retain-release.m revision 8b31826a4b703ad21916b2f88e28d003e289a9ff
1//>>SLICER 2// RUN: clang-cc -analyze -checker-cfref -analyzer-store=basic -verify %s && 3// RUN: clang-cc -analyze -checker-cfref -analyzer-store=basic-old-cast -verify %s && 4// RUN: clang-cc -analyze -checker-cfref -analyzer-store=region -verify %s 5 6#if __has_feature(attribute_ns_returns_retained) 7#define NS_RETURNS_RETAINED __attribute__((ns_returns_retained)) 8#endif 9#if __has_feature(attribute_cf_returns_retained) 10#define CF_RETURNS_RETAINED __attribute__((cf_returns_retained)) 11#endif 12 13//===----------------------------------------------------------------------===// 14// The following code is reduced using delta-debugging from Mac OS X headers: 15// 16// #include <Cocoa/Cocoa.h> 17// #include <CoreFoundation/CoreFoundation.h> 18// #include <DiskArbitration/DiskArbitration.h> 19// #include <QuartzCore/QuartzCore.h> 20// #include <Quartz/Quartz.h> 21// #include <IOKit/IOKitLib.h> 22// 23// It includes the basic definitions for the test cases below. 24//===----------------------------------------------------------------------===// 25 26typedef unsigned int __darwin_natural_t; 27typedef unsigned long uintptr_t; 28typedef unsigned int uint32_t; 29typedef unsigned long long uint64_t; 30typedef unsigned int UInt32; 31typedef signed long CFIndex; 32typedef const void * CFTypeRef; 33typedef const struct __CFString * CFStringRef; 34typedef const struct __CFAllocator * CFAllocatorRef; 35extern const CFAllocatorRef kCFAllocatorDefault; 36extern CFTypeRef CFRetain(CFTypeRef cf); 37extern void CFRelease(CFTypeRef cf); 38typedef struct { 39} 40CFArrayCallBacks; 41extern const CFArrayCallBacks kCFTypeArrayCallBacks; 42typedef const struct __CFArray * CFArrayRef; 43typedef struct __CFArray * CFMutableArrayRef; 44extern CFMutableArrayRef CFArrayCreateMutable(CFAllocatorRef allocator, CFIndex capacity, const CFArrayCallBacks *callBacks); 45extern const void *CFArrayGetValueAtIndex(CFArrayRef theArray, CFIndex idx); 46extern void CFArrayAppendValue(CFMutableArrayRef theArray, const void *value); 47typedef const struct __CFDictionary * CFDictionaryRef; 48typedef struct __CFDictionary * CFMutableDictionaryRef; 49typedef UInt32 CFStringEncoding; 50enum { 51kCFStringEncodingMacRoman = 0, kCFStringEncodingWindowsLatin1 = 0x0500, kCFStringEncodingISOLatin1 = 0x0201, kCFStringEncodingNextStepLatin = 0x0B01, kCFStringEncodingASCII = 0x0600, kCFStringEncodingUnicode = 0x0100, kCFStringEncodingUTF8 = 0x08000100, kCFStringEncodingNonLossyASCII = 0x0BFF , kCFStringEncodingUTF16 = 0x0100, kCFStringEncodingUTF16BE = 0x10000100, kCFStringEncodingUTF16LE = 0x14000100, kCFStringEncodingUTF32 = 0x0c000100, kCFStringEncodingUTF32BE = 0x18000100, kCFStringEncodingUTF32LE = 0x1c000100 }; 52extern CFStringRef CFStringCreateWithCString(CFAllocatorRef alloc, const char *cStr, CFStringEncoding encoding); 53typedef double CFTimeInterval; 54typedef CFTimeInterval CFAbsoluteTime; 55extern CFAbsoluteTime CFAbsoluteTimeGetCurrent(void); 56typedef const struct __CFDate * CFDateRef; 57extern CFDateRef CFDateCreate(CFAllocatorRef allocator, CFAbsoluteTime at); 58extern CFAbsoluteTime CFDateGetAbsoluteTime(CFDateRef theDate); 59typedef __darwin_natural_t natural_t; 60typedef natural_t mach_port_name_t; 61typedef mach_port_name_t mach_port_t; 62typedef int kern_return_t; 63typedef kern_return_t mach_error_t; 64typedef signed char BOOL; 65typedef unsigned long NSUInteger; 66@class NSString, Protocol; 67extern void NSLog(NSString *format, ...) __attribute__((format(__NSString__, 1, 2))); 68typedef struct _NSZone NSZone; 69@class NSInvocation, NSMethodSignature, NSCoder, NSString, NSEnumerator; 70@protocol NSObject - (BOOL)isEqual:(id)object; 71- (id)retain; 72- (oneway void)release; 73- (id)autorelease; 74@end @protocol NSCopying - (id)copyWithZone:(NSZone *)zone; 75@end @protocol NSMutableCopying - (id)mutableCopyWithZone:(NSZone *)zone; 76@end @protocol NSCoding - (void)encodeWithCoder:(NSCoder *)aCoder; 77@end @interface NSObject <NSObject> { 78} 79+ (id)allocWithZone:(NSZone *)zone; 80+ (id)alloc; 81- (void)dealloc; 82@end extern id NSAllocateObject(Class aClass, NSUInteger extraBytes, NSZone *zone); 83typedef struct { 84} 85NSFastEnumerationState; 86@protocol NSFastEnumeration - (NSUInteger)countByEnumeratingWithState:(NSFastEnumerationState *)state objects:(id *)stackbuf count:(NSUInteger)len; 87@end @class NSString; 88@interface NSArray : NSObject <NSCopying, NSMutableCopying, NSCoding, NSFastEnumeration> - (NSUInteger)count; 89@end @interface NSArray (NSArrayCreation) + (id)array; 90@end @interface NSAutoreleasePool : NSObject { 91} 92- (void)drain; 93@end extern NSString * const NSBundleDidLoadNotification; 94typedef double NSTimeInterval; 95@interface NSDate : NSObject <NSCopying, NSCoding> - (NSTimeInterval)timeIntervalSinceReferenceDate; 96@end typedef unsigned short unichar; 97@interface NSString : NSObject <NSCopying, NSMutableCopying, NSCoding> - (NSUInteger)length; 98- ( const char *)UTF8String; 99- (id)initWithUTF8String:(const char *)nullTerminatedCString; 100+ (id)stringWithUTF8String:(const char *)nullTerminatedCString; 101@end @class NSString, NSData; 102@interface NSData : NSObject <NSCopying, NSMutableCopying, NSCoding> - (NSUInteger)length; 103+ (id)dataWithBytesNoCopy:(void *)bytes length:(NSUInteger)length; 104+ (id)dataWithBytesNoCopy:(void *)bytes length:(NSUInteger)length freeWhenDone:(BOOL)b; 105@end @class NSString; 106@interface NSDictionary : NSObject <NSCopying, NSMutableCopying, NSCoding, NSFastEnumeration> - (NSUInteger)count; 107@end @interface NSMutableDictionary : NSDictionary - (void)removeObjectForKey:(id)aKey; 108- (void)setObject:(id)anObject forKey:(id)aKey; 109@end @interface NSMutableDictionary (NSMutableDictionaryCreation) + (id)dictionaryWithCapacity:(NSUInteger)numItems; 110@end typedef double CGFloat; 111struct CGSize { 112}; 113typedef struct CGSize CGSize; 114struct CGRect { 115}; 116typedef struct CGRect CGRect; 117@protocol NSLocking - (void)lock; 118- (id)init; 119@end @class NSURLAuthenticationChallenge; 120typedef mach_port_t io_object_t; 121typedef char io_name_t[128]; 122typedef io_object_t io_iterator_t; 123typedef io_object_t io_service_t; 124typedef struct IONotificationPort * IONotificationPortRef; 125typedef void (*IOServiceMatchingCallback)( void * refcon, io_iterator_t iterator ); 126io_service_t IOServiceGetMatchingService( mach_port_t masterPort, CFDictionaryRef matching ); 127kern_return_t IOServiceGetMatchingServices( mach_port_t masterPort, CFDictionaryRef matching, io_iterator_t * existing ); 128kern_return_t IOServiceAddNotification( mach_port_t masterPort, const io_name_t notificationType, CFDictionaryRef matching, mach_port_t wakePort, uintptr_t reference, io_iterator_t * notification ) __attribute__((deprecated)); 129kern_return_t IOServiceAddMatchingNotification( IONotificationPortRef notifyPort, const io_name_t notificationType, CFDictionaryRef matching, IOServiceMatchingCallback callback, void * refCon, io_iterator_t * notification ); 130CFMutableDictionaryRef IOServiceMatching( const char * name ); 131CFMutableDictionaryRef IOServiceNameMatching( const char * name ); 132CFMutableDictionaryRef IOBSDNameMatching( mach_port_t masterPort, uint32_t options, const char * bsdName ); 133CFMutableDictionaryRef IOOpenFirmwarePathMatching( mach_port_t masterPort, uint32_t options, const char * path ); 134CFMutableDictionaryRef IORegistryEntryIDMatching( uint64_t entryID ); 135typedef struct __DASession * DASessionRef; 136extern DASessionRef DASessionCreate( CFAllocatorRef allocator ); 137typedef struct __DADisk * DADiskRef; 138extern DADiskRef DADiskCreateFromBSDName( CFAllocatorRef allocator, DASessionRef session, const char * name ); 139extern DADiskRef DADiskCreateFromIOMedia( CFAllocatorRef allocator, DASessionRef session, io_service_t media ); 140extern CFDictionaryRef DADiskCopyDescription( DADiskRef disk ); 141extern DADiskRef DADiskCopyWholeDisk( DADiskRef disk ); 142typedef struct CGColorSpace *CGColorSpaceRef; 143typedef struct CGImage *CGImageRef; 144 typedef struct CGLayer *CGLayerRef; 145 @class NSArray, NSError, NSEvent, NSMenu, NSUndoManager, NSWindow; 146@interface NSResponder : NSObject <NSCoding> { 147} 148@end @protocol NSAnimatablePropertyContainer - (id)animator; 149@end extern NSString *NSAnimationTriggerOrderIn ; 150@interface NSView : NSResponder <NSAnimatablePropertyContainer> { 151struct __VFlags2 { 152} 153_vFlags2; 154} 155@end extern NSString * const NSFullScreenModeAllScreens; 156@protocol NSChangeSpelling - (void)changeSpelling:(id)sender; 157@end @protocol NSIgnoreMisspelledWords - (void)ignoreSpelling:(id)sender; 158@end @class NSColor, NSFont, NSNotification; 159@interface NSText : NSView <NSChangeSpelling, NSIgnoreMisspelledWords> { 160} 161@end @protocol NSValidatedUserInterfaceItem - (SEL)action; 162@end @protocol NSUserInterfaceValidations - (BOOL)validateUserInterfaceItem:(id <NSValidatedUserInterfaceItem>)anItem; 163@end @class NSArray, NSError, NSImage, NSView, NSNotificationCenter, NSURL, NSScreen, NSRunningApplication; 164@interface NSApplication : NSResponder <NSUserInterfaceValidations> { 165} 166@end enum { 167NSTerminateCancel = 0, NSTerminateNow = 1, NSTerminateLater = 2 }; 168typedef NSUInteger NSApplicationTerminateReply; 169@protocol NSApplicationDelegate <NSObject> @optional - (NSApplicationTerminateReply)applicationShouldTerminate:(NSApplication *)sender; 170@end enum { 171} 172_CFlags; 173@interface CIImage : NSObject <NSCoding, NSCopying> { 174} 175typedef int CIFormat; 176@end enum { 177kDAReturnSuccess = 0, kDAReturnError = (((0x3e)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x01, kDAReturnBusy = (((0x3e)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x02, kDAReturnBadArgument = (((0x3e)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x03, kDAReturnExclusiveAccess = (((0x3e)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x04, kDAReturnNoResources = (((0x3e)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x05, kDAReturnNotFound = (((0x3e)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x06, kDAReturnNotMounted = (((0x3e)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x07, kDAReturnNotPermitted = (((0x3e)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x08, kDAReturnNotPrivileged = (((0x3e)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x09, kDAReturnNotReady = (((0x3e)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x0A, kDAReturnNotWritable = (((0x3e)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x0B, kDAReturnUnsupported = (((0x3e)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x0C }; 178typedef mach_error_t DAReturn; 179typedef const struct __DADissenter * DADissenterRef; 180extern DADissenterRef DADissenterCreate( CFAllocatorRef allocator, DAReturn status, CFStringRef string ); 181@interface CIContext: NSObject { 182} 183- (CGImageRef)createCGImage:(CIImage *)im fromRect:(CGRect)r; 184- (CGImageRef)createCGImage:(CIImage *)im fromRect:(CGRect)r format:(CIFormat)f colorSpace:(CGColorSpaceRef)cs; 185- (CGLayerRef)createCGLayerWithSize:(CGSize)size info:(CFDictionaryRef)d; 186@end @class NSURL; 187@protocol QCCompositionRenderer - (NSDictionary*) attributes; 188@end @interface QCRenderer : NSObject <QCCompositionRenderer> { 189} 190- (id) createSnapshotImageOfType:(NSString*)type; 191@end extern NSString* const QCViewDidStartRenderingNotification; 192@interface QCView : NSView <QCCompositionRenderer> { 193} 194- (id) createSnapshotImageOfType:(NSString*)type; 195@end enum { 196ICEXIFOrientation1 = 1, ICEXIFOrientation2 = 2, ICEXIFOrientation3 = 3, ICEXIFOrientation4 = 4, ICEXIFOrientation5 = 5, ICEXIFOrientation6 = 6, ICEXIFOrientation7 = 7, ICEXIFOrientation8 = 8, }; 197@class ICDevice; 198@protocol ICDeviceDelegate <NSObject> @required - (void)didRemoveDevice:(ICDevice*)device; 199@end @class ICCameraDevice; 200@class ICScannerDevice; 201@protocol ICScannerDeviceDelegate <ICDeviceDelegate> @optional - (void)scannerDeviceDidBecomeAvailable:(ICScannerDevice*)scanner; 202@end 203 204//===----------------------------------------------------------------------===// 205// Test cases. 206//===----------------------------------------------------------------------===// 207 208CFAbsoluteTime f1() { 209 CFAbsoluteTime t = CFAbsoluteTimeGetCurrent(); 210 CFDateRef date = CFDateCreate(0, t); 211 CFRetain(date); 212 CFRelease(date); 213 CFDateGetAbsoluteTime(date); // no-warning 214 CFRelease(date); 215 t = CFDateGetAbsoluteTime(date); // expected-warning{{Reference-counted object is used after it is released.}} 216 return t; 217} 218 219CFAbsoluteTime f2() { 220 CFAbsoluteTime t = CFAbsoluteTimeGetCurrent(); 221 CFDateRef date = CFDateCreate(0, t); 222 [((NSDate*) date) retain]; 223 CFRelease(date); 224 CFDateGetAbsoluteTime(date); // no-warning 225 [((NSDate*) date) release]; 226 t = CFDateGetAbsoluteTime(date); // expected-warning{{Reference-counted object is used after it is released.}} 227 return t; 228} 229 230 231NSDate* global_x; 232 233// Test to see if we supresss an error when we store the pointer 234// to a global. 235 236CFAbsoluteTime f3() { 237 CFAbsoluteTime t = CFAbsoluteTimeGetCurrent(); 238 CFDateRef date = CFDateCreate(0, t); 239 [((NSDate*) date) retain]; 240 CFRelease(date); 241 CFDateGetAbsoluteTime(date); // no-warning 242 global_x = (NSDate*) date; 243 [((NSDate*) date) release]; 244 t = CFDateGetAbsoluteTime(date); // no-warning 245 return t; 246} 247 248//--------------------------------------------------------------------------- 249// Test case 'f4' differs for region store and basic store. See 250// retain-release-region-store.m and retain-release-basic-store.m. 251//--------------------------------------------------------------------------- 252 253// Test a leak. 254 255CFAbsoluteTime f5(int x) { 256 CFAbsoluteTime t = CFAbsoluteTimeGetCurrent(); 257 CFDateRef date = CFDateCreate(0, t); // expected-warning{{leak}} 258 259 if (x) 260 CFRelease(date); 261 262 return t; 263} 264 265// Test a leak involving the return. 266 267CFDateRef f6(int x) { 268 CFDateRef date = CFDateCreate(0, CFAbsoluteTimeGetCurrent()); // expected-warning{{leak}} 269 CFRetain(date); 270 return date; 271} 272 273// Test a leak involving an overwrite. 274 275CFDateRef f7() { 276 CFDateRef date = CFDateCreate(0, CFAbsoluteTimeGetCurrent()); //expected-warning{{leak}} 277 CFRetain(date); 278 date = CFDateCreate(0, CFAbsoluteTimeGetCurrent()); 279 return date; 280} 281 282// Generalization of Create rule. MyDateCreate returns a CFXXXTypeRef, and 283// has the word create. 284CFDateRef MyDateCreate(); 285 286CFDateRef f8() { 287 CFDateRef date = MyDateCreate(); // expected-warning{{leak}} 288 CFRetain(date); 289 return date; 290} 291 292CFDateRef f9() { 293 CFDateRef date = CFDateCreate(0, CFAbsoluteTimeGetCurrent()); 294 int *p = 0; 295 // When allocations fail, CFDateCreate can return null. 296 if (!date) *p = 1; // expected-warning{{null}} 297 return date; 298} 299 300// Handle DiskArbitration API: 301// 302// http://developer.apple.com/DOCUMENTATION/DARWIN/Reference/DiscArbitrationFramework/ 303// 304void f10(io_service_t media, DADiskRef d, CFStringRef s) { 305 DADiskRef disk = DADiskCreateFromBSDName(kCFAllocatorDefault, 0, "hello"); // expected-warning{{leak}} 306 if (disk) NSLog(@"ok"); 307 308 disk = DADiskCreateFromIOMedia(kCFAllocatorDefault, 0, media); // expected-warning{{leak}} 309 if (disk) NSLog(@"ok"); 310 311 CFDictionaryRef dict = DADiskCopyDescription(d); // expected-warning{{leak}} 312 if (dict) NSLog(@"ok"); 313 314 disk = DADiskCopyWholeDisk(d); // expected-warning{{leak}} 315 if (disk) NSLog(@"ok"); 316 317 DADissenterRef dissenter = DADissenterCreate(kCFAllocatorDefault, // expected-warning{{leak}} 318 kDAReturnSuccess, s); 319 if (dissenter) NSLog(@"ok"); 320 321 DASessionRef session = DASessionCreate(kCFAllocatorDefault); // expected-warning{{leak}} 322 if (session) NSLog(@"ok"); 323} 324 325// Test retain/release checker with CFString and CFMutableArray. 326void f11() { 327 // Create the array. 328 CFMutableArrayRef A = CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); 329 330 // Create a string. 331 CFStringRef s1 = CFStringCreateWithCString(0, "hello world", 332 kCFStringEncodingUTF8); 333 334 // Add the string to the array. 335 CFArrayAppendValue(A, s1); 336 337 // Decrement the reference count. 338 CFRelease(s1); // no-warning 339 340 // Get the string. We don't own it. 341 s1 = (CFStringRef) CFArrayGetValueAtIndex(A, 0); 342 343 // Release the array. 344 CFRelease(A); // no-warning 345 346 // Release the string. This is a bug. 347 CFRelease(s1); // expected-warning{{Incorrect decrement of the reference count}} 348} 349 350// PR 3337: Handle functions declared using typedefs. 351typedef CFTypeRef CREATEFUN(); 352CREATEFUN MyCreateFun; 353 354void f12() { 355 CFTypeRef o = MyCreateFun(); // expected-warning {{leak}} 356} 357 358void f13_autorelease() { 359 CFMutableArrayRef A = CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); // no-warning 360 [(id) A autorelease]; // no-warning 361} 362 363void f13_autorelease_b() { 364 CFMutableArrayRef A = CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); 365 [(id) A autorelease]; 366 [(id) A autorelease]; // expected-warning{{Object sent -autorelease too many times}} 367} 368 369CFMutableArrayRef f13_autorelease_c() { 370 CFMutableArrayRef A = CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); 371 [(id) A autorelease]; 372 [(id) A autorelease]; 373 return A; // expected-warning{{Object sent -autorelease too many times}} 374} 375 376CFMutableArrayRef f13_autorelease_d() { 377 CFMutableArrayRef A = CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); 378 [(id) A autorelease]; 379 [(id) A autorelease]; 380 CFMutableArrayRef B = CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); // expected-warning{{Object sent -autorelease too many times}} 381 CFRelease(B); // no-warning 382 while (1) {} 383} 384 385 386// This case exercises the logic where the leak site is the same as the allocation site. 387void f14_leakimmediately() { 388 CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); // expected-warning{{leak}} 389} 390 391// Test that we track an allocated object beyond the point where the *name* 392// of the variable storing the reference is no longer live. 393void f15() { 394 // Create the array. 395 CFMutableArrayRef A = CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); 396 CFMutableArrayRef *B = &A; 397 // At this point, the name 'A' is no longer live. 398 CFRelease(*B); // no-warning 399} 400 401// Test when we pass NULL to CFRetain/CFRelease. 402void f16(int x, CFTypeRef p) { 403 if (p) 404 return; 405 406 if (x) { 407 CFRelease(p); // expected-warning{{Null pointer argument in call to CFRelease}} 408 } 409 else { 410 CFRetain(p); // expected-warning{{Null pointer argument in call to CFRetain}} 411 } 412} 413 414// Test basic tracking of ivars associated with 'self'. For the retain/release 415// checker we currently do not want to flag leaks associated with stores 416// of tracked objects to ivars. 417@interface SelfIvarTest : NSObject { 418 id myObj; 419} 420- (void)test_self_tracking; 421@end 422 423@implementation SelfIvarTest 424- (void)test_self_tracking { 425 myObj = (id) CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); // no-warning 426} 427@end 428 429// Test return of non-owned objects in contexts where an owned object 430// is expected. 431@interface TestReturnNotOwnedWhenExpectedOwned 432- (NSString*)newString; 433@end 434 435@implementation TestReturnNotOwnedWhenExpectedOwned 436- (NSString*)newString { 437 NSString *s = [NSString stringWithUTF8String:"hello"]; 438 return s; // expected-warning{{Object with +0 retain counts returned to caller where a +1 (owning) retain count is expected}} 439} 440@end 441 442// <rdar://problem/6659160> 443int isFoo(char c); 444 445static void rdar_6659160(char *inkind, char *inname) 446{ 447 // We currently expect that [NSObject alloc] cannot fail. This 448 // will be a toggled flag in the future. It can indeed return null, but 449 // Cocoa programmers generally aren't expected to reason about out-of-memory 450 // conditions. 451 NSString *kind = [[NSString alloc] initWithUTF8String:inkind]; // expected-warning{{leak}} 452 453 // We do allow stringWithUTF8String to fail. This isn't really correct, as 454 // far as returning 0. In most error conditions it will throw an exception. 455 // If allocation fails it could return 0, but again this 456 // isn't expected. 457 NSString *name = [NSString stringWithUTF8String:inname]; 458 if(!name) 459 return; 460 461 const char *kindC = 0; 462 const char *nameC = 0; 463 464 // In both cases, we cannot reach a point down below where we 465 // dereference kindC or nameC with either being null. This is because 466 // we assume that [NSObject alloc] doesn't fail and that we have the guard 467 // up above. 468 469 if(kind) 470 kindC = [kind UTF8String]; 471 if(name) 472 nameC = [name UTF8String]; 473 if(!isFoo(kindC[0])) // expected-warning{{null}} 474 return; 475 if(!isFoo(nameC[0])) // no-warning 476 return; 477 478 [kind release]; 479 [name release]; // expected-warning{{Incorrect decrement of the reference count}} 480} 481 482// PR 3677 - 'allocWithZone' should be treated as following the Cocoa naming 483// conventions with respect to 'return'ing ownership. 484@interface PR3677: NSObject @end 485@implementation PR3677 486+ (id)allocWithZone:(NSZone *)inZone { 487 return [super allocWithZone:inZone]; // no-warning 488} 489@end 490 491// PR 3820 - Reason about calls to -dealloc 492void pr3820_DeallocInsteadOfRelease(void) 493{ 494 id foo = [[NSString alloc] init]; // no-warning 495 [foo dealloc]; 496 // foo is not leaked, since it has been deallocated. 497} 498 499void pr3820_ReleaseAfterDealloc(void) 500{ 501 id foo = [[NSString alloc] init]; 502 [foo dealloc]; 503 [foo release]; // expected-warning{{used after it is release}} 504 // NSInternalInconsistencyException: message sent to deallocated object 505} 506 507void pr3820_DeallocAfterRelease(void) 508{ 509 NSLog(@"\n\n[%s]", __FUNCTION__); 510 id foo = [[NSString alloc] init]; 511 [foo release]; 512 [foo dealloc]; // expected-warning{{used after it is released}} 513 // message sent to released object 514} 515 516// From <rdar://problem/6704930>. The problem here is that 'length' binds to 517// '($0 - 1)' after '--length', but SimpleConstraintManager doesn't know how to 518// reason about '($0 - 1) > constant'. As a temporary hack, we drop the value 519// of '($0 - 1)' and conjure a new symbol. 520void rdar6704930(unsigned char *s, unsigned int length) { 521 NSString* name = 0; 522 if (s != 0) { 523 if (length > 0) { 524 while (length > 0) { 525 if (*s == ':') { 526 ++s; 527 --length; 528 name = [[NSString alloc] init]; // no-warning 529 break; 530 } 531 ++s; 532 --length; 533 } 534 if ((length == 0) && (name != 0)) { 535 [name release]; 536 name = 0; 537 } 538 if (length == 0) { // no ':' found -> use it all as name 539 name = [[NSString alloc] init]; // no-warning 540 } 541 } 542 } 543 544 if (name != 0) { 545 [name release]; 546 } 547} 548 549//===----------------------------------------------------------------------===// 550// <rdar://problem/6833332> 551// One build of the analyzer accidentally stopped tracking the allocated 552// object after the 'retain'. 553//===----------------------------------------------------------------------===// 554 555@interface rdar_6833332 : NSObject <NSApplicationDelegate> { 556 NSWindow *window; 557} 558@property (nonatomic, retain) NSWindow *window; 559@end 560 561@implementation rdar_6833332 562@synthesize window; 563- (void)applicationDidFinishLaunching:(NSNotification *)aNotification { 564 NSMutableDictionary *dict = [[NSMutableDictionary dictionaryWithCapacity:4] retain]; // expected-warning{{leak}} 565 566 [dict setObject:@"foo" forKey:@"bar"]; 567 568 NSLog(@"%@", dict); 569} 570- (void)dealloc { 571 [window release]; 572 [super dealloc]; 573} 574@end 575 576//===----------------------------------------------------------------------===// 577// <rdar://problem/6257780> clang checker fails to catch use-after-release 578//===----------------------------------------------------------------------===// 579 580int rdar_6257780_Case1() { 581 NSAutoreleasePool * pool = [[NSAutoreleasePool alloc] init]; 582 NSArray *array = [NSArray array]; 583 [array release]; // expected-warning{{Incorrect decrement of the reference count of an object is not owned at this point by the caller}} 584 [pool drain]; 585 return 0; 586} 587 588//===----------------------------------------------------------------------===// 589// <rdar://problem/6866843> Checker should understand new/setObject:/release constructs 590//===----------------------------------------------------------------------===// 591 592void rdar_6866843() { 593 NSAutoreleasePool * pool = [[NSAutoreleasePool alloc] init]; 594 NSMutableDictionary* dictionary = [[NSMutableDictionary alloc] init]; 595 NSArray* array = [[NSArray alloc] init]; 596 [dictionary setObject:array forKey:@"key"]; 597 [array release]; 598 // Using 'array' here should be fine 599 NSLog(@"array = %@\n", array); // no-warning 600 // Now the array is released 601 [dictionary release]; 602 [pool drain]; 603} 604 605 606//===----------------------------------------------------------------------===// 607// <rdar://problem/6877235> Classes typedef-ed to CF objects should get the same treatment as CF objects 608//===----------------------------------------------------------------------===// 609 610typedef CFTypeRef OtherRef; 611 612@interface RDar6877235 : NSObject {} 613- (CFTypeRef)_copyCFTypeRef; 614- (OtherRef)_copyOtherRef; 615@end 616 617@implementation RDar6877235 618- (CFTypeRef)_copyCFTypeRef { 619 return [[NSString alloc] init]; // no-warning 620} 621- (OtherRef)_copyOtherRef { 622 return [[NSString alloc] init]; // no-warning 623} 624@end 625 626//===----------------------------------------------------------------------===// 627//<rdar://problem/6320065> false positive - init method returns an object owned by caller 628//===----------------------------------------------------------------------===// 629 630@interface RDar6320065 : NSObject { 631 NSString *_foo; 632} 633- (id)initReturningNewClass; 634- (id)initReturningNewClassBad; 635- (id)initReturningNewClassBad2; 636@end 637 638@interface RDar6320065Subclass : RDar6320065 639@end 640 641@implementation RDar6320065 642- (id)initReturningNewClass { 643 [self release]; 644 self = [[RDar6320065Subclass alloc] init]; // no-warning 645 return self; 646} 647- (id)initReturningNewClassBad { 648 [self release]; 649 [[RDar6320065Subclass alloc] init]; // expected-warning {{leak}} 650 return self; 651} 652- (id)initReturningNewClassBad2 { 653 [self release]; 654 self = [[RDar6320065Subclass alloc] init]; 655 return [self autorelease]; // expected-warning{{Object with +0 retain counts returned to caller where a +1 (owning) retain count is expected}} 656} 657 658@end 659 660@implementation RDar6320065Subclass 661@end 662 663int RDar6320065_test() { 664 RDar6320065 *test = [[RDar6320065 alloc] init]; // no-warning 665 [test release]; 666 return 0; 667} 668 669//===----------------------------------------------------------------------===// 670// <rdar://problem/6859457> [NSData dataWithBytesNoCopy] does not return a retained object 671//===----------------------------------------------------------------------===// 672 673@interface RDar6859457 : NSObject {} 674- (NSString*) NoCopyString; 675- (NSString*) noCopyString; 676@end 677 678@implementation RDar6859457 679- (NSString*) NoCopyString { return [[NSString alloc] init]; } // no-warning 680- (NSString*) noCopyString { return [[NSString alloc] init]; } // no-warning 681@end 682 683void test_RDar6859457(RDar6859457 *x, void *bytes, NSUInteger dataLength) { 684 [x NoCopyString]; // expected-warning{{leak}} 685 [x noCopyString]; // expected-warning{{leak}} 686 [NSData dataWithBytesNoCopy:bytes length:dataLength]; // no-warning 687 [NSData dataWithBytesNoCopy:bytes length:dataLength freeWhenDone:1]; // no-warning 688} 689 690//===----------------------------------------------------------------------===// 691// PR 4230 - an autorelease pool is not necessarily leaked during a premature 692// return 693//===----------------------------------------------------------------------===// 694 695static void PR4230(void) 696{ 697 NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init]; // no-warning 698 NSString *object = [[[NSString alloc] init] autorelease]; // no-warning 699 return; 700} 701 702//===----------------------------------------------------------------------===// 703// Method name that has a null IdentifierInfo* for its first selector slot. 704// This test just makes sure that we handle it. 705//===----------------------------------------------------------------------===// 706 707@interface TestNullIdentifier 708@end 709 710@implementation TestNullIdentifier 711+ (id):(int)x, ... { 712 return [[NSString alloc] init]; // expected-warning{{leak}} 713} 714@end 715 716//===----------------------------------------------------------------------===// 717// <rdar://problem/6893565> don't flag leaks for return types that cannot be 718// determined to be CF types 719//===----------------------------------------------------------------------===// 720 721// We don't know if 'struct s6893565' represents a Core Foundation type, so 722// we shouldn't emit an error here. 723typedef struct s6893565* TD6893565; 724 725@interface RDar6893565 {} 726-(TD6893565)newThing; 727@end 728 729@implementation RDar6893565 730-(TD6893565)newThing { 731 return (TD6893565) [[NSString alloc] init]; // no-warning 732} 733@end 734 735//===----------------------------------------------------------------------===// 736// <rdar://problem/6902710> clang: false positives w/QC and CoreImage methods 737//===----------------------------------------------------------------------===// 738 739void rdar6902710(QCView *view, QCRenderer *renderer, CIContext *context, 740 NSString *str, CIImage *img, CGRect rect, 741 CIFormat form, CGColorSpaceRef cs) { 742 [view createSnapshotImageOfType:str]; // expected-warning{{leak}} 743 [renderer createSnapshotImageOfType:str]; // expected-warning{{leak}} 744 [context createCGImage:img fromRect:rect]; // expected-warning{{leak}} 745 [context createCGImage:img fromRect:rect format:form colorSpace:cs]; // expected-warning{{leak}} 746} 747 748//===----------------------------------------------------------------------===// 749// <rdar://problem/6945561> -[CIContext createCGLayerWithSize:info:] 750// misinterpreted by clang scan-build 751//===----------------------------------------------------------------------===// 752 753void rdar6945561(CIContext *context, CGSize size, CFDictionaryRef d) { 754 [context createCGLayerWithSize:size info:d]; // expected-warning{{leak}} 755} 756 757//===----------------------------------------------------------------------===// 758// <rdar://problem/6961230> add knowledge of IOKit functions to retain/release 759// checker 760//===----------------------------------------------------------------------===// 761 762void IOBSDNameMatching_wrapper(mach_port_t masterPort, uint32_t options, const char * bsdName) { 763 IOBSDNameMatching(masterPort, options, bsdName); // expected-warning{{leak}} 764} 765 766void IOServiceMatching_wrapper(const char * name) { 767 IOServiceMatching(name); // expected-warning{{leak}} 768} 769 770void IOServiceNameMatching_wrapper(const char * name) { 771 IOServiceNameMatching(name); // expected-warning{{leak}} 772} 773 774CF_RETURNS_RETAINED CFDictionaryRef CreateDict(); 775 776void IOServiceAddNotification_wrapper(mach_port_t masterPort, const io_name_t notificationType, 777 mach_port_t wakePort, uintptr_t reference, io_iterator_t * notification ) { 778 779 CFDictionaryRef matching = CreateDict(); 780 CFRelease(matching); 781 IOServiceAddNotification(masterPort, notificationType, matching, // expected-warning{{used after it is released}} expected-warning{{deprecated}} 782 wakePort, reference, notification); 783} 784 785void IORegistryEntryIDMatching_wrapper(uint64_t entryID ) { 786 IORegistryEntryIDMatching(entryID); // expected-warning{{leak}} 787} 788 789void IOOpenFirmwarePathMatching_wrapper(mach_port_t masterPort, uint32_t options, 790 const char * path) { 791 IOOpenFirmwarePathMatching(masterPort, options, path); // expected-warning{{leak}} 792} 793 794void IOServiceGetMatchingService_wrapper(mach_port_t masterPort) { 795 CFDictionaryRef matching = CreateDict(); 796 IOServiceGetMatchingService(masterPort, matching); 797 CFRelease(matching); // expected-warning{{used after it is released}} 798} 799 800void IOServiceGetMatchingServices_wrapper(mach_port_t masterPort, io_iterator_t *existing) { 801 CFDictionaryRef matching = CreateDict(); 802 IOServiceGetMatchingServices(masterPort, matching, existing); 803 CFRelease(matching); // expected-warning{{used after it is released}} 804} 805 806void IOServiceAddMatchingNotification_wrapper(IONotificationPortRef notifyPort, const io_name_t notificationType, 807 IOServiceMatchingCallback callback, void * refCon, io_iterator_t * notification) { 808 809 CFDictionaryRef matching = CreateDict(); 810 IOServiceAddMatchingNotification(notifyPort, notificationType, matching, callback, refCon, notification); 811 CFRelease(matching); // expected-warning{{used after it is released}} 812} 813 814//===----------------------------------------------------------------------===// 815// Tests of ownership attributes. 816//===----------------------------------------------------------------------===// 817 818typedef NSString* MyStringTy; 819 820@protocol FooP; 821 822@interface TestOwnershipAttr : NSObject 823- (NSString*) returnsAnOwnedString NS_RETURNS_RETAINED; // no-warning 824- (NSString*) returnsAnOwnedCFString CF_RETURNS_RETAINED; // no-warning 825- (MyStringTy) returnsAnOwnedTypedString NS_RETURNS_RETAINED; // no-warning 826- (int) returnsAnOwnedInt NS_RETURNS_RETAINED; // expected-warning{{'ns_returns_retained' attribute only applies to functions or methods that return a pointer or Objective-C object}} 827- (id<FooP>) returnsOwnedProt NS_RETURNS_RETAINED; // no-warning 828@end 829 830static int ownership_attribute_doesnt_go_here NS_RETURNS_RETAINED; // expected-warning{{'ns_returns_retained' attribute only applies to function or method types}} 831 832void test_attr_1(TestOwnershipAttr *X) { 833 NSString *str = [X returnsAnOwnedString]; // expected-warning{{leak}} 834} 835 836void test_attr_1b(TestOwnershipAttr *X) { 837 NSString *str = [X returnsAnOwnedCFString]; // expected-warning{{leak}} 838} 839 840@interface MyClassTestCFAttr : NSObject {} 841- (NSDate*) returnsCFRetained CF_RETURNS_RETAINED; 842- (CFDateRef) returnsCFRetainedAsCF CF_RETURNS_RETAINED; 843- (NSDate*) alsoReturnsRetained; 844- (CFDateRef) alsoReturnsRetainedAsCF; 845- (NSDate*) returnsNSRetained NS_RETURNS_RETAINED; 846@end 847 848CF_RETURNS_RETAINED 849CFDateRef returnsRetainedCFDate() { 850 return CFDateCreate(0, CFAbsoluteTimeGetCurrent()); 851} 852 853@implementation MyClassTestCFAttr 854- (NSDate*) returnsCFRetained { 855 return (NSDate*) returnsRetainedCFDate(); // No leak. 856} 857 858- (CFDateRef) returnsCFRetainedAsCF { 859 return returnsRetainedCFDate(); // No leak. 860} 861 862 863- (NSDate*) alsoReturnsRetained { 864 return (NSDate*) returnsRetainedCFDate(); // expected-warning{{leak}} 865} 866 867- (CFDateRef) alsoReturnsRetainedAsCF { 868 return returnsRetainedCFDate(); // expected-warning{{leak}} 869} 870 871 872- (NSDate*) returnsNSRetained { 873 return (NSDate*) returnsRetainedCFDate(); // no-warning 874} 875@end 876 877 878 879