/*
 * Cppcheck - A tool for static C/C++ code analysis
 * Copyright (C) 2007-2011 Daniel Marjamäki and Cppcheck team.
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */


#include "checkmemoryleak.h"
#include "mathlib.h"
#include "tokenize.h"
#include "executionpath.h"

#include <algorithm>
#include <cstring>
#include <cstdlib>
#include <iostream>
#include <sstream>
#include <set>
#include <stack>

//---------------------------------------------------------------------------

// Register this check class (by creating a static instance of it)
namespace
{
CheckMemoryLeakInFunction instance1;
CheckMemoryLeakInClass instance2;
CheckMemoryLeakStructMember instance3;
CheckMemoryLeakNoVar instance4;
}


// This list needs to be alphabetically sorted so we can run bsearch on it.
// This list contains function names whith const parameters e.g.: atof(const char *)
// Reference: http://www.aquaphoenix.com/ref/gnu_c_library/libc_492.html#SEC492
static const char * const call_func_white_list[] =
{
    "_open", "_wopen", "access", "asctime", "asctime_r", "asprintf", "assert"
    , "atof", "atoi", "atol", "chdir", "chmod", "chown"
    , "clearerr", "ctime", "ctime_r", "delete", "fchmod", "fclose", "fcntl"
    , "fdatasync", "feof", "ferror", "fflush", "fgetc", "fgetpos", "fgets"
    , "flock", "for", "fprintf", "fputc", "fputs", "fread", "free", "freopen", "fscanf", "fseek"
    , "fseeko", "fsetpos", "fstat", "fsync", "ftell", "ftello", "ftruncate"
    , "fwrite", "getc", "gets", "gmtime", "gmtime_r", "if", "ioctl"
    , "localtime", "localtime_r"
    , "lockf", "lseek", "lstat", "memchr", "memcmp", "memcpy", "memmove", "memset", "open"
    , "perror", "posix_fadvise", "posix_fallocate", "pread"
    , "printf", "puts", "pwrite", "qsort", "read", "readahead", "readdir", "readdir_r", "readv"
    , "realloc", "remove", "rename", "return", "rewind", "rewinddir", "rindex" ,"rmdir" ,"scandir", "scanf", "seekdir"
    , "setbuf", "setbuffer", "sethostname", "setlinebuf", "setlocale" ,"setvbuf", "snprintf", "sprintf", "sscanf"
    , "stat", "stpcpy", "strcasecmp", "strcat", "strchr", "strcmp", "strcoll"
    , "strcpy", "strcspn", "strdup", "stricmp", "strlen", "strncasecmp", "strncat", "strncmp"
    , "strncpy", "strpbrk","strrchr", "strspn", "strstr", "strtod", "strtol", "strtoul", "switch"
    , "symlink", "sync_file_range", "system", "telldir", "tempnam","time", "typeid", "unlink"
    , "utime", "utimes" ,"vasprintf", "vfprintf", "vfscanf", "vprintf"
    , "vscanf", "vsnprintf", "vsprintf", "vsscanf", "while", "write", "writev"
};

static int call_func_white_list_compare(const void *a, const void *b)
{
    return strcmp((const char *)a, *(const char **)b);
}

//---------------------------------------------------------------------------

bool CheckMemoryLeak::isclass(const Tokenizer *_tokenizer, const Token *tok) const
{
    if (tok->isStandardType())
        return false;

    // return false if the type is a simple struct without member functions
    const std::string pattern("struct " + tok->str() + " {");
    const Token *tok2 = Token::findmatch(_tokenizer->tokens(), pattern.c_str());
    if (tok2)
    {
        while (tok2 && tok2->str() != "}" && tok2->str() != "(")
            tok2 = tok2->next();

        // Simple struct => return false
        if (tok2 && tok2->str() == "}")
            return false;
    }

    return true;
}
//---------------------------------------------------------------------------

CheckMemoryLeak::AllocType CheckMemoryLeak::getAllocationType(const Token *tok2, unsigned int varid) const
{
    // What we may have...
    //     * var = (char *)malloc(10);
    //     * var = new char[10];
    //     * var = strdup("hello");
    //     * var = strndup("hello", 3);
    if (tok2 && tok2->str() == "(")
    {
        tok2 = tok2->link();
        tok2 = tok2 ? tok2->next() : NULL;
    }
    if (! tok2)
        return No;
    if (! tok2->isName())
        return No;

    // Does tok2 point on "malloc", "strdup" or "kmalloc"..
    static const char * const mallocfunc[] = {"malloc",
            "calloc",
            "strdup",
            "strndup",
            "kmalloc",
            "kzalloc",
            "kcalloc",
            0
                                             };
    for (unsigned int i = 0; mallocfunc[i]; i++)
    {
        if (tok2->str() == mallocfunc[i])
            return Malloc;
    }

    // Using realloc..
    if (varid && Token::Match(tok2, "realloc ( %any% ,") && tok2->tokAt(2)->varId() != varid)
        return Malloc;

    // Does tok2 point on "g_malloc", "g_strdup", ..
    static const char * const gmallocfunc[] = {"g_new",
            "g_new0",
            "g_try_new",
            "g_try_new0",
            "g_malloc",
            "g_malloc0",
            "g_try_malloc",
            "g_try_malloc0",
            "g_strdup",
            "g_strndup",
            "g_strdup_printf",
            0
                                              };
    for (unsigned int i = 0; gmallocfunc[i]; i++)
    {
        if (tok2->str() == gmallocfunc[i])
            return gMalloc;
    }

    if (Token::Match(tok2, "new %type% [;()]") ||
        Token::Match(tok2, "new ( std :: nothrow ) %type% [;()]") ||
        Token::Match(tok2, "new ( nothrow ) %type% [;()]"))
        return New;

    if (Token::Match(tok2, "new %type% [") ||
        Token::Match(tok2, "new ( std :: nothrow ) %type% [") ||
        Token::Match(tok2, "new ( nothrow ) %type% ["))
        return NewArray;

    if (Token::Match(tok2, "fopen|tmpfile|g_fopen ("))
        return File;

    if (Token::Match(tok2, "open|openat|creat|mkstemp|mkostemp ("))
    {
        // is there a user function with this name?
        if (tokenizer && Token::findmatch(tokenizer->tokens(), ("%type% *|&| " + tok2->str()).c_str()))
            return No;
        return Fd;
    }

    if (Token::simpleMatch(tok2, "popen ("))
        return Pipe;

    if (Token::Match(tok2, "opendir|fdopendir ("))
        return Dir;

    // User function
    const Token *ftok = tokenizer->getFunctionTokenByName(tok2->str().c_str());
    return functionReturnType(ftok);
}




CheckMemoryLeak::AllocType CheckMemoryLeak::getReallocationType(const Token *tok2, unsigned int varid) const
{
    // What we may have...
    //     * var = (char *)realloc(..;
    if (tok2 && tok2->str() == "(")
    {
        tok2 = tok2->link();
        tok2 = tok2 ? tok2->next() : NULL;
    }
    if (! tok2)
        return No;

    if (varid > 0 && ! Token::Match(tok2, "%var% ( %varid% [,)]", varid))
        return No;

    if (tok2->str() == "realloc")
        return Malloc;

    // GTK memory reallocation..
    if (Token::Match(tok2, "g_realloc|g_try_realloc|g_renew|g_try_renew"))
        return gMalloc;

    return No;
}


CheckMemoryLeak::AllocType CheckMemoryLeak::getDeallocationType(const Token *tok, unsigned int varid) const
{
    if (Token::Match(tok, "delete %varid% ;", varid))
        return New;

    if (Token::Match(tok, "delete [ ] %varid% ;", varid))
        return NewArray;

    if (Token::Match(tok, "delete ( %varid% ) ;", varid))
        return New;

    if (Token::Match(tok, "delete [ ] ( %varid% ) ;", varid))
        return NewArray;

    if (Token::Match(tok, "free|kfree ( %varid% ) ;", varid) ||
        Token::Match(tok, "free|kfree ( %varid% -", varid))
        return Malloc;

    if (Token::Match(tok, "g_free ( %varid% ) ;", varid) ||
        Token::Match(tok, "g_free ( %varid% -", varid))
        return gMalloc;

    if (Token::Match(tok, "fclose ( %varid% )", varid) ||
        Token::simpleMatch(tok, "fcloseall ( )"))
        return File;

    if (Token::Match(tok, "close ( %varid% )", varid))
        return Fd;

    if (Token::Match(tok, "pclose ( %varid% )", varid))
        return Pipe;

    if (Token::Match(tok, "closedir ( %varid% )", varid))
        return Dir;

    return No;
}

CheckMemoryLeak::AllocType CheckMemoryLeak::getDeallocationType(const Token *tok, const std::string &varname) const
{
    if (Token::simpleMatch(tok, std::string("delete " + varname + " ;").c_str()))
        return New;

    if (Token::simpleMatch(tok, std::string("delete [ ] " + varname + " ;").c_str()))
        return NewArray;

    if (Token::simpleMatch(tok, std::string("delete ( " + varname + " ) ;").c_str()))
        return New;

    if (Token::simpleMatch(tok, std::string("delete [ ] ( " + varname + " ) ;").c_str()))
        return NewArray;

    if (Token::simpleMatch(tok, std::string("free ( " + varname + " ) ;").c_str()) ||
        Token::simpleMatch(tok, std::string("kfree ( " + varname + " ) ;").c_str()))
        return Malloc;

    if (Token::simpleMatch(tok, std::string("g_free ( " + varname + " ) ;").c_str()))
        return gMalloc;

    if (Token::simpleMatch(tok, std::string("fclose ( " + varname + " )").c_str()) ||
        Token::simpleMatch(tok, "fcloseall ( )"))
        return File;

    if (Token::simpleMatch(tok, std::string("close ( " + varname + " )").c_str()))
        return Fd;

    if (Token::simpleMatch(tok, std::string("pclose ( " + varname + " )").c_str()))
        return Pipe;

    if (Token::simpleMatch(tok, std::string("closedir ( " + varname + " )").c_str()))
        return Dir;

    return No;
}

//--------------------------------------------------------------------------


//--------------------------------------------------------------------------

void CheckMemoryLeak::memoryLeak(const Token *tok, const std::string &varname, AllocType alloctype)
{
    if (alloctype == CheckMemoryLeak::File ||
        alloctype == CheckMemoryLeak::Pipe ||
        alloctype == CheckMemoryLeak::Fd   ||
        alloctype == CheckMemoryLeak::Dir)
        resourceLeakError(tok, varname.c_str());
    else
        memleakError(tok, varname.c_str());
}
//---------------------------------------------------------------------------


void CheckMemoryLeak::reportErr(const Token *tok, Severity::SeverityType severity, const std::string &id, const std::string &msg) const
{
    std::list<const Token *> callstack;

    if (tok)
        callstack.push_back(tok);

    reportErr(callstack, severity, id, msg);
}

void CheckMemoryLeak::reportErr(const std::list<const Token *> &callstack, Severity::SeverityType severity, const std::string &id, const std::string &msg) const
{
    std::list<ErrorLogger::ErrorMessage::FileLocation> locations;

    for (std::list<const Token *>::const_iterator it = callstack.begin(); it != callstack.end(); ++it)
    {
        const Token * const tok = *it;

        ErrorLogger::ErrorMessage::FileLocation loc;
        loc.line = tok->linenr();
        loc.setfile(tokenizer->file(tok));

        locations.push_back(loc);
    }

    const ErrorLogger::ErrorMessage errmsg(locations, severity, msg, id);

    if (errorLogger)
        errorLogger->reportErr(errmsg);
    else
        Check::reportError(errmsg);
}

void CheckMemoryLeak::memleakError(const Token *tok, const std::string &varname)
{
    reportErr(tok, Severity::error, "memleak", "Memory leak: " + varname);
}

void CheckMemoryLeak::memleakUponReallocFailureError(const Token *tok, const std::string &varname)
{
    reportErr(tok, Severity::error, "memleakOnRealloc", "Common realloc mistake: \'" + varname + "\' nulled but not freed upon failure");
}

void CheckMemoryLeak::resourceLeakError(const Token *tok, const std::string &varname)
{
    std::string errmsg("Resource leak");
    if (!varname.empty())
        errmsg += ": " + varname;
    reportErr(tok, Severity::error, "resourceLeak", errmsg);
}

void CheckMemoryLeak::deallocDeallocError(const Token *tok, const std::string &varname)
{
    reportErr(tok, Severity::error, "deallocDealloc", "Deallocating a deallocated pointer: " + varname);
}

void CheckMemoryLeak::deallocuseError(const Token *tok, const std::string &varname)
{
    reportErr(tok, Severity::error, "deallocuse", "Dereferencing '" + varname + "' after it is deallocated / released");
}

void CheckMemoryLeak::mismatchSizeError(const Token *tok, const std::string &sz)
{
    reportErr(tok, Severity::error, "mismatchSize", "The given size " + sz + " is mismatching");
}

void CheckMemoryLeak::mismatchAllocDealloc(const std::list<const Token *> &callstack, const std::string &varname)
{
    reportErr(callstack, Severity::error, "mismatchAllocDealloc", "Mismatching allocation and deallocation: " + varname);
}

CheckMemoryLeak::AllocType CheckMemoryLeak::functionReturnType(const Token *tok) const
{
    if (!tok)
        return No;

    const std::string functionName = tok->str();

    // Locate start of function
    while (tok)
    {
        if (tok->str() == "{" || tok->str() == "}")
            return No;

        if (tok->str() == "(")
        {
            tok = tok->link();
            break;
        }

        tok = tok->next();
    }

    // Is this the start of a function?
    if (!Token::Match(tok, ") const| {"))
        return No;

    while (tok->str() != "{")
        tok = tok->next();

    // Get return pointer..
    unsigned int varid = 0;
    unsigned int indentlevel = 0;
    for (const Token *tok2 = tok; tok2; tok2 = tok2->next())
    {
        if (tok2->str() == "{")
            ++indentlevel;
        else if (tok2->str() == "}")
        {
            if (indentlevel <= 1)
                return No;
            --indentlevel;
        }
        if (Token::Match(tok2, "return %var% ;"))
        {
            if (indentlevel != 1)
                return No;
            varid = tok2->next()->varId();
            break;
        }
        else if (tok2->str() == "return")
        {
            // recursion => bail out
            if (tok2->strAt(1) == functionName)
                return No;

            AllocType allocType = getAllocationType(tok2->next(), 0);
            if (allocType != No)
                return allocType;
        }
    }

    // Not returning pointer value..
    if (varid == 0)
        return No;

    // Check if return pointer is allocated..
    AllocType allocType = No;
    while (0 != (tok = tok->next()))
    {
        if (Token::Match(tok, "%varid% =", varid))
        {
            // recursion => bail out
            if (tok->strAt(2) == functionName)
                return No;

            allocType = getAllocationType(tok->tokAt(2), varid);
        }
        if (Token::Match(tok, "= %varid% ;", varid))
        {
            return No;
        }
        if (tok->str() == "return")
            return allocType;
    }

    return allocType;
}


const char *CheckMemoryLeak::functionArgAlloc(const Token *tok, unsigned int targetpar, AllocType &allocType) const
{
    // Find the varid of targetpar, then locate the start of the function..
    unsigned int parlevel = 0;
    unsigned int par = 0;
    unsigned int varid = 0;

    allocType = No;

    while (tok)
    {
        if (tok->str() == "{" || tok->str() == "}")
            return "";

        if (tok->str() == "(")
        {
            if (parlevel != 0)
                return "";
            ++parlevel;
            ++par;
        }

        else if (tok->str() == ")")
        {
            if (parlevel != 1)
                return "";
            break;
        }

        else if (parlevel == 1 && tok->str() == ",")
        {
            ++par;
        }

        tok = tok->next();

        if (parlevel == 1 && par == targetpar && Token::Match(tok, "%type% * * %var%"))
        {
            varid = tok->tokAt(3)->varId();
        }
    }

    if (varid == 0)
        return "";

    // Is this the start of a function?
    if (!Token::Match(tok, ") const| {"))
        return "";

    while (tok->str() != "{")
        tok = tok->next();

    // Check if pointer is allocated.
    unsigned int indentlevel = 0;
    int realloc = 0;
    while (0 != (tok = tok->next()))
    {
        if (tok->str() == "{")
            ++indentlevel;
        else if (tok->str() == "}")
        {
            if (indentlevel <= 1)
                break;
            --indentlevel;
        }
        else if (tok->varId() == varid)
        {
            if (Token::Match(tok->tokAt(-3), "free ( * %varid% )", varid))
            {
                realloc = 1;
                allocType = No;
            }
            else if (Token::Match(tok->previous(), "* %varid% =", varid))
            {
                allocType = getAllocationType(tok->tokAt(2), varid);
                if (allocType == No)
                {
                    allocType = getReallocationType(tok->tokAt(2), varid);
                }
                if (allocType != No)
                {
                    if (realloc)
                        return "realloc";
                    return "alloc";
                }
            }
            else
            {
                // unhandled variable usage: bailout
                return "";
            }
        }
    }

    return "";
}


void CheckMemoryLeakInFunction::parse_noreturn()
{
    noreturn.insert("exit");
    noreturn.insert("_exit");
    noreturn.insert("_Exit");
    noreturn.insert("abort");
    noreturn.insert("err");
    noreturn.insert("verr");
    noreturn.insert("errx");
    noreturn.insert("verrx");

    std::list<Scope>::const_iterator scope;

    for (scope = symbolDatabase->scopeList.begin(); scope != symbolDatabase->scopeList.end(); ++scope)
    {
        // only check functions
        if (scope->type != Scope::eFunction)
            continue;

        // parse this function to check if it contains an "exit" call..
        unsigned int indentlevel = 1;
        for (const Token *tok2 = scope->classStart->next(); tok2; tok2 = tok2->next())
        {
            if (tok2->str() == "{")
                ++indentlevel;
            else if (tok2->str() == "}")
            {
                --indentlevel;
                if (indentlevel == 0)
                    break;
            }
            if (Token::Match(tok2->previous(), "[;{}] exit ("))
            {
                noreturn.insert(scope->className);
                break;
            }
        }

        // This function is not a noreturn function
        if (indentlevel == 0)
        {
            notnoreturn.insert(scope->className);
        }
    }
}


bool CheckMemoryLeakInFunction::matchFunctionsThatReturnArg(const Token *tok, unsigned int varid) const
{
    return Token::Match(tok, "; %varid% = strcat|memcpy|memmove|strcpy ( %varid% ,", varid);
}


bool CheckMemoryLeakInFunction::notvar(const Token *tok, unsigned int varid, bool endpar) const
{
    const std::string end(endpar ? " &&|)" : " [;)&|]");
    return bool(Token::Match(tok, ("! %varid%" + end).c_str(), varid) ||
                Token::Match(tok, ("! ( %varid% )" + end).c_str(), varid));
}


static int countParameters(const Token *tok)
{
    if (!Token::Match(tok, "%var% ("))
        return -1;
    if (Token::Match(tok->tokAt(2), "void| )"))
        return 0;

    int numpar = 1;
    int parlevel = 0;
    for (; tok; tok = tok->next())
    {
        if (tok->str() == "(")
            ++parlevel;

        else if (tok->str() == ")")
        {
            if (parlevel <= 1)
                return numpar;
            --parlevel;
        }

        else if (parlevel == 1 && tok->str() == ",")
        {
            ++numpar;
        }
    }

    return -1;
}

bool CheckMemoryLeakInFunction::test_white_list(const std::string &funcname)
{
    return (std::bsearch(funcname.c_str(), call_func_white_list,
                         sizeof(call_func_white_list) / sizeof(call_func_white_list[0]),
                         sizeof(call_func_white_list[0]), call_func_white_list_compare) != NULL);
}

const char * CheckMemoryLeakInFunction::call_func(const Token *tok, std::list<const Token *> callstack, const unsigned int varid, AllocType &alloctype, AllocType &dealloctype, bool &allocpar, unsigned int sz)
{
    if (test_white_list(tok->str()))
    {
        if (tok->str() == "asprintf" ||
            tok->str() == "delete" ||
            tok->str() == "fclose" ||
            tok->str() == "for" ||
            tok->str() == "free" ||
            tok->str() == "if" ||
            tok->str() == "realloc" ||
            tok->str() == "return" ||
            tok->str() == "switch" ||
            tok->str() == "while")
        {
            return 0;
        }

        // is the varid a parameter?
        for (const Token *tok2 = tok->tokAt(2); tok2; tok2 = tok2->next())
        {
            if (tok2->str() == "(" || tok2->str() == ")")
                break;
            if (tok2->varId() == varid)
                return (tok->strAt(-1)==".") ? "use" : "use_";
        }

        return 0;
    }

    if (noreturn.find(tok->str()) != noreturn.end() && tok->strAt(-1) != "=")
        return "exit";

    if (varid > 0 && (getAllocationType(tok, varid) != No || getReallocationType(tok, varid) != No || getDeallocationType(tok, varid) != No))
        return 0;

    if (callstack.size() > 2)
        return "dealloc_";

    const std::string funcname(tok->str());
    for (std::list<const Token *>::const_iterator it = callstack.begin(); it != callstack.end(); ++it)
    {
        if ((*it) && (*it)->str() == funcname)
            return "recursive";
    }
    callstack.push_back(tok);

    // lock/unlock..
    if (varid == 0)
    {
        const Token *ftok = _tokenizer->getFunctionTokenByName(funcname.c_str());
        while (ftok && (ftok->str() != "{"))
            ftok = ftok->next();
        if (!ftok)
            return 0;

        Token *func = getcode(ftok->tokAt(1), callstack, 0, alloctype, dealloctype, false, 1);
        simplifycode(func);
        const char *ret = 0;
        if (Token::simpleMatch(func, "; alloc ; }"))
            ret = "alloc";
        else if (Token::simpleMatch(func, "; dealloc ; }"))
            ret = "dealloc";
        Tokenizer::deleteTokens(func);
        return ret;
    }

    // how many parameters is there in the function call?
    int numpar = countParameters(tok);
    if (numpar <= 0)
    {
        // Taking return value => it is not a noreturn function
        if (tok->strAt(-1) == "=")
            return NULL;

        // Function is not noreturn
        if (notnoreturn.find(funcname) != notnoreturn.end())
            return NULL;

        return (tok->previous()->str() != "=") ? "callfunc" : NULL;
    }

    unsigned int par = 1;
    unsigned int parlevel = 0;

    const bool dot(tok->previous()->str() == ".");
    const bool eq(tok->previous()->str() == "=");

    for (; tok; tok = tok->next())
    {
        if (tok->str() == "(")
            ++parlevel;
        else if (tok->str() == ")")
        {
            --parlevel;
            if (parlevel < 1)
            {
                return (eq || _settings->inconclusive) ? 0 : "callfunc";
            }
        }

        if (parlevel == 1)
        {
            if (tok->str() == ",")
                ++par;
            if (varid > 0 && Token::Match(tok, "[,()] %varid% [,()]", varid))
            {
                if (dot)
                    return "use";

                const Token *ftok = _tokenizer->getFunctionTokenByName(funcname.c_str());
                if (!ftok)
                    return "use";

                // how many parameters does the function want?
                if (numpar != countParameters(ftok))
                    return "recursive";

                const char *parname = Tokenizer::getParameterName(ftok, par);
                if (! parname)
                    return "recursive";
                unsigned int parameterVarid = 0;
                {
                    const Token *partok = Token::findmatch(ftok, parname);
                    if (partok)
                        parameterVarid = partok->varId();
                }
                if (parameterVarid == 0)
                    return "recursive";
                // Check if the function deallocates the variable..
                while (ftok && (ftok->str() != "{"))
                    ftok = ftok->next();
                Token *func = getcode(ftok->tokAt(1), callstack, parameterVarid, alloctype, dealloctype, false, sz);
                //simplifycode(func, all);
                const Token *func_ = func;
                while (func_ && func_->str() == ";")
                    func_ = func_->next();

                const char *ret = 0;
                /** @todo handle "goto" */
                if (Token::findmatch(func_, "dealloc"))
                    ret = "dealloc";
                else if (Token::findmatch(func_, "use"))
                    ret = "use";
                else if (Token::findmatch(func_, "&use"))
                    ret = "&use";

                Tokenizer::deleteTokens(func);
                return ret;
            }
            if (varid > 0 && Token::Match(tok, "[,()] & %varid% [,()]", varid))
            {
                const Token *ftok = _tokenizer->getFunctionTokenByName(funcname.c_str());
                AllocType a;
                const char *ret = functionArgAlloc(ftok, par, a);

                if (a != No)
                {
                    if (alloctype == No)
                        alloctype = a;
                    else if (alloctype != a)
                        alloctype = Many;
                    allocpar = true;
                    return ret;
                }
            }
        }
    }
    return NULL;
}


static void addtoken(Token **rettail, const Token *tok, const std::string &str)
{
    (*rettail)->insertToken(str);
    (*rettail) = (*rettail)->next();
    (*rettail)->linenr(tok->linenr());
    (*rettail)->fileIndex(tok->fileIndex());
}


Token *CheckMemoryLeakInFunction::getcode(const Token *tok, std::list<const Token *> callstack, const unsigned int varid, CheckMemoryLeak::AllocType &alloctype, CheckMemoryLeak::AllocType &dealloctype, bool classmember, unsigned int sz)
{
    Token *rethead = 0, *rettail = 0;

    // variables whose value depends on if(!var). If one of these variables
    // is used in a if-condition then generate "ifv" instead of "if".
    std::set<unsigned int> extravar;

    // The first token should be ";"
    rethead = new Token(0);
    rethead->str(";");
    rethead->linenr(tok->linenr());
    rethead->fileIndex(tok->fileIndex());
    rettail = rethead;

    int indentlevel = 0;
    int parlevel = 0;
    for (; tok; tok = tok->next())
    {
        if (tok->str() == "{")
        {
            addtoken(&rettail, tok, "{");
            ++indentlevel;
        }
        else if (tok->str() == "}")
        {
            addtoken(&rettail, tok, "}");
            if (indentlevel <= 0)
                break;
            --indentlevel;
        }

        else if (tok->str() == "(")
            ++parlevel;
        else if (tok->str() == ")")
            --parlevel;

        if (parlevel == 0 && tok->str() == ";")
            addtoken(&rettail, tok, ";");

        // Start of new statement.. check if the statement has anything interesting
        if (Token::Match(tok, "[;{}]") && varid > 0 && parlevel == 0)
        {
            if (Token::Match(tok->next(), "[{};]"))
                continue;

            // function calls are interesting..
            const Token *tok2 = tok;
            while (Token::Match(tok2->next(), "%var% ."))
                tok2 = tok2->tokAt(2);
            if (Token::Match(tok2->next(), "%var% ("))
                ;

            else if (Token::Match(tok->next(), "continue|break|return|throw|goto|do|else"))
                ;

            else
            {
                const Token *skipToToken = 0;

                // scan statement for interesting keywords / varid
                for (tok2 = tok->next(); tok2; tok2 = tok2->next())
                {
                    if (tok2->str() == ";")
                    {
                        // nothing interesting found => skip this statement
                        skipToToken = tok2->previous();
                        break;
                    }

                    if (tok2->varId() == varid ||
                        tok2->str() == ":" || tok2->str() == "{" || tok2->str() == "}")
                    {
                        break;
                    }
                }

                if (skipToToken)
                {
                    tok = skipToToken;
                    continue;
                }
            }
        }

        if (varid == 0)
        {
            if (!callstack.empty() && Token::Match(tok, "[;{}] __cppcheck_lock|__cppcheck_unlock ( ) ;"))
            {
                // Type of leak = Resource leak
                alloctype = dealloctype = CheckMemoryLeak::File;

                if (tok->next()->str() == "__cppcheck_lock")
                {
                    addtoken(&rettail, tok, "alloc");
                }
                else
                {
                    addtoken(&rettail, tok, "dealloc");
                }

                tok = tok->tokAt(3);
                continue;
            }

            if (Token::simpleMatch(tok, "if ("))
            {
                addtoken(&rettail, tok, "if");
                tok = tok->next()->link();
                continue;
            }
        }
        else
        {
            // var = strcpy|.. ( var ,
            if (Token::Match(tok, "[;{}] %varid% = memcpy|memmove|memset|strcpy|strncpy|strcat|strncat ( %varid% ,", varid))
            {
                tok = tok->tokAt(4)->link();
                continue;
            }

            if (Token::Match(tok->previous(), "[(;{}] %varid% =", varid) ||
                Token::Match(tok, "asprintf ( & %varid% ,", varid))
            {
                CheckMemoryLeak::AllocType alloc;

                if (Token::simpleMatch(tok, "asprintf ("))
                {
                    // todo: check how the return value is used.
                    if (!Token::Match(tok->previous(), "[;{}]"))
                    {
                        Tokenizer::deleteTokens(rethead);
                        return 0;
                    }
                    alloc = Malloc;
                    tok = tok->next()->link();
                }
                else
                {
                    alloc = getAllocationType(tok->tokAt(2), varid);
                }
                bool realloc = false;

                if (sz > 1 &&
                    Token::Match(tok->tokAt(2), "malloc ( %num% )") &&
                    (MathLib::toLongNumber(tok->strAt(4)) % long(sz)) != 0)
                {
                    mismatchSizeError(tok->tokAt(4), tok->strAt(4));
                }

                if (alloc == CheckMemoryLeak::No)
                {
                    alloc = getReallocationType(tok->tokAt(2), varid);
                    if (alloc != CheckMemoryLeak::No)
                    {
                        addtoken(&rettail, tok, "realloc");
                        addtoken(&rettail, tok, ";");
                        realloc = true;
                        tok = tok->tokAt(2);
                        if (Token::Match(tok, "%var% ("))
                            tok = tok->next()->link();
                        continue;
                    }
                }

                // don't check classes..
                if (alloc == CheckMemoryLeak::New)
                {
                    if (Token::Match(tok->tokAt(2), "new %type% [(;]"))
                    {
                        if (isclass(_tokenizer, tok->tokAt(3)))
                        {
                            alloc = No;
                        }
                    }
                    else if (Token::Match(tok->tokAt(2), "new ( nothrow ) %type%"))
                    {
                        if (isclass(_tokenizer, tok->tokAt(6)))
                        {
                            alloc = No;
                        }
                    }
                    else if (Token::Match(tok->tokAt(2), "new ( std :: nothrow ) %type%"))
                    {
                        if (isclass(_tokenizer, tok->tokAt(8)))
                        {
                            alloc = No;
                        }
                    }
                }

                if (alloc != No)
                {
                    if (! realloc)
                        addtoken(&rettail, tok, "alloc");

                    if (alloctype != No && alloctype != alloc)
                        alloc = Many;

                    if (alloc != Many && dealloctype != No && dealloctype != Many && dealloctype != alloc)
                    {
                        callstack.push_back(tok);
                        mismatchAllocDealloc(callstack, Token::findmatch(_tokenizer->tokens(), "%varid%", varid)->str());
                        callstack.pop_back();
                    }

                    alloctype = alloc;

                    if (Token::Match(tok, "%var% = %type% ("))
                    {
                        tok = tok->tokAt(3)->link();
                        continue;
                    }
                }

                // assignment..
                else
                {
                    // is the pointer in rhs?
                    bool rhs = false;
                    for (const Token *tok2 = tok->next(); tok2; tok2 = tok2->next())
                    {
                        if (tok2->str() == ";")
                        {
                            if (rhs)
                                tok = tok2;
                            break;
                        }

                        if (Token::Match(tok2, "[=+] %varid%", varid))
                        {
                            rhs = true;
                        }
                    }

                    if (!rhs)
                        addtoken(&rettail, tok, "assign");
                    continue;
                }
            }

            if (Token::Match(tok->previous(), "[;{})=|] %var%"))
            {
                AllocType dealloc = getDeallocationType(tok, varid);

                if (dealloc != No && tok->str() == "fcloseall" && alloctype != dealloc)
                    dealloc = No;

                else if (dealloc != No)
                {
                    addtoken(&rettail, tok, "dealloc");

                    if (dealloctype != No && dealloctype != dealloc)
                        dealloc = Many;

                    if (dealloc != Many && alloctype != No && alloctype != Many && alloctype != dealloc)
                    {
                        callstack.push_back(tok);
                        mismatchAllocDealloc(callstack, Token::findmatch(_tokenizer->tokens(), "%varid%", varid)->str());
                        callstack.pop_back();
                    }
                    dealloctype = dealloc;

                    if (tok->strAt(2) == "(")
                        tok = tok->tokAt(2)->link();
                    continue;
                }
            }

            // if else switch
            if (tok->str() == "if")
            {
                if (alloctype == Fd)
                {
                    if (Token::Match(tok, "if ( 0 <=|< %varid% )", varid) ||
                        Token::Match(tok, "if ( %varid% != -1 )", varid))
                    {
                        addtoken(&rettail, tok, "if(var)");
                        tok = tok->next()->link();
                        continue;
                    }
                    else if (Token::Match(tok, "if ( %varid% == -1 )", varid) ||
                             Token::Match(tok, "if ( %varid% < 0 )", varid))
                    {
                        addtoken(&rettail, tok, "if(!var)");
                        tok = tok->next()->link();
                        continue;
                    }
                }

                if (Token::Match(tok, "if ( %varid% )", varid))
                {
                    addtoken(&rettail, tok, "if(var)");

                    // Make sure the "use" will not be added
                    tok = tok->next()->link();
                    continue;
                }
                else if (Token::simpleMatch(tok, "if (") && notvar(tok->tokAt(2), varid, true))
                {
                    addtoken(&rettail, tok, "if(!var)");

                    // parse the if-body.
                    // if a variable is assigned then add variable to "extravar".
                    for (const Token *tok2 = tok->next()->link()->tokAt(2); tok2; tok2 = tok2->next())
                    {
                        if (tok2->str() == "{")
                            tok2 = tok2->link();
                        else if (tok2->str() == "}")
                            break;
                        else if (Token::Match(tok2, "%var% ="))
                            extravar.insert(tok2->varId());
                    }

                    tok = tok->next()->link();
                    continue;
                }
                else
                {
                    // Check if the condition depends on var or extravar somehow..
                    bool dep = false;
                    int innerParlevel = 0;
                    for (const Token *tok2 = tok->next(); tok2; tok2 = tok2->next())
                    {
                        if (tok2->str() == "(")
                            ++innerParlevel;
                        if (tok2->str() == ")")
                        {
                            --innerParlevel;
                            if (innerParlevel <= 0)
                                break;
                        }
                        if (Token::Match(tok2, "close|pclose|fclose|closedir ( %varid% )", varid))
                        {
                            addtoken(&rettail, tok, "dealloc");
                            addtoken(&rettail, tok, ";");
                            dep = true;
                            break;
                        }
                        if (alloctype == Fd && Token::Match(tok2, "%varid% !=|>=", varid))
                        {
                            dep = true;
                        }
                        if (innerParlevel > 0 && Token::Match(tok2, "! %varid%", varid))
                        {
                            dep = true;
                        }
                        if (innerParlevel > 0 && Token::Match(tok2, "%var% (") && !test_white_list(tok2->str()))
                        {
                            bool use = false;
                            for (const Token *tok3 = tok2->tokAt(2); tok3; tok3 = tok3->next())
                            {
                                if (tok3->str() == "(")
                                    tok3 = tok3->link();
                                else if (tok3->str() == ")")
                                    break;
                                else if (Token::Match(tok3->previous(), "(|, &| %varid% ,|)", varid))
                                {
                                    use = true;
                                    break;
                                }
                            }
                            if (use)
                            {
                                addtoken(&rettail, tok, "use");
                                addtoken(&rettail, tok, ";");
                                dep = false;
                                break;
                            }
                        }
                        if (tok2->varId() && extravar.find(tok2->varId()) != extravar.end())
                        {
                            dep = true;
                        }
                    }

                    if (Token::Match(tok, "if ( ! %varid% &&", varid))
                    {
                        addtoken(&rettail, tok, "if(!var)");
                    }
                    else if (tok->next() &&
                             tok->next()->link() &&
                             Token::Match(tok->next()->link()->tokAt(-3), "&& ! %varid%", varid))
                    {
                        addtoken(&rettail, tok, "if(!var)");
                    }
                    else
                    {
                        addtoken(&rettail, tok, (dep ? "ifv" : "if"));
                    }

                    tok = tok->next()->link();
                    continue;
                }
            }
        }

        if ((tok->str() == "else") || (tok->str() == "switch"))
        {
            addtoken(&rettail, tok, tok->str());
            if (Token::simpleMatch(tok, "switch ("))
                tok = tok->next()->link();
            continue;
        }

        if ((tok->str() == "case"))
        {
            addtoken(&rettail, tok, "case");
            addtoken(&rettail, tok, ";");
            if (Token::Match(tok, "case %any% :"))
                tok = tok->tokAt(2);
            continue;
        }

        if ((tok->str() == "default"))
        {
            addtoken(&rettail, tok, "default");
            addtoken(&rettail, tok, ";");
            continue;
        }

        // Loops..
        else if ((tok->str() == "for") || (tok->str() == "while"))
        {
            if (Token::simpleMatch(tok, "while ( true )") ||
                Token::simpleMatch(tok, "for ( ; ; )"))
            {
                addtoken(&rettail, tok, "while1");
                tok = tok->next()->link();
                continue;
            }

            else if (varid && getDeallocationType(tok->tokAt(2), varid) != No)
            {
                addtoken(&rettail, tok, "dealloc");
                addtoken(&rettail, tok, ";");
            }

            else if (alloctype == Fd && varid)
            {
                if (Token::Match(tok, "while ( 0 <= %varid% )", varid) ||
                    Token::Match(tok, "while ( %varid% != -1 )", varid))
                {
                    addtoken(&rettail, tok, "while(var)");
                    tok = tok->next()->link();
                    continue;
                }
                else if (Token::Match(tok, "while ( %varid% == -1 )", varid) ||
                         Token::Match(tok, "while ( %varid% < 0 )", varid))
                {
                    addtoken(&rettail, tok, "while(!var)");
                    tok = tok->next()->link();
                    continue;
                }
            }

            else if (varid && Token::Match(tok, "while ( %varid% )", varid))
            {
                addtoken(&rettail, tok, "while(var)");
                tok = tok->next()->link();
                continue;
            }
            else if (varid && Token::simpleMatch(tok, "while (") && notvar(tok->tokAt(2), varid, true))
            {
                addtoken(&rettail, tok, "while(!var)");
                tok = tok->next()->link();
                continue;
            }

            addtoken(&rettail, tok, "loop");

            if (varid > 0)
            {
                unsigned int parlevel2 = 0;
                for (const Token *tok2 = tok->tokAt(2); tok2; tok2 = tok2->next())
                {
                    if (tok2->str() == "(")
                        ++parlevel2;
                    else if (tok2->str() == ")")
                    {
                        if (parlevel2 > 0)
                            --parlevel2;
                        else
                            break;
                    }
                    if (notvar(tok2, varid))
                    {
                        addtoken(&rettail, tok2, "!var");
                        break;
                    }
                }
            }

            continue;
        }
        if ((tok->str() == "do"))
        {
            addtoken(&rettail, tok, "do");
            continue;
        }

        // continue / break..
        if (tok->str() == "continue")
        {
            addtoken(&rettail, tok, "continue");
        }
        else if (tok->str() == "break")
        {
            addtoken(&rettail, tok, "break");
        }
        else if (tok->str() == "goto")
        {
            addtoken(&rettail, tok, "goto");
        }

        // Return..
        else if (tok->str() == "return")
        {
            addtoken(&rettail, tok, "return");
            if (varid == 0)
            {
                addtoken(&rettail, tok, ";");
                while (tok && tok->str() != ";")
                    tok = tok->next();
                if (!tok)
                    break;
                continue;
            }

            // Returning a auto_ptr of this allocated variable..
            if (Token::simpleMatch(tok->next(), "std :: auto_ptr <"))
            {
                const Token *tok2 = tok->tokAt(5);
                while (tok2 && tok2->str() != ">")
                    tok2 = tok2->next();
                if (Token::Match(tok2, "> ( %varid% )", varid))
                {
                    addtoken(&rettail, tok, "use");
                    tok = tok2->tokAt(3);
                }
            }

            else if (varid && Token::Match(tok, "return strcpy|strncpy|memcpy ( %varid%", varid))
            {
                addtoken(&rettail, tok, "use");
                tok = tok->tokAt(2);
            }

            else
            {
                bool use = false;

                std::stack<const Token *> f;

                for (const Token *tok2 = tok->next(); tok2; tok2 = tok2->next())
                {
                    if (tok2->str() == ";")
                    {
                        tok = tok2;
                        break;
                    }

                    if (tok2->str() == "(")
                        f.push(tok2->previous());
                    else if (!f.empty() && tok2->str() == ")")
                        f.pop();

                    if (tok2->varId() == varid)
                    {
                        // Read data..
                        if (!Token::Match(tok2->previous(), "&|(") &&
                            Token::simpleMatch(tok2->next(), "["))
                        {
                        }
                        else if (f.empty() ||
                                 !test_white_list(f.top()->str()) ||
                                 getDeallocationType(f.top(),varid))
                        {
                            use = true;
                        }
                    }
                }
                if (use)
                    addtoken(&rettail, tok, "use");
                addtoken(&rettail, tok, ";");
            }
        }

        // throw..
        else if (Token::Match(tok, "try|throw|catch"))
            addtoken(&rettail, tok, tok->str());

        // Assignment..
        if (varid)
        {
            if (Token::simpleMatch(tok, "= {"))
            {
                unsigned int indentlevel2 = 0;
                bool use = false;
                for (const Token *tok2 = tok; tok2; tok2 = tok2->next())
                {
                    if (tok2->str() == "{")
                        ++indentlevel2;
                    else if (tok2->str() == "}")
                    {
                        if (indentlevel2 <= 1)
                            break;
                        --indentlevel2;
                    }
                    else if (tok2->varId() == varid)
                    {
                        use = true;
                        break;
                    }
                }

                if (use)
                {
                    addtoken(&rettail, tok, "use");
                    addtoken(&rettail, tok, ";");
                    tok = tok->next()->link();
                    continue;
                }
            }

            if (Token::Match(tok, "[)=] %varid% [+;)]", varid) ||
                Token::Match(tok, "%var% + %varid%", varid) ||
                Token::Match(tok, "%varid% +=|-=", varid) ||
                Token::Match(tok, "+=|<< %varid% ;", varid) ||
                Token::Match(tok, "= strcpy|strcat|memmove|memcpy ( %varid% ,", varid) ||
                Token::Match(tok, "[;{}] %var% [ %varid% ]", varid))
            {
                addtoken(&rettail, tok, "use");
            }
            else if (Token::Match(tok->previous(), "[;{}=(,+-*/] %varid% [", varid))
            {
                // warning is written for "dealloc ; use_ ;".
                // but this use doesn't affect the leak-checking
                addtoken(&rettail, tok, "use_");
            }
        }

        // Investigate function calls..
        if (Token::Match(tok, "%var% ("))
        {
            // A function call should normally be followed by ";"
            if (Token::simpleMatch(tok->next()->link(), ") {"))
            {
                if (!Token::Match(tok, "if|for|while|switch"))
                {
                    addtoken(&rettail, tok, "exit");
                    addtoken(&rettail, tok, ";");
                    tok = tok->next()->link();
                    continue;
                }
            }

            // Calling setjmp / longjmp => bail out
            else if (Token::Match(tok, "setjmp|longjmp"))
            {
                while (rethead->next())
                    rethead->deleteNext();
                return rethead;
            }

            // Inside class function.. if the var is passed as a parameter then
            // just add a "::use"
            // The "::use" means that a member function was probably called but it wasn't analysed further
            else if (classmember)
            {
                if (noreturn.find(tok->str()) != noreturn.end())
                    addtoken(&rettail, tok, "exit");

                else if (!test_white_list(tok->str()))
                {
                    int innerParlevel = 1;
                    for (const Token *tok2 = tok->tokAt(2); tok2; tok2 = tok2->next())
                    {
                        if (tok2->str() == "(")
                            ++innerParlevel;
                        else if (tok2->str() == ")")
                        {
                            --innerParlevel;
                            if (innerParlevel <= 0)
                                break;
                        }
                        if (tok2->varId() == varid)
                        {
                            addtoken(&rettail, tok, "::use");
                            break;
                        }
                    }
                }
            }

            else
            {
                if (varid > 0 && Token::Match(tok, "%var% ( close|fclose|pclose ( %varid% ) ) ;", varid))
                {
                    addtoken(&rettail, tok, "dealloc");
                    tok = tok->next()->link();
                    continue;
                }

                bool allocpar = false;
                const char *str = call_func(tok, callstack, varid, alloctype, dealloctype, allocpar, sz);
                if (str)
                {
                    if (allocpar)
                    {
                        addtoken(&rettail, tok, str);
                        tok = tok->next()->link();
                    }
                    else if (varid == 0 || str != std::string("alloc"))
                    {
                        addtoken(&rettail, tok, str);
                    }
                    else if (Token::Match(tok->tokAt(-2), "%varid% =", varid))
                    {
                        addtoken(&rettail, tok, str);
                    }
                }
                else if (varid > 0 &&
                         getReallocationType(tok, varid) != No &&
                         tok->tokAt(2)->varId() == varid)
                {
                    addtoken(&rettail, tok, "if");
                    addtoken(&rettail, tok, "{");
                    addtoken(&rettail, tok, "dealloc");
                    addtoken(&rettail, tok, ";");
                    addtoken(&rettail, tok, "}");
                    tok = tok->next()->link();
                    continue;
                }
            }
        }

        // Callback..
        if (Token::Match(tok, "( *| %var%") && Token::simpleMatch(tok->link(),") ("))
        {
            const Token *tok2 = tok->next();
            if (tok2->str() == "*")
                tok2 = tok2->next();
            tok2 = tok2->next();

            while (Token::Match(tok2, ". %var%"))
                tok2 = tok2->tokAt(2);

            if (Token::simpleMatch(tok2, ") ("))
            {
                for (; tok2; tok2 = tok2->next())
                {
                    if (Token::Match(tok2, "[;{]"))
                        break;
                    else if (tok2->varId() == varid)
                    {
                        addtoken(&rettail, tok, "use");
                        break;
                    }
                }
            }
        }

        // Linux lists..
        if (varid > 0 && Token::Match(tok, "[=(,] & %varid% [.[,)]", varid))
        {
            addtoken(&rettail, tok, "&use");
        }
    }

    for (Token *tok1 = rethead; tok1; tok1 = tok1->next())
    {
        if (Token::simpleMatch(tok1, "callfunc alloc ;"))
        {
            tok1->deleteThis();
            tok1->insertToken("use");
            tok1->insertToken(";");
        }
    }

    return rethead;
}






void CheckMemoryLeakInFunction::simplifycode(Token *tok)
{
    {
        // Replace "throw" that is not in a try block with "return"
        int indentlevel = 0;
        int trylevel = -1;
        for (Token *tok2 = tok; tok2; tok2 = tok2->next())
        {
            if (tok2->str() == "{")
                ++indentlevel;
            else if (tok2->str() == "}")
            {
                --indentlevel;
                if (indentlevel <= trylevel)
                    trylevel = -1;
            }
            else if (trylevel == -1 && tok2->str() == "try")
                trylevel = indentlevel;
            else if (trylevel == -1 && tok2->str() == "throw")
                tok2->str("return");
        }
    }

    // Insert extra ";"
    for (Token *tok2 = tok; tok2; tok2 = tok2->next())
    {
        if (!tok2->previous() || Token::Match(tok2->previous(), "[;{}]"))
        {
            if (Token::Match(tok2, "assign|callfunc|use assign|callfunc|use"))
            {
                tok2->insertToken(";");
            }
        }
    }

    // remove redundant braces..
    for (Token *start = tok; start; start = start->next())
    {
        if (Token::simpleMatch(start, "; {"))
        {
            // the "link" doesn't work here. Find the end brace..
            unsigned int indent = 0;
            for (Token *end = start; end; end = end->next())
            {
                if (end->str() == "{")
                    ++indent;
                else if (end->str() == "}")
                {
                    if (indent <= 1)
                    {
                        // If the start/end braces are redundant, delete them
                        if (indent == 1 && Token::Match(end->previous(), "[;{}] } %any%"))
                        {
                            start->deleteNext();
                            end->deleteThis();
                        }
                        break;
                    }
                    --indent;
                }
            }
        }
    }

    // reduce the code..
    // it will be reduced in N passes. When a pass completes without any
    // simplifications the loop is done.
    bool done = false;
    while (! done)
    {
        //tok->printOut("simplifycode loop..");
        done = true;

        // reduce callfunc
        for (Token *tok2 = tok; tok2; tok2 = tok2->next())
        {
            if (tok2->str() == "callfunc")
            {
                if (!Token::Match(tok2->previous(), "[;{}] callfunc ; }"))
                    tok2->deleteThis();
            }
        }

        // If the code starts with "if return ;" then remove it
        if (Token::Match(tok, ";| if return ;"))
        {
            tok->deleteThis();
            tok->deleteThis();
            if (tok->str() == "return")
                tok->deleteThis();
            if (tok->strAt(1) == "else")
                tok->deleteNext();
        }

        // simplify "while1" contents..
        for (Token *tok2 = tok; tok2; tok2 = tok2->next())
        {
            if (Token::simpleMatch(tok2, "while1 {"))
            {
                unsigned int innerIndentlevel = 0;
                for (Token *tok3 = tok2->tokAt(2); tok3; tok3 = tok3->next())
                {
                    if (tok3->str() == "{")
                        ++innerIndentlevel;
                    else if (tok3->str() == "}")
                    {
                        if (innerIndentlevel == 0)
                            break;
                        --innerIndentlevel;
                    }
                    while (innerIndentlevel == 0 && Token::Match(tok3, "[{};] if|ifv|else { continue ; }"))
                    {
                        Token::eraseTokens(tok3, tok3->tokAt(6));
                        if (Token::simpleMatch(tok3->next(), "else"))
                            tok3->deleteNext();
                    }
                }

                if (Token::simpleMatch(tok2, "while1 { if { dealloc ; return ; } }"))
                {
                    tok2->str(";");
                    Token::eraseTokens(tok2, tok2->tokAt(4));
                    Token::eraseTokens(tok2->tokAt(4), tok2->tokAt(7));
                }
            }
        }

        // Main inner simplification loop
        for (Token *tok2 = tok; tok2; tok2 = tok2 ? tok2->next() : NULL)
        {
            // Delete extra ";"
            while (Token::Match(tok2, "[;{}] ;"))
            {
                tok2->deleteNext();
                done = false;
            }

            // Replace "{ }" with ";"
            if (Token::simpleMatch(tok2->next(), "{ }"))
            {
                tok2->eraseTokens(tok2, tok2->tokAt(3));
                tok2->insertToken(";");
                done = false;
            }

            // Delete braces around a single instruction..
            if (Token::Match(tok2->next(), "{ %var% ; }"))
            {
                tok2->deleteNext();
                Token::eraseTokens(tok2->tokAt(2), tok2->tokAt(4));
                done = false;
            }
            if (Token::Match(tok2->next(), "{ %var% %var% ; }"))
            {
                tok2->deleteNext();
                Token::eraseTokens(tok2->tokAt(3), tok2->tokAt(5));
                done = false;
            }

            // Reduce "if if|callfunc" => "if"
            else if (Token::Match(tok2, "if if|callfunc"))
            {
                tok2->deleteNext();
                done = false;
            }

            else if (tok2->next() && tok2->next()->str() == "if")
            {
                // Delete empty if that is not followed by an else
                if (Token::Match(tok2->next(), "if ; !!else"))
                {
                    tok2->deleteNext();
                    done = false;
                }

                // Reduce "if X ; else X ;" => "X ;"
                else if (Token::Match(tok2->next(), "if %var% ; else %var% ;") &&
                         std::string(tok2->strAt(2)) == std::string(tok2->strAt(5)))
                {
                    Token::eraseTokens(tok2, tok2->tokAt(5));
                    done = false;
                }

                // Reduce "if continue ; if continue ;" => "if continue ;"
                else if (Token::simpleMatch(tok2->next(), "if continue ; if continue ;"))
                {
                    Token::eraseTokens(tok2, tok2->tokAt(4));
                    done = false;
                }

                // Reduce "if return ; alloc ;" => "alloc ;"
                else if (Token::Match(tok2, "[;{}] if return ; alloc|return ;"))
                {
                    Token::eraseTokens(tok2, tok2->tokAt(4));
                    done = false;
                }

                // "[;{}] if alloc ; else return ;" => "[;{}] alloc ;"
                else if (Token::Match(tok2, "[;{}] if alloc ; else return ;"))
                {
                    tok2->deleteNext();                                // Remove "if"
                    Token::eraseTokens(tok2->next(), tok2->tokAt(5));  // Remove "; else return"
                    done = false;
                }

                // Reduce "if ; else %var% ;" => "if %var% ;"
                else if (Token::Match(tok2->next(), "if ; else %var% ;"))
                {
                    Token::eraseTokens(tok2->next(), tok2->tokAt(4));
                    done = false;
                }

                // Reduce "if ; else" => "if"
                else if (Token::simpleMatch(tok2->next(), "if ; else"))
                {
                    Token::eraseTokens(tok2->next(), tok2->tokAt(4));
                    done = false;
                }

                // Reduce "if return ; else|if return|continue ;" => "if return ;"
                else if (Token::Match(tok2->next(), "if return ; else|if return|continue|break ;"))
                {
                    Token::eraseTokens(tok2->tokAt(3), tok2->tokAt(6));
                    done = false;
                }

                // Reduce "if continue|break ; else|if return ;" => "if return ;"
                else if (Token::Match(tok2->next(), "if continue|break ; if|else return ;"))
                {
                    Token::eraseTokens(tok2->next(), tok2->tokAt(5));
                    done = false;
                }

                // Remove "else" after "if continue|break|return"
                else if (Token::Match(tok2->next(), "if continue|break|return ; else"))
                {
                    tok2->tokAt(4)->deleteThis();
                    done = false;
                }

                // Delete "if { dealloc|assign|use ; return ; }"
                else if (Token::Match(tok2, "[;{}] if { dealloc|assign|use ; return ; }"))
                {
                    Token::eraseTokens(tok2, tok2->tokAt(8));
                    if (Token::simpleMatch(tok2->next(), "else"))
                        tok2->deleteNext();
                    done = false;
                }

                // Remove "if { dealloc ; callfunc ; } !!else"
                else if (Token::Match(tok2->next(), "if { dealloc|assign ; callfunc ; } !!else"))
                {
                    Token::eraseTokens(tok2, tok2->tokAt(8));
                    done = false;
                }

                continue;
            }

            // Reduce "alloc while(!var) alloc ;" => "alloc ;"
            if (Token::Match(tok2, "[;{}] alloc ; while(!var) alloc ;"))
            {
                Token::eraseTokens(tok2, tok2->tokAt(4));
                done = false;
            }

            // Reduce "ifv return;" => "if return use;"
            if (Token::simpleMatch(tok2, "ifv return ;"))
            {
                tok2->str("if");
                tok2->next()->insertToken("use");
                done = false;
            }

            // Reduce "if(var) dealloc ;" and "if(var) use ;" that is not followed by an else..
            if (Token::Match(tok2, "[;{}] if(var) assign|dealloc|use ; !!else"))
            {
                Token::eraseTokens(tok2, tok2->tokAt(2));
                done = false;
            }

            // Reduce "; if(!var) alloc ; !!else" => "; dealloc ; alloc ;"
            if (Token::Match(tok2, "; if(!var) alloc ; !!else"))
            {
                // Remove the "if(!var)"
                Token::eraseTokens(tok2, tok2->tokAt(2));

                // Insert "dealloc ;" before the "alloc ;"
                tok2->insertToken(";");
                tok2->insertToken("dealloc");

                done = false;
            }

            // Reduce "; if(!var) exit ;" => ";"
            if (Token::Match(tok2, "; if(!var) exit ;"))
            {
                Token::eraseTokens(tok2, tok2->tokAt(3));
                done = false;
            }

            // Reduce "if* ;"..
            if (Token::Match(tok2->next(), "if(var)|if(!var)|ifv ;"))
            {
                // Followed by else..
                if (Token::simpleMatch(tok2->tokAt(3), "else"))
                {
                    tok2 = tok2->next();
                    if (tok2->str() == "if(var)")
                        tok2->str("if(!var)");
                    else if (tok2->str() == "if(!var)")
                        tok2->str("if(var)");

                    // remove the "; else"
                    Token::eraseTokens(tok2, tok2->tokAt(3));
                }
                else
                {
                    // remove the "if*"
                    Token::eraseTokens(tok2, tok2->tokAt(2));
                }
                done = false;
            }

            // Reduce "else ;" => ";"
            if (Token::simpleMatch(tok2->next(), "else ;"))
            {
                Token::eraseTokens(tok2, tok2->tokAt(2));
                done = false;
            }

            // Reduce "while1 continue| ;" => "use ;"
            if (Token::Match(tok2, "while1 if| continue| ;"))
            {
                tok2->str("use");
                while (tok2->strAt(1) != ";")
                    tok2->deleteNext();
                done = false;
            }

            // Reduce "while1 if break ;" => ";"
            if (Token::simpleMatch(tok2, "while1 if break ;"))
            {
                tok2->str(";");
                Token::eraseTokens(tok2, tok2->tokAt(3));
                done = false;
            }

            // Delete if block: "alloc; if return use ;"
            if (Token::Match(tok2, "alloc ; if return use ; !!else"))
            {
                Token::eraseTokens(tok2, tok2->tokAt(5));
                done = false;
            }

            // Reduce "alloc|dealloc|use|callfunc ; exit ;" => "; exit ;"
            if (Token::Match(tok2, "[;{}] alloc|dealloc|use|callfunc ; exit ;"))
            {
                tok2->deleteNext();
                done = false;
            }

            // Reduce "alloc|dealloc|use ; if(var) exit ;"
            if (Token::Match(tok2, "alloc|dealloc|use ; if(var) exit ;"))
            {
                tok2->deleteThis();
                done = false;
            }

            // Remove "if exit ;"
            if (Token::simpleMatch(tok2, "if exit ;"))
            {
                tok2->deleteThis();
                tok2->deleteThis();
                done = false;
            }

            // Remove the "if break|continue ;" that follows "dealloc ; alloc ;"
            if (! _settings->inconclusive && Token::Match(tok2, "dealloc ; alloc ; if break|continue ;"))
            {
                tok2 = tok2->tokAt(3);
                Token::eraseTokens(tok2, tok2->tokAt(3));
                done = false;
            }

            // if break ; break ; => break ;
            if (Token::Match(tok2->previous(), "[;{}] if break ; break ;"))
            {
                Token::eraseTokens(tok2, tok2->tokAt(4));
                done = false;
            }

            // Reduce "do { dealloc ; alloc ; } while(var) ;" => ";"
            if (Token::simpleMatch(tok2->next(), "do { dealloc ; alloc ; } while(var) ;"))
            {
                Token::eraseTokens(tok2, tok2->tokAt(9));
                done = false;
            }

            // Reduce "do { alloc ; } " => "alloc ;"
            /** @todo If the loop "do { alloc ; }" can be executed twice, reduce it to "loop alloc ;" */
            if (Token::simpleMatch(tok2->next(), "do { alloc ; }"))
            {
                Token::eraseTokens(tok2, tok2->tokAt(3));
                Token::eraseTokens(tok2->tokAt(2), tok2->tokAt(4));
                done = false;
            }

            // Reduce "loop break ; => ";"
            if (Token::Match(tok2->next(), "loop break|continue ;"))
            {
                Token::eraseTokens(tok2, tok2->tokAt(3));
                done = false;
            }

            // Reduce "loop|do ;" => ";"
            if (Token::Match(tok2, "loop|do ;"))
            {
                tok2->deleteThis();
                done = false;
            }

            // Reduce "loop if break|continue ; !!else" => ";"
            if (Token::Match(tok2->next(), "loop if break|continue ; !!else"))
            {
                Token::eraseTokens(tok2, tok2->tokAt(4));
                done = false;
            }

            // Reduce "loop { if break|continue ; !!else" => "loop {"
            if (Token::Match(tok2, "loop { if break|continue ; !!else"))
            {
                Token::eraseTokens(tok2->next(), tok2->tokAt(5));
                done = false;
            }

            // Replace "do ; loop ;" with ";"
            if (Token::simpleMatch(tok2, "; loop ;"))
            {
                Token::eraseTokens(tok2, tok2->tokAt(3));
                done = false;
            }

            // Replace "loop loop .." with "loop .."
            if (Token::simpleMatch(tok2, "loop loop"))
            {
                tok2->deleteThis();
                done = false;
            }

            // Replace "loop if return ;" with "if return ;"
            if (Token::simpleMatch(tok2->next(), "loop if return"))
            {
                Token::eraseTokens(tok2, tok2->tokAt(2));
                done = false;
            }

            // Reduce "loop|while1 { dealloc ; alloc ; }"
            if (Token::Match(tok2, "loop|while1 { dealloc ; alloc ; }"))
            {
                // delete "loop|while1"
                tok2->deleteThis();
                // delete "{"
                tok2->deleteThis();

                // delete "}"
                Token::eraseTokens(tok2->tokAt(3), tok2->tokAt(5));

                done = false;
            }

            // loop { use ; callfunc ; }  =>  use ;
            // assume that the "callfunc" is not noreturn
            if (Token::simpleMatch(tok2, "loop { use ; callfunc ; }"))
            {
                Token::eraseTokens(tok2, tok2->tokAt(7));
                tok2->str("use");
                tok2->insertToken(";");
                done = false;
            }

            // Delete if block in "alloc ; if(!var) return ;"
            if (Token::Match(tok2, "alloc ; if(!var) return ;"))
            {
                Token::eraseTokens(tok2, tok2->tokAt(4));
                done = false;
            }

            // Reduce "[;{}] return use ; %var%" => "[;{}] return use ;"
            if (Token::Match(tok2, "[;{}] return use ; %var%"))
            {
                Token::eraseTokens(tok2->tokAt(3), tok2->tokAt(5));
                done = false;
            }

            // Reduce "if(var) return use ;" => "return use ;"
            if (Token::Match(tok2->next(), "if(var) return use ; !!else"))
            {
                Token::eraseTokens(tok2, tok2->tokAt(2));
                done = false;
            }

            // malloc - realloc => alloc ; dealloc ; alloc ;
            // Reduce "[;{}] alloc ; dealloc ; alloc ;" => "[;{}] alloc ;"
            if (Token::Match(tok2, "[;{}] alloc ; dealloc ; alloc ;"))
            {
                Token::eraseTokens(tok2->next(), tok2->tokAt(6));
                done = false;
            }

            // use; dealloc; => dealloc;
            if (Token::Match(tok2, "[;{}] use ; dealloc ;"))
            {
                Token::eraseTokens(tok2, tok2->tokAt(3));
                done = false;
            }

            // use use => use
            if (Token::simpleMatch(tok2, "use use"))
            {
                tok2->deleteThis();
                done = false;
            }

            // use; if| use; => use;
            while (Token::Match(tok2, "[;{}] use ; if| use ;"))
            {
                Token *t = tok2->tokAt(2);
                t->deleteNext();
                t->deleteNext();
                if (t->strAt(1) == ";")
                    t->deleteNext();
                done = false;
            }

            // Delete first part in "use ; return use ;"
            if (Token::Match(tok2, "[;{}] use ; return use ;"))
            {
                Token::eraseTokens(tok2, tok2->tokAt(3));
                done = false;
            }

            // try/catch
            if (Token::simpleMatch(tok2, "try ; catch exit ;"))
            {
                Token::eraseTokens(tok2, tok2->tokAt(4));
                tok2->deleteThis();
                done = false;
            }

            // Delete second case in "case ; case ;"
            while (Token::simpleMatch(tok2, "case ; case ;"))
            {
                Token::eraseTokens(tok2, tok2->tokAt(3));
                done = false;
            }

            // Replace switch with if (if not complicated)
            if (Token::simpleMatch(tok2, "switch {"))
            {
                // Right now, I just handle if there are a few case and perhaps a default.
                bool valid = false;
                bool incase = false;
                for (const Token * _tok = tok2->tokAt(2); _tok; _tok = _tok->next())
                {
                    if (_tok->str() == "{")
                        break;

                    else if (_tok->str() == "}")
                    {
                        valid = true;
                        break;
                    }

                    else if (_tok->str() == "switch")
                        break;

                    else if (_tok->str() == "loop")
                        break;

                    else if (incase && _tok->str() == "case")
                        break;

                    else if (Token::Match(_tok, "return !!;"))
                        break;

                    if (Token::Match(_tok, "if return|break use| ;"))
                        _tok = _tok->tokAt(2);

                    incase |= (_tok->str() == "case");
                    incase &= (_tok->str() != "break" && _tok->str() != "return");
                }

                if (!incase && valid)
                {
                    done = false;
                    tok2->str(";");
                    Token::eraseTokens(tok2, tok2->tokAt(2));
                    tok2 = tok2->next();
                    bool first = true;
                    while (Token::Match(tok2, "case|default"))
                    {
                        const bool def(tok2->str() == "default");
                        tok2->str(first ? "if" : "}");
                        if (first)
                        {
                            first = false;
                            tok2->insertToken("{");
                        }
                        else
                        {
                            // Insert "else [if] {
                            tok2->insertToken("{");
                            if (! def)
                                tok2->insertToken("if");
                            tok2->insertToken("else");
                            tok2 = tok2->next();
                        }
                        while (tok2)
                        {
                            if (tok2->str() == "}")
                                break;
                            if (Token::Match(tok2, "break|return ;"))
                                break;
                            if (Token::Match(tok2, "if return|break use| ;"))
                                tok2 = tok2->tokAt(2);
                            else
                                tok2 = tok2->next();
                        }
                        if (Token::simpleMatch(tok2, "break ;"))
                        {
                            tok2->str(";");
                            tok2 = tok2->tokAt(2);
                        }
                        else if (tok2 && tok2->str() == "return")
                        {
                            tok2 = tok2->tokAt(2);
                        }
                    }
                }
            }
        }

        // If "--all" is given, remove all "callfunc"..
        if (done && _settings->inconclusive)
        {
            for (Token *tok2 = tok; tok2; tok2 = tok2->next())
            {
                if (tok2->str() == "callfunc")
                {
                    tok2->deleteThis();
                    done = false;
                }
            }
        }
    }
}





const Token *CheckMemoryLeakInFunction::findleak(const Token *tokens)
{
    const Token *result;

    if ((result = Token::findmatch(tokens, "loop alloc ;")) != NULL)
    {
        return result;
    }

    if (Token::Match(tokens, "alloc ; if|if(var)|ifv break|continue|return ;"))
    {
        return tokens->tokAt(3);
    }

    if ((result = Token::findmatch(tokens, "alloc ; if|if(var)|ifv return ;")) != NULL)
    {
        return result->tokAt(3);
    }

    if ((result = Token::findmatch(tokens, "alloc ; alloc|assign|return callfunc| ;")) != NULL)
    {
        return result->tokAt(2);
    }

    if ((result = Token::findmatch(tokens, "; alloc ; if assign ;")) != NULL)
    {
        return result->tokAt(4);
    }

    if (((result = Token::findmatch(tokens, "; alloc ; if dealloc ; }")) != NULL) &&
        !result->tokAt(7))
    {
        return result->tokAt(6);
    }

    if ((result = Token::findmatch(tokens, "alloc ; }")) != NULL)
    {
        if (result->tokAt(3) == NULL)
            return result->tokAt(2);
    }

    // No deallocation / usage => report leak at the last token
    if (!Token::findmatch(tokens, "dealloc|use"))
    {
        const Token *last = tokens;
        while (last->next())
            last = last->next();

        // not a leak if exit is called before the end of the function
        if (!Token::Match(last->tokAt(-2), "exit|callfunc ; }"))
            return last;
    }

    return NULL;
}






// Check for memory leaks for a function variable.
void CheckMemoryLeakInFunction::checkScope(const Token *Tok1, const std::string &varname, unsigned int varid, bool classmember, unsigned int sz)
{
    std::list<const Token *> callstack;

    AllocType alloctype = No;
    AllocType dealloctype = No;

    const Token *result;

    Token *tok = getcode(Tok1, callstack, varid, alloctype, dealloctype, classmember, sz);
    //tok->printOut((std::string("Checkmemoryleak: getcode result for: ") + varname).c_str());

    // Simplify the code and check if freed memory is used..
    for (Token *tok2 = tok; tok2; tok2 = tok2->next())
    {
        while (Token::Match(tok2, "[;{}] ;"))
            Token::eraseTokens(tok2, tok2->tokAt(2));
    }
    if ((result = Token::findmatch(tok, "[;{}] dealloc ; use_ ;")) != NULL)
    {
        deallocuseError(result->tokAt(3), varname);
    }

    // Replace "&use" with "use". Replace "use_" with ";"
    for (Token *tok2 = tok; tok2; tok2 = tok2->next())
    {
        if (tok2->str() == "&use")
            tok2->str("use");
        else if (tok2->str() == "use_")
            tok2->str(";");
        else if (Token::simpleMatch(tok2, "loop use_ {"))
            tok2->deleteNext();
        else if (tok2->str() == "::use")    // Some kind of member function usage. Not analyzed very well.
            tok2->str("use");
        else if (tok2->str() == "recursive")
            tok2->str("use");
        else if (tok2->str() == "dealloc_")
            tok2->str("dealloc");
        else if (tok2->str() == "realloc")
        {
            tok2->str("dealloc");
            tok2->insertToken("alloc");
            tok2->insertToken(";");
        }
    }

    // If the variable is not allocated at all => no memory leak
    if (Token::findmatch(tok, "alloc") == 0)
    {
        Tokenizer::deleteTokens(tok);
        return;
    }

    simplifycode(tok);

    if (_settings->debug && _settings->_verbose)
    {
        tok->printOut(("Checkmemoryleak: simplifycode result for: " + varname).c_str());
    }

    // If the variable is not allocated at all => no memory leak
    if (Token::findmatch(tok, "alloc") == 0)
    {
        Tokenizer::deleteTokens(tok);
        return;
    }

    /** @todo handle "goto" */
    if (Token::findmatch(tok, "goto"))
    {
        Tokenizer::deleteTokens(tok);
        return;
    }

    if ((result = findleak(tok)) != NULL)
    {
        memoryLeak(result, varname, alloctype);
    }

    else if ((result = Token::findmatch(tok, "dealloc ; dealloc ;")) != NULL)
    {
        deallocDeallocError(result->tokAt(2), varname);
    }

    // detect cases that "simplifycode" don't handle well..
    else if (_settings->debugwarnings)
    {
        Token *first = tok;
        while (first && first->str() == ";")
            first = first->next();

        bool noerr = false;
        noerr |= Token::simpleMatch(first, "alloc ; }");
        noerr |= Token::simpleMatch(first, "alloc ; dealloc ; }");
        noerr |= Token::simpleMatch(first, "alloc ; return use ; }");
        noerr |= Token::simpleMatch(first, "alloc ; use ; }");
        noerr |= Token::simpleMatch(first, "alloc ; use ; return ; }");
        noerr |= Token::simpleMatch(first, "alloc ; dealloc ; return ; }");
        noerr |= Token::simpleMatch(first, "if alloc ; dealloc ; }");
        noerr |= Token::simpleMatch(first, "if alloc ; return use ; }");
        noerr |= Token::simpleMatch(first, "if alloc ; use ; }");
        noerr |= Token::simpleMatch(first, "alloc ; ifv return ; dealloc ; }");
        noerr |= Token::simpleMatch(first, "alloc ; if return ; dealloc; }");

        // Unhandled case..
        if (! noerr)
        {
            std::ostringstream errmsg;
            errmsg << "inconclusive leak of " << varname << ": ";
            for (const Token *tok2 = tok; tok2; tok2 = tok2->next())
                errmsg << " " << tok2->str();
            reportError(_tokenizer->tokens(), Severity::debug, "debug", errmsg.str());
        }
    }

    Tokenizer::deleteTokens(tok);
}
//---------------------------------------------------------------------------





//---------------------------------------------------------------------------
// Check for memory leaks due to improper realloc() usage.
//   Below, "a" may be set to null without being freed if realloc() cannot
//   allocate the requested memory:
//     a = malloc(10); a = realloc(a, 100);
//---------------------------------------------------------------------------
void CheckMemoryLeakInFunction::checkReallocUsage()
{
    std::list<Scope>::const_iterator scope;

    for (scope = symbolDatabase->scopeList.begin(); scope != symbolDatabase->scopeList.end(); ++scope)
    {
        // only check functions
        if (scope->type != Scope::eFunction)
            continue;

        // Record the varid's of the function parameters
        std::set<unsigned int> parameterVarIds;
        for (const Token *tok2 = scope->classDef->next(); tok2 && tok2->str() != ")"; tok2 = tok2->next())
        {
            if (tok2->varId() != 0)
                parameterVarIds.insert(tok2->varId());
        }

        const Token *tok = scope->classStart;
        const Token *startOfFunction = tok;

        // Search for the "var = realloc(var, 100);" pattern within this function
        unsigned int indentlevel = 1;
        for (tok = tok->next(); tok; tok = tok->next())
        {
            if (tok->str() == "{")
                ++indentlevel;
            else if (tok->str() == "}")
            {
                --indentlevel;
                if (indentlevel == 0)
                    break;
            }

            if (tok->varId() > 0 &&
                Token::Match(tok, "%var% = realloc|g_try_realloc ( %var% , %any% ) ;|}") &&
                tok->varId() == tok->tokAt(4)->varId() &&
                parameterVarIds.find(tok->varId()) == parameterVarIds.end())
            {
                // Check that another copy of the pointer wasn't saved earlier in the function
                if (Token::findmatch(startOfFunction, "%var% = %varid% ;", tok->varId()) ||
                    Token::findmatch(startOfFunction, "[{};] %varid% = %var% [;=]", tok->varId()))
                    continue;

                // Check that the allocation isn't followed immediately by an 'if (!var) { error(); }' that might handle failure
                if (Token::Match(tok->tokAt(9), "if ( ! %varid% ) {", tok->varId()))
                {
                    const Token* tokEndBrace = tok->tokAt(14)->link();
                    if (tokEndBrace && Token::simpleMatch(tokEndBrace->tokAt(-2), ") ;") &&
                        Token::Match(tokEndBrace->tokAt(-2)->link()->tokAt(-2), "{|}|; %var% ("))
                        continue;
                }

                memleakUponReallocFailureError(tok, tok->str());
            }
        }
    }
}
//---------------------------------------------------------------------------






//---------------------------------------------------------------------------
// Checks for memory leaks inside function..
//---------------------------------------------------------------------------

void CheckMemoryLeakInFunction::parseFunctionScope(const Token *tok, const Token *tok1, const bool classmember)
{
    // Check locking/unlocking of global resources..
    checkScope(tok->next(), "", 0, classmember, 1);

    // Locate parameters and check their usage..
    for (const Token *tok2 = tok1; tok2; tok2 = tok2->next())
    {
        if (tok2 == tok)
            break;
        if (tok2->str() == ")")
            break;
        if (Token::Match(tok2, "[(,] %type% * %var% [,)]") && tok2->next()->isStandardType())
        {
            const std::string varname(tok2->strAt(3));
            const unsigned int varid = tok2->tokAt(3)->varId();
            const unsigned int sz = _tokenizer->sizeOfType(tok2->next());
            checkScope(tok->next(), varname, varid, classmember, sz);
        }
    }

    // Locate variable declarations and check their usage..
    unsigned int indentlevel = 0;
    do
    {
        if (tok->str() == "{")
            ++indentlevel;
        else if (tok->str() == "}")
        {
            if (indentlevel <= 1)
                break;
            --indentlevel;
        }

        // Skip these weird blocks... "( { ... } )"
        if (Token::simpleMatch(tok, "( {"))
        {
            tok = tok->link();
            if (!tok)
                break;
            continue;
        }

        if (!Token::Match(tok, "[{};] %type%"))
            continue;

        // Don't check static/extern variables
        if (Token::Match(tok->next(), "static|extern"))
            continue;

        // return/else is not part of a variable declaration..
        if (Token::Match(tok->next(), "return|else"))
            continue;

        unsigned int sz = _tokenizer->sizeOfType(tok->next());
        if (sz < 1)
            sz = 1;

        if (Token::Match(tok, "[{};] %type% * const| %var% [;=]"))
        {
            const Token *vartok = tok->tokAt(tok->tokAt(3)->str() != "const" ? 3 : 4);
            checkScope(tok->next(), vartok->str(), vartok->varId(), classmember, sz);
        }

        else if (Token::Match(tok, "[{};] %type% %type% * const| %var% [;=]"))
        {
            const Token *vartok = tok->tokAt(tok->tokAt(4)->str() != "const" ? 4 : 5);
            checkScope(tok->next(), vartok->str(), vartok->varId(), classmember, sz);
        }

        else if (Token::Match(tok, "[{};] int %var% [;=]"))
        {
            const Token *vartok = tok->tokAt(2);
            checkScope(tok->next(), vartok->str(), vartok->varId(), classmember, sz);
        }
    }
    while (0 != (tok = tok->next()));
}

void CheckMemoryLeakInFunction::check()
{
    // fill the "noreturn"
    parse_noreturn();

    std::list<Scope>::const_iterator scope;

    for (scope = symbolDatabase->scopeList.begin(); scope != symbolDatabase->scopeList.end(); ++scope)
    {
        // only check functions
        if (scope->type != Scope::eFunction)
            continue;

        const Token *tok = scope->classStart;
        const Token *tok1 = scope->classDef->next();
        bool classmember = scope->functionOf != NULL;

        parseFunctionScope(tok, tok1, classmember);
    }
}
//---------------------------------------------------------------------------





























//---------------------------------------------------------------------------
// Checks for memory leaks in classes..
//---------------------------------------------------------------------------



void CheckMemoryLeakInClass::check()
{
    const SymbolDatabase *symbolDatabase = _tokenizer->getSymbolDatabase();

    std::list<Scope>::const_iterator scope;

    for (scope = symbolDatabase->scopeList.begin(); scope != symbolDatabase->scopeList.end(); ++scope)
    {
        // only check classes and structures
        if (scope->isClassOrStruct())
        {
            std::list<Variable>::const_iterator var;
            for (var = scope->varlist.begin(); var != scope->varlist.end(); ++var)
            {
                if (!var->isStatic() && var->nameToken()->previous()->str() == "*")
                {
                    // allocation but no deallocation of private variables in public function..
                    if (var->nameToken()->tokAt(-2)->isStandardType())
                    {
                        if (var->isPrivate())
                            checkPublicFunctions(&(*scope), var->nameToken());

                        variable(&(*scope), var->nameToken());
                    }

                    // known class?
                    else if (var->type())
                    {
                        // not derived?
                        if (var->type()->derivedFrom.empty())
                        {
                            if (var->isPrivate())
                                checkPublicFunctions(&(*scope), var->nameToken());

                            variable(&(*scope), var->nameToken());
                        }
                    }
                }
            }
        }
    }
}


void CheckMemoryLeakInClass::variable(const Scope *scope, const Token *tokVarname)
{
    const std::string varname = tokVarname->strAt(0);
    const std::string classname = scope->className;

    // Check if member variable has been allocated and deallocated..
    CheckMemoryLeak::AllocType Alloc = CheckMemoryLeak::No;
    CheckMemoryLeak::AllocType Dealloc = CheckMemoryLeak::No;

    bool allocInConstructor = false;
    bool deallocInDestructor = false;

    // Inspect member functions
    std::list<Function>::const_iterator func;
    for (func = scope->functionList.begin(); func != scope->functionList.end(); ++func)
    {
        const Token *functionToken = func->token;
        const bool constructor = func->type == Function::eConstructor;
        const bool destructor = func->type == Function::eDestructor;
        unsigned int indent = 0;
        bool initlist = false;
        for (const Token *tok = functionToken; tok; tok = tok->next())
        {
            if (tok->str() == "{")
                ++indent;
            else if (tok->str() == "}")
            {
                if (indent <= 1)
                    break;
                --indent;
            }
            else if (indent == 0 && Token::simpleMatch(tok, ") :"))
                initlist = true;
            else if (initlist || indent > 0)
            {
                if (indent == 0)
                {
                    if (!Token::Match(tok, (":|, " + varname + " (").c_str()))
                        continue;
                }

                // Allocate..
                if (indent == 0 || Token::Match(tok, (varname + " =").c_str()))
                {
                    // var1 = var2 = ...
                    // bail out
                    if (Token::simpleMatch(tok->previous(), "="))
                        return;

                    // Foo::var1 = ..
                    // bail out when not same class
                    if (Token::simpleMatch(tok->previous(), "::") &&
                        tok->strAt(-2) != scope->className)
                        return;

                    AllocType alloc = getAllocationType(tok->tokAt((indent > 0) ? 2 : 3), 0);
                    if (alloc != CheckMemoryLeak::No)
                    {
                        if (constructor)
                            allocInConstructor = true;

                        if (Alloc != No && Alloc != alloc)
                            alloc = CheckMemoryLeak::Many;

                        std::list<const Token *> callstack;
                        if (alloc != CheckMemoryLeak::Many && Dealloc != CheckMemoryLeak::No && Dealloc != CheckMemoryLeak::Many && Dealloc != alloc)
                        {
                            callstack.push_back(tok);
                            mismatchAllocDealloc(callstack, classname + "::" + varname);
                            callstack.pop_back();
                        }

                        Alloc = alloc;
                    }
                }

                if (indent == 0)
                    continue;

                // Deallocate..
                AllocType dealloc = getDeallocationType(tok, varname);
                if (dealloc == No)
                {
                    std::string temp = scope->className + " :: " + varname;
                    dealloc = getDeallocationType(tok, temp);
                }
                if (dealloc == No)
                {
                    std::string temp = "this . " + varname;
                    dealloc = getDeallocationType(tok, temp);
                }
                if (dealloc != CheckMemoryLeak::No)
                {
                    if (destructor)
                        deallocInDestructor = true;

                    // several types of allocation/deallocation?
                    if (Dealloc != CheckMemoryLeak::No && Dealloc != dealloc)
                        dealloc = CheckMemoryLeak::Many;

                    std::list<const Token *> callstack;
                    if (dealloc != CheckMemoryLeak::Many && Alloc != CheckMemoryLeak::No &&  Alloc != Many && Alloc != dealloc)
                    {
                        callstack.push_back(tok);
                        mismatchAllocDealloc(callstack, classname + "::" + varname);
                        callstack.pop_back();
                    }

                    Dealloc = dealloc;
                }

                // Function call .. possible deallocation
                else if (Token::Match(tok->previous(), "[{};] %var% ("))
                {
                    if (!std::bsearch(tok->str().c_str(), call_func_white_list,
                                      sizeof(call_func_white_list) / sizeof(call_func_white_list[0]),
                                      sizeof(call_func_white_list[0]), call_func_white_list_compare))
                    {
                        return;
                    }
                }
            }
        }
    }

    if (allocInConstructor && !deallocInDestructor)
    {
        memoryLeak(tokVarname, (classname + "::" + varname).c_str(), Alloc);
    }
    else if (Alloc != CheckMemoryLeak::No && Dealloc == CheckMemoryLeak::No)
    {
        memoryLeak(tokVarname, (classname + "::" + varname).c_str(), Alloc);
    }
}


void CheckMemoryLeakInClass::checkPublicFunctions(const Scope *scope, const Token *classtok)
{
    // Check that public functions deallocate the pointers that they allocate.
    // There is no checking how these functions are used and therefore it
    // isn't established if there is real leaks or not.
    if (!_settings->_checkCodingStyle)
        return;

    const unsigned int varid = classtok->varId();

    // Parse public functions..
    // If they allocate member variables, they should also deallocate
    std::list<Function>::const_iterator func;

    for (func = scope->functionList.begin(); func != scope->functionList.end(); ++func)
    {
        if (func->type != Function::eConstructor &&
            func->access == Public && func->hasBody)
        {
            const Token *tok2 = func->token;
            while (tok2->str() != "{")
                tok2 = tok2->next();
            if (Token::Match(tok2, "{|}|; %varid% =", varid))
            {
                const CheckMemoryLeak::AllocType alloc = getAllocationType(tok2->tokAt(3), varid);
                if (alloc != CheckMemoryLeak::No)
                    publicAllocationError(tok2, tok2->strAt(1));
            }
            else if (Token::Match(tok2, "{|}|; %type% :: %varid% =", varid) &&
                     tok2->next()->str() == scope->className)
            {
                const CheckMemoryLeak::AllocType alloc = getAllocationType(tok2->tokAt(5), varid);
                if (alloc != CheckMemoryLeak::No)
                    publicAllocationError(tok2, tok2->strAt(3));
            }
        }
    }
}

void CheckMemoryLeakInClass::publicAllocationError(const Token *tok, const std::string &varname)
{
    reportError(tok, Severity::warning, "publicAllocationError", "Possible leak in public function. The pointer '" + varname + "' is not deallocated before it is allocated.");
}



void CheckMemoryLeakStructMember::check()
{
    // This should be in the CheckMemoryLeak base class
    std::set<std::string> ignoredFunctions;
    ignoredFunctions.insert("if");
    ignoredFunctions.insert("for");
    ignoredFunctions.insert("while");
    ignoredFunctions.insert("malloc");


    unsigned int indentlevel1 = 0;
    for (const Token *tok = _tokenizer->tokens(); tok; tok = tok->next())
    {
        if (tok->str() == "{")
            ++indentlevel1;
        else if (tok->str() == "}")
            --indentlevel1;

        // Locate struct variables..
        if (indentlevel1 > 0 && Token::Match(tok, "struct|;|{|} %type% * %var% [=;]"))
        {
            const Token * const vartok = tok->tokAt(3);
            if (vartok->varId() == 0)
                continue;

            // Check that struct is allocated..
            {
                const unsigned int varid(vartok->varId());
                bool alloc = false;
                unsigned int indentlevel2 = 0;
                for (const Token *tok2 = vartok; tok2; tok2 = tok2->next())
                {
                    if (tok2->str() == "{")
                        ++indentlevel2;
                    else if (tok2->str() == "}")
                    {
                        if (indentlevel2 == 0)
                            break;
                        --indentlevel2;
                    }
                    else if (Token::Match(tok2, "= %varid% [;=]", varid))
                    {
                        alloc = false;
                        break;
                    }
                    else if (Token::Match(tok2, "%varid% = malloc|kmalloc (", varid))
                    {
                        alloc = true;
                    }
                }
                if (!alloc)
                    continue;
            }

            // Check struct..
            unsigned int indentlevel2 = 0;
            for (const Token *tok2 = vartok; tok2; tok2 = tok2->next())
            {
                if (tok2->str() == "{")
                    ++indentlevel2;

                else if (tok2->str() == "}")
                {
                    if (indentlevel2 == 0)
                        break;
                    --indentlevel2;
                }

                // Unknown usage of struct
                /** @todo Check how the struct is used. Only bail out if necessary */
                else if (Token::Match(tok2, "[(,] %varid% [,)]", vartok->varId()))
                    break;

                // Struct member is allocated => check if it is also properly deallocated..
                else if (Token::Match(tok2->previous(), "[;{}] %varid% . %var% = malloc|strdup|kmalloc (", vartok->varId()))
                {
                    const unsigned int structid(vartok->varId());
                    const unsigned int structmemberid(tok2->tokAt(2)->varId());

                    // This struct member is allocated.. check that it is deallocated
                    unsigned int indentlevel3 = indentlevel2;
                    for (const Token *tok3 = tok2; tok3; tok3 = tok3->next())
                    {
                        if (tok3->str() == "{")
                            ++indentlevel3;

                        else if (tok3->str() == "}")
                        {
                            if (indentlevel3 == 0)
                            {
                                memoryLeak(tok3, (vartok->str() + "." + tok2->strAt(2)).c_str(), Malloc);
                                break;
                            }
                            --indentlevel3;
                        }

                        // Deallocating the struct member..
                        else if (Token::Match(tok3, "free|kfree ( %var% . %varid% )", structmemberid))
                        {
                            // If the deallocation happens at the base level, don't check this member anymore
                            if (indentlevel3 == 0)
                                break;

                            // deallocating and then returning from function in a conditional block =>
                            // skip ahead out of the block
                            bool ret = false;
                            while (tok3)
                            {
                                // debug info
                                const std::string tok3str_(tok3->str());
                                if (tok3->str() == "return")
                                    ret = true;
                                else if (tok3->str() == "{" || tok3->str() == "}")
                                    break;
                                tok3 = tok3->next();
                            }
                            if (!ret || !tok3 || tok3->str() != "}")
                                break;
                            --indentlevel3;
                            continue;
                        }

                        // Deallocating the struct..
                        else if (indentlevel2 == 0 && Token::Match(tok3, "free|kfree ( %varid% )", structid))
                        {
                            memoryLeak(tok3, (vartok->str() + "." + tok2->strAt(2)).c_str(), Malloc);
                            break;
                        }

                        // failed allocation => skip code..
                        else if (Token::Match(tok3, "if ( ! %var% . %varid% )", structmemberid))
                        {
                            // Goto the ")"
                            tok3 = tok3->next()->link();

                            // make sure we have ") {".. it should be
                            if (!Token::simpleMatch(tok3, ") {"))
                                break;

                            // Goto the "}"
                            tok3 = tok3->next()->link();
                        }

                        // succeeded allocation
                        else if (Token::Match(tok3, "if ( %var% . %varid% ) {", structmemberid))
                        {
                            // goto the ")"
                            tok3 = tok3->next()->link();

                            // check if the variable is deallocated or returned..
                            unsigned int indentlevel4 = 0;
                            for (const Token *tok4 = tok3; tok4; tok4 = tok4->next())
                            {
                                if (tok4->str() == "{")
                                    ++indentlevel4;
                                else if (tok4->str() == "}")
                                {
                                    --indentlevel4;
                                    if (indentlevel4 == 0)
                                        break;
                                }
                                else if (Token::Match(tok4, "free|kfree ( %var% . %varid% )", structmemberid))
                                {
                                    break;
                                }
                            }

                            // was there a proper deallocation?
                            if (indentlevel4 > 0)
                                break;
                        }

                        // Returning from function..
                        else if (tok3->str() == "return")
                        {
                            // Returning from function without deallocating struct member?
                            if (!Token::Match(tok3, "return %varid% ;", structid) &&
                                !Token::Match(tok3, "return & %varid% .", structid))
                            {
                                memoryLeak(tok3, (vartok->str() + "." + tok2->strAt(2)).c_str(), Malloc);
                            }
                            break;
                        }

                        // goto isn't handled well.. bail out even though there might be leaks
                        else if (tok3->str() == "goto")
                            break;

                        // using struct in a function call..
                        else if (Token::Match(tok3, "%var% ("))
                        {
                            // Calling non-function / function that doesn't deallocate?
                            if (ignoredFunctions.find(tok3->str()) != ignoredFunctions.end())
                                continue;

                            // Check if the struct is used..
                            bool deallocated = false;
                            unsigned int parlevel = 0;
                            for (const Token *tok4 = tok3; tok4; tok4 = tok4->next())
                            {
                                if (tok4->str() == "(")
                                    ++parlevel;

                                else if (tok4->str() == ")")
                                {
                                    if (parlevel <= 1)
                                        break;
                                    --parlevel;
                                }

                                if (Token::Match(tok4, "[(,] %varid% [,)]", structid))
                                {
                                    /** @todo check if the function deallocates the memory */
                                    deallocated = true;
                                    break;
                                }
                            }

                            if (deallocated)
                                break;
                        }
                    }
                }
            }
        }
    }
}



#include "checkuninitvar.h"		// CheckUninitVar::analyse

void CheckMemoryLeakNoVar::check()
{
    std::set<std::string> uvarFunctions;
    {
        const CheckUninitVar c(_tokenizer, _settings, _errorLogger);
        c.analyse(_tokenizer->tokens(), uvarFunctions);
    }

    const SymbolDatabase *symbolDatabase = _tokenizer->getSymbolDatabase();

    std::list<Scope>::const_iterator scope;

    for (scope = symbolDatabase->scopeList.begin(); scope != symbolDatabase->scopeList.end(); ++scope)
    {
        // only check functions
        if (scope->type != Scope::eFunction)
            continue;

        // goto the "}" that ends the executable scope..
        const Token *tok = scope->classEnd;

        // parse the executable scope until tok is reached...
        for (const Token *tok2 = tok->link(); tok2 && tok2 != tok; tok2 = tok2->next())
        {
            // allocating memory in parameter for function call..
            if (Token::Match(tok2, "[(,] %var% (") && Token::Match(tok2->tokAt(2)->link(), ") [,)]"))
            {
                const AllocType allocType = getAllocationType(tok2->next(), 0);
                if (allocType != No)
                {
                    // locate outer function call..
                    for (const Token *tok3 = tok2; tok3; tok3 = tok3->previous())
                    {
                        if (tok3->str() == "(")
                        {
                            // Is it a function call..
                            if (Token::Match(tok3->tokAt(-2), "[(,;{}] %var% ("))
                            {
                                const std::string functionName = tok3->strAt(-1);
                                if (functionName == "delete" ||
                                    functionName == "free" ||
                                    functionName == "fclose" ||
                                    functionName == "realloc")
                                    break;
                                if (CheckMemoryLeakInFunction::test_white_list(functionName))
                                {
                                    functionCallLeak(tok2, tok2->strAt(1), functionName);
                                    break;
                                }
                                if (uvarFunctions.find(functionName) != uvarFunctions.end())
                                {
                                    functionCallLeak(tok2, tok2->strAt(1), functionName);
                                    break;
                                }
                            }
                            break;
                        }
                        else if (tok3->str() == ")")
                            tok3 = tok3->link();
                        else if (Token::Match(tok3, "[;{}]"))
                            break;
                    }
                }
            }
        }
    }
}

void CheckMemoryLeakNoVar::functionCallLeak(const Token *loc, const std::string &alloc, const std::string &functionCall)
{
    reportError(loc, Severity::error, "leakNoVarFunctionCall", "Allocation with " + alloc + ", " + functionCall + " doesn't release it.");
}