cppcheck/CheckMemoryLeak.cpp

707 lines
20 KiB
C++

#include "CheckMemoryLeak.h"
#include "tokenize.h"
#include "CommonCheck.h"
#include <stdlib.h> // free
#include <vector>
#include <sstream>
#ifdef __BORLANDC__
#include <mem.h> // <- memset
#else
#include <string.h>
#endif
//---------------------------------------------------------------------------
static bool isclass( const std::string &typestr )
{
if ( typestr == "char" ||
typestr == "short" ||
typestr == "int" ||
typestr == "long" ||
typestr == "float" ||
typestr == "double" )
return false;
std::ostringstream pattern;
pattern << "struct " << typestr << " [;{]";
if ( findmatch( tokens, pattern.str().c_str() ) )
return false;
return true;
}
//---------------------------------------------------------------------------
enum AllocType { No, Malloc, New, NewA };
// Extra allocation..
class AllocFunc
{
public:
const char *funcname;
AllocType alloctype;
AllocFunc(const char f[], AllocType a)
{
funcname = f;
alloctype = a;
}
};
static std::list<AllocFunc> listallocfunc;
static AllocType GetAllocationType( const TOKEN *tok2 )
{
// What we may have...
// * var = (char *)malloc(10);
// * var = new char[10];
// * var = strdup("hello");
if ( tok2 && tok2->str[0] == '(' )
{
while ( tok2 && tok2->str[0] != ')' )
tok2 = tok2->next;
tok2 = tok2 ? tok2->next : NULL;
}
if ( ! tok2 )
return No;
// Does tok2 point on "malloc", "strdup" or "kmalloc"..
const char *mallocfunc[] = {"malloc",
"calloc",
"realloc",
"strdup",
"kmalloc",
"kzalloc",
"g_malloc",
0};
for ( unsigned int i = 0; mallocfunc[i]; i++ )
{
if ( strcmp(mallocfunc[i], tok2->str) == 0 )
return Malloc;
}
if ( Match( tok2, "new %type% [;(]" ) )
return New;
if ( Match( tok2, "new %type% [" ) )
return NewA;
// Userdefined allocation function..
std::list<AllocFunc>::const_iterator it = listallocfunc.begin();
while ( it != listallocfunc.end() )
{
if ( strcmp(tok2->str, it->funcname) == 0 )
return it->alloctype;
++it;
}
return No;
}
static AllocType GetDeallocationType( const TOKEN *tok, const char *varnames[] )
{
// Redundant condition..
if ( Match(tok, "if ( %var1% )", varnames) )
{
tok = gettok( tok, 4 );
if ( Match(tok,"{") )
tok = tok->next;
}
if ( Match(tok, "delete %var1% ;", varnames) )
return New;
if ( Match(tok, "delete [ ] %var1% ;", varnames) )
return NewA;
if ( Match(tok, "free ( %var1% ) ;", varnames) ||
Match(tok, "kfree ( %var1% ) ;", varnames) ||
Match(tok, "g_free ( %var1% ) ;", varnames) )
{
return Malloc;
}
return No;
}
//---------------------------------------------------------------------------
static void MismatchError( const TOKEN *Tok1, const char varname[] )
{
std::ostringstream errmsg;
errmsg << FileLine(Tok1) << ": Mismatching allocation and deallocation: " << varname;
ReportErr( errmsg.str() );
}
//---------------------------------------------------------------------------
static void MemoryLeak( const TOKEN *tok, const char varname[] )
{
std::ostringstream errmsg;
errmsg << FileLine(tok) << ": Memory leak: " << varname;
ReportErr( errmsg.str() );
}
//---------------------------------------------------------------------------
extern bool ShowAll;
static TOKEN *getcode(const TOKEN *tok, const char varname[])
{
const char *varnames[2];
varnames[0] = varname;
varnames[1] = 0;
TOKEN *rethead = 0, *rettail = 0;
#define addtoken(_str) \
{ \
TOKEN *newtok = new TOKEN; \
newtok->str = strdup(_str); \
newtok->linenr = tok->linenr; \
newtok->FileIndex = tok->FileIndex; \
newtok->next = 0; \
if (rettail) \
rettail->next = newtok; \
else \
rethead = newtok; \
rettail=newtok; \
}
AllocType alloctype = No;
AllocType dealloctype = No;
int indentlevel = 0;
int parlevel = 0;
for ( ; tok; tok = tok->next )
{
if ( tok->str[0] == '{' )
{
addtoken( "{" );
indentlevel++;
}
else if ( tok->str[0] == '}' )
{
addtoken( "}" );
if ( indentlevel <= 0 )
break;
indentlevel--;
}
if ( tok->str[0] == '(' )
parlevel++;
else if ( tok->str[0] == ')' )
parlevel--;
if ( parlevel == 0 && tok->str[0]==';')
addtoken(";");
if (Match(tok, "[(;{}] %var1% = ", varnames))
{
AllocType alloc = GetAllocationType(gettok(tok,3));
// If "--all" hasn't been given, don't check classes..
if ( alloc == New && ! ShowAll )
{
if ( Match(gettok(tok,3), "new %var% ;") )
{
if ( isclass( getstr(tok, 4) ) )
alloc = No;
}
}
if ( alloc != No )
{
addtoken("alloc");
if (alloctype!=No && alloctype!=alloc)
MismatchError(tok, varname);
if (dealloctype!=No && dealloctype!=alloc)
MismatchError(tok, varname);
alloctype = alloc;
}
}
AllocType dealloc = GetDeallocationType(tok, varnames);
if ( dealloc != No )
{
addtoken("dealloc");
if (alloctype!=No && alloctype!=dealloc)
MismatchError(tok, varname);
if (dealloctype!=No && dealloctype!=dealloc)
MismatchError(tok, varname);
dealloctype = dealloc;
}
// if else switch
if ( Match(tok, "if ( %var1% )", varnames) ||
Match(tok, "if ( %var1% != NULL )", varnames) )
{
addtoken("if(var)");
}
else if ( Match(tok, "if ( ! %var1% )", varnames) ||
Match(tok, "if ( unlikely ( ! %var1% ) )", varnames) ||
Match(tok, "if ( unlikely ( %var1% == NULL ) )", varnames) ||
Match(tok, "if ( %var1% == NULL )", varnames) ||
Match(tok, "if ( NULL == %var1% )", varnames) ||
Match(tok, "if ( %var1% == 0 )", varnames) )
{
addtoken("if(!var)");
}
else
{
if (Match(tok, "if") ||
Match(tok, "else") ||
Match(tok, "switch") ||
Match(tok, "case") ||
Match(tok, "default"))
addtoken(tok->str);
}
// Loops..
if (Match(tok, "for") || Match(tok, "while") || Match(tok, "do") )
addtoken("loop");
// continue / break..
if ( Match(tok, "continue") )
addtoken("continue");
if ( Match(tok, "break") )
addtoken("break");
// Return..
if ( Match(tok, "return") )
{
addtoken("return");
if ( Match(tok, "return %var1%", varnames) ||
Match(tok, "return & %var1%", varnames) )
addtoken("use");
}
// Assignment..
if ( Match(tok,"[)=] %var1%", varnames) )
addtoken("use");
// Function parameter..
if ( Match(tok, "[(,] %var1% [,)]", varnames) )
addtoken("use");
// Linux lists..
if ( Match( tok, "[=(,] & %var1% [.[]", varnames ) )
addtoken("use");
}
return rethead;
}
static void erase(TOKEN *begin, const TOKEN *end)
{
if ( ! begin )
return;
while ( begin->next && begin->next != end )
{
TOKEN *next = begin->next;
begin->next = begin->next->next;
free(next->str);
delete next;
}
}
// Simpler but less powerful than "CheckMemoryLeak_CheckScope_All"
static void CheckMemoryLeak_CheckScope( const TOKEN *Tok1, const char varname[] )
{
TOKEN *tok = getcode( Tok1, varname );
// If the variable is not allocated at all => no memory leak
if (findmatch(tok, "alloc") == 0)
{
deleteTokens(tok);
return;
}
// reduce the code..
bool done = false;
while ( ! done )
{
done = true;
for (TOKEN *tok2 = tok ; tok2; tok2 = tok2->next )
{
// Delete extra ";"
while (Match(tok2,"[;{}] ;"))
{
erase(tok2, gettok(tok2,2));
done = false;
}
// Replace "{ }" with ";"
if ( Match(tok2->next, "{ }") )
{
tok2->next->str[0] = ';';
erase(tok2->next, gettok(tok2,3));
done = false;
}
// Delete braces around a single instruction..
if ( Match(tok2->next, "{ %var% ; }") )
{
erase( tok2, gettok(tok2,2) );
erase( tok2->next->next, gettok(tok2,4) );
done = false;
}
if ( Match(tok2->next, "{ return use ; }") )
{
erase( tok2, gettok(tok2,2) );
erase( tok2->next->next->next, gettok(tok2,5) );
done = false;
}
// Delete empty if
if ( Match(tok2,"[;{}] if ;") ||
Match(tok2,"[;{}] if(var) ;") ||
Match(tok2,"[;{}] if(!var) ;") )
{
if ( ! Match(gettok(tok2,3), "else") )
{
erase(tok2, gettok(tok2, 3));
done = false;
continue;
}
}
// Delete "else ;" and "else if ;"
if ( Match(tok2->next, "else if ;") )
{
erase(tok2, gettok(tok2,4));
done = false;
}
if ( Match(tok2->next, "else ;") )
{
erase(tok2, gettok(tok2,3));
done = false;
}
// Delete if block: "alloc; if return use ;"
if (Match(tok2,"alloc ; if return use ;") && !Match(gettok(tok2,6),"else"))
{
erase(tok2, gettok(tok2,5));
done = false;
}
// Replace "if { dealloc ; return ; }" with "if ;"
if (Match(tok2,"if { dealloc ; return ; }"))
{
erase(tok2, gettok(tok2, 6));
free(tok2->next->str);
tok2->next->str = strdup(";");
done = false;
}
// "[;{}] if alloc ; else return ;" => "[;{}] alloc ;"
if (Match(tok2,"[;{}] if alloc ; else return ;"))
{
erase(tok2, gettok(tok2,2)); // Remove "if"
erase(tok2->next, gettok(tok2,5)); // Remove "; else return"
done = false;
}
// Replace "dealloc use ;" with "dealloc ;"
if ( Match(tok2, "dealloc use ;") )
{
erase(tok2, gettok(tok2,2));
done = false;
}
// Delete "loop ;"
if ( Match(tok2->next, "loop ;") )
{
erase(tok2, gettok(tok2,3));
done = false;
}
// Delete if block in "alloc ; if(!var) return ;"
if ( Match(tok2, "alloc ; if(!var) return ;") )
{
erase(tok2, gettok(tok2,4));
done = false;
}
// Delete second use in "use ; use;"
while (Match(tok2, "use ; use ;"))
{
erase(tok2, gettok(tok2,3));
done = false;
}
}
}
if ( findmatch(tok, "alloc ; if continue ;") )
{
MemoryLeak(gettok(findmatch(tok, "alloc ; if continue ;"), 3), varname);
}
else if ( findmatch(tok, "alloc ; if return ;") )
{
MemoryLeak(gettok(findmatch(tok, "alloc ; if return ;"), 3), varname);
}
else if ( findmatch(tok, "alloc ; return ;") )
{
MemoryLeak(gettok(findmatch(tok,"alloc ; return ;"),2), varname);
}
else if ( ! findmatch(tok,"dealloc") &&
! findmatch(tok,"use") &&
! findmatch(tok,"return use ;") )
{
const TOKEN *last = tok;
while (last->next)
last = last->next;
MemoryLeak(last, varname);
}
deleteTokens(tok);
}
//---------------------------------------------------------------------------
//---------------------------------------------------------------------------
// Checks for memory leaks inside function..
//---------------------------------------------------------------------------
static void CheckMemoryLeak_InFunction()
{
bool infunc = false;
int indentlevel = 0;
for (const TOKEN *tok = tokens; tok; tok = tok->next)
{
if (tok->str[0]=='{')
indentlevel++;
else if (tok->str[0]=='}')
indentlevel--;
// In function..
if ( indentlevel == 0 )
{
if ( Match(tok, ") {") )
infunc = true;
if ( Match(tok, "[;}]") )
infunc = false;
}
// Declare a local variable => Check
if (indentlevel>0 && infunc)
{
if ( Match(tok, "[{};] %type% * %var% [;=]") )
CheckMemoryLeak_CheckScope( tok->next, getstr(tok, 3) );
else if ( Match(tok, "[{};] %type% %type% * %var% [;=]") )
CheckMemoryLeak_CheckScope( tok->next, getstr(tok, 4) );
}
}
}
//---------------------------------------------------------------------------
//---------------------------------------------------------------------------
// Checks for memory leaks in classes..
//---------------------------------------------------------------------------
static void CheckMemoryLeak_ClassMembers_ParseClass( const TOKEN *tok1, std::vector<const char *> &classname );
static void CheckMemoryLeak_ClassMembers_Variable( const std::vector<const char *> &classname, const char varname[] );
static void CheckMemoryLeak_ClassMembers()
{
int indentlevel = 0;
for ( const TOKEN *tok = tokens; tok; tok = tok->next )
{
if ( tok->str[0] == '{' )
indentlevel++;
else if ( tok->str[0] == '}' )
indentlevel--;
else if ( indentlevel == 0 && Match(tok, "class %var% [{:]") )
{
std::vector<const char *> classname;
classname.push_back( getstr(tok, 1) );
CheckMemoryLeak_ClassMembers_ParseClass( tok, classname );
}
}
}
static void CheckMemoryLeak_ClassMembers_ParseClass( const TOKEN *tok1, std::vector<const char *> &classname )
{
// Go into class.
while ( tok1 && tok1->str[0] != '{' )
tok1 = tok1->next;
if ( tok1 )
tok1 = tok1->next;
int indentlevel = 0;
for ( const TOKEN *tok = tok1; tok; tok = tok->next )
{
if ( tok->str[0] == '{' )
indentlevel++;
else if ( tok->str[0] == '}' )
{
indentlevel--;
if ( indentlevel < 0 )
return;
}
// Only parse this particular class.. not subclasses
if ( indentlevel > 0 )
continue;
// Declaring subclass.. recursive checking
if ( Match(tok, "class %var% [{:]") )
{
classname.push_back( getstr(tok, 1) );
CheckMemoryLeak_ClassMembers_ParseClass( tok, classname );
classname.pop_back();
}
// Declaring member variable.. check allocations and deallocations
if ( Match(tok->next, "%type% * %var% ;") )
{
if ( IsName(tok->str) || strchr(";}", tok->str[0]) )
{
if (ShowAll || !isclass(getstr(tok,1)))
CheckMemoryLeak_ClassMembers_Variable( classname, getstr(tok, 3) );
}
}
}
}
static void CheckMemoryLeak_ClassMembers_Variable( const std::vector<const char *> &classname, const char varname[] )
{
// Function pattern.. Check if member function
char fpattern[500] = {0};
for ( unsigned int i = 0; i < classname.size(); i++ )
{
strcat( fpattern, classname[i] );
strcat( fpattern, " :: " );
}
strcat( fpattern, "%var% (" );
// Destructor pattern.. Check if class destructor..
char destructor[500] = {0};
for ( unsigned int i = 0; i < classname.size(); i++ )
{
strcat( destructor, classname[i] );
strcat( destructor, " :: " );
}
strcat( destructor, " ~" );
strcat( destructor, classname.back() );
strcat( destructor, " (" );
// Pattern used in member function. "Var = ..."
std::ostringstream varname_eq;
varname_eq << varname << " =";
// Full variable name..
std::ostringstream FullVariableName;
for ( unsigned int i = 0; i < classname.size(); i++ )
FullVariableName << classname[i] << "::";
FullVariableName << varname;
// Check if member variable has been allocated and deallocated..
AllocType Alloc = No;
AllocType Dealloc = No;
// Loop through all tokens. Inspect member functions
bool memberfunction = false;
int indentlevel = 0;
for ( const TOKEN *tok = tokens; tok; tok = tok->next )
{
if ( tok->str[0] == '{' )
indentlevel++;
else if ( tok->str[0] == '}' )
indentlevel--;
// Set the 'memberfunction' variable..
if ( indentlevel == 0 )
{
if ( strchr(";}", tok->str[0]) )
memberfunction = false;
else if ( Match( tok, fpattern ) || Match( tok, destructor ) )
memberfunction = true;
}
// Parse member function..
if ( indentlevel > 0 && memberfunction )
{
// Allocate..
if ( Match( tok, varname_eq.str().c_str() ) )
{
AllocType alloc = GetAllocationType( gettok( tok, 2 ) );
if ( alloc != No )
{
if ( Dealloc != No && Dealloc != alloc )
MismatchError( tok, FullVariableName.str().c_str() );
if ( Alloc != No && Alloc != alloc )
MismatchError( tok, FullVariableName.str().c_str() );
Alloc = alloc;
}
}
// Deallocate..
const char *varnames[2] = { "var", 0 };
varnames[0] = varname;
AllocType dealloc = GetDeallocationType( tok, varnames );
if ( dealloc != No )
{
if ( Dealloc != No && Dealloc != dealloc )
MismatchError( tok, FullVariableName.str().c_str() );
if ( Alloc != No && Alloc != dealloc )
MismatchError( tok, FullVariableName.str().c_str() );
Dealloc = dealloc;
}
}
}
if ( Alloc != No && Dealloc == No )
{
MemoryLeak( tokens, FullVariableName.str().c_str() );
}
}
//---------------------------------------------------------------------------
// Checks for memory leaks..
//---------------------------------------------------------------------------
void CheckMemoryLeak()
{
listallocfunc.clear();
// Check for memory leaks inside functions..
CheckMemoryLeak_InFunction();
// Check that all class members are deallocated..
CheckMemoryLeak_ClassMembers();
}
//---------------------------------------------------------------------------