memory leak: improved the checking. subfunctions are parsed. redundant conditions are skipped
This commit is contained in:
parent
81bcde9ed0
commit
ff6adcbeff
|
@ -83,6 +83,14 @@ static AllocType GetAllocationType( const TOKEN *tok2 )
|
||||||
|
|
||||||
static AllocType GetDeallocationType( const TOKEN *tok, const char *varnames[] )
|
static AllocType GetDeallocationType( const TOKEN *tok, const char *varnames[] )
|
||||||
{
|
{
|
||||||
|
// Redundant condition..
|
||||||
|
if ( Match(tok, "if ( %var1% )", varnames) )
|
||||||
|
{
|
||||||
|
tok = gettok( tok, 4 );
|
||||||
|
if ( Match(tok,"{") )
|
||||||
|
tok = tok->next;
|
||||||
|
}
|
||||||
|
|
||||||
if ( Match(tok, "delete %var1% ;", varnames) )
|
if ( Match(tok, "delete %var1% ;", varnames) )
|
||||||
return New;
|
return New;
|
||||||
|
|
||||||
|
@ -156,8 +164,84 @@ static void CheckMemoryLeak_CheckScope( const TOKEN *Tok1, const char varname[]
|
||||||
dealloc_indentlevel = -1;
|
dealloc_indentlevel = -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Check subfunction...
|
||||||
|
if (Alloc != No && Match(tok,"[{};] %var% ("))
|
||||||
|
{
|
||||||
|
const char *funcname = getstr( tok, 1 );
|
||||||
|
|
||||||
|
unsigned int param = 0;
|
||||||
|
for (const TOKEN *tok2 = gettok(tok,2); tok2; tok2 = tok2->next)
|
||||||
|
{
|
||||||
|
if ( tok2->str[0] == ';' )
|
||||||
|
break;
|
||||||
|
if ( tok2->str[0] == ',' )
|
||||||
|
param++;
|
||||||
|
|
||||||
|
if ( Match(tok2, "[(,] %var1% [,)]", varnames) )
|
||||||
|
{
|
||||||
|
// Find function..
|
||||||
|
const TOKEN *ftok = GetFunctionTokenByName( funcname );
|
||||||
|
ftok = gettok(ftok,2);
|
||||||
|
if ( ! ftok )
|
||||||
|
break;
|
||||||
|
|
||||||
|
// Goto function parameter..
|
||||||
|
for ( unsigned int fparam = 0; ftok && fparam < param; ftok = ftok->next )
|
||||||
|
{
|
||||||
|
if ( ftok->str[0] == ',' )
|
||||||
|
++fparam;
|
||||||
|
}
|
||||||
|
for ( ; ftok; ftok = ftok->next )
|
||||||
|
{
|
||||||
|
if ( ! Match(ftok,"%var% [,)]") )
|
||||||
|
continue;
|
||||||
|
|
||||||
|
const char *paramname[2] = {0};
|
||||||
|
paramname[0] = ftok->str;
|
||||||
|
// parse function and check if it deallocates the parameter..
|
||||||
|
int _indentlevel = 0;
|
||||||
|
while (_indentlevel>=0 && ftok)
|
||||||
|
{
|
||||||
|
if ( ftok->str[0] == '{' )
|
||||||
|
_indentlevel++;
|
||||||
|
else if ( ftok->str[0] == '}' )
|
||||||
|
{
|
||||||
|
_indentlevel--;
|
||||||
|
if ( _indentlevel <= 0 )
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( _indentlevel >= 1 )
|
||||||
|
{
|
||||||
|
AllocType dealloc = GetDeallocationType(ftok,paramname);
|
||||||
|
if ( dealloc != No )
|
||||||
|
{
|
||||||
|
if ( Alloc != No && Alloc != dealloc )
|
||||||
|
{
|
||||||
|
MismatchError( Tok1, varname );
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Deallocated at same indentlevel as the allocation => no memory leak
|
||||||
|
if ( alloc_indentlevel == indentlevel )
|
||||||
|
return;
|
||||||
|
|
||||||
|
dealloc_indentlevel = indentlevel;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
ftok = ftok->next;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// for, while set loop level..
|
// for, while set loop level..
|
||||||
if ( alloc_indentlevel >= 0 && (Match(tok,"while") || Match(tok,"for")) )
|
if ( Match(tok,"while") || Match(tok,"for") )
|
||||||
loop_indentlevel.push_back( indentlevel );
|
loop_indentlevel.push_back( indentlevel );
|
||||||
|
|
||||||
// Skip stuff like: if (!var) ...
|
// Skip stuff like: if (!var) ...
|
||||||
|
@ -247,8 +331,7 @@ static void CheckMemoryLeak_CheckScope( const TOKEN *Tok1, const char varname[]
|
||||||
// Used..
|
// Used..
|
||||||
// list.push_back( var1 );
|
// list.push_back( var1 );
|
||||||
// listtail->next = var1;
|
// listtail->next = var1;
|
||||||
// foo( var1 );
|
if ( Match( tok, "[=] %var1% [;]", varnames ) )
|
||||||
if ( Match( tok, "[=,(] %var1% [,);]", varnames ) )
|
|
||||||
{
|
{
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
300
tests.cpp
300
tests.cpp
|
@ -167,28 +167,28 @@ static void buffer_overrun()
|
||||||
|
|
||||||
|
|
||||||
code = "static void f()\n"
|
code = "static void f()\n"
|
||||||
"{\n"
|
"{\n"
|
||||||
" char data[1];\n"
|
" char data[1];\n"
|
||||||
" return abc.data[1];\n"
|
" return abc.data[1];\n"
|
||||||
"}\n";
|
"}\n";
|
||||||
check( CheckBufferOverrun, __LINE__, code, "" );
|
check( CheckBufferOverrun, __LINE__, code, "" );
|
||||||
|
|
||||||
|
|
||||||
// TODO
|
// TODO
|
||||||
/*
|
/*
|
||||||
code = "static void memclr( char *data, const int bytes )\n"
|
code = "static void memclr( char *data, const int bytes )\n"
|
||||||
"{\n"
|
"{\n"
|
||||||
" for (int i = 0; i < bytes; i++)\n"
|
" for (int i = 0; i < bytes; i++)\n"
|
||||||
" data[i] = 0;\n"
|
" data[i] = 0;\n"
|
||||||
"}\n"
|
"}\n"
|
||||||
"\n"
|
"\n"
|
||||||
"static void f()\n"
|
"static void f()\n"
|
||||||
"{\n"
|
"{\n"
|
||||||
" char str[5];\n"
|
" char str[5];\n"
|
||||||
" memclr( str, 5 ); // OK\n"
|
" memclr( str, 5 ); // OK\n"
|
||||||
" memclr( str+1, 5 ); // ERROR\n"
|
" memclr( str+1, 5 ); // ERROR\n"
|
||||||
" memclr( str, 6 ); // ERROR\n"
|
" memclr( str, 6 ); // ERROR\n"
|
||||||
"}\n";
|
"}\n";
|
||||||
check( CheckBufferOverrun, __LINE__, code, "" );
|
check( CheckBufferOverrun, __LINE__, code, "" );
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
@ -259,14 +259,14 @@ static void buffer_overrun()
|
||||||
|
|
||||||
|
|
||||||
code = "struct ABC\n"
|
code = "struct ABC\n"
|
||||||
"{\n"
|
"{\n"
|
||||||
" char str[10];\n"
|
" char str[10];\n"
|
||||||
"};\n"
|
"};\n"
|
||||||
"\n"
|
"\n"
|
||||||
"static void f(ABC *abc)\n"
|
"static void f(ABC *abc)\n"
|
||||||
"{\n"
|
"{\n"
|
||||||
" abc->str[10] = 0;\n"
|
" abc->str[10] = 0;\n"
|
||||||
"}\n";
|
"}\n";
|
||||||
check( CheckBufferOverrun, __LINE__, code, "[test.cpp:8]: Array index out of bounds\n" );
|
check( CheckBufferOverrun, __LINE__, code, "[test.cpp:8]: Array index out of bounds\n" );
|
||||||
|
|
||||||
|
|
||||||
|
@ -288,51 +288,51 @@ static void buffer_overrun()
|
||||||
|
|
||||||
|
|
||||||
code = "static void memclr( char *data )\n"
|
code = "static void memclr( char *data )\n"
|
||||||
"{\n"
|
"{\n"
|
||||||
" data[10] = 0;\n"
|
" data[10] = 0;\n"
|
||||||
"}\n"
|
"}\n"
|
||||||
"\n"
|
"\n"
|
||||||
"static void f()\n"
|
"static void f()\n"
|
||||||
"{\n"
|
"{\n"
|
||||||
" char str[5];\n"
|
" char str[5];\n"
|
||||||
" memclr( str ); // ERROR\n"
|
" memclr( str ); // ERROR\n"
|
||||||
"}\n";
|
"}\n";
|
||||||
check( CheckBufferOverrun, __LINE__, code, "[test.cpp:9] -> [test.cpp:3]: Array index out of bounds\n" );
|
check( CheckBufferOverrun, __LINE__, code, "[test.cpp:9] -> [test.cpp:3]: Array index out of bounds\n" );
|
||||||
|
|
||||||
|
|
||||||
code = "struct ABC\n"
|
code = "struct ABC\n"
|
||||||
"{\n"
|
"{\n"
|
||||||
" char str[10];\n"
|
" char str[10];\n"
|
||||||
"};\n"
|
"};\n"
|
||||||
"\n"
|
"\n"
|
||||||
"static void memclr( char *data )\n"
|
"static void memclr( char *data )\n"
|
||||||
"{\n"
|
"{\n"
|
||||||
" data[10] = 0;\n"
|
" data[10] = 0;\n"
|
||||||
"}\n"
|
"}\n"
|
||||||
"\n"
|
"\n"
|
||||||
"static void f(ABC *abc)\n"
|
"static void f(ABC *abc)\n"
|
||||||
"{\n"
|
"{\n"
|
||||||
" memclr(abc->str);\n"
|
" memclr(abc->str);\n"
|
||||||
"}\n";
|
"}\n";
|
||||||
check( CheckBufferOverrun, __LINE__, code, "[test.cpp:13] -> [test.cpp:8]: Array index out of bounds\n" );
|
check( CheckBufferOverrun, __LINE__, code, "[test.cpp:13] -> [test.cpp:8]: Array index out of bounds\n" );
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
code = "class ABC\n"
|
code = "class ABC\n"
|
||||||
"{\n"
|
"{\n"
|
||||||
"public:\n"
|
"public:\n"
|
||||||
" ABC();\n"
|
" ABC();\n"
|
||||||
" char *str[10];\n"
|
" char *str[10];\n"
|
||||||
" struct ABC *next;"
|
" struct ABC *next;"
|
||||||
"};\n"
|
"};\n"
|
||||||
"\n"
|
"\n"
|
||||||
"static void f()\n"
|
"static void f()\n"
|
||||||
"{\n"
|
"{\n"
|
||||||
" for ( ABC *abc = abc1; abc; abc = abc->next )\n"
|
" for ( ABC *abc = abc1; abc; abc = abc->next )\n"
|
||||||
" {\n"
|
" {\n"
|
||||||
" abc->str[10] = 0;\n"
|
" abc->str[10] = 0;\n"
|
||||||
" }\n"
|
" }\n"
|
||||||
"}\n";
|
"}\n";
|
||||||
check( CheckBufferOverrun, __LINE__, code, "[test.cpp:12]: Array index out of bounds\n" );
|
check( CheckBufferOverrun, __LINE__, code, "[test.cpp:12]: Array index out of bounds\n" );
|
||||||
|
|
||||||
|
|
||||||
|
@ -369,14 +369,14 @@ static void buffer_overrun()
|
||||||
|
|
||||||
|
|
||||||
code = "struct ABC\n"
|
code = "struct ABC\n"
|
||||||
"{\n"
|
"{\n"
|
||||||
" char str[5];\n"
|
" char str[5];\n"
|
||||||
"};\n"
|
"};\n"
|
||||||
"\n"
|
"\n"
|
||||||
"static void f(ABC *abc)\n"
|
"static void f(ABC *abc)\n"
|
||||||
"{\n"
|
"{\n"
|
||||||
" strcpy( abc->str, \"abcdef\" );\n"
|
" strcpy( abc->str, \"abcdef\" );\n"
|
||||||
"}\n";
|
"}\n";
|
||||||
check( CheckBufferOverrun, __LINE__, code, "[test.cpp:8]: Buffer overrun\n" );
|
check( CheckBufferOverrun, __LINE__, code, "[test.cpp:8]: Buffer overrun\n" );
|
||||||
|
|
||||||
|
|
||||||
|
@ -492,19 +492,19 @@ static void memleak_in_function()
|
||||||
|
|
||||||
|
|
||||||
code = "static char *f()\n"
|
code = "static char *f()\n"
|
||||||
"{\n"
|
"{\n"
|
||||||
" char *s = new char[100];\n"
|
" char *s = new char[100];\n"
|
||||||
" return (char *)s;\n"
|
" return (char *)s;\n"
|
||||||
"}\n";
|
"}\n";
|
||||||
check( CheckMemoryLeak, __LINE__, code, "" );
|
check( CheckMemoryLeak, __LINE__, code, "" );
|
||||||
|
|
||||||
|
|
||||||
code = "static void f()\n"
|
code = "static void f()\n"
|
||||||
"{\n"
|
"{\n"
|
||||||
" char *str = strdup(\"hello\");\n"
|
" char *str = strdup(\"hello\");\n"
|
||||||
" char *str2 = (char *)str;\n"
|
" char *str2 = (char *)str;\n"
|
||||||
" free(str2);\n"
|
" free(str2);\n"
|
||||||
"}\n";
|
"}\n";
|
||||||
check( CheckMemoryLeak, __LINE__, code, "" );
|
check( CheckMemoryLeak, __LINE__, code, "" );
|
||||||
|
|
||||||
|
|
||||||
|
@ -521,7 +521,7 @@ static void memleak_in_function()
|
||||||
" int *a = new int[10];\n"
|
" int *a = new int[10];\n"
|
||||||
" if (a)\n"
|
" if (a)\n"
|
||||||
" {\n"
|
" {\n"
|
||||||
" delete a;\n"
|
" delete [] a;\n"
|
||||||
" }\n"
|
" }\n"
|
||||||
"}\n";
|
"}\n";
|
||||||
check( CheckMemoryLeak, __LINE__, code, "" );
|
check( CheckMemoryLeak, __LINE__, code, "" );
|
||||||
|
@ -584,14 +584,14 @@ static void memleak_in_function()
|
||||||
*/
|
*/
|
||||||
|
|
||||||
code = "static char *f()\n"
|
code = "static char *f()\n"
|
||||||
"{\n"
|
"{\n"
|
||||||
" char *s = new char[100];\n"
|
" char *s = new char[100];\n"
|
||||||
" if ( a == b )\n"
|
" if ( a == b )\n"
|
||||||
" {\n"
|
" {\n"
|
||||||
" return s;\n"
|
" return s;\n"
|
||||||
" }\n"
|
" }\n"
|
||||||
" return NULL;\n"
|
" return NULL;\n"
|
||||||
"}\n";
|
"}\n";
|
||||||
check( CheckMemoryLeak, __LINE__, code, "[test.cpp:8]: Memory leak: s\n" );
|
check( CheckMemoryLeak, __LINE__, code, "[test.cpp:8]: Memory leak: s\n" );
|
||||||
|
|
||||||
|
|
||||||
|
@ -619,18 +619,6 @@ static void memleak_in_function()
|
||||||
check( CheckMemoryLeak, __LINE__, code, "" );
|
check( CheckMemoryLeak, __LINE__, code, "" );
|
||||||
|
|
||||||
|
|
||||||
/* TODO
|
|
||||||
code = "void f()\n"
|
|
||||||
"{\n"
|
|
||||||
" char *str;\n"
|
|
||||||
" for (int i = 0; i < 10; ++i)\n"
|
|
||||||
" str = strdup(\"hello\");\n"
|
|
||||||
" free(str);\n"
|
|
||||||
"}\n";
|
|
||||||
check( CheckMemoryLeak, __LINE__, code, "[test.cpp:5]: Memory leak: str" );
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
code = "void f()\n"
|
code = "void f()\n"
|
||||||
"{\n"
|
"{\n"
|
||||||
" for (int i = 0; i < j; i++)\n"
|
" for (int i = 0; i < j; i++)\n"
|
||||||
|
@ -674,25 +662,25 @@ static void memleak_in_function()
|
||||||
|
|
||||||
|
|
||||||
code = "static char *f()\n"
|
code = "static char *f()\n"
|
||||||
"{\n"
|
"{\n"
|
||||||
" Fred *fred = new Fred;\n"
|
" Fred *fred = new Fred;\n"
|
||||||
" // fred is deleted automaticly\n"
|
" // fred is deleted automaticly\n"
|
||||||
"}\n";
|
"}\n";
|
||||||
check( CheckMemoryLeak, __LINE__, code, "" );
|
check( CheckMemoryLeak, __LINE__, code, "" );
|
||||||
|
|
||||||
|
|
||||||
code = "struct abc\n"
|
code = "struct abc\n"
|
||||||
"{\n"
|
"{\n"
|
||||||
" int a;\n"
|
" int a;\n"
|
||||||
" int b;\n"
|
" int b;\n"
|
||||||
" int c;\n"
|
" int c;\n"
|
||||||
"}\n"
|
"}\n"
|
||||||
"\n"
|
"\n"
|
||||||
"static void f()\n"
|
"static void f()\n"
|
||||||
"{\n"
|
"{\n"
|
||||||
" struct abc *abc1 = new abc;\n"
|
" struct abc *abc1 = new abc;\n"
|
||||||
" p = &abc1->a;\n" // p may be part of a garbage collector
|
" p = &abc1->a;\n" // p may be part of a garbage collector
|
||||||
"}\n";
|
"}\n";
|
||||||
check( CheckMemoryLeak, __LINE__, code, "" );
|
check( CheckMemoryLeak, __LINE__, code, "" );
|
||||||
|
|
||||||
|
|
||||||
|
@ -722,24 +710,24 @@ static void memleak_in_function()
|
||||||
|
|
||||||
|
|
||||||
code = "static char *f()\n"
|
code = "static char *f()\n"
|
||||||
"{\n"
|
"{\n"
|
||||||
" Fred *fred = new Fred;\n"
|
" Fred *fred = new Fred;\n"
|
||||||
" free( fred->Name );\n"
|
" free( fred->Name );\n"
|
||||||
"}\n";
|
"}\n";
|
||||||
check( CheckMemoryLeak, __LINE__, code, "[test.cpp:3]: Memory leak: fred\n" );
|
check( CheckMemoryLeak, __LINE__, code, "[test.cpp:3]: Memory leak: fred\n" );
|
||||||
|
|
||||||
|
|
||||||
/* TODO
|
/* TODO
|
||||||
code = "struct Fred\n"
|
code = "struct Fred\n"
|
||||||
"{\n"
|
"{\n"
|
||||||
" char *str;\n"
|
" char *str;\n"
|
||||||
"}\n"
|
"}\n"
|
||||||
"\n"
|
"\n"
|
||||||
"void f()\n"
|
"void f()\n"
|
||||||
"{\n"
|
"{\n"
|
||||||
" Fred f;\n"
|
" Fred f;\n"
|
||||||
" f.str = strdup(\"aa\");\n"
|
" f.str = strdup(\"aa\");\n"
|
||||||
"}\n";
|
"}\n";
|
||||||
check( CheckMemoryLeak, __LINE__, code, "[test.cpp:9]: Memory leak: f.str\n" );
|
check( CheckMemoryLeak, __LINE__, code, "[test.cpp:9]: Memory leak: f.str\n" );
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
@ -755,28 +743,40 @@ static void memleak_in_function()
|
||||||
|
|
||||||
|
|
||||||
code = "static char *dmalloc()\n"
|
code = "static char *dmalloc()\n"
|
||||||
"{\n"
|
"{\n"
|
||||||
" char *p = new char[100];\n"
|
" char *p = new char[100];\n"
|
||||||
" return p;\n"
|
" return p;\n"
|
||||||
"}\n"
|
"}\n"
|
||||||
"static void f()\n"
|
"static void f()\n"
|
||||||
"{\n"
|
"{\n"
|
||||||
" char *p = dmalloc();\n"
|
" char *p = dmalloc();\n"
|
||||||
"}\n";
|
"}\n";
|
||||||
check( CheckMemoryLeak, __LINE__, code, "[test.cpp:8]: Memory leak: p\n" );
|
check( CheckMemoryLeak, __LINE__, code, "[test.cpp:8]: Memory leak: p\n" );
|
||||||
|
|
||||||
|
|
||||||
code = "static char *dmalloc()\n"
|
code = "static char *dmalloc()\n"
|
||||||
"{\n"
|
"{\n"
|
||||||
" char *p = new char[100];\n"
|
" char *p = new char[100];\n"
|
||||||
" return p;\n"
|
" return p;\n"
|
||||||
"}\n"
|
"}\n"
|
||||||
"static void f()\n"
|
"static void f()\n"
|
||||||
"{\n"
|
"{\n"
|
||||||
" char *p = dmalloc();\n"
|
" char *p = dmalloc();\n"
|
||||||
" delete p;\n"
|
" delete p;\n"
|
||||||
"}\n";
|
"}\n";
|
||||||
check( CheckMemoryLeak, __LINE__, code, "[test.cpp:8]: Mismatching allocation and deallocation: p\n" );
|
check( CheckMemoryLeak, __LINE__, code, "[test.cpp:8]: Mismatching allocation and deallocation: p\n" );
|
||||||
|
|
||||||
|
|
||||||
|
code = "static void foo(const char *str)\n"
|
||||||
|
"{ }\n"
|
||||||
|
"\n"
|
||||||
|
"static void f()\n"
|
||||||
|
"{\n"
|
||||||
|
" char *p = new char[100];\n"
|
||||||
|
" foo(p);\n"
|
||||||
|
"}\n";
|
||||||
|
check( CheckMemoryLeak, __LINE__, code, "[test.cpp:6]: Memory leak: p\n" );
|
||||||
|
|
||||||
}
|
}
|
||||||
//---------------------------------------------------------------------------
|
//---------------------------------------------------------------------------
|
||||||
|
|
||||||
|
@ -1015,13 +1015,13 @@ static void variable_scope()
|
||||||
|
|
||||||
|
|
||||||
code = "static void f()\n"
|
code = "static void f()\n"
|
||||||
"{\n"
|
"{\n"
|
||||||
" TPoint p1;\n"
|
" TPoint p1;\n"
|
||||||
" for (i=0;i<10;i++)\n"
|
" for (i=0;i<10;i++)\n"
|
||||||
" {\n"
|
" {\n"
|
||||||
" p1=point(i,i);\n"
|
" p1=point(i,i);\n"
|
||||||
" }\n"
|
" }\n"
|
||||||
"}\n";
|
"}\n";
|
||||||
check( CheckVariableScope, __LINE__, code, "" );
|
check( CheckVariableScope, __LINE__, code, "" );
|
||||||
}
|
}
|
||||||
//---------------------------------------------------------------------------
|
//---------------------------------------------------------------------------
|
||||||
|
|
Loading…
Reference in New Issue