// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.Malloc,unix.MismatchedDeallocator,cplusplus.NewDelete -std=c++11 -verify %s
// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.Malloc,unix.MismatchedDeallocator,cplusplus.NewDelete,cplusplus.NewDeleteLeaks -DLEAKS -std=c++11 -verify %s
#include "Inputs/system-header-simulator-for-malloc.h"
//--------------------------------------------------
// Check that unix.Malloc catches all types of bugs.
//--------------------------------------------------
void testMallocDoubleFree() {
int *p = (int *)malloc(sizeof(int));
free(p);
free(p); // expected-warning{{Attempt to free released memory}}
}
void testMallocLeak() {
int *p = (int *)malloc(sizeof(int));
} // expected-warning{{Potential leak of memory pointed to by 'p'}}
void testMallocUseAfterFree() {
int *p = (int *)malloc(sizeof(int));
free(p);
int j = *p; // expected-warning{{Use of memory after it is freed}}
}
void testMallocBadFree() {
int i;
free(&i); // expected-warning{{Argument to 'free()' is the address of the local variable 'i', which is not memory allocated by 'malloc()'}}
}
void testMallocOffsetFree() {
int *p = (int *)malloc(sizeof(int));
free(++p); // expected-warning{{Argument to 'free()' is offset by 4 bytes from the start of memory allocated by 'malloc()'}}
}
//-----------------------------------------------------------------
// Check that unix.MismatchedDeallocator catches all types of bugs.
//-----------------------------------------------------------------
void testMismatchedDeallocator() {
int *x = (int *)malloc(sizeof(int));
delete x; // expected-warning{{Memory allocated by 'malloc()' should be deallocated by 'free()', not 'delete'}}
}
//----------------------------------------------------------------
// Check that alpha.cplusplus.NewDelete catches all types of bugs.
//----------------------------------------------------------------
void testNewDoubleFree() {
int *p = new int;
delete p;
delete p; // expected-warning{{Attempt to free released memory}}
}
void testNewLeak() {
int *p = new int;
}
#ifdef LEAKS
// expected-warning@-2 {{Potential leak of memory pointed to by 'p'}}
#endif
void testNewUseAfterFree() {
int *p = (int *)operator new(0);
delete p;
int j = *p; // expected-warning{{Use of memory after it is freed}}
}
void testNewBadFree() {
int i;
delete &i; // expected-warning{{Argument to 'delete' is the address of the local variable 'i', which is not memory allocated by 'new'}}
}
void testNewOffsetFree() {
int *p = new int;
operator delete(++p); // expected-warning{{Argument to 'operator delete' is offset by 4 bytes from the start of memory allocated by 'new'}}
}
//----------------------------------------------------------------
// Test that we check for free errors on escaped pointers.
//----------------------------------------------------------------
void changePtr(int **p);
static int *globalPtr;
void changePointee(int *p);
void testMismatchedChangePtrThroughCall() {
int *p = (int*)malloc(sizeof(int)*4);
changePtr(&p);
delete p; // no-warning the value of the pointer might have changed
}
void testMismatchedChangePointeeThroughCall() {
int *p = (int*)malloc(sizeof(int)*4);
changePointee(p);
delete p; // expected-warning{{Memory allocated by 'malloc()' should be deallocated by 'free()', not 'delete'}}
}
void testShouldReportDoubleFreeNotMismatched() {
int *p = (int*)malloc(sizeof(int)*4);
globalPtr = p;
free(p);
delete globalPtr; // expected-warning {{Attempt to free released memory}}
}
int *allocIntArray(unsigned c) {
return new int[c];
}
void testMismatchedChangePointeeThroughAssignment() {
int *arr = allocIntArray(4);
globalPtr = arr;
delete arr; // expected-warning{{Memory allocated by 'new[]' should be deallocated by 'delete[]', not 'delete'}}
}