retain-release.m revision f7a0cf426eddae76e1a71dd2295631a2cf0560af
1//>>SLICER 2// RUN: clang-cc -analyze -checker-cfref -analyzer-store=basic -verify %s && 3// RUN: clang-cc -analyze -checker-cfref -analyzer-store=region -verify %s 4 5#if __has_feature(attribute_ns_returns_retained) 6#define NS_RETURNS_RETAINED __attribute__((ns_returns_retained)) 7#endif 8#if __has_feature(attribute_cf_returns_retained) 9#define CF_RETURNS_RETAINED __attribute__((cf_returns_retained)) 10#endif 11 12//===----------------------------------------------------------------------===// 13// The following code is reduced using delta-debugging from Mac OS X headers: 14// 15// #include <Cocoa/Cocoa.h> 16// #include <CoreFoundation/CoreFoundation.h> 17// #include <DiskArbitration/DiskArbitration.h> 18// #include <QuartzCore/QuartzCore.h> 19// #include <Quartz/Quartz.h> 20// #include <IOKit/IOKitLib.h> 21// 22// It includes the basic definitions for the test cases below. 23//===----------------------------------------------------------------------===// 24 25typedef unsigned int __darwin_natural_t; 26typedef unsigned long uintptr_t; 27typedef unsigned int uint32_t; 28typedef unsigned long long uint64_t; 29typedef unsigned int UInt32; 30typedef signed long CFIndex; 31typedef const void * CFTypeRef; 32typedef const struct __CFString * CFStringRef; 33typedef const struct __CFAllocator * CFAllocatorRef; 34extern const CFAllocatorRef kCFAllocatorDefault; 35extern CFTypeRef CFRetain(CFTypeRef cf); 36extern void CFRelease(CFTypeRef cf); 37typedef struct { 38} 39CFArrayCallBacks; 40extern const CFArrayCallBacks kCFTypeArrayCallBacks; 41typedef const struct __CFArray * CFArrayRef; 42typedef struct __CFArray * CFMutableArrayRef; 43extern CFMutableArrayRef CFArrayCreateMutable(CFAllocatorRef allocator, CFIndex capacity, const CFArrayCallBacks *callBacks); 44extern const void *CFArrayGetValueAtIndex(CFArrayRef theArray, CFIndex idx); 45extern void CFArrayAppendValue(CFMutableArrayRef theArray, const void *value); 46typedef const struct __CFDictionary * CFDictionaryRef; 47typedef struct __CFDictionary * CFMutableDictionaryRef; 48typedef UInt32 CFStringEncoding; 49enum { 50kCFStringEncodingMacRoman = 0, kCFStringEncodingWindowsLatin1 = 0x0500, kCFStringEncodingISOLatin1 = 0x0201, kCFStringEncodingNextStepLatin = 0x0B01, kCFStringEncodingASCII = 0x0600, kCFStringEncodingUnicode = 0x0100, kCFStringEncodingUTF8 = 0x08000100, kCFStringEncodingNonLossyASCII = 0x0BFF , kCFStringEncodingUTF16 = 0x0100, kCFStringEncodingUTF16BE = 0x10000100, kCFStringEncodingUTF16LE = 0x14000100, kCFStringEncodingUTF32 = 0x0c000100, kCFStringEncodingUTF32BE = 0x18000100, kCFStringEncodingUTF32LE = 0x1c000100 }; 51extern CFStringRef CFStringCreateWithCString(CFAllocatorRef alloc, const char *cStr, CFStringEncoding encoding); 52typedef double CFTimeInterval; 53typedef CFTimeInterval CFAbsoluteTime; 54extern CFAbsoluteTime CFAbsoluteTimeGetCurrent(void); 55typedef const struct __CFDate * CFDateRef; 56extern CFDateRef CFDateCreate(CFAllocatorRef allocator, CFAbsoluteTime at); 57extern CFAbsoluteTime CFDateGetAbsoluteTime(CFDateRef theDate); 58typedef __darwin_natural_t natural_t; 59typedef natural_t mach_port_name_t; 60typedef mach_port_name_t mach_port_t; 61typedef int kern_return_t; 62typedef kern_return_t mach_error_t; 63typedef signed char BOOL; 64typedef unsigned long NSUInteger; 65@class NSString, Protocol; 66extern void NSLog(NSString *format, ...) __attribute__((format(__NSString__, 1, 2))); 67typedef struct _NSZone NSZone; 68@class NSInvocation, NSMethodSignature, NSCoder, NSString, NSEnumerator; 69@protocol NSObject - (BOOL)isEqual:(id)object; 70- (id)retain; 71- (oneway void)release; 72- (id)autorelease; 73@end @protocol NSCopying - (id)copyWithZone:(NSZone *)zone; 74@end @protocol NSMutableCopying - (id)mutableCopyWithZone:(NSZone *)zone; 75@end @protocol NSCoding - (void)encodeWithCoder:(NSCoder *)aCoder; 76@end @interface NSObject <NSObject> { 77} 78+ (id)allocWithZone:(NSZone *)zone; 79+ (id)alloc; 80- (void)dealloc; 81@end extern id NSAllocateObject(Class aClass, NSUInteger extraBytes, NSZone *zone); 82typedef struct { 83} 84NSFastEnumerationState; 85@protocol NSFastEnumeration - (NSUInteger)countByEnumeratingWithState:(NSFastEnumerationState *)state objects:(id *)stackbuf count:(NSUInteger)len; 86@end @class NSString; 87@interface NSArray : NSObject <NSCopying, NSMutableCopying, NSCoding, NSFastEnumeration> - (NSUInteger)count; 88@end @interface NSArray (NSArrayCreation) + (id)array; 89@end @interface NSAutoreleasePool : NSObject { 90} 91- (void)drain; 92@end extern NSString * const NSBundleDidLoadNotification; 93typedef double NSTimeInterval; 94@interface NSDate : NSObject <NSCopying, NSCoding> - (NSTimeInterval)timeIntervalSinceReferenceDate; 95@end typedef unsigned short unichar; 96@interface NSString : NSObject <NSCopying, NSMutableCopying, NSCoding> - (NSUInteger)length; 97- ( const char *)UTF8String; 98- (id)initWithUTF8String:(const char *)nullTerminatedCString; 99+ (id)stringWithUTF8String:(const char *)nullTerminatedCString; 100@end @class NSString, NSData; 101@interface NSData : NSObject <NSCopying, NSMutableCopying, NSCoding> - (NSUInteger)length; 102+ (id)dataWithBytesNoCopy:(void *)bytes length:(NSUInteger)length; 103+ (id)dataWithBytesNoCopy:(void *)bytes length:(NSUInteger)length freeWhenDone:(BOOL)b; 104@end @class NSString; 105@interface NSDictionary : NSObject <NSCopying, NSMutableCopying, NSCoding, NSFastEnumeration> - (NSUInteger)count; 106@end @interface NSMutableDictionary : NSDictionary - (void)removeObjectForKey:(id)aKey; 107- (void)setObject:(id)anObject forKey:(id)aKey; 108@end @interface NSMutableDictionary (NSMutableDictionaryCreation) + (id)dictionaryWithCapacity:(NSUInteger)numItems; 109@end typedef double CGFloat; 110struct CGSize { 111}; 112typedef struct CGSize CGSize; 113struct CGRect { 114}; 115typedef struct CGRect CGRect; 116@protocol NSLocking - (void)lock; 117- (id)init; 118@end @class NSURLAuthenticationChallenge; 119typedef mach_port_t io_object_t; 120typedef char io_name_t[128]; 121typedef io_object_t io_iterator_t; 122typedef io_object_t io_service_t; 123typedef struct IONotificationPort * IONotificationPortRef; 124typedef void (*IOServiceMatchingCallback)( void * refcon, io_iterator_t iterator ); 125io_service_t IOServiceGetMatchingService( mach_port_t masterPort, CFDictionaryRef matching ); 126kern_return_t IOServiceGetMatchingServices( mach_port_t masterPort, CFDictionaryRef matching, io_iterator_t * existing ); 127kern_return_t IOServiceAddNotification( mach_port_t masterPort, const io_name_t notificationType, CFDictionaryRef matching, mach_port_t wakePort, uintptr_t reference, io_iterator_t * notification ) __attribute__((deprecated)); 128kern_return_t IOServiceAddMatchingNotification( IONotificationPortRef notifyPort, const io_name_t notificationType, CFDictionaryRef matching, IOServiceMatchingCallback callback, void * refCon, io_iterator_t * notification ); 129CFMutableDictionaryRef IOServiceMatching( const char * name ); 130CFMutableDictionaryRef IOServiceNameMatching( const char * name ); 131CFMutableDictionaryRef IOBSDNameMatching( mach_port_t masterPort, uint32_t options, const char * bsdName ); 132CFMutableDictionaryRef IOOpenFirmwarePathMatching( mach_port_t masterPort, uint32_t options, const char * path ); 133CFMutableDictionaryRef IORegistryEntryIDMatching( uint64_t entryID ); 134typedef struct __DASession * DASessionRef; 135extern DASessionRef DASessionCreate( CFAllocatorRef allocator ); 136typedef struct __DADisk * DADiskRef; 137extern DADiskRef DADiskCreateFromBSDName( CFAllocatorRef allocator, DASessionRef session, const char * name ); 138extern DADiskRef DADiskCreateFromIOMedia( CFAllocatorRef allocator, DASessionRef session, io_service_t media ); 139extern CFDictionaryRef DADiskCopyDescription( DADiskRef disk ); 140extern DADiskRef DADiskCopyWholeDisk( DADiskRef disk ); 141typedef struct CGColorSpace *CGColorSpaceRef; 142typedef struct CGImage *CGImageRef; 143 typedef struct CGLayer *CGLayerRef; 144 @class NSArray, NSError, NSEvent, NSMenu, NSUndoManager, NSWindow; 145@interface NSResponder : NSObject <NSCoding> { 146} 147@end @protocol NSAnimatablePropertyContainer - (id)animator; 148@end extern NSString *NSAnimationTriggerOrderIn ; 149@interface NSView : NSResponder <NSAnimatablePropertyContainer> { 150struct __VFlags2 { 151} 152_vFlags2; 153} 154@end extern NSString * const NSFullScreenModeAllScreens; 155@protocol NSChangeSpelling - (void)changeSpelling:(id)sender; 156@end @protocol NSIgnoreMisspelledWords - (void)ignoreSpelling:(id)sender; 157@end @class NSColor, NSFont, NSNotification; 158@interface NSText : NSView <NSChangeSpelling, NSIgnoreMisspelledWords> { 159} 160@end @protocol NSValidatedUserInterfaceItem - (SEL)action; 161@end @protocol NSUserInterfaceValidations - (BOOL)validateUserInterfaceItem:(id <NSValidatedUserInterfaceItem>)anItem; 162@end @class NSArray, NSError, NSImage, NSView, NSNotificationCenter, NSURL, NSScreen, NSRunningApplication; 163@interface NSApplication : NSResponder <NSUserInterfaceValidations> { 164} 165@end enum { 166NSTerminateCancel = 0, NSTerminateNow = 1, NSTerminateLater = 2 }; 167typedef NSUInteger NSApplicationTerminateReply; 168@protocol NSApplicationDelegate <NSObject> @optional - (NSApplicationTerminateReply)applicationShouldTerminate:(NSApplication *)sender; 169@end enum { 170} 171_CFlags; 172@interface CIImage : NSObject <NSCoding, NSCopying> { 173} 174typedef int CIFormat; 175@end enum { 176kDAReturnSuccess = 0, kDAReturnError = (((0x3e)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x01, kDAReturnBusy = (((0x3e)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x02, kDAReturnBadArgument = (((0x3e)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x03, kDAReturnExclusiveAccess = (((0x3e)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x04, kDAReturnNoResources = (((0x3e)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x05, kDAReturnNotFound = (((0x3e)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x06, kDAReturnNotMounted = (((0x3e)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x07, kDAReturnNotPermitted = (((0x3e)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x08, kDAReturnNotPrivileged = (((0x3e)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x09, kDAReturnNotReady = (((0x3e)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x0A, kDAReturnNotWritable = (((0x3e)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x0B, kDAReturnUnsupported = (((0x3e)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x0C }; 177typedef mach_error_t DAReturn; 178typedef const struct __DADissenter * DADissenterRef; 179extern DADissenterRef DADissenterCreate( CFAllocatorRef allocator, DAReturn status, CFStringRef string ); 180@interface CIContext: NSObject { 181} 182- (CGImageRef)createCGImage:(CIImage *)im fromRect:(CGRect)r; 183- (CGImageRef)createCGImage:(CIImage *)im fromRect:(CGRect)r format:(CIFormat)f colorSpace:(CGColorSpaceRef)cs; 184- (CGLayerRef)createCGLayerWithSize:(CGSize)size info:(CFDictionaryRef)d; 185@end @class NSURL; 186@protocol QCCompositionRenderer - (NSDictionary*) attributes; 187@end @interface QCRenderer : NSObject <QCCompositionRenderer> { 188} 189- (id) createSnapshotImageOfType:(NSString*)type; 190@end extern NSString* const QCViewDidStartRenderingNotification; 191@interface QCView : NSView <QCCompositionRenderer> { 192} 193- (id) createSnapshotImageOfType:(NSString*)type; 194@end enum { 195ICEXIFOrientation1 = 1, ICEXIFOrientation2 = 2, ICEXIFOrientation3 = 3, ICEXIFOrientation4 = 4, ICEXIFOrientation5 = 5, ICEXIFOrientation6 = 6, ICEXIFOrientation7 = 7, ICEXIFOrientation8 = 8, }; 196@class ICDevice; 197@protocol ICDeviceDelegate <NSObject> @required - (void)didRemoveDevice:(ICDevice*)device; 198@end @class ICCameraDevice; 199@class ICScannerDevice; 200@protocol ICScannerDeviceDelegate <ICDeviceDelegate> @optional - (void)scannerDeviceDidBecomeAvailable:(ICScannerDevice*)scanner; 201@end 202 203//===----------------------------------------------------------------------===// 204// Test cases. 205//===----------------------------------------------------------------------===// 206 207CFAbsoluteTime f1() { 208 CFAbsoluteTime t = CFAbsoluteTimeGetCurrent(); 209 CFDateRef date = CFDateCreate(0, t); 210 CFRetain(date); 211 CFRelease(date); 212 CFDateGetAbsoluteTime(date); // no-warning 213 CFRelease(date); 214 t = CFDateGetAbsoluteTime(date); // expected-warning{{Reference-counted object is used after it is released.}} 215 return t; 216} 217 218CFAbsoluteTime f2() { 219 CFAbsoluteTime t = CFAbsoluteTimeGetCurrent(); 220 CFDateRef date = CFDateCreate(0, t); 221 [((NSDate*) date) retain]; 222 CFRelease(date); 223 CFDateGetAbsoluteTime(date); // no-warning 224 [((NSDate*) date) release]; 225 t = CFDateGetAbsoluteTime(date); // expected-warning{{Reference-counted object is used after it is released.}} 226 return t; 227} 228 229 230NSDate* global_x; 231 232// Test to see if we supresss an error when we store the pointer 233// to a global. 234 235CFAbsoluteTime f3() { 236 CFAbsoluteTime t = CFAbsoluteTimeGetCurrent(); 237 CFDateRef date = CFDateCreate(0, t); 238 [((NSDate*) date) retain]; 239 CFRelease(date); 240 CFDateGetAbsoluteTime(date); // no-warning 241 global_x = (NSDate*) date; 242 [((NSDate*) date) release]; 243 t = CFDateGetAbsoluteTime(date); // no-warning 244 return t; 245} 246 247//--------------------------------------------------------------------------- 248// Test case 'f4' differs for region store and basic store. See 249// retain-release-region-store.m and retain-release-basic-store.m. 250//--------------------------------------------------------------------------- 251 252// Test a leak. 253 254CFAbsoluteTime f5(int x) { 255 CFAbsoluteTime t = CFAbsoluteTimeGetCurrent(); 256 CFDateRef date = CFDateCreate(0, t); // expected-warning{{leak}} 257 258 if (x) 259 CFRelease(date); 260 261 return t; 262} 263 264// Test a leak involving the return. 265 266CFDateRef f6(int x) { 267 CFDateRef date = CFDateCreate(0, CFAbsoluteTimeGetCurrent()); // expected-warning{{leak}} 268 CFRetain(date); 269 return date; 270} 271 272// Test a leak involving an overwrite. 273 274CFDateRef f7() { 275 CFDateRef date = CFDateCreate(0, CFAbsoluteTimeGetCurrent()); //expected-warning{{leak}} 276 CFRetain(date); 277 date = CFDateCreate(0, CFAbsoluteTimeGetCurrent()); 278 return date; 279} 280 281// Generalization of Create rule. MyDateCreate returns a CFXXXTypeRef, and 282// has the word create. 283CFDateRef MyDateCreate(); 284 285CFDateRef f8() { 286 CFDateRef date = MyDateCreate(); // expected-warning{{leak}} 287 CFRetain(date); 288 return date; 289} 290 291CFDateRef f9() { 292 CFDateRef date = CFDateCreate(0, CFAbsoluteTimeGetCurrent()); 293 int *p = 0; 294 // When allocations fail, CFDateCreate can return null. 295 if (!date) *p = 1; // expected-warning{{null}} 296 return date; 297} 298 299// Handle DiskArbitration API: 300// 301// http://developer.apple.com/DOCUMENTATION/DARWIN/Reference/DiscArbitrationFramework/ 302// 303void f10(io_service_t media, DADiskRef d, CFStringRef s) { 304 DADiskRef disk = DADiskCreateFromBSDName(kCFAllocatorDefault, 0, "hello"); // expected-warning{{leak}} 305 if (disk) NSLog(@"ok"); 306 307 disk = DADiskCreateFromIOMedia(kCFAllocatorDefault, 0, media); // expected-warning{{leak}} 308 if (disk) NSLog(@"ok"); 309 310 CFDictionaryRef dict = DADiskCopyDescription(d); // expected-warning{{leak}} 311 if (dict) NSLog(@"ok"); 312 313 disk = DADiskCopyWholeDisk(d); // expected-warning{{leak}} 314 if (disk) NSLog(@"ok"); 315 316 DADissenterRef dissenter = DADissenterCreate(kCFAllocatorDefault, // expected-warning{{leak}} 317 kDAReturnSuccess, s); 318 if (dissenter) NSLog(@"ok"); 319 320 DASessionRef session = DASessionCreate(kCFAllocatorDefault); // expected-warning{{leak}} 321 if (session) NSLog(@"ok"); 322} 323 324// Test retain/release checker with CFString and CFMutableArray. 325void f11() { 326 // Create the array. 327 CFMutableArrayRef A = CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); 328 329 // Create a string. 330 CFStringRef s1 = CFStringCreateWithCString(0, "hello world", 331 kCFStringEncodingUTF8); 332 333 // Add the string to the array. 334 CFArrayAppendValue(A, s1); 335 336 // Decrement the reference count. 337 CFRelease(s1); // no-warning 338 339 // Get the string. We don't own it. 340 s1 = (CFStringRef) CFArrayGetValueAtIndex(A, 0); 341 342 // Release the array. 343 CFRelease(A); // no-warning 344 345 // Release the string. This is a bug. 346 CFRelease(s1); // expected-warning{{Incorrect decrement of the reference count}} 347} 348 349// PR 3337: Handle functions declared using typedefs. 350typedef CFTypeRef CREATEFUN(); 351CREATEFUN MyCreateFun; 352 353void f12() { 354 CFTypeRef o = MyCreateFun(); // expected-warning {{leak}} 355} 356 357void f13_autorelease() { 358 CFMutableArrayRef A = CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); // no-warning 359 [(id) A autorelease]; // no-warning 360} 361 362void f13_autorelease_b() { 363 CFMutableArrayRef A = CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); 364 [(id) A autorelease]; 365 [(id) A autorelease]; // expected-warning{{Object sent -autorelease too many times}} 366} 367 368CFMutableArrayRef f13_autorelease_c() { 369 CFMutableArrayRef A = CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); 370 [(id) A autorelease]; 371 [(id) A autorelease]; 372 return A; // expected-warning{{Object sent -autorelease too many times}} 373} 374 375CFMutableArrayRef f13_autorelease_d() { 376 CFMutableArrayRef A = CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); 377 [(id) A autorelease]; 378 [(id) A autorelease]; 379 CFMutableArrayRef B = CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); // expected-warning{{Object sent -autorelease too many times}} 380 CFRelease(B); // no-warning 381 while (1) {} 382} 383 384 385// This case exercises the logic where the leak site is the same as the allocation site. 386void f14_leakimmediately() { 387 CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); // expected-warning{{leak}} 388} 389 390// Test that we track an allocated object beyond the point where the *name* 391// of the variable storing the reference is no longer live. 392void f15() { 393 // Create the array. 394 CFMutableArrayRef A = CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); 395 CFMutableArrayRef *B = &A; 396 // At this point, the name 'A' is no longer live. 397 CFRelease(*B); // no-warning 398} 399 400// Test when we pass NULL to CFRetain/CFRelease. 401void f16(int x, CFTypeRef p) { 402 if (p) 403 return; 404 405 if (x) { 406 CFRelease(p); // expected-warning{{Null pointer argument in call to CFRelease}} 407 } 408 else { 409 CFRetain(p); // expected-warning{{Null pointer argument in call to CFRetain}} 410 } 411} 412 413// Test basic tracking of ivars associated with 'self'. For the retain/release 414// checker we currently do not want to flag leaks associated with stores 415// of tracked objects to ivars. 416@interface SelfIvarTest : NSObject { 417 id myObj; 418} 419- (void)test_self_tracking; 420@end 421 422@implementation SelfIvarTest 423- (void)test_self_tracking { 424 myObj = (id) CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); // no-warning 425} 426@end 427 428// Test return of non-owned objects in contexts where an owned object 429// is expected. 430@interface TestReturnNotOwnedWhenExpectedOwned 431- (NSString*)newString; 432@end 433 434@implementation TestReturnNotOwnedWhenExpectedOwned 435- (NSString*)newString { 436 NSString *s = [NSString stringWithUTF8String:"hello"]; 437 return s; // expected-warning{{Object with +0 retain counts returned to caller where a +1 (owning) retain count is expected}} 438} 439@end 440 441// <rdar://problem/6659160> 442int isFoo(char c); 443 444static void rdar_6659160(char *inkind, char *inname) 445{ 446 // We currently expect that [NSObject alloc] cannot fail. This 447 // will be a toggled flag in the future. It can indeed return null, but 448 // Cocoa programmers generally aren't expected to reason about out-of-memory 449 // conditions. 450 NSString *kind = [[NSString alloc] initWithUTF8String:inkind]; // expected-warning{{leak}} 451 452 // We do allow stringWithUTF8String to fail. This isn't really correct, as 453 // far as returning 0. In most error conditions it will throw an exception. 454 // If allocation fails it could return 0, but again this 455 // isn't expected. 456 NSString *name = [NSString stringWithUTF8String:inname]; 457 if(!name) 458 return; 459 460 const char *kindC = 0; 461 const char *nameC = 0; 462 463 // In both cases, we cannot reach a point down below where we 464 // dereference kindC or nameC with either being null. This is because 465 // we assume that [NSObject alloc] doesn't fail and that we have the guard 466 // up above. 467 468 if(kind) 469 kindC = [kind UTF8String]; 470 if(name) 471 nameC = [name UTF8String]; 472 if(!isFoo(kindC[0])) // expected-warning{{null}} 473 return; 474 if(!isFoo(nameC[0])) // no-warning 475 return; 476 477 [kind release]; 478 [name release]; // expected-warning{{Incorrect decrement of the reference count}} 479} 480 481// PR 3677 - 'allocWithZone' should be treated as following the Cocoa naming 482// conventions with respect to 'return'ing ownership. 483@interface PR3677: NSObject @end 484@implementation PR3677 485+ (id)allocWithZone:(NSZone *)inZone { 486 return [super allocWithZone:inZone]; // no-warning 487} 488@end 489 490// PR 3820 - Reason about calls to -dealloc 491void pr3820_DeallocInsteadOfRelease(void) 492{ 493 id foo = [[NSString alloc] init]; // no-warning 494 [foo dealloc]; 495 // foo is not leaked, since it has been deallocated. 496} 497 498void pr3820_ReleaseAfterDealloc(void) 499{ 500 id foo = [[NSString alloc] init]; 501 [foo dealloc]; 502 [foo release]; // expected-warning{{used after it is release}} 503 // NSInternalInconsistencyException: message sent to deallocated object 504} 505 506void pr3820_DeallocAfterRelease(void) 507{ 508 NSLog(@"\n\n[%s]", __FUNCTION__); 509 id foo = [[NSString alloc] init]; 510 [foo release]; 511 [foo dealloc]; // expected-warning{{used after it is released}} 512 // message sent to released object 513} 514 515// From <rdar://problem/6704930>. The problem here is that 'length' binds to 516// '($0 - 1)' after '--length', but SimpleConstraintManager doesn't know how to 517// reason about '($0 - 1) > constant'. As a temporary hack, we drop the value 518// of '($0 - 1)' and conjure a new symbol. 519void rdar6704930(unsigned char *s, unsigned int length) { 520 NSString* name = 0; 521 if (s != 0) { 522 if (length > 0) { 523 while (length > 0) { 524 if (*s == ':') { 525 ++s; 526 --length; 527 name = [[NSString alloc] init]; // no-warning 528 break; 529 } 530 ++s; 531 --length; 532 } 533 if ((length == 0) && (name != 0)) { 534 [name release]; 535 name = 0; 536 } 537 if (length == 0) { // no ':' found -> use it all as name 538 name = [[NSString alloc] init]; // no-warning 539 } 540 } 541 } 542 543 if (name != 0) { 544 [name release]; 545 } 546} 547 548//===----------------------------------------------------------------------===// 549// <rdar://problem/6833332> 550// One build of the analyzer accidentally stopped tracking the allocated 551// object after the 'retain'. 552//===----------------------------------------------------------------------===// 553 554@interface rdar_6833332 : NSObject <NSApplicationDelegate> { 555 NSWindow *window; 556} 557@property (nonatomic, retain) NSWindow *window; 558@end 559 560@implementation rdar_6833332 561@synthesize window; 562- (void)applicationDidFinishLaunching:(NSNotification *)aNotification { 563 NSMutableDictionary *dict = [[NSMutableDictionary dictionaryWithCapacity:4] retain]; // expected-warning{{leak}} 564 565 [dict setObject:@"foo" forKey:@"bar"]; 566 567 NSLog(@"%@", dict); 568} 569- (void)dealloc { 570 [window release]; 571 [super dealloc]; 572} 573@end 574 575//===----------------------------------------------------------------------===// 576// <rdar://problem/6257780> clang checker fails to catch use-after-release 577//===----------------------------------------------------------------------===// 578 579int rdar_6257780_Case1() { 580 NSAutoreleasePool * pool = [[NSAutoreleasePool alloc] init]; 581 NSArray *array = [NSArray array]; 582 [array release]; // expected-warning{{Incorrect decrement of the reference count of an object is not owned at this point by the caller}} 583 [pool drain]; 584 return 0; 585} 586 587//===----------------------------------------------------------------------===// 588// <rdar://problem/6866843> Checker should understand new/setObject:/release constructs 589//===----------------------------------------------------------------------===// 590 591void rdar_6866843() { 592 NSAutoreleasePool * pool = [[NSAutoreleasePool alloc] init]; 593 NSMutableDictionary* dictionary = [[NSMutableDictionary alloc] init]; 594 NSArray* array = [[NSArray alloc] init]; 595 [dictionary setObject:array forKey:@"key"]; 596 [array release]; 597 // Using 'array' here should be fine 598 NSLog(@"array = %@\n", array); // no-warning 599 // Now the array is released 600 [dictionary release]; 601 [pool drain]; 602} 603 604 605//===----------------------------------------------------------------------===// 606// <rdar://problem/6877235> Classes typedef-ed to CF objects should get the same treatment as CF objects 607//===----------------------------------------------------------------------===// 608 609typedef CFTypeRef OtherRef; 610 611@interface RDar6877235 : NSObject {} 612- (CFTypeRef)_copyCFTypeRef; 613- (OtherRef)_copyOtherRef; 614@end 615 616@implementation RDar6877235 617- (CFTypeRef)_copyCFTypeRef { 618 return [[NSString alloc] init]; // no-warning 619} 620- (OtherRef)_copyOtherRef { 621 return [[NSString alloc] init]; // no-warning 622} 623@end 624 625//===----------------------------------------------------------------------===// 626//<rdar://problem/6320065> false positive - init method returns an object owned by caller 627//===----------------------------------------------------------------------===// 628 629@interface RDar6320065 : NSObject { 630 NSString *_foo; 631} 632- (id)initReturningNewClass; 633- (id)initReturningNewClassBad; 634- (id)initReturningNewClassBad2; 635@end 636 637@interface RDar6320065Subclass : RDar6320065 638@end 639 640@implementation RDar6320065 641- (id)initReturningNewClass { 642 [self release]; 643 self = [[RDar6320065Subclass alloc] init]; // no-warning 644 return self; 645} 646- (id)initReturningNewClassBad { 647 [self release]; 648 [[RDar6320065Subclass alloc] init]; // expected-warning {{leak}} 649 return self; 650} 651- (id)initReturningNewClassBad2 { 652 [self release]; 653 self = [[RDar6320065Subclass alloc] init]; 654 return [self autorelease]; // expected-warning{{Object with +0 retain counts returned to caller where a +1 (owning) retain count is expected}} 655} 656 657@end 658 659@implementation RDar6320065Subclass 660@end 661 662int RDar6320065_test() { 663 RDar6320065 *test = [[RDar6320065 alloc] init]; // no-warning 664 [test release]; 665 return 0; 666} 667 668//===----------------------------------------------------------------------===// 669// <rdar://problem/6859457> [NSData dataWithBytesNoCopy] does not return a retained object 670//===----------------------------------------------------------------------===// 671 672@interface RDar6859457 : NSObject {} 673- (NSString*) NoCopyString; 674- (NSString*) noCopyString; 675@end 676 677@implementation RDar6859457 678- (NSString*) NoCopyString { return [[NSString alloc] init]; } // no-warning 679- (NSString*) noCopyString { return [[NSString alloc] init]; } // no-warning 680@end 681 682void test_RDar6859457(RDar6859457 *x, void *bytes, NSUInteger dataLength) { 683 [x NoCopyString]; // expected-warning{{leak}} 684 [x noCopyString]; // expected-warning{{leak}} 685 [NSData dataWithBytesNoCopy:bytes length:dataLength]; // no-warning 686 [NSData dataWithBytesNoCopy:bytes length:dataLength freeWhenDone:1]; // no-warning 687} 688 689//===----------------------------------------------------------------------===// 690// PR 4230 - an autorelease pool is not necessarily leaked during a premature 691// return 692//===----------------------------------------------------------------------===// 693 694static void PR4230(void) 695{ 696 NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init]; // no-warning 697 NSString *object = [[[NSString alloc] init] autorelease]; // no-warning 698 return; 699} 700 701//===----------------------------------------------------------------------===// 702// Method name that has a null IdentifierInfo* for its first selector slot. 703// This test just makes sure that we handle it. 704//===----------------------------------------------------------------------===// 705 706@interface TestNullIdentifier 707@end 708 709@implementation TestNullIdentifier 710+ (id):(int)x, ... { 711 return [[NSString alloc] init]; // expected-warning{{leak}} 712} 713@end 714 715//===----------------------------------------------------------------------===// 716// <rdar://problem/6893565> don't flag leaks for return types that cannot be 717// determined to be CF types 718//===----------------------------------------------------------------------===// 719 720// We don't know if 'struct s6893565' represents a Core Foundation type, so 721// we shouldn't emit an error here. 722typedef struct s6893565* TD6893565; 723 724@interface RDar6893565 {} 725-(TD6893565)newThing; 726@end 727 728@implementation RDar6893565 729-(TD6893565)newThing { 730 return (TD6893565) [[NSString alloc] init]; // no-warning 731} 732@end 733 734//===----------------------------------------------------------------------===// 735// <rdar://problem/6902710> clang: false positives w/QC and CoreImage methods 736//===----------------------------------------------------------------------===// 737 738void rdar6902710(QCView *view, QCRenderer *renderer, CIContext *context, 739 NSString *str, CIImage *img, CGRect rect, 740 CIFormat form, CGColorSpaceRef cs) { 741 [view createSnapshotImageOfType:str]; // expected-warning{{leak}} 742 [renderer createSnapshotImageOfType:str]; // expected-warning{{leak}} 743 [context createCGImage:img fromRect:rect]; // expected-warning{{leak}} 744 [context createCGImage:img fromRect:rect format:form colorSpace:cs]; // expected-warning{{leak}} 745} 746 747//===----------------------------------------------------------------------===// 748// <rdar://problem/6945561> -[CIContext createCGLayerWithSize:info:] 749// misinterpreted by clang scan-build 750//===----------------------------------------------------------------------===// 751 752void rdar6945561(CIContext *context, CGSize size, CFDictionaryRef d) { 753 [context createCGLayerWithSize:size info:d]; // expected-warning{{leak}} 754} 755 756//===----------------------------------------------------------------------===// 757// <rdar://problem/6961230> add knowledge of IOKit functions to retain/release 758// checker 759//===----------------------------------------------------------------------===// 760 761void IOBSDNameMatching_wrapper(mach_port_t masterPort, uint32_t options, const char * bsdName) { 762 IOBSDNameMatching(masterPort, options, bsdName); // expected-warning{{leak}} 763} 764 765void IOServiceMatching_wrapper(const char * name) { 766 IOServiceMatching(name); // expected-warning{{leak}} 767} 768 769void IOServiceNameMatching_wrapper(const char * name) { 770 IOServiceNameMatching(name); // expected-warning{{leak}} 771} 772 773CF_RETURNS_RETAINED CFDictionaryRef CreateDict(); 774 775void IOServiceAddNotification_wrapper(mach_port_t masterPort, const io_name_t notificationType, 776 mach_port_t wakePort, uintptr_t reference, io_iterator_t * notification ) { 777 778 CFDictionaryRef matching = CreateDict(); 779 CFRelease(matching); 780 IOServiceAddNotification(masterPort, notificationType, matching, // expected-warning{{used after it is released}} expected-warning{{deprecated}} 781 wakePort, reference, notification); 782} 783 784void IORegistryEntryIDMatching_wrapper(uint64_t entryID ) { 785 IORegistryEntryIDMatching(entryID); // expected-warning{{leak}} 786} 787 788void IOOpenFirmwarePathMatching_wrapper(mach_port_t masterPort, uint32_t options, 789 const char * path) { 790 IOOpenFirmwarePathMatching(masterPort, options, path); // expected-warning{{leak}} 791} 792 793void IOServiceGetMatchingService_wrapper(mach_port_t masterPort) { 794 CFDictionaryRef matching = CreateDict(); 795 IOServiceGetMatchingService(masterPort, matching); 796 CFRelease(matching); // expected-warning{{used after it is released}} 797} 798 799void IOServiceGetMatchingServices_wrapper(mach_port_t masterPort, io_iterator_t *existing) { 800 CFDictionaryRef matching = CreateDict(); 801 IOServiceGetMatchingServices(masterPort, matching, existing); 802 CFRelease(matching); // expected-warning{{used after it is released}} 803} 804 805void IOServiceAddMatchingNotification_wrapper(IONotificationPortRef notifyPort, const io_name_t notificationType, 806 IOServiceMatchingCallback callback, void * refCon, io_iterator_t * notification) { 807 808 CFDictionaryRef matching = CreateDict(); 809 IOServiceAddMatchingNotification(notifyPort, notificationType, matching, callback, refCon, notification); 810 CFRelease(matching); // expected-warning{{used after it is released}} 811} 812 813//===----------------------------------------------------------------------===// 814// Tests of ownership attributes. 815//===----------------------------------------------------------------------===// 816 817typedef NSString* MyStringTy; 818 819@protocol FooP; 820 821@interface TestOwnershipAttr : NSObject 822- (NSString*) returnsAnOwnedString NS_RETURNS_RETAINED; // no-warning 823- (NSString*) returnsAnOwnedCFString CF_RETURNS_RETAINED; // no-warning 824- (MyStringTy) returnsAnOwnedTypedString NS_RETURNS_RETAINED; // no-warning 825- (int) returnsAnOwnedInt NS_RETURNS_RETAINED; // expected-warning{{'ns_returns_retained' attribute only applies to functions or methods that return a pointer or Objective-C object}} 826- (id<FooP>) returnsOwnedProt NS_RETURNS_RETAINED; // no-warning 827@end 828 829static int ownership_attribute_doesnt_go_here NS_RETURNS_RETAINED; // expected-warning{{'ns_returns_retained' attribute only applies to function or method types}} 830 831void test_attr_1(TestOwnershipAttr *X) { 832 NSString *str = [X returnsAnOwnedString]; // expected-warning{{leak}} 833} 834 835void test_attr_1b(TestOwnershipAttr *X) { 836 NSString *str = [X returnsAnOwnedCFString]; // expected-warning{{leak}} 837} 838 839@interface MyClassTestCFAttr : NSObject {} 840- (NSDate*) returnsCFRetained CF_RETURNS_RETAINED; 841- (CFDateRef) returnsCFRetainedAsCF CF_RETURNS_RETAINED; 842- (NSDate*) alsoReturnsRetained; 843- (CFDateRef) alsoReturnsRetainedAsCF; 844- (NSDate*) returnsNSRetained NS_RETURNS_RETAINED; 845@end 846 847CF_RETURNS_RETAINED 848CFDateRef returnsRetainedCFDate() { 849 return CFDateCreate(0, CFAbsoluteTimeGetCurrent()); 850} 851 852@implementation MyClassTestCFAttr 853- (NSDate*) returnsCFRetained { 854 return (NSDate*) returnsRetainedCFDate(); // No leak. 855} 856 857- (CFDateRef) returnsCFRetainedAsCF { 858 return returnsRetainedCFDate(); // No leak. 859} 860 861 862- (NSDate*) alsoReturnsRetained { 863 return (NSDate*) returnsRetainedCFDate(); // expected-warning{{leak}} 864} 865 866- (CFDateRef) alsoReturnsRetainedAsCF { 867 return returnsRetainedCFDate(); // expected-warning{{leak}} 868} 869 870 871- (NSDate*) returnsNSRetained { 872 return (NSDate*) returnsRetainedCFDate(); // no-warning 873} 874@end 875 876 877 878