r261917 - [analyzer] Make ObjCDeallocChecker path sensitive.
Devin Coughlin via cfe-commits
cfe-commits at lists.llvm.org
Thu Feb 25 10:55:24 PST 2016
Author: dcoughlin
Date: Thu Feb 25 12:55:24 2016
New Revision: 261917
URL: http://llvm.org/viewvc/llvm-project?rev=261917&view=rev
Log:
[analyzer] Make ObjCDeallocChecker path sensitive.
Convert the ObjCDeallocChecker to be path sensitive. The primary
motivation for this change is to prevent false positives when -dealloc calls
helper invalidation methods to release instance variables, but it additionally
improves precision when -dealloc contains control flow. It also reduces the need
for pattern matching. The check for missing -dealloc methods remains AST-based.
Part of rdar://problem/6927496
Differential Revision: http://reviews.llvm.org/D17511
Modified:
cfe/trunk/lib/StaticAnalyzer/Checkers/CheckObjCDealloc.cpp
cfe/trunk/test/Analysis/DeallocMissingRelease.m
cfe/trunk/test/Analysis/MissingDealloc.m
cfe/trunk/test/Analysis/PR2978.m
cfe/trunk/test/Analysis/properties.m
Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/CheckObjCDealloc.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/CheckObjCDealloc.cpp?rev=261917&r1=261916&r2=261917&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Checkers/CheckObjCDealloc.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/CheckObjCDealloc.cpp Thu Feb 25 12:55:24 2016
@@ -7,9 +7,24 @@
//
//===----------------------------------------------------------------------===//
//
-// This file defines a CheckObjCDealloc, a checker that
-// analyzes an Objective-C class's implementation to determine if it
-// correctly implements -dealloc.
+// This checker analyzes Objective-C -dealloc methods and their callees
+// to warn about improper releasing of instance variables that back synthesized
+// properties. It warns about missing releases in the following cases:
+// - When a class has a synthesized instance variable for a 'retain' or 'copy'
+// property and lacks a -dealloc method in its implementation.
+// - When a class has a synthesized instance variable for a 'retain'/'copy'
+// property but the ivar is not released in -dealloc by either -release
+// or by nilling out the property.
+//
+// It warns about extra releases in -dealloc (but not in callees) when a
+// synthesized instance variable is released in the following cases:
+// - When the property is 'assign' and is not 'readonly'.
+// - When the property is 'weak'.
+//
+// This checker only warns for instance variables synthesized to back
+// properties. Handling the more general case would require inferring whether
+// an instance variable is stored retained or not. For synthesized properties,
+// this is specified in the property declaration itself.
//
//===----------------------------------------------------------------------===//
@@ -20,71 +35,36 @@
#include "clang/AST/ExprObjC.h"
#include "clang/Basic/LangOptions.h"
#include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h"
+#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
#include "clang/StaticAnalyzer/Core/BugReporter/PathDiagnostic.h"
#include "clang/StaticAnalyzer/Core/Checker.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h"
+#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"
+#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
+#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h"
+#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramStateTrait.h"
+#include "clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h"
#include "llvm/Support/raw_ostream.h"
using namespace clang;
using namespace ento;
-// FIXME: This was taken from IvarInvalidationChecker.cpp
-static const Expr *peel(const Expr *E) {
- E = E->IgnoreParenCasts();
- if (const PseudoObjectExpr *POE = dyn_cast<PseudoObjectExpr>(E))
- E = POE->getSyntacticForm()->IgnoreParenCasts();
- if (const OpaqueValueExpr *OVE = dyn_cast<OpaqueValueExpr>(E))
- E = OVE->getSourceExpr()->IgnoreParenCasts();
- return E;
-}
-
-static bool scan_ivar_release(Stmt *S, const ObjCIvarDecl *ID,
- const ObjCPropertyDecl *PD,
- Selector Release,
- IdentifierInfo* SelfII,
- ASTContext &Ctx) {
-
- // [mMyIvar release]
- if (ObjCMessageExpr *ME = dyn_cast<ObjCMessageExpr>(S))
- if (ME->getSelector() == Release)
- if (ME->getInstanceReceiver())
- if (const Expr *Receiver = peel(ME->getInstanceReceiver()))
- if (auto *E = dyn_cast<ObjCIvarRefExpr>(Receiver))
- if (E->getDecl() == ID)
- return true;
-
- // [self setMyIvar:nil];
- if (ObjCMessageExpr *ME = dyn_cast<ObjCMessageExpr>(S))
- if (ME->getInstanceReceiver())
- if (const Expr *Receiver = peel(ME->getInstanceReceiver()))
- if (auto *E = dyn_cast<DeclRefExpr>(Receiver))
- if (E->getDecl()->getIdentifier() == SelfII)
- if (ME->getMethodDecl() == PD->getSetterMethodDecl() &&
- ME->getNumArgs() == 1 &&
- peel(ME->getArg(0))->isNullPointerConstant(Ctx,
- Expr::NPC_ValueDependentIsNull))
- return true;
-
- // self.myIvar = nil;
- if (BinaryOperator* BO = dyn_cast<BinaryOperator>(S))
- if (BO->isAssignmentOp())
- if (auto *PRE = dyn_cast<ObjCPropertyRefExpr>(peel(BO->getLHS())))
- if (PRE->isExplicitProperty() && PRE->getExplicitProperty() == PD)
- if (peel(BO->getRHS())->isNullPointerConstant(Ctx,
- Expr::NPC_ValueDependentIsNull)) {
- // This is only a 'release' if the property kind is not
- // 'assign'.
- return PD->getSetterKind() != ObjCPropertyDecl::Assign;
- }
-
- // Recurse to children.
- for (Stmt *SubStmt : S->children())
- if (SubStmt && scan_ivar_release(SubStmt, ID, PD, Release, SelfII, Ctx))
- return true;
+/// Indicates whether an instance variable is required to be released in
+/// -dealloc.
+enum class ReleaseRequirement {
+ /// The instance variable must be released, either by calling
+ /// -release on it directly or by nilling it out with a property setter.
+ MustRelease,
- return false;
-}
+ /// The instance variable must not be directly released with -release.
+ MustNotReleaseDirectly,
+
+ /// The requirement for the instance variable could not be determined.
+ Unknown
+};
+/// Returns true if the property implementation is synthesized and the
+/// type of the property is retainable.
static bool isSynthesizedRetainableProperty(const ObjCPropertyImplDecl *I,
const ObjCIvarDecl **ID,
const ObjCPropertyDecl **PD) {
@@ -107,33 +87,104 @@ static bool isSynthesizedRetainablePrope
return true;
}
-static bool synthesizedPropertyRequiresRelease(const ObjCPropertyDecl *PD) {
- // A synthesized property must be released if and only if the kind of setter
- // was neither 'assign' or 'weak'.
- ObjCPropertyDecl::SetterKind SK = PD->getSetterKind();
- return (SK != ObjCPropertyDecl::Assign && SK != ObjCPropertyDecl::Weak);
-}
+namespace {
+
+class ObjCDeallocChecker
+ : public Checker<check::ASTDecl<ObjCImplementationDecl>,
+ check::PreObjCMessage, check::PostObjCMessage,
+ check::BeginFunction, check::EndFunction,
+ check::PointerEscape,
+ check::PreStmt<ReturnStmt>> {
+
+ mutable IdentifierInfo *NSObjectII, *SenTestCaseII;
+ mutable Selector DeallocSel, ReleaseSel;
+
+ std::unique_ptr<BugType> MissingReleaseBugType;
+ std::unique_ptr<BugType> ExtraReleaseBugType;
+
+public:
+ ObjCDeallocChecker();
+
+ void checkASTDecl(const ObjCImplementationDecl *D, AnalysisManager& Mgr,
+ BugReporter &BR) const;
+ void checkBeginFunction(CheckerContext &Ctx) const;
+ void checkPreObjCMessage(const ObjCMethodCall &M, CheckerContext &C) const;
+ void checkPostObjCMessage(const ObjCMethodCall &M, CheckerContext &C) const;
+
+ ProgramStateRef checkPointerEscape(ProgramStateRef State,
+ const InvalidatedSymbols &Escaped,
+ const CallEvent *Call,
+ PointerEscapeKind Kind) const;
+ void checkPreStmt(const ReturnStmt *RS, CheckerContext &C) const;
+ void checkEndFunction(CheckerContext &Ctx) const;
+
+private:
+ void diagnoseMissingReleases(CheckerContext &C) const;
+
+ bool diagnoseExtraRelease(SymbolRef ReleasedValue, const ObjCMethodCall &M,
+ CheckerContext &C) const;
+
+ SymbolRef getValueExplicitlyReleased(const ObjCMethodCall &M,
+ CheckerContext &C) const;
+ SymbolRef getValueReleasedByNillingOut(const ObjCMethodCall &M,
+ CheckerContext &C) const;
+
+ SymbolRef getInstanceSymbolFromIvarSymbol(SymbolRef IvarSym) const;
+
+ ReleaseRequirement
+ getDeallocReleaseRequirement(const ObjCPropertyImplDecl *PropImpl) const;
+
+ bool isInInstanceDealloc(const CheckerContext &C, SVal &SelfValOut) const;
+ bool isInInstanceDealloc(const CheckerContext &C, const LocationContext *LCtx,
+ SVal &SelfValOut) const;
+ bool instanceDeallocIsOnStack(const CheckerContext &C,
+ SVal &InstanceValOut) const;
+
+ bool isSuperDeallocMessage(const ObjCMethodCall &M) const;
+
+ const ObjCImplDecl *getContainingObjCImpl(const LocationContext *LCtx) const;
+
+ const ObjCPropertyDecl *
+ findShadowedPropertyDecl(const ObjCPropertyImplDecl *PropImpl) const;
+
+ ProgramStateRef removeValueRequiringRelease(ProgramStateRef State,
+ SymbolRef InstanceSym,
+ SymbolRef ValueSym) const;
+
+ void initIdentifierInfoAndSelectors(ASTContext &Ctx) const;
+
+ bool classHasSeparateTeardown(const ObjCInterfaceDecl *ID) const;
+};
+} // End anonymous namespace.
+
+typedef llvm::ImmutableSet<SymbolRef> SymbolSet;
-static void checkObjCDealloc(const CheckerBase *Checker,
- const ObjCImplementationDecl *D,
- const LangOptions &LOpts, BugReporter &BR) {
+/// Maps from the symbol for a class instance to the set of
+/// symbols remaining that must be released in -dealloc.
+REGISTER_MAP_WITH_PROGRAMSTATE(UnreleasedIvarMap, SymbolRef, SymbolSet);
+
+template<> struct ProgramStateTrait<SymbolSet>
+: public ProgramStatePartialTrait<SymbolSet> {
+ static void *GDMIndex() { static int index = 0; return &index; }
+};
- assert(LOpts.getGC() != LangOptions::GCOnly);
- assert(!LOpts.ObjCAutoRefCount);
- ASTContext &Ctx = BR.getContext();
+/// An AST check that diagnose when the class requires a -dealloc method and
+/// is missing one.
+void ObjCDeallocChecker::checkASTDecl(const ObjCImplementationDecl *D,
+ AnalysisManager &Mgr,
+ BugReporter &BR) const {
+ assert(Mgr.getLangOpts().getGC() != LangOptions::GCOnly);
+ assert(!Mgr.getLangOpts().ObjCAutoRefCount);
+ initIdentifierInfoAndSelectors(Mgr.getASTContext());
+
const ObjCInterfaceDecl *ID = D->getClassInterface();
// Does the class contain any synthesized properties that are retainable?
// If not, skip the check entirely.
bool containsRetainedSynthesizedProperty = false;
for (const auto *I : D->property_impls()) {
- const ObjCIvarDecl *ID = nullptr;
- const ObjCPropertyDecl *PD = nullptr;
- if (!isSynthesizedRetainableProperty(I, &ID, &PD))
- continue;
-
- if (synthesizedPropertyRequiresRelease(PD)) {
+ if (getDeallocReleaseRequirement(I) == ReleaseRequirement::MustRelease) {
containsRetainedSynthesizedProperty = true;
break;
}
@@ -142,136 +193,658 @@ static void checkObjCDealloc(const Check
if (!containsRetainedSynthesizedProperty)
return;
- // Determine if the class subclasses NSObject.
- IdentifierInfo* NSObjectII = &Ctx.Idents.get("NSObject");
- IdentifierInfo* SenTestCaseII = &Ctx.Idents.get("SenTestCase");
-
- for ( ; ID ; ID = ID->getSuperClass()) {
- IdentifierInfo *II = ID->getIdentifier();
-
- if (II == NSObjectII)
- break;
-
- // FIXME: For now, ignore classes that subclass SenTestCase, as these don't
- // need to implement -dealloc. They implement tear down in another way,
- // which we should try and catch later.
- // http://llvm.org/bugs/show_bug.cgi?id=3187
- if (II == SenTestCaseII)
- return;
- }
-
- if (!ID)
+ // If the class is known to have a lifecycle with a separate teardown method
+ // then it may not require a -dealloc method.
+ if (classHasSeparateTeardown(ID))
return;
- // Get the "dealloc" selector.
- IdentifierInfo* II = &Ctx.Idents.get("dealloc");
- Selector S = Ctx.Selectors.getSelector(0, &II);
const ObjCMethodDecl *MD = nullptr;
// Scan the instance methods for "dealloc".
for (const auto *I : D->instance_methods()) {
- if (I->getSelector() == S) {
+ if (I->getSelector() == DeallocSel) {
MD = I;
break;
}
}
if (!MD) { // No dealloc found.
+ const char* Name = "Missing -dealloc";
- const char* name = LOpts.getGC() == LangOptions::NonGC
- ? "missing -dealloc"
- : "missing -dealloc (Hybrid MM, non-GC)";
-
- std::string buf;
- llvm::raw_string_ostream os(buf);
- os << "Objective-C class '" << *D << "' lacks a 'dealloc' instance method";
+ std::string Buf;
+ llvm::raw_string_ostream OS(Buf);
+ OS << "Objective-C class '" << *D << "' lacks a 'dealloc' instance method";
PathDiagnosticLocation DLoc =
PathDiagnosticLocation::createBegin(D, BR.getSourceManager());
- BR.EmitBasicReport(D, Checker, name, categories::CoreFoundationObjectiveC,
- os.str(), DLoc);
+ BR.EmitBasicReport(D, this, Name, categories::CoreFoundationObjectiveC,
+ OS.str(), DLoc);
return;
}
+}
- // Get the "release" selector.
- IdentifierInfo* RII = &Ctx.Idents.get("release");
- Selector RS = Ctx.Selectors.getSelector(0, &RII);
+/// If this is the beginning of -dealloc, mark the values initially stored in
+/// instance variables that must be released by the end of -dealloc
+/// as unreleased in the state.
+void ObjCDeallocChecker::checkBeginFunction(
+ CheckerContext &C) const {
+ initIdentifierInfoAndSelectors(C.getASTContext());
+
+ // Only do this if the current method is -dealloc.
+ SVal SelfVal;
+ if (!isInInstanceDealloc(C, SelfVal))
+ return;
- // Get the "self" identifier
- IdentifierInfo* SelfII = &Ctx.Idents.get("self");
+ SymbolRef SelfSymbol = SelfVal.getAsSymbol();
- // Scan for missing and extra releases of ivars used by implementations
- // of synthesized properties
- for (const auto *I : D->property_impls()) {
- const ObjCIvarDecl *ID = nullptr;
- const ObjCPropertyDecl *PD = nullptr;
- if (!isSynthesizedRetainableProperty(I, &ID, &PD))
+ const LocationContext *LCtx = C.getLocationContext();
+ ProgramStateRef InitialState = C.getState();
+
+ ProgramStateRef State = InitialState;
+
+ SymbolSet::Factory &F = State->getStateManager().get_context<SymbolSet>();
+
+ // Symbols that must be released by the end of the -dealloc;
+ SymbolSet RequiredReleases = F.getEmptySet();
+
+ // If we're an inlined -dealloc, we should add our symbols to the existing
+ // set from our subclass.
+ if (const SymbolSet *CurrSet = State->get<UnreleasedIvarMap>(SelfSymbol))
+ RequiredReleases = *CurrSet;
+
+ for (auto *PropImpl : getContainingObjCImpl(LCtx)->property_impls()) {
+ ReleaseRequirement Requirement = getDeallocReleaseRequirement(PropImpl);
+ if (Requirement != ReleaseRequirement::MustRelease)
continue;
- bool requiresRelease = synthesizedPropertyRequiresRelease(PD);
- if (scan_ivar_release(MD->getBody(), ID, PD, RS, SelfII, Ctx)
- != requiresRelease) {
- const char *name = nullptr;
- std::string buf;
- llvm::raw_string_ostream os(buf);
-
- if (requiresRelease) {
- name = LOpts.getGC() == LangOptions::NonGC
- ? "missing ivar release (leak)"
- : "missing ivar release (Hybrid MM, non-GC)";
-
- os << "The '" << *ID << "' instance variable in '" << *D
- << "' was retained by a synthesized property "
- "but was not released in 'dealloc'";
- } else {
- // It is common for the ivars for read-only assign properties to
- // always be stored retained, so don't warn for a release in
- // dealloc for the ivar backing these properties.
- if (PD->isReadOnly())
- continue;
-
- name = LOpts.getGC() == LangOptions::NonGC
- ? "extra ivar release (use-after-release)"
- : "extra ivar release (Hybrid MM, non-GC)";
-
- os << "The '" << *ID << "' instance variable in '" << *D
- << "' was not retained by a synthesized property "
- "but was released in 'dealloc'";
- }
-
- // If @synthesize statement is missing, fall back to @property statement.
- const Decl *SPDecl = I->getLocation().isValid()
- ? static_cast<const Decl *>(I)
- : static_cast<const Decl *>(PD);
- PathDiagnosticLocation SPLoc =
- PathDiagnosticLocation::createBegin(SPDecl, BR.getSourceManager());
+ SVal LVal = State->getLValue(PropImpl->getPropertyIvarDecl(), SelfVal);
+ Optional<Loc> LValLoc = LVal.getAs<Loc>();
+ if (!LValLoc)
+ continue;
- BR.EmitBasicReport(MD, Checker, name,
- categories::CoreFoundationObjectiveC, os.str(), SPLoc);
- }
+ SVal InitialVal = State->getSVal(LValLoc.getValue());
+ SymbolRef Symbol = InitialVal.getAsSymbol();
+ if (!Symbol || !isa<SymbolRegionValue>(Symbol))
+ continue;
+
+ // Mark the value as requiring a release.
+ RequiredReleases = F.add(RequiredReleases, Symbol);
+ }
+
+ if (!RequiredReleases.isEmpty()) {
+ State = State->set<UnreleasedIvarMap>(SelfSymbol, RequiredReleases);
+ }
+
+ if (State != InitialState) {
+ C.addTransition(State);
}
}
-//===----------------------------------------------------------------------===//
-// ObjCDeallocChecker
-//===----------------------------------------------------------------------===//
+/// Given a symbol for an ivar, return a symbol for the instance containing
+/// the ivar. Returns nullptr if the instance symbol cannot be found.
+SymbolRef
+ObjCDeallocChecker::getInstanceSymbolFromIvarSymbol(SymbolRef IvarSym) const {
+ if (auto *SRV = dyn_cast<SymbolRegionValue>(IvarSym)) {
+ const TypedValueRegion *TVR = SRV->getRegion();
+ const ObjCIvarRegion *IvarRegion = dyn_cast_or_null<ObjCIvarRegion>(TVR);
+ if (!IvarRegion)
+ return nullptr;
-namespace {
-class ObjCDeallocChecker : public Checker<
- check::ASTDecl<ObjCImplementationDecl> > {
-public:
- void checkASTDecl(const ObjCImplementationDecl *D, AnalysisManager& mgr,
- BugReporter &BR) const {
- if (mgr.getLangOpts().getGC() == LangOptions::GCOnly ||
- mgr.getLangOpts().ObjCAutoRefCount)
+ return IvarRegion->getSymbolicBase()->getSymbol();
+ }
+
+ return nullptr;
+}
+
+/// If we are in -dealloc or -dealloc is on the stack, handle the call if it is
+/// a release or a nilling-out property setter.
+void ObjCDeallocChecker::checkPreObjCMessage(
+ const ObjCMethodCall &M, CheckerContext &C) const {
+ // Only run if -dealloc is on the stack.
+ SVal DeallocedInstance;
+ if (!instanceDeallocIsOnStack(C, DeallocedInstance))
+ return;
+
+ SymbolRef ReleasedValue = getValueExplicitlyReleased(M, C);
+
+ if (ReleasedValue) {
+ // An instance variable symbol was released with -release:
+ // [_property release];
+ if (diagnoseExtraRelease(ReleasedValue,M, C))
return;
- checkObjCDealloc(this, cast<ObjCImplementationDecl>(D), mgr.getLangOpts(),
- BR);
+ } else {
+ // An instance variable symbol was released nilling out its property:
+ // self.property = nil;
+ ReleasedValue = getValueReleasedByNillingOut(M, C);
}
-};
+
+ if (!ReleasedValue)
+ return;
+
+ SymbolRef InstanceSym = getInstanceSymbolFromIvarSymbol(ReleasedValue);
+ if (!InstanceSym)
+ return;
+ ProgramStateRef InitialState = C.getState();
+
+ ProgramStateRef ReleasedState =
+ removeValueRequiringRelease(InitialState, InstanceSym, ReleasedValue);
+
+ if (ReleasedState != InitialState) {
+ C.addTransition(ReleasedState);
+ }
+}
+
+/// If the message was a call to '[super dealloc]', diagnose any missing
+/// releases.
+void ObjCDeallocChecker::checkPostObjCMessage(
+ const ObjCMethodCall &M, CheckerContext &C) const {
+ // We perform this check post-message so that if the super -dealloc
+ // calls a helper method and that this class overrides, any ivars released in
+ // the helper method will be recorded before checking.
+ if (isSuperDeallocMessage(M))
+ diagnoseMissingReleases(C);
}
-void ento::registerObjCDeallocChecker(CheckerManager &mgr) {
- mgr.registerChecker<ObjCDeallocChecker>();
+/// Check for missing releases even when -dealloc does not call
+/// '[super dealloc]'.
+void ObjCDeallocChecker::checkEndFunction(
+ CheckerContext &C) const {
+ diagnoseMissingReleases(C);
+}
+
+/// Check for missing releases on early return.
+void ObjCDeallocChecker::checkPreStmt(
+ const ReturnStmt *RS, CheckerContext &C) const {
+ diagnoseMissingReleases(C);
+}
+
+/// If a symbol escapes conservatively assume unseen code released it.
+ProgramStateRef ObjCDeallocChecker::checkPointerEscape(
+ ProgramStateRef State, const InvalidatedSymbols &Escaped,
+ const CallEvent *Call, PointerEscapeKind Kind) const {
+
+ // Don't treat calls to '[super dealloc]' as escaping for the purposes
+ // of this checker. Because the checker diagnoses missing releases in the
+ // post-message handler for '[super dealloc], escaping here would cause
+ // the checker to never warn.
+ auto *OMC = dyn_cast_or_null<ObjCMethodCall>(Call);
+ if (OMC && isSuperDeallocMessage(*OMC))
+ return State;
+
+ for (const auto &Sym : Escaped) {
+ State = State->remove<UnreleasedIvarMap>(Sym);
+
+ SymbolRef InstanceSymbol = getInstanceSymbolFromIvarSymbol(Sym);
+ if (!InstanceSymbol)
+ continue;
+
+ State = removeValueRequiringRelease(State, InstanceSymbol, Sym);
+ }
+
+ return State;
+}
+
+/// Report any unreleased instance variables for the current instance being
+/// dealloced.
+void ObjCDeallocChecker::diagnoseMissingReleases(CheckerContext &C) const {
+ ProgramStateRef State = C.getState();
+
+ SVal SelfVal;
+ if (!isInInstanceDealloc(C, SelfVal))
+ return;
+
+ const MemRegion *SelfRegion = SelfVal.castAs<loc::MemRegionVal>().getRegion();
+ const LocationContext *LCtx = C.getLocationContext();
+
+ ExplodedNode *ErrNode = nullptr;
+
+ SymbolRef SelfSym = SelfVal.getAsSymbol();
+ if (!SelfSym)
+ return;
+
+ const SymbolSet *OldUnreleased = State->get<UnreleasedIvarMap>(SelfSym);
+ if (!OldUnreleased)
+ return;
+
+ SymbolSet NewUnreleased = *OldUnreleased;
+ SymbolSet::Factory &F = State->getStateManager().get_context<SymbolSet>();
+
+ ProgramStateRef InitialState = State;
+
+ for (auto *IvarSymbol : *OldUnreleased) {
+ const TypedValueRegion *TVR =
+ cast<SymbolRegionValue>(IvarSymbol)->getRegion();
+ const ObjCIvarRegion *IvarRegion = cast<ObjCIvarRegion>(TVR);
+
+ // Don't warn if the ivar is not for this instance.
+ if (SelfRegion != IvarRegion->getSuperRegion())
+ continue;
+
+ // Prevent an inlined call to -dealloc in a super class from warning
+ // about the values the subclass's -dealloc should release.
+ if (IvarRegion->getDecl()->getContainingInterface() !=
+ cast<ObjCMethodDecl>(LCtx->getDecl())->getClassInterface())
+ continue;
+
+ // Prevents diagnosing multiple times for the same instance variable
+ // at, for example, both a return and at the end of of the function.
+ NewUnreleased = F.remove(NewUnreleased, IvarSymbol);
+
+ if (State->getStateManager()
+ .getConstraintManager()
+ .isNull(State, IvarSymbol)
+ .isConstrainedTrue()) {
+ continue;
+ }
+
+ // A missing release manifests as a leak, so treat as a non-fatal error.
+ if (!ErrNode)
+ ErrNode = C.generateNonFatalErrorNode();
+ // If we've already reached this node on another path, return without
+ // diagnosing.
+ if (!ErrNode)
+ return;
+
+ std::string Buf;
+ llvm::raw_string_ostream OS(Buf);
+
+ const ObjCIvarDecl *IvarDecl = IvarRegion->getDecl();
+ const ObjCInterfaceDecl *Interface = IvarDecl->getContainingInterface();
+ // If the class is known to have a lifecycle with teardown that is
+ // separate from -dealloc, do not warn about missing releases. We
+ // suppress here (rather than not tracking for instance variables in
+ // such classes) because these classes are rare.
+ if (classHasSeparateTeardown(Interface))
+ return;
+
+ ObjCImplDecl *ImplDecl = Interface->getImplementation();
+
+ const ObjCPropertyImplDecl *PropImpl =
+ ImplDecl->FindPropertyImplIvarDecl(IvarDecl->getIdentifier());
+
+ const ObjCPropertyDecl *PropDecl = PropImpl->getPropertyDecl();
+
+ assert(PropDecl->getSetterKind() == ObjCPropertyDecl::Copy ||
+ PropDecl->getSetterKind() == ObjCPropertyDecl::Retain);
+
+ OS << "The '" << *IvarDecl << "' ivar in '" << *ImplDecl
+ << "' was ";
+
+ if (PropDecl->getSetterKind() == ObjCPropertyDecl::Retain)
+ OS << "retained";
+ else
+ OS << "copied";
+
+ OS << " by a synthesized property but not released"
+ " before '[super dealloc]'";
+
+ std::unique_ptr<BugReport> BR(
+ new BugReport(*MissingReleaseBugType, OS.str(), ErrNode));
+
+ C.emitReport(std::move(BR));
+ }
+
+ if (NewUnreleased.isEmpty()) {
+ State = State->remove<UnreleasedIvarMap>(SelfSym);
+ } else {
+ State = State->set<UnreleasedIvarMap>(SelfSym, NewUnreleased);
+ }
+
+ if (ErrNode) {
+ C.addTransition(State, ErrNode);
+ } else if (State != InitialState) {
+ C.addTransition(State);
+ }
+
+ // Make sure that after checking in the top-most frame the list of
+ // tracked ivars is empty. This is intended to detect accidental leaks in
+ // the UnreleasedIvarMap program state.
+ assert(!LCtx->inTopFrame() || State->get<UnreleasedIvarMap>().isEmpty());
+}
+
+/// Emits a warning if the current context is -dealloc and \param ReleasedValue
+/// must not be directly released in a -dealloc. Returns true if a diagnostic
+/// was emitted.
+bool ObjCDeallocChecker::diagnoseExtraRelease(SymbolRef ReleasedValue,
+ const ObjCMethodCall &M,
+ CheckerContext &C) const {
+ SVal DeallocedInstance;
+ if (!isInInstanceDealloc(C, DeallocedInstance))
+ return false;
+
+ // Try to get the region from which the the released value was loaded.
+ // Note that, unlike diagnosing for missing releases, here we don't track
+ // values that must not be released in the state. This is because even if
+ // these values escape, it is still an error under the rules of MRR to
+ // release them in -dealloc.
+ const MemRegion *RegionLoadedFrom = nullptr;
+ if (auto *DerivedSym = dyn_cast<SymbolDerived>(ReleasedValue))
+ RegionLoadedFrom = DerivedSym->getRegion();
+ else if (auto *RegionSym = dyn_cast<SymbolRegionValue>(ReleasedValue))
+ RegionLoadedFrom = RegionSym->getRegion();
+ else
+ return false;
+
+ auto *ReleasedIvar = dyn_cast<ObjCIvarRegion>(RegionLoadedFrom);
+ if (!ReleasedIvar)
+ return false;
+
+ if (DeallocedInstance.castAs<loc::MemRegionVal>().getRegion() !=
+ ReleasedIvar->getSuperRegion())
+ return false;
+
+ const LocationContext *LCtx = C.getLocationContext();
+ const ObjCIvarDecl *ReleasedIvarDecl = ReleasedIvar->getDecl();
+
+ // If the ivar belongs to a property that must not be released directly
+ // in dealloc, emit a warning.
+ const ObjCImplDecl *Container = getContainingObjCImpl(LCtx);
+ const ObjCPropertyImplDecl *PropImpl =
+ Container->FindPropertyImplIvarDecl(ReleasedIvarDecl->getIdentifier());
+ if (!PropImpl)
+ return false;
+
+ if (getDeallocReleaseRequirement(PropImpl) !=
+ ReleaseRequirement::MustNotReleaseDirectly) {
+ return false;
+ }
+
+ // If the property is readwrite but it shadows a read-only property in its
+ // external interface, treat the property a read-only. If the outside
+ // world cannot write to a property then the internal implementation is free
+ // to make its own convention about whether the value is stored retained
+ // or not. We look up the shadow here rather than in
+ // getDeallocReleaseRequirement() because doing so can be expensive.
+ const ObjCPropertyDecl *PropDecl = findShadowedPropertyDecl(PropImpl);
+ if (PropDecl) {
+ if (PropDecl->isReadOnly())
+ return false;
+ } else {
+ PropDecl = PropImpl->getPropertyDecl();
+ }
+
+ ExplodedNode *ErrNode = C.generateNonFatalErrorNode();
+ if (!ErrNode)
+ return false;
+
+ std::string Buf;
+ llvm::raw_string_ostream OS(Buf);
+
+ assert(PropDecl->getSetterKind() == ObjCPropertyDecl::Weak ||
+ (PropDecl->getSetterKind() == ObjCPropertyDecl::Assign &&
+ !PropDecl->isReadOnly()));
+
+ OS << "The '" << *PropImpl->getPropertyIvarDecl()
+ << "' ivar in '" << *Container
+ << "' was synthesized for ";
+
+ if (PropDecl->getSetterKind() == ObjCPropertyDecl::Weak)
+ OS << "a weak";
+ else
+ OS << "an assign, readwrite";
+
+ OS << " property but was released in 'dealloc'";
+
+ std::unique_ptr<BugReport> BR(
+ new BugReport(*ExtraReleaseBugType, OS.str(), ErrNode));
+ BR->addRange(M.getOriginExpr()->getSourceRange());
+
+ C.emitReport(std::move(BR));
+
+ return true;
+}
+
+
+ObjCDeallocChecker::
+ ObjCDeallocChecker()
+ : NSObjectII(nullptr), SenTestCaseII(nullptr) {
+
+ MissingReleaseBugType.reset(
+ new BugType(this, "Missing ivar release (leak)",
+ categories::MemoryCoreFoundationObjectiveC));
+
+ ExtraReleaseBugType.reset(
+ new BugType(this, "Extra ivar release",
+ categories::MemoryCoreFoundationObjectiveC));
+}
+
+void ObjCDeallocChecker::initIdentifierInfoAndSelectors(
+ ASTContext &Ctx) const {
+ if (NSObjectII)
+ return;
+
+ NSObjectII = &Ctx.Idents.get("NSObject");
+ SenTestCaseII = &Ctx.Idents.get("SenTestCase");
+
+ IdentifierInfo *DeallocII = &Ctx.Idents.get("dealloc");
+ IdentifierInfo *ReleaseII = &Ctx.Idents.get("release");
+ DeallocSel = Ctx.Selectors.getSelector(0, &DeallocII);
+ ReleaseSel = Ctx.Selectors.getSelector(0, &ReleaseII);
+}
+
+/// Returns true if \param M is a call to '[super dealloc]'.
+bool ObjCDeallocChecker::isSuperDeallocMessage(
+ const ObjCMethodCall &M) const {
+ if (M.getOriginExpr()->getReceiverKind() != ObjCMessageExpr::SuperInstance)
+ return false;
+
+ return M.getSelector() == DeallocSel;
+}
+
+/// Returns the ObjCImplDecl containing the method declaration in \param LCtx.
+const ObjCImplDecl *
+ObjCDeallocChecker::getContainingObjCImpl(const LocationContext *LCtx) const {
+ auto *MD = cast<ObjCMethodDecl>(LCtx->getDecl());
+ return cast<ObjCImplDecl>(MD->getDeclContext());
+}
+
+/// Returns the property that shadowed by \param PropImpl if one exists and
+/// nullptr otherwise.
+const ObjCPropertyDecl *ObjCDeallocChecker::findShadowedPropertyDecl(
+ const ObjCPropertyImplDecl *PropImpl) const {
+ const ObjCPropertyDecl *PropDecl = PropImpl->getPropertyDecl();
+
+ // Only readwrite properties can shadow.
+ if (PropDecl->isReadOnly())
+ return nullptr;
+
+ auto *CatDecl = dyn_cast<ObjCCategoryDecl>(PropDecl->getDeclContext());
+
+ // Only class extensions can contain shadowing properties.
+ if (!CatDecl || !CatDecl->IsClassExtension())
+ return nullptr;
+
+ IdentifierInfo *ID = PropDecl->getIdentifier();
+ DeclContext::lookup_result R = CatDecl->getClassInterface()->lookup(ID);
+ for (DeclContext::lookup_iterator I = R.begin(), E = R.end(); I != E; ++I) {
+ auto *ShadowedPropDecl = dyn_cast<ObjCPropertyDecl>(*I);
+ if (!ShadowedPropDecl)
+ continue;
+
+ if (ShadowedPropDecl->isInstanceProperty()) {
+ assert(ShadowedPropDecl->isReadOnly());
+ return ShadowedPropDecl;
+ }
+ }
+
+ return nullptr;
+}
+
+/// Remove the \param Value requiring a release from the tracked set for
+/// \param Instance and return the resultant state.
+ProgramStateRef ObjCDeallocChecker::removeValueRequiringRelease(
+ ProgramStateRef State, SymbolRef Instance, SymbolRef Value) const {
+ assert(Instance);
+ assert(Value);
+
+ const SymbolSet *Unreleased = State->get<UnreleasedIvarMap>(Instance);
+ if (!Unreleased)
+ return State;
+
+ // Mark the value as no longer requiring a release.
+ SymbolSet::Factory &F = State->getStateManager().get_context<SymbolSet>();
+ SymbolSet NewUnreleased = F.remove(*Unreleased, Value);
+
+ if (NewUnreleased.isEmpty()) {
+ return State->remove<UnreleasedIvarMap>(Instance);
+ }
+
+ return State->set<UnreleasedIvarMap>(Instance, NewUnreleased);
+}
+
+/// Determines whether the instance variable for \p PropImpl must or must not be
+/// released in -dealloc or whether it cannot be determined.
+ReleaseRequirement ObjCDeallocChecker::getDeallocReleaseRequirement(
+ const ObjCPropertyImplDecl *PropImpl) const {
+ const ObjCIvarDecl *IvarDecl;
+ const ObjCPropertyDecl *PropDecl;
+ if (!isSynthesizedRetainableProperty(PropImpl, &IvarDecl, &PropDecl))
+ return ReleaseRequirement::Unknown;
+
+ ObjCPropertyDecl::SetterKind SK = PropDecl->getSetterKind();
+
+ switch (SK) {
+ // Retain and copy setters retain/copy their values before storing and so
+ // the value in their instance variables must be released in -dealloc.
+ case ObjCPropertyDecl::Retain:
+ case ObjCPropertyDecl::Copy:
+ return ReleaseRequirement::MustRelease;
+
+ case ObjCPropertyDecl::Weak:
+ return ReleaseRequirement::MustNotReleaseDirectly;
+
+ case ObjCPropertyDecl::Assign:
+ // It is common for the ivars for read-only assign properties to
+ // always be stored retained, so their release requirement cannot be
+ // be determined.
+ if (PropDecl->isReadOnly())
+ return ReleaseRequirement::Unknown;
+
+ return ReleaseRequirement::MustNotReleaseDirectly;
+ }
+}
+
+/// Returns the released value if \param M is a call to -release. Returns
+/// nullptr otherwise.
+SymbolRef
+ObjCDeallocChecker::getValueExplicitlyReleased(const ObjCMethodCall &M,
+ CheckerContext &C) const {
+ if (M.getSelector() != ReleaseSel)
+ return nullptr;
+
+ return M.getReceiverSVal().getAsSymbol();
+}
+
+/// Returns the released value if \param M is a call a setter that releases
+/// and nils out its underlying instance variable.
+SymbolRef
+ObjCDeallocChecker::getValueReleasedByNillingOut(const ObjCMethodCall &M,
+ CheckerContext &C) const {
+ SVal ReceiverVal = M.getReceiverSVal();
+ if (!ReceiverVal.isValid())
+ return nullptr;
+
+ // Is the first argument nil?
+ if (M.getNumArgs() == 0)
+ return nullptr;
+ SVal Arg = M.getArgSVal(0);
+ ProgramStateRef notNilState, nilState;
+ std::tie(notNilState, nilState) =
+ M.getState()->assume(Arg.castAs<DefinedOrUnknownSVal>());
+ if (!(nilState && !notNilState))
+ return nullptr;
+
+ const ObjCPropertyDecl *Prop = M.getAccessedProperty();
+ if (!Prop)
+ return nullptr;
+
+ ObjCIvarDecl *PropIvarDecl = Prop->getPropertyIvarDecl();
+ if (!PropIvarDecl)
+ return nullptr;
+
+ ProgramStateRef State = C.getState();
+
+ SVal LVal = State->getLValue(PropIvarDecl, ReceiverVal);
+ Optional<Loc> LValLoc = LVal.getAs<Loc>();
+ if (!LValLoc)
+ return nullptr;
+
+ SVal CurrentValInIvar = State->getSVal(LValLoc.getValue());
+ return CurrentValInIvar.getAsSymbol();
+}
+
+/// Returns true if the current context is a call to -dealloc and false
+/// otherwise. If true, it also sets \param SelfValOut to the value of
+/// 'self'.
+bool ObjCDeallocChecker::isInInstanceDealloc(const CheckerContext &C,
+ SVal &SelfValOut) const {
+ return isInInstanceDealloc(C, C.getLocationContext(), SelfValOut);
+}
+
+/// Returns true if \param LCtx is a call to -dealloc and false
+/// otherwise. If true, it also sets \param SelfValOut to the value of
+/// 'self'.
+bool ObjCDeallocChecker::isInInstanceDealloc(const CheckerContext &C,
+ const LocationContext *LCtx,
+ SVal &SelfValOut) const {
+ auto *MD = dyn_cast<ObjCMethodDecl>(LCtx->getDecl());
+ if (!MD || !MD->isInstanceMethod() || MD->getSelector() != DeallocSel)
+ return false;
+
+ const ImplicitParamDecl *SelfDecl = LCtx->getSelfDecl();
+ assert(SelfDecl && "No self in -dealloc?");
+
+ ProgramStateRef State = C.getState();
+ SelfValOut = State->getSVal(State->getRegion(SelfDecl, LCtx));
+ return true;
+}
+
+/// Returns true if there is a call to -dealloc anywhere on the stack and false
+/// otherwise. If true, it also sets \param InstanceValOut to the value of
+/// 'self' in the frame for -dealloc.
+bool ObjCDeallocChecker::instanceDeallocIsOnStack(const CheckerContext &C,
+ SVal &InstanceValOut) const {
+ const LocationContext *LCtx = C.getLocationContext();
+
+ while (LCtx) {
+ if (isInInstanceDealloc(C, LCtx, InstanceValOut))
+ return true;
+
+ LCtx = LCtx->getParent();
+ }
+
+ return false;
+}
+
+/// Returns true if the \param ID is a class in which which is known to have
+/// a separate teardown lifecycle. In this case, -dealloc warnings
+/// about missing releases should be suppressed.
+bool ObjCDeallocChecker::classHasSeparateTeardown(
+ const ObjCInterfaceDecl *ID) const {
+ // Suppress if the class is not a subclass of NSObject.
+ for ( ; ID ; ID = ID->getSuperClass()) {
+ IdentifierInfo *II = ID->getIdentifier();
+
+ if (II == NSObjectII)
+ return false;
+
+ // FIXME: For now, ignore classes that subclass SenTestCase, as these don't
+ // need to implement -dealloc. They implement tear down in another way,
+ // which we should try and catch later.
+ // http://llvm.org/bugs/show_bug.cgi?id=3187
+ if (II == SenTestCaseII)
+ return true;
+ }
+
+ return true;
+}
+
+void ento::registerObjCDeallocChecker(CheckerManager &Mgr) {
+ const LangOptions &LangOpts = Mgr.getLangOpts();
+ // These checker only makes sense under MRR.
+ if (LangOpts.getGC() == LangOptions::GCOnly || LangOpts.ObjCAutoRefCount)
+ return;
+
+ Mgr.registerChecker<ObjCDeallocChecker>();
}
Modified: cfe/trunk/test/Analysis/DeallocMissingRelease.m
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/DeallocMissingRelease.m?rev=261917&r1=261916&r2=261917&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/DeallocMissingRelease.m (original)
+++ cfe/trunk/test/Analysis/DeallocMissingRelease.m Thu Feb 25 12:55:24 2016
@@ -1,5 +1,5 @@
-// RUN: %clang_cc1 -analyze -analyzer-checker=alpha.osx.cocoa.Dealloc -fblocks %s 2>&1 | FileCheck -check-prefix=CHECK %s
-// RUN: %clang_cc1 -analyze -analyzer-checker=alpha.osx.cocoa.Dealloc -fblocks -triple x86_64-apple-darwin10 -fobjc-arc -fobjc-runtime-has-weak %s 2>&1 | FileCheck -check-prefix=CHECK-ARC -allow-empty '--implicit-check-not=error:' '--implicit-check-not=warning:' %s
+// RUN: %clang_cc1 -analyze -analyzer-checker=alpha.osx.cocoa.Dealloc -fblocks -verify %s
+// RUN: %clang_cc1 -analyze -analyzer-checker=alpha.osx.cocoa.Dealloc -fblocks -triple x86_64-apple-darwin10 -fobjc-arc -fobjc-runtime-has-weak -verify %s
#define nil ((id)0)
@@ -11,6 +11,11 @@
#define WEAK_ON_ARC __weak
#endif
+// No diagnostics expected under ARC.
+#if !NON_ARC
+ // expected-no-diagnostics
+#endif
+
typedef signed char BOOL;
@protocol NSObject
- (BOOL)isEqual:(id)object;
@@ -18,6 +23,7 @@ typedef signed char BOOL;
@end
@interface NSObject <NSObject> {}
++ (instancetype)alloc;
- (void)dealloc;
- (id)init;
- (id)retain;
@@ -26,7 +32,6 @@ typedef signed char BOOL;
typedef struct objc_selector *SEL;
-//===------------------------------------------------------------------------===
// Do not warn about missing release in -dealloc for ivars.
@interface MyIvarClass1 : NSObject {
@@ -87,11 +92,9 @@ typedef struct objc_selector *SEL;
}
@end
-//===------------------------------------------------------------------------===
// Warn about missing release in -dealloc for properties.
@interface MyPropertyClass1 : NSObject
-// CHECK: DeallocMissingRelease.m:[[@LINE+1]]:1: warning: The '_ivar' instance variable in 'MyPropertyClass1' was retained by a synthesized property but was not released in 'dealloc'
@property (copy) NSObject *ivar;
@end
@@ -99,13 +102,12 @@ typedef struct objc_selector *SEL;
- (void)dealloc
{
#if NON_ARC
- [super dealloc];
+ [super dealloc]; // expected-warning {{The '_ivar' ivar in 'MyPropertyClass1' was copied by a synthesized property but not released before '[super dealloc]'}}
#endif
}
@end
@interface MyPropertyClass2 : NSObject
-// CHECK: DeallocMissingRelease.m:[[@LINE+1]]:1: warning: The '_ivar' instance variable in 'MyPropertyClass2' was retained by a synthesized property but was not released in 'dealloc'
@property (retain) NSObject *ivar;
@end
@@ -113,7 +115,7 @@ typedef struct objc_selector *SEL;
- (void)dealloc
{
#if NON_ARC
- [super dealloc];
+ [super dealloc]; // expected-warning {{The '_ivar' ivar in 'MyPropertyClass2' was retained by a synthesized property but not released before '[super dealloc]'}}
#endif
}
@end
@@ -125,14 +127,14 @@ typedef struct objc_selector *SEL;
@end
@implementation MyPropertyClass3
-// CHECK: DeallocMissingRelease.m:[[@LINE+1]]:1: warning: The '_ivar' instance variable in 'MyPropertyClass3' was retained by a synthesized property but was not released in 'dealloc'
@synthesize ivar = _ivar;
- (void)dealloc
{
#if NON_ARC
- [super dealloc];
+ [super dealloc]; // expected-warning {{The '_ivar' ivar in 'MyPropertyClass3' was retained by a synthesized property but not released before '[super dealloc]'}}
#endif
}
+
@end
@interface MyPropertyClass4 : NSObject {
@@ -142,12 +144,11 @@ typedef struct objc_selector *SEL;
@end
@implementation MyPropertyClass4
-// CHECK: DeallocMissingRelease.m:[[@LINE+1]]:1: warning: The '_blockPropertyIvar' instance variable in 'MyPropertyClass4' was retained by a synthesized property but was not released in 'dealloc'
@synthesize blockProperty = _blockPropertyIvar;
- (void)dealloc
{
#if NON_ARC
- [super dealloc];
+ [super dealloc]; // expected-warning {{The '_blockPropertyIvar' ivar in 'MyPropertyClass4' was copied by a synthesized property but not released before '[super dealloc]'}}
#endif
}
@end
@@ -159,16 +160,77 @@ typedef struct objc_selector *SEL;
@end
@implementation MyPropertyClass5
- at synthesize ivar = _ivar; // no-warning
+ at synthesize ivar = _ivar;
- (void)dealloc
{
#if NON_ARC
+ [super dealloc]; // no-warning because it is a weak property
+#endif
+}
+ at end
+
+ at interface MyPropertyClassWithReturnInDealloc : NSObject {
+ NSObject *_ivar;
+}
+ at property (retain) NSObject *ivar;
+ at end
+
+ at implementation MyPropertyClassWithReturnInDealloc
+ at synthesize ivar = _ivar;
+- (void)dealloc
+{
+ return;
+#if NON_ARC
+ // expected-warning at -2{{The '_ivar' ivar in 'MyPropertyClassWithReturnInDealloc' was retained by a synthesized property but not released before '[super dealloc]'}}
[super dealloc];
#endif
}
@end
-//===------------------------------------------------------------------------===
+ at interface MyPropertyClassWithReleaseInOtherInstance : NSObject {
+ NSObject *_ivar;
+ MyPropertyClassWithReleaseInOtherInstance *_other;
+}
+ at property (retain) NSObject *ivar;
+
+-(void)releaseIvars;
+ at end
+
+ at implementation MyPropertyClassWithReleaseInOtherInstance
+ at synthesize ivar = _ivar;
+
+-(void)releaseIvars; {
+#if NON_ARC
+ [_ivar release];
+#endif
+}
+
+- (void)dealloc
+{
+ [_other releaseIvars];
+#if NON_ARC
+ [super dealloc]; // expected-warning {{The '_ivar' ivar in 'MyPropertyClassWithReleaseInOtherInstance' was retained by a synthesized property but not released before '[super dealloc]'}}
+#endif
+}
+ at end
+
+ at interface MyPropertyClassWithNeitherReturnNorSuperDealloc : NSObject {
+ NSObject *_ivar;
+}
+ at property (retain) NSObject *ivar;
+ at end
+
+ at implementation MyPropertyClassWithNeitherReturnNorSuperDealloc
+ at synthesize ivar = _ivar;
+- (void)dealloc
+{
+}
+#if NON_ARC
+ // expected-warning at -2 {{method possibly missing a [super dealloc] call}} (From Sema)
+ // expected-warning at -3{{The '_ivar' ivar in 'MyPropertyClassWithNeitherReturnNorSuperDealloc' was retained by a synthesized property but not released before '[super dealloc]'}}
+#endif
+ at end
+
// <rdar://problem/6380411>: 'myproperty' has kind 'assign' and thus the
// assignment through the setter does not perform a release.
@@ -202,40 +264,78 @@ typedef struct objc_selector *SEL;
// We really should warn because there is a path through -dealloc on which
// _ivar2 is not released.
#if NON_ARC
- [_ivar2 release]; // no-warning
+ [_ivar2 release];
#endif
}
#if NON_ARC
- [super dealloc];
+ [super dealloc]; // expected-warning {{The '_ivar2' ivar in 'ClassWithControlFlowInRelease' was retained by a synthesized property but not released before '[super dealloc]'}}
#endif
}
-
@end
-//===------------------------------------------------------------------------===
// Don't warn when the property is nil'd out in -dealloc
@interface ClassWithNildOutProperty : NSObject
- at property (retain) NSObject *ivar; // no-warning
+ at property (retain) NSObject *ivar;
+ at property (assign) int *intPtrProp;
@end
@implementation ClassWithNildOutProperty
- (void)dealloc; {
self.ivar = nil;
+ // Make sure to handle setting a non-retainable property to 0.
+ self.intPtrProp = 0;
#if NON_ARC
- [super dealloc];
+ [super dealloc]; // no-warning
+#endif
+}
+ at end
+
+// Do warn when the ivar but not the property is nil'd out in -dealloc
+
+ at interface ClassWithNildOutIvar : NSObject
+ at property (retain) NSObject *ivar;
+ at end
+
+ at implementation ClassWithNildOutIvar
+- (void)dealloc; {
+ // Oops. Meant self.ivar = nil
+ _ivar = nil;
+
+#if NON_ARC
+ [super dealloc]; // expected-warning {{The '_ivar' ivar in 'ClassWithNildOutIvar' was retained by a synthesized property but not released before '[super dealloc]'}}
#endif
}
+ at end
+// Do warn when the ivar is updated to a different value that is then
+// released.
+
+ at interface ClassWithUpdatedIvar : NSObject
+ at property (retain) NSObject *ivar;
@end
-//===------------------------------------------------------------------------===
+ at implementation ClassWithUpdatedIvar
+- (void)dealloc; {
+ _ivar = [[NSObject alloc] init];
+
+#if NON_ARC
+ [_ivar release];
+#endif
+
+#if NON_ARC
+ [super dealloc]; // expected-warning {{The '_ivar' ivar in 'ClassWithUpdatedIvar' was retained by a synthesized property but not released before '[super dealloc]'}}
+#endif
+}
+ at end
+
+
// Don't warn when the property is nil'd out with a setter in -dealloc
@interface ClassWithNildOutPropertyViaSetter : NSObject
- at property (retain) NSObject *ivar; // no-warning
+ at property (retain) NSObject *ivar;
@end
@implementation ClassWithNildOutPropertyViaSetter
@@ -243,10 +343,340 @@ typedef struct objc_selector *SEL;
[self setIvar:nil];
#if NON_ARC
+ [super dealloc]; // no-warning
+#endif
+}
+ at end
+
+
+// Don't warn about missing releases when -dealloc helpers are called.
+
+ at interface ClassWithDeallocHelpers : NSObject
+ at property (retain) NSObject *ivarReleasedInMethod;
+ at property (retain) NSObject *propNilledOutInMethod;
+
+ at property (retain) NSObject *ivarReleasedInFunction;
+ at property (retain) NSObject *propNilledOutInFunction;
+
+ at property (retain) NSObject *ivarNeverReleased;
+- (void)invalidateInMethod;
+ at end
+
+void ReleaseValueHelper(NSObject *iv) {
+#if NON_ARC
+ [iv release];
+#endif
+}
+
+void NilOutPropertyHelper(ClassWithDeallocHelpers *o) {
+ o.propNilledOutInFunction = nil;
+}
+
+ at implementation ClassWithDeallocHelpers
+- (void)invalidateInMethod {
+#if NON_ARC
+ [_ivarReleasedInMethod release];
+#endif
+ self.propNilledOutInMethod = nil;
+}
+
+- (void)dealloc; {
+ ReleaseValueHelper(_ivarReleasedInFunction);
+ NilOutPropertyHelper(self);
+
+ [self invalidateInMethod];
+#if NON_ARC
+ [super dealloc]; // expected-warning {{The '_ivarNeverReleased' ivar in 'ClassWithDeallocHelpers' was retained by a synthesized property but not released before '[super dealloc]'}}
+#endif
+}
+ at end
+
+
+// Don't warn when self in -dealloc escapes.
+
+ at interface ClassWhereSelfEscapesViaMethodCall : NSObject
+ at property (retain) NSObject *ivar; // no-warning
+ at end
+
+ at interface ClassWhereSelfEscapesViaMethodCall (Other)
+- (void)invalidate; // In other translation unit.
+ at end
+
+ at implementation ClassWhereSelfEscapesViaMethodCall
+- (void)dealloc; {
+ [self invalidate];
+#if NON_ARC
+ [super dealloc];
+#endif
+} // no-warning
+ at end
+
+ at interface ClassWhereSelfEscapesViaPropertyAccess : NSObject
+ at property (retain) NSObject *ivar;
+ at end
+
+ at interface ClassWhereSelfEscapesViaPropertyAccess (Other)
+// The implementation of this property is unknown and therefore could
+// release ivar.
+ at property (retain) NSObject *otherIvar;
+ at end
+
+ at implementation ClassWhereSelfEscapesViaPropertyAccess
+- (void)dealloc; {
+ self.otherIvar = nil;
+#if NON_ARC
+ [super dealloc];
+#endif
+} // no-warning
+ at end
+
+// Don't treat self as escaping when setter called on *synthesized*
+// property.
+
+ at interface ClassWhereSelfEscapesViaSynthesizedPropertyAccess : NSObject
+ at property (retain) NSObject *ivar;
+ at property (retain) NSObject *otherIvar;
+ at end
+
+ at implementation ClassWhereSelfEscapesViaSynthesizedPropertyAccess
+- (void)dealloc; {
+ self.otherIvar = nil;
+#if NON_ARC
+ [super dealloc]; // expected-warning {{The '_ivar' ivar in 'ClassWhereSelfEscapesViaSynthesizedPropertyAccess' was retained by a synthesized property but not released before '[super dealloc]'}}
+#endif
+}
+ at end
+
+// Don't warn when value escapes.
+
+ at interface ClassWhereIvarValueEscapes : NSObject
+ at property (retain) NSObject *ivar;
+ at end
+
+void ReleaseMe(id arg);
+
+ at implementation ClassWhereIvarValueEscapes
+- (void)dealloc; {
+
+ ReleaseMe(_ivar);
+
+#if NON_ARC
[super dealloc];
#endif
+} // no-warning
+ at end
+
+// Don't warn when value is known to be nil.
+
+ at interface ClassWhereIvarIsNil : NSObject
+ at property (retain) NSObject *ivarIsNil;
+ at end
+
+ at implementation ClassWhereIvarIsNil
+- (void)dealloc; {
+
+#if NON_ARC
+ if (_ivarIsNil)
+ [_ivarIsNil release];
+
+ [super dealloc];
+#endif
+} // no-warning
+ at end
+
+
+// Don't warn for non-retainable properties.
+
+ at interface ClassWithNonRetainableProperty : NSObject
+ at property (assign) int *ivar; // no-warning
+ at end
+
+ at implementation ClassWithNonRetainableProperty
+- (void)dealloc; {
+#if NON_ARC
+ [super dealloc];
+#endif
+} // no-warning
+ at end
+
+
+ at interface SuperClassOfClassWithInlinedSuperDealloc : NSObject
+ at property (retain) NSObject *propInSuper;
+ at end
+
+ at implementation SuperClassOfClassWithInlinedSuperDealloc
+- (void)dealloc {
+#if NON_ARC
+ [super dealloc]; // expected-warning {{The '_propInSuper' ivar in 'SuperClassOfClassWithInlinedSuperDealloc' was retained by a synthesized property but not released before '[super dealloc]'}}
+#endif
+}
+ at end
+
+ at interface ClassWithInlinedSuperDealloc : SuperClassOfClassWithInlinedSuperDealloc
+ at property (retain) NSObject *propInSub;
+ at end
+
+ at implementation ClassWithInlinedSuperDealloc
+- (void)dealloc {
+#if NON_ARC
+ [super dealloc]; // expected-warning {{The '_propInSub' ivar in 'ClassWithInlinedSuperDealloc' was retained by a synthesized property but not released before '[super dealloc]'}}
+#endif
+}
+ at end
+
+
+ at interface SuperClassOfClassWithInlinedSuperDeallocAndInvalidation : NSObject
+ at property (retain) NSObject *propInSuper;
+
+- (void)invalidate;
+ at end
+
+ at implementation SuperClassOfClassWithInlinedSuperDeallocAndInvalidation
+
+- (void)invalidate {
+#if NON_ARC
+ [_propInSuper release];
+#endif
+ _propInSuper = nil;
+}
+
+- (void)dealloc {
+ [self invalidate];
+#if NON_ARC
+ [super dealloc]; // no-warning
+#endif
}
+ at end
+
+ at interface ClassWithInlinedSuperDeallocAndInvalidation : SuperClassOfClassWithInlinedSuperDeallocAndInvalidation
+ at property (retain) NSObject *propInSub;
+ at end
+ at implementation ClassWithInlinedSuperDeallocAndInvalidation
+
+- (void)invalidate {
+#if NON_ARC
+ [_propInSub release];
+#endif
+ [super invalidate];
+}
+
+- (void)dealloc {
+#if NON_ARC
+ [super dealloc]; // no-warning
+#endif
+}
+ at end
+
+
+ at interface SuperClassOfClassThatEscapesBeforeInliningSuper : NSObject
+ at property (retain) NSObject *propInSuper;
+ at end
+
+ at implementation SuperClassOfClassThatEscapesBeforeInliningSuper
+
+- (void)dealloc {
+
+#if NON_ARC
+ [super dealloc]; // expected-warning {{The '_propInSuper' ivar in 'SuperClassOfClassThatEscapesBeforeInliningSuper' was retained by a synthesized property but not released before '[super dealloc]'}}
+#endif
+}
+ at end
+
+ at interface ClassThatEscapesBeforeInliningSuper : SuperClassOfClassThatEscapesBeforeInliningSuper
+ at property (retain) NSObject *propInSub;
+ at end
+
+ at interface ClassThatEscapesBeforeInliningSuper (Other)
+- (void)invalidate; // No implementation in translation unit.
+ at end
+
+ at implementation ClassThatEscapesBeforeInliningSuper
+- (void)dealloc {
+ [self invalidate];
+
+#if NON_ARC
+ [super dealloc]; // no-warning
+#endif
+}
+ at end
+
+
+#if NON_ARC
+ at interface ReleaseIvarInField : NSObject {
+ int _tag;
+ union {
+ NSObject *field1;
+ NSObject *field2;
+ } _someUnion;
+
+ struct {
+ NSObject *field1;
+ } _someStruct;
+}
+ at end
+
+ at implementation ReleaseIvarInField
+- (void)dealloc {
+ if (_tag) {
+ [_someUnion.field1 release];
+ } else {
+ [_someUnion.field2 release];
+ }
+
+ [_someStruct.field1 release];
+ [super dealloc];
+}
+ at end
+#endif
+
+#if NON_ARC
+ at interface ReleaseIvarInArray : NSObject {
+ NSObject *_array[3];
+}
+ at end
+
+ at implementation ReleaseIvarInArray
+- (void)dealloc {
+ for (int i = 0; i < 3; i++) {
+ [_array[i] release];
+ }
+ [super dealloc];
+}
+ at end
+#endif
+
+// Don't warn about missing releases for subclasses of SenTestCase or
+// for classes that are not subclasses of NSObject.
+
+ at interface SenTestCase : NSObject {}
+ at end
+
+ at interface MyClassTest : SenTestCase
+ at property (retain) NSObject *ivar;
+ at end
+
+ at implementation MyClassTest
+-(void)tearDown {
+#if NON_ARC
+ [_ivar release];
+#endif
+}
+
+-(void)dealloc; {
+#if NON_ARC
+ [super dealloc]; // no-warning
+#endif
+}
+ at end
+
+__attribute__((objc_root_class))
+ at interface NonNSObjectMissingDealloc
+ at property (retain) NSObject *ivar;
+ at end
+ at implementation NonNSObjectMissingDealloc
+-(void)dealloc; {
+
+}
@end
-// CHECK: 4 warnings generated.
Modified: cfe/trunk/test/Analysis/MissingDealloc.m
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/MissingDealloc.m?rev=261917&r1=261916&r2=261917&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/MissingDealloc.m (original)
+++ cfe/trunk/test/Analysis/MissingDealloc.m Thu Feb 25 12:55:24 2016
@@ -128,6 +128,9 @@ IBOutlet NSWindow *window;
@interface MyClassTest : SenTestCase {
NSString *resourcePath;
}
+
+ at property (retain) NSObject *ivar;
+
@end
@interface NSBundle : NSObject {}
@@ -143,4 +146,15 @@ IBOutlet NSWindow *window;
// do something which uses resourcepath
}
@end
+
+//===------------------------------------------------------------------------===
+// Don't warn for clases that aren't subclasses of NSObject
+
+__attribute__((objc_root_class))
+ at interface NonNSObjectMissingDealloc
+ at property (retain) NSObject *ivar;
+ at end
+ at implementation NonNSObjectMissingDealloc
+ at end
+
// CHECK: 4 warnings generated.
Modified: cfe/trunk/test/Analysis/PR2978.m
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/PR2978.m?rev=261917&r1=261916&r2=261917&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/PR2978.m (original)
+++ cfe/trunk/test/Analysis/PR2978.m Thu Feb 25 12:55:24 2016
@@ -5,7 +5,7 @@
@interface NSObject
- (void)release;
-- dealloc;
+- (void)dealloc;
@end
@interface MyClass : NSObject {
@@ -19,8 +19,14 @@
id _M;
id _P;
id _Q;
+ id _R;
+ id _S;
id _V;
id _W;
+
+ MyClass *_other;
+
+ id _nonPropertyIvar;
}
@property(retain) id X;
@property(retain) id Y;
@@ -29,8 +35,13 @@
@property(weak) id L;
@property(readonly) id N;
@property(retain) id M;
- at property(weak) id P; // expected-warning {{'_P' instance variable in 'MyClass' was not retained by a synthesized property but was released in 'dealloc'}}
+ at property(weak) id P;
@property(weak) id Q;
+ at property(retain) id R;
+ at property(weak, readonly) id S;
+
+ at property(assign, readonly) id T; // Shadowed in class extension
+ at property(assign) id U;
@property(retain) id V;
@property(retain) id W;
@@ -38,36 +49,67 @@
-(void) setO: (id) arg;
@end
+ at interface MyClass ()
+// Shadows T to make it readwrite internally but readonly externally.
+ at property(assign, readwrite) id T;
+ at end
+
@implementation MyClass
@synthesize X = _X;
- at synthesize Y = _Y; // expected-warning{{The '_Y' instance variable in 'MyClass' was retained by a synthesized property but was not released in 'dealloc'}}
- at synthesize Z = _Z; // expected-warning{{The '_Z' instance variable in 'MyClass' was not retained by a synthesized property but was released in 'dealloc'}}
+ at synthesize Y = _Y;
+ at synthesize Z = _Z;
@synthesize K = _K;
- at synthesize L = _L; // no-warning
- at synthesize N = _N; // no-warning
+ at synthesize L = _L;
+ at synthesize N = _N;
@synthesize M = _M;
- at synthesize Q = _Q; // expected-warning {{'_Q' instance variable in 'MyClass' was not retained by a synthesized property but was released in 'dealloc'}}
+ at synthesize Q = _Q;
+ at synthesize R = _R;
@synthesize V = _V;
- at synthesize W = _W; // expected-warning{{The '_W' instance variable in 'MyClass' was retained by a synthesized property but was not released in 'dealloc'}}
+ at synthesize W = _W;
-(id) O{ return 0; }
-(void) setO:(id)arg { }
-- (id)dealloc
+
+-(void) releaseInHelper {
+ [_R release]; // no-warning
+ _R = @"Hi";
+}
+
+- (void)dealloc
{
+
[_X release];
- [_Z release];
+ [_Z release]; // expected-warning{{The '_Z' ivar in 'MyClass' was synthesized for an assign, readwrite property but was released in 'dealloc'}}
+ [_T release]; // no-warning
+
+ [_other->_Z release]; // no-warning
[_N release];
-
+
self.M = 0; // This will release '_M'
[self setV:0]; // This will release '_V'
[self setW:@"newW"]; // This will release '_W', but retain the new value
- self.O = 0; // no-warning
- [_Q release];
+ [_S release]; // expected-warning {{The '_S' ivar in 'MyClass' was synthesized for a weak property but was released in 'dealloc'}}
+
+ self.O = 0; // no-warning
+
+ [_Q release]; // expected-warning {{The '_Q' ivar in 'MyClass' was synthesized for a weak property but was released in 'dealloc'}}
+
self.P = 0;
+
+ [self releaseInHelper];
+
+ [_nonPropertyIvar release]; // no-warning
+
+ // Silly, but not an error.
+ if (!_U)
+ [_U release];
+
[super dealloc];
- return 0;
+ // expected-warning at -1{{The '_Y' ivar in 'MyClass' was retained by a synthesized property but not released before '[super dealloc]'}}
+ // expected-warning at -2{{The '_W' ivar in 'MyClass' was retained by a synthesized property but not released before '[super dealloc]'}}
+
}
@end
Modified: cfe/trunk/test/Analysis/properties.m
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/properties.m?rev=261917&r1=261916&r2=261917&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/properties.m (original)
+++ cfe/trunk/test/Analysis/properties.m Thu Feb 25 12:55:24 2016
@@ -1,5 +1,5 @@
-// RUN: %clang_cc1 -analyze -analyzer-checker=core,osx.cocoa.RetainCount,debug.ExprInspection -analyzer-store=region -verify -Wno-objc-root-class %s
-// RUN: %clang_cc1 -analyze -analyzer-checker=core,osx.cocoa.RetainCount,debug.ExprInspection -analyzer-store=region -verify -Wno-objc-root-class -fobjc-arc %s
+// RUN: %clang_cc1 -analyze -analyzer-checker=core,osx.cocoa.RetainCount,alpha.osx.cocoa.Dealloc,debug.ExprInspection -analyzer-store=region -verify -Wno-objc-root-class %s
+// RUN: %clang_cc1 -analyze -analyzer-checker=core,osx.cocoa.RetainCount,alpha.osx.cocoa.Dealloc,debug.ExprInspection -analyzer-store=region -verify -Wno-objc-root-class -fobjc-arc %s
void clang_analyzer_eval(int);
@@ -22,6 +22,7 @@ typedef struct _NSZone NSZone;
-(id)copy;
-(id)retain;
-(oneway void)release;
+-(void)dealloc;
@end
@interface NSString : NSObject <NSCopying, NSMutableCopying, NSCoding>
- (NSUInteger)length;
@@ -138,6 +139,14 @@ NSNumber* numberFromMyNumberProperty(MyN
@implementation Person
@synthesize name = _name;
+
+-(void)dealloc {
+#if !__has_feature(objc_arc)
+ self.name = [[NSString alloc] init]; // expected-warning {{leak}}
+
+ [super dealloc]; // expected-warning {{The '_name' ivar in 'Person' was retained by a synthesized property but not released before '[super dealloc]}}
+#endif
+}
@end
#if !__has_feature(objc_arc)
More information about the cfe-commits
mailing list