retain-release-region-store.m revision c4d2c9074be6eb2091086eddd6c8f052f3b245c8
1// RUN: %clang_cc1 -analyze -analyzer-checker=core -analyzer-store=region -analyzer-max-loop 6 -verify %s 2 3//===----------------------------------------------------------------------===// 4// The following code is reduced using delta-debugging from 5// Foundation.h (Mac OS X). 6// 7// It includes the basic definitions for the test cases below. 8// Not including Foundation.h directly makes this test case both svelte and 9// portable to non-Mac platforms. 10//===----------------------------------------------------------------------===// 11 12typedef unsigned int __darwin_natural_t; 13typedef unsigned long UInt32; 14typedef signed long CFIndex; 15typedef const void * CFTypeRef; 16typedef const struct __CFString * CFStringRef; 17typedef const struct __CFAllocator * CFAllocatorRef; 18extern const CFAllocatorRef kCFAllocatorDefault; 19extern CFTypeRef CFRetain(CFTypeRef cf); 20extern void CFRelease(CFTypeRef cf); 21typedef struct { 22} 23CFArrayCallBacks; 24extern const CFArrayCallBacks kCFTypeArrayCallBacks; 25typedef const struct __CFArray * CFArrayRef; 26typedef struct __CFArray * CFMutableArrayRef; 27extern CFMutableArrayRef CFArrayCreateMutable(CFAllocatorRef allocator, CFIndex capacity, const CFArrayCallBacks *callBacks); 28extern const void *CFArrayGetValueAtIndex(CFArrayRef theArray, CFIndex idx); 29typedef const struct __CFDictionary * CFDictionaryRef; 30typedef UInt32 CFStringEncoding; 31enum { 32kCFStringEncodingMacRoman = 0, kCFStringEncodingWindowsLatin1 = 0x0500, kCFStringEncodingISOLatin1 = 0x0201, kCFStringEncodingNextStepLatin = 0x0B01, kCFStringEncodingASCII = 0x0600, kCFStringEncodingUnicode = 0x0100, kCFStringEncodingUTF8 = 0x08000100, kCFStringEncodingNonLossyASCII = 0x0BFF , kCFStringEncodingUTF16 = 0x0100, kCFStringEncodingUTF16BE = 0x10000100, kCFStringEncodingUTF16LE = 0x14000100, kCFStringEncodingUTF32 = 0x0c000100, kCFStringEncodingUTF32BE = 0x18000100, kCFStringEncodingUTF32LE = 0x1c000100 }; 33extern CFStringRef CFStringCreateWithCString(CFAllocatorRef alloc, const char *cStr, CFStringEncoding encoding); 34typedef double CFTimeInterval; 35typedef CFTimeInterval CFAbsoluteTime; 36typedef const struct __CFDate * CFDateRef; 37extern CFDateRef CFDateCreate(CFAllocatorRef allocator, CFAbsoluteTime at); 38extern CFAbsoluteTime CFDateGetAbsoluteTime(CFDateRef theDate); 39typedef __darwin_natural_t natural_t; 40typedef natural_t mach_port_name_t; 41typedef mach_port_name_t mach_port_t; 42typedef signed char BOOL; 43typedef struct _NSZone NSZone; 44@class NSInvocation, NSMethodSignature, NSCoder, NSString, NSEnumerator; 45@protocol NSObject 46- (BOOL)isEqual:(id)object; 47- (id)retain; 48- (oneway void)release; 49@end @protocol NSCopying - (id)copyWithZone:(NSZone *)zone; 50@end @protocol NSCoding - (void)encodeWithCoder:(NSCoder *)aCoder; 51@end 52@interface NSObject <NSObject> {} 53- (id)init; 54+ (id)allocWithZone:(NSZone *)zone; 55+ (id)alloc; 56- (void)dealloc; 57@end 58typedef float CGFloat; 59typedef double NSTimeInterval; 60@interface NSDate : NSObject <NSCopying, NSCoding> - (NSTimeInterval)timeIntervalSinceReferenceDate; 61@end enum { 62NSObjCNoType = 0, NSObjCVoidType = 'v', NSObjCCharType = 'c', NSObjCShortType = 's', NSObjCLongType = 'l', NSObjCLonglongType = 'q', NSObjCFloatType = 'f', NSObjCDoubleType = 'd', NSObjCBoolType = 'B', NSObjCSelectorType = ':', NSObjCObjectType = '@', NSObjCStructType = '{', NSObjCPointerType = '^', NSObjCStringType = '*', NSObjCArrayType = '[', NSObjCUnionType = '(', NSObjCBitfield = 'b' } 63__attribute__((deprecated)); 64typedef int kern_return_t; 65typedef kern_return_t mach_error_t; 66typedef mach_port_t io_object_t; 67typedef io_object_t io_service_t; 68typedef struct __DASession * DASessionRef; 69extern DASessionRef DASessionCreate( CFAllocatorRef allocator ); 70typedef struct __DADisk * DADiskRef; 71extern DADiskRef DADiskCreateFromBSDName( CFAllocatorRef allocator, DASessionRef session, const char * name ); 72extern DADiskRef DADiskCreateFromIOMedia( CFAllocatorRef allocator, DASessionRef session, io_service_t media ); 73extern CFDictionaryRef DADiskCopyDescription( DADiskRef disk ); 74extern DADiskRef DADiskCopyWholeDisk( DADiskRef disk ); 75@interface NSAppleEventManager : NSObject { 76} 77@end enum { 78kDAReturnSuccess = 0, kDAReturnError = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x01, kDAReturnBusy = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x02, kDAReturnBadArgument = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x03, kDAReturnExclusiveAccess = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x04, kDAReturnNoResources = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x05, kDAReturnNotFound = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x06, kDAReturnNotMounted = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x07, kDAReturnNotPermitted = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x08, kDAReturnNotPrivileged = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x09, kDAReturnNotReady = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x0A, kDAReturnNotWritable = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x0B, kDAReturnUnsupported = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x0C }; 79typedef mach_error_t DAReturn; 80typedef const struct __DADissenter * DADissenterRef; 81extern DADissenterRef DADissenterCreate( CFAllocatorRef allocator, DAReturn status, CFStringRef string ); 82@interface NSNumber : NSObject 83- (id)initWithInt:(int)value; 84@end 85typedef unsigned long NSUInteger; 86@interface NSArray : NSObject 87-(id) initWithObjects:(const id *)objects count:(NSUInteger) cnt; 88@end 89 90//===----------------------------------------------------------------------===// 91// Test cases. 92//===----------------------------------------------------------------------===// 93 94// Test to see if we *issue* an error when we store the pointer 95// to a struct. This differs from basic store. 96 97CFAbsoluteTime CFAbsoluteTimeGetCurrent(void); 98 99struct foo { 100 NSDate* f; 101}; 102 103CFAbsoluteTime f4() { 104 struct foo x; 105 106 CFAbsoluteTime t = CFAbsoluteTimeGetCurrent(); 107 CFDateRef date = CFDateCreate(0, t); 108 [((NSDate*) date) retain]; 109 CFRelease(date); 110 CFDateGetAbsoluteTime(date); // no-warning 111 x.f = (NSDate*) date; 112 [((NSDate*) date) release]; 113 t = CFDateGetAbsoluteTime(date); // expected-warning{{Reference-counted object is used after it is released.}} 114 return t; 115} 116 117// Test that assigning to an self.ivar loses track of an object. 118// This is a temporary hack to reduce false positives. 119@interface Test3 : NSObject { 120 id myObj; 121} 122- (void)test_self_assign_ivar; 123@end 124 125@implementation Test3 126- (void)test_self_assign_ivar { 127 CFAbsoluteTime t = CFAbsoluteTimeGetCurrent(); 128 CFDateRef date = CFDateCreate(0, t); // no-warning 129 myObj = (id) date; 130} 131@end 132 133//===------------------------------------------------------------------------------------------===// 134// <rdar://problem/7257223> (also <rdar://problem/7283470>) - False positive due to not invalidating 135// the reference count of a tracked region that was itself invalidated. 136//===------------------------------------------------------------------------------------------===// 137 138typedef struct __rdar_7257223 { CFDateRef x; } RDar7257223; 139void rdar_7257223_aux(RDar7257223 *p); 140 141CFDateRef rdar7257223_Create(void) { 142 RDar7257223 s; 143 CFAbsoluteTime t = CFAbsoluteTimeGetCurrent(); 144 s.x = CFDateCreate(0, t); // no-warning 145 rdar_7257223_aux(&s); 146 return s.x; 147} 148 149CFDateRef rdar7257223_Create_2(void) { 150 RDar7257223 s; 151 CFAbsoluteTime t = CFAbsoluteTimeGetCurrent(); 152 s.x = CFDateCreate(0, t); // no-warning 153 return s.x; 154} 155 156void rdar7283470(void) { 157 NSNumber *numbers[] = { 158 [[NSNumber alloc] initWithInt:1], // no-warning 159 [[NSNumber alloc] initWithInt:2], // no-warning 160 [[NSNumber alloc] initWithInt:3], // no-warning 161 [[NSNumber alloc] initWithInt:4], // no-warning 162 [[NSNumber alloc] initWithInt:5] // no-warning 163 }; 164 165 for (unsigned i = 0 ; i < sizeof(numbers) / sizeof(numbers[0]) ; ++i) 166 [numbers[i] release]; 167} 168 169void rdar7283470_positive(void) { 170 NSNumber *numbers[] = { 171 [[NSNumber alloc] initWithInt:1], // expected-warning{{leak}} 172 [[NSNumber alloc] initWithInt:2], // expected-warning{{leak}} 173 [[NSNumber alloc] initWithInt:3], // expected-warning{{leak}} 174 [[NSNumber alloc] initWithInt:4], // expected-warning{{leak}} 175 [[NSNumber alloc] initWithInt:5] // expected-warning{{leak}} 176 }; 177} 178 179void rdar7283470_2(void) { 180 NSNumber *numbers[] = { 181 [[NSNumber alloc] initWithInt:1], // no-warning 182 [[NSNumber alloc] initWithInt:2], // no-warning 183 [[NSNumber alloc] initWithInt:3], // no-warning 184 [[NSNumber alloc] initWithInt:4], // no-warning 185 [[NSNumber alloc] initWithInt:5] // no-warning 186 }; 187 188 NSArray *s_numbers =[[NSArray alloc] initWithObjects:&numbers[0] count:sizeof(numbers) / sizeof(numbers[0])]; 189 190 for (unsigned i = 0 ; i < sizeof(numbers) / sizeof(numbers[0]) ; ++i) 191 [numbers[i] release]; 192 193 [s_numbers release]; 194} 195 196void rdar7283470_2_positive(void) { 197 NSNumber *numbers[] = { 198 [[NSNumber alloc] initWithInt:1], // no-warning 199 [[NSNumber alloc] initWithInt:2], // no-warning 200 [[NSNumber alloc] initWithInt:3], // no-warning 201 [[NSNumber alloc] initWithInt:4], // no-warning 202 [[NSNumber alloc] initWithInt:5] // no-warning 203 }; 204 205 NSArray *s_numbers =[[NSArray alloc] initWithObjects: &numbers[0] count:sizeof(numbers) / sizeof(numbers[0])]; // expected-warning{{leak}} 206 207 for (unsigned i = 0 ; i < sizeof(numbers) / sizeof(numbers[0]) ; ++i) 208 [numbers[i] release]; 209} 210 211void pr6699(int x) { 212 CFDateRef values[2]; 213 values[0] = values[1] = 0; 214 215 if (x) { 216 CFAbsoluteTime t = CFAbsoluteTimeGetCurrent(); 217 values[1] = CFDateCreate(0, t); 218 } 219 220 if (values[1]) { 221 // A bug in RegionStore::RemoveDeadBindings caused 'values[1]' to get prematurely 222 // pruned from the store. 223 CFRelease(values[1]); // no-warning 224 } 225} 226 227// <rdar://problem/8261992> Idempotent operation checker false positive with ObjC ivars 228@interface R8261992 : NSObject { 229 @package int myIvar; 230} 231@end 232 233static void R8261992_ChangeMyIvar(R8261992 *tc) { 234 tc->myIvar = 5; 235} 236 237void R8261992_test(R8261992 *tc) { 238 int temp = tc->myIvar; 239 // The ivar binding for tc->myIvar gets invalidated. 240 R8261992_ChangeMyIvar(tc); 241 tc->myIvar = temp; // no-warning 242 tc = [[R8261992 alloc] init]; 243 temp = tc->myIvar; // no-warning 244 // The ivar binding for tc->myIvar gets invalidated. 245 R8261992_ChangeMyIvar(tc); 246 tc->myIvar = temp; 247 [tc release]; // no-warning 248 // did we analyze this? 249 int *p = 0x0; 250 *p = 0xDEADBEEF; // expected-warning{{null}} 251} 252 253