Lines Matching refs:Call
287 static bool isStandardNewDelete(const CallEvent &Call) { in isStandardNewDelete() argument
288 if (!Call.getDecl() || !isa<FunctionDecl>(Call.getDecl())) in isStandardNewDelete()
290 return isStandardNewDelete(cast<FunctionDecl>(Call.getDecl())); in isStandardNewDelete()
334 void checkPreCall(const CallEvent &Call, CheckerContext &C) const;
335 void checkPostCall(const CallEvent &Call, CheckerContext &C) const;
336 void checkNewAllocator(const CXXAllocatorCall &Call, CheckerContext &C) const;
337 void checkPostObjCMessage(const ObjCMethodCall &Call, CheckerContext &C) const;
349 const CallEvent *Call,
353 const CallEvent *Call,
372 void NAME(const CallEvent &Call, CheckerContext &C) const;
392 void checkRealloc(const CallEvent &Call, CheckerContext &C,
396 const CallEvent &Call, CheckerContext &C)>;
413 bool isFreeingCall(const CallEvent &Call) const;
466 bool isMemCall(const CallEvent &Call) const;
471 void checkTaintedness(CheckerContext &C, const CallEvent &Call,
488 processNewAllocation(const CXXAllocatorCall &Call, CheckerContext &C,
500 ProcessZeroAllocCheck(const CallEvent &Call, const unsigned IndexOfSizeArg,
521 MallocMemReturnsAttr(CheckerContext &C, const CallEvent &Call,
534 MallocMemAux(CheckerContext &C, const CallEvent &Call, const Expr *SizeEx,
547 const CallEvent &Call, SVal Size,
554 performKernelMalloc(const CallEvent &Call, CheckerContext &C,
575 const CallEvent &Call,
599 FreeMemAux(CheckerContext &C, const CallEvent &Call, ProgramStateRef State,
625 FreeMemAux(CheckerContext &C, const Expr *ArgExpr, const CallEvent &Call,
644 ReallocMemAux(CheckerContext &C, const CallEvent &Call, bool ShouldFreeOnFail,
663 const CallEvent &Call,
668 bool suppressDeallocationsInSuspiciousContexts(const CallEvent &Call,
692 bool mayFreeAnyEscapedMemoryOrIsModeledExplicitly(const CallEvent *Call,
700 const CallEvent *Call, PointerEscapeKind Kind,
776 bool isFreeingCallAsWritten(const CallExpr &Call) const { in isFreeingCallAsWritten()
778 if (MallocChk->FreeingMemFnMap.lookupAsWritten(Call) || in isFreeingCallAsWritten()
779 MallocChk->ReallocatingMemFnMap.lookupAsWritten(Call)) in isFreeingCallAsWritten()
783 llvm::dyn_cast_or_null<FunctionDecl>(Call.getCalleeDecl())) in isFreeingCallAsWritten()
811 if (const auto *Call = Match.getNodeAs<CallExpr>("call")) in doesFnIntendToHandleOwnership() local
812 if (isFreeingCallAsWritten(*Call)) in doesFnIntendToHandleOwnership()
1023 bool MallocChecker::isFreeingCall(const CallEvent &Call) const { in isFreeingCall()
1024 if (FreeingMemFnMap.lookup(Call) || ReallocatingMemFnMap.lookup(Call)) in isFreeingCall()
1027 if (const auto *Func = dyn_cast_or_null<FunctionDecl>(Call.getDecl())) in isFreeingCall()
1033 bool MallocChecker::isMemCall(const CallEvent &Call) const { in isMemCall()
1034 if (FreeingMemFnMap.lookup(Call) || AllocatingMemFnMap.lookup(Call) || in isMemCall()
1035 ReallocatingMemFnMap.lookup(Call)) in isMemCall()
1041 const auto *Func = dyn_cast<FunctionDecl>(Call.getDecl()); in isMemCall()
1046 MallocChecker::performKernelMalloc(const CallEvent &Call, CheckerContext &C, in performKernelMalloc() argument
1095 if (Call.getNumArgs() < 2) in performKernelMalloc()
1098 const Expr *FlagsEx = Call.getArgExpr(Call.getNumArgs() - 1); in performKernelMalloc()
1124 return MallocMemAux(C, Call, Call.getArgExpr(0), ZeroVal, TrueState, in performKernelMalloc()
1142 void MallocChecker::checkBasicAlloc(const CallEvent &Call, in checkBasicAlloc() argument
1145 State = MallocMemAux(C, Call, Call.getArgExpr(0), UndefinedVal(), State, in checkBasicAlloc()
1147 State = ProcessZeroAllocCheck(Call, 0, State); in checkBasicAlloc()
1151 void MallocChecker::checkKernelMalloc(const CallEvent &Call, in checkKernelMalloc() argument
1155 performKernelMalloc(Call, C, State); in checkKernelMalloc()
1159 State = MallocMemAux(C, Call, Call.getArgExpr(0), UndefinedVal(), State, in checkKernelMalloc()
1164 static bool isStandardRealloc(const CallEvent &Call) { in isStandardRealloc() argument
1165 const FunctionDecl *FD = dyn_cast<FunctionDecl>(Call.getDecl()); in isStandardRealloc()
1175 static bool isGRealloc(const CallEvent &Call) { in isGRealloc() argument
1176 const FunctionDecl *FD = dyn_cast<FunctionDecl>(Call.getDecl()); in isGRealloc()
1186 void MallocChecker::checkRealloc(const CallEvent &Call, CheckerContext &C, in checkRealloc() argument
1193 if (!isStandardRealloc(Call) && !isGRealloc(Call)) in checkRealloc()
1197 State = ReallocMemAux(C, Call, ShouldFreeOnFail, State, AF_Malloc); in checkRealloc()
1198 State = ProcessZeroAllocCheck(Call, 1, State); in checkRealloc()
1202 void MallocChecker::checkCalloc(const CallEvent &Call, in checkCalloc() argument
1205 State = CallocMem(C, Call, State); in checkCalloc()
1206 State = ProcessZeroAllocCheck(Call, 0, State); in checkCalloc()
1207 State = ProcessZeroAllocCheck(Call, 1, State); in checkCalloc()
1211 void MallocChecker::checkFree(const CallEvent &Call, CheckerContext &C) const { in checkFree() argument
1214 if (suppressDeallocationsInSuspiciousContexts(Call, C)) in checkFree()
1216 State = FreeMemAux(C, Call, State, 0, false, IsKnownToBeAllocatedMemory, in checkFree()
1221 void MallocChecker::checkAlloca(const CallEvent &Call, in checkAlloca() argument
1224 State = MallocMemAux(C, Call, Call.getArgExpr(0), UndefinedVal(), State, in checkAlloca()
1226 State = ProcessZeroAllocCheck(Call, 0, State); in checkAlloca()
1230 void MallocChecker::checkStrdup(const CallEvent &Call, in checkStrdup() argument
1233 const auto *CE = dyn_cast_or_null<CallExpr>(Call.getOriginExpr()); in checkStrdup()
1241 void MallocChecker::checkIfNameIndex(const CallEvent &Call, in checkIfNameIndex() argument
1247 MallocMemAux(C, Call, UnknownVal(), UnknownVal(), State, AF_IfNameIndex); in checkIfNameIndex()
1252 void MallocChecker::checkIfFreeNameIndex(const CallEvent &Call, in checkIfFreeNameIndex() argument
1256 State = FreeMemAux(C, Call, State, 0, false, IsKnownToBeAllocatedMemory, in checkIfFreeNameIndex()
1261 void MallocChecker::checkCXXNewOrCXXDelete(const CallEvent &Call, in checkCXXNewOrCXXDelete() argument
1265 const auto *CE = dyn_cast_or_null<CallExpr>(Call.getOriginExpr()); in checkCXXNewOrCXXDelete()
1269 assert(isStandardNewDelete(Call)); in checkCXXNewOrCXXDelete()
1279 MallocMemAux(C, Call, CE->getArg(0), UndefinedVal(), State, AF_CXXNew); in checkCXXNewOrCXXDelete()
1280 State = ProcessZeroAllocCheck(Call, 0, State); in checkCXXNewOrCXXDelete()
1283 State = MallocMemAux(C, Call, CE->getArg(0), UndefinedVal(), State, in checkCXXNewOrCXXDelete()
1285 State = ProcessZeroAllocCheck(Call, 0, State); in checkCXXNewOrCXXDelete()
1288 State = FreeMemAux(C, Call, State, 0, false, IsKnownToBeAllocatedMemory, in checkCXXNewOrCXXDelete()
1292 State = FreeMemAux(C, Call, State, 0, false, IsKnownToBeAllocatedMemory, in checkCXXNewOrCXXDelete()
1302 void MallocChecker::checkGMalloc0(const CallEvent &Call, in checkGMalloc0() argument
1307 State = MallocMemAux(C, Call, Call.getArgExpr(0), zeroVal, State, AF_Malloc); in checkGMalloc0()
1308 State = ProcessZeroAllocCheck(Call, 0, State); in checkGMalloc0()
1312 void MallocChecker::checkGMemdup(const CallEvent &Call, in checkGMemdup() argument
1316 MallocMemAux(C, Call, Call.getArgExpr(1), UnknownVal(), State, AF_Malloc); in checkGMemdup()
1317 State = ProcessZeroAllocCheck(Call, 1, State); in checkGMemdup()
1321 void MallocChecker::checkGMallocN(const CallEvent &Call, in checkGMallocN() argument
1325 SVal TotalSize = evalMulForBufferSize(C, Call.getArgExpr(0), Call.getArgExpr(1)); in checkGMallocN()
1326 State = MallocMemAux(C, Call, TotalSize, Init, State, AF_Malloc); in checkGMallocN()
1327 State = ProcessZeroAllocCheck(Call, 0, State); in checkGMallocN()
1328 State = ProcessZeroAllocCheck(Call, 1, State); in checkGMallocN()
1332 void MallocChecker::checkGMallocN0(const CallEvent &Call, in checkGMallocN0() argument
1337 SVal TotalSize = evalMulForBufferSize(C, Call.getArgExpr(0), Call.getArgExpr(1)); in checkGMallocN0()
1338 State = MallocMemAux(C, Call, TotalSize, Init, State, AF_Malloc); in checkGMallocN0()
1339 State = ProcessZeroAllocCheck(Call, 0, State); in checkGMallocN0()
1340 State = ProcessZeroAllocCheck(Call, 1, State); in checkGMallocN0()
1344 static bool isFromStdNamespace(const CallEvent &Call) { in isFromStdNamespace() argument
1345 const Decl *FD = Call.getDecl(); in isFromStdNamespace()
1350 void MallocChecker::preGetdelim(const CallEvent &Call, in preGetdelim() argument
1354 if (isFromStdNamespace(Call)) in preGetdelim()
1358 const auto LinePtr = getPointeeVal(Call.getArgSVal(0), State); in preGetdelim()
1367 State = FreeMemAux(C, Call.getArgExpr(0), Call, State, false, in preGetdelim()
1373 void MallocChecker::checkGetdelim(const CallEvent &Call, in checkGetdelim() argument
1377 if (isFromStdNamespace(Call)) in checkGetdelim()
1383 const CallExpr *CE = dyn_cast_or_null<CallExpr>(Call.getOriginExpr()); in checkGetdelim()
1390 getPointeeVal(Call.getArgSVal(0), State)->getAs<DefinedSVal>(); in checkGetdelim()
1392 getPointeeVal(Call.getArgSVal(1), State)->getAs<DefinedSVal>(); in checkGetdelim()
1400 void MallocChecker::checkReallocN(const CallEvent &Call, in checkReallocN() argument
1403 State = ReallocMemAux(C, Call, /*ShouldFreeOnFail=*/false, State, AF_Malloc, in checkReallocN()
1405 State = ProcessZeroAllocCheck(Call, 1, State); in checkReallocN()
1406 State = ProcessZeroAllocCheck(Call, 2, State); in checkReallocN()
1410 void MallocChecker::checkOwnershipAttr(const CallEvent &Call, in checkOwnershipAttr() argument
1413 const auto *CE = dyn_cast_or_null<CallExpr>(Call.getOriginExpr()); in checkOwnershipAttr()
1427 State = MallocMemReturnsAttr(C, Call, I, State); in checkOwnershipAttr()
1431 State = FreeMemAttr(C, Call, I, State); in checkOwnershipAttr()
1439 void MallocChecker::checkPostCall(const CallEvent &Call, in checkPostCall() argument
1443 if (!Call.getOriginExpr()) in checkPostCall()
1448 if (const CheckFn *Callback = FreeingMemFnMap.lookup(Call)) { in checkPostCall()
1449 (*Callback)(this, Call, C); in checkPostCall()
1453 if (const CheckFn *Callback = AllocatingMemFnMap.lookup(Call)) { in checkPostCall()
1454 (*Callback)(this, Call, C); in checkPostCall()
1458 if (const CheckFn *Callback = ReallocatingMemFnMap.lookup(Call)) { in checkPostCall()
1459 (*Callback)(this, Call, C); in checkPostCall()
1463 if (isStandardNewDelete(Call)) { in checkPostCall()
1464 checkCXXNewOrCXXDelete(Call, C); in checkPostCall()
1468 checkOwnershipAttr(Call, C); in checkPostCall()
1473 const CallEvent &Call, const unsigned IndexOfSizeArg, ProgramStateRef State, in ProcessZeroAllocCheck() argument
1479 RetVal = Call.getReturnValue(); in ProcessZeroAllocCheck()
1483 if (const CallExpr *CE = dyn_cast<CallExpr>(Call.getOriginExpr())) { in ProcessZeroAllocCheck()
1486 dyn_cast<CXXNewExpr>(Call.getOriginExpr())) { in ProcessZeroAllocCheck()
1498 State->getSVal(Arg, Call.getLocationContext()).getAs<DefinedSVal>(); in ProcessZeroAllocCheck()
1577 MallocChecker::processNewAllocation(const CXXAllocatorCall &Call, in processNewAllocation() argument
1580 if (!isStandardNewDelete(Call)) in processNewAllocation()
1583 const CXXNewExpr *NE = Call.getOriginExpr(); in processNewAllocation()
1598 SVal Target = Call.getObjectUnderConstruction(); in processNewAllocation()
1599 if (Call.getOriginExpr()->isArray()) { in processNewAllocation()
1601 checkTaintedness(C, Call, C.getSVal(*SizeEx), State, AF_CXXNewArray); in processNewAllocation()
1605 State = ProcessZeroAllocCheck(Call, 0, State, Target); in processNewAllocation()
1609 void MallocChecker::checkNewAllocator(const CXXAllocatorCall &Call, in checkNewAllocator() argument
1613 Call, C, in checkNewAllocator()
1614 (Call.getOriginExpr()->isArray() ? AF_CXXNewArray : AF_CXXNew)); in checkNewAllocator()
1619 static bool isKnownDeallocObjCMethodName(const ObjCMethodCall &Call) { in isKnownDeallocObjCMethodName() argument
1625 StringRef FirstSlot = Call.getSelector().getNameForSlot(0); in isKnownDeallocObjCMethodName()
1631 static std::optional<bool> getFreeWhenDoneArg(const ObjCMethodCall &Call) { in getFreeWhenDoneArg() argument
1632 Selector S = Call.getSelector(); in getFreeWhenDoneArg()
1637 return !Call.getArgSVal(i).isZeroConstant(); in getFreeWhenDoneArg()
1642 void MallocChecker::checkPostObjCMessage(const ObjCMethodCall &Call, in checkPostObjCMessage() argument
1647 if (!isKnownDeallocObjCMethodName(Call)) in checkPostObjCMessage()
1650 if (std::optional<bool> FreeWhenDone = getFreeWhenDoneArg(Call)) in checkPostObjCMessage()
1654 if (Call.hasNonZeroCallbackArg()) in checkPostObjCMessage()
1659 FreeMemAux(C, Call.getArgExpr(0), Call, C.getState(), in checkPostObjCMessage()
1667 MallocChecker::MallocMemReturnsAttr(CheckerContext &C, const CallEvent &Call, in MallocMemReturnsAttr() argument
1677 return MallocMemAux(C, Call, in MallocMemReturnsAttr()
1678 Call.getArgExpr(Att->args_begin()->getASTIndex()), in MallocMemReturnsAttr()
1681 return MallocMemAux(C, Call, UnknownVal(), UndefinedVal(), State, AF_Malloc); in MallocMemReturnsAttr()
1685 const CallEvent &Call, in MallocMemAux() argument
1693 return MallocMemAux(C, Call, C.getSVal(SizeEx), Init, State, Family); in MallocMemAux()
1713 void MallocChecker::checkTaintedness(CheckerContext &C, const CallEvent &Call, in checkTaintedness() argument
1744 if (Call.getCalleeIdentifier()) in checkTaintedness()
1745 Callee = Call.getCalleeIdentifier()->getName().str(); in checkTaintedness()
1753 const CallEvent &Call, SVal Size, in MallocMemAux() argument
1759 const Expr *CE = Call.getOriginExpr(); in MallocMemAux()
1784 checkTaintedness(C, Call, Size, State, AF_Malloc); in MallocMemAux()
1827 const CallEvent &Call, in FreeMemAttr() argument
1840 FreeMemAux(C, Call, State, Arg.getASTIndex(), in FreeMemAttr()
1850 const CallEvent &Call, in FreeMemAux() argument
1858 if (Call.getNumArgs() < (Num + 1)) in FreeMemAux()
1861 return FreeMemAux(C, Call.getArgExpr(Num), Call, State, Hold, in FreeMemAux()
1946 const CallEvent &Call, ProgramStateRef State, in FreeMemAux() argument
1975 const Expr *ParentExpr = Call.getOriginExpr(); in FreeMemAux()
2614 MallocChecker::ReallocMemAux(CheckerContext &C, const CallEvent &Call, in ReallocMemAux() argument
2620 const CallExpr *CE = cast<CallExpr>(Call.getOriginExpr()); in ReallocMemAux()
2667 C, Call, TotalSize, UndefinedVal(), StatePtrIsNull, Family); in ReallocMemAux()
2685 C, Call, StateSizeIsZero, 0, false, IsKnownToBeAllocated, Family)) in ReallocMemAux()
2690 FreeMemAux(C, Call, State, 0, false, IsKnownToBeAllocated, Family)) { in ReallocMemAux()
2693 MallocMemAux(C, Call, TotalSize, UnknownVal(), stateFree, Family); in ReallocMemAux()
2723 const CallEvent &Call, in CallocMem() argument
2728 if (Call.getNumArgs() < 2) in CallocMem()
2734 evalMulForBufferSize(C, Call.getArgExpr(0), Call.getArgExpr(1)); in CallocMem()
2736 return MallocMemAux(C, Call, TotalSize, zeroVal, State, AF_Malloc); in CallocMem()
2903 void MallocChecker::checkPreCall(const CallEvent &Call, in checkPreCall() argument
2906 if (const auto *DC = dyn_cast<CXXDeallocatorCall>(&Call)) { in checkPreCall()
2918 State = FreeMemAux(C, DE->getArgument(), Call, State, in checkPreCall()
2926 if (const auto *DC = dyn_cast<CXXDestructorCall>(&Call)) { in checkPreCall()
2934 if (const auto *PreFN = PreFnMap.lookup(Call)) { in checkPreCall()
2935 (*PreFN)(this, Call, C); in checkPreCall()
2940 if (const AnyFunctionCall *FC = dyn_cast<AnyFunctionCall>(&Call)) { in checkPreCall()
2945 if (ChecksEnabled[CK_MallocChecker] && isFreeingCall(Call)) in checkPreCall()
2950 if (const CXXInstanceCall *CC = dyn_cast<CXXInstanceCall>(&Call)) { in checkPreCall()
2957 for (unsigned I = 0, E = Call.getNumArgs(); I != E; ++I) { in checkPreCall()
2958 SVal ArgSVal = Call.getArgSVal(I); in checkPreCall()
2963 if (checkUseAfterFree(Sym, C, Call.getArgExpr(I))) in checkPreCall()
3053 const CallEvent &Call, CheckerContext &C) const { in suppressDeallocationsInSuspiciousContexts() argument
3054 if (Call.getNumArgs() == 0) in suppressDeallocationsInSuspiciousContexts()
3072 for (const Expr *Arg : cast<CallExpr>(Call.getOriginExpr())->arguments()) in suppressDeallocationsInSuspiciousContexts()
3171 const CallEvent *Call, in mayFreeAnyEscapedMemoryOrIsModeledExplicitly() argument
3174 assert(Call); in mayFreeAnyEscapedMemoryOrIsModeledExplicitly()
3181 if (!isa<SimpleFunctionCall, ObjCMethodCall>(Call)) in mayFreeAnyEscapedMemoryOrIsModeledExplicitly()
3185 if (const ObjCMethodCall *Msg = dyn_cast<ObjCMethodCall>(Call)) { in mayFreeAnyEscapedMemoryOrIsModeledExplicitly()
3188 if (!Call->isInSystemHeader() || Call->argumentsMayEscape()) in mayFreeAnyEscapedMemoryOrIsModeledExplicitly()
3236 const FunctionDecl *FD = cast<SimpleFunctionCall>(Call)->getDecl(); in mayFreeAnyEscapedMemoryOrIsModeledExplicitly()
3242 if (isMemCall(*Call)) in mayFreeAnyEscapedMemoryOrIsModeledExplicitly()
3246 if (!Call->isInSystemHeader()) in mayFreeAnyEscapedMemoryOrIsModeledExplicitly()
3261 for (unsigned i = 1; i < Call->getNumArgs(); ++i) { in mayFreeAnyEscapedMemoryOrIsModeledExplicitly()
3262 const Expr *ArgE = Call->getArgExpr(i)->IgnoreParenCasts(); in mayFreeAnyEscapedMemoryOrIsModeledExplicitly()
3277 if (Call->getNumArgs() >= 4 && Call->getArgSVal(4).isConstant(0)) in mayFreeAnyEscapedMemoryOrIsModeledExplicitly()
3285 if (Call->getNumArgs() >= 1) { in mayFreeAnyEscapedMemoryOrIsModeledExplicitly()
3286 const Expr *ArgE = Call->getArgExpr(0)->IgnoreParenCasts(); in mayFreeAnyEscapedMemoryOrIsModeledExplicitly()
3326 if (Call->argumentsMayEscape()) in mayFreeAnyEscapedMemoryOrIsModeledExplicitly()
3336 const CallEvent *Call, in checkPointerEscape() argument
3338 return checkPointerEscapeAux(State, Escaped, Call, Kind, in checkPointerEscape()
3344 const CallEvent *Call, in checkConstPointerEscape() argument
3347 return checkPointerEscapeAux(State, Escaped, Call, Kind, in checkConstPointerEscape()
3358 const CallEvent *Call, PointerEscapeKind Kind, in checkPointerEscapeAux() argument
3364 !mayFreeAnyEscapedMemoryOrIsModeledExplicitly(Call, State, in checkPointerEscapeAux()
3516 CallEventRef<> Call = in VisitNode() local
3518 if (const auto *D = dyn_cast_or_null<NamedDecl>(Call->getDecl())) in VisitNode()