#include "CheckMemoryLeak.h" #include "tokenize.h" #include "CommonCheck.h" #include #include #ifdef __BORLANDC__ #include // <- memset #else #include #endif //--------------------------------------------------------------------------- enum AllocType { No, Malloc, New, NewA }; // Extra allocation.. class AllocFunc { public: const char *funcname; AllocType alloctype; AllocFunc(const char f[], AllocType a) { funcname = f; alloctype = a; } }; static std::list listallocfunc; static AllocType GetAllocationType( const TOKEN *tok2 ) { // What we may have... // * var = (char *)malloc(10); // * var = new char[10]; // * var = strdup("hello"); if ( tok2 && tok2->str[0] == '(' ) { while ( tok2 && tok2->str[0] != ')' ) tok2 = tok2->next; tok2 = tok2 ? tok2->next : NULL; } if ( ! tok2 ) return No; // Does tok2 point on "malloc", "strdup" or "kmalloc".. const char *mallocfunc[] = {"malloc", "calloc", "realloc", "strdup", "kmalloc", "kzalloc", "g_malloc", 0}; for ( unsigned int i = 0; mallocfunc[i]; i++ ) { if ( strcmp(mallocfunc[i], tok2->str) == 0 ) return Malloc; } if ( Match( tok2, "new %type% [;(]" ) ) return New; if ( Match( tok2, "new %type% [" ) ) return NewA; // Userdefined allocation function.. std::list::const_iterator it = listallocfunc.begin(); while ( it != listallocfunc.end() ) { if ( strcmp(tok2->str, it->funcname) == 0 ) return it->alloctype; ++it; } return No; } static AllocType GetDeallocationType( const TOKEN *tok, const char *varnames[] ) { // Redundant condition.. if ( Match(tok, "if ( %var1% )", varnames) ) { tok = gettok( tok, 4 ); if ( Match(tok,"{") ) tok = tok->next; } if ( Match(tok, "delete %var1% ;", varnames) ) return New; if ( Match(tok, "delete [ ] %var1% ;", varnames) ) return NewA; if ( Match(tok, "free ( %var1% ) ;", varnames) || Match(tok, "kfree ( %var1% ) ;", varnames) || Match(tok, "g_free ( %var1% ) ;", varnames) ) { return Malloc; } return No; } //--------------------------------------------------------------------------- static void MismatchError( const TOKEN *Tok1, const char varname[] ) { std::ostringstream errmsg; errmsg << FileLine(Tok1) << ": Mismatching allocation and deallocation: " << varname; ReportErr( errmsg.str() ); } //--------------------------------------------------------------------------- static void MemoryLeak( const TOKEN *tok, const char varname[] ) { std::ostringstream errmsg; errmsg << FileLine(tok) << ": Memory leak: " << varname; ReportErr( errmsg.str() ); } //--------------------------------------------------------------------------- static void CheckMemoryLeak_CheckScope_All( const TOKEN *Tok1, const char varname[] ) { const char *varnames[2]; varnames[0] = varname; varnames[1] = 0; AllocType Alloc = No; int alloc_indentlevel = -1; int dealloc_indentlevel = -1; std::list loop_indentlevel; std::list switch_indentlevel; bool isif = false; int indentlevel = 0; for (const TOKEN *tok = Tok1 ; tok; tok = tok->next ) { if (tok->str[0]=='{') indentlevel++; else if (tok->str[0]=='}') { indentlevel--; if ( indentlevel < 0 ) { if ( Alloc != No ) MemoryLeak( tok, varname ); return; } if ( !loop_indentlevel.empty() && indentlevel <= loop_indentlevel.back() ) loop_indentlevel.pop_back(); if ( !switch_indentlevel.empty() && indentlevel <= switch_indentlevel.back() ) switch_indentlevel.pop_back(); if ( indentlevel < alloc_indentlevel ) alloc_indentlevel = -1; if ( indentlevel < dealloc_indentlevel ) dealloc_indentlevel = -1; } if ( Alloc != No && Match(tok, ". %var% (") ) { bool isused = false; while (tok && !Match(tok, "[;{]")) { if ( Match(tok, "[(,] %var1% [,)]", varnames) ) isused = true; tok = tok->next; } // Don't know what happens, assume that it's deallocated. if ( isused ) { if ( indentlevel == 0 ) return; dealloc_indentlevel = indentlevel; } } // Check subfunction... if (Alloc != No && Match(tok,"[{};] %var% (")) { AllocType dealloc = GetDeallocationType(tok->next, varnames); const char *funcname = getstr( tok, 1 ); if (dealloc==No && strcmp(funcname,"if") && strcmp(funcname,"for") && strcmp(funcname,"while")) { unsigned int param = 0; for (const TOKEN *tok2 = gettok(tok,2); tok2; tok2 = tok2->next) { if ( tok2->str[0] == ';' || tok2->str[0] == ')' ) break; if ( tok2->str[0] == ',' ) param++; if ( Match(tok2, "[(,] %var1% [,)]", varnames) ) { // Find function.. const TOKEN *ftok = GetFunctionTokenByName( funcname ); ftok = gettok(ftok,2); if ( ! ftok ) { // Can't find the function but to avoid false // positives it is assumed that the variable is // deallocated.. // Deallocated at same indentlevel as the allocation => no memory leak if ( alloc_indentlevel == indentlevel ) return; dealloc_indentlevel = indentlevel; } else { // Goto function parameter.. for ( unsigned int fparam = 0; ftok && fparam < param; ftok = ftok->next ) { if ( ftok->str[0] == ',' ) ++fparam; } for ( ; ftok; ftok = ftok->next ) { if ( ! Match(ftok,"%var% [,)]") ) continue; const char *paramname[2] = {0}; paramname[0] = ftok->str; // parse function and check if it deallocates the parameter.. int _indentlevel = 0; while (_indentlevel>=0 && ftok) { if ( ftok->str[0] == '{' ) _indentlevel++; else if ( ftok->str[0] == '}' ) { _indentlevel--; if ( _indentlevel <= 0 ) break; } if ( _indentlevel >= 1 ) { AllocType dealloc = GetDeallocationType(ftok,paramname); if ( dealloc != No ) { if ( Alloc != No && Alloc != dealloc ) { MismatchError( Tok1, varname ); return; } // Deallocated at same indentlevel as the allocation => no memory leak if ( alloc_indentlevel == indentlevel ) return; dealloc_indentlevel = indentlevel; break; } } ftok = ftok->next; } break; } } break; } } } } // for, while set loop level.. if ( Match(tok,"while") || Match(tok,"for") ) loop_indentlevel.push_back( indentlevel ); // switch.. if (Match(tok,"switch")) switch_indentlevel.push_back( indentlevel ); // Skip stuff like: if (!var) ... if ( Match(tok, "if ( ! %var1% )", varnames) || Match(tok, "if ( unlikely ( ! %var1% ) )", varnames) || Match(tok, "if ( %var1% == NULL )", varnames) || Match(tok, "if ( NULL == %var1% )", varnames) || Match(tok, "if ( %var1% == 0 )", varnames) ) { int _indentlevel = 0; while ( tok ) { if ( tok->str[0] == '{' ) _indentlevel++; else if ( tok->str[0] == '}' ) { _indentlevel--; if ( _indentlevel <= 0 ) break; } else if (_indentlevel==0 && tok->str[0]==';') break; tok = tok->next; } } // if.. if ( Match(tok,"if") ) isif = true; if ( strchr(";{}", tok->str[0]) ) isif = false; // Allocated.. if ( Match(tok, "[(;{}] %var1% =", varnames) ) { AllocType alloc = GetAllocationType( gettok(tok, 3) ); if ( alloc != No ) { tok = tok->next; Alloc = alloc; alloc_indentlevel = indentlevel; if ( isif ) { while ( tok ) { if ( tok->str[0] == '{' ) { indentlevel++; } else if ( tok->str[0] == '}' ) { indentlevel--; if ( indentlevel <= alloc_indentlevel ) break; } else if ( tok->str[0] == ';' && indentlevel == alloc_indentlevel ) { break; } tok = tok->next; } } } } // Deallocated.. AllocType dealloc = GetDeallocationType( tok, varnames ); if ( dealloc != No ) { if ( Alloc != No && Alloc != dealloc ) { MismatchError( tok, varname ); return; } // Deallocated at same indentlevel as the allocation => no memory leak if ( alloc_indentlevel == indentlevel ) return; dealloc_indentlevel = indentlevel; while ( tok && tok->str[0] != ';' ) tok = tok->next; } // Used.. // list.push_back( var1 ); // listtail->next = var1; if ( Match( tok, "[=] %var1% [;]", varnames ) ) { return; } if ( Match( tok, "[=,(] ( %type% * ) %var1% [,);]", varnames ) ) { return; } if ( Match( tok, "[=,(] ( %type% %type% * ) %var1% [,);]", varnames ) ) { return; } // Used. Todo: check if "p" is the first member in the struct. // p = &var1->p; if ( Match( tok, "= & %var1% . %var% ;", varnames ) ) { return; } // Linux lists.. todo: check if the first struct member is passed if ( Match( tok, "%var% ( & %var1% .", varnames ) || Match( tok, ", & %var1% .", varnames ) ) { return; } // continue/break loop.. if (Alloc != No && loop_indentlevel.empty() && switch_indentlevel.empty() && (Match(tok,"continue") || Match(tok,"break"))) { MemoryLeak( tok, varname ); return; } // Return without deallocating the memory.. if ( Alloc != No && (indentlevel==0 || (alloc_indentlevel >= 0 && dealloc_indentlevel <= 0)) && Match(tok, "return") ) { bool retvar = false; for ( const TOKEN *tok2 = tok->next; tok2; tok2 = tok2->next ) { if ( Match( tok2, "%var1%", varnames ) ) { retvar = true; break; } if ( tok2->str[0] == ';' ) { break; } } if ( ! retvar ) MemoryLeak( tok, varname ); else { // The allocated memory is returned.. check that it is deallocated // Get function name.. const char *funcname = 0; int indentlevel = 0; for ( const TOKEN *ftok = tokens; ftok && ftok != tok; ftok = ftok->next ) { if ( ftok->str[0] == '{' ) indentlevel++; else if ( ftok->str[0] == '}' ) indentlevel--; if ( indentlevel <= 0 ) { if ( Match(ftok, "[};]") ) funcname = 0; else if ( Match(ftok, "%var% (") ) funcname = ftok->str; } } if ( funcname ) { listallocfunc.push_back( AllocFunc(funcname, Alloc) ); } } if ( indentlevel == 0 ) return; if ( indentlevel <= alloc_indentlevel ) { Alloc = No; alloc_indentlevel = -1; dealloc_indentlevel = -1; } } } } //--------------------------------------------------------------------------- extern bool ShowAll; static TOKEN *getcode(const TOKEN *tok, const char varname[]) { const char *varnames[2]; varnames[0] = varname; varnames[1] = 0; TOKEN *rethead = 0, *rettail = 0; #define addtoken(_str) \ { \ TOKEN *newtok = new TOKEN; \ newtok->str = _str; \ newtok->linenr = tok->linenr; \ newtok->FileIndex = tok->FileIndex; \ newtok->next = 0; \ if (rettail) \ rettail->next = newtok; \ else \ rethead = newtok; \ rettail=newtok; \ } AllocType alloctype = No; AllocType dealloctype = No; int indentlevel = 0; int parlevel = 0; for ( ; tok; tok = tok->next ) { if ( tok->str[0] == '{' ) { addtoken( "{" ); indentlevel++; } else if ( tok->str[0] == '}' ) { addtoken( "}" ); if ( indentlevel <= 0 ) break; indentlevel--; } if ( tok->str[0] == '(' ) parlevel++; else if ( tok->str[0] == ')' ) parlevel--; if ( parlevel == 0 && tok->str[0]==';') addtoken(";"); if (Match(tok, "[(;{}] %var1% = ", varnames)) { AllocType alloc = GetAllocationType(gettok(tok,3)); if ( alloc != No ) { addtoken("alloc"); if (alloctype!=No && alloctype!=alloc) MismatchError(tok, varname); if (dealloctype!=No && dealloctype!=alloc) MismatchError(tok, varname); alloctype = alloc; } } AllocType dealloc = GetDeallocationType(tok, varnames); if ( dealloc != No ) { addtoken("dealloc"); if (alloctype!=No && alloctype!=dealloc) MismatchError(tok, varname); if (dealloctype!=No && dealloctype!=dealloc) MismatchError(tok, varname); dealloctype = dealloc; } static const int SIZE = 6; const char *str[SIZE] = {"if","else","for","while","switch","return"}; for (int i = 0; i < SIZE; ++i) { if (strcmp(tok->str, str[i])==0) addtoken(tok->str); } // Return.. if ( Match(tok, "return %var1%", varnames) || Match(tok, "return & %var1%", varnames) ) addtoken("use"); // Assignment.. if ( Match(tok,"[)=] %var1%", varnames) ) addtoken("use"); // Function parameter.. if ( Match(tok, "[(,] %var1% [,)]", varnames) ) addtoken("use"); // Linux lists.. if ( Match( tok, "[=(,] & %var1% [.[]", varnames ) ) addtoken("use"); } return rethead; } static void eraseNext(TOKEN *tok) { if ( tok && tok->next ) { TOKEN *next = tok->next; tok->next = tok->next->next; delete next; } } // Simpler but less powerful than "CheckMemoryLeak_CheckScope_All" static void CheckMemoryLeak_CheckScope( const TOKEN *Tok1, const char varname[] ) { if ( ShowAll ) { CheckMemoryLeak_CheckScope_All(Tok1, varname); return; } TOKEN *tok = getcode( Tok1, varname ); // If the variable is not allocated at all => no memory leak if (findmatch(tok, "alloc") == 0) { deleteTokens(tok); return; } // reduce the code.. bool done = false; while ( ! done ) { done = true; for (TOKEN *tok2 = tok ; tok2; tok2 = tok2->next ) { while (Match(tok2,"[;{}] ;")) { eraseNext(tok2); done = false; } // Delete else { } if ( Match(tok2->next, "else { }") ) { eraseNext(tok2); eraseNext(tok2); eraseNext(tok2); done = false; } } } if ( findmatch(tok,"alloc ; return ;") ) { MemoryLeak(gettok(findmatch(tok,"alloc ; return ;"),2), varname); } else if ( ! findmatch(tok,"dealloc") && ! findmatch(tok,"use") && ! findmatch(tok,"return use ;") ) { const TOKEN *last = tok; while (last->next) last = last->next; MemoryLeak(last, varname); } deleteTokens(tok); } //--------------------------------------------------------------------------- //--------------------------------------------------------------------------- // Checks for memory leaks inside function.. //--------------------------------------------------------------------------- static void CheckMemoryLeak_InFunction() { bool infunc = false; int indentlevel = 0; for (const TOKEN *tok = tokens; tok; tok = tok->next) { if (tok->str[0]=='{') indentlevel++; else if (tok->str[0]=='}') indentlevel--; // In function.. if ( indentlevel == 0 ) { if ( Match(tok, ") {") ) infunc = true; if ( Match(tok, "[;}]") ) infunc = false; } // Declare a local variable => Check if (indentlevel>0 && infunc) { if ( Match(tok, "[{};] %type% * %var% [;=]") ) CheckMemoryLeak_CheckScope( tok->next, getstr(tok, 3) ); else if ( Match(tok, "[{};] %type% %type% * %var% [;=]") ) CheckMemoryLeak_CheckScope( tok->next, getstr(tok, 4) ); } } } //--------------------------------------------------------------------------- //--------------------------------------------------------------------------- // Checks for memory leaks in classes.. //--------------------------------------------------------------------------- static void CheckMemoryLeak_ClassMembers_ParseClass( const TOKEN *tok1, std::vector &classname ); static void CheckMemoryLeak_ClassMembers_Variable( const std::vector &classname, const char varname[] ); static void CheckMemoryLeak_ClassMembers() { int indentlevel = 0; for ( const TOKEN *tok = tokens; tok; tok = tok->next ) { if ( tok->str[0] == '{' ) indentlevel++; else if ( tok->str[0] == '}' ) indentlevel--; else if ( indentlevel == 0 && Match(tok, "class %var% [{:]") ) { std::vector classname; classname.push_back( getstr(tok, 1) ); CheckMemoryLeak_ClassMembers_ParseClass( tok, classname ); } } } static void CheckMemoryLeak_ClassMembers_ParseClass( const TOKEN *tok1, std::vector &classname ) { // Go into class. while ( tok1 && tok1->str[0] != '{' ) tok1 = tok1->next; if ( tok1 ) tok1 = tok1->next; int indentlevel = 0; for ( const TOKEN *tok = tok1; tok; tok = tok->next ) { if ( tok->str[0] == '{' ) indentlevel++; else if ( tok->str[0] == '}' ) { indentlevel--; if ( indentlevel < 0 ) return; } // Only parse this particular class.. not subclasses if ( indentlevel > 0 ) continue; // Declaring subclass.. recursive checking if ( Match(tok, "class %var% [{:]") ) { classname.push_back( getstr(tok, 1) ); CheckMemoryLeak_ClassMembers_ParseClass( tok, classname ); classname.pop_back(); } // Declaring member variable.. check allocations and deallocations if ( Match(tok->next, "%type% * %var% ;") ) { if ( IsName(tok->str) || strchr(";}", tok->str[0]) ) CheckMemoryLeak_ClassMembers_Variable( classname, getstr(tok, 3) ); } } } static void CheckMemoryLeak_ClassMembers_Variable( const std::vector &classname, const char varname[] ) { // Function pattern.. Check if member function char fpattern[500] = {0}; for ( unsigned int i = 0; i < classname.size(); i++ ) { strcat( fpattern, classname[i] ); strcat( fpattern, " :: " ); } strcat( fpattern, "%var% (" ); // Destructor pattern.. Check if class destructor.. char destructor[500] = {0}; for ( unsigned int i = 0; i < classname.size(); i++ ) { strcat( destructor, classname[i] ); strcat( destructor, " :: " ); } strcat( destructor, " ~" ); strcat( destructor, classname.back() ); strcat( destructor, " (" ); // Pattern used in member function. "Var = ..." std::ostringstream varname_eq; varname_eq << varname << " ="; // Full variable name.. std::ostringstream FullVariableName; for ( unsigned int i = 0; i < classname.size(); i++ ) FullVariableName << classname[i] << "::"; FullVariableName << varname; // Check if member variable has been allocated and deallocated.. AllocType Alloc = No; AllocType Dealloc = No; // Loop through all tokens. Inspect member functions bool memberfunction = false; int indentlevel = 0; for ( const TOKEN *tok = tokens; tok; tok = tok->next ) { if ( tok->str[0] == '{' ) indentlevel++; else if ( tok->str[0] == '}' ) indentlevel--; // Set the 'memberfunction' variable.. if ( indentlevel == 0 ) { if ( strchr(";}", tok->str[0]) ) memberfunction = false; else if ( Match( tok, fpattern ) || Match( tok, destructor ) ) memberfunction = true; } // Parse member function.. if ( indentlevel > 0 && memberfunction ) { // Allocate.. if ( Match( tok, varname_eq.str().c_str() ) ) { AllocType alloc = GetAllocationType( gettok( tok, 2 ) ); if ( alloc != No ) { if ( Dealloc != No && Dealloc != alloc ) MismatchError( tok, FullVariableName.str().c_str() ); if ( Alloc != No && Alloc != alloc ) MismatchError( tok, FullVariableName.str().c_str() ); Alloc = alloc; } } // Deallocate.. const char *varnames[2] = { "var", 0 }; varnames[0] = varname; AllocType dealloc = GetDeallocationType( tok, varnames ); if ( dealloc != No ) { if ( Dealloc != No && Dealloc != dealloc ) MismatchError( tok, FullVariableName.str().c_str() ); if ( Alloc != No && Alloc != dealloc ) MismatchError( tok, FullVariableName.str().c_str() ); Dealloc = dealloc; } } } if ( Alloc != No && Dealloc == No ) { MemoryLeak( tokens, FullVariableName.str().c_str() ); } } //--------------------------------------------------------------------------- // Checks for memory leaks.. //--------------------------------------------------------------------------- void CheckMemoryLeak() { listallocfunc.clear(); // Check for memory leaks inside functions.. CheckMemoryLeak_InFunction(); // Check that all class members are deallocated.. CheckMemoryLeak_ClassMembers(); } //---------------------------------------------------------------------------