1 //=- RunLoopAutoreleaseLeakChecker.cpp --------------------------*- C++ -*-==//
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
8 //===----------------------------------------------------------------------===//
10 // A checker for detecting leaks resulting from allocating temporary
11 // autoreleased objects before starting the main run loop.
13 // Checks for two antipatterns:
14 // 1. ObjCMessageExpr followed by [[NSRunLoop mainRunLoop] run] in the same
16 // 2. ObjCMessageExpr followed by [[NSRunLoop mainRunLoop] run] in no
19 // Any temporary objects autoreleased in code called in those expressions
20 // will not be deallocated until the program exits, and are effectively leaks.
22 //===----------------------------------------------------------------------===//
25 #include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
26 #include "clang/AST/Decl.h"
27 #include "clang/AST/DeclObjC.h"
28 #include "clang/ASTMatchers/ASTMatchFinder.h"
29 #include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h"
30 #include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
31 #include "clang/StaticAnalyzer/Core/Checker.h"
32 #include "clang/StaticAnalyzer/Core/CheckerManager.h"
33 #include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"
34 #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
35 #include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h"
37 using namespace clang
;
39 using namespace ast_matchers
;
43 const char * RunLoopBind
= "NSRunLoopM";
44 const char * RunLoopRunBind
= "RunLoopRunM";
45 const char * OtherMsgBind
= "OtherMessageSentM";
46 const char * AutoreleasePoolBind
= "AutoreleasePoolM";
47 const char * OtherStmtAutoreleasePoolBind
= "OtherAutoreleasePoolM";
49 class RunLoopAutoreleaseLeakChecker
: public Checker
<check::ASTCodeBody
> {
52 void checkASTCodeBody(const Decl
*D
,
54 BugReporter
&BR
) const;
58 } // end anonymous namespace
60 /// \return Whether @c A occurs before @c B in traversal of
62 /// Conceptually a very incomplete/unsound approximation of happens-before
63 /// relationship (A is likely to be evaluated before B),
64 /// but useful enough in this case.
65 static bool seenBefore(const Stmt
*Parent
, const Stmt
*A
, const Stmt
*B
) {
66 for (const Stmt
*C
: Parent
->children()) {
75 return seenBefore(C
, A
, B
);
80 static void emitDiagnostics(BoundNodes
&Match
,
84 const RunLoopAutoreleaseLeakChecker
*Checker
) {
87 const Stmt
*DeclBody
= D
->getBody();
89 AnalysisDeclContext
*ADC
= AM
.getAnalysisDeclContext(D
);
91 const auto *ME
= Match
.getNodeAs
<ObjCMessageExpr
>(OtherMsgBind
);
95 Match
.getNodeAs
<ObjCAutoreleasePoolStmt
>(AutoreleasePoolBind
);
97 Match
.getNodeAs
<ObjCAutoreleasePoolStmt
>(OtherStmtAutoreleasePoolBind
);
98 bool HasAutoreleasePool
= (AP
!= nullptr);
100 const auto *RL
= Match
.getNodeAs
<ObjCMessageExpr
>(RunLoopBind
);
101 const auto *RLR
= Match
.getNodeAs
<Stmt
>(RunLoopRunBind
);
102 assert(RLR
&& "Run loop launch not found");
105 // Launch of run loop occurs before the message-sent expression is seen.
106 if (seenBefore(DeclBody
, RLR
, ME
))
109 if (HasAutoreleasePool
&& (OAP
!= AP
))
112 PathDiagnosticLocation Location
= PathDiagnosticLocation::createBegin(
113 ME
, BR
.getSourceManager(), ADC
);
114 SourceRange Range
= ME
->getSourceRange();
116 BR
.EmitBasicReport(ADC
->getDecl(), Checker
,
117 /*Name=*/"Memory leak inside autorelease pool",
118 /*BugCategory=*/"Memory",
120 (Twine("Temporary objects allocated in the") +
121 " autorelease pool " +
122 (HasAutoreleasePool
? "" : "of last resort ") +
123 "followed by the launch of " +
124 (RL
? "main run loop " : "xpc_main ") +
125 "may never get released; consider moving them to a "
126 "separate autorelease pool")
131 static StatementMatcher
getRunLoopRunM(StatementMatcher Extra
= anything()) {
132 StatementMatcher MainRunLoopM
=
133 objcMessageExpr(hasSelector("mainRunLoop"),
134 hasReceiverType(asString("NSRunLoop")),
138 StatementMatcher MainRunLoopRunM
= objcMessageExpr(hasSelector("run"),
139 hasReceiver(MainRunLoopM
),
140 Extra
).bind(RunLoopRunBind
);
142 StatementMatcher XPCRunM
=
143 callExpr(callee(functionDecl(hasName("xpc_main")))).bind(RunLoopRunBind
);
144 return anyOf(MainRunLoopRunM
, XPCRunM
);
147 static StatementMatcher
getOtherMessageSentM(StatementMatcher Extra
= anything()) {
148 return objcMessageExpr(unless(anyOf(equalsBoundNode(RunLoopBind
),
149 equalsBoundNode(RunLoopRunBind
))),
155 checkTempObjectsInSamePool(const Decl
*D
, AnalysisManager
&AM
, BugReporter
&BR
,
156 const RunLoopAutoreleaseLeakChecker
*Chkr
) {
157 StatementMatcher RunLoopRunM
= getRunLoopRunM();
158 StatementMatcher OtherMessageSentM
= getOtherMessageSentM(
159 hasAncestor(autoreleasePoolStmt().bind(OtherStmtAutoreleasePoolBind
)));
161 StatementMatcher RunLoopInAutorelease
=
163 hasDescendant(RunLoopRunM
),
164 hasDescendant(OtherMessageSentM
)).bind(AutoreleasePoolBind
);
166 DeclarationMatcher GroupM
= decl(hasDescendant(RunLoopInAutorelease
));
168 auto Matches
= match(GroupM
, *D
, AM
.getASTContext());
169 for (BoundNodes Match
: Matches
)
170 emitDiagnostics(Match
, D
, BR
, AM
, Chkr
);
174 checkTempObjectsInNoPool(const Decl
*D
, AnalysisManager
&AM
, BugReporter
&BR
,
175 const RunLoopAutoreleaseLeakChecker
*Chkr
) {
177 auto NoPoolM
= unless(hasAncestor(autoreleasePoolStmt()));
179 StatementMatcher RunLoopRunM
= getRunLoopRunM(NoPoolM
);
180 StatementMatcher OtherMessageSentM
= getOtherMessageSentM(NoPoolM
);
182 DeclarationMatcher GroupM
= functionDecl(
184 hasDescendant(RunLoopRunM
),
185 hasDescendant(OtherMessageSentM
)
188 auto Matches
= match(GroupM
, *D
, AM
.getASTContext());
190 for (BoundNodes Match
: Matches
)
191 emitDiagnostics(Match
, D
, BR
, AM
, Chkr
);
195 void RunLoopAutoreleaseLeakChecker::checkASTCodeBody(const Decl
*D
,
197 BugReporter
&BR
) const {
198 checkTempObjectsInSamePool(D
, AM
, BR
, this);
199 checkTempObjectsInNoPool(D
, AM
, BR
, this);
202 void ento::registerRunLoopAutoreleaseLeakChecker(CheckerManager
&mgr
) {
203 mgr
.registerChecker
<RunLoopAutoreleaseLeakChecker
>();
206 bool ento::shouldRegisterRunLoopAutoreleaseLeakChecker(const CheckerManager
&mgr
) {