test/Analysis/Malloc+MismatchedDeallocator+NewDelete.cpp

// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.Malloc,unix.MismatchedDeallocator,cplusplus.NewDelete -std=c++11 -verify %s
// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.Malloc,unix.MismatchedDeallocator,cplusplus.NewDelete,cplusplus.NewDeleteLeaks -DLEAKS -std=c++11 -verify %s

#include "Inputs/system-header-simulator-for-malloc.h"

//--------------------------------------------------
// Check that unix.Malloc catches all types of bugs.
//--------------------------------------------------
void testMallocDoubleFree() {
  int *p = (int *)malloc(sizeof(int));
  free(p);
  free(p); // expected-warning{{Attempt to free released memory}}
}

void testMallocLeak() {
  int *p = (int *)malloc(sizeof(int));
} // expected-warning{{Potential leak of memory pointed to by 'p'}}

void testMallocUseAfterFree() {
  int *p = (int *)malloc(sizeof(int));
  free(p);
  int j = *p; // expected-warning{{Use of memory after it is freed}}
}

void testMallocBadFree() {
  int i;
  free(&i); // expected-warning{{Argument to free() is the address of the local variable 'i', which is not memory allocated by malloc()}}
}

void testMallocOffsetFree() {
  int *p = (int *)malloc(sizeof(int));
  free(++p); // expected-warning{{Argument to free() is offset by 4 bytes from the start of memory allocated by malloc()}}
}

//-----------------------------------------------------------------
// Check that unix.MismatchedDeallocator catches all types of bugs.
//-----------------------------------------------------------------
void testMismatchedDeallocator() {
  int *x = (int *)malloc(sizeof(int));
  delete x; // expected-warning{{Memory allocated by malloc() should be deallocated by free(), not 'delete'}}
}

//----------------------------------------------------------------
// Check that alpha.cplusplus.NewDelete catches all types of bugs.
//----------------------------------------------------------------
void testNewDoubleFree() {
  int *p = new int;
  delete p;
  delete p; // expected-warning{{Attempt to free released memory}}
}

void testNewLeak() {
  int *p = new int;
}
#ifdef LEAKS
// expected-warning@-2 {{Potential leak of memory pointed to by 'p'}}
#endif

void testNewUseAfterFree() {
  int *p = (int *)operator new(0);
  delete p;
  int j = *p; // expected-warning{{Use of memory after it is freed}}
}

void testNewBadFree() {
  int i;
  delete &i; // expected-warning{{Argument to 'delete' is the address of the local variable 'i', which is not memory allocated by 'new'}}
}

void testNewOffsetFree() {
  int *p = new int;
  operator delete(++p); // expected-warning{{Argument to operator delete is offset by 4 bytes from the start of memory allocated by 'new'}}
}

//----------------------------------------------------------------
// Test that we check for free errors on escaped pointers.
//----------------------------------------------------------------
void changePtr(int **p);
static int *globalPtr;
void changePointee(int *p);

void testMismatchedChangePtrThroughCall() {
  int *p = (int*)malloc(sizeof(int)*4);
  changePtr(&p);
  delete p; // no-warning the value of the pointer might have changed
}

void testMismatchedChangePointeeThroughCall() {
  int *p = (int*)malloc(sizeof(int)*4);
  changePointee(p);
  delete p; // expected-warning{{Memory allocated by malloc() should be deallocated by free(), not 'delete'}}
}

void testShouldReportDoubleFreeNotMismatched() {
  int *p = (int*)malloc(sizeof(int)*4);
  globalPtr = p;
  free(p);
  delete globalPtr; // expected-warning {{Attempt to free released memory}}
}
int *allocIntArray(unsigned c) {
  return new int[c];
}
void testMismatchedChangePointeeThroughAssignment() {
  int *arr = allocIntArray(4);
  globalPtr = arr;
  delete arr; // expected-warning{{Memory allocated by 'new[]' should be deallocated by 'delete[]', not 'delete'}}
}