clang/test/Analysis/malloc-refcounted.c - llvm-project - Git at Google

 // RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.Malloc -verify %s
 //

 typedef __SIZE_TYPE__ size_t;

 typedef enum memory_order {
   memory_order_relaxed = __ATOMIC_RELAXED,
 } memory_order;

 void *calloc(size_t, size_t);
 void free(void *);

 struct SomeData {
   int i;
   _Atomic int ref;
 };

 static struct SomeData *alloc_data(void)
 {
   struct SomeData *data = calloc(sizeof(*data), 1);

   __c11_atomic_store(&data->ref, 2, memory_order_relaxed);
   return data;
 }

 static void put_data(struct SomeData *data)
 {
  if (__c11_atomic_fetch_sub(&data->ref, 1, memory_order_relaxed) == 1)
    free(data);
 }

 static int dec_refcounter(struct SomeData *data)
 {
   return __c11_atomic_fetch_sub(&data->ref, 1, memory_order_relaxed) == 1;
 }

 static void put_data_nested(struct SomeData *data)
 {
   if (dec_refcounter(data))
     free(data);
 }

 static void put_data_uncond(struct SomeData *data)
 {
   free(data);
 }

 static void put_data_unrelated_atomic(struct SomeData *data)
 {
   free(data);
   __c11_atomic_fetch_sub(&data->ref, 1, memory_order_relaxed);
 }

 void test_no_uaf(void)
 {
   struct SomeData *data = alloc_data();
   put_data(data);
   data->i += 1; // no warning
 }

 void test_no_uaf_nested(void)
 {
   struct SomeData *data = alloc_data();
   put_data_nested(data);
   data->i += 1; // no warning
 }

 void test_uaf(void)
 {
   struct SomeData *data = alloc_data();
   put_data_uncond(data);
   data->i += 1; // expected-warning{{Use of memory after it is released}}
 }

 void test_no_uaf_atomic_after(void)
 {
   struct SomeData *data = alloc_data();
   put_data_unrelated_atomic(data);
   data->i += 1; // expected-warning{{Use of memory after it is released}}
 }
	// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.Malloc -verify %s
	//

	typedef __SIZE_TYPE__ size_t;

	typedef enum memory_order {
	memory_order_relaxed = __ATOMIC_RELAXED,
	} memory_order;

	void *calloc(size_t, size_t);
	void free(void *);

	struct SomeData {
	int i;
	_Atomic int ref;
	};

	static struct SomeData *alloc_data(void)
	{
	struct SomeData data = calloc(sizeof(data), 1);

	__c11_atomic_store(&data->ref, 2, memory_order_relaxed);
	return data;
	}

	static void put_data(struct SomeData *data)
	{
	if (__c11_atomic_fetch_sub(&data->ref, 1, memory_order_relaxed) == 1)
	free(data);
	}

	static int dec_refcounter(struct SomeData *data)
	{
	return __c11_atomic_fetch_sub(&data->ref, 1, memory_order_relaxed) == 1;
	}

	static void put_data_nested(struct SomeData *data)
	{
	if (dec_refcounter(data))
	free(data);
	}

	static void put_data_uncond(struct SomeData *data)
	{
	free(data);
	}

	static void put_data_unrelated_atomic(struct SomeData *data)
	{
	free(data);
	__c11_atomic_fetch_sub(&data->ref, 1, memory_order_relaxed);
	}

	void test_no_uaf(void)
	{
	struct SomeData *data = alloc_data();
	put_data(data);
	data->i += 1; // no warning
	}

	void test_no_uaf_nested(void)
	{
	struct SomeData *data = alloc_data();
	put_data_nested(data);
	data->i += 1; // no warning
	}

	void test_uaf(void)
	{
	struct SomeData *data = alloc_data();
	put_data_uncond(data);
	data->i += 1; // expected-warning{{Use of memory after it is released}}
	}

	void test_no_uaf_atomic_after(void)
	{
	struct SomeData *data = alloc_data();
	put_data_unrelated_atomic(data);
	data->i += 1; // expected-warning{{Use of memory after it is released}}
	}