• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // RUN: %clang_cc1 -analyze -analyzer-checker=core,cplusplus.NewDelete -std=c++11 -fblocks -verify %s
2 // RUN: %clang_cc1 -analyze -analyzer-checker=core,alpha.cplusplus.NewDeleteLeaks -DLEAKS -std=c++11 -fblocks -verify %s
3 #include "Inputs/system-header-simulator-cxx.h"
4 
5 typedef __typeof__(sizeof(int)) size_t;
6 extern "C" void *malloc(size_t);
7 int *global;
8 
9 //------------------
10 // check for leaks
11 //------------------
12 
13 //----- Standard non-placement operators
testGlobalOpNew()14 void testGlobalOpNew() {
15   void *p = operator new(0);
16 }
17 #ifdef LEAKS
18 // expected-warning@-2{{Potential leak of memory pointed to by 'p'}}
19 #endif
20 
testGlobalOpNewArray()21 void testGlobalOpNewArray() {
22   void *p = operator new[](0);
23 }
24 #ifdef LEAKS
25 // expected-warning@-2{{Potential leak of memory pointed to by 'p'}}
26 #endif
27 
testGlobalNewExpr()28 void testGlobalNewExpr() {
29   int *p = new int;
30 }
31 #ifdef LEAKS
32 // expected-warning@-2{{Potential leak of memory pointed to by 'p'}}
33 #endif
34 
testGlobalNewExprArray()35 void testGlobalNewExprArray() {
36   int *p = new int[0];
37 }
38 #ifdef LEAKS
39 // expected-warning@-2{{Potential leak of memory pointed to by 'p'}}
40 #endif
41 
42 //----- Standard nothrow placement operators
testGlobalNoThrowPlacementOpNewBeforeOverload()43 void testGlobalNoThrowPlacementOpNewBeforeOverload() {
44   void *p = operator new(0, std::nothrow);
45 }
46 #ifdef LEAKS
47 // expected-warning@-2{{Potential leak of memory pointed to by 'p'}}
48 #endif
49 
testGlobalNoThrowPlacementExprNewBeforeOverload()50 void testGlobalNoThrowPlacementExprNewBeforeOverload() {
51   int *p = new(std::nothrow) int;
52 }
53 #ifdef LEAKS
54 // expected-warning@-2{{Potential leak of memory pointed to by 'p'}}
55 #endif
56 
57 //----- Standard pointer placement operators
testGlobalPointerPlacementNew()58 void testGlobalPointerPlacementNew() {
59   int i;
60 
61   void *p1 = operator new(0, &i); // no warn
62 
63   void *p2 = operator new[](0, &i); // no warn
64 
65   int *p3 = new(&i) int; // no warn
66 
67   int *p4 = new(&i) int[0]; // no warn
68 }
69 
70 //----- Other cases
testNewMemoryIsInHeap()71 void testNewMemoryIsInHeap() {
72   int *p = new int;
73   if (global != p) // condition is always true as 'p' wraps a heap region that
74                    // is different from a region wrapped by 'global'
75     global = p; // pointer escapes
76 }
77 
78 struct PtrWrapper {
79   int *x;
80 
PtrWrapperPtrWrapper81   PtrWrapper(int *input) : x(input) {}
82 };
83 
testNewInvalidationPlacement(PtrWrapper * w)84 void testNewInvalidationPlacement(PtrWrapper *w) {
85   // Ensure that we don't consider this a leak.
86   new (w) PtrWrapper(new int); // no warn
87 }
88 
89 //---------------
90 // other checks
91 //---------------
92 
93 class SomeClass {
94 public:
95   void f(int *p);
96 };
97 
98 void f(int *p1, int *p2 = 0, int *p3 = 0);
99 void g(SomeClass &c, ...);
100 
testUseFirstArgAfterDelete()101 void testUseFirstArgAfterDelete() {
102   int *p = new int;
103   delete p;
104   f(p); // expected-warning{{Use of memory after it is freed}}
105 }
106 
testUseMiddleArgAfterDelete(int * p)107 void testUseMiddleArgAfterDelete(int *p) {
108   delete p;
109   f(0, p); // expected-warning{{Use of memory after it is freed}}
110 }
111 
testUseLastArgAfterDelete(int * p)112 void testUseLastArgAfterDelete(int *p) {
113   delete p;
114   f(0, 0, p); // expected-warning{{Use of memory after it is freed}}
115 }
116 
testUseSeveralArgsAfterDelete(int * p)117 void testUseSeveralArgsAfterDelete(int *p) {
118   delete p;
119   f(p, p, p); // expected-warning{{Use of memory after it is freed}}
120 }
121 
testUseRefArgAfterDelete(SomeClass & c)122 void testUseRefArgAfterDelete(SomeClass &c) {
123   delete &c;
124   g(c); // expected-warning{{Use of memory after it is freed}}
125 }
126 
testVariadicArgAfterDelete()127 void testVariadicArgAfterDelete() {
128   SomeClass c;
129   int *p = new int;
130   delete p;
131   g(c, 0, p); // expected-warning{{Use of memory after it is freed}}
132 }
133 
testUseMethodArgAfterDelete(int * p)134 void testUseMethodArgAfterDelete(int *p) {
135   SomeClass *c = new SomeClass;
136   delete p;
137   c->f(p); // expected-warning{{Use of memory after it is freed}}
138 }
139 
testUseThisAfterDelete()140 void testUseThisAfterDelete() {
141   SomeClass *c = new SomeClass;
142   delete c;
143   c->f(0); // expected-warning{{Use of memory after it is freed}}
144 }
145 
testDeleteAlloca()146 void testDeleteAlloca() {
147   int *p = (int *)__builtin_alloca(sizeof(int));
148   delete p; // expected-warning{{Memory allocated by alloca() should not be deallocated}}
149 }
150 
testDoubleDelete()151 void testDoubleDelete() {
152   int *p = new int;
153   delete p;
154   delete p; // expected-warning{{Attempt to free released memory}}
155 }
156 
testExprDeleteArg()157 void testExprDeleteArg() {
158   int i;
159   delete &i; // expected-warning{{Argument to 'delete' is the address of the local variable 'i', which is not memory allocated by 'new'}}
160 }
161 
testExprDeleteArrArg()162 void testExprDeleteArrArg() {
163   int i;
164   delete[] &i; // expected-warning{{Argument to 'delete[]' is the address of the local variable 'i', which is not memory allocated by 'new[]'}}
165 }
166 
testAllocDeallocNames()167 void testAllocDeallocNames() {
168   int *p = new(std::nothrow) int[1];
169   delete[] (++p); // expected-warning{{Argument to 'delete[]' is offset by 4 bytes from the start of memory allocated by 'new[]'}}
170 }
171 
172 //--------------------------------
173 // Test escape of newed const pointer. Note, a const pointer can be deleted.
174 //--------------------------------
175 struct StWithConstPtr {
176   const int *memp;
177 };
178 void escape(const int &x);
179 void escapeStruct(const StWithConstPtr &x);
180 void escapePtr(const StWithConstPtr *x);
181 void escapeVoidPtr(const void *x);
182 
testConstEscape()183 void testConstEscape() {
184   int *p = new int(1);
185   escape(*p);
186 } // no-warning
187 
testConstEscapeStruct()188 void testConstEscapeStruct() {
189   StWithConstPtr *St = new StWithConstPtr();
190   escapeStruct(*St);
191 } // no-warning
192 
testConstEscapeStructPtr()193 void testConstEscapeStructPtr() {
194   StWithConstPtr *St = new StWithConstPtr();
195   escapePtr(St);
196 } // no-warning
197 
testConstEscapeMember()198 void testConstEscapeMember() {
199   StWithConstPtr St;
200   St.memp = new int(2);
201   escapeVoidPtr(St.memp);
202 } // no-warning
203 
testConstEscapePlacementNew()204 void testConstEscapePlacementNew() {
205   int *x = (int *)malloc(sizeof(int));
206   void *y = new (x) int;
207   escapeVoidPtr(y);
208 } // no-warning
209 
210 
211 namespace reference_count {
212   class control_block {
213     unsigned count;
214   public:
control_block()215     control_block() : count(0) {}
retain()216     void retain() { ++count; }
release()217     int release() { return --count; }
218   };
219 
220   template <typename T>
221   class shared_ptr {
222     T *p;
223     control_block *control;
224 
225   public:
shared_ptr()226     shared_ptr() : p(0), control(0) {}
shared_ptr(T * p)227     explicit shared_ptr(T *p) : p(p), control(new control_block) {
228       control->retain();
229     }
shared_ptr(shared_ptr & other)230     shared_ptr(shared_ptr &other) : p(other.p), control(other.control) {
231       if (control)
232           control->retain();
233     }
~shared_ptr()234     ~shared_ptr() {
235       if (control && control->release() == 0) {
236         delete p;
237         delete control;
238       }
239     };
240 
operator *()241     T &operator *() {
242       return *p;
243     };
244 
swap(shared_ptr & other)245     void swap(shared_ptr &other) {
246       T *tmp = p;
247       p = other.p;
248       other.p = tmp;
249 
250       control_block *ctrlTmp = control;
251       control = other.control;
252       other.control = ctrlTmp;
253     }
254   };
255 
testSingle()256   void testSingle() {
257     shared_ptr<int> a(new int);
258     *a = 1;
259   }
260 
testDouble()261   void testDouble() {
262     shared_ptr<int> a(new int);
263     shared_ptr<int> b = a;
264     *a = 1;
265   }
266 
testInvalidated()267   void testInvalidated() {
268     shared_ptr<int> a(new int);
269     shared_ptr<int> b = a;
270     *a = 1;
271 
272     extern void use(shared_ptr<int> &);
273     use(b);
274   }
275 
testNestedScope()276   void testNestedScope() {
277     shared_ptr<int> a(new int);
278     {
279       shared_ptr<int> b = a;
280     }
281     *a = 1;
282   }
283 
testSwap()284   void testSwap() {
285     shared_ptr<int> a(new int);
286     shared_ptr<int> b;
287     shared_ptr<int> c = a;
288     shared_ptr<int>(c).swap(b);
289   }
290 
testUseAfterFree()291   void testUseAfterFree() {
292     int *p = new int;
293     {
294       shared_ptr<int> a(p);
295       shared_ptr<int> b = a;
296     }
297 
298     // FIXME: We should get a warning here, but we don't because we've
299     // conservatively modeled ~shared_ptr.
300     *p = 1;
301   }
302 }
303 
304