naming conventions, so a warning will be
474 // reported when it is reanalyzed at top level.
475 return [[NSString alloc] init]; // expected-warning {{leak}}
476}
Anna Zaksb13d21b2013-03-26 18:57:58 +0000477
Anna Zaksfb0a6322013-03-26 23:58:52 +0000478- (void)inline_test_reanalyze_as_top_level {
479 id x = [self test_reanalyze_as_top_level];
480 [x release];
481 [self test_inline_tiny_when_reanalyzing];
482}
483@end