1 // RUN: %clang_cc1 -analyze -analyzer-checker=core,osx.cocoa.RetainCount -analyzer-store=region -analyzer-max-loop 6 -verify %s 2 3 //===----------------------------------------------------------------------===// 4 // The following code is reduced using delta-debugging from 5 // Foundation.h (Mac OS X). 6 // 7 // It includes the basic definitions for the test cases below. 8 // Not including Foundation.h directly makes this test case both svelte and 9 // portable to non-Mac platforms. 10 //===----------------------------------------------------------------------===// 11 12 typedef unsigned int __darwin_natural_t; 13 typedef unsigned long UInt32; 14 typedef signed long CFIndex; 15 typedef const void * CFTypeRef; 16 typedef const struct __CFString * CFStringRef; 17 typedef const struct __CFAllocator * CFAllocatorRef; 18 extern const CFAllocatorRef kCFAllocatorDefault; 19 extern CFTypeRef CFRetain(CFTypeRef cf); 20 extern void CFRelease(CFTypeRef cf); 21 typedef struct { 22 } 23 CFArrayCallBacks; 24 extern const CFArrayCallBacks kCFTypeArrayCallBacks; 25 typedef const struct __CFArray * CFArrayRef; 26 typedef struct __CFArray * CFMutableArrayRef; 27 extern CFMutableArrayRef CFArrayCreateMutable(CFAllocatorRef allocator, CFIndex capacity, const CFArrayCallBacks *callBacks); 28 extern const void *CFArrayGetValueAtIndex(CFArrayRef theArray, CFIndex idx); 29 typedef const struct __CFDictionary * CFDictionaryRef; 30 typedef UInt32 CFStringEncoding; 31 enum { 32 kCFStringEncodingMacRoman = 0, kCFStringEncodingWindowsLatin1 = 0x0500, kCFStringEncodingISOLatin1 = 0x0201, kCFStringEncodingNextStepLatin = 0x0B01, kCFStringEncodingASCII = 0x0600, kCFStringEncodingUnicode = 0x0100, kCFStringEncodingUTF8 = 0x08000100, kCFStringEncodingNonLossyASCII = 0x0BFF , kCFStringEncodingUTF16 = 0x0100, kCFStringEncodingUTF16BE = 0x10000100, kCFStringEncodingUTF16LE = 0x14000100, kCFStringEncodingUTF32 = 0x0c000100, kCFStringEncodingUTF32BE = 0x18000100, kCFStringEncodingUTF32LE = 0x1c000100 }; 33 extern CFStringRef CFStringCreateWithCString(CFAllocatorRef alloc, const char *cStr, CFStringEncoding encoding); 34 typedef double CFTimeInterval; 35 typedef CFTimeInterval CFAbsoluteTime; 36 typedef const struct __CFDate * CFDateRef; 37 extern CFDateRef CFDateCreate(CFAllocatorRef allocator, CFAbsoluteTime at); 38 extern CFAbsoluteTime CFDateGetAbsoluteTime(CFDateRef theDate); 39 typedef __darwin_natural_t natural_t; 40 typedef natural_t mach_port_name_t; 41 typedef mach_port_name_t mach_port_t; 42 typedef signed char BOOL; 43 typedef struct _NSZone NSZone; 44 @class NSInvocation, NSMethodSignature, NSCoder, NSString, NSEnumerator; 45 @protocol NSObject 46 - (BOOL)isEqual:(id)object; 47 - (id)retain; 48 - (oneway void)release; 49 @end @protocol NSCopying - (id)copyWithZone:(NSZone *)zone; 50 @end @protocol NSCoding - (void)encodeWithCoder:(NSCoder *)aCoder; 51 @end 52 @interface NSObject <NSObject> {} 53 - (id)init; 54 + (id)allocWithZone:(NSZone *)zone; 55 + (id)alloc; 56 - (void)dealloc; 57 @end 58 typedef float CGFloat; 59 typedef double NSTimeInterval; 60 @interface NSDate : NSObject <NSCopying, NSCoding> - (NSTimeInterval)timeIntervalSinceReferenceDate; 61 @end enum { 62 NSObjCNoType = 0, NSObjCVoidType = 'v', NSObjCCharType = 'c', NSObjCShortType = 's', NSObjCLongType = 'l', NSObjCLonglongType = 'q', NSObjCFloatType = 'f', NSObjCDoubleType = 'd', NSObjCBoolType = 'B', NSObjCSelectorType = ':', NSObjCObjectType = '@', NSObjCStructType = '{', NSObjCPointerType = '^', NSObjCStringType = '*', NSObjCArrayType = '[', NSObjCUnionType = '(', NSObjCBitfield = 'b' } 63 __attribute__((deprecated)); 64 typedef int kern_return_t; 65 typedef kern_return_t mach_error_t; 66 typedef mach_port_t io_object_t; 67 typedef io_object_t io_service_t; 68 typedef struct __DASession * DASessionRef; 69 extern DASessionRef DASessionCreate( CFAllocatorRef allocator ); 70 typedef struct __DADisk * DADiskRef; 71 extern DADiskRef DADiskCreateFromBSDName( CFAllocatorRef allocator, DASessionRef session, const char * name ); 72 extern DADiskRef DADiskCreateFromIOMedia( CFAllocatorRef allocator, DASessionRef session, io_service_t media ); 73 extern CFDictionaryRef DADiskCopyDescription( DADiskRef disk ); 74 extern DADiskRef DADiskCopyWholeDisk( DADiskRef disk ); 75 @interface NSAppleEventManager : NSObject { 76 } 77 @end enum { 78 kDAReturnSuccess = 0, kDAReturnError = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x01, kDAReturnBusy = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x02, kDAReturnBadArgument = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x03, kDAReturnExclusiveAccess = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x04, kDAReturnNoResources = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x05, kDAReturnNotFound = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x06, kDAReturnNotMounted = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x07, kDAReturnNotPermitted = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x08, kDAReturnNotPrivileged = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x09, kDAReturnNotReady = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x0A, kDAReturnNotWritable = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x0B, kDAReturnUnsupported = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x0C }; 79 typedef mach_error_t DAReturn; 80 typedef const struct __DADissenter * DADissenterRef; 81 extern DADissenterRef DADissenterCreate( CFAllocatorRef allocator, DAReturn status, CFStringRef string ); 82 @interface NSNumber : NSObject 83 - (id)initWithInt:(int)value; 84 @end 85 typedef unsigned long NSUInteger; 86 @interface NSArray : NSObject 87 -(id) initWithObjects:(const id *)objects count:(NSUInteger) cnt; 88 @end 89 90 //===----------------------------------------------------------------------===// 91 // Test cases. 92 //===----------------------------------------------------------------------===// 93 94 // Test to see if we *issue* an error when we store the pointer 95 // to a struct. This differs from basic store. 96 97 CFAbsoluteTime CFAbsoluteTimeGetCurrent(void); 98 99 struct foo { 100 NSDate* f; 101 }; 102 103 // FIXME: We should be warning about a use-after-free here, but we 104 // temporarily "escape" retain counted objects stored to structs very eagerly 105 // until we can properly tell whether they have escaped via a return value 106 // or not. 107 CFAbsoluteTime f4() { 108 struct foo x; 109 110 CFAbsoluteTime t = CFAbsoluteTimeGetCurrent(); 111 CFDateRef date = CFDateCreate(0, t); 112 [((NSDate*) date) retain]; 113 CFRelease(date); 114 CFDateGetAbsoluteTime(date); // no-warning 115 x.f = (NSDate*) date; 116 [((NSDate*) date) release]; 117 // FIXME: the following line should warn. 118 t = CFDateGetAbsoluteTime(date); // no-warning 119 return t; 120 } 121 122 // Test that assigning to an self.ivar loses track of an object. 123 // This is a temporary hack to reduce false positives. 124 @interface Test3 : NSObject { 125 id myObj; 126 } 127 - (void)test_self_assign_ivar; 128 @end 129 130 @implementation Test3 131 - (void)test_self_assign_ivar { 132 CFAbsoluteTime t = CFAbsoluteTimeGetCurrent(); 133 CFDateRef date = CFDateCreate(0, t); // no-warning 134 myObj = (id) date; 135 } 136 @end 137 138 //===------------------------------------------------------------------------------------------===// 139 // <rdar://problem/7257223> (also <rdar://problem/7283470>) - False positive due to not invalidating 140 // the reference count of a tracked region that was itself invalidated. 141 //===------------------------------------------------------------------------------------------===// 142 143 typedef struct __rdar_7257223 { CFDateRef x; } RDar7257223; 144 void rdar_7257223_aux(RDar7257223 *p); 145 146 CFDateRef rdar7257223_Create(void) { 147 RDar7257223 s; 148 CFAbsoluteTime t = CFAbsoluteTimeGetCurrent(); 149 s.x = CFDateCreate(0, t); // no-warning 150 rdar_7257223_aux(&s); 151 return s.x; 152 } 153 154 CFDateRef rdar7257223_Create_2(void) { 155 RDar7257223 s; 156 CFAbsoluteTime t = CFAbsoluteTimeGetCurrent(); 157 s.x = CFDateCreate(0, t); // no-warning 158 return s.x; 159 } 160 161 void rdar7283470(void) { 162 NSNumber *numbers[] = { 163 [[NSNumber alloc] initWithInt:1], // no-warning 164 [[NSNumber alloc] initWithInt:2], // no-warning 165 [[NSNumber alloc] initWithInt:3], // no-warning 166 [[NSNumber alloc] initWithInt:4], // no-warning 167 [[NSNumber alloc] initWithInt:5] // no-warning 168 }; 169 170 for (unsigned i = 0 ; i < sizeof(numbers) / sizeof(numbers[0]) ; ++i) 171 [numbers[i] release]; 172 } 173 174 void rdar7283470_positive(void) { 175 NSNumber *numbers[] = { 176 [[NSNumber alloc] initWithInt:1], // expected-warning{{leak}} 177 [[NSNumber alloc] initWithInt:2], // expected-warning{{leak}} 178 [[NSNumber alloc] initWithInt:3], // expected-warning{{leak}} 179 [[NSNumber alloc] initWithInt:4], // expected-warning{{leak}} 180 [[NSNumber alloc] initWithInt:5] // expected-warning{{leak}} 181 }; 182 } 183 184 void rdar7283470_2(void) { 185 NSNumber *numbers[] = { 186 [[NSNumber alloc] initWithInt:1], // no-warning 187 [[NSNumber alloc] initWithInt:2], // no-warning 188 [[NSNumber alloc] initWithInt:3], // no-warning 189 [[NSNumber alloc] initWithInt:4], // no-warning 190 [[NSNumber alloc] initWithInt:5] // no-warning 191 }; 192 193 NSArray *s_numbers =[[NSArray alloc] initWithObjects:&numbers[0] count:sizeof(numbers) / sizeof(numbers[0])]; 194 195 for (unsigned i = 0 ; i < sizeof(numbers) / sizeof(numbers[0]) ; ++i) 196 [numbers[i] release]; 197 198 [s_numbers release]; 199 } 200 201 void rdar7283470_2_positive(void) { 202 NSNumber *numbers[] = { 203 [[NSNumber alloc] initWithInt:1], // no-warning 204 [[NSNumber alloc] initWithInt:2], // no-warning 205 [[NSNumber alloc] initWithInt:3], // no-warning 206 [[NSNumber alloc] initWithInt:4], // no-warning 207 [[NSNumber alloc] initWithInt:5] // no-warning 208 }; 209 210 NSArray *s_numbers =[[NSArray alloc] initWithObjects: &numbers[0] count:sizeof(numbers) / sizeof(numbers[0])]; // expected-warning{{leak}} 211 212 for (unsigned i = 0 ; i < sizeof(numbers) / sizeof(numbers[0]) ; ++i) 213 [numbers[i] release]; 214 } 215 216 void pr6699(int x) { 217 CFDateRef values[2]; 218 values[0] = values[1] = 0; 219 220 if (x) { 221 CFAbsoluteTime t = CFAbsoluteTimeGetCurrent(); 222 values[1] = CFDateCreate(0, t); 223 } 224 225 if (values[1]) { 226 // A bug in RegionStore::RemoveDeadBindings caused 'values[1]' to get prematurely 227 // pruned from the store. 228 CFRelease(values[1]); // no-warning 229 } 230 } 231 232 // <rdar://problem/8261992> Idempotent operation checker false positive with ObjC ivars 233 @interface R8261992 : NSObject { 234 @package int myIvar; 235 } 236 @end 237 238 static void R8261992_ChangeMyIvar(R8261992 *tc) { 239 tc->myIvar = 5; 240 } 241 242 void R8261992_test(R8261992 *tc) { 243 int temp = tc->myIvar; 244 // The ivar binding for tc->myIvar gets invalidated. 245 R8261992_ChangeMyIvar(tc); 246 tc->myIvar = temp; // no-warning 247 tc = [[R8261992 alloc] init]; 248 temp = tc->myIvar; // no-warning 249 // The ivar binding for tc->myIvar gets invalidated. 250 R8261992_ChangeMyIvar(tc); 251 tc->myIvar = temp; 252 [tc release]; // no-warning 253 // did we analyze this? 254 int *p = 0x0; 255 *p = 0xDEADBEEF; // expected-warning{{null}} 256 } 257 258