1 // RUN: %clang_cc1 -analyze -analyzer-checker=core -analyzer-store=region -analyzer-max-loop 6 -verify %s 2 3 //===----------------------------------------------------------------------===// 4 // The following code is reduced using delta-debugging from 5 // Foundation.h (Mac OS X). 6 // 7 // It includes the basic definitions for the test cases below. 8 // Not including Foundation.h directly makes this test case both svelte and 9 // portable to non-Mac platforms. 10 //===----------------------------------------------------------------------===// 11 12 typedef unsigned int __darwin_natural_t; 13 typedef unsigned long UInt32; 14 typedef signed long CFIndex; 15 typedef const void * CFTypeRef; 16 typedef const struct __CFString * CFStringRef; 17 typedef const struct __CFAllocator * CFAllocatorRef; 18 extern const CFAllocatorRef kCFAllocatorDefault; 19 extern CFTypeRef CFRetain(CFTypeRef cf); 20 extern void CFRelease(CFTypeRef cf); 21 typedef struct { 22 } 23 CFArrayCallBacks; 24 extern const CFArrayCallBacks kCFTypeArrayCallBacks; 25 typedef const struct __CFArray * CFArrayRef; 26 typedef struct __CFArray * CFMutableArrayRef; 27 extern CFMutableArrayRef CFArrayCreateMutable(CFAllocatorRef allocator, CFIndex capacity, const CFArrayCallBacks *callBacks); 28 extern const void *CFArrayGetValueAtIndex(CFArrayRef theArray, CFIndex idx); 29 typedef const struct __CFDictionary * CFDictionaryRef; 30 typedef UInt32 CFStringEncoding; 31 enum { 32 kCFStringEncodingMacRoman = 0, kCFStringEncodingWindowsLatin1 = 0x0500, kCFStringEncodingISOLatin1 = 0x0201, kCFStringEncodingNextStepLatin = 0x0B01, kCFStringEncodingASCII = 0x0600, kCFStringEncodingUnicode = 0x0100, kCFStringEncodingUTF8 = 0x08000100, kCFStringEncodingNonLossyASCII = 0x0BFF , kCFStringEncodingUTF16 = 0x0100, kCFStringEncodingUTF16BE = 0x10000100, kCFStringEncodingUTF16LE = 0x14000100, kCFStringEncodingUTF32 = 0x0c000100, kCFStringEncodingUTF32BE = 0x18000100, kCFStringEncodingUTF32LE = 0x1c000100 }; 33 extern CFStringRef CFStringCreateWithCString(CFAllocatorRef alloc, const char *cStr, CFStringEncoding encoding); 34 typedef double CFTimeInterval; 35 typedef CFTimeInterval CFAbsoluteTime; 36 typedef const struct __CFDate * CFDateRef; 37 extern CFDateRef CFDateCreate(CFAllocatorRef allocator, CFAbsoluteTime at); 38 extern CFAbsoluteTime CFDateGetAbsoluteTime(CFDateRef theDate); 39 typedef __darwin_natural_t natural_t; 40 typedef natural_t mach_port_name_t; 41 typedef mach_port_name_t mach_port_t; 42 typedef signed char BOOL; 43 typedef struct _NSZone NSZone; 44 @class NSInvocation, NSMethodSignature, NSCoder, NSString, NSEnumerator; 45 @protocol NSObject 46 - (BOOL)isEqual:(id)object; 47 - (id)retain; 48 - (oneway void)release; 49 @end @protocol NSCopying - (id)copyWithZone:(NSZone *)zone; 50 @end @protocol NSCoding - (void)encodeWithCoder:(NSCoder *)aCoder; 51 @end 52 @interface NSObject <NSObject> {} 53 - (id)init; 54 + (id)allocWithZone:(NSZone *)zone; 55 + (id)alloc; 56 - (void)dealloc; 57 @end 58 typedef float CGFloat; 59 typedef double NSTimeInterval; 60 @interface NSDate : NSObject <NSCopying, NSCoding> - (NSTimeInterval)timeIntervalSinceReferenceDate; 61 @end enum { 62 NSObjCNoType = 0, NSObjCVoidType = 'v', NSObjCCharType = 'c', NSObjCShortType = 's', NSObjCLongType = 'l', NSObjCLonglongType = 'q', NSObjCFloatType = 'f', NSObjCDoubleType = 'd', NSObjCBoolType = 'B', NSObjCSelectorType = ':', NSObjCObjectType = '@', NSObjCStructType = '{', NSObjCPointerType = '^', NSObjCStringType = '*', NSObjCArrayType = '[', NSObjCUnionType = '(', NSObjCBitfield = 'b' } 63 __attribute__((deprecated)); 64 typedef int kern_return_t; 65 typedef kern_return_t mach_error_t; 66 typedef mach_port_t io_object_t; 67 typedef io_object_t io_service_t; 68 typedef struct __DASession * DASessionRef; 69 extern DASessionRef DASessionCreate( CFAllocatorRef allocator ); 70 typedef struct __DADisk * DADiskRef; 71 extern DADiskRef DADiskCreateFromBSDName( CFAllocatorRef allocator, DASessionRef session, const char * name ); 72 extern DADiskRef DADiskCreateFromIOMedia( CFAllocatorRef allocator, DASessionRef session, io_service_t media ); 73 extern CFDictionaryRef DADiskCopyDescription( DADiskRef disk ); 74 extern DADiskRef DADiskCopyWholeDisk( DADiskRef disk ); 75 @interface NSAppleEventManager : NSObject { 76 } 77 @end enum { 78 kDAReturnSuccess = 0, kDAReturnError = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x01, kDAReturnBusy = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x02, kDAReturnBadArgument = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x03, kDAReturnExclusiveAccess = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x04, kDAReturnNoResources = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x05, kDAReturnNotFound = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x06, kDAReturnNotMounted = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x07, kDAReturnNotPermitted = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x08, kDAReturnNotPrivileged = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x09, kDAReturnNotReady = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x0A, kDAReturnNotWritable = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x0B, kDAReturnUnsupported = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x0C }; 79 typedef mach_error_t DAReturn; 80 typedef const struct __DADissenter * DADissenterRef; 81 extern DADissenterRef DADissenterCreate( CFAllocatorRef allocator, DAReturn status, CFStringRef string ); 82 @interface NSNumber : NSObject 83 - (id)initWithInt:(int)value; 84 @end 85 typedef unsigned long NSUInteger; 86 @interface NSArray : NSObject 87 -(id) initWithObjects:(const id *)objects count:(NSUInteger) cnt; 88 @end 89 90 //===----------------------------------------------------------------------===// 91 // Test cases. 92 //===----------------------------------------------------------------------===// 93 94 // Test to see if we *issue* an error when we store the pointer 95 // to a struct. This differs from basic store. 96 97 CFAbsoluteTime CFAbsoluteTimeGetCurrent(void); 98 99 struct foo { 100 NSDate* f; 101 }; 102 103 CFAbsoluteTime f4() { 104 struct foo x; 105 106 CFAbsoluteTime t = CFAbsoluteTimeGetCurrent(); 107 CFDateRef date = CFDateCreate(0, t); 108 [((NSDate*) date) retain]; 109 CFRelease(date); 110 CFDateGetAbsoluteTime(date); // no-warning 111 x.f = (NSDate*) date; 112 [((NSDate*) date) release]; 113 t = CFDateGetAbsoluteTime(date); // expected-warning{{Reference-counted object is used after it is released.}} 114 return t; 115 } 116 117 // Test that assigning to an self.ivar loses track of an object. 118 // This is a temporary hack to reduce false positives. 119 @interface Test3 : NSObject { 120 id myObj; 121 } 122 - (void)test_self_assign_ivar; 123 @end 124 125 @implementation Test3 126 - (void)test_self_assign_ivar { 127 CFAbsoluteTime t = CFAbsoluteTimeGetCurrent(); 128 CFDateRef date = CFDateCreate(0, t); // no-warning 129 myObj = (id) date; 130 } 131 @end 132 133 //===------------------------------------------------------------------------------------------===// 134 // <rdar://problem/7257223> (also <rdar://problem/7283470>) - False positive due to not invalidating 135 // the reference count of a tracked region that was itself invalidated. 136 //===------------------------------------------------------------------------------------------===// 137 138 typedef struct __rdar_7257223 { CFDateRef x; } RDar7257223; 139 void rdar_7257223_aux(RDar7257223 *p); 140 141 CFDateRef rdar7257223_Create(void) { 142 RDar7257223 s; 143 CFAbsoluteTime t = CFAbsoluteTimeGetCurrent(); 144 s.x = CFDateCreate(0, t); // no-warning 145 rdar_7257223_aux(&s); 146 return s.x; 147 } 148 149 CFDateRef rdar7257223_Create_2(void) { 150 RDar7257223 s; 151 CFAbsoluteTime t = CFAbsoluteTimeGetCurrent(); 152 s.x = CFDateCreate(0, t); // no-warning 153 return s.x; 154 } 155 156 void rdar7283470(void) { 157 NSNumber *numbers[] = { 158 [[NSNumber alloc] initWithInt:1], // no-warning 159 [[NSNumber alloc] initWithInt:2], // no-warning 160 [[NSNumber alloc] initWithInt:3], // no-warning 161 [[NSNumber alloc] initWithInt:4], // no-warning 162 [[NSNumber alloc] initWithInt:5] // no-warning 163 }; 164 165 for (unsigned i = 0 ; i < sizeof(numbers) / sizeof(numbers[0]) ; ++i) 166 [numbers[i] release]; 167 } 168 169 void rdar7283470_positive(void) { 170 NSNumber *numbers[] = { 171 [[NSNumber alloc] initWithInt:1], // expected-warning{{leak}} 172 [[NSNumber alloc] initWithInt:2], // expected-warning{{leak}} 173 [[NSNumber alloc] initWithInt:3], // expected-warning{{leak}} 174 [[NSNumber alloc] initWithInt:4], // expected-warning{{leak}} 175 [[NSNumber alloc] initWithInt:5] // expected-warning{{leak}} 176 }; 177 } 178 179 void rdar7283470_2(void) { 180 NSNumber *numbers[] = { 181 [[NSNumber alloc] initWithInt:1], // no-warning 182 [[NSNumber alloc] initWithInt:2], // no-warning 183 [[NSNumber alloc] initWithInt:3], // no-warning 184 [[NSNumber alloc] initWithInt:4], // no-warning 185 [[NSNumber alloc] initWithInt:5] // no-warning 186 }; 187 188 NSArray *s_numbers =[[NSArray alloc] initWithObjects:&numbers[0] count:sizeof(numbers) / sizeof(numbers[0])]; 189 190 for (unsigned i = 0 ; i < sizeof(numbers) / sizeof(numbers[0]) ; ++i) 191 [numbers[i] release]; 192 193 [s_numbers release]; 194 } 195 196 void rdar7283470_2_positive(void) { 197 NSNumber *numbers[] = { 198 [[NSNumber alloc] initWithInt:1], // no-warning 199 [[NSNumber alloc] initWithInt:2], // no-warning 200 [[NSNumber alloc] initWithInt:3], // no-warning 201 [[NSNumber alloc] initWithInt:4], // no-warning 202 [[NSNumber alloc] initWithInt:5] // no-warning 203 }; 204 205 NSArray *s_numbers =[[NSArray alloc] initWithObjects: &numbers[0] count:sizeof(numbers) / sizeof(numbers[0])]; // expected-warning{{leak}} 206 207 for (unsigned i = 0 ; i < sizeof(numbers) / sizeof(numbers[0]) ; ++i) 208 [numbers[i] release]; 209 } 210 211 void pr6699(int x) { 212 CFDateRef values[2]; 213 values[0] = values[1] = 0; 214 215 if (x) { 216 CFAbsoluteTime t = CFAbsoluteTimeGetCurrent(); 217 values[1] = CFDateCreate(0, t); 218 } 219 220 if (values[1]) { 221 // A bug in RegionStore::RemoveDeadBindings caused 'values[1]' to get prematurely 222 // pruned from the store. 223 CFRelease(values[1]); // no-warning 224 } 225 } 226 227 // <rdar://problem/8261992> Idempotent operation checker false positive with ObjC ivars 228 @interface R8261992 : NSObject { 229 @package int myIvar; 230 } 231 @end 232 233 static void R8261992_ChangeMyIvar(R8261992 *tc) { 234 tc->myIvar = 5; 235 } 236 237 void R8261992_test(R8261992 *tc) { 238 int temp = tc->myIvar; 239 // The ivar binding for tc->myIvar gets invalidated. 240 R8261992_ChangeMyIvar(tc); 241 tc->myIvar = temp; // no-warning 242 tc = [[R8261992 alloc] init]; 243 temp = tc->myIvar; // no-warning 244 // The ivar binding for tc->myIvar gets invalidated. 245 R8261992_ChangeMyIvar(tc); 246 tc->myIvar = temp; 247 [tc release]; // no-warning 248 // did we analyze this? 249 int *p = 0x0; 250 *p = 0xDEADBEEF; // expected-warning{{null}} 251 } 252 253
