// RUN: %clang_cc1 -triple x86_64-apple-darwin10 -analyze -analyzer-checker=core,osx.coreFoundation.CFRetainRelease,osx.cocoa.ClassRelease,osx.cocoa.RetainCount -analyzer-store=region -fblocks -verify -Wno-objc-root-class %s // RUN: %clang_cc1 -triple x86_64-apple-darwin10 -analyze -analyzer-checker=core,osx.coreFoundation.CFRetainRelease,osx.cocoa.ClassRelease,osx.cocoa.RetainCount -analyzer-store=region -fblocks -verify -x objective-c++ -Wno-objc-root-class %s #if __has_feature(attribute_ns_returns_retained) #define NS_RETURNS_RETAINED __attribute__((ns_returns_retained)) #endif #if __has_feature(attribute_cf_returns_retained) #define CF_RETURNS_RETAINED __attribute__((cf_returns_retained)) #endif #if __has_feature(attribute_ns_returns_not_retained) #define NS_RETURNS_NOT_RETAINED __attribute__((ns_returns_not_retained)) #endif #if __has_feature(attribute_cf_returns_not_retained) #define CF_RETURNS_NOT_RETAINED __attribute__((cf_returns_not_retained)) #endif #if __has_feature(attribute_ns_consumes_self) #define NS_CONSUMES_SELF __attribute__((ns_consumes_self)) #endif #if __has_feature(attribute_ns_consumed) #define NS_CONSUMED __attribute__((ns_consumed)) #endif #if __has_feature(attribute_cf_consumed) #define CF_CONSUMED __attribute__((cf_consumed)) #endif //===----------------------------------------------------------------------===// // The following code is reduced using delta-debugging from Mac OS X headers: // // #include <Cocoa/Cocoa.h> // #include <CoreFoundation/CoreFoundation.h> // #include <DiskArbitration/DiskArbitration.h> // #include <QuartzCore/QuartzCore.h> // #include <Quartz/Quartz.h> // #include <IOKit/IOKitLib.h> // // It includes the basic definitions for the test cases below. //===----------------------------------------------------------------------===// typedef unsigned int __darwin_natural_t; typedef unsigned long uintptr_t; typedef unsigned int uint32_t; typedef unsigned long long uint64_t; typedef unsigned int UInt32; typedef signed long CFIndex; typedef CFIndex CFByteOrder; typedef struct { CFIndex location; CFIndex length; } CFRange; static __inline__ __attribute__((always_inline)) CFRange CFRangeMake(CFIndex loc, CFIndex len) { CFRange range; range.location = loc; range.length = len; return range; } typedef const void * CFTypeRef; typedef const struct __CFString * CFStringRef; typedef const struct __CFAllocator * CFAllocatorRef; extern const CFAllocatorRef kCFAllocatorDefault; extern CFTypeRef CFRetain(CFTypeRef cf); extern void CFRelease(CFTypeRef cf); typedef struct { } CFArrayCallBacks; extern const CFArrayCallBacks kCFTypeArrayCallBacks; typedef const struct __CFArray * CFArrayRef; typedef struct __CFArray * CFMutableArrayRef; extern CFMutableArrayRef CFArrayCreateMutable(CFAllocatorRef allocator, CFIndex capacity, const CFArrayCallBacks *callBacks); extern const void *CFArrayGetValueAtIndex(CFArrayRef theArray, CFIndex idx); extern void CFArrayAppendValue(CFMutableArrayRef theArray, const void *value); typedef struct { } CFDictionaryKeyCallBacks; extern const CFDictionaryKeyCallBacks kCFTypeDictionaryKeyCallBacks; typedef struct { } CFDictionaryValueCallBacks; extern const CFDictionaryValueCallBacks kCFTypeDictionaryValueCallBacks; typedef const struct __CFDictionary * CFDictionaryRef; typedef struct __CFDictionary * CFMutableDictionaryRef; extern CFMutableDictionaryRef CFDictionaryCreateMutable(CFAllocatorRef allocator, CFIndex capacity, const CFDictionaryKeyCallBacks *keyCallBacks, const CFDictionaryValueCallBacks *valueCallBacks); typedef UInt32 CFStringEncoding; enum { kCFStringEncodingMacRoman = 0, kCFStringEncodingWindowsLatin1 = 0x0500, kCFStringEncodingISOLatin1 = 0x0201, kCFStringEncodingNextStepLatin = 0x0B01, kCFStringEncodingASCII = 0x0600, kCFStringEncodingUnicode = 0x0100, kCFStringEncodingUTF8 = 0x08000100, kCFStringEncodingNonLossyASCII = 0x0BFF , kCFStringEncodingUTF16 = 0x0100, kCFStringEncodingUTF16BE = 0x10000100, kCFStringEncodingUTF16LE = 0x14000100, kCFStringEncodingUTF32 = 0x0c000100, kCFStringEncodingUTF32BE = 0x18000100, kCFStringEncodingUTF32LE = 0x1c000100 }; extern CFStringRef CFStringCreateWithCString(CFAllocatorRef alloc, const char *cStr, CFStringEncoding encoding); typedef double CFTimeInterval; typedef CFTimeInterval CFAbsoluteTime; extern CFAbsoluteTime CFAbsoluteTimeGetCurrent(void); typedef const struct __CFDate * CFDateRef; extern CFDateRef CFDateCreate(CFAllocatorRef allocator, CFAbsoluteTime at); extern CFAbsoluteTime CFDateGetAbsoluteTime(CFDateRef theDate); typedef __darwin_natural_t natural_t; typedef natural_t mach_port_name_t; typedef mach_port_name_t mach_port_t; typedef int kern_return_t; typedef kern_return_t mach_error_t; enum { kCFNumberSInt8Type = 1, kCFNumberSInt16Type = 2, kCFNumberSInt32Type = 3, kCFNumberSInt64Type = 4, kCFNumberFloat32Type = 5, kCFNumberFloat64Type = 6, kCFNumberCharType = 7, kCFNumberShortType = 8, kCFNumberIntType = 9, kCFNumberLongType = 10, kCFNumberLongLongType = 11, kCFNumberFloatType = 12, kCFNumberDoubleType = 13, kCFNumberCFIndexType = 14, kCFNumberNSIntegerType = 15, kCFNumberCGFloatType = 16, kCFNumberMaxType = 16 }; typedef CFIndex CFNumberType; typedef const struct __CFNumber * CFNumberRef; extern CFNumberRef CFNumberCreate(CFAllocatorRef allocator, CFNumberType theType, const void *valuePtr); typedef const struct __CFAttributedString *CFAttributedStringRef; typedef struct __CFAttributedString *CFMutableAttributedStringRef; extern CFAttributedStringRef CFAttributedStringCreate(CFAllocatorRef alloc, CFStringRef str, CFDictionaryRef attributes) ; extern CFMutableAttributedStringRef CFAttributedStringCreateMutableCopy(CFAllocatorRef alloc, CFIndex maxLength, CFAttributedStringRef aStr) ; extern void CFAttributedStringSetAttribute(CFMutableAttributedStringRef aStr, CFRange range, CFStringRef attrName, CFTypeRef value) ; typedef signed char BOOL; typedef unsigned long NSUInteger; @class NSString, Protocol; extern void NSLog(NSString *format, ...) __attribute__((format(__NSString__, 1, 2))); typedef struct _NSZone NSZone; @class NSInvocation, NSMethodSignature, NSCoder, NSString, NSEnumerator; @protocol NSObject - (BOOL)isEqual:(id)object; - (id)retain; - (oneway void)release; - (id)autorelease; - (NSString *)description; - (id)init; @end @protocol NSCopying - (id)copyWithZone:(NSZone *)zone; @end @protocol NSMutableCopying - (id)mutableCopyWithZone:(NSZone *)zone; @end @protocol NSCoding - (void)encodeWithCoder:(NSCoder *)aCoder; @end @interface NSObject <NSObject> {} + (id)allocWithZone:(NSZone *)zone; + (id)alloc; - (void)dealloc; @end @interface NSObject (NSCoderMethods) - (id)awakeAfterUsingCoder:(NSCoder *)aDecoder; @end extern id NSAllocateObject(Class aClass, NSUInteger extraBytes, NSZone *zone); typedef struct { } NSFastEnumerationState; @protocol NSFastEnumeration - (NSUInteger)countByEnumeratingWithState:(NSFastEnumerationState *)state objects:(id *)stackbuf count:(NSUInteger)len; @end @class NSString, NSDictionary; @interface NSValue : NSObject <NSCopying, NSCoding> - (void)getValue:(void *)value; @end @interface NSNumber : NSValue - (char)charValue; - (id)initWithInt:(int)value; @end @class NSString; @interface NSArray : NSObject <NSCopying, NSMutableCopying, NSCoding, NSFastEnumeration> - (NSUInteger)count; - (id)initWithObjects:(const id [])objects count:(NSUInteger)cnt; + (id)arrayWithObject:(id)anObject; + (id)arrayWithObjects:(const id [])objects count:(NSUInteger)cnt; + (id)arrayWithObjects:(id)firstObj, ... __attribute__((sentinel(0,1))); - (id)initWithObjects:(id)firstObj, ... __attribute__((sentinel(0,1))); - (id)initWithArray:(NSArray *)array; @end @interface NSArray (NSArrayCreation) + (id)array; @end @interface NSAutoreleasePool : NSObject { } - (void)drain; @end extern NSString * const NSBundleDidLoadNotification; typedef double NSTimeInterval; @interface NSDate : NSObject <NSCopying, NSCoding> - (NSTimeInterval)timeIntervalSinceReferenceDate; @end typedef unsigned short unichar; @interface NSString : NSObject <NSCopying, NSMutableCopying, NSCoding> - (NSUInteger)length; - (NSString *)stringByAppendingString:(NSString *)aString; - ( const char *)UTF8String; - (id)initWithUTF8String:(const char *)nullTerminatedCString; + (id)stringWithUTF8String:(const char *)nullTerminatedCString; @end @class NSString, NSURL, NSError; @interface NSData : NSObject <NSCopying, NSMutableCopying, NSCoding> - (NSUInteger)length; + (id)dataWithBytesNoCopy:(void *)bytes length:(NSUInteger)length; + (id)dataWithBytesNoCopy:(void *)bytes length:(NSUInteger)length freeWhenDone:(BOOL)b; @end @class NSLocale, NSDate, NSCalendar, NSTimeZone, NSError, NSArray, NSMutableDictionary; @interface NSDictionary : NSObject <NSCopying, NSMutableCopying, NSCoding, NSFastEnumeration> - (NSUInteger)count; + (id)dictionaryWithObjects:(NSArray *)objects forKeys:(NSArray *)keys; + (id)dictionaryWithObjects:(const id [])objects forKeys:(const id <NSCopying> [])keys count:(NSUInteger)cnt; @end @interface NSMutableDictionary : NSDictionary - (void)removeObjectForKey:(id)aKey; - (void)setObject:(id)anObject forKey:(id)aKey; @end @interface NSMutableDictionary (NSMutableDictionaryCreation) + (id)dictionaryWithCapacity:(NSUInteger)numItems; @end typedef double CGFloat; struct CGSize { }; typedef struct CGSize CGSize; struct CGRect { }; typedef struct CGRect CGRect; typedef mach_port_t io_object_t; typedef char io_name_t[128]; typedef io_object_t io_iterator_t; typedef io_object_t io_service_t; typedef struct IONotificationPort * IONotificationPortRef; typedef void (*IOServiceMatchingCallback)( void * refcon, io_iterator_t iterator ); io_service_t IOServiceGetMatchingService( mach_port_t masterPort, CFDictionaryRef matching ); kern_return_t IOServiceGetMatchingServices( mach_port_t masterPort, CFDictionaryRef matching, io_iterator_t * existing ); kern_return_t IOServiceAddNotification( mach_port_t masterPort, const io_name_t notificationType, CFDictionaryRef matching, mach_port_t wakePort, uintptr_t reference, io_iterator_t * notification ) __attribute__((deprecated)); kern_return_t IOServiceAddMatchingNotification( IONotificationPortRef notifyPort, const io_name_t notificationType, CFDictionaryRef matching, IOServiceMatchingCallback callback, void * refCon, io_iterator_t * notification ); CFMutableDictionaryRef IOServiceMatching( const char * name ); CFMutableDictionaryRef IOServiceNameMatching( const char * name ); CFMutableDictionaryRef IOBSDNameMatching( mach_port_t masterPort, uint32_t options, const char * bsdName ); CFMutableDictionaryRef IOOpenFirmwarePathMatching( mach_port_t masterPort, uint32_t options, const char * path ); CFMutableDictionaryRef IORegistryEntryIDMatching( uint64_t entryID ); typedef struct __DASession * DASessionRef; extern DASessionRef DASessionCreate( CFAllocatorRef allocator ); typedef struct __DADisk * DADiskRef; extern DADiskRef DADiskCreateFromBSDName( CFAllocatorRef allocator, DASessionRef session, const char * name ); extern DADiskRef DADiskCreateFromIOMedia( CFAllocatorRef allocator, DASessionRef session, io_service_t media ); extern CFDictionaryRef DADiskCopyDescription( DADiskRef disk ); extern DADiskRef DADiskCopyWholeDisk( DADiskRef disk ); @interface NSTask : NSObject - (id)init; @end typedef struct CGColorSpace *CGColorSpaceRef; typedef struct CGImage *CGImageRef; typedef struct CGLayer *CGLayerRef; @interface NSResponder : NSObject <NSCoding> { } @end @protocol NSAnimatablePropertyContainer - (id)animator; @end extern NSString *NSAnimationTriggerOrderIn ; @interface NSView : NSResponder <NSAnimatablePropertyContainer> { } @end @protocol NSValidatedUserInterfaceItem - (SEL)action; @end @protocol NSUserInterfaceValidations - (BOOL)validateUserInterfaceItem:(id <NSValidatedUserInterfaceItem>)anItem; @end @class NSDate, NSDictionary, NSError, NSException, NSNotification; @interface NSApplication : NSResponder <NSUserInterfaceValidations> { } @end enum { NSTerminateCancel = 0, NSTerminateNow = 1, NSTerminateLater = 2 }; typedef NSUInteger NSApplicationTerminateReply; @protocol NSApplicationDelegate <NSObject> @optional - (NSApplicationTerminateReply)applicationShouldTerminate:(NSApplication *)sender; @end @class NSAttributedString, NSEvent, NSFont, NSFormatter, NSImage, NSMenu, NSText, NSView, NSTextView; @interface NSCell : NSObject <NSCopying, NSCoding> { } @end @class NSTextField, NSPanel, NSArray, NSWindow, NSImage, NSButton, NSError; typedef struct { } CVTimeStamp; @interface CIImage : NSObject <NSCoding, NSCopying> { } typedef int CIFormat; @end enum { kDAReturnSuccess = 0, kDAReturnError = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x01, kDAReturnBusy = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x02, kDAReturnBadArgument = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x03, kDAReturnExclusiveAccess = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x04, kDAReturnNoResources = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x05, kDAReturnNotFound = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x06, kDAReturnNotMounted = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x07, kDAReturnNotPermitted = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x08, kDAReturnNotPrivileged = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x09, kDAReturnNotReady = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x0A, kDAReturnNotWritable = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x0B, kDAReturnUnsupported = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x0C }; typedef mach_error_t DAReturn; typedef const struct __DADissenter * DADissenterRef; extern DADissenterRef DADissenterCreate( CFAllocatorRef allocator, DAReturn status, CFStringRef string ); @interface CIContext: NSObject { } - (CGImageRef)createCGImage:(CIImage *)im fromRect:(CGRect)r; - (CGImageRef)createCGImage:(CIImage *)im fromRect:(CGRect)r format:(CIFormat)f colorSpace:(CGColorSpaceRef)cs; - (CGLayerRef)createCGLayerWithSize:(CGSize)size info:(CFDictionaryRef)d; @end extern NSString* const QCRendererEventKey; @protocol QCCompositionRenderer - (NSDictionary*) attributes; @end @interface QCRenderer : NSObject <QCCompositionRenderer> { } - (id) createSnapshotImageOfType:(NSString*)type; @end extern NSString* const QCViewDidStartRenderingNotification; @interface QCView : NSView <QCCompositionRenderer> { } - (id) createSnapshotImageOfType:(NSString*)type; @end enum { ICEXIFOrientation1 = 1, ICEXIFOrientation2 = 2, ICEXIFOrientation3 = 3, ICEXIFOrientation4 = 4, ICEXIFOrientation5 = 5, ICEXIFOrientation6 = 6, ICEXIFOrientation7 = 7, ICEXIFOrientation8 = 8, }; @class ICDevice; @protocol ICDeviceDelegate <NSObject> @required - (void)didRemoveDevice:(ICDevice*)device; @end extern NSString *const ICScannerStatusWarmingUp; @class ICScannerDevice; @protocol ICScannerDeviceDelegate <ICDeviceDelegate> @optional - (void)scannerDeviceDidBecomeAvailable:(ICScannerDevice*)scanner; @end typedef long unsigned int __darwin_size_t; typedef __darwin_size_t size_t; typedef unsigned long CFTypeID; struct CGPoint { CGFloat x; CGFloat y; }; typedef struct CGPoint CGPoint; typedef struct CGGradient *CGGradientRef; typedef uint32_t CGGradientDrawingOptions; extern CFTypeID CGGradientGetTypeID(void); extern CGGradientRef CGGradientCreateWithColorComponents(CGColorSpaceRef space, const CGFloat components[], const CGFloat locations[], size_t count); extern CGGradientRef CGGradientCreateWithColors(CGColorSpaceRef space, CFArrayRef colors, const CGFloat locations[]); extern CGGradientRef CGGradientRetain(CGGradientRef gradient); extern void CGGradientRelease(CGGradientRef gradient); typedef struct CGContext *CGContextRef; extern void CGContextDrawLinearGradient(CGContextRef context, CGGradientRef gradient, CGPoint startPoint, CGPoint endPoint, CGGradientDrawingOptions options); extern CGColorSpaceRef CGColorSpaceCreateDeviceRGB(void); @interface NSMutableArray : NSObject - (void)addObject:(id)object; + (id)array; @end //===----------------------------------------------------------------------===// // Test cases. //===----------------------------------------------------------------------===// CFAbsoluteTime f1() { CFAbsoluteTime t = CFAbsoluteTimeGetCurrent(); CFDateRef date = CFDateCreate(0, t); CFRetain(date); CFRelease(date); CFDateGetAbsoluteTime(date); // no-warning CFRelease(date); t = CFDateGetAbsoluteTime(date); // expected-warning{{Reference-counted object is used after it is released}} return t; } CFAbsoluteTime f2() { CFAbsoluteTime t = CFAbsoluteTimeGetCurrent(); CFDateRef date = CFDateCreate(0, t); [((NSDate*) date) retain]; CFRelease(date); CFDateGetAbsoluteTime(date); // no-warning [((NSDate*) date) release]; t = CFDateGetAbsoluteTime(date); // expected-warning{{Reference-counted object is used after it is released}} return t; } NSDate* global_x; // Test to see if we supresss an error when we store the pointer // to a global. CFAbsoluteTime f3() { CFAbsoluteTime t = CFAbsoluteTimeGetCurrent(); CFDateRef date = CFDateCreate(0, t); [((NSDate*) date) retain]; CFRelease(date); CFDateGetAbsoluteTime(date); // no-warning global_x = (NSDate*) date; [((NSDate*) date) release]; t = CFDateGetAbsoluteTime(date); // no-warning return t; } //--------------------------------------------------------------------------- // Test case 'f4' differs for region store and basic store. See // retain-release-region-store.m and retain-release-basic-store.m. //--------------------------------------------------------------------------- // Test a leak. CFAbsoluteTime f5(int x) { CFAbsoluteTime t = CFAbsoluteTimeGetCurrent(); CFDateRef date = CFDateCreate(0, t); // expected-warning{{leak}} if (x) CFRelease(date); return t; } // Test a leak involving the return. CFDateRef f6(int x) { CFDateRef date = CFDateCreate(0, CFAbsoluteTimeGetCurrent()); // expected-warning{{leak}} CFRetain(date); return date; } // Test a leak involving an overwrite. CFDateRef f7() { CFDateRef date = CFDateCreate(0, CFAbsoluteTimeGetCurrent()); //expected-warning{{leak}} CFRetain(date); date = CFDateCreate(0, CFAbsoluteTimeGetCurrent()); // expected-warning {{leak}} return date; } // Generalization of Create rule. MyDateCreate returns a CFXXXTypeRef, and // has the word create. CFDateRef MyDateCreate(); CFDateRef f8() { CFDateRef date = MyDateCreate(); // expected-warning{{leak}} CFRetain(date); return date; } __attribute__((cf_returns_retained)) CFDateRef f9() { CFDateRef date = CFDateCreate(0, CFAbsoluteTimeGetCurrent()); // no-warning int *p = 0; // When allocations fail, CFDateCreate can return null. if (!date) *p = 1; // expected-warning{{null}} return date; } // Handle DiskArbitration API: // // http://developer.apple.com/DOCUMENTATION/DARWIN/Reference/DiscArbitrationFramework/ // void f10(io_service_t media, DADiskRef d, CFStringRef s) { DADiskRef disk = DADiskCreateFromBSDName(kCFAllocatorDefault, 0, "hello"); // expected-warning{{leak}} if (disk) NSLog(@"ok"); disk = DADiskCreateFromIOMedia(kCFAllocatorDefault, 0, media); // expected-warning{{leak}} if (disk) NSLog(@"ok"); CFDictionaryRef dict = DADiskCopyDescription(d); // expected-warning{{leak}} if (dict) NSLog(@"ok"); disk = DADiskCopyWholeDisk(d); // expected-warning{{leak}} if (disk) NSLog(@"ok"); DADissenterRef dissenter = DADissenterCreate(kCFAllocatorDefault, // expected-warning{{leak}} kDAReturnSuccess, s); if (dissenter) NSLog(@"ok"); DASessionRef session = DASessionCreate(kCFAllocatorDefault); // expected-warning{{leak}} if (session) NSLog(@"ok"); } // Test retain/release checker with CFString and CFMutableArray. void f11() { // Create the array. CFMutableArrayRef A = CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); // Create a string. CFStringRef s1 = CFStringCreateWithCString(0, "hello world", kCFStringEncodingUTF8); // Add the string to the array. CFArrayAppendValue(A, s1); // Decrement the reference count. CFRelease(s1); // no-warning // Get the string. We don't own it. s1 = (CFStringRef) CFArrayGetValueAtIndex(A, 0); // Release the array. CFRelease(A); // no-warning // Release the string. This is a bug. CFRelease(s1); // expected-warning{{Incorrect decrement of the reference count}} } // PR 3337: Handle functions declared using typedefs. typedef CFTypeRef CREATEFUN(); CREATEFUN MyCreateFun; void f12() { CFTypeRef o = MyCreateFun(); // expected-warning {{leak}} } void f13_autorelease() { CFMutableArrayRef A = CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); // no-warning [(id) A autorelease]; // no-warning } void f13_autorelease_b() { CFMutableArrayRef A = CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); [(id) A autorelease]; [(id) A autorelease]; // expected-warning{{Object sent -autorelease too many times}} } CFMutableArrayRef f13_autorelease_c() { CFMutableArrayRef A = CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); [(id) A autorelease]; [(id) A autorelease]; return A; // expected-warning{{Object sent -autorelease too many times}} } CFMutableArrayRef f13_autorelease_d() { CFMutableArrayRef A = CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); [(id) A autorelease]; [(id) A autorelease]; CFMutableArrayRef B = CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); // expected-warning{{Object sent -autorelease too many times}} CFRelease(B); // no-warning while (1) {} } // This case exercises the logic where the leak site is the same as the allocation site. void f14_leakimmediately() { CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); // expected-warning{{leak}} } // Test that we track an allocated object beyond the point where the *name* // of the variable storing the reference is no longer live. void f15() { // Create the array. CFMutableArrayRef A = CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); CFMutableArrayRef *B = &A; // At this point, the name 'A' is no longer live. CFRelease(*B); // no-warning } // Test when we pass NULL to CFRetain/CFRelease. void f16(int x, CFTypeRef p) { if (p) return; if (x) { CFRelease(p); // expected-warning{{Null pointer argument in call to CFRelease}} } else { CFRetain(p); // expected-warning{{Null pointer argument in call to CFRetain}} } } // Test that an object is non-null after being CFRetained/CFReleased. void f17(int x, CFTypeRef p) { if (x) { CFRelease(p); if (!p) CFRelease(0); // no-warning } else { CFRetain(p); if (!p) CFRetain(0); // no-warning } } // Test basic tracking of ivars associated with 'self'. For the retain/release // checker we currently do not want to flag leaks associated with stores // of tracked objects to ivars. @interface SelfIvarTest : NSObject { id myObj; } - (void)test_self_tracking; @end @implementation SelfIvarTest - (void)test_self_tracking { myObj = (id) CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); // no-warning } @end // Test return of non-owned objects in contexts where an owned object // is expected. @interface TestReturnNotOwnedWhenExpectedOwned - (NSString*)newString; @end @implementation TestReturnNotOwnedWhenExpectedOwned - (NSString*)newString { NSString *s = [NSString stringWithUTF8String:"hello"]; return s; // expected-warning{{Object with a +0 retain count returned to caller where a +1 (owning) retain count is expected}} } @end // <rdar://problem/6659160> int isFoo(char c); static void rdar_6659160(char *inkind, char *inname) { // We currently expect that [NSObject alloc] cannot fail. This // will be a toggled flag in the future. It can indeed return null, but // Cocoa programmers generally aren't expected to reason about out-of-memory // conditions. NSString *kind = [[NSString alloc] initWithUTF8String:inkind]; // expected-warning{{leak}} // We do allow stringWithUTF8String to fail. This isn't really correct, as // far as returning 0. In most error conditions it will throw an exception. // If allocation fails it could return 0, but again this // isn't expected. NSString *name = [NSString stringWithUTF8String:inname]; if(!name) return; const char *kindC = 0; const char *nameC = 0; // In both cases, we cannot reach a point down below where we // dereference kindC or nameC with either being null. This is because // we assume that [NSObject alloc] doesn't fail and that we have the guard // up above. if(kind) kindC = [kind UTF8String]; if(name) nameC = [name UTF8String]; if(!isFoo(kindC[0])) // expected-warning{{null}} return; if(!isFoo(nameC[0])) // no-warning return; [kind release]; [name release]; // expected-warning{{Incorrect decrement of the reference count}} } // PR 3677 - 'allocWithZone' should be treated as following the Cocoa naming // conventions with respect to 'return'ing ownership. @interface PR3677: NSObject @end @implementation PR3677 + (id)allocWithZone:(NSZone *)inZone { return [super allocWithZone:inZone]; // no-warning } @end // PR 3820 - Reason about calls to -dealloc void pr3820_DeallocInsteadOfRelease(void) { id foo = [[NSString alloc] init]; // no-warning [foo dealloc]; // foo is not leaked, since it has been deallocated. } void pr3820_ReleaseAfterDealloc(void) { id foo = [[NSString alloc] init]; [foo dealloc]; [foo release]; // expected-warning{{used after it is release}} // NSInternalInconsistencyException: message sent to deallocated object } void pr3820_DeallocAfterRelease(void) { NSLog(@"\n\n[%s]", __FUNCTION__); id foo = [[NSString alloc] init]; [foo release]; [foo dealloc]; // expected-warning{{used after it is released}} // message sent to released object } // From <rdar://problem/6704930>. The problem here is that 'length' binds to // '($0 - 1)' after '--length', but SimpleConstraintManager doesn't know how to // reason about '($0 - 1) > constant'. As a temporary hack, we drop the value // of '($0 - 1)' and conjure a new symbol. void rdar6704930(unsigned char *s, unsigned int length) { NSString* name = 0; if (s != 0) { if (length > 0) { while (length > 0) { if (*s == ':') { ++s; --length; name = [[NSString alloc] init]; // no-warning break; } ++s; --length; } if ((length == 0) && (name != 0)) { [name release]; name = 0; } if (length == 0) { // no ':' found -> use it all as name name = [[NSString alloc] init]; // no-warning } } } if (name != 0) { [name release]; } } //===----------------------------------------------------------------------===// // <rdar://problem/6833332> // One build of the analyzer accidentally stopped tracking the allocated // object after the 'retain'. //===----------------------------------------------------------------------===// @interface rdar_6833332 : NSObject <NSApplicationDelegate> { NSWindow *window; } @property (nonatomic, retain) NSWindow *window; @end @implementation rdar_6833332 @synthesize window; - (void)applicationDidFinishLaunching:(NSNotification *)aNotification { NSMutableDictionary *dict = [[NSMutableDictionary dictionaryWithCapacity:4] retain]; // expected-warning{{leak}} [dict setObject:@"foo" forKey:@"bar"]; NSLog(@"%@", dict); } - (void)dealloc { [window release]; [super dealloc]; } - (void)radar10102244 { NSMutableDictionary *dict = [[NSMutableDictionary dictionaryWithCapacity:4] retain]; // expected-warning{{leak}} if (window) NSLog(@"%@", window); } @end //===----------------------------------------------------------------------===// // <rdar://problem/6257780> clang checker fails to catch use-after-release //===----------------------------------------------------------------------===// int rdar_6257780_Case1() { NSAutoreleasePool * pool = [[NSAutoreleasePool alloc] init]; NSArray *array = [NSArray array]; [array release]; // expected-warning{{Incorrect decrement of the reference count of an object that is not owned at this point by the caller}} [pool drain]; return 0; } //===----------------------------------------------------------------------===// // <rdar://problem/10640253> Analyzer is confused about NSAutoreleasePool -allocWithZone:. //===----------------------------------------------------------------------===// void rdar_10640253_autorelease_allocWithZone() { NSAutoreleasePool *pool = [[NSAutoreleasePool allocWithZone:(NSZone*)0] init]; (void) pool; } //===----------------------------------------------------------------------===// // <rdar://problem/6866843> Checker should understand new/setObject:/release constructs //===----------------------------------------------------------------------===// void rdar_6866843() { NSAutoreleasePool * pool = [[NSAutoreleasePool alloc] init]; NSMutableDictionary* dictionary = [[NSMutableDictionary alloc] init]; NSArray* array = [[NSArray alloc] init]; [dictionary setObject:array forKey:@"key"]; [array release]; // Using 'array' here should be fine NSLog(@"array = %@\n", array); // no-warning // Now the array is released [dictionary release]; [pool drain]; } //===----------------------------------------------------------------------===// // <rdar://problem/6877235> Classes typedef-ed to CF objects should get the same treatment as CF objects //===----------------------------------------------------------------------===// typedef CFTypeRef OtherRef; @interface RDar6877235 : NSObject {} - (CFTypeRef)_copyCFTypeRef; - (OtherRef)_copyOtherRef; @end @implementation RDar6877235 - (CFTypeRef)_copyCFTypeRef { return [[NSString alloc] init]; // no-warning } - (OtherRef)_copyOtherRef { return [[NSString alloc] init]; // no-warning } @end //===----------------------------------------------------------------------===// //<rdar://problem/6320065> false positive - init method returns an object // owned by caller //===----------------------------------------------------------------------===// @interface RDar6320065 : NSObject { NSString *_foo; } - (id)initReturningNewClass; - (id)_initReturningNewClassBad; - (id)initReturningNewClassBad2; @end @interface RDar6320065Subclass : RDar6320065 @end @implementation RDar6320065 - (id)initReturningNewClass { [self release]; self = [[RDar6320065Subclass alloc] init]; // no-warning return self; } - (id)_initReturningNewClassBad { [self release]; [[RDar6320065Subclass alloc] init]; // expected-warning {{leak}} return self; } - (id)initReturningNewClassBad2 { [self release]; self = [[RDar6320065Subclass alloc] init]; return [self autorelease]; // expected-warning{{Object with a +0 retain count returned to caller where a +1 (owning) retain count is expected}} } @end @implementation RDar6320065Subclass @end int RDar6320065_test() { RDar6320065 *test = [[RDar6320065 alloc] init]; // no-warning [test release]; return 0; } //===----------------------------------------------------------------------===// // <rdar://problem/7129086> -awakeAfterUsingCoder: returns an owned object // and claims the receiver //===----------------------------------------------------------------------===// @interface RDar7129086 : NSObject {} @end @implementation RDar7129086 - (id)awakeAfterUsingCoder:(NSCoder *)aDecoder { [self release]; // no-warning return [NSString alloc]; // no-warning } @end //===----------------------------------------------------------------------===// // <rdar://problem/6859457> [NSData dataWithBytesNoCopy] does not return a // retained object //===----------------------------------------------------------------------===// @interface RDar6859457 : NSObject {} - (NSString*) NoCopyString; - (NSString*) noCopyString; @end @implementation RDar6859457 - (NSString*) NoCopyString { return [[NSString alloc] init]; } // expected-warning{{leak}} - (NSString*) noCopyString { return [[NSString alloc] init]; } // expected-warning{{leak}} @end void test_RDar6859457(RDar6859457 *x, void *bytes, NSUInteger dataLength) { [x NoCopyString]; // no-warning [x noCopyString]; // no-warning [NSData dataWithBytesNoCopy:bytes length:dataLength]; // no-warning [NSData dataWithBytesNoCopy:bytes length:dataLength freeWhenDone:1]; // no-warning } //===----------------------------------------------------------------------===// // PR 4230 - an autorelease pool is not necessarily leaked during a premature // return //===----------------------------------------------------------------------===// static void PR4230(void) { NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init]; // no-warning NSString *object = [[[NSString alloc] init] autorelease]; // no-warning return; } //===----------------------------------------------------------------------===// // Method name that has a null IdentifierInfo* for its first selector slot. // This test just makes sure that we handle it. //===----------------------------------------------------------------------===// @interface TestNullIdentifier @end @implementation TestNullIdentifier + (id):(int)x, ... { return [[NSString alloc] init]; // expected-warning{{leak}} } @end //===----------------------------------------------------------------------===// // <rdar://problem/6893565> don't flag leaks for return types that cannot be // determined to be CF types //===----------------------------------------------------------------------===// // We don't know if 'struct s6893565' represents a Core Foundation type, so // we shouldn't emit an error here. typedef struct s6893565* TD6893565; @interface RDar6893565 {} -(TD6893565)newThing; @end @implementation RDar6893565 -(TD6893565)newThing { return (TD6893565) [[NSString alloc] init]; // no-warning } @end //===----------------------------------------------------------------------===// // <rdar://problem/6902710> clang: false positives w/QC and CoreImage methods //===----------------------------------------------------------------------===// void rdar6902710(QCView *view, QCRenderer *renderer, CIContext *context, NSString *str, CIImage *img, CGRect rect, CIFormat form, CGColorSpaceRef cs) { [view createSnapshotImageOfType:str]; // expected-warning{{leak}} [renderer createSnapshotImageOfType:str]; // expected-warning{{leak}} [context createCGImage:img fromRect:rect]; // expected-warning{{leak}} [context createCGImage:img fromRect:rect format:form colorSpace:cs]; // expected-warning{{leak}} } //===----------------------------------------------------------------------===// // <rdar://problem/6945561> -[CIContext createCGLayerWithSize:info:] // misinterpreted by clang scan-build //===----------------------------------------------------------------------===// void rdar6945561(CIContext *context, CGSize size, CFDictionaryRef d) { [context createCGLayerWithSize:size info:d]; // expected-warning{{leak}} } //===----------------------------------------------------------------------===// // <rdar://problem/6961230> add knowledge of IOKit functions to retain/release // checker //===----------------------------------------------------------------------===// void IOBSDNameMatching_wrapper(mach_port_t masterPort, uint32_t options, const char * bsdName) { IOBSDNameMatching(masterPort, options, bsdName); // expected-warning{{leak}} } void IOServiceMatching_wrapper(const char * name) { IOServiceMatching(name); // expected-warning{{leak}} } void IOServiceNameMatching_wrapper(const char * name) { IOServiceNameMatching(name); // expected-warning{{leak}} } CF_RETURNS_RETAINED CFDictionaryRef CreateDict(); void IOServiceAddNotification_wrapper(mach_port_t masterPort, const io_name_t notificationType, mach_port_t wakePort, uintptr_t reference, io_iterator_t * notification ) { CFDictionaryRef matching = CreateDict(); CFRelease(matching); IOServiceAddNotification(masterPort, notificationType, matching, // expected-warning{{used after it is released}} expected-warning{{deprecated}} wakePort, reference, notification); } void IORegistryEntryIDMatching_wrapper(uint64_t entryID ) { IORegistryEntryIDMatching(entryID); // expected-warning{{leak}} } void IOOpenFirmwarePathMatching_wrapper(mach_port_t masterPort, uint32_t options, const char * path) { IOOpenFirmwarePathMatching(masterPort, options, path); // expected-warning{{leak}} } void IOServiceGetMatchingService_wrapper(mach_port_t masterPort) { CFDictionaryRef matching = CreateDict(); IOServiceGetMatchingService(masterPort, matching); CFRelease(matching); // expected-warning{{used after it is released}} } void IOServiceGetMatchingServices_wrapper(mach_port_t masterPort, io_iterator_t *existing) { CFDictionaryRef matching = CreateDict(); IOServiceGetMatchingServices(masterPort, matching, existing); CFRelease(matching); // expected-warning{{used after it is released}} } void IOServiceAddMatchingNotification_wrapper(IONotificationPortRef notifyPort, const io_name_t notificationType, IOServiceMatchingCallback callback, void * refCon, io_iterator_t * notification) { CFDictionaryRef matching = CreateDict(); IOServiceAddMatchingNotification(notifyPort, notificationType, matching, callback, refCon, notification); CFRelease(matching); // expected-warning{{used after it is released}} } //===----------------------------------------------------------------------===// // Test of handling objects whose references "escape" to containers. //===----------------------------------------------------------------------===// void CFDictionaryAddValue(CFMutableDictionaryRef, void *, void *); // <rdar://problem/6539791> void rdar_6539791(CFMutableDictionaryRef y, void* key, void* val_key) { CFMutableDictionaryRef x = CFDictionaryCreateMutable(kCFAllocatorDefault, 1, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); CFDictionaryAddValue(y, key, x); CFRelease(x); // the dictionary keeps a reference, so the object isn't deallocated yet signed z = 1; CFNumberRef value = CFNumberCreate(kCFAllocatorDefault, kCFNumberSInt32Type, &z); if (value) { CFDictionaryAddValue(x, val_key, (void*)value); // no-warning CFRelease(value); CFDictionaryAddValue(y, val_key, (void*)value); // no-warning } } // <rdar://problem/6560661> // Same issue, except with "AppendValue" functions. void rdar_6560661(CFMutableArrayRef x) { signed z = 1; CFNumberRef value = CFNumberCreate(kCFAllocatorDefault, kCFNumberSInt32Type, &z); // CFArrayAppendValue keeps a reference to value. CFArrayAppendValue(x, value); CFRelease(value); CFRetain(value); CFRelease(value); // no-warning } // <rdar://problem/7152619> // Same issue, excwept with "CFAttributeStringSetAttribute". void rdar_7152619(CFStringRef str) { CFAttributedStringRef string = CFAttributedStringCreate(kCFAllocatorDefault, str, 0); CFMutableAttributedStringRef attrString = CFAttributedStringCreateMutableCopy(kCFAllocatorDefault, 100, string); CFRelease(string); NSNumber *number = [[NSNumber alloc] initWithInt:5]; // expected-warning{{leak}} CFAttributedStringSetAttribute(attrString, CFRangeMake(0, 1), str, number); [number release]; [number retain]; CFRelease(attrString); } //===----------------------------------------------------------------------===// // Test of handling CGGradientXXX functions. //===----------------------------------------------------------------------===// void rdar_7184450(CGContextRef myContext, CGFloat x, CGPoint myStartPoint, CGPoint myEndPoint) { size_t num_locations = 6; CGFloat locations[6] = { 0.0, 0.265, 0.28, 0.31, 0.36, 1.0 }; CGFloat components[28] = { 239.0/256.0, 167.0/256.0, 170.0/256.0, x, // Start color 207.0/255.0, 39.0/255.0, 39.0/255.0, x, 147.0/255.0, 21.0/255.0, 22.0/255.0, x, 175.0/255.0, 175.0/255.0, 175.0/255.0, x, 255.0/255.0,255.0/255.0, 255.0/255.0, x, 255.0/255.0,255.0/255.0, 255.0/255.0, x }; // End color CGGradientRef myGradient = CGGradientCreateWithColorComponents(CGColorSpaceCreateDeviceRGB(), // expected-warning{{leak}} components, locations, num_locations); CGContextDrawLinearGradient(myContext, myGradient, myStartPoint, myEndPoint, 0); CGGradientRelease(myGradient); } void rdar_7184450_pos(CGContextRef myContext, CGFloat x, CGPoint myStartPoint, CGPoint myEndPoint) { size_t num_locations = 6; CGFloat locations[6] = { 0.0, 0.265, 0.28, 0.31, 0.36, 1.0 }; CGFloat components[28] = { 239.0/256.0, 167.0/256.0, 170.0/256.0, x, // Start color 207.0/255.0, 39.0/255.0, 39.0/255.0, x, 147.0/255.0, 21.0/255.0, 22.0/255.0, x, 175.0/255.0, 175.0/255.0, 175.0/255.0, x, 255.0/255.0,255.0/255.0, 255.0/255.0, x, 255.0/255.0,255.0/255.0, 255.0/255.0, x }; // End color CGGradientRef myGradient = CGGradientCreateWithColorComponents(CGColorSpaceCreateDeviceRGB(), components, locations, num_locations); // expected-warning 2 {{leak}} CGContextDrawLinearGradient(myContext, myGradient, myStartPoint, myEndPoint, 0); } //===----------------------------------------------------------------------===// // <rdar://problem/7299394> clang false positive: retained instance passed to // thread in pthread_create marked as leak // // Until we have full IPA, the analyzer should stop tracking the reference // count of objects passed to pthread_create. // //===----------------------------------------------------------------------===// struct _opaque_pthread_t {}; struct _opaque_pthread_attr_t {}; typedef struct _opaque_pthread_t *__darwin_pthread_t; typedef struct _opaque_pthread_attr_t __darwin_pthread_attr_t; typedef __darwin_pthread_t pthread_t; typedef __darwin_pthread_attr_t pthread_attr_t; int pthread_create(pthread_t *, const pthread_attr_t *, void *(*)(void *), void *); void *rdar_7299394_start_routine(void *p) { [((id) p) release]; return 0; } void rdar_7299394(pthread_attr_t *attr, pthread_t *thread, void *args) { NSNumber *number = [[NSNumber alloc] initWithInt:5]; // no-warning pthread_create(thread, attr, rdar_7299394_start_routine, number); } void rdar_7299394_positive(pthread_attr_t *attr, pthread_t *thread) { NSNumber *number = [[NSNumber alloc] initWithInt:5]; // expected-warning{{leak}} } //===----------------------------------------------------------------------===// // <rdar://problem/7283567> False leak associated with call to // CVPixelBufferCreateWithBytes () // // According to the Core Video Reference (ADC), CVPixelBufferCreateWithBytes and // CVPixelBufferCreateWithPlanarBytes can release (via a callback) the // pixel buffer object. These test cases show how the analyzer stops tracking // the reference count for the objects passed for this argument. This // could be made smarter. //===----------------------------------------------------------------------===// typedef int int32_t; typedef UInt32 FourCharCode; typedef FourCharCode OSType; typedef uint64_t CVOptionFlags; typedef int32_t CVReturn; typedef struct __CVBuffer *CVBufferRef; typedef CVBufferRef CVImageBufferRef; typedef CVImageBufferRef CVPixelBufferRef; typedef void (*CVPixelBufferReleaseBytesCallback)( void *releaseRefCon, const void *baseAddress ); extern CVReturn CVPixelBufferCreateWithBytes(CFAllocatorRef allocator, size_t width, size_t height, OSType pixelFormatType, void *baseAddress, size_t bytesPerRow, CVPixelBufferReleaseBytesCallback releaseCallback, void *releaseRefCon, CFDictionaryRef pixelBufferAttributes, CVPixelBufferRef *pixelBufferOut) ; typedef void (*CVPixelBufferReleasePlanarBytesCallback)( void *releaseRefCon, const void *dataPtr, size_t dataSize, size_t numberOfPlanes, const void *planeAddresses[] ); extern CVReturn CVPixelBufferCreateWithPlanarBytes(CFAllocatorRef allocator, size_t width, size_t height, OSType pixelFormatType, void *dataPtr, size_t dataSize, size_t numberOfPlanes, void *planeBaseAddress[], size_t planeWidth[], size_t planeHeight[], size_t planeBytesPerRow[], CVPixelBufferReleasePlanarBytesCallback releaseCallback, void *releaseRefCon, CFDictionaryRef pixelBufferAttributes, CVPixelBufferRef *pixelBufferOut) ; extern CVReturn CVPixelBufferCreateWithBytes(CFAllocatorRef allocator, size_t width, size_t height, OSType pixelFormatType, void *baseAddress, size_t bytesPerRow, CVPixelBufferReleaseBytesCallback releaseCallback, void *releaseRefCon, CFDictionaryRef pixelBufferAttributes, CVPixelBufferRef *pixelBufferOut) ; CVReturn rdar_7283567(CFAllocatorRef allocator, size_t width, size_t height, OSType pixelFormatType, void *baseAddress, size_t bytesPerRow, CVPixelBufferReleaseBytesCallback releaseCallback, CFDictionaryRef pixelBufferAttributes, CVPixelBufferRef *pixelBufferOut) { // For the allocated object, it doesn't really matter what type it is // for the purpose of this test. All we want to show is that // this is freed later by the callback. NSNumber *number = [[NSNumber alloc] initWithInt:5]; // no-warning return CVPixelBufferCreateWithBytes(allocator, width, height, pixelFormatType, baseAddress, bytesPerRow, releaseCallback, number, // potentially released by callback pixelBufferAttributes, pixelBufferOut) ; } CVReturn rdar_7283567_2(CFAllocatorRef allocator, size_t width, size_t height, OSType pixelFormatType, void *dataPtr, size_t dataSize, size_t numberOfPlanes, void *planeBaseAddress[], size_t planeWidth[], size_t planeHeight[], size_t planeBytesPerRow[], CVPixelBufferReleasePlanarBytesCallback releaseCallback, CFDictionaryRef pixelBufferAttributes, CVPixelBufferRef *pixelBufferOut) { // For the allocated object, it doesn't really matter what type it is // for the purpose of this test. All we want to show is that // this is freed later by the callback. NSNumber *number = [[NSNumber alloc] initWithInt:5]; // no-warning return CVPixelBufferCreateWithPlanarBytes(allocator, width, height, pixelFormatType, dataPtr, dataSize, numberOfPlanes, planeBaseAddress, planeWidth, planeHeight, planeBytesPerRow, releaseCallback, number, // potentially released by callback pixelBufferAttributes, pixelBufferOut) ; } //===----------------------------------------------------------------------===// // <rdar://problem/7358899> False leak associated with // CGBitmapContextCreateWithData //===----------------------------------------------------------------------===// typedef uint32_t CGBitmapInfo; typedef void (*CGBitmapContextReleaseDataCallback)(void *releaseInfo, void *data); CGContextRef CGBitmapContextCreateWithData(void *data, size_t width, size_t height, size_t bitsPerComponent, size_t bytesPerRow, CGColorSpaceRef space, CGBitmapInfo bitmapInfo, CGBitmapContextReleaseDataCallback releaseCallback, void *releaseInfo); void rdar_7358899(void *data, size_t width, size_t height, size_t bitsPerComponent, size_t bytesPerRow, CGColorSpaceRef space, CGBitmapInfo bitmapInfo, CGBitmapContextReleaseDataCallback releaseCallback) { // For the allocated object, it doesn't really matter what type it is // for the purpose of this test. All we want to show is that // this is freed later by the callback. NSNumber *number = [[NSNumber alloc] initWithInt:5]; // no-warning CGBitmapContextCreateWithData(data, width, height, bitsPerComponent, // expected-warning{{leak}} bytesPerRow, space, bitmapInfo, releaseCallback, number); } //===----------------------------------------------------------------------===// // <rdar://problem/7265711> allow 'new', 'copy', 'alloc', 'init' prefix to // start before '_' when determining Cocoa fundamental rule // // Previously the retain/release checker just skipped prefixes before the // first '_' entirely. Now the checker honors the prefix if it results in a // recognizable naming convention (e.g., 'new', 'init'). //===----------------------------------------------------------------------===// @interface RDar7265711 {} - (id) new_stuff; @end void rdar7265711_a(RDar7265711 *x) { id y = [x new_stuff]; // expected-warning{{leak}} } void rdar7265711_b(RDar7265711 *x) { id y = [x new_stuff]; // no-warning [y release]; } //===----------------------------------------------------------------------===// // <rdar://problem/7306898> clang thinks [NSCursor dragCopyCursor] returns a // retained reference //===----------------------------------------------------------------------===// @interface NSCursor : NSObject + (NSCursor *)dragCopyCursor; @end void rdar7306898(void) { // 'dragCopyCursor' does not follow Cocoa's fundamental rule. It is a noun, not an sentence // implying a 'copy' of something. NSCursor *c = [NSCursor dragCopyCursor]; // no-warning NSNumber *number = [[NSNumber alloc] initWithInt:5]; // expected-warning{{leak}} } //===----------------------------------------------------------------------===// // <rdar://problem/7252064> sending 'release', 'retain', etc. to a Class // directly is not likely what the user intended //===----------------------------------------------------------------------===// @interface RDar7252064 : NSObject @end void rdar7252064(void) { [RDar7252064 release]; // expected-warning{{The 'release' message should be sent to instances of class 'RDar7252064' and not the class directly}} [RDar7252064 retain]; // expected-warning{{The 'retain' message should be sent to instances of class 'RDar7252064' and not the class directly}} [RDar7252064 autorelease]; // expected-warning{{The 'autorelease' message should be sent to instances of class 'RDar7252064' and not the class directly}} [NSAutoreleasePool drain]; // expected-warning{{method '+drain' not found}} expected-warning{{The 'drain' message should be sent to instances of class 'NSAutoreleasePool' and not the class directly}} } //===----------------------------------------------------------------------===// // Tests of ownership attributes. //===----------------------------------------------------------------------===// typedef NSString* MyStringTy; @protocol FooP; @interface TestOwnershipAttr : NSObject - (NSString*) returnsAnOwnedString NS_RETURNS_RETAINED; // no-warning - (NSString*) returnsAnOwnedCFString CF_RETURNS_RETAINED; // no-warning - (MyStringTy) returnsAnOwnedTypedString NS_RETURNS_RETAINED; // no-warning - (NSString*) newString NS_RETURNS_NOT_RETAINED; // no-warning - (NSString*) newStringNoAttr; - (int) returnsAnOwnedInt NS_RETURNS_RETAINED; // expected-warning{{'ns_returns_retained' attribute only applies to methods that return an Objective-C object}} - (id) pseudoInit NS_CONSUMES_SELF NS_RETURNS_RETAINED; + (void) consume:(id) NS_CONSUMED x; + (void) consume2:(id) CF_CONSUMED x; @end static int ownership_attribute_doesnt_go_here NS_RETURNS_RETAINED; // expected-warning{{'ns_returns_retained' attribute only applies to functions and methods}} void test_attr_1(TestOwnershipAttr *X) { NSString *str = [X returnsAnOwnedString]; // expected-warning{{leak}} } void test_attr_1b(TestOwnershipAttr *X) { NSString *str = [X returnsAnOwnedCFString]; // expected-warning{{leak}} } void test_attr1c(TestOwnershipAttr *X) { NSString *str = [X newString]; // no-warning NSString *str2 = [X newStringNoAttr]; // expected-warning{{leak}} } void testattr2_a() { TestOwnershipAttr *x = [TestOwnershipAttr alloc]; // expected-warning{{leak}} } void testattr2_b() { TestOwnershipAttr *x = [[TestOwnershipAttr alloc] pseudoInit]; // expected-warning{{leak}} } void testattr2_c() { TestOwnershipAttr *x = [[TestOwnershipAttr alloc] pseudoInit]; // no-warning [x release]; } void testattr3() { TestOwnershipAttr *x = [TestOwnershipAttr alloc]; // no-warning [TestOwnershipAttr consume:x]; TestOwnershipAttr *y = [TestOwnershipAttr alloc]; // no-warning [TestOwnershipAttr consume2:y]; } void consume_ns(id NS_CONSUMED x); void consume_cf(id CF_CONSUMED x); void testattr4() { TestOwnershipAttr *x = [TestOwnershipAttr alloc]; // no-warning consume_ns(x); TestOwnershipAttr *y = [TestOwnershipAttr alloc]; // no-warning consume_cf(y); } @interface MyClassTestCFAttr : NSObject {} - (NSDate*) returnsCFRetained CF_RETURNS_RETAINED; - (CFDateRef) returnsCFRetainedAsCF CF_RETURNS_RETAINED; - (CFDateRef) newCFRetainedAsCF CF_RETURNS_NOT_RETAINED; - (CFDateRef) newCFRetainedAsCFNoAttr; - (NSDate*) alsoReturnsRetained; - (CFDateRef) alsoReturnsRetainedAsCF; - (NSDate*) returnsNSRetained NS_RETURNS_RETAINED; @end CF_RETURNS_RETAINED CFDateRef returnsRetainedCFDate() { return CFDateCreate(0, CFAbsoluteTimeGetCurrent()); } @implementation MyClassTestCFAttr - (NSDate*) returnsCFRetained { return (NSDate*) returnsRetainedCFDate(); // No leak. } - (CFDateRef) returnsCFRetainedAsCF { return returnsRetainedCFDate(); // No leak. } - (CFDateRef) newCFRetainedAsCF { return (CFDateRef)[(id)[self returnsCFRetainedAsCF] autorelease]; } - (CFDateRef) newCFRetainedAsCFNoAttr { return (CFDateRef)[(id)[self returnsCFRetainedAsCF] autorelease]; // expected-warning{{Object with a +0 retain count returned to caller where a +1 (owning) retain count is expected}} } - (NSDate*) alsoReturnsRetained { return (NSDate*) returnsRetainedCFDate(); // expected-warning{{leak}} } - (CFDateRef) alsoReturnsRetainedAsCF { return returnsRetainedCFDate(); // expected-warning{{leak}} } - (NSDate*) returnsNSRetained { return (NSDate*) returnsRetainedCFDate(); // no-warning } @end //===----------------------------------------------------------------------===// // Test that leaks post-dominated by "panic" functions are not reported. // // <rdar://problem/5905851> do not report a leak when post-dominated by a call // to a noreturn or panic function //===----------------------------------------------------------------------===// void panic() __attribute__((noreturn)); void panic_not_in_hardcoded_list() __attribute__((noreturn)); void test_panic_negative() { signed z = 1; CFNumberRef value = CFNumberCreate(kCFAllocatorDefault, kCFNumberSInt32Type, &z); // expected-warning{{leak}} } void test_panic_positive() { signed z = 1; CFNumberRef value = CFNumberCreate(kCFAllocatorDefault, kCFNumberSInt32Type, &z); // no-warning panic(); } void test_panic_neg_2(int x) { signed z = 1; CFNumberRef value = CFNumberCreate(kCFAllocatorDefault, kCFNumberSInt32Type, &z); // expected-warning{{leak}} if (x) panic(); } void test_panic_pos_2(int x) { signed z = 1; CFNumberRef value = CFNumberCreate(kCFAllocatorDefault, kCFNumberSInt32Type, &z); // no-warning if (x) panic(); if (!x) { // This showed up in <rdar://problem/7796563>, where we silently missed checking // the function type for noreturn. "panic()" is a hard-coded known panic function // that isn't always noreturn. panic_not_in_hardcoded_list(); } } //===----------------------------------------------------------------------===// // Test uses of blocks (closures) //===----------------------------------------------------------------------===// void test_blocks_1_pos(void) { NSNumber *number = [[NSNumber alloc] initWithInt:5]; // expected-warning{{leak}} ^{}(); } void test_blocks_1_indirect_release(void) { NSNumber *number = [[NSNumber alloc] initWithInt:5]; // no-warning ^{ [number release]; }(); } void test_blocks_1_indirect_retain(void) { // Eventually this should be reported as a leak. NSNumber *number = [[NSNumber alloc] initWithInt:5]; // no-warning ^{ [number retain]; }(); } void test_blocks_1_indirect_release_via_call(void) { NSNumber *number = [[NSNumber alloc] initWithInt:5]; // no-warning ^(NSObject *o){ [o release]; }(number); } void test_blocks_1_indirect_retain_via_call(void) { // Eventually this should be reported as a leak. NSNumber *number = [[NSNumber alloc] initWithInt:5]; // no-warning ^(NSObject *o){ [o retain]; }(number); } //===--------------------------------------------------------------------===// // Test sending message to super that returns an object alias. Previously // this caused a crash in the analyzer. //===--------------------------------------------------------------------===// @interface Rdar8015556 : NSObject {} @end @implementation Rdar8015556 - (id)retain { return [super retain]; } @end // <rdar://problem/8272168> - Correcly handle Class<...> in Cocoa Conventions // detector. @protocol Prot_R8272168 @end Class <Prot_R8272168> GetAClassThatImplementsProt_R8272168(); void r8272168() { GetAClassThatImplementsProt_R8272168(); } // Test case for <rdar://problem/8356342>, which in the past triggered // a false positive. @interface RDar8356342 - (NSDate*) rdar8356342:(NSDate *)inValue; @end @implementation RDar8356342 - (NSDate*) rdar8356342:(NSDate*)inValue { NSDate *outValue = inValue; if (outValue == 0) outValue = [[NSDate alloc] init]; // no-warning if (outValue != inValue) [outValue autorelease]; return outValue; } @end // <rdar://problem/8724287> - This test case previously crashed because // of a bug in BugReporter. extern const void *CFDictionaryGetValue(CFDictionaryRef theDict, const void *key); typedef struct __CFError * CFErrorRef; extern const CFStringRef kCFErrorUnderlyingErrorKey; extern CFDictionaryRef CFErrorCopyUserInfo(CFErrorRef err); static void rdar_8724287(CFErrorRef error) { CFErrorRef error_to_dump; error_to_dump = error; while (error_to_dump != ((void*)0)) { CFDictionaryRef info; info = CFErrorCopyUserInfo(error_to_dump); // expected-warning{{Potential leak of an object}} if (info != ((void*)0)) { } error_to_dump = (CFErrorRef) CFDictionaryGetValue(info, kCFErrorUnderlyingErrorKey); } } // <rdar://problem/9234108> - Make sure the model applies cf_consumed // correctly in argument positions besides the first. extern void *CFStringCreate(void); extern void rdar_9234108_helper(void *key, void * CF_CONSUMED value); void rdar_9234108() { rdar_9234108_helper(0, CFStringCreate()); } // <rdar://problem/9726279> - Make sure that objc_method_family works // to override naming conventions. struct TwoDoubles { double one; double two; }; typedef struct TwoDoubles TwoDoubles; @interface NSValue (Mine) - (id)_prefix_initWithTwoDoubles:(TwoDoubles)twoDoubles __attribute__((objc_method_family(init))); @end @implementation NSValue (Mine) - (id)_prefix_initWithTwoDoubles:(TwoDoubles)twoDoubles { return [self init]; } @end void rdar9726279() { TwoDoubles twoDoubles = { 0.0, 0.0 }; NSValue *value = [[NSValue alloc] _prefix_initWithTwoDoubles:twoDoubles]; [value release]; } // <rdar://problem/9732321> // Test camelcase support for CF conventions. While Core Foundation APIs // don't use camel casing, other code is allowed to use it. CFArrayRef camelcase_create_1() { return CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); // no-warning } CFArrayRef camelcase_createno() { return CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); // expected-warning {{leak}} } CFArrayRef camelcase_copy() { return CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); // no-warning } CFArrayRef camelcase_copying() { return CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); // expected-warning {{leak}} } CFArrayRef copyCamelCase() { return CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); // no-warning } CFArrayRef __copyCamelCase() { return CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); // no-warning } CFArrayRef __createCamelCase() { return CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); // no-warning } CFArrayRef camel_create() { return CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); // no-warning } CFArrayRef camel_creat() { return CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); // expected-warning {{leak}} } CFArrayRef camel_copy() { return CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); // no-warning } CFArrayRef camel_copyMachine() { return CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); // no-warning } CFArrayRef camel_copymachine() { return CFArrayCreateMutable(0, 10, &kCFTypeArrayCallBacks); // expected-warning {{leak}} } // rdar://problem/8024350 @protocol F18P - (id) clone; @end @interface F18 : NSObject<F18P> @end @interface F18(Cat) - (id) clone NS_RETURNS_RETAINED; @end @implementation F18 - (id) clone { return [F18 alloc]; } @end // Radar 6582778. void rdar6582778(void) { CFAbsoluteTime t = CFAbsoluteTimeGetCurrent(); CFTypeRef vals[] = { CFDateCreate(0, t) }; // expected-warning {{leak}} } CFTypeRef global; void rdar6582778_2(void) { CFAbsoluteTime t = CFAbsoluteTimeGetCurrent(); global = CFDateCreate(0, t); // no-warning } // <rdar://problem/10232019> - Test that objects passed to containers // are marked "escaped". void rdar10232019() { NSMutableArray *array = [NSMutableArray array]; NSString *string = [[NSString alloc] initWithUTF8String:"foo"]; [array addObject:string]; [string release]; NSString *otherString = [string stringByAppendingString:@"bar"]; // no-warning NSLog(@"%@", otherString); } void rdar10232019_positive() { NSMutableArray *array = [NSMutableArray array]; NSString *string = [[NSString alloc] initWithUTF8String:"foo"]; [string release]; NSString *otherString = [string stringByAppendingString:@"bar"]; // expected-warning {{Reference-counted object is used after it is release}} NSLog(@"%@", otherString); } // RetainCountChecker support for XPC. // <rdar://problem/9658496> typedef void * xpc_object_t; xpc_object_t _CFXPCCreateXPCObjectFromCFObject(CFTypeRef cf); void xpc_release(xpc_object_t object); void rdar9658496() { CFStringRef cf; xpc_object_t xpc; cf = CFStringCreateWithCString( ((CFAllocatorRef)0), "test", kCFStringEncodingUTF8 ); // no-warning xpc = _CFXPCCreateXPCObjectFromCFObject( cf ); CFRelease(cf); xpc_release(xpc); } // Support annotations with method families. @interface RDar10824732 : NSObject - (id)initWithObj:(id CF_CONSUMED)obj; @end @implementation RDar10824732 - (id)initWithObj:(id)obj { [obj release]; return [super init]; } @end void rdar_10824732() { @autoreleasepool { NSString *obj = @"test"; RDar10824732 *foo = [[RDar10824732 alloc] initWithObj:obj]; // no-warning [foo release]; } } //===----------------------------------------------------------------------===// // Test returning allocated memory in a struct. // // We currently don't have a general way to track pointers that "escape". // Here we test that RetainCountChecker doesn't get excited about returning // allocated CF objects in struct fields. //===----------------------------------------------------------------------===// void *malloc(size_t); struct rdar11104566 { CFStringRef myStr; }; struct rdar11104566 test_rdar11104566() { CFStringRef cf = CFStringCreateWithCString( ((CFAllocatorRef)0), "test", kCFStringEncodingUTF8 ); // no-warning struct rdar11104566 V; V.myStr = cf; return V; // no-warning } struct rdar11104566 *test_2_rdar11104566() { CFStringRef cf = CFStringCreateWithCString( ((CFAllocatorRef)0), "test", kCFStringEncodingUTF8 ); // no-warning struct rdar11104566 *V = (struct rdar11104566 *) malloc(sizeof(*V)); V->myStr = cf; return V; // no-warning } //===----------------------------------------------------------------------===// // ObjC literals support. //===----------------------------------------------------------------------===// void test_objc_arrays() { { // CASE ONE -- OBJECT IN ARRAY CREATED DIRECTLY NSObject *o = [[NSObject alloc] init]; NSArray *a = [[NSArray alloc] initWithObjects:o, (void*)0]; // expected-warning {{leak}} [o release]; [a description]; [o description]; } { // CASE TWO -- OBJECT IN ARRAY CREATED BY DUPING AUTORELEASED ARRAY NSObject *o = [[NSObject alloc] init]; NSArray *a1 = [NSArray arrayWithObjects:o, (void*)0]; NSArray *a2 = [[NSArray alloc] initWithArray:a1]; // expected-warning {{leak}} [o release]; [a2 description]; [o description]; } { // CASE THREE -- OBJECT IN RETAINED @[] NSObject *o = [[NSObject alloc] init]; NSArray *a3 = [@[o] retain]; // expected-warning {{leak}} [o release]; [a3 description]; [o description]; } { // CASE FOUR -- OBJECT IN ARRAY CREATED BY DUPING @[] NSObject *o = [[NSObject alloc] init]; NSArray *a = [[NSArray alloc] initWithArray:@[o]]; // expected-warning {{leak}} [o release]; [a description]; [o description]; } { // CASE FIVE -- OBJECT IN RETAINED @{} NSValue *o = [[NSValue alloc] init]; NSDictionary *a = [@{o : o} retain]; // expected-warning {{leak}} [o release]; [a description]; [o description]; } }