xref: /minix3/external/bsd/llvm/dist/clang/test/Analysis/malloc-annotations.c (revision f4a2713ac843a11c696ec80c0a5e3e5d80b4d338)

// RUN: %clang_cc1 -analyze -analyzer-checker=core,alpha.deadcode.UnreachableCode,alpha.core.CastSize,alpha.unix.MallocWithAnnotations -analyzer-store=region -verify %s
typedef __typeof(sizeof(int)) size_t;
void *malloc(size_t);
void free(void *);
void *realloc(void *ptr, size_t size);
void *calloc(size_t nmemb, size_t size);
void __attribute((ownership_returns(malloc))) *my_malloc(size_t);
void __attribute((ownership_takes(malloc, 1))) my_free(void *);
void my_freeBoth(void *, void *)
       __attribute((ownership_holds(malloc, 1, 2)));
void __attribute((ownership_returns(malloc, 1))) *my_malloc2(size_t);
void __attribute((ownership_holds(malloc, 1))) my_hold(void *);

// Duplicate attributes are silly, but not an error.
// Duplicate attribute has no extra effect.
// If two are of different kinds, that is an error and reported as such.
void __attribute((ownership_holds(malloc, 1)))
__attribute((ownership_holds(malloc, 1)))
__attribute((ownership_holds(malloc, 3))) my_hold2(void *, void *, void *);
void *my_malloc3(size_t);
void *myglobalpointer;
struct stuff {
  void *somefield;
};
struct stuff myglobalstuff;

void f1() {
  int *p = malloc(12);
  return; // expected-warning{{Potential leak of memory pointed to by}}
}

void f2() {
  int *p = malloc(12);
  free(p);
  free(p); // expected-warning{{Attempt to free released memory}}
}

void f2_realloc_0() {
  int *p = malloc(12);
  realloc(p,0);
  realloc(p,0); // expected-warning{{Attempt to free released memory}}
}

void f2_realloc_1() {
  int *p = malloc(12);
  int *q = realloc(p,0); // no-warning
}

// ownership attributes tests
void naf1() {
  int *p = my_malloc3(12);
  return; // no-warning
}

void n2af1() {
  int *p = my_malloc2(12);
  return; // expected-warning{{Potential leak of memory pointed to by}}
}

void af1() {
  int *p = my_malloc(12);
  return; // expected-warning{{Potential leak of memory pointed to by}}
}

void af1_b() {
  int *p = my_malloc(12);
} // expected-warning{{Potential leak of memory pointed to by}}

void af1_c() {
  myglobalpointer = my_malloc(12); // no-warning
}

void af1_d() {
  struct stuff mystuff;
  mystuff.somefield = my_malloc(12);
} // expected-warning{{Potential leak of memory pointed to by}}

// Test that we can pass out allocated memory via pointer-to-pointer.
void af1_e(void **pp) {
  *pp = my_malloc(42); // no-warning
}

void af1_f(struct stuff *somestuff) {
  somestuff->somefield = my_malloc(12); // no-warning
}

// Allocating memory for a field via multiple indirections to our arguments is OK.
void af1_g(struct stuff **pps) {
  *pps = my_malloc(sizeof(struct stuff)); // no-warning
  (*pps)->somefield = my_malloc(42); // no-warning
}

void af2() {
  int *p = my_malloc(12);
  my_free(p);
  free(p); // expected-warning{{Attempt to free released memory}}
}

void af2b() {
  int *p = my_malloc(12);
  free(p);
  my_free(p); // expected-warning{{Attempt to free released memory}}
}

void af2c() {
  int *p = my_malloc(12);
  free(p);
  my_hold(p); // expected-warning{{Attempt to free released memory}}
}

void af2d() {
  int *p = my_malloc(12);
  free(p);
  my_hold2(0, 0, p); // expected-warning{{Attempt to free released memory}}
}

// No leak if malloc returns null.
void af2e() {
  int *p = my_malloc(12);
  if (!p)
    return; // no-warning
  free(p); // no-warning
}

// This case inflicts a possible double-free.
void af3() {
  int *p = my_malloc(12);
  my_hold(p);
  free(p); // expected-warning{{Attempt to free non-owned memory}}
}

int * af4() {
  int *p = my_malloc(12);
  my_free(p);
  return p; // expected-warning{{Use of memory after it is freed}}
}

// This case is (possibly) ok, be conservative
int * af5() {
  int *p = my_malloc(12);
  my_hold(p);
  return p; // no-warning
}



// This case tests that storing malloc'ed memory to a static variable which is
// then returned is not leaked.  In the absence of known contracts for functions
// or inter-procedural analysis, this is a conservative answer.
int *f3() {
  static int *p = 0;
  p = malloc(12);
  return p; // no-warning
}

// This case tests that storing malloc'ed memory to a static global variable
// which is then returned is not leaked.  In the absence of known contracts for
// functions or inter-procedural analysis, this is a conservative answer.
static int *p_f4 = 0;
int *f4() {
  p_f4 = malloc(12);
  return p_f4; // no-warning
}

int *f5() {
  int *q = malloc(12);
  q = realloc(q, 20);
  return q; // no-warning
}

void f6() {
  int *p = malloc(12);
  if (!p)
    return; // no-warning
  else
    free(p);
}

void f6_realloc() {
  int *p = malloc(12);
  if (!p)
    return; // no-warning
  else
    realloc(p,0);
}


char *doit2();
void pr6069() {
  char *buf = doit2();
  free(buf);
}

void pr6293() {
  free(0);
}

void f7() {
  char *x = (char*) malloc(4);
  free(x);
  x[0] = 'a'; // expected-warning{{Use of memory after it is freed}}
}

void f7_realloc() {
  char *x = (char*) malloc(4);
  realloc(x,0);
  x[0] = 'a'; // expected-warning{{Use of memory after it is freed}}
}

void PR6123() {
  int *x = malloc(11); // expected-warning{{Cast a region whose size is not a multiple of the destination type size}}
}

void PR7217() {
  int *buf = malloc(2); // expected-warning{{Cast a region whose size is not a multiple of the destination type size}}
  buf[1] = 'c'; // not crash
}

void mallocCastToVoid() {
  void *p = malloc(2);
  const void *cp = p; // not crash
  free(p);
}

void mallocCastToFP() {
  void *p = malloc(2);
  void (*fp)() = p; // not crash
  free(p);
}

// This tests that malloc() buffers are undefined by default
char mallocGarbage () {
  char *buf = malloc(2);
  char result = buf[1]; // expected-warning{{undefined}}
  free(buf);
  return result;
}

// This tests that calloc() buffers need to be freed
void callocNoFree () {
  char *buf = calloc(2,2);
  return; // expected-warning{{Potential leak of memory pointed to by}}
}

// These test that calloc() buffers are zeroed by default
char callocZeroesGood () {
  char *buf = calloc(2,2);
  char result = buf[3]; // no-warning
  if (buf[1] == 0) {
    free(buf);
  }
  return result; // no-warning
}

char callocZeroesBad () {
  char *buf = calloc(2,2);
  char result = buf[3]; // no-warning
  if (buf[1] != 0) {
    free(buf); // expected-warning{{never executed}}
  }
  return result; // expected-warning{{Potential leak of memory pointed to by}}
}

void testMultipleFreeAnnotations() {
  int *p = malloc(12);
  int *q = malloc(12);
  my_freeBoth(p, q);
}