retain-release.m revision 25d01badc5c37d3c8b7b9a41001f9c7e2cabda05 
1// RUN: clang -analyze -checker-cfref -verify %s &&
2// RUN: clang -analyze -checker-cfref -analyzer-store=region -verify %s
3
4
5//===----------------------------------------------------------------------===//
6// The following code is reduced using delta-debugging from
7// Foundation.h (Mac OS X).
8//
9// It includes the basic definitions for the test cases below.
10// Not including Foundation.h directly makes this test case both svelte and
11// portable to non-Mac platforms.
12//===----------------------------------------------------------------------===//
13
14typedef unsigned int __darwin_natural_t;
15typedef struct {} div_t;
16typedef unsigned long UInt32;
17typedef signed long CFIndex;
18typedef const void * CFTypeRef;
19typedef const struct __CFString * CFStringRef;
20typedef const struct __CFAllocator * CFAllocatorRef;
21extern const CFAllocatorRef kCFAllocatorDefault;
22extern CFTypeRef CFRetain(CFTypeRef cf);
23extern void CFRelease(CFTypeRef cf);
24typedef struct {
25}
26CFArrayCallBacks;
27extern const CFArrayCallBacks kCFTypeArrayCallBacks;
28typedef const struct __CFArray * CFArrayRef;
29typedef struct __CFArray * CFMutableArrayRef;
30extern CFMutableArrayRef CFArrayCreateMutable(CFAllocatorRef allocator, CFIndex capacity, const CFArrayCallBacks *callBacks);
31extern const void *CFArrayGetValueAtIndex(CFArrayRef theArray, CFIndex idx);
32extern void CFArrayAppendValue(CFMutableArrayRef theArray, const void *value);
33typedef const struct __CFDictionary * CFDictionaryRef;
34typedef UInt32 CFStringEncoding;
35enum {
36kCFStringEncodingMacRoman = 0,     kCFStringEncodingWindowsLatin1 = 0x0500,     kCFStringEncodingISOLatin1 = 0x0201,     kCFStringEncodingNextStepLatin = 0x0B01,     kCFStringEncodingASCII = 0x0600,     kCFStringEncodingUnicode = 0x0100,     kCFStringEncodingUTF8 = 0x08000100,     kCFStringEncodingNonLossyASCII = 0x0BFF      ,     kCFStringEncodingUTF16 = 0x0100,     kCFStringEncodingUTF16BE = 0x10000100,     kCFStringEncodingUTF16LE = 0x14000100,      kCFStringEncodingUTF32 = 0x0c000100,     kCFStringEncodingUTF32BE = 0x18000100,     kCFStringEncodingUTF32LE = 0x1c000100  };
37extern CFStringRef CFStringCreateWithCString(CFAllocatorRef alloc, const char *cStr, CFStringEncoding encoding);
38typedef double CFTimeInterval;
39typedef CFTimeInterval CFAbsoluteTime;
40extern CFAbsoluteTime CFAbsoluteTimeGetCurrent(void);
41typedef const struct __CFDate * CFDateRef;
42extern CFDateRef CFDateCreate(CFAllocatorRef allocator, CFAbsoluteTime at);
43extern CFAbsoluteTime CFDateGetAbsoluteTime(CFDateRef theDate);
44typedef __darwin_natural_t natural_t;
45typedef natural_t mach_port_name_t;
46typedef mach_port_name_t mach_port_t;
47typedef struct {
48}
49CFRunLoopObserverContext;
50typedef signed char BOOL;
51typedef unsigned int NSUInteger;
52@class NSString, Protocol;
53extern void NSLog(NSString *format, ...) __attribute__((format(__NSString__, 1, 2)));
54typedef struct _NSZone NSZone;
55@class NSInvocation, NSMethodSignature, NSCoder, NSString, NSEnumerator;
56@protocol NSObject  - (BOOL)isEqual:(id)object;
57- (id)retain;
58- (oneway void)release;
59- (id)autorelease;
60@end  @protocol NSCopying  - (id)copyWithZone:(NSZone *)zone;
61@end  @protocol NSMutableCopying  - (id)mutableCopyWithZone:(NSZone *)zone;
62@end  @protocol NSCoding  - (void)encodeWithCoder:(NSCoder *)aCoder;
63@end    @interface NSObject <NSObject> {
64}
65+ (id)alloc;
66@end   typedef float CGFloat;
67@interface NSString : NSObject <NSCopying, NSMutableCopying, NSCoding>    - (NSUInteger)length;
68- (const char *)UTF8String;
69- (id)initWithUTF8String:(const char *)nullTerminatedCString;
70+ (id)stringWithUTF8String:(const char *)nullTerminatedCString;
71@end   extern NSString * const NSCurrentLocaleDidChangeNotification ;
72@protocol NSLocking  - (void)lock;
73@end  extern NSString * const NSUndoManagerCheckpointNotification;
74typedef enum {
75ACL_READ_DATA = (1<<1),  ACL_LIST_DIRECTORY = (1<<1),  ACL_WRITE_DATA = (1<<2),  ACL_ADD_FILE = (1<<2),  ACL_EXECUTE = (1<<3),  ACL_SEARCH = (1<<3),  ACL_DELETE = (1<<4),  ACL_APPEND_DATA = (1<<5),  ACL_ADD_SUBDIRECTORY = (1<<5),  ACL_DELETE_CHILD = (1<<6),  ACL_READ_ATTRIBUTES = (1<<7),  ACL_WRITE_ATTRIBUTES = (1<<8),  ACL_READ_EXTATTRIBUTES = (1<<9),  ACL_WRITE_EXTATTRIBUTES = (1<<10),  ACL_READ_SECURITY = (1<<11),  ACL_WRITE_SECURITY = (1<<12),  ACL_CHANGE_OWNER = (1<<13) }
76acl_entry_id_t;
77typedef int kern_return_t;
78typedef kern_return_t mach_error_t;
79typedef mach_port_t io_object_t;
80typedef io_object_t io_service_t;
81typedef struct __DASession * DASessionRef;
82extern DASessionRef DASessionCreate( CFAllocatorRef allocator );
83typedef struct __DADisk * DADiskRef;
84extern DADiskRef DADiskCreateFromBSDName( CFAllocatorRef allocator, DASessionRef session, const char * name );
85extern DADiskRef DADiskCreateFromIOMedia( CFAllocatorRef allocator, DASessionRef session, io_service_t media );
86extern CFDictionaryRef DADiskCopyDescription( DADiskRef disk );
87extern DADiskRef DADiskCopyWholeDisk( DADiskRef disk );
88@interface NSResponder : NSObject <NSCoding> {
89}
90@end  @class NSColor, NSFont, NSNotification;
91typedef struct __CFlags {
92}
93_CFlags;
94@interface NSCell : NSObject <NSCopying, NSCoding> {
95}
96@end  @class NSDate, NSDictionary, NSError, NSException, NSNotification;
97@interface NSManagedObjectContext : NSObject <NSCoding, NSLocking> {
98}
99@end enum {
100kDAReturnSuccess = 0,     kDAReturnError = (((0x3e)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x01,     kDAReturnBusy = (((0x3e)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x02,     kDAReturnBadArgument = (((0x3e)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x03,     kDAReturnExclusiveAccess = (((0x3e)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x04,     kDAReturnNoResources = (((0x3e)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x05,     kDAReturnNotFound = (((0x3e)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x06,     kDAReturnNotMounted = (((0x3e)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x07,     kDAReturnNotPermitted = (((0x3e)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x08,     kDAReturnNotPrivileged = (((0x3e)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x09,     kDAReturnNotReady = (((0x3e)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x0A,     kDAReturnNotWritable = (((0x3e)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x0B,     kDAReturnUnsupported = (((0x3e)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x0C };
101typedef mach_error_t DAReturn;
102typedef const struct __DADissenter * DADissenterRef;
103extern DADissenterRef DADissenterCreate( CFAllocatorRef allocator, DAReturn status, CFStringRef string );
104
105
106
107
108//===----------------------------------------------------------------------===//
109// Test cases.
110//===----------------------------------------------------------------------===//
111
112CFAbsoluteTime f1() {
113  CFAbsoluteTime t = CFAbsoluteTimeGetCurrent();
114  CFDateRef date = CFDateCreate(0, t);
115  CFRetain(date);
116  CFRelease(date);
117  CFDateGetAbsoluteTime(date); // no-warning
118  CFRelease(date);
119  t = CFDateGetAbsoluteTime(date);   // expected-warning{{Reference-counted object is used after it is released.}}
120  return t;
121}
122
123CFAbsoluteTime f2() {
124  CFAbsoluteTime t = CFAbsoluteTimeGetCurrent();
125  CFDateRef date = CFDateCreate(0, t);  
126  [((NSDate*) date) retain];
127  CFRelease(date);
128  CFDateGetAbsoluteTime(date); // no-warning
129  [((NSDate*) date) release];
130  t = CFDateGetAbsoluteTime(date);   // expected-warning{{Reference-counted object is used after it is released.}}
131  return t;
132}
133
134
135NSDate* global_x;
136
137// Test to see if we supresss an error when we store the pointer
138// to a global.
139
140CFAbsoluteTime f3() {
141  CFAbsoluteTime t = CFAbsoluteTimeGetCurrent();
142  CFDateRef date = CFDateCreate(0, t);  
143  [((NSDate*) date) retain];
144  CFRelease(date);
145  CFDateGetAbsoluteTime(date); // no-warning
146  global_x = (NSDate*) date;  
147  [((NSDate*) date) release];
148  t = CFDateGetAbsoluteTime(date);   // no-warning
149  return t;
150}
151
152//---------------------------------------------------------------------------
153// Test case 'f4' differs for region store and basic store.  See
154// retain-release-region-store.m and retain-release-basic-store.m.
155//---------------------------------------------------------------------------
156
157// Test a leak.
158
159CFAbsoluteTime f5(int x) {  
160  CFAbsoluteTime t = CFAbsoluteTimeGetCurrent();
161  CFDateRef date = CFDateCreate(0, t); // expected-warning{{leak}}
162  
163  if (x)
164    CFRelease(date);
165  
166  return t;
167}
168
169// Test a leak involving the return.
170
171CFDateRef f6(int x) {  
172  CFDateRef date = CFDateCreate(0, CFAbsoluteTimeGetCurrent());  // expected-warning{{leak}}
173  CFRetain(date);
174  return date;
175}
176
177// Test a leak involving an overwrite.
178
179CFDateRef f7() {
180  CFDateRef date = CFDateCreate(0, CFAbsoluteTimeGetCurrent());  //expected-warning{{leak}}
181  CFRetain(date);
182  date = CFDateCreate(0, CFAbsoluteTimeGetCurrent());
183  return date;
184}
185
186// Generalization of Create rule.  MyDateCreate returns a CFXXXTypeRef, and
187// has the word create.
188CFDateRef MyDateCreate();
189
190CFDateRef f8() {
191  CFDateRef date = MyDateCreate(); // expected-warning{{leak}}
192  CFRetain(date);  
193  return date;
194}
195
196CFDateRef f9() {
197  CFDateRef date = CFDateCreate(0, CFAbsoluteTimeGetCurrent());
198  int *p = 0;
199  // When allocations fail, CFDateCreate can return null.
200  if (!date) *p = 1; // expected-warning{{null}}
201  return date;
202}
203
204// Handle DiskArbitration API:
205//
206// http://developer.apple.com/DOCUMENTATION/DARWIN/Reference/DiscArbitrationFramework/
207//
208void f10(io_service_t media, DADiskRef d, CFStringRef s) {
209  DADiskRef disk = DADiskCreateFromBSDName(kCFAllocatorDefault, 0, "hello"); // expected-warning{{leak}}
210  if (disk) NSLog(@"ok");
211  
212  disk = DADiskCreateFromIOMedia(kCFAllocatorDefault, 0, media); // expected-warning{{leak}}
213  if (disk) NSLog(@"ok");
214
215  CFDictionaryRef dict = DADiskCopyDescription(d);  // expected-warning{{leak}}
216  if (dict) NSLog(@"ok"); 
217  
218  disk = DADiskCopyWholeDisk(d); // expected-warning{{leak}}
219  if (disk) NSLog(@"ok");
220    
221  DADissenterRef dissenter = DADissenterCreate(kCFAllocatorDefault,   // expected-warning{{leak}}
222                                                kDAReturnSuccess, s);
223  if (dissenter) NSLog(@"ok");
224  
225  DASessionRef session = DASessionCreate(kCFAllocatorDefault);  // expected-warning{{leak}}
226  if (session) NSLog(@"ok");
227}
228
229// Test retain/release checker with CFString and CFMutableArray.
230void f11() {
231  // Create the array.
232  CFMutableArrayRef A = CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks);
233
234  // Create a string.
235  CFStringRef s1 = CFStringCreateWithCString(0, "hello world",
236                                             kCFStringEncodingUTF8);
237
238  // Add the string to the array.
239  CFArrayAppendValue(A, s1);
240  
241  // Decrement the reference count.
242  CFRelease(s1); // no-warning
243  
244  // Get the string.  We don't own it.
245  s1 = (CFStringRef) CFArrayGetValueAtIndex(A, 0);
246  
247  // Release the array.
248  CFRelease(A); // no-warning
249  
250  // Release the string.  This is a bug.
251  CFRelease(s1); // expected-warning{{Incorrect decrement of the reference count}}
252}
253
254// PR 3337: Handle functions declared using typedefs.
255typedef CFTypeRef CREATEFUN();
256CREATEFUN MyCreateFun;
257
258void f12() {
259  CFTypeRef o = MyCreateFun(); // expected-warning {{leak}}
260}
261
262void f13_autorelease() {
263  CFMutableArrayRef A = CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks);
264  [(id) A autorelease]; // no-warning
265}
266
267// This case exercises the logic where the leak site is the same as the allocation site.
268void f14_leakimmediately() {
269  CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); // expected-warning{{leak}}
270}
271
272// Test basic tracking of ivars associated with 'self'.  For the retain/release
273// checker we currently do not want to flag leaks associated with stores
274// of tracked objects to ivars.
275@interface SelfIvarTest : NSObject {
276  id myObj;
277}
278- (void)test_self_tracking;
279@end
280
281@implementation SelfIvarTest
282- (void)test_self_tracking {
283  myObj = (id) CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); // no-warning
284}
285@end
286
287// <rdar://problem/6659160>
288int isFoo(char c);
289
290static void rdar_6659160(char *inkind, char *inname)
291{
292  // We currently expect that [NSObject alloc] cannot fail.  This
293  // will be a toggled flag in the future.  It can indeed return null, but
294  // Cocoa programmers generally aren't expected to reason about out-of-memory
295  // conditions.
296  NSString *kind = [[NSString alloc] initWithUTF8String:inkind];  // expected-warning{{leak}}
297  
298  // We do allow stringWithUTF8String to fail.  This isn't really correct, as
299  // far as returning nil.  In most error conditions it will throw an exception.
300  // If allocation fails it could return nil, but again this
301  // isn't expected.
302  NSString *name = [NSString stringWithUTF8String:inname];
303  if(!name)
304    return;
305
306  const char *kindC = 0;
307  const char *nameC = 0;
308  
309  // In both cases, we cannot reach a point down below where we
310  // dereference kindC or nameC with either being null.  This is because
311  // we assume that [NSObject alloc] doesn't fail and that we have the guard
312  // up above.
313  
314  if(kind)
315    kindC = [kind UTF8String];
316  if(name)
317    nameC = [name UTF8String];
318  if(!isFoo(kindC[0])) // expected-warning{{null}}
319    return;
320  if(!isFoo(nameC[0])) // no-warning
321    return;
322
323  [kind release];
324  [name release];
325}
326
327