Malloc+MismatchedDeallocator+NewDelete.cpp revision e449edc5bdace60f9d754c32abc5459bc7d94a14
1// RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.Malloc,unix.MismatchedDeallocator,cplusplus.NewDelete -std=c++11 -verify %s 2// RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.Malloc,unix.MismatchedDeallocator,cplusplus.NewDelete,alpha.cplusplus.NewDeleteLeaks -DLEAKS -std=c++11 -verify %s 3 4typedef __typeof(sizeof(int)) size_t; 5void *malloc(size_t); 6void free(void *); 7 8//-------------------------------------------------- 9// Check that unix.Malloc catches all types of bugs. 10//-------------------------------------------------- 11void testMallocDoubleFree() { 12 int *p = (int *)malloc(sizeof(int)); 13 free(p); 14 free(p); // expected-warning{{Attempt to free released memory}} 15} 16 17void testMallocLeak() { 18 int *p = (int *)malloc(sizeof(int)); 19} // expected-warning{{Memory is never released; potential leak of memory pointed to by 'p'}} 20 21void testMallocUseAfterFree() { 22 int *p = (int *)malloc(sizeof(int)); 23 free(p); 24 int j = *p; // expected-warning{{Use of memory after it is freed}} 25} 26 27void testMallocBadFree() { 28 int i; 29 free(&i); // expected-warning{{Argument to free() is the address of the local variable 'i', which is not memory allocated by malloc()}} 30} 31 32void testMallocOffsetFree() { 33 int *p = (int *)malloc(sizeof(int)); 34 free(++p); // expected-warning{{Argument to free() is offset by 4 bytes from the start of memory allocated by malloc()}} 35} 36 37//----------------------------------------------------------------- 38// Check that unix.MismatchedDeallocator catches all types of bugs. 39//----------------------------------------------------------------- 40void testMismatchedDeallocator() { 41 int *x = (int *)malloc(sizeof(int)); 42 delete x; // expected-warning{{Memory allocated by malloc() should be deallocated by free(), not 'delete'}} 43} 44 45//---------------------------------------------------------------- 46// Check that alpha.cplusplus.NewDelete catches all types of bugs. 47//---------------------------------------------------------------- 48void testNewDoubleFree() { 49 int *p = new int; 50 delete p; 51 delete p; // expected-warning{{Attempt to free released memory}} 52} 53 54void testNewLeak() { 55 int *p = new int; 56} 57#ifdef LEAKS 58// expected-warning@-2 {{Memory is never released; potential leak of memory pointed to by 'p'}} 59#endif 60 61void testNewUseAfterFree() { 62 int *p = (int *)operator new(0); 63 delete p; 64 int j = *p; // expected-warning{{Use of memory after it is freed}} 65} 66 67void testNewBadFree() { 68 int i; 69 delete &i; // expected-warning{{Argument to 'delete' is the address of the local variable 'i', which is not memory allocated by 'new'}} 70} 71 72void testNewOffsetFree() { 73 int *p = new int; 74 operator delete(++p); // expected-warning{{Argument to operator delete is offset by 4 bytes from the start of memory allocated by 'new'}} 75} 76