1// RUN: %clang_cc1 -triple x86_64-apple-darwin10 -analyze -analyzer-checker=core,osx.coreFoundation.CFRetainRelease,osx.cocoa.ClassRelease,osx.cocoa.RetainCount -fblocks -verify %s 2 3//===----------------------------------------------------------------------===// 4// The following code is reduced using delta-debugging from Mac OS X headers: 5// 6// #include <Cocoa/Cocoa.h> 7// #include <CoreFoundation/CoreFoundation.h> 8// #include <DiskArbitration/DiskArbitration.h> 9// #include <QuartzCore/QuartzCore.h> 10// #include <Quartz/Quartz.h> 11// #include <IOKit/IOKitLib.h> 12// 13// It includes the basic definitions for the test cases below. 14//===----------------------------------------------------------------------===// 15 16typedef unsigned int __darwin_natural_t; 17typedef unsigned long uintptr_t; 18typedef unsigned int uint32_t; 19typedef unsigned long long uint64_t; 20typedef unsigned int UInt32; 21typedef signed long CFIndex; 22typedef CFIndex CFByteOrder; 23typedef struct { 24 CFIndex location; 25 CFIndex length; 26} CFRange; 27static __inline__ __attribute__((always_inline)) CFRange CFRangeMake(CFIndex loc, CFIndex len) { 28 CFRange range; 29 range.location = loc; 30 range.length = len; 31 return range; 32} 33typedef const void * CFTypeRef; 34typedef const struct __CFString * CFStringRef; 35typedef const struct __CFAllocator * CFAllocatorRef; 36extern const CFAllocatorRef kCFAllocatorDefault; 37extern CFTypeRef CFRetain(CFTypeRef cf); 38extern void CFRelease(CFTypeRef cf); 39typedef struct { 40} 41CFArrayCallBacks; 42extern const CFArrayCallBacks kCFTypeArrayCallBacks; 43typedef const struct __CFArray * CFArrayRef; 44typedef struct __CFArray * CFMutableArrayRef; 45extern CFMutableArrayRef CFArrayCreateMutable(CFAllocatorRef allocator, CFIndex capacity, const CFArrayCallBacks *callBacks); 46extern const void *CFArrayGetValueAtIndex(CFArrayRef theArray, CFIndex idx); 47extern void CFArrayAppendValue(CFMutableArrayRef theArray, const void *value); 48typedef struct { 49} 50CFDictionaryKeyCallBacks; 51extern const CFDictionaryKeyCallBacks kCFTypeDictionaryKeyCallBacks; 52typedef struct { 53} 54CFDictionaryValueCallBacks; 55extern const CFDictionaryValueCallBacks kCFTypeDictionaryValueCallBacks; 56typedef const struct __CFDictionary * CFDictionaryRef; 57typedef struct __CFDictionary * CFMutableDictionaryRef; 58extern CFMutableDictionaryRef CFDictionaryCreateMutable(CFAllocatorRef allocator, CFIndex capacity, const CFDictionaryKeyCallBacks *keyCallBacks, const CFDictionaryValueCallBacks *valueCallBacks); 59typedef UInt32 CFStringEncoding; 60enum { 61kCFStringEncodingMacRoman = 0, kCFStringEncodingWindowsLatin1 = 0x0500, kCFStringEncodingISOLatin1 = 0x0201, kCFStringEncodingNextStepLatin = 0x0B01, kCFStringEncodingASCII = 0x0600, kCFStringEncodingUnicode = 0x0100, kCFStringEncodingUTF8 = 0x08000100, kCFStringEncodingNonLossyASCII = 0x0BFF , kCFStringEncodingUTF16 = 0x0100, kCFStringEncodingUTF16BE = 0x10000100, kCFStringEncodingUTF16LE = 0x14000100, kCFStringEncodingUTF32 = 0x0c000100, kCFStringEncodingUTF32BE = 0x18000100, kCFStringEncodingUTF32LE = 0x1c000100 }; 62extern CFStringRef CFStringCreateWithCString(CFAllocatorRef alloc, const char *cStr, CFStringEncoding encoding); 63typedef double CFTimeInterval; 64typedef CFTimeInterval CFAbsoluteTime; 65extern CFAbsoluteTime CFAbsoluteTimeGetCurrent(void); 66typedef const struct __CFDate * CFDateRef; 67extern CFDateRef CFDateCreate(CFAllocatorRef allocator, CFAbsoluteTime at); 68extern CFAbsoluteTime CFDateGetAbsoluteTime(CFDateRef theDate); 69typedef __darwin_natural_t natural_t; 70typedef natural_t mach_port_name_t; 71typedef mach_port_name_t mach_port_t; 72typedef int kern_return_t; 73typedef kern_return_t mach_error_t; 74enum { 75kCFNumberSInt8Type = 1, kCFNumberSInt16Type = 2, kCFNumberSInt32Type = 3, kCFNumberSInt64Type = 4, kCFNumberFloat32Type = 5, kCFNumberFloat64Type = 6, kCFNumberCharType = 7, kCFNumberShortType = 8, kCFNumberIntType = 9, kCFNumberLongType = 10, kCFNumberLongLongType = 11, kCFNumberFloatType = 12, kCFNumberDoubleType = 13, kCFNumberCFIndexType = 14, kCFNumberNSIntegerType = 15, kCFNumberCGFloatType = 16, kCFNumberMaxType = 16 }; 76typedef CFIndex CFNumberType; 77typedef const struct __CFNumber * CFNumberRef; 78extern CFNumberRef CFNumberCreate(CFAllocatorRef allocator, CFNumberType theType, const void *valuePtr); 79typedef const struct __CFAttributedString *CFAttributedStringRef; 80typedef struct __CFAttributedString *CFMutableAttributedStringRef; 81extern CFAttributedStringRef CFAttributedStringCreate(CFAllocatorRef alloc, CFStringRef str, CFDictionaryRef attributes) ; 82extern CFMutableAttributedStringRef CFAttributedStringCreateMutableCopy(CFAllocatorRef alloc, CFIndex maxLength, CFAttributedStringRef aStr) ; 83extern void CFAttributedStringSetAttribute(CFMutableAttributedStringRef aStr, CFRange range, CFStringRef attrName, CFTypeRef value) ; 84typedef signed char BOOL; 85typedef unsigned long NSUInteger; 86@class NSString, Protocol; 87extern void NSLog(NSString *format, ...) __attribute__((format(__NSString__, 1, 2))); 88typedef struct _NSZone NSZone; 89@class NSInvocation, NSMethodSignature, NSCoder, NSString, NSEnumerator; 90@protocol NSObject 91- (BOOL)isEqual:(id)object; 92- (id)retain; 93- (oneway void)release; 94- (id)autorelease; 95- (id)init; 96@end @protocol NSCopying - (id)copyWithZone:(NSZone *)zone; 97@end @protocol NSMutableCopying - (id)mutableCopyWithZone:(NSZone *)zone; 98@end @protocol NSCoding - (void)encodeWithCoder:(NSCoder *)aCoder; 99@end 100@interface NSObject <NSObject> {} 101+ (id)allocWithZone:(NSZone *)zone; 102+ (id)alloc; 103- (void)dealloc; 104@end 105@interface NSObject (NSCoderMethods) 106- (id)awakeAfterUsingCoder:(NSCoder *)aDecoder; 107@end 108extern id NSAllocateObject(Class aClass, NSUInteger extraBytes, NSZone *zone); 109typedef struct { 110} 111NSFastEnumerationState; 112@protocol NSFastEnumeration - (NSUInteger)countByEnumeratingWithState:(NSFastEnumerationState *)state objects:(id *)stackbuf count:(NSUInteger)len; 113@end @class NSString, NSDictionary; 114@interface NSValue : NSObject <NSCopying, NSCoding> - (void)getValue:(void *)value; 115@end @interface NSNumber : NSValue - (char)charValue; 116- (id)initWithInt:(int)value; 117@end @class NSString; 118@interface NSArray : NSObject <NSCopying, NSMutableCopying, NSCoding, NSFastEnumeration> - (NSUInteger)count; 119@end @interface NSArray (NSArrayCreation) + (id)array; 120@end @interface NSAutoreleasePool : NSObject { 121} 122- (void)drain; 123@end extern NSString * const NSBundleDidLoadNotification; 124typedef double NSTimeInterval; 125@interface NSDate : NSObject <NSCopying, NSCoding> - (NSTimeInterval)timeIntervalSinceReferenceDate; 126@end typedef unsigned short unichar; 127@interface NSString : NSObject <NSCopying, NSMutableCopying, NSCoding> 128- (NSUInteger)length; 129- (NSString *)stringByAppendingString:(NSString *)aString; 130- ( const char *)UTF8String; 131- (id)initWithUTF8String:(const char *)nullTerminatedCString; 132+ (id)stringWithUTF8String:(const char *)nullTerminatedCString; 133@end @class NSString, NSURL, NSError; 134@interface NSData : NSObject <NSCopying, NSMutableCopying, NSCoding> - (NSUInteger)length; 135+ (id)dataWithBytesNoCopy:(void *)bytes length:(NSUInteger)length; 136+ (id)dataWithBytesNoCopy:(void *)bytes length:(NSUInteger)length freeWhenDone:(BOOL)b; 137@end @class NSLocale, NSDate, NSCalendar, NSTimeZone, NSError, NSArray, NSMutableDictionary; 138@interface NSDictionary : NSObject <NSCopying, NSMutableCopying, NSCoding, NSFastEnumeration> - (NSUInteger)count; 139@end @interface NSMutableDictionary : NSDictionary - (void)removeObjectForKey:(id)aKey; 140- (void)setObject:(id)anObject forKey:(id)aKey; 141@end @interface NSMutableDictionary (NSMutableDictionaryCreation) + (id)dictionaryWithCapacity:(NSUInteger)numItems; 142@end typedef double CGFloat; 143struct CGSize { 144}; 145typedef struct CGSize CGSize; 146struct CGRect { 147}; 148typedef struct CGRect CGRect; 149typedef mach_port_t io_object_t; 150typedef char io_name_t[128]; 151typedef io_object_t io_iterator_t; 152typedef io_object_t io_service_t; 153typedef struct IONotificationPort * IONotificationPortRef; 154typedef void (*IOServiceMatchingCallback)( void * refcon, io_iterator_t iterator ); 155io_service_t IOServiceGetMatchingService( mach_port_t masterPort, CFDictionaryRef matching ); 156kern_return_t IOServiceGetMatchingServices( mach_port_t masterPort, CFDictionaryRef matching, io_iterator_t * existing ); 157kern_return_t IOServiceAddNotification( mach_port_t masterPort, const io_name_t notificationType, CFDictionaryRef matching, mach_port_t wakePort, uintptr_t reference, io_iterator_t * notification ) __attribute__((deprecated)); 158kern_return_t IOServiceAddMatchingNotification( IONotificationPortRef notifyPort, const io_name_t notificationType, CFDictionaryRef matching, IOServiceMatchingCallback callback, void * refCon, io_iterator_t * notification ); 159CFMutableDictionaryRef IOServiceMatching( const char * name ); 160CFMutableDictionaryRef IOServiceNameMatching( const char * name ); 161CFMutableDictionaryRef IOBSDNameMatching( mach_port_t masterPort, uint32_t options, const char * bsdName ); 162CFMutableDictionaryRef IOOpenFirmwarePathMatching( mach_port_t masterPort, uint32_t options, const char * path ); 163CFMutableDictionaryRef IORegistryEntryIDMatching( uint64_t entryID ); 164typedef struct __DASession * DASessionRef; 165extern DASessionRef DASessionCreate( CFAllocatorRef allocator ); 166typedef struct __DADisk * DADiskRef; 167extern DADiskRef DADiskCreateFromBSDName( CFAllocatorRef allocator, DASessionRef session, const char * name ); 168extern DADiskRef DADiskCreateFromIOMedia( CFAllocatorRef allocator, DASessionRef session, io_service_t media ); 169extern CFDictionaryRef DADiskCopyDescription( DADiskRef disk ); 170extern DADiskRef DADiskCopyWholeDisk( DADiskRef disk ); 171@interface NSTask : NSObject - (id)init; 172@end typedef struct CGColorSpace *CGColorSpaceRef; 173typedef struct CGImage *CGImageRef; 174typedef struct CGLayer *CGLayerRef; 175@interface NSResponder : NSObject <NSCoding> { 176} 177@end @protocol NSAnimatablePropertyContainer - (id)animator; 178@end extern NSString *NSAnimationTriggerOrderIn ; 179@interface NSView : NSResponder <NSAnimatablePropertyContainer> { 180} 181@end @protocol NSValidatedUserInterfaceItem - (SEL)action; 182@end @protocol NSUserInterfaceValidations - (BOOL)validateUserInterfaceItem:(id <NSValidatedUserInterfaceItem>)anItem; 183@end @class NSDate, NSDictionary, NSError, NSException, NSNotification; 184@interface NSApplication : NSResponder <NSUserInterfaceValidations> { 185} 186@end enum { 187NSTerminateCancel = 0, NSTerminateNow = 1, NSTerminateLater = 2 }; 188typedef NSUInteger NSApplicationTerminateReply; 189@protocol NSApplicationDelegate <NSObject> @optional - (NSApplicationTerminateReply)applicationShouldTerminate:(NSApplication *)sender; 190@end @class NSAttributedString, NSEvent, NSFont, NSFormatter, NSImage, NSMenu, NSText, NSView, NSTextView; 191@interface NSCell : NSObject <NSCopying, NSCoding> { 192} 193@end @class NSTextField, NSPanel, NSArray, NSWindow, NSImage, NSButton, NSError; 194typedef struct { 195} 196CVTimeStamp; 197@interface CIImage : NSObject <NSCoding, NSCopying> { 198} 199typedef int CIFormat; 200@end enum { 201kDAReturnSuccess = 0, kDAReturnError = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x01, kDAReturnBusy = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x02, kDAReturnBadArgument = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x03, kDAReturnExclusiveAccess = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x04, kDAReturnNoResources = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x05, kDAReturnNotFound = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x06, kDAReturnNotMounted = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x07, kDAReturnNotPermitted = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x08, kDAReturnNotPrivileged = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x09, kDAReturnNotReady = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x0A, kDAReturnNotWritable = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x0B, kDAReturnUnsupported = (((0x3eU)&0x3f)<<26) | (((0x368)&0xfff)<<14) | 0x0C }; 202typedef mach_error_t DAReturn; 203typedef const struct __DADissenter * DADissenterRef; 204extern DADissenterRef DADissenterCreate( CFAllocatorRef allocator, DAReturn status, CFStringRef string ); 205@interface CIContext: NSObject { 206} 207- (CGImageRef)createCGImage:(CIImage *)im fromRect:(CGRect)r; 208- (CGImageRef)createCGImage:(CIImage *)im fromRect:(CGRect)r format:(CIFormat)f colorSpace:(CGColorSpaceRef)cs; 209- (CGLayerRef)createCGLayerWithSize:(CGSize)size info:(CFDictionaryRef)d; 210@end extern NSString* const QCRendererEventKey; 211@protocol QCCompositionRenderer - (NSDictionary*) attributes; 212@end @interface QCRenderer : NSObject <QCCompositionRenderer> { 213} 214- (id) createSnapshotImageOfType:(NSString*)type; 215@end extern NSString* const QCViewDidStartRenderingNotification; 216@interface QCView : NSView <QCCompositionRenderer> { 217} 218- (id) createSnapshotImageOfType:(NSString*)type; 219@end enum { 220ICEXIFOrientation1 = 1, ICEXIFOrientation2 = 2, ICEXIFOrientation3 = 3, ICEXIFOrientation4 = 4, ICEXIFOrientation5 = 5, ICEXIFOrientation6 = 6, ICEXIFOrientation7 = 7, ICEXIFOrientation8 = 8, }; 221@class ICDevice; 222@protocol ICDeviceDelegate <NSObject> @required - (void)didRemoveDevice:(ICDevice*)device; 223@end extern NSString *const ICScannerStatusWarmingUp; 224@class ICScannerDevice; 225@protocol ICScannerDeviceDelegate <ICDeviceDelegate> @optional - (void)scannerDeviceDidBecomeAvailable:(ICScannerDevice*)scanner; 226@end 227 228typedef long unsigned int __darwin_size_t; 229typedef __darwin_size_t size_t; 230typedef unsigned long CFTypeID; 231struct CGPoint { 232 CGFloat x; 233 CGFloat y; 234}; 235typedef struct CGPoint CGPoint; 236typedef struct CGGradient *CGGradientRef; 237typedef uint32_t CGGradientDrawingOptions; 238extern CFTypeID CGGradientGetTypeID(void); 239extern CGGradientRef CGGradientCreateWithColorComponents(CGColorSpaceRef 240 space, const CGFloat components[], const CGFloat locations[], size_t count); 241extern CGGradientRef CGGradientCreateWithColors(CGColorSpaceRef space, 242 CFArrayRef colors, const CGFloat locations[]); 243extern CGGradientRef CGGradientRetain(CGGradientRef gradient); 244extern void CGGradientRelease(CGGradientRef gradient); 245typedef struct CGContext *CGContextRef; 246extern void CGContextDrawLinearGradient(CGContextRef context, 247 CGGradientRef gradient, CGPoint startPoint, CGPoint endPoint, 248 CGGradientDrawingOptions options); 249extern CGColorSpaceRef CGColorSpaceCreateDeviceRGB(void); 250 251@interface NSMutableArray : NSObject 252- (void)addObject:(id)object; 253+ (id)array; 254@end 255 256enum { 257 NSASCIIStringEncoding = 1, 258 NSNEXTSTEPStringEncoding = 2, 259 NSJapaneseEUCStringEncoding = 3, 260 NSUTF8StringEncoding = 4, 261 NSISOLatin1StringEncoding = 5, 262 NSSymbolStringEncoding = 6, 263 NSNonLossyASCIIStringEncoding = 7, 264}; 265typedef struct __CFString * CFMutableStringRef; 266typedef NSUInteger NSStringEncoding; 267 268extern CFStringRef CFStringCreateWithCStringNoCopy(CFAllocatorRef alloc, const char *cStr, CFStringEncoding encoding, CFAllocatorRef contentsDeallocator); 269 270//===----------------------------------------------------------------------===// 271// Test cases. 272//===----------------------------------------------------------------------===// 273 274void foo(id x) { 275 [x retain]; 276} 277 278void bar(id x) { 279 [x release]; 280} 281 282void test() { 283 NSString *s = [[NSString alloc] init]; // expected-warning {{Potential leak}} 284 foo(s); 285 foo(s); 286 bar(s); 287} 288void test_neg() { 289 NSString *s = [[NSString alloc] init]; // no-warning 290 foo(s); 291 foo(s); 292 bar(s); 293 bar(s); 294 bar(s); 295} 296 297//===----------------------------------------------------------------------===// 298// Test returning retained and not-retained values. 299//===----------------------------------------------------------------------===// 300 301// On return (intraprocedural), assume CF objects are leaked. 302CFStringRef test_return_ratained_CF(char *bytes) { 303 CFStringRef str; 304 return CFStringCreateWithCStringNoCopy(0, bytes, NSNEXTSTEPStringEncoding, 0); // expected-warning {{leak}} 305} 306 307// On return (intraprocedural), assume NSObjects are not leaked. 308id test_return_retained_NS() { 309 return [[NSString alloc] init]; // no-warning 310} 311 312void test_test_return_retained() { 313 id x = test_return_retained_NS(); // expected-warning {{leak}} 314 [x retain]; 315 [x release]; 316} 317 318//===----------------------------------------------------------------------===// 319// Test not applying "double effects" from inlining and RetainCountChecker summaries. 320// If we inline a call, we should already see its retain/release semantics. 321//===----------------------------------------------------------------------===// 322 323__attribute__((cf_returns_retained)) CFStringRef test_return_inline(CFStringRef x) { 324 CFRetain(x); 325 return x; 326} 327 328void test_test_return_inline(char *bytes) { 329 CFStringRef str = CFStringCreateWithCStringNoCopy(0, bytes, NSNEXTSTEPStringEncoding, 0); 330 // After this call, 'str' really has +2 reference count. 331 CFStringRef str2 = test_return_inline(str); 332 // After this call, 'str' really has a +1 reference count. 333 CFRelease(str); 334 // After this call, 'str2' and 'str' has a +0 reference count. 335 CFRelease(str2); 336} 337 338void test_test_return_inline_2(char *bytes) { 339 CFStringRef str = CFStringCreateWithCStringNoCopy(0, bytes, NSNEXTSTEPStringEncoding, 0); // expected-warning {{leak}} 340 // After this call, 'str' really has +2 reference count. 341 CFStringRef str2 = test_return_inline(str); 342 // After this call, 'str' really has a +1 reference count. 343 CFRelease(str); 344} 345 346extern CFStringRef getString(void); 347CFStringRef testCovariantReturnType(void) __attribute__((cf_returns_retained)); 348 349void usetestCovariantReturnType() { 350 CFStringRef S = ((void*)0); 351 S = testCovariantReturnType(); 352 if (S) 353 CFRelease(S); 354} 355 356CFStringRef testCovariantReturnType() { 357 CFStringRef Str = ((void*)0); 358 Str = getString(); 359 if (Str) { 360 CFRetain(Str); 361 } 362 return Str; 363} 364 365// Test that we reanalyze ObjC methods which have been inlined. When reanalyzing 366// them, make sure we inline very small functions. 367id returnInputParam(id x) { 368 return x; 369} 370 371@interface MyClass : NSObject 372- (id)test_reanalyze_as_top_level; 373- (void)test_inline_tiny_when_reanalyzing; 374- (void)inline_test_reanalyze_as_top_level; 375@end 376 377@implementation MyClass 378- (void)test_inline_tiny_when_reanalyzing { 379 id x = [[NSString alloc] init]; // no-warning 380 x = returnInputParam(x); 381 [x release]; 382} 383 384- (id)test_reanalyze_as_top_level { 385 // This method does not follow naming conventions, so a warning will be 386 // reported when it is reanalyzed at top level. 387 return [[NSString alloc] init]; // expected-warning {{leak}} 388} 389 390- (void)inline_test_reanalyze_as_top_level { 391 id x = [self test_reanalyze_as_top_level]; 392 [x release]; 393 [self test_inline_tiny_when_reanalyzing]; 394} 395@end 396