malloc-annotations.c revision b98c6fe8877b809d4da3020692c9b38f972b92cf
1// RUN: %clang_cc1 -analyze -analyzer-checker=core,alpha.deadcode.UnreachableCode,alpha.core.CastSize,alpha.unix.MallocWithAnnotations -analyzer-store=region -verify %s 2typedef __typeof(sizeof(int)) size_t; 3void *malloc(size_t); 4void free(void *); 5void *realloc(void *ptr, size_t size); 6void *calloc(size_t nmemb, size_t size); 7void __attribute((ownership_returns(malloc))) *my_malloc(size_t); 8void __attribute((ownership_takes(malloc, 1))) my_free(void *); 9void my_freeBoth(void *, void *) 10 __attribute((ownership_holds(malloc, 1, 2))); 11void __attribute((ownership_returns(malloc, 1))) *my_malloc2(size_t); 12void __attribute((ownership_holds(malloc, 1))) my_hold(void *); 13 14// Duplicate attributes are silly, but not an error. 15// Duplicate attribute has no extra effect. 16// If two are of different kinds, that is an error and reported as such. 17void __attribute((ownership_holds(malloc, 1))) 18__attribute((ownership_holds(malloc, 1))) 19__attribute((ownership_holds(malloc, 3))) my_hold2(void *, void *, void *); 20void *my_malloc3(size_t); 21void *myglobalpointer; 22struct stuff { 23 void *somefield; 24}; 25struct stuff myglobalstuff; 26 27void f1() { 28 int *p = malloc(12); 29 return; // expected-warning{{Memory is never released; potential leak}} 30} 31 32void f2() { 33 int *p = malloc(12); 34 free(p); 35 free(p); // expected-warning{{Attempt to free released memory}} 36} 37 38void f2_realloc_0() { 39 int *p = malloc(12); 40 realloc(p,0); 41 realloc(p,0); // expected-warning{{Attempt to free released memory}} 42} 43 44void f2_realloc_1() { 45 int *p = malloc(12); 46 int *q = realloc(p,0); // no-warning 47} 48 49// ownership attributes tests 50void naf1() { 51 int *p = my_malloc3(12); 52 return; // no-warning 53} 54 55void n2af1() { 56 int *p = my_malloc2(12); 57 return; // expected-warning{{Memory is never released; potential leak}} 58} 59 60void af1() { 61 int *p = my_malloc(12); 62 return; // expected-warning{{Memory is never released; potential leak}} 63} 64 65void af1_b() { 66 int *p = my_malloc(12); 67} // expected-warning{{Memory is never released; potential leak}} 68 69void af1_c() { 70 myglobalpointer = my_malloc(12); // no-warning 71} 72 73// Test that we can pass out allocated memory via pointer-to-pointer. 74void af1_e(void **pp) { 75 *pp = my_malloc(42); // no-warning 76} 77 78void af1_f(struct stuff *somestuff) { 79 somestuff->somefield = my_malloc(12); // no-warning 80} 81 82// Allocating memory for a field via multiple indirections to our arguments is OK. 83void af1_g(struct stuff **pps) { 84 *pps = my_malloc(sizeof(struct stuff)); // no-warning 85 (*pps)->somefield = my_malloc(42); // no-warning 86} 87 88void af2() { 89 int *p = my_malloc(12); 90 my_free(p); 91 free(p); // expected-warning{{Attempt to free released memory}} 92} 93 94void af2b() { 95 int *p = my_malloc(12); 96 free(p); 97 my_free(p); // expected-warning{{Attempt to free released memory}} 98} 99 100void af2c() { 101 int *p = my_malloc(12); 102 free(p); 103 my_hold(p); // expected-warning{{Attempt to free released memory}} 104} 105 106void af2d() { 107 int *p = my_malloc(12); 108 free(p); 109 my_hold2(0, 0, p); // expected-warning{{Attempt to free released memory}} 110} 111 112// No leak if malloc returns null. 113void af2e() { 114 int *p = my_malloc(12); 115 if (!p) 116 return; // no-warning 117 free(p); // no-warning 118} 119 120// This case inflicts a possible double-free. 121void af3() { 122 int *p = my_malloc(12); 123 my_hold(p); 124 free(p); // expected-warning{{Attempt to free non-owned memory}} 125} 126 127int * af4() { 128 int *p = my_malloc(12); 129 my_free(p); 130 return p; // expected-warning{{Use of memory after it is freed}} 131} 132 133// This case is (possibly) ok, be conservative 134int * af5() { 135 int *p = my_malloc(12); 136 my_hold(p); 137 return p; // no-warning 138} 139 140 141 142// This case tests that storing malloc'ed memory to a static variable which is 143// then returned is not leaked. In the absence of known contracts for functions 144// or inter-procedural analysis, this is a conservative answer. 145int *f3() { 146 static int *p = 0; 147 p = malloc(12); 148 return p; // no-warning 149} 150 151// This case tests that storing malloc'ed memory to a static global variable 152// which is then returned is not leaked. In the absence of known contracts for 153// functions or inter-procedural analysis, this is a conservative answer. 154static int *p_f4 = 0; 155int *f4() { 156 p_f4 = malloc(12); 157 return p_f4; // no-warning 158} 159 160int *f5() { 161 int *q = malloc(12); 162 q = realloc(q, 20); 163 return q; // no-warning 164} 165 166void f6() { 167 int *p = malloc(12); 168 if (!p) 169 return; // no-warning 170 else 171 free(p); 172} 173 174void f6_realloc() { 175 int *p = malloc(12); 176 if (!p) 177 return; // no-warning 178 else 179 realloc(p,0); 180} 181 182 183char *doit2(); 184void pr6069() { 185 char *buf = doit2(); 186 free(buf); 187} 188 189void pr6293() { 190 free(0); 191} 192 193void f7() { 194 char *x = (char*) malloc(4); 195 free(x); 196 x[0] = 'a'; // expected-warning{{Use of memory after it is freed}} 197} 198 199void f7_realloc() { 200 char *x = (char*) malloc(4); 201 realloc(x,0); 202 x[0] = 'a'; // expected-warning{{Use of memory after it is freed}} 203} 204 205void PR6123() { 206 int *x = malloc(11); // expected-warning{{Cast a region whose size is not a multiple of the destination type size}} 207} 208 209void PR7217() { 210 int *buf = malloc(2); // expected-warning{{Cast a region whose size is not a multiple of the destination type size}} 211 buf[1] = 'c'; // not crash 212} 213 214void mallocCastToVoid() { 215 void *p = malloc(2); 216 const void *cp = p; // not crash 217 free(p); 218} 219 220void mallocCastToFP() { 221 void *p = malloc(2); 222 void (*fp)() = p; // not crash 223 free(p); 224} 225 226// This tests that malloc() buffers are undefined by default 227char mallocGarbage () { 228 char *buf = malloc(2); 229 char result = buf[1]; // expected-warning{{undefined}} 230 free(buf); 231 return result; 232} 233 234// This tests that calloc() buffers need to be freed 235void callocNoFree () { 236 char *buf = calloc(2,2); 237 return; // expected-warning{{never released}} 238} 239 240// These test that calloc() buffers are zeroed by default 241char callocZeroesGood () { 242 char *buf = calloc(2,2); 243 char result = buf[3]; // no-warning 244 if (buf[1] == 0) { 245 free(buf); 246 } 247 return result; // no-warning 248} 249 250char callocZeroesBad () { 251 char *buf = calloc(2,2); 252 char result = buf[3]; // no-warning 253 if (buf[1] != 0) { 254 free(buf); // expected-warning{{never executed}} 255 } 256 return result; // expected-warning{{never released}} 257} 258 259void testMultipleFreeAnnotations() { 260 int *p = malloc(12); 261 int *q = malloc(12); 262 my_freeBoth(p, q); 263} 264 265// ---------------------------------------------------------------------------- 266 267// False negatives. 268 269// Pending on removal of the escaping on assignment to struct fields. 270void af1_d() { 271 struct stuff mystuff; 272 mystuff.somefield = my_malloc(12); 273} // missing warning 274 275 276