This is an archive of the discontinued LLVM Phabricator instance.

Differential D17511

[analyzer] Make ObjCDeallocChecker path sensitive.
ClosedPublic

Authored by dcoughlin on Feb 22 2016, 8:53 AM.

Details

Reviewers
zaks.anna
Commits
rG88691c1fcb68: [analyzer] Make ObjCDeallocChecker path sensitive.
rC261917: [analyzer] Make ObjCDeallocChecker path sensitive.
rL261917: [analyzer] Make ObjCDeallocChecker path sensitive.
Summary

This patch converts the ObjCDeallocChecker to be path sensitive. The primary motivation for this change is to prevent false positives when -dealloc calls helper invalidation methods to release instance variables, but it additionally improves precision when -dealloc contains control flow. It also reduces the need for pattern matching. The check for missing -dealloc methods remains AST-based.

Diff Detail

Event Timeline

dcoughlin updated this revision to Diff 48693.Feb 22 2016, 8:53 AM
dcoughlin retitled this revision from to [analyzer] Make ObjCDeallocChecker path sensitive..
dcoughlin updated this object.
dcoughlin added a reviewer: zaks.anna.
dcoughlin added a subscriber: ddkilzer.
dcoughlin updated this revision to Diff 48750.Feb 22 2016, 4:02 PM
dcoughlin added a subscriber: cfe-commits.

Provide diff with context. Apologies for leaving that out.

zaks.anna added inline comments.Feb 22 2016, 5:01 PM
lib/StaticAnalyzer/Checkers/CheckObjCDealloc.cpp
89

Let's not use these comments blocks. We should use oxygen style comments.

161

Use doxygen throughout. Please, mention that this is an AST check.

184

Looks like we do not use this for the other checker. Is that the correct behavior? Seems like it.

Maybe we should reflect this in the method name.

198

We usually capitalize this.

249

I do not understand this.

261

I think it's worth adding "If we are in -dealloc or" ...

298

Add: "We have to release before a call to [super dealloc]."

383

Hopefully, this ensures that all symbols added in the function begin call are removed! The logic is slightly different than where we were adding these:

getContainingObjCImpl(LCtx)->property_impls()
418

This might be too long.. Maybe we could remove "instance variable"?

526

BugType names should be capitalized.

721

We might need an annotation for this as well.

dcoughlin updated this revision to Diff 48995.Feb 24 2016, 5:44 PM
dcoughlin marked 8 inline comments as done.

This update addresses Anna's review comments. The big change is that the program state now maps instance symbols to sets of initial ivar symbols that must be released. (Rather than just storing the set, as before). With this approach we don't need to play the trick of explicitly binding the initial field symbols in the store to get notified that they escape when the instance escapes. Instead, we can look up the instance in the map when it escapes and remove the entire set.

I've also fixed a leak where we weren't removing values properly from the set that must be released and fixed a false positive so we no longer warn about a missing release when the field is known to be nil.

lib/StaticAnalyzer/Checkers/CheckObjCDealloc.cpp
196โ€“198

I've changed the method name to 'classHasSeparateTeardown()'.

275

I've removed this. It is not needed now that the program state is a map from instance symbols to sets of initial field values that must be released.

422

I've added an assertion to catch when these aren't being removed. (You were right, they weren't always.)

zaks.anna accepted this revision.Feb 24 2016, 9:42 PM
zaks.anna edited edge metadata.
This revision is now accepted and ready to land.Feb 24 2016, 9:42 PM
ddkilzer added inline comments.Feb 25 2016, 8:19 AM
lib/StaticAnalyzer/Checkers/CheckObjCDealloc.cpp
804

I think you meant "/param InstanceValOut" here.

ddkilzer added inline comments.Feb 25 2016, 8:21 AM
lib/StaticAnalyzer/Checkers/CheckObjCDealloc.cpp
804

And I meant "\param InstanceValOut". ๐Ÿ˜

dcoughlin added inline comments.Feb 25 2016, 9:50 AM
lib/StaticAnalyzer/Checkers/CheckObjCDealloc.cpp
804

Thanks! Will fix.

Closed by commit rL261917: [analyzer] Make ObjCDeallocChecker path sensitive. (authored by dcoughlin). ยท Explain WhyFeb 25 2016, 11:00 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
lib/
StaticAnalyzer/
Checkers/
923 lines
test/
Analysis/
476 lines
14 lines
70 lines
13 lines

Diff 48995

lib/StaticAnalyzer/Checkers/CheckObjCDealloc.cpp

//==- CheckObjCDealloc.cpp - Check ObjC -dealloc implementation --*- C++ -*-==// //==- CheckObjCDealloc.cpp - Check ObjC -dealloc implementation --*- C++ -*-==//
// //
// The LLVM Compiler Infrastructure // The LLVM Compiler Infrastructure
// //
// This file is distributed under the University of Illinois Open Source // This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details. // License. See LICENSE.TXT for details.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// //
// This file defines a CheckObjCDealloc, a checker that // This checker analyzes Objective-C -dealloc methods and their callees
// analyzes an Objective-C class's implementation to determine if it // to warn about improper releasing of instance variables that back synthesized
// correctly implements -dealloc. // properties. It warns about missing releases in the following cases:
// - When a class has a synthesized instance variable for a 'retain' or 'copy'
// property and lacks a -dealloc method in its implementation.
// - When a class has a synthesized instance variable for a 'retain'/'copy'
// property but the ivar is not released in -dealloc by either -release
// or by nilling out the property.
//
// It warns about extra releases in -dealloc (but not in callees) when a
// synthesized instance variable is released in the following cases:
// - When the property is 'assign' and is not 'readonly'.
// - When the property is 'weak'.
//
// This checker only warns for instance variables synthesized to back
// properties. Handling the more general case would require inferring whether
// an instance variable is stored retained or not. For synthesized properties,
// this is specified in the property declaration itself.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "ClangSACheckers.h" #include "ClangSACheckers.h"
#include "clang/AST/Attr.h" #include "clang/AST/Attr.h"
#include "clang/AST/DeclObjC.h" #include "clang/AST/DeclObjC.h"
#include "clang/AST/Expr.h" #include "clang/AST/Expr.h"
#include "clang/AST/ExprObjC.h" #include "clang/AST/ExprObjC.h"
#include "clang/Basic/LangOptions.h" #include "clang/Basic/LangOptions.h"
#include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h" #include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h"
#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
#include "clang/StaticAnalyzer/Core/BugReporter/PathDiagnostic.h" #include "clang/StaticAnalyzer/Core/BugReporter/PathDiagnostic.h"
#include "clang/StaticAnalyzer/Core/Checker.h" #include "clang/StaticAnalyzer/Core/Checker.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h" #include "clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramStateTrait.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h"
#include "llvm/Support/raw_ostream.h" #include "llvm/Support/raw_ostream.h"
using namespace clang; using namespace clang;
using namespace ento; using namespace ento;
// FIXME: This was taken from IvarInvalidationChecker.cpp /// Indicates whether an instance variable is required to be released in
static const Expr *peel(const Expr *E) { /// -dealloc.
E = E->IgnoreParenCasts(); enum class ReleaseRequirement {
if (const PseudoObjectExpr *POE = dyn_cast<PseudoObjectExpr>(E)) /// The instance variable must be released, either by calling
E = POE->getSyntacticForm()->IgnoreParenCasts(); /// -release on it directly or by nilling it out with a property setter.
if (const OpaqueValueExpr *OVE = dyn_cast<OpaqueValueExpr>(E)) MustRelease,
E = OVE->getSourceExpr()->IgnoreParenCasts();
return E;
}
static bool scan_ivar_release(Stmt *S, const ObjCIvarDecl *ID,
const ObjCPropertyDecl *PD,
Selector Release,
IdentifierInfo* SelfII,
ASTContext &Ctx) {
// [mMyIvar release]
if (ObjCMessageExpr *ME = dyn_cast<ObjCMessageExpr>(S))
if (ME->getSelector() == Release)
if (ME->getInstanceReceiver())
if (const Expr *Receiver = peel(ME->getInstanceReceiver()))
if (auto *E = dyn_cast<ObjCIvarRefExpr>(Receiver))
if (E->getDecl() == ID)
return true;
// [self setMyIvar:nil];
if (ObjCMessageExpr *ME = dyn_cast<ObjCMessageExpr>(S))
if (ME->getInstanceReceiver())
if (const Expr *Receiver = peel(ME->getInstanceReceiver()))
if (auto *E = dyn_cast<DeclRefExpr>(Receiver))
if (E->getDecl()->getIdentifier() == SelfII)
if (ME->getMethodDecl() == PD->getSetterMethodDecl() &&
ME->getNumArgs() == 1 &&
peel(ME->getArg(0))->isNullPointerConstant(Ctx,
Expr::NPC_ValueDependentIsNull))
return true;
// self.myIvar = nil;
if (BinaryOperator* BO = dyn_cast<BinaryOperator>(S))
if (BO->isAssignmentOp())
if (auto *PRE = dyn_cast<ObjCPropertyRefExpr>(peel(BO->getLHS())))
if (PRE->isExplicitProperty() && PRE->getExplicitProperty() == PD)
if (peel(BO->getRHS())->isNullPointerConstant(Ctx,
Expr::NPC_ValueDependentIsNull)) {
// This is only a 'release' if the property kind is not
// 'assign'.
return PD->getSetterKind() != ObjCPropertyDecl::Assign;
}
// Recurse to children. /// The instance variable must not be directly released with -release.
for (Stmt *SubStmt : S->children()) MustNotReleaseDirectly,
if (SubStmt && scan_ivar_release(SubStmt, ID, PD, Release, SelfII, Ctx))
return true;
return false; /// The requirement for the instance variable could not be determined.
} Unknown
};
/// Returns true if the property implementation is synthesized and the
/// type of the property is retainable.
static bool isSynthesizedRetainableProperty(const ObjCPropertyImplDecl *I, static bool isSynthesizedRetainableProperty(const ObjCPropertyImplDecl *I,
const ObjCIvarDecl **ID, const ObjCIvarDecl **ID,
const ObjCPropertyDecl **PD) { const ObjCPropertyDecl **PD) {
if (I->getPropertyImplementation() != ObjCPropertyImplDecl::Synthesize) if (I->getPropertyImplementation() != ObjCPropertyImplDecl::Synthesize)
return false; return false;
(*ID) = I->getPropertyIvarDecl(); (*ID) = I->getPropertyIvarDecl();
if (!(*ID)) if (!(*ID))
return false; return false;
QualType T = (*ID)->getType(); QualType T = (*ID)->getType();
if (!T->isObjCRetainableType()) if (!T->isObjCRetainableType())
return false; return false;
(*PD) = I->getPropertyDecl(); (*PD) = I->getPropertyDecl();
// Shouldn't be able to synthesize a property that doesn't exist. // Shouldn't be able to synthesize a property that doesn't exist.
assert(*PD); assert(*PD);
return true; return true;
} }
zaks.annaUnsubmitted
Done
ReplyInline Actions

Let's not use these comments blocks. We should use oxygen style comments.

zaks.anna: Let's not use these comments blocks. We should use oxygen style comments.
static bool synthesizedPropertyRequiresRelease(const ObjCPropertyDecl *PD) { namespace {
// A synthesized property must be released if and only if the kind of setter
// was neither 'assign' or 'weak'. class ObjCDeallocChecker
ObjCPropertyDecl::SetterKind SK = PD->getSetterKind(); : public Checker<check::ASTDecl<ObjCImplementationDecl>,
return (SK != ObjCPropertyDecl::Assign && SK != ObjCPropertyDecl::Weak); check::PreObjCMessage, check::PostObjCMessage,
} check::BeginFunction, check::EndFunction,
check::PointerEscape,
check::PreStmt<ReturnStmt>> {
static void checkObjCDealloc(const CheckerBase *Checker, mutable IdentifierInfo *NSObjectII, *SenTestCaseII;
const ObjCImplementationDecl *D, mutable Selector DeallocSel, ReleaseSel;
const LangOptions &LOpts, BugReporter &BR) {
assert(LOpts.getGC() != LangOptions::GCOnly); std::unique_ptr<BugType> MissingReleaseBugType;
assert(!LOpts.ObjCAutoRefCount); std::unique_ptr<BugType> ExtraReleaseBugType;
public:
ObjCDeallocChecker();
void checkASTDecl(const ObjCImplementationDecl *D, AnalysisManager& Mgr,
BugReporter &BR) const;
void checkBeginFunction(CheckerContext &Ctx) const;
void checkPreObjCMessage(const ObjCMethodCall &M, CheckerContext &C) const;
void checkPostObjCMessage(const ObjCMethodCall &M, CheckerContext &C) const;
ProgramStateRef checkPointerEscape(ProgramStateRef State,
const InvalidatedSymbols &Escaped,
const CallEvent *Call,
PointerEscapeKind Kind) const;
void checkPreStmt(const ReturnStmt *RS, CheckerContext &C) const;
void checkEndFunction(CheckerContext &Ctx) const;
private:
void diagnoseMissingReleases(CheckerContext &C) const;
bool diagnoseExtraRelease(SymbolRef ReleasedValue, const ObjCMethodCall &M,
CheckerContext &C) const;
SymbolRef getValueExplicitlyReleased(const ObjCMethodCall &M,
CheckerContext &C) const;
SymbolRef getValueReleasedByNillingOut(const ObjCMethodCall &M,
CheckerContext &C) const;
SymbolRef getInstanceSymbolFromIvarSymbol(SymbolRef IvarSym) const;
ReleaseRequirement
getDeallocReleaseRequirement(const ObjCPropertyImplDecl *PropImpl) const;
bool isInInstanceDealloc(const CheckerContext &C, SVal &SelfValOut) const;
bool isInInstanceDealloc(const CheckerContext &C, const LocationContext *LCtx,
SVal &SelfValOut) const;
bool instanceDeallocIsOnStack(const CheckerContext &C,
SVal &InstanceValOut) const;
bool isSuperDeallocMessage(const ObjCMethodCall &M) const;
const ObjCImplDecl *getContainingObjCImpl(const LocationContext *LCtx) const;
const ObjCPropertyDecl *
findShadowedPropertyDecl(const ObjCPropertyImplDecl *PropImpl) const;
ProgramStateRef removeValueRequiringRelease(ProgramStateRef State,
SymbolRef InstanceSym,
SymbolRef ValueSym) const;
void initIdentifierInfoAndSelectors(ASTContext &Ctx) const;
bool classHasSeparateTeardown(const ObjCInterfaceDecl *ID) const;
};
} // End anonymous namespace.
typedef llvm::ImmutableSet<SymbolRef> SymbolSet;
zaks.annaUnsubmitted
Done
ReplyInline Actions

Use doxygen throughout. Please, mention that this is an AST check.

zaks.anna: Use doxygen throughout. Please, mention that this is an AST check.
/// Maps from the symbol for a class instance to the set of
/// symbols remaining that must be released in -dealloc.
REGISTER_MAP_WITH_PROGRAMSTATE(UnreleasedIvarMap, SymbolRef, SymbolSet);
template<> struct ProgramStateTrait<SymbolSet>
: public ProgramStatePartialTrait<SymbolSet> {
static void *GDMIndex() { static int index = 0; return &index; }
};
/// An AST check that diagnose when the class requires a -dealloc method and
/// is missing one.
void ObjCDeallocChecker::checkASTDecl(const ObjCImplementationDecl *D,
AnalysisManager &Mgr,
BugReporter &BR) const {
assert(Mgr.getLangOpts().getGC() != LangOptions::GCOnly);
assert(!Mgr.getLangOpts().ObjCAutoRefCount);
initIdentifierInfoAndSelectors(Mgr.getASTContext());
ASTContext &Ctx = BR.getContext();
const ObjCInterfaceDecl *ID = D->getClassInterface(); const ObjCInterfaceDecl *ID = D->getClassInterface();
// Does the class contain any synthesized properties that are retainable? // Does the class contain any synthesized properties that are retainable?
// If not, skip the check entirely. // If not, skip the check entirely.
zaks.annaUnsubmitted
Done
ReplyInline Actions

Looks like we do not use this for the other checker. Is that the correct behavior? Seems like it.

Maybe we should reflect this in the method name.

zaks.anna: Looks like we do not use this for the other checker. Is that the correct behavior? Seems likeโ€ฆ
bool containsRetainedSynthesizedProperty = false; bool containsRetainedSynthesizedProperty = false;
for (const auto *I : D->property_impls()) { for (const auto *I : D->property_impls()) {
const ObjCIvarDecl *ID = nullptr; if (getDeallocReleaseRequirement(I) == ReleaseRequirement::MustRelease) {
const ObjCPropertyDecl *PD = nullptr;
if (!isSynthesizedRetainableProperty(I, &ID, &PD))
continue;
if (synthesizedPropertyRequiresRelease(PD)) {
containsRetainedSynthesizedProperty = true; containsRetainedSynthesizedProperty = true;
break; break;
} }
} }
if (!containsRetainedSynthesizedProperty) if (!containsRetainedSynthesizedProperty)
return; return;
// Determine if the class subclasses NSObject. // If the class is known to have a lifecycle with a separate teardown method
IdentifierInfo* NSObjectII = &Ctx.Idents.get("NSObject"); // then it may not require a -dealloc method.
IdentifierInfo* SenTestCaseII = &Ctx.Idents.get("SenTestCase"); if (classHasSeparateTeardown(ID))
zaks.annaUnsubmitted
Done
ReplyInline Actions

We usually capitalize this.

zaks.anna: We usually capitalize this.
dcoughlinAuthorUnsubmitted
Not Done
ReplyInline Actions

I've changed the method name to 'classHasSeparateTeardown()'.

dcoughlin: I've changed the method name to 'classHasSeparateTeardown()'.
for ( ; ID ; ID = ID->getSuperClass()) {
IdentifierInfo *II = ID->getIdentifier();
if (II == NSObjectII)
break;
// FIXME: For now, ignore classes that subclass SenTestCase, as these don't
// need to implement -dealloc. They implement tear down in another way,
// which we should try and catch later.
// http://llvm.org/bugs/show_bug.cgi?id=3187
if (II == SenTestCaseII)
return;
}
if (!ID)
return; return;
// Get the "dealloc" selector.
IdentifierInfo* II = &Ctx.Idents.get("dealloc");
Selector S = Ctx.Selectors.getSelector(0, &II);
const ObjCMethodDecl *MD = nullptr; const ObjCMethodDecl *MD = nullptr;
// Scan the instance methods for "dealloc". // Scan the instance methods for "dealloc".
for (const auto *I : D->instance_methods()) { for (const auto *I : D->instance_methods()) {
if (I->getSelector() == S) { if (I->getSelector() == DeallocSel) {
MD = I; MD = I;
break; break;
} }
} }
if (!MD) { // No dealloc found. if (!MD) { // No dealloc found.
const char* Name = "Missing -dealloc";
const char* name = LOpts.getGC() == LangOptions::NonGC std::string Buf;
? "missing -dealloc" llvm::raw_string_ostream OS(Buf);
: "missing -dealloc (Hybrid MM, non-GC)"; OS << "Objective-C class '" << *D << "' lacks a 'dealloc' instance method";
std::string buf;
llvm::raw_string_ostream os(buf);
os << "Objective-C class '" << *D << "' lacks a 'dealloc' instance method";
PathDiagnosticLocation DLoc = PathDiagnosticLocation DLoc =
PathDiagnosticLocation::createBegin(D, BR.getSourceManager()); PathDiagnosticLocation::createBegin(D, BR.getSourceManager());
BR.EmitBasicReport(D, Checker, name, categories::CoreFoundationObjectiveC, BR.EmitBasicReport(D, this, Name, categories::CoreFoundationObjectiveC,
os.str(), DLoc); OS.str(), DLoc);
return; return;
} }
}
// Get the "release" selector. /// If this is the beginning of -dealloc, mark the values initially stored in
IdentifierInfo* RII = &Ctx.Idents.get("release"); /// instance variables that must be released by the end of -dealloc
Selector RS = Ctx.Selectors.getSelector(0, &RII); /// as unreleased in the state.
void ObjCDeallocChecker::checkBeginFunction(
CheckerContext &C) const {
initIdentifierInfoAndSelectors(C.getASTContext());
// Only do this if the current method is -dealloc.
SVal SelfVal;
if (!isInInstanceDealloc(C, SelfVal))
return;
// Get the "self" identifier SymbolRef SelfSymbol = SelfVal.getAsSymbol();
IdentifierInfo* SelfII = &Ctx.Idents.get("self");
// Scan for missing and extra releases of ivars used by implementations const LocationContext *LCtx = C.getLocationContext();
// of synthesized properties ProgramStateRef InitialState = C.getState();
for (const auto *I : D->property_impls()) {
const ObjCIvarDecl *ID = nullptr; ProgramStateRef State = InitialState;
const ObjCPropertyDecl *PD = nullptr;
if (!isSynthesizedRetainableProperty(I, &ID, &PD)) SymbolSet::Factory &F = State->getStateManager().get_context<SymbolSet>();
// Symbols that must be released by the end of the -dealloc;
SymbolSet RequiredReleases = F.getEmptySet();
zaks.annaUnsubmitted
Not Done
ReplyInline Actions

I do not understand this.

zaks.anna: I do not understand this.
// If we're an inlined -dealloc, we should add our symbols to the existing
// set from our subclass.
if (const SymbolSet *CurrSet = State->get<UnreleasedIvarMap>(SelfSymbol))
RequiredReleases = *CurrSet;
for (auto *PropImpl : getContainingObjCImpl(LCtx)->property_impls()) {
ReleaseRequirement Requirement = getDeallocReleaseRequirement(PropImpl);
if (Requirement != ReleaseRequirement::MustRelease)
continue;
SVal LVal = State->getLValue(PropImpl->getPropertyIvarDecl(), SelfVal);
zaks.annaUnsubmitted
Done
ReplyInline Actions

I think it's worth adding "If we are in -dealloc or" ...

zaks.anna: I think it's worth adding "If we are in -dealloc or" ...
Optional<Loc> LValLoc = LVal.getAs<Loc>();
if (!LValLoc)
continue; continue;
bool requiresRelease = synthesizedPropertyRequiresRelease(PD); SVal InitialVal = State->getSVal(LValLoc.getValue());
if (scan_ivar_release(MD->getBody(), ID, PD, RS, SelfII, Ctx) SymbolRef Symbol = InitialVal.getAsSymbol();
!= requiresRelease) { if (!Symbol || !isa<SymbolRegionValue>(Symbol))
const char *name = nullptr; continue;
std::string buf;
llvm::raw_string_ostream os(buf); // Mark the value as requiring a release.
RequiredReleases = F.add(RequiredReleases, Symbol);
if (requiresRelease) { }
name = LOpts.getGC() == LangOptions::NonGC
? "missing ivar release (leak)" if (!RequiredReleases.isEmpty()) {
dcoughlinAuthorUnsubmitted
Not Done
ReplyInline Actions

I've removed this. It is not needed now that the program state is a map from instance symbols to sets of initial field values that must be released.

dcoughlin: I've removed this. It is not needed now that the program state is a map from instance symbolsโ€ฆ
: "missing ivar release (Hybrid MM, non-GC)"; State = State->set<UnreleasedIvarMap>(SelfSymbol, RequiredReleases);
}
os << "The '" << *ID << "' instance variable in '" << *D
<< "' was retained by a synthesized property " if (State != InitialState) {
"but was not released in 'dealloc'"; C.addTransition(State);
}
}
/// Given a symbol for an ivar, return a symbol for the instance containing
/// the ivar. Returns nullptr if the instance symbol cannot be found.
SymbolRef
ObjCDeallocChecker::getInstanceSymbolFromIvarSymbol(SymbolRef IvarSym) const {
if (auto *SRV = dyn_cast<SymbolRegionValue>(IvarSym)) {
const TypedValueRegion *TVR = SRV->getRegion();
const ObjCIvarRegion *IvarRegion = dyn_cast_or_null<ObjCIvarRegion>(TVR);
if (!IvarRegion)
return nullptr;
return IvarRegion->getSymbolicBase()->getSymbol();
}
return nullptr;
}
zaks.annaUnsubmitted
Done
ReplyInline Actions

Add: "We have to release before a call to [super dealloc]."

zaks.anna: Add: "We have to release before a call to [super dealloc]."
/// If we are in -dealloc or -dealloc is on the stack, handle the call if it is
/// a release or a nilling-out property setter.
void ObjCDeallocChecker::checkPreObjCMessage(
const ObjCMethodCall &M, CheckerContext &C) const {
// Only run if -dealloc is on the stack.
SVal DeallocedInstance;
if (!instanceDeallocIsOnStack(C, DeallocedInstance))
return;
SymbolRef ReleasedValue = getValueExplicitlyReleased(M, C);
if (ReleasedValue) {
// An instance variable symbol was released with -release:
// [_property release];
if (diagnoseExtraRelease(ReleasedValue,M, C))
return;
} else { } else {
// It is common for the ivars for read-only assign properties to // An instance variable symbol was released nilling out its property:
// always be stored retained, so don't warn for a release in // self.property = nil;
// dealloc for the ivar backing these properties. ReleasedValue = getValueReleasedByNillingOut(M, C);
if (PD->isReadOnly()) }
if (!ReleasedValue)
return;
SymbolRef InstanceSym = getInstanceSymbolFromIvarSymbol(ReleasedValue);
if (!InstanceSym)
return;
ProgramStateRef InitialState = C.getState();
ProgramStateRef ReleasedState =
removeValueRequiringRelease(InitialState, InstanceSym, ReleasedValue);
if (ReleasedState != InitialState) {
C.addTransition(ReleasedState);
}
}
/// If the message was a call to '[super dealloc]', diagnose any missing
/// releases.
void ObjCDeallocChecker::checkPostObjCMessage(
const ObjCMethodCall &M, CheckerContext &C) const {
// We perform this check post-message so that if the super -dealloc
// calls a helper method and that this class overrides, any ivars released in
// the helper method will be recorded before checking.
if (isSuperDeallocMessage(M))
diagnoseMissingReleases(C);
}
/// Check for missing releases even when -dealloc does not call
/// '[super dealloc]'.
void ObjCDeallocChecker::checkEndFunction(
CheckerContext &C) const {
diagnoseMissingReleases(C);
}
/// Check for missing releases on early return.
void ObjCDeallocChecker::checkPreStmt(
const ReturnStmt *RS, CheckerContext &C) const {
diagnoseMissingReleases(C);
}
/// If a symbol escapes conservatively assume unseen code released it.
ProgramStateRef ObjCDeallocChecker::checkPointerEscape(
ProgramStateRef State, const InvalidatedSymbols &Escaped,
const CallEvent *Call, PointerEscapeKind Kind) const {
// Don't treat calls to '[super dealloc]' as escaping for the purposes
// of this checker. Because the checker diagnoses missing releases in the
// post-message handler for '[super dealloc], escaping here would cause
// the checker to never warn.
auto *OMC = dyn_cast_or_null<ObjCMethodCall>(Call);
if (OMC && isSuperDeallocMessage(*OMC))
return State;
for (const auto &Sym : Escaped) {
State = State->remove<UnreleasedIvarMap>(Sym);
SymbolRef InstanceSymbol = getInstanceSymbolFromIvarSymbol(Sym);
if (!InstanceSymbol)
continue;
State = removeValueRequiringRelease(State, InstanceSymbol, Sym);
}
zaks.annaUnsubmitted
Not Done
ReplyInline Actions

Hopefully, this ensures that all symbols added in the function begin call are removed! The logic is slightly different than where we were adding these:

getContainingObjCImpl(LCtx)->property_impls()
zaks.anna: Hopefully, this ensures that all symbols added in the function begin call are removed! Theโ€ฆ
return State;
}
/// Report any unreleased instance variables for the current instance being
/// dealloced.
void ObjCDeallocChecker::diagnoseMissingReleases(CheckerContext &C) const {
ProgramStateRef State = C.getState();
SVal SelfVal;
if (!isInInstanceDealloc(C, SelfVal))
return;
const MemRegion *SelfRegion = SelfVal.castAs<loc::MemRegionVal>().getRegion();
const LocationContext *LCtx = C.getLocationContext();
ExplodedNode *ErrNode = nullptr;
SymbolRef SelfSym = SelfVal.getAsSymbol();
if (!SelfSym)
return;
const SymbolSet *OldUnreleased = State->get<UnreleasedIvarMap>(SelfSym);
if (!OldUnreleased)
return;
SymbolSet NewUnreleased = *OldUnreleased;
SymbolSet::Factory &F = State->getStateManager().get_context<SymbolSet>();
ProgramStateRef InitialState = State;
for (auto *IvarSymbol : *OldUnreleased) {
const TypedValueRegion *TVR =
cast<SymbolRegionValue>(IvarSymbol)->getRegion();
const ObjCIvarRegion *IvarRegion = cast<ObjCIvarRegion>(TVR);
zaks.annaUnsubmitted
Done
ReplyInline Actions

This might be too long.. Maybe we could remove "instance variable"?

zaks.anna: This might be too long.. Maybe we could remove "instance variable"?
// Don't warn if the ivar is not for this instance.
if (SelfRegion != IvarRegion->getSuperRegion())
continue; continue;
dcoughlinAuthorUnsubmitted
Not Done
ReplyInline Actions

I've added an assertion to catch when these aren't being removed. (You were right, they weren't always.)

dcoughlin: I've added an assertion to catch when these aren't being removed. (You were right, they weren'tโ€ฆ
name = LOpts.getGC() == LangOptions::NonGC // Prevent an inlined call to -dealloc in a super class from warning
? "extra ivar release (use-after-release)" // about the values the subclass's -dealloc should release.
: "extra ivar release (Hybrid MM, non-GC)"; if (IvarRegion->getDecl()->getContainingInterface() !=
cast<ObjCMethodDecl>(LCtx->getDecl())->getClassInterface())
os << "The '" << *ID << "' instance variable in '" << *D continue;
<< "' was not retained by a synthesized property "
"but was released in 'dealloc'";
}
// If @synthesize statement is missing, fall back to @property statement.
const Decl *SPDecl = I->getLocation().isValid()
? static_cast<const Decl *>(I)
: static_cast<const Decl *>(PD);
PathDiagnosticLocation SPLoc =
PathDiagnosticLocation::createBegin(SPDecl, BR.getSourceManager());
BR.EmitBasicReport(MD, Checker, name, // Prevents diagnosing multiple times for the same instance variable
categories::CoreFoundationObjectiveC, os.str(), SPLoc); // at, for example, both a return and at the end of of the function.
NewUnreleased = F.remove(NewUnreleased, IvarSymbol);
if (State->getStateManager()
.getConstraintManager()
.isNull(State, IvarSymbol)
.isConstrainedTrue()) {
continue;
} }
// A missing release manifests as a leak, so treat as a non-fatal error.
if (!ErrNode)
ErrNode = C.generateNonFatalErrorNode();
// If we've already reached this node on another path, return without
// diagnosing.
if (!ErrNode)
return;
std::string Buf;
llvm::raw_string_ostream OS(Buf);
const ObjCIvarDecl *IvarDecl = IvarRegion->getDecl();
const ObjCInterfaceDecl *Interface = IvarDecl->getContainingInterface();
// If the class is known to have a lifecycle with teardown that is
// separate from -dealloc, do not warn about missing releases. We
// suppress here (rather than not tracking for instance variables in
// such classes) because these classes are rare.
if (classHasSeparateTeardown(Interface))
return;
ObjCImplDecl *ImplDecl = Interface->getImplementation();
const ObjCPropertyImplDecl *PropImpl =
ImplDecl->FindPropertyImplIvarDecl(IvarDecl->getIdentifier());
const ObjCPropertyDecl *PropDecl = PropImpl->getPropertyDecl();
assert(PropDecl->getSetterKind() == ObjCPropertyDecl::Copy ||
PropDecl->getSetterKind() == ObjCPropertyDecl::Retain);
OS << "The '" << *IvarDecl << "' ivar in '" << *ImplDecl
<< "' was ";
if (PropDecl->getSetterKind() == ObjCPropertyDecl::Retain)
OS << "retained";
else
OS << "copied";
OS << " by a synthesized property but not released"
" before '[super dealloc]'";
std::unique_ptr<BugReport> BR(
new BugReport(*MissingReleaseBugType, OS.str(), ErrNode));
C.emitReport(std::move(BR));
} }
if (NewUnreleased.isEmpty()) {
State = State->remove<UnreleasedIvarMap>(SelfSym);
} else {
State = State->set<UnreleasedIvarMap>(SelfSym, NewUnreleased);
} }
//===----------------------------------------------------------------------===// if (ErrNode) {
// ObjCDeallocChecker C.addTransition(State, ErrNode);
//===----------------------------------------------------------------------===// } else if (State != InitialState) {
C.addTransition(State);
}
namespace { // Make sure that after checking in the top-most frame the list of
class ObjCDeallocChecker : public Checker< // tracked ivars is empty. This is intended to detect accidental leaks in
check::ASTDecl<ObjCImplementationDecl> > { // the UnreleasedIvarMap program state.
public: assert(!LCtx->inTopFrame() || State->get<UnreleasedIvarMap>().isEmpty());
void checkASTDecl(const ObjCImplementationDecl *D, AnalysisManager& mgr, }
BugReporter &BR) const {
if (mgr.getLangOpts().getGC() == LangOptions::GCOnly || /// Emits a warning if the current context is -dealloc and \param ReleasedValue
mgr.getLangOpts().ObjCAutoRefCount) /// must not be directly released in a -dealloc. Returns true if a diagnostic
/// was emitted.
bool ObjCDeallocChecker::diagnoseExtraRelease(SymbolRef ReleasedValue,
const ObjCMethodCall &M,
CheckerContext &C) const {
SVal DeallocedInstance;
if (!isInInstanceDealloc(C, DeallocedInstance))
return false;
// Try to get the region from which the the released value was loaded.
// Note that, unlike diagnosing for missing releases, here we don't track
// values that must not be released in the state. This is because even if
// these values escape, it is still an error under the rules of MRR to
// release them in -dealloc.
const MemRegion *RegionLoadedFrom = nullptr;
if (auto *DerivedSym = dyn_cast<SymbolDerived>(ReleasedValue))
RegionLoadedFrom = DerivedSym->getRegion();
else if (auto *RegionSym = dyn_cast<SymbolRegionValue>(ReleasedValue))
RegionLoadedFrom = RegionSym->getRegion();
else
zaks.annaUnsubmitted
Done
ReplyInline Actions

BugType names should be capitalized.

zaks.anna: BugType names should be capitalized.
return false;
auto *ReleasedIvar = dyn_cast<ObjCIvarRegion>(RegionLoadedFrom);
if (!ReleasedIvar)
return false;
if (DeallocedInstance.castAs<loc::MemRegionVal>().getRegion() !=
ReleasedIvar->getSuperRegion())
return false;
const LocationContext *LCtx = C.getLocationContext();
const ObjCIvarDecl *ReleasedIvarDecl = ReleasedIvar->getDecl();
// If the ivar belongs to a property that must not be released directly
// in dealloc, emit a warning.
const ObjCImplDecl *Container = getContainingObjCImpl(LCtx);
const ObjCPropertyImplDecl *PropImpl =
Container->FindPropertyImplIvarDecl(ReleasedIvarDecl->getIdentifier());
if (!PropImpl)
return false;
if (getDeallocReleaseRequirement(PropImpl) !=
ReleaseRequirement::MustNotReleaseDirectly) {
return false;
}
// If the property is readwrite but it shadows a read-only property in its
// external interface, treat the property a read-only. If the outside
// world cannot write to a property then the internal implementation is free
// to make its own convention about whether the value is stored retained
// or not. We look up the shadow here rather than in
// getDeallocReleaseRequirement() because doing so can be expensive.
const ObjCPropertyDecl *PropDecl = findShadowedPropertyDecl(PropImpl);
if (PropDecl) {
if (PropDecl->isReadOnly())
return false;
} else {
PropDecl = PropImpl->getPropertyDecl();
}
ExplodedNode *ErrNode = C.generateNonFatalErrorNode();
if (!ErrNode)
return false;
std::string Buf;
llvm::raw_string_ostream OS(Buf);
assert(PropDecl->getSetterKind() == ObjCPropertyDecl::Weak ||
(PropDecl->getSetterKind() == ObjCPropertyDecl::Assign &&
!PropDecl->isReadOnly()));
OS << "The '" << *PropImpl->getPropertyIvarDecl()
<< "' ivar in '" << *Container
<< "' was synthesized for ";
if (PropDecl->getSetterKind() == ObjCPropertyDecl::Weak)
OS << "a weak";
else
OS << "an assign, readwrite";
OS << " property but was released in 'dealloc'";
std::unique_ptr<BugReport> BR(
new BugReport(*ExtraReleaseBugType, OS.str(), ErrNode));
BR->addRange(M.getOriginExpr()->getSourceRange());
C.emitReport(std::move(BR));
return true;
}
ObjCDeallocChecker::
ObjCDeallocChecker()
: NSObjectII(nullptr), SenTestCaseII(nullptr) {
MissingReleaseBugType.reset(
new BugType(this, "Missing ivar release (leak)",
categories::MemoryCoreFoundationObjectiveC));
ExtraReleaseBugType.reset(
new BugType(this, "Extra ivar release",
categories::MemoryCoreFoundationObjectiveC));
}
void ObjCDeallocChecker::initIdentifierInfoAndSelectors(
ASTContext &Ctx) const {
if (NSObjectII)
return; return;
checkObjCDealloc(this, cast<ObjCImplementationDecl>(D), mgr.getLangOpts(),
BR); NSObjectII = &Ctx.Idents.get("NSObject");
SenTestCaseII = &Ctx.Idents.get("SenTestCase");
IdentifierInfo *DeallocII = &Ctx.Idents.get("dealloc");
IdentifierInfo *ReleaseII = &Ctx.Idents.get("release");
DeallocSel = Ctx.Selectors.getSelector(0, &DeallocII);
ReleaseSel = Ctx.Selectors.getSelector(0, &ReleaseII);
} }
};
/// Returns true if \param M is a call to '[super dealloc]'.
bool ObjCDeallocChecker::isSuperDeallocMessage(
const ObjCMethodCall &M) const {
if (M.getOriginExpr()->getReceiverKind() != ObjCMessageExpr::SuperInstance)
return false;
return M.getSelector() == DeallocSel;
}
/// Returns the ObjCImplDecl containing the method declaration in \param LCtx.
const ObjCImplDecl *
ObjCDeallocChecker::getContainingObjCImpl(const LocationContext *LCtx) const {
auto *MD = cast<ObjCMethodDecl>(LCtx->getDecl());
return cast<ObjCImplDecl>(MD->getDeclContext());
}
/// Returns the property that shadowed by \param PropImpl if one exists and
/// nullptr otherwise.
const ObjCPropertyDecl *ObjCDeallocChecker::findShadowedPropertyDecl(
const ObjCPropertyImplDecl *PropImpl) const {
const ObjCPropertyDecl *PropDecl = PropImpl->getPropertyDecl();
// Only readwrite properties can shadow.
if (PropDecl->isReadOnly())
return nullptr;
auto *CatDecl = dyn_cast<ObjCCategoryDecl>(PropDecl->getDeclContext());
// Only class extensions can contain shadowing properties.
if (!CatDecl || !CatDecl->IsClassExtension())
return nullptr;
IdentifierInfo *ID = PropDecl->getIdentifier();
DeclContext::lookup_result R = CatDecl->getClassInterface()->lookup(ID);
for (DeclContext::lookup_iterator I = R.begin(), E = R.end(); I != E; ++I) {
auto *ShadowedPropDecl = dyn_cast<ObjCPropertyDecl>(*I);
if (!ShadowedPropDecl)
continue;
if (ShadowedPropDecl->isInstanceProperty()) {
assert(ShadowedPropDecl->isReadOnly());
return ShadowedPropDecl;
}
}
return nullptr;
}
/// Remove the \param Value requiring a release from the tracked set for
/// \param Instance and return the resultant state.
ProgramStateRef ObjCDeallocChecker::removeValueRequiringRelease(
ProgramStateRef State, SymbolRef Instance, SymbolRef Value) const {
assert(Instance);
assert(Value);
const SymbolSet *Unreleased = State->get<UnreleasedIvarMap>(Instance);
if (!Unreleased)
return State;
// Mark the value as no longer requiring a release.
SymbolSet::Factory &F = State->getStateManager().get_context<SymbolSet>();
SymbolSet NewUnreleased = F.remove(*Unreleased, Value);
if (NewUnreleased.isEmpty()) {
return State->remove<UnreleasedIvarMap>(Instance);
}
return State->set<UnreleasedIvarMap>(Instance, NewUnreleased);
}
/// Determines whether the instance variable for \p PropImpl must or must not be
/// released in -dealloc or whether it cannot be determined.
ReleaseRequirement ObjCDeallocChecker::getDeallocReleaseRequirement(
const ObjCPropertyImplDecl *PropImpl) const {
const ObjCIvarDecl *IvarDecl;
const ObjCPropertyDecl *PropDecl;
if (!isSynthesizedRetainableProperty(PropImpl, &IvarDecl, &PropDecl))
return ReleaseRequirement::Unknown;
ObjCPropertyDecl::SetterKind SK = PropDecl->getSetterKind();
switch (SK) {
// Retain and copy setters retain/copy their values before storing and so
// the value in their instance variables must be released in -dealloc.
case ObjCPropertyDecl::Retain:
case ObjCPropertyDecl::Copy:
return ReleaseRequirement::MustRelease;
case ObjCPropertyDecl::Weak:
return ReleaseRequirement::MustNotReleaseDirectly;
case ObjCPropertyDecl::Assign:
// It is common for the ivars for read-only assign properties to
// always be stored retained, so their release requirement cannot be
// be determined.
if (PropDecl->isReadOnly())
zaks.annaUnsubmitted
Not Done
ReplyInline Actions

We might need an annotation for this as well.

zaks.anna: We might need an annotation for this as well.
return ReleaseRequirement::Unknown;
return ReleaseRequirement::MustNotReleaseDirectly;
}
}
/// Returns the released value if \param M is a call to -release. Returns
/// nullptr otherwise.
SymbolRef
ObjCDeallocChecker::getValueExplicitlyReleased(const ObjCMethodCall &M,
CheckerContext &C) const {
if (M.getSelector() != ReleaseSel)
return nullptr;
return M.getReceiverSVal().getAsSymbol();
}
/// Returns the released value if \param M is a call a setter that releases
/// and nils out its underlying instance variable.
SymbolRef
ObjCDeallocChecker::getValueReleasedByNillingOut(const ObjCMethodCall &M,
CheckerContext &C) const {
SVal ReceiverVal = M.getReceiverSVal();
if (!ReceiverVal.isValid())
return nullptr;
// Is the first argument nil?
if (M.getNumArgs() == 0)
return nullptr;
SVal Arg = M.getArgSVal(0);
ProgramStateRef notNilState, nilState;
std::tie(notNilState, nilState) =
M.getState()->assume(Arg.castAs<DefinedOrUnknownSVal>());
if (!(nilState && !notNilState))
return nullptr;
const ObjCPropertyDecl *Prop = M.getAccessedProperty();
if (!Prop)
return nullptr;
ObjCIvarDecl *PropIvarDecl = Prop->getPropertyIvarDecl();
if (!PropIvarDecl)
return nullptr;
ProgramStateRef State = C.getState();
SVal LVal = State->getLValue(PropIvarDecl, ReceiverVal);
Optional<Loc> LValLoc = LVal.getAs<Loc>();
if (!LValLoc)
return nullptr;
SVal CurrentValInIvar = State->getSVal(LValLoc.getValue());
return CurrentValInIvar.getAsSymbol();
}
/// Returns true if the current context is a call to -dealloc and false
/// otherwise. If true, it also sets \param SelfValOut to the value of
/// 'self'.
bool ObjCDeallocChecker::isInInstanceDealloc(const CheckerContext &C,
SVal &SelfValOut) const {
return isInInstanceDealloc(C, C.getLocationContext(), SelfValOut);
}
/// Returns true if \param LCtx is a call to -dealloc and false
/// otherwise. If true, it also sets \param SelfValOut to the value of
/// 'self'.
bool ObjCDeallocChecker::isInInstanceDealloc(const CheckerContext &C,
const LocationContext *LCtx,
SVal &SelfValOut) const {
auto *MD = dyn_cast<ObjCMethodDecl>(LCtx->getDecl());
if (!MD || !MD->isInstanceMethod() || MD->getSelector() != DeallocSel)
return false;
const ImplicitParamDecl *SelfDecl = LCtx->getSelfDecl();
assert(SelfDecl && "No self in -dealloc?");
ProgramStateRef State = C.getState();
SelfValOut = State->getSVal(State->getRegion(SelfDecl, LCtx));
return true;
}
/// Returns true if there is a call to -dealloc anywhere on the stack and false
/// otherwise. If true, it also sets \param SelfValOut to the value of
ddkilzerUnsubmitted
Not Done
ReplyInline Actions

I think you meant "/param InstanceValOut" here.

ddkilzer: I think you meant "/param InstanceValOut" here.
ddkilzerUnsubmitted
Not Done
ReplyInline Actions

And I meant "\param InstanceValOut". ๐Ÿ˜

ddkilzer: And I meant "\param InstanceValOut". ๐Ÿ˜
dcoughlinAuthorUnsubmitted
Not Done
ReplyInline Actions

Thanks! Will fix.

dcoughlin: Thanks! Will fix.
/// 'self' in the frame for -dealloc.
bool ObjCDeallocChecker::instanceDeallocIsOnStack(const CheckerContext &C,
SVal &InstanceValOut) const {
const LocationContext *LCtx = C.getLocationContext();
while (LCtx) {
if (isInInstanceDealloc(C, LCtx, InstanceValOut))
return true;
LCtx = LCtx->getParent();
}
return false;
}
/// Returns true if the \param ID is a class in which which is known to have
/// a separate teardown lifecycle. In this case, -dealloc warnings
/// about missing releases should be suppressed.
bool ObjCDeallocChecker::classHasSeparateTeardown(
const ObjCInterfaceDecl *ID) const {
// Suppress if the class is not a subclass of NSObject.
for ( ; ID ; ID = ID->getSuperClass()) {
IdentifierInfo *II = ID->getIdentifier();
if (II == NSObjectII)
return false;
// FIXME: For now, ignore classes that subclass SenTestCase, as these don't
// need to implement -dealloc. They implement tear down in another way,
// which we should try and catch later.
// http://llvm.org/bugs/show_bug.cgi?id=3187
if (II == SenTestCaseII)
return true;
} }
void ento::registerObjCDeallocChecker(CheckerManager &mgr) { return true;
mgr.registerChecker<ObjCDeallocChecker>(); }
void ento::registerObjCDeallocChecker(CheckerManager &Mgr) {
const LangOptions &LangOpts = Mgr.getLangOpts();
// These checker only makes sense under MRR.
if (LangOpts.getGC() == LangOptions::GCOnly || LangOpts.ObjCAutoRefCount)
return;
Mgr.registerChecker<ObjCDeallocChecker>();
} }

test/Analysis/DeallocMissingRelease.m

// RUN: %clang_cc1 -analyze -analyzer-checker=alpha.osx.cocoa.Dealloc -fblocks %s 2>&1 | FileCheck -check-prefix=CHECK %s // RUN: %clang_cc1 -analyze -analyzer-checker=alpha.osx.cocoa.Dealloc -fblocks -verify %s
// RUN: %clang_cc1 -analyze -analyzer-checker=alpha.osx.cocoa.Dealloc -fblocks -triple x86_64-apple-darwin10 -fobjc-arc -fobjc-runtime-has-weak %s 2>&1 | FileCheck -check-prefix=CHECK-ARC -allow-empty '--implicit-check-not=error:' '--implicit-check-not=warning:' %s // RUN: %clang_cc1 -analyze -analyzer-checker=alpha.osx.cocoa.Dealloc -fblocks -triple x86_64-apple-darwin10 -fobjc-arc -fobjc-runtime-has-weak -verify %s
#define nil ((id)0) #define nil ((id)0)
#define NON_ARC !__has_feature(objc_arc) #define NON_ARC !__has_feature(objc_arc)
#if NON_ARC #if NON_ARC
#define WEAK_ON_ARC #define WEAK_ON_ARC
#else #else
#define WEAK_ON_ARC __weak #define WEAK_ON_ARC __weak
#endif #endif
// No diagnostics expected under ARC.
#if !NON_ARC
// expected-no-diagnostics
#endif
typedef signed char BOOL; typedef signed char BOOL;
@protocol NSObject @protocol NSObject
- (BOOL)isEqual:(id)object; - (BOOL)isEqual:(id)object;
- (Class)class; - (Class)class;
@end @end
@interface NSObject <NSObject> {} @interface NSObject <NSObject> {}
+ (instancetype)alloc;
- (void)dealloc; - (void)dealloc;
- (id)init; - (id)init;
- (id)retain; - (id)retain;
- (oneway void)release; - (oneway void)release;
@end @end
typedef struct objc_selector *SEL; typedef struct objc_selector *SEL;
//===------------------------------------------------------------------------===
// Do not warn about missing release in -dealloc for ivars. // Do not warn about missing release in -dealloc for ivars.
@interface MyIvarClass1 : NSObject { @interface MyIvarClass1 : NSObject {
NSObject *_ivar; NSObject *_ivar;
} }
@end @end
@implementation MyIvarClass1 @implementation MyIvarClass1
โ–ฒ Show 20 Lines โ€ข Show All 44 Lines โ€ข โ–ผ Show 20 Lines#if NON_ARC
[_ivar release]; [_ivar release];
_ivar = [ivar retain]; _ivar = [ivar retain];
#else #else
_ivar = ivar; _ivar = ivar;
#endif #endif
} }
@end @end
//===------------------------------------------------------------------------===
// Warn about missing release in -dealloc for properties. // Warn about missing release in -dealloc for properties.
@interface MyPropertyClass1 : NSObject @interface MyPropertyClass1 : NSObject
// CHECK: DeallocMissingRelease.m:[[@LINE+1]]:1: warning: The '_ivar' instance variable in 'MyPropertyClass1' was retained by a synthesized property but was not released in 'dealloc'
@property (copy) NSObject *ivar; @property (copy) NSObject *ivar;
@end @end
@implementation MyPropertyClass1 @implementation MyPropertyClass1
- (void)dealloc - (void)dealloc
{ {
#if NON_ARC #if NON_ARC
[super dealloc]; [super dealloc]; // expected-warning {{The '_ivar' ivar in 'MyPropertyClass1' was copied by a synthesized property but not released before '[super dealloc]'}}
#endif #endif
} }
@end @end
@interface MyPropertyClass2 : NSObject @interface MyPropertyClass2 : NSObject
// CHECK: DeallocMissingRelease.m:[[@LINE+1]]:1: warning: The '_ivar' instance variable in 'MyPropertyClass2' was retained by a synthesized property but was not released in 'dealloc'
@property (retain) NSObject *ivar; @property (retain) NSObject *ivar;
@end @end
@implementation MyPropertyClass2 @implementation MyPropertyClass2
- (void)dealloc - (void)dealloc
{ {
#if NON_ARC #if NON_ARC
[super dealloc]; [super dealloc]; // expected-warning {{The '_ivar' ivar in 'MyPropertyClass2' was retained by a synthesized property but not released before '[super dealloc]'}}
#endif #endif
} }
@end @end
@interface MyPropertyClass3 : NSObject { @interface MyPropertyClass3 : NSObject {
NSObject *_ivar; NSObject *_ivar;
} }
@property (retain) NSObject *ivar; @property (retain) NSObject *ivar;
@end @end
@implementation MyPropertyClass3 @implementation MyPropertyClass3
// CHECK: DeallocMissingRelease.m:[[@LINE+1]]:1: warning: The '_ivar' instance variable in 'MyPropertyClass3' was retained by a synthesized property but was not released in 'dealloc'
@synthesize ivar = _ivar; @synthesize ivar = _ivar;
- (void)dealloc - (void)dealloc
{ {
#if NON_ARC #if NON_ARC
[super dealloc]; [super dealloc]; // expected-warning {{The '_ivar' ivar in 'MyPropertyClass3' was retained by a synthesized property but not released before '[super dealloc]'}}
#endif #endif
} }
@end @end
@interface MyPropertyClass4 : NSObject { @interface MyPropertyClass4 : NSObject {
void (^_blockPropertyIvar)(void); void (^_blockPropertyIvar)(void);
} }
@property (copy) void (^blockProperty)(void); @property (copy) void (^blockProperty)(void);
@end @end
@implementation MyPropertyClass4 @implementation MyPropertyClass4
// CHECK: DeallocMissingRelease.m:[[@LINE+1]]:1: warning: The '_blockPropertyIvar' instance variable in 'MyPropertyClass4' was retained by a synthesized property but was not released in 'dealloc'
@synthesize blockProperty = _blockPropertyIvar; @synthesize blockProperty = _blockPropertyIvar;
- (void)dealloc - (void)dealloc
{ {
#if NON_ARC #if NON_ARC
[super dealloc]; [super dealloc]; // expected-warning {{The '_blockPropertyIvar' ivar in 'MyPropertyClass4' was copied by a synthesized property but not released before '[super dealloc]'}}
#endif #endif
} }
@end @end
@interface MyPropertyClass5 : NSObject { @interface MyPropertyClass5 : NSObject {
WEAK_ON_ARC NSObject *_ivar; WEAK_ON_ARC NSObject *_ivar;
} }
@property (weak) NSObject *ivar; @property (weak) NSObject *ivar;
@end @end
@implementation MyPropertyClass5 @implementation MyPropertyClass5
@synthesize ivar = _ivar; // no-warning @synthesize ivar = _ivar;
- (void)dealloc - (void)dealloc
{ {
#if NON_ARC #if NON_ARC
[super dealloc]; // no-warning because it is a weak property
#endif
}
@end
@interface MyPropertyClassWithReturnInDealloc : NSObject {
NSObject *_ivar;
}
@property (retain) NSObject *ivar;
@end
@implementation MyPropertyClassWithReturnInDealloc
@synthesize ivar = _ivar;
- (void)dealloc
{
return;
#if NON_ARC
// expected-warning@-2{{The '_ivar' ivar in 'MyPropertyClassWithReturnInDealloc' was retained by a synthesized property but not released before '[super dealloc]'}}
[super dealloc]; [super dealloc];
#endif #endif
} }
@end @end
//===------------------------------------------------------------------------=== @interface MyPropertyClassWithReleaseInOtherInstance : NSObject {
NSObject *_ivar;
MyPropertyClassWithReleaseInOtherInstance *_other;
}
@property (retain) NSObject *ivar;
-(void)releaseIvars;
@end
@implementation MyPropertyClassWithReleaseInOtherInstance
@synthesize ivar = _ivar;
-(void)releaseIvars; {
#if NON_ARC
[_ivar release];
#endif
}
- (void)dealloc
{
[_other releaseIvars];
#if NON_ARC
[super dealloc]; // expected-warning {{The '_ivar' ivar in 'MyPropertyClassWithReleaseInOtherInstance' was retained by a synthesized property but not released before '[super dealloc]'}}
#endif
}
@end
@interface MyPropertyClassWithNeitherReturnNorSuperDealloc : NSObject {
NSObject *_ivar;
}
@property (retain) NSObject *ivar;
@end
@implementation MyPropertyClassWithNeitherReturnNorSuperDealloc
@synthesize ivar = _ivar;
- (void)dealloc
{
}
#if NON_ARC
// expected-warning@-2 {{method possibly missing a [super dealloc] call}} (From Sema)
// expected-warning@-3{{The '_ivar' ivar in 'MyPropertyClassWithNeitherReturnNorSuperDealloc' was retained by a synthesized property but not released before '[super dealloc]'}}
#endif
@end
// <rdar://problem/6380411>: 'myproperty' has kind 'assign' and thus the // <rdar://problem/6380411>: 'myproperty' has kind 'assign' and thus the
// assignment through the setter does not perform a release. // assignment through the setter does not perform a release.
@interface MyObject : NSObject { @interface MyObject : NSObject {
id __unsafe_unretained _myproperty; id __unsafe_unretained _myproperty;
} }
@property(assign) id myproperty; @property(assign) id myproperty;
@end @end
Show All 17 Lines
@end @end
@implementation ClassWithControlFlowInRelease @implementation ClassWithControlFlowInRelease
- (void)dealloc; { - (void)dealloc; {
if (_ivar1) { if (_ivar1) {
// We really should warn because there is a path through -dealloc on which // We really should warn because there is a path through -dealloc on which
// _ivar2 is not released. // _ivar2 is not released.
#if NON_ARC #if NON_ARC
[_ivar2 release]; // no-warning [_ivar2 release];
#endif #endif
} }
#if NON_ARC #if NON_ARC
[super dealloc]; [super dealloc]; // expected-warning {{The '_ivar2' ivar in 'ClassWithControlFlowInRelease' was retained by a synthesized property but not released before '[super dealloc]'}}
#endif #endif
} }
@end @end
//===------------------------------------------------------------------------===
// Don't warn when the property is nil'd out in -dealloc // Don't warn when the property is nil'd out in -dealloc
@interface ClassWithNildOutProperty : NSObject @interface ClassWithNildOutProperty : NSObject
@property (retain) NSObject *ivar; // no-warning @property (retain) NSObject *ivar;
@property (assign) int *intPtrProp;
@end @end
@implementation ClassWithNildOutProperty @implementation ClassWithNildOutProperty
- (void)dealloc; { - (void)dealloc; {
self.ivar = nil; self.ivar = nil;
// Make sure to handle setting a non-retainable property to 0.
self.intPtrProp = 0;
#if NON_ARC #if NON_ARC
[super dealloc]; [super dealloc]; // no-warning
#endif
}
@end
// Do warn when the ivar but not the property is nil'd out in -dealloc
@interface ClassWithNildOutIvar : NSObject
@property (retain) NSObject *ivar;
@end
@implementation ClassWithNildOutIvar
- (void)dealloc; {
// Oops. Meant self.ivar = nil
_ivar = nil;
#if NON_ARC
[super dealloc]; // expected-warning {{The '_ivar' ivar in 'ClassWithNildOutIvar' was retained by a synthesized property but not released before '[super dealloc]'}}
#endif #endif
} }
@end
// Do warn when the ivar is updated to a different value that is then
// released.
@interface ClassWithUpdatedIvar : NSObject
@property (retain) NSObject *ivar;
@end
@implementation ClassWithUpdatedIvar
- (void)dealloc; {
_ivar = [[NSObject alloc] init];
#if NON_ARC
[_ivar release];
#endif
#if NON_ARC
[super dealloc]; // expected-warning {{The '_ivar' ivar in 'ClassWithUpdatedIvar' was retained by a synthesized property but not released before '[super dealloc]'}}
#endif
}
@end @end
//===------------------------------------------------------------------------===
// Don't warn when the property is nil'd out with a setter in -dealloc // Don't warn when the property is nil'd out with a setter in -dealloc
@interface ClassWithNildOutPropertyViaSetter : NSObject @interface ClassWithNildOutPropertyViaSetter : NSObject
@property (retain) NSObject *ivar; // no-warning @property (retain) NSObject *ivar;
@end @end
@implementation ClassWithNildOutPropertyViaSetter @implementation ClassWithNildOutPropertyViaSetter
- (void)dealloc; { - (void)dealloc; {
[self setIvar:nil]; [self setIvar:nil];
#if NON_ARC #if NON_ARC
[super dealloc]; // no-warning
#endif
}
@end
// Don't warn about missing releases when -dealloc helpers are called.
@interface ClassWithDeallocHelpers : NSObject
@property (retain) NSObject *ivarReleasedInMethod;
@property (retain) NSObject *propNilledOutInMethod;
@property (retain) NSObject *ivarReleasedInFunction;
@property (retain) NSObject *propNilledOutInFunction;
@property (retain) NSObject *ivarNeverReleased;
- (void)invalidateInMethod;
@end
void ReleaseValueHelper(NSObject *iv) {
#if NON_ARC
[iv release];
#endif
}
void NilOutPropertyHelper(ClassWithDeallocHelpers *o) {
o.propNilledOutInFunction = nil;
}
@implementation ClassWithDeallocHelpers
- (void)invalidateInMethod {
#if NON_ARC
[_ivarReleasedInMethod release];
#endif
self.propNilledOutInMethod = nil;
}
- (void)dealloc; {
ReleaseValueHelper(_ivarReleasedInFunction);
NilOutPropertyHelper(self);
[self invalidateInMethod];
#if NON_ARC
[super dealloc]; // expected-warning {{The '_ivarNeverReleased' ivar in 'ClassWithDeallocHelpers' was retained by a synthesized property but not released before '[super dealloc]'}}
#endif
}
@end
// Don't warn when self in -dealloc escapes.
@interface ClassWhereSelfEscapesViaMethodCall : NSObject
@property (retain) NSObject *ivar; // no-warning
@end
@interface ClassWhereSelfEscapesViaMethodCall (Other)
- (void)invalidate; // In other translation unit.
@end
@implementation ClassWhereSelfEscapesViaMethodCall
- (void)dealloc; {
[self invalidate];
#if NON_ARC
[super dealloc];
#endif
} // no-warning
@end
@interface ClassWhereSelfEscapesViaPropertyAccess : NSObject
@property (retain) NSObject *ivar;
@end
@interface ClassWhereSelfEscapesViaPropertyAccess (Other)
// The implementation of this property is unknown and therefore could
// release ivar.
@property (retain) NSObject *otherIvar;
@end
@implementation ClassWhereSelfEscapesViaPropertyAccess
- (void)dealloc; {
self.otherIvar = nil;
#if NON_ARC
[super dealloc];
#endif
} // no-warning
@end
// Don't treat self as escaping when setter called on *synthesized*
// property.
@interface ClassWhereSelfEscapesViaSynthesizedPropertyAccess : NSObject
@property (retain) NSObject *ivar;
@property (retain) NSObject *otherIvar;
@end
@implementation ClassWhereSelfEscapesViaSynthesizedPropertyAccess
- (void)dealloc; {
self.otherIvar = nil;
#if NON_ARC
[super dealloc]; // expected-warning {{The '_ivar' ivar in 'ClassWhereSelfEscapesViaSynthesizedPropertyAccess' was retained by a synthesized property but not released before '[super dealloc]'}}
#endif
}
@end
// Don't warn when value escapes.
@interface ClassWhereIvarValueEscapes : NSObject
@property (retain) NSObject *ivar;
@end
void ReleaseMe(id arg);
@implementation ClassWhereIvarValueEscapes
- (void)dealloc; {
ReleaseMe(_ivar);
#if NON_ARC
[super dealloc];
#endif
} // no-warning
@end
// Don't warn when value is known to be nil.
@interface ClassWhereIvarIsNil : NSObject
@property (retain) NSObject *ivarIsNil;
@end
@implementation ClassWhereIvarIsNil
- (void)dealloc; {
#if NON_ARC
if (_ivarIsNil)
[_ivarIsNil release];
[super dealloc];
#endif
} // no-warning
@end
// Don't warn for non-retainable properties.
@interface ClassWithNonRetainableProperty : NSObject
@property (assign) int *ivar; // no-warning
@end
@implementation ClassWithNonRetainableProperty
- (void)dealloc; {
#if NON_ARC
[super dealloc];
#endif
} // no-warning
@end
@interface SuperClassOfClassWithInlinedSuperDealloc : NSObject
@property (retain) NSObject *propInSuper;
@end
@implementation SuperClassOfClassWithInlinedSuperDealloc
- (void)dealloc {
#if NON_ARC
[super dealloc]; // expected-warning {{The '_propInSuper' ivar in 'SuperClassOfClassWithInlinedSuperDealloc' was retained by a synthesized property but not released before '[super dealloc]'}}
#endif
}
@end
@interface ClassWithInlinedSuperDealloc : SuperClassOfClassWithInlinedSuperDealloc
@property (retain) NSObject *propInSub;
@end
@implementation ClassWithInlinedSuperDealloc
- (void)dealloc {
#if NON_ARC
[super dealloc]; // expected-warning {{The '_propInSub' ivar in 'ClassWithInlinedSuperDealloc' was retained by a synthesized property but not released before '[super dealloc]'}}
#endif
}
@end
@interface SuperClassOfClassWithInlinedSuperDeallocAndInvalidation : NSObject
@property (retain) NSObject *propInSuper;
- (void)invalidate;
@end
@implementation SuperClassOfClassWithInlinedSuperDeallocAndInvalidation
- (void)invalidate {
#if NON_ARC
[_propInSuper release];
#endif
_propInSuper = nil;
}
- (void)dealloc {
[self invalidate];
#if NON_ARC
[super dealloc]; // no-warning
#endif
}
@end
@interface ClassWithInlinedSuperDeallocAndInvalidation : SuperClassOfClassWithInlinedSuperDeallocAndInvalidation
@property (retain) NSObject *propInSub;
@end
@implementation ClassWithInlinedSuperDeallocAndInvalidation
- (void)invalidate {
#if NON_ARC
[_propInSub release];
#endif
[super invalidate];
}
- (void)dealloc {
#if NON_ARC
[super dealloc]; // no-warning
#endif
}
@end
@interface SuperClassOfClassThatEscapesBeforeInliningSuper : NSObject
@property (retain) NSObject *propInSuper;
@end
@implementation SuperClassOfClassThatEscapesBeforeInliningSuper
- (void)dealloc {
#if NON_ARC
[super dealloc]; // expected-warning {{The '_propInSuper' ivar in 'SuperClassOfClassThatEscapesBeforeInliningSuper' was retained by a synthesized property but not released before '[super dealloc]'}}
#endif
}
@end
@interface ClassThatEscapesBeforeInliningSuper : SuperClassOfClassThatEscapesBeforeInliningSuper
@property (retain) NSObject *propInSub;
@end
@interface ClassThatEscapesBeforeInliningSuper (Other)
- (void)invalidate; // No implementation in translation unit.
@end
@implementation ClassThatEscapesBeforeInliningSuper
- (void)dealloc {
[self invalidate];
#if NON_ARC
[super dealloc]; // no-warning
#endif
}
@end
#if NON_ARC
@interface ReleaseIvarInField : NSObject {
int _tag;
union {
NSObject *field1;
NSObject *field2;
} _someUnion;
struct {
NSObject *field1;
} _someStruct;
}
@end
@implementation ReleaseIvarInField
- (void)dealloc {
if (_tag) {
[_someUnion.field1 release];
} else {
[_someUnion.field2 release];
}
[_someStruct.field1 release];
[super dealloc];
}
@end
#endif
#if NON_ARC
@interface ReleaseIvarInArray : NSObject {
NSObject *_array[3];
}
@end
@implementation ReleaseIvarInArray
- (void)dealloc {
for (int i = 0; i < 3; i++) {
[_array[i] release];
}
[super dealloc]; [super dealloc];
}
@end
#endif
// Don't warn about missing releases for subclasses of SenTestCase or
// for classes that are not subclasses of NSObject.
@interface SenTestCase : NSObject {}
@end
@interface MyClassTest : SenTestCase
@property (retain) NSObject *ivar;
@end
@implementation MyClassTest
-(void)tearDown {
#if NON_ARC
[_ivar release];
#endif
}
-(void)dealloc; {
#if NON_ARC
[super dealloc]; // no-warning
#endif #endif
} }
@end
__attribute__((objc_root_class))
@interface NonNSObjectMissingDealloc
@property (retain) NSObject *ivar;
@end
@implementation NonNSObjectMissingDealloc
-(void)dealloc; {
}
@end @end
// CHECK: 4 warnings generated.

test/Analysis/MissingDealloc.m

Show First 20 Lines โ€ข Show All 122 Lines โ€ข โ–ผ Show 20 Lines
@class NSString; @class NSString;
@interface SenTestCase : NSObject {} @interface SenTestCase : NSObject {}
@end @end
@interface MyClassTest : SenTestCase { @interface MyClassTest : SenTestCase {
NSString *resourcePath; NSString *resourcePath;
} }
@property (retain) NSObject *ivar;
@end @end
@interface NSBundle : NSObject {} @interface NSBundle : NSObject {}
+ (NSBundle *)bundleForClass:(Class)aClass; + (NSBundle *)bundleForClass:(Class)aClass;
- (NSString *)resourcePath; - (NSString *)resourcePath;
@end @end
@implementation MyClassTest @implementation MyClassTest
- (void)setUp { - (void)setUp {
resourcePath = [[NSBundle bundleForClass:[self class]] resourcePath]; resourcePath = [[NSBundle bundleForClass:[self class]] resourcePath];
} }
- (void)testXXX { - (void)testXXX {
// do something which uses resourcepath // do something which uses resourcepath
} }
@end @end
//===------------------------------------------------------------------------===
// Don't warn for clases that aren't subclasses of NSObject
__attribute__((objc_root_class))
@interface NonNSObjectMissingDealloc
@property (retain) NSObject *ivar;
@end
@implementation NonNSObjectMissingDealloc
@end
// CHECK: 4 warnings generated. // CHECK: 4 warnings generated.

test/Analysis/PR2978.m

// RUN: %clang_cc1 -analyze -analyzer-checker=core,alpha.core -analyzer-checker=alpha.osx.cocoa.Dealloc %s -verify // RUN: %clang_cc1 -analyze -analyzer-checker=core,alpha.core -analyzer-checker=alpha.osx.cocoa.Dealloc %s -verify
// Tests for the checker which checks missing/extra ivar 'release' calls // Tests for the checker which checks missing/extra ivar 'release' calls
// in dealloc. // in dealloc.
@interface NSObject @interface NSObject
- (void)release; - (void)release;
- dealloc; - (void)dealloc;
@end @end
@interface MyClass : NSObject { @interface MyClass : NSObject {
@private @private
id _X; id _X;
id _Y; id _Y;
id _Z; id _Z;
id _K; id _K;
id _L; id _L;
id _N; id _N;
id _M; id _M;
id _P; id _P;
id _Q; id _Q;
id _R;
id _S;
id _V; id _V;
id _W; id _W;
MyClass *_other;
id _nonPropertyIvar;
} }
@property(retain) id X; @property(retain) id X;
@property(retain) id Y; @property(retain) id Y;
@property(assign) id Z; @property(assign) id Z;
@property(assign) id K; @property(assign) id K;
@property(weak) id L; @property(weak) id L;
@property(readonly) id N; @property(readonly) id N;
@property(retain) id M; @property(retain) id M;
@property(weak) id P; // expected-warning {{'_P' instance variable in 'MyClass' was not retained by a synthesized property but was released in 'dealloc'}} @property(weak) id P;
@property(weak) id Q; @property(weak) id Q;
@property(retain) id R;
@property(weak, readonly) id S;
@property(assign, readonly) id T; // Shadowed in class extension
@property(assign) id U;
@property(retain) id V; @property(retain) id V;
@property(retain) id W; @property(retain) id W;
-(id) O; -(id) O;
-(void) setO: (id) arg; -(void) setO: (id) arg;
@end @end
@interface MyClass ()
// Shadows T to make it readwrite internally but readonly externally.
@property(assign, readwrite) id T;
@end
@implementation MyClass @implementation MyClass
@synthesize X = _X; @synthesize X = _X;
@synthesize Y = _Y; // expected-warning{{The '_Y' instance variable in 'MyClass' was retained by a synthesized property but was not released in 'dealloc'}} @synthesize Y = _Y;
@synthesize Z = _Z; // expected-warning{{The '_Z' instance variable in 'MyClass' was not retained by a synthesized property but was released in 'dealloc'}} @synthesize Z = _Z;
@synthesize K = _K; @synthesize K = _K;
@synthesize L = _L; // no-warning @synthesize L = _L;
@synthesize N = _N; // no-warning @synthesize N = _N;
@synthesize M = _M; @synthesize M = _M;
@synthesize Q = _Q; // expected-warning {{'_Q' instance variable in 'MyClass' was not retained by a synthesized property but was released in 'dealloc'}} @synthesize Q = _Q;
@synthesize R = _R;
@synthesize V = _V; @synthesize V = _V;
@synthesize W = _W; // expected-warning{{The '_W' instance variable in 'MyClass' was retained by a synthesized property but was not released in 'dealloc'}} @synthesize W = _W;
-(id) O{ return 0; } -(id) O{ return 0; }
-(void) setO:(id)arg { } -(void) setO:(id)arg { }
- (id)dealloc
-(void) releaseInHelper {
[_R release]; // no-warning
_R = @"Hi";
}
- (void)dealloc
{ {
[_X release]; [_X release];
[_Z release]; [_Z release]; // expected-warning{{The '_Z' ivar in 'MyClass' was synthesized for an assign, readwrite property but was released in 'dealloc'}}
[_T release]; // no-warning
[_other->_Z release]; // no-warning
[_N release]; [_N release];
self.M = 0; // This will release '_M' self.M = 0; // This will release '_M'
[self setV:0]; // This will release '_V' [self setV:0]; // This will release '_V'
[self setW:@"newW"]; // This will release '_W', but retain the new value [self setW:@"newW"]; // This will release '_W', but retain the new value
[_S release]; // expected-warning {{The '_S' ivar in 'MyClass' was synthesized for a weak property but was released in 'dealloc'}}
self.O = 0; // no-warning self.O = 0; // no-warning
[_Q release]; [_Q release]; // expected-warning {{The '_Q' ivar in 'MyClass' was synthesized for a weak property but was released in 'dealloc'}}
self.P = 0; self.P = 0;
[self releaseInHelper];
[_nonPropertyIvar release]; // no-warning
// Silly, but not an error.
if (!_U)
[_U release];
[super dealloc]; [super dealloc];
return 0; // expected-warning@-1{{The '_Y' ivar in 'MyClass' was retained by a synthesized property but not released before '[super dealloc]'}}
// expected-warning@-2{{The '_W' ivar in 'MyClass' was retained by a synthesized property but not released before '[super dealloc]'}}
} }
@end @end

test/Analysis/properties.m

// RUN: %clang_cc1 -analyze -analyzer-checker=core,osx.cocoa.RetainCount,debug.ExprInspection -analyzer-store=region -verify -Wno-objc-root-class %s // RUN: %clang_cc1 -analyze -analyzer-checker=core,osx.cocoa.RetainCount,alpha.osx.cocoa.Dealloc,debug.ExprInspection -analyzer-store=region -verify -Wno-objc-root-class %s
// RUN: %clang_cc1 -analyze -analyzer-checker=core,osx.cocoa.RetainCount,debug.ExprInspection -analyzer-store=region -verify -Wno-objc-root-class -fobjc-arc %s // RUN: %clang_cc1 -analyze -analyzer-checker=core,osx.cocoa.RetainCount,alpha.osx.cocoa.Dealloc,debug.ExprInspection -analyzer-store=region -verify -Wno-objc-root-class -fobjc-arc %s
void clang_analyzer_eval(int); void clang_analyzer_eval(int);
typedef const void * CFTypeRef; typedef const void * CFTypeRef;
extern CFTypeRef CFRetain(CFTypeRef cf); extern CFTypeRef CFRetain(CFTypeRef cf);
void CFRelease(CFTypeRef cf); void CFRelease(CFTypeRef cf);
typedef signed char BOOL; typedef signed char BOOL;
typedef unsigned int NSUInteger; typedef unsigned int NSUInteger;
typedef struct _NSZone NSZone; typedef struct _NSZone NSZone;
@class NSInvocation, NSMethodSignature, NSCoder, NSString, NSEnumerator; @class NSInvocation, NSMethodSignature, NSCoder, NSString, NSEnumerator;
@protocol NSObject - (BOOL)isEqual:(id)object; @end @protocol NSObject - (BOOL)isEqual:(id)object; @end
@protocol NSCopying - (id)copyWithZone:(NSZone *)zone; @end @protocol NSCopying - (id)copyWithZone:(NSZone *)zone; @end
@protocol NSCoding - (void)encodeWithCoder:(NSCoder *)aCoder; @end @protocol NSCoding - (void)encodeWithCoder:(NSCoder *)aCoder; @end
@protocol NSMutableCopying - (id)mutableCopyWithZone:(NSZone *)zone; @end @protocol NSMutableCopying - (id)mutableCopyWithZone:(NSZone *)zone; @end
@interface NSObject <NSObject> {} @interface NSObject <NSObject> {}
+(id)alloc; +(id)alloc;
-(id)init; -(id)init;
-(id)autorelease; -(id)autorelease;
-(id)copy; -(id)copy;
-(id)retain; -(id)retain;
-(oneway void)release; -(oneway void)release;
-(void)dealloc;
@end @end
@interface NSString : NSObject <NSCopying, NSMutableCopying, NSCoding> @interface NSString : NSObject <NSCopying, NSMutableCopying, NSCoding>
- (NSUInteger)length; - (NSUInteger)length;
-(id)initWithFormat:(NSString *)f,...; -(id)initWithFormat:(NSString *)f,...;
-(BOOL)isEqualToString:(NSString *)s; -(BOOL)isEqualToString:(NSString *)s;
+ (id)string; + (id)string;
@end @end
@interface NSNumber : NSObject {} @interface NSNumber : NSObject {}
โ–ฒ Show 20 Lines โ€ข Show All 100 Lines โ€ข โ–ผ Show 20 Lines@interface Person : NSObject {
NSString *_name; NSString *_name;
} }
@property (retain) NSString * name; @property (retain) NSString * name;
@property (assign) id friend; @property (assign) id friend;
@end @end
@implementation Person @implementation Person
@synthesize name = _name; @synthesize name = _name;
-(void)dealloc {
#if !__has_feature(objc_arc)
self.name = [[NSString alloc] init]; // expected-warning {{leak}}
[super dealloc]; // expected-warning {{The '_name' ivar in 'Person' was retained by a synthesized property but not released before '[super dealloc]}}
#endif
}
@end @end
#if !__has_feature(objc_arc) #if !__has_feature(objc_arc)
void rdar6611873() { void rdar6611873() {
Person *p = [[[Person alloc] init] autorelease]; Person *p = [[[Person alloc] init] autorelease];
p.name = [[NSString string] retain]; // expected-warning {{leak}} p.name = [[NSString string] retain]; // expected-warning {{leak}}
p.name = [[NSString alloc] init]; // expected-warning {{leak}} p.name = [[NSString alloc] init]; // expected-warning {{leak}}
โ–ฒ Show 20 Lines โ€ข Show All 632 Lines โ€ข Show Last 20 Lines