Lines Matching defs:Call
319 static bool isStandardNew(const CallEvent &Call) {
320 if (!Call.getDecl() || !isa<FunctionDecl>(Call.getDecl()))
322 return isStandardNew(cast<FunctionDecl>(Call.getDecl()));
326 static bool isStandardDelete(const CallEvent &Call) {
327 if (!Call.getDecl() || !isa<FunctionDecl>(Call.getDecl()))
329 return isStandardDelete(cast<FunctionDecl>(Call.getDecl()));
348 eval::Call, check::NewAllocator,
380 void checkPreCall(const CallEvent &Call, CheckerContext &C) const;
381 void checkPostCall(const CallEvent &Call, CheckerContext &C) const;
382 bool evalCall(const CallEvent &Call, CheckerContext &C) const;
383 void checkNewAllocator(const CXXAllocatorCall &Call, CheckerContext &C) const;
384 void checkPostObjCMessage(const ObjCMethodCall &Call, CheckerContext &C) const;
396 const CallEvent *Call,
400 const CallEvent *Call,
419 void NAME(ProgramStateRef State, const CallEvent &Call, CheckerContext &C) \
440 void checkRealloc(ProgramStateRef State, const CallEvent &Call,
445 const CallEvent &Call, CheckerContext &C)>;
469 bool isFreeingCall(const CallEvent &Call) const;
471 static bool isFreeingOwnershipAttrCall(const CallEvent &Call);
473 static bool isAllocatingOwnershipAttrCall(const CallEvent &Call);
523 bool isMemCall(const CallEvent &Call) const;
524 bool hasOwnershipReturns(const CallEvent &Call) const;
525 bool hasOwnershipTakesHolds(const CallEvent &Call) const;
530 void checkTaintedness(CheckerContext &C, const CallEvent &Call,
547 processNewAllocation(const CXXAllocatorCall &Call, CheckerContext &C,
552 /// \param [in] Call The expression that allocates memory.
559 ProcessZeroAllocCheck(CheckerContext &C, const CallEvent &Call,
575 /// \param [in] Call The expression that allocates memory.
580 MallocMemReturnsAttr(CheckerContext &C, const CallEvent &Call,
585 /// \param [in] Call The expression that allocates memory.
590 const CallEvent &Call,
596 /// \param [in] Call The expression that allocates memory.
604 MallocMemAux(CheckerContext &C, const CallEvent &Call, const Expr *SizeEx,
609 /// \param [in] Call The expression that allocates memory.
617 const CallEvent &Call, SVal Size,
624 performKernelMalloc(const CallEvent &Call, CheckerContext &C,
640 /// \param [in] Call The expression that frees memory.
645 const CallEvent &Call,
651 /// \param [in] Call The expression that frees memory.
669 FreeMemAux(CheckerContext &C, const CallEvent &Call, ProgramStateRef State,
676 /// \param [in] Call The expression that frees the memory.
695 FreeMemAux(CheckerContext &C, const Expr *ArgExpr, const CallEvent &Call,
706 /// \param [in] Call The expression that reallocated memory
714 ReallocMemAux(CheckerContext &C, const CallEvent &Call, bool ShouldFreeOnFail,
729 /// \param [in] Call The expression that reallocated memory
733 const CallEvent &Call,
738 bool suppressDeallocationsInSuspiciousContexts(const CallEvent &Call,
762 bool mayFreeAnyEscapedMemoryOrIsModeledExplicitly(const CallEvent *Call,
770 const CallEvent *Call, PointerEscapeKind Kind,
846 bool isFreeingCallAsWritten(const CallExpr &Call) const {
848 if (MallocChk->FreeingMemFnMap.lookupAsWritten(Call) ||
849 MallocChk->ReallocatingMemFnMap.lookupAsWritten(Call))
853 llvm::dyn_cast_or_null<FunctionDecl>(Call.getCalleeDecl()))
890 if (const auto *Call = Match.getNodeAs<CallExpr>("call"))
891 if (isFreeingCallAsWritten(*Call))
1109 bool MallocChecker::isFreeingOwnershipAttrCall(const CallEvent &Call) {
1110 const auto *Func = dyn_cast_or_null<FunctionDecl>(Call.getDecl());
1126 bool MallocChecker::isFreeingCall(const CallEvent &Call) const {
1127 if (FreeingMemFnMap.lookup(Call) || ReallocatingMemFnMap.lookup(Call))
1130 return isFreeingOwnershipAttrCall(Call);
1133 bool MallocChecker::isAllocatingOwnershipAttrCall(const CallEvent &Call) {
1134 const auto *Func = dyn_cast_or_null<FunctionDecl>(Call.getDecl());
1148 bool MallocChecker::isMemCall(const CallEvent &Call) const {
1149 if (FreeingMemFnMap.lookup(Call) || AllocatingMemFnMap.lookup(Call) ||
1150 AllocaMemFnMap.lookup(Call) || ReallocatingMemFnMap.lookup(Call))
1156 const auto *Func = dyn_cast<FunctionDecl>(Call.getDecl());
1161 MallocChecker::performKernelMalloc(const CallEvent &Call, CheckerContext &C,
1210 if (Call.getNumArgs() < 2)
1213 const Expr *FlagsEx = Call.getArgExpr(Call.getNumArgs() - 1);
1239 return MallocMemAux(C, Call, Call.getArgExpr(0), ZeroVal, TrueState,
1258 const CallEvent &Call,
1260 State = MallocMemAux(C, Call, Call.getArgExpr(0), UndefinedVal(), State,
1262 State = ProcessZeroAllocCheck(C, Call, 0, State);
1267 const CallEvent &Call,
1270 performKernelMalloc(Call, C, State);
1274 State = MallocMemAux(C, Call, Call.getArgExpr(0), UndefinedVal(), State,
1279 static bool isStandardRealloc(const CallEvent &Call) {
1280 const FunctionDecl *FD = dyn_cast<FunctionDecl>(Call.getDecl());
1290 static bool isGRealloc(const CallEvent &Call) {
1291 const FunctionDecl *FD = dyn_cast<FunctionDecl>(Call.getDecl());
1301 void MallocChecker::checkRealloc(ProgramStateRef State, const CallEvent &Call,
1309 if (!isStandardRealloc(Call) && !isGRealloc(Call))
1312 State = ReallocMemAux(C, Call, ShouldFreeOnFail, State,
1314 State = ProcessZeroAllocCheck(C, Call, 1, State);
1318 void MallocChecker::checkCalloc(ProgramStateRef State, const CallEvent &Call,
1320 State = CallocMem(C, Call, State);
1321 State = ProcessZeroAllocCheck(C, Call, 0, State);
1322 State = ProcessZeroAllocCheck(C, Call, 1, State);
1326 void MallocChecker::checkFree(ProgramStateRef State, const CallEvent &Call,
1329 if (suppressDeallocationsInSuspiciousContexts(Call, C))
1331 State = FreeMemAux(C, Call, State, 0, false, IsKnownToBeAllocatedMemory,
1336 void MallocChecker::checkAlloca(ProgramStateRef State, const CallEvent &Call,
1338 State = MallocMemAux(C, Call, Call.getArgExpr(0), UndefinedVal(), State,
1340 State = ProcessZeroAllocCheck(C, Call, 0, State);
1344 void MallocChecker::checkStrdup(ProgramStateRef State, const CallEvent &Call,
1346 const auto *CE = dyn_cast_or_null<CallExpr>(Call.getOriginExpr());
1349 State = MallocMemAux(C, Call, UnknownVal(), UnknownVal(), State,
1356 const CallEvent &Call,
1360 State = MallocMemAux(C, Call, UnknownVal(), UnknownVal(), State,
1367 const CallEvent &Call,
1370 State = FreeMemAux(C, Call, State, 0, false, IsKnownToBeAllocatedMemory,
1376 const CallEvent &Call,
1379 const auto *CE = dyn_cast_or_null<CallExpr>(Call.getOriginExpr());
1383 assert(isStandardNewDelete(Call));
1392 State = MallocMemAux(C, Call, CE->getArg(0), UndefinedVal(), State,
1394 State = ProcessZeroAllocCheck(C, Call, 0, State);
1397 State = MallocMemAux(C, Call, CE->getArg(0), UndefinedVal(), State,
1399 State = ProcessZeroAllocCheck(C, Call, 0, State);
1402 State = FreeMemAux(C, Call, State, 0, false, IsKnownToBeAllocatedMemory,
1406 State = FreeMemAux(C, Call, State, 0, false, IsKnownToBeAllocatedMemory,
1417 void MallocChecker::checkGMalloc0(ProgramStateRef State, const CallEvent &Call,
1421 State = MallocMemAux(C, Call, Call.getArgExpr(0), zeroVal, State,
1423 State = ProcessZeroAllocCheck(C, Call, 0, State);
1427 void MallocChecker::checkGMemdup(ProgramStateRef State, const CallEvent &Call,
1429 State = MallocMemAux(C, Call, Call.getArgExpr(1), UnknownVal(), State,
1431 State = ProcessZeroAllocCheck(C, Call, 1, State);
1435 void MallocChecker::checkGMallocN(ProgramStateRef State, const CallEvent &Call,
1438 SVal TotalSize = evalMulForBufferSize(C, Call.getArgExpr(0), Call.getArgExpr(1));
1439 State = MallocMemAux(C, Call, TotalSize, Init, State,
1441 State = ProcessZeroAllocCheck(C, Call, 0, State);
1442 State = ProcessZeroAllocCheck(C, Call, 1, State);
1446 void MallocChecker::checkGMallocN0(ProgramStateRef State, const CallEvent &Call,
1450 SVal TotalSize = evalMulForBufferSize(C, Call.getArgExpr(0), Call.getArgExpr(1));
1451 State = MallocMemAux(C, Call, TotalSize, Init, State,
1453 State = ProcessZeroAllocCheck(C, Call, 0, State);
1454 State = ProcessZeroAllocCheck(C, Call, 1, State);
1458 static bool isFromStdNamespace(const CallEvent &Call) {
1459 const Decl *FD = Call.getDecl();
1464 void MallocChecker::preGetdelim(ProgramStateRef State, const CallEvent &Call,
1468 if (isFromStdNamespace(Call))
1471 const auto LinePtr = getPointeeVal(Call.getArgSVal(0), State);
1480 State = FreeMemAux(C, Call.getArgExpr(0), Call, State, false,
1487 void MallocChecker::checkGetdelim(ProgramStateRef State, const CallEvent &Call,
1491 if (isFromStdNamespace(Call))
1496 const CallExpr *CE = dyn_cast_or_null<CallExpr>(Call.getOriginExpr());
1501 getPointeeVal(Call.getArgSVal(0), State)->getAs<DefinedSVal>();
1503 getPointeeVal(Call.getArgSVal(1), State)->getAs<DefinedSVal>();
1512 void MallocChecker::checkReallocN(ProgramStateRef State, const CallEvent &Call,
1514 State = ReallocMemAux(C, Call, /*ShouldFreeOnFail=*/false, State,
1517 State = ProcessZeroAllocCheck(C, Call, 1, State);
1518 State = ProcessZeroAllocCheck(C, Call, 2, State);
1523 const CallEvent &Call,
1525 const auto *CE = dyn_cast_or_null<CallExpr>(Call.getOriginExpr());
1539 State = MallocMemReturnsAttr(C, Call, I, State);
1543 State = FreeMemAttr(C, Call, I, State);
1551 bool MallocChecker::evalCall(const CallEvent &Call, CheckerContext &C) const {
1552 if (!Call.getOriginExpr())
1557 if (const CheckFn *Callback = FreeingMemFnMap.lookup(Call)) {
1558 (*Callback)(this, State, Call, C);
1562 if (const CheckFn *Callback = AllocatingMemFnMap.lookup(Call)) {
1563 State = MallocBindRetVal(C, Call, State, false);
1564 (*Callback)(this, State, Call, C);
1568 if (const CheckFn *Callback = ReallocatingMemFnMap.lookup(Call)) {
1569 State = MallocBindRetVal(C, Call, State, false);
1570 (*Callback)(this, State, Call, C);
1574 if (isStandardNew(Call)) {
1575 State = MallocBindRetVal(C, Call, State, false);
1576 checkCXXNewOrCXXDelete(State, Call, C);
1580 if (isStandardDelete(Call)) {
1581 checkCXXNewOrCXXDelete(State, Call, C);
1585 if (const CheckFn *Callback = AllocaMemFnMap.lookup(Call)) {
1586 State = MallocBindRetVal(C, Call, State, true);
1587 (*Callback)(this, State, Call, C);
1591 if (isFreeingOwnershipAttrCall(Call)) {
1592 checkOwnershipAttr(State, Call, C);
1596 if (isAllocatingOwnershipAttrCall(Call)) {
1597 State = MallocBindRetVal(C, Call, State, false);
1598 checkOwnershipAttr(State, Call, C);
1607 CheckerContext &C, const CallEvent &Call, const unsigned IndexOfSizeArg,
1614 if (const CallExpr *CE = dyn_cast<CallExpr>(Call.getOriginExpr())) {
1617 dyn_cast<CXXNewExpr>(Call.getOriginExpr())) {
1629 RetVal = State->getSVal(Call.getOriginExpr(), C.getLocationContext());
1634 State->getSVal(Arg, Call.getLocationContext()).getAs<DefinedSVal>();
1713 MallocChecker::processNewAllocation(const CXXAllocatorCall &Call,
1716 if (!isStandardNewDelete(Call))
1719 const CXXNewExpr *NE = Call.getOriginExpr();
1734 SVal Target = Call.getObjectUnderConstruction();
1735 if (Call.getOriginExpr()->isArray()) {
1737 checkTaintedness(C, Call, C.getSVal(*SizeEx), State,
1742 State = ProcessZeroAllocCheck(C, Call, 0, State, Target);
1746 void MallocChecker::checkNewAllocator(const CXXAllocatorCall &Call,
1750 Call, C,
1751 AllocationFamily(Call.getOriginExpr()->isArray() ? AF_CXXNewArray
1757 static bool isKnownDeallocObjCMethodName(const ObjCMethodCall &Call) {
1763 StringRef FirstSlot = Call.getSelector().getNameForSlot(0);
1769 static std::optional<bool> getFreeWhenDoneArg(const ObjCMethodCall &Call) {
1770 Selector S = Call.getSelector();
1775 return !Call.getArgSVal(i).isZeroConstant();
1780 void MallocChecker::checkPostObjCMessage(const ObjCMethodCall &Call,
1785 if (!isKnownDeallocObjCMethodName(Call))
1788 if (std::optional<bool> FreeWhenDone = getFreeWhenDoneArg(Call))
1792 if (Call.hasNonZeroCallbackArg())
1796 ProgramStateRef State = FreeMemAux(C, Call.getArgExpr(0), Call, C.getState(),
1805 MallocChecker::MallocMemReturnsAttr(CheckerContext &C, const CallEvent &Call,
1815 return MallocMemAux(C, Call,
1816 Call.getArgExpr(Att->args_begin()->getASTIndex()),
1819 return MallocMemAux(C, Call, UnknownVal(), UnknownVal(), State, Family);
1823 const CallEvent &Call,
1826 const Expr *CE = Call.getOriginExpr();
1841 const CallEvent &Call,
1849 return MallocMemAux(C, Call, C.getSVal(SizeEx), Init, State, Family);
1869 void MallocChecker::checkTaintedness(CheckerContext &C, const CallEvent &Call,
1900 if (Call.getCalleeIdentifier())
1901 Callee = Call.getCalleeIdentifier()->getName().str();
1909 const CallEvent &Call, SVal Size,
1915 const Expr *CE = Call.getOriginExpr();
1932 checkTaintedness(C, Call, Size, State, AllocationFamily(AF_Malloc));
1970 const CallEvent &Call,
1983 FreeMemAux(C, Call, State, Arg.getASTIndex(),
1993 const CallEvent &Call,
2001 if (Call.getNumArgs() < (Num + 1))
2004 return FreeMemAux(C, Call.getArgExpr(Num), Call, State, Hold,
2142 const CallEvent &Call, ProgramStateRef State,
2171 const Expr *ParentExpr = Call.getOriginExpr();
2308 State = State->invalidateRegions({location}, Call.getOriginExpr(),
2823 MallocChecker::ReallocMemAux(CheckerContext &C, const CallEvent &Call,
2829 const CallExpr *CE = cast<CallExpr>(Call.getOriginExpr());
2876 C, Call, TotalSize, UndefinedVal(), StatePtrIsNull, Family);
2895 C, Call, StateSizeIsZero, 0, false, IsKnownToBeAllocated, Family))
2900 FreeMemAux(C, Call, State, 0, false, IsKnownToBeAllocated, Family)) {
2903 MallocMemAux(C, Call, TotalSize, UnknownVal(), stateFree, Family);
2933 const CallEvent &Call,
2938 if (Call.getNumArgs() < 2)
2944 evalMulForBufferSize(C, Call.getArgExpr(0), Call.getArgExpr(1));
2946 return MallocMemAux(C, Call, TotalSize, zeroVal, State,
3114 void MallocChecker::checkPostCall(const CallEvent &Call,
3116 if (const auto *PostFN = PostFnMap.lookup(Call)) {
3117 (*PostFN)(this, C.getState(), Call, C);
3122 void MallocChecker::checkPreCall(const CallEvent &Call,
3125 if (const auto *DC = dyn_cast<CXXDeallocatorCall>(&Call)) {
3138 C, DE->getArgument(), Call, State,
3146 if (const auto *DC = dyn_cast<CXXDestructorCall>(&Call)) {
3154 if (const auto *PreFN = PreFnMap.lookup(Call)) {
3155 (*PreFN)(this, C.getState(), Call, C);
3160 if (const AnyFunctionCall *FC = dyn_cast<AnyFunctionCall>(&Call)) {
3165 if (ChecksEnabled[CK_MallocChecker] && isFreeingCall(Call))
3170 if (const CXXInstanceCall *CC = dyn_cast<CXXInstanceCall>(&Call)) {
3177 for (unsigned I = 0, E = Call.getNumArgs(); I != E; ++I) {
3178 SVal ArgSVal = Call.getArgSVal(I);
3183 if (checkUseAfterFree(Sym, C, Call.getArgExpr(I)))
3273 const CallEvent &Call, CheckerContext &C) const {
3274 if (Call.getNumArgs() == 0)
3292 for (const Expr *Arg : cast<CallExpr>(Call.getOriginExpr())->arguments())
3391 const CallEvent *Call,
3394 assert(Call);
3401 if (!isa<SimpleFunctionCall, ObjCMethodCall>(Call))
3405 if (const ObjCMethodCall *Msg = dyn_cast<ObjCMethodCall>(Call)) {
3408 if (!Call->isInSystemHeader() || Call->argumentsMayEscape())
3456 const FunctionDecl *FD = cast<SimpleFunctionCall>(Call)->getDecl();
3462 if (isMemCall(*Call))
3466 if (!Call->isInSystemHeader())
3481 for (unsigned i = 1; i < Call->getNumArgs(); ++i) {
3482 const Expr *ArgE = Call->getArgExpr(i)->IgnoreParenCasts();
3497 if (Call->getNumArgs() >= 4 && Call->getArgSVal(4).isConstant(0))
3505 if (Call->getNumArgs() >= 1) {
3506 const Expr *ArgE = Call->getArgExpr(0)->IgnoreParenCasts();
3546 if (Call->argumentsMayEscape())
3556 const CallEvent *Call,
3558 return checkPointerEscapeAux(State, Escaped, Call, Kind,
3564 const CallEvent *Call,
3567 return checkPointerEscapeAux(State, Escaped, Call, Kind,
3578 const CallEvent *Call, PointerEscapeKind Kind,
3584 !mayFreeAnyEscapedMemoryOrIsModeledExplicitly(Call, State,
3744 CallEventRef<> Call =
3746 if (const auto *D = dyn_cast_or_null<NamedDecl>(Call->getDecl()))