1// RUN: %clang_cc1 -triple i386-apple-darwin10 -analyze -analyzer-checker=core,osx.cocoa.NilArg,osx.cocoa.RetainCount,alpha.core -analyzer-store=region -analyzer-constraints=range -verify -Wno-objc-root-class %s 2// RUN: %clang_cc1 -triple i386-apple-darwin10 -analyze -analyzer-checker=core,osx.cocoa.NilArg,osx.cocoa.RetainCount,alpha.core -analyzer-store=region -analyzer-constraints=range -analyzer-config mode=shallow -verify -Wno-objc-root-class %s 3// RUN: %clang_cc1 -DTEST_64 -triple x86_64-apple-darwin10 -analyze -analyzer-checker=core,osx.cocoa.NilArg,osx.cocoa.RetainCount,alpha.core -analyzer-store=region -analyzer-constraints=range -verify -Wno-objc-root-class %s 4 5 6//===----------------------------------------------------------------------===// 7// The following code is reduced using delta-debugging from 8// Foundation.h (Mac OS X). 9// 10// It includes the basic definitions for the test cases below. 11// Not directly including Foundation.h directly makes this test case 12// both svelte and portable to non-Mac platforms. 13//===----------------------------------------------------------------------===// 14 15#ifdef TEST_64 16typedef long long int64_t; 17_Bool OSAtomicCompareAndSwap64Barrier( int64_t __oldValue, int64_t __newValue, volatile int64_t *__theValue ); 18#define COMPARE_SWAP_BARRIER OSAtomicCompareAndSwap64Barrier 19typedef int64_t intptr_t; 20#else 21typedef int int32_t; 22_Bool OSAtomicCompareAndSwap32Barrier( int32_t __oldValue, int32_t __newValue, volatile int32_t *__theValue ); 23#define COMPARE_SWAP_BARRIER OSAtomicCompareAndSwap32Barrier 24typedef int32_t intptr_t; 25#endif 26 27typedef const void * CFTypeRef; 28typedef const struct __CFString * CFStringRef; 29typedef const struct __CFAllocator * CFAllocatorRef; 30extern const CFAllocatorRef kCFAllocatorDefault; 31extern CFTypeRef CFRetain(CFTypeRef cf); 32void CFRelease(CFTypeRef cf); 33typedef const struct __CFDictionary * CFDictionaryRef; 34const void *CFDictionaryGetValue(CFDictionaryRef theDict, const void *key); 35extern CFStringRef CFStringCreateWithFormat(CFAllocatorRef alloc, CFDictionaryRef formatOptions, CFStringRef format, ...); 36typedef signed char BOOL; 37typedef int NSInteger; 38typedef unsigned int NSUInteger; 39@class NSString, Protocol; 40extern void NSLog(NSString *format, ...) __attribute__((format(__NSString__, 1, 2))); 41typedef NSInteger NSComparisonResult; 42typedef struct _NSZone NSZone; 43@class NSInvocation, NSMethodSignature, NSCoder, NSString, NSEnumerator; 44@protocol NSObject 45- (BOOL)isEqual:(id)object; 46- (oneway void)release; 47- (id)retain; 48- (id)autorelease; 49@end 50@protocol NSCopying 51- (id)copyWithZone:(NSZone *)zone; 52@end 53@protocol NSMutableCopying 54- (id)mutableCopyWithZone:(NSZone *)zone; 55@end 56@protocol NSCoding 57- (void)encodeWithCoder:(NSCoder *)aCoder; 58@end 59@interface NSObject <NSObject> {} 60- (id)init; 61+ (id)alloc; 62@end 63extern id NSAllocateObject(Class aClass, NSUInteger extraBytes, NSZone *zone); 64typedef struct {} NSFastEnumerationState; 65@protocol NSFastEnumeration 66- (NSUInteger)countByEnumeratingWithState:(NSFastEnumerationState *)state objects:(id *)stackbuf count:(NSUInteger)len; 67@end 68@class NSString; 69typedef struct _NSRange {} NSRange; 70@interface NSArray : NSObject <NSCopying, NSMutableCopying, NSCoding, NSFastEnumeration> 71- (NSUInteger)count; 72@end 73@interface NSMutableArray : NSArray 74- (void)addObject:(id)anObject; 75- (id)initWithCapacity:(NSUInteger)numItems; 76@end 77typedef unsigned short unichar; 78@class NSData, NSArray, NSDictionary, NSCharacterSet, NSData, NSURL, NSError, NSLocale; 79typedef NSUInteger NSStringCompareOptions; 80@interface NSString : NSObject <NSCopying, NSMutableCopying, NSCoding> - (NSUInteger)length; 81- (NSComparisonResult)compare:(NSString *)string; 82- (NSComparisonResult)compare:(NSString *)string options:(NSStringCompareOptions)mask; 83- (NSComparisonResult)compare:(NSString *)string options:(NSStringCompareOptions)mask range:(NSRange)compareRange; 84- (NSComparisonResult)compare:(NSString *)string options:(NSStringCompareOptions)mask range:(NSRange)compareRange locale:(id)locale; 85- (NSComparisonResult)caseInsensitiveCompare:(NSString *)string; 86- (NSArray *)componentsSeparatedByCharactersInSet:(NSCharacterSet *)separator; 87+ (id)stringWithFormat:(NSString *)format, ... __attribute__((format(__NSString__, 1, 2))); 88@end 89@interface NSSimpleCString : NSString {} @end 90@interface NSConstantString : NSSimpleCString @end 91extern void *_NSConstantStringClassReference; 92 93//===----------------------------------------------------------------------===// 94// Test cases. 95//===----------------------------------------------------------------------===// 96 97NSComparisonResult f1(NSString* s) { 98 NSString *aString = 0; 99 return [s compare:aString]; // expected-warning {{Argument to 'NSString' method 'compare:' cannot be nil}} 100} 101 102NSComparisonResult f2(NSString* s) { 103 NSString *aString = 0; 104 return [s caseInsensitiveCompare:aString]; // expected-warning {{Argument to 'NSString' method 'caseInsensitiveCompare:' cannot be nil}} 105} 106 107NSComparisonResult f3(NSString* s, NSStringCompareOptions op) { 108 NSString *aString = 0; 109 return [s compare:aString options:op]; // expected-warning {{Argument to 'NSString' method 'compare:options:' cannot be nil}} 110} 111 112NSComparisonResult f4(NSString* s, NSStringCompareOptions op, NSRange R) { 113 NSString *aString = 0; 114 return [s compare:aString options:op range:R]; // expected-warning {{Argument to 'NSString' method 'compare:options:range:' cannot be nil}} 115} 116 117NSComparisonResult f5(NSString* s, NSStringCompareOptions op, NSRange R) { 118 NSString *aString = 0; 119 return [s compare:aString options:op range:R locale:0]; // expected-warning {{Argument to 'NSString' method 'compare:options:range:locale:' cannot be nil}} 120} 121 122NSArray *f6(NSString* s) { 123 return [s componentsSeparatedByCharactersInSet:0]; // expected-warning {{Argument to 'NSString' method 'componentsSeparatedByCharactersInSet:' cannot be nil}} 124} 125 126NSString* f7(NSString* s1, NSString* s2, NSString* s3) { 127 128 NSString* s4 = (NSString*) 129 CFStringCreateWithFormat(kCFAllocatorDefault, 0, // expected-warning{{leak}} 130 (CFStringRef) __builtin___CFStringMakeConstantString("%@ %@ (%@)"), 131 s1, s2, s3); 132 133 CFRetain(s4); 134 return s4; 135} 136 137NSMutableArray* f8() { 138 139 NSString* s = [[NSString alloc] init]; 140 NSMutableArray* a = [[NSMutableArray alloc] initWithCapacity:2]; 141 [a addObject:s]; 142 [s release]; // no-warning 143 return a; 144} 145 146void f9() { 147 148 NSString* s = [[NSString alloc] init]; 149 NSString* q = s; 150 [s release]; 151 [q release]; // expected-warning {{used after it is released}} 152} 153 154NSString* f10() { 155 static NSString* s = 0; 156 if (!s) s = [[NSString alloc] init]; 157 return s; // no-warning 158} 159 160// Test case for regression reported in <rdar://problem/6452745>. 161// Essentially 's' should not be considered allocated on the false branch. 162// This exercises the 'EvalAssume' logic in GRTransferFuncs (CFRefCount.cpp). 163NSString* f11(CFDictionaryRef dict, const char* key) { 164 NSString* s = (NSString*) CFDictionaryGetValue(dict, key); 165 [s retain]; 166 if (s) { 167 [s release]; 168 } 169 return 0; 170} 171 172// Test case for passing a tracked object by-reference to a function we 173// don't understand. 174void unknown_function_f12(NSString** s); 175void f12() { 176 NSString *string = [[NSString alloc] init]; 177 unknown_function_f12(&string); // no-warning 178} 179 180// Test double release of CFString (PR 4014). 181void f13(void) { 182 CFStringRef ref = CFStringCreateWithFormat(kCFAllocatorDefault, ((void*)0), ((CFStringRef) __builtin___CFStringMakeConstantString ("" "%d" "")), 100); 183 CFRelease(ref); 184 CFRelease(ref); // expected-warning{{Reference-counted object is used after it is released}} 185} 186 187@interface MyString : NSString 188@end 189 190void f14(MyString *s) { 191 [s compare:0]; // expected-warning {{Argument to 'MyString' method 'compare:' cannot be nil}} 192} 193 194// Test regular use of -autorelease 195@interface TestAutorelease 196-(NSString*) getString; 197@end 198@implementation TestAutorelease 199-(NSString*) getString { 200 NSString *str = [[NSString alloc] init]; 201 return [str autorelease]; // no-warning 202} 203- (void)m1 204{ 205 NSString *s = [[NSString alloc] init]; // expected-warning{{leak}} 206 [s retain]; 207 [s autorelease]; 208} 209- (void)m2 210{ 211 NSString *s = [[[NSString alloc] init] autorelease]; // expected-warning{{leak}} 212 [s retain]; 213} 214- (void)m3 215{ 216 NSString *s = [[[NSString alloc] init] autorelease]; 217 [s retain]; 218 [s autorelease]; 219} 220- (void)m4 221{ 222 NSString *s = [[NSString alloc] init]; // expected-warning{{leak}} 223 [s retain]; 224} 225- (void)m5 226{ 227 NSString *s = [[NSString alloc] init]; 228 [s autorelease]; 229} 230@end 231 232@interface C1 : NSObject {} 233- (NSString*) getShared; 234+ (C1*) sharedInstance; 235@end 236@implementation C1 : NSObject {} 237- (NSString*) getShared { 238 static NSString* s = 0; 239 if (!s) s = [[NSString alloc] init]; 240 return s; // no-warning 241} 242+ (C1 *)sharedInstance { 243 static C1 *sharedInstance = 0; 244 if (!sharedInstance) { 245 sharedInstance = [[C1 alloc] init]; 246 } 247 return sharedInstance; // no-warning 248} 249@end 250 251@interface SharedClass : NSObject 252+ (id)sharedInstance; 253- (id)notShared; 254@end 255 256@implementation SharedClass 257 258- (id)_init { 259 if ((self = [super init])) { 260 NSLog(@"Bar"); 261 } 262 return self; 263} 264 265- (id)notShared { 266 return [[SharedClass alloc] _init]; // expected-warning{{leak}} 267} 268 269+ (id)sharedInstance { 270 static SharedClass *_sharedInstance = 0; 271 if (!_sharedInstance) { 272 _sharedInstance = [[SharedClass alloc] _init]; 273 } 274 return _sharedInstance; // no-warning 275} 276@end 277 278id testSharedClassFromFunction() { 279 return [[SharedClass alloc] _init]; // no-warning 280} 281 282// Test OSCompareAndSwap 283_Bool OSAtomicCompareAndSwapPtr( void *__oldValue, void *__newValue, void * volatile *__theValue ); 284extern BOOL objc_atomicCompareAndSwapPtr(id predicate, id replacement, volatile id *objectLocation); 285 286void testOSCompareAndSwap() { 287 NSString *old = 0; 288 NSString *s = [[NSString alloc] init]; // no-warning 289 if (!OSAtomicCompareAndSwapPtr(0, s, (void**) &old)) 290 [s release]; 291 else 292 [old release]; 293} 294 295void testOSCompareAndSwapXXBarrier_local() { 296 NSString *old = 0; 297 NSString *s = [[NSString alloc] init]; // no-warning 298 if (!COMPARE_SWAP_BARRIER((intptr_t) 0, (intptr_t) s, (intptr_t*) &old)) 299 [s release]; 300 else 301 [old release]; 302} 303 304void testOSCompareAndSwapXXBarrier_local_no_direct_release() { 305 NSString *old = 0; 306 NSString *s = [[NSString alloc] init]; // no-warning 307 if (!COMPARE_SWAP_BARRIER((intptr_t) 0, (intptr_t) s, (intptr_t*) &old)) 308 return; 309 else 310 [old release]; 311} 312 313int testOSCompareAndSwapXXBarrier_id(Class myclass, id xclass) { 314 if (COMPARE_SWAP_BARRIER(0, (intptr_t) myclass, (intptr_t*) &xclass)) 315 return 1; 316 return 0; 317} 318 319void test_objc_atomicCompareAndSwap_local() { 320 NSString *old = 0; 321 NSString *s = [[NSString alloc] init]; // no-warning 322 if (!objc_atomicCompareAndSwapPtr(0, s, &old)) 323 [s release]; 324 else 325 [old release]; 326} 327 328void test_objc_atomicCompareAndSwap_local_no_direct_release() { 329 NSString *old = 0; 330 NSString *s = [[NSString alloc] init]; // no-warning 331 if (!objc_atomicCompareAndSwapPtr(0, s, &old)) 332 return; 333 else 334 [old release]; 335} 336 337void test_objc_atomicCompareAndSwap_parameter(NSString **old) { 338 NSString *s = [[NSString alloc] init]; // no-warning 339 if (!objc_atomicCompareAndSwapPtr(0, s, old)) 340 [s release]; 341 else 342 [*old release]; 343} 344 345void test_objc_atomicCompareAndSwap_parameter_no_direct_release(NSString **old) { 346 NSString *s = [[NSString alloc] init]; // expected-warning{{leak}} 347 if (!objc_atomicCompareAndSwapPtr(0, s, old)) 348 return; 349 else 350 [*old release]; 351} 352 353 354// Test stringWithFormat (<rdar://problem/6815234>) 355void test_stringWithFormat() { 356 NSString *string = [[NSString stringWithFormat:@"%ld", (long) 100] retain]; 357 [string release]; 358 [string release]; // expected-warning{{Incorrect decrement of the reference count}} 359} 360 361// Test isTrackedObjectType(). 362typedef NSString* WonkyTypedef; 363@interface TestIsTracked 364+ (WonkyTypedef)newString; 365@end 366 367void test_isTrackedObjectType(void) { 368 NSString *str = [TestIsTracked newString]; // expected-warning{{Potential leak}} 369} 370 371// Test isTrackedCFObjectType(). 372@interface TestIsCFTracked 373+ (CFStringRef) badNewCFString; 374+ (CFStringRef) newCFString; 375@end 376 377@implementation TestIsCFTracked 378+ (CFStringRef) newCFString { 379 return CFStringCreateWithFormat(kCFAllocatorDefault, ((void*)0), ((CFStringRef) __builtin___CFStringMakeConstantString ("" "%d" "")), 100); // no-warning 380} 381+ (CFStringRef) badNewCFString { 382 return CFStringCreateWithFormat(kCFAllocatorDefault, ((void*)0), ((CFStringRef) __builtin___CFStringMakeConstantString ("" "%d" "")), 100); // expected-warning{{leak}} 383} 384 385// Test @synchronized 386void test_synchronized(id x) { 387 @synchronized(x) { 388 NSString *string = [[NSString stringWithFormat:@"%ld", (long) 100] retain]; // expected-warning {{leak}} 389 } 390} 391@end 392 393void testOSCompareAndSwapXXBarrier_parameter(NSString **old) { 394 NSString *s = [[NSString alloc] init]; // no-warning 395 if (!COMPARE_SWAP_BARRIER((intptr_t) 0, (intptr_t) s, (intptr_t*) old)) 396 [s release]; 397 else 398 [*old release]; 399} 400 401void testOSCompareAndSwapXXBarrier_parameter_no_direct_release(NSString **old) { 402 NSString *s = [[NSString alloc] init]; // no-warning 403 if (!COMPARE_SWAP_BARRIER((intptr_t) 0, (intptr_t) s, (intptr_t*) old)) 404 [s release]; 405 else 406 return; 407} 408 409@interface AlwaysInlineBodyFarmBodies : NSObject { 410 NSString *_value; 411} 412 - (NSString *)_value; 413 - (void)callValue; 414@end 415 416@implementation AlwaysInlineBodyFarmBodies 417 418- (NSString *)_value { 419 if (!_value) { 420 NSString *s = [[NSString alloc] init]; 421 if (!OSAtomicCompareAndSwapPtr(0, s, (void**)&_value)) { 422 [s release]; 423 } 424 } 425 return _value; 426} 427 428- (void)callValue { 429 [self _value]; 430} 431@end