Lines Matching refs:Call
276 static bool isStandardNewDelete(const CallEvent &Call) { in isStandardNewDelete() argument
277 if (!Call.getDecl() || !isa<FunctionDecl>(Call.getDecl())) in isStandardNewDelete()
279 return isStandardNewDelete(cast<FunctionDecl>(Call.getDecl())); in isStandardNewDelete()
320 void checkPreCall(const CallEvent &Call, CheckerContext &C) const;
321 void checkPostCall(const CallEvent &Call, CheckerContext &C) const;
322 void checkNewAllocator(const CXXAllocatorCall &Call, CheckerContext &C) const;
323 void checkPostObjCMessage(const ObjCMethodCall &Call, CheckerContext &C) const;
335 const CallEvent *Call,
339 const CallEvent *Call,
357 void NAME(const CallEvent &Call, CheckerContext &C) const;
375 void checkRealloc(const CallEvent &Call, CheckerContext &C,
379 const CallEvent &Call, CheckerContext &C)>;
388 bool isFreeingCall(const CallEvent &Call) const;
428 bool isMemCall(const CallEvent &Call) const;
443 ProgramStateRef processNewAllocation(const CXXAllocatorCall &Call,
456 static ProgramStateRef ProcessZeroAllocCheck(const CallEvent &Call,
478 ProgramStateRef MallocMemReturnsAttr(CheckerContext &C, const CallEvent &Call,
492 static ProgramStateRef MallocMemAux(CheckerContext &C, const CallEvent &Call,
507 static ProgramStateRef MallocMemAux(CheckerContext &C, const CallEvent &Call,
516 performKernelMalloc(const CallEvent &Call, CheckerContext &C,
537 ProgramStateRef FreeMemAttr(CheckerContext &C, const CallEvent &Call,
561 ProgramStateRef FreeMemAux(CheckerContext &C, const CallEvent &Call,
588 const CallEvent &Call, ProgramStateRef State,
607 ProgramStateRef ReallocMemAux(CheckerContext &C, const CallEvent &Call,
627 static ProgramStateRef CallocMem(CheckerContext &C, const CallEvent &Call,
632 bool suppressDeallocationsInSuspiciousContexts(const CallEvent &Call,
656 bool mayFreeAnyEscapedMemoryOrIsModeledExplicitly(const CallEvent *Call,
664 const CallEvent *Call,
897 bool MallocChecker::isFreeingCall(const CallEvent &Call) const { in isFreeingCall()
898 if (FreeingMemFnMap.lookup(Call) || ReallocatingMemFnMap.lookup(Call)) in isFreeingCall()
901 const auto *Func = dyn_cast<FunctionDecl>(Call.getDecl()); in isFreeingCall()
912 bool MallocChecker::isMemCall(const CallEvent &Call) const { in isMemCall()
913 if (FreeingMemFnMap.lookup(Call) || AllocatingMemFnMap.lookup(Call) || in isMemCall()
914 ReallocatingMemFnMap.lookup(Call)) in isMemCall()
920 const auto *Func = dyn_cast<FunctionDecl>(Call.getDecl()); in isMemCall()
925 MallocChecker::performKernelMalloc(const CallEvent &Call, CheckerContext &C, in performKernelMalloc() argument
968 if (Call.getNumArgs() < 2) in performKernelMalloc()
971 const Expr *FlagsEx = Call.getArgExpr(Call.getNumArgs() - 1); in performKernelMalloc()
997 return MallocMemAux(C, Call, Call.getArgExpr(0), ZeroVal, TrueState, in performKernelMalloc()
1015 void MallocChecker::checkBasicAlloc(const CallEvent &Call, in checkBasicAlloc() argument
1018 State = MallocMemAux(C, Call, Call.getArgExpr(0), UndefinedVal(), State, in checkBasicAlloc()
1020 State = ProcessZeroAllocCheck(Call, 0, State); in checkBasicAlloc()
1024 void MallocChecker::checkKernelMalloc(const CallEvent &Call, in checkKernelMalloc() argument
1028 performKernelMalloc(Call, C, State); in checkKernelMalloc()
1032 State = MallocMemAux(C, Call, Call.getArgExpr(0), UndefinedVal(), State, in checkKernelMalloc()
1037 static bool isStandardRealloc(const CallEvent &Call) { in isStandardRealloc() argument
1038 const FunctionDecl *FD = dyn_cast<FunctionDecl>(Call.getDecl()); in isStandardRealloc()
1051 static bool isGRealloc(const CallEvent &Call) { in isGRealloc() argument
1052 const FunctionDecl *FD = dyn_cast<FunctionDecl>(Call.getDecl()); in isGRealloc()
1065 void MallocChecker::checkRealloc(const CallEvent &Call, CheckerContext &C, in checkRealloc() argument
1073 if (!isStandardRealloc(Call) && !isGRealloc(Call)) in checkRealloc()
1076 State = ReallocMemAux(C, Call, ShouldFreeOnFail, State, AF_Malloc); in checkRealloc()
1077 State = ProcessZeroAllocCheck(Call, 1, State); in checkRealloc()
1081 void MallocChecker::checkCalloc(const CallEvent &Call, in checkCalloc() argument
1084 State = CallocMem(C, Call, State); in checkCalloc()
1085 State = ProcessZeroAllocCheck(Call, 0, State); in checkCalloc()
1086 State = ProcessZeroAllocCheck(Call, 1, State); in checkCalloc()
1090 void MallocChecker::checkFree(const CallEvent &Call, CheckerContext &C) const { in checkFree() argument
1093 if (suppressDeallocationsInSuspiciousContexts(Call, C)) in checkFree()
1095 State = FreeMemAux(C, Call, State, 0, false, IsKnownToBeAllocatedMemory, in checkFree()
1100 void MallocChecker::checkAlloca(const CallEvent &Call, in checkAlloca() argument
1103 State = MallocMemAux(C, Call, Call.getArgExpr(0), UndefinedVal(), State, in checkAlloca()
1105 State = ProcessZeroAllocCheck(Call, 0, State); in checkAlloca()
1109 void MallocChecker::checkStrdup(const CallEvent &Call, in checkStrdup() argument
1112 const auto *CE = dyn_cast_or_null<CallExpr>(Call.getOriginExpr()); in checkStrdup()
1120 void MallocChecker::checkIfNameIndex(const CallEvent &Call, in checkIfNameIndex() argument
1126 MallocMemAux(C, Call, UnknownVal(), UnknownVal(), State, AF_IfNameIndex); in checkIfNameIndex()
1131 void MallocChecker::checkIfFreeNameIndex(const CallEvent &Call, in checkIfFreeNameIndex() argument
1135 State = FreeMemAux(C, Call, State, 0, false, IsKnownToBeAllocatedMemory, in checkIfFreeNameIndex()
1140 void MallocChecker::checkCXXNewOrCXXDelete(const CallEvent &Call, in checkCXXNewOrCXXDelete() argument
1144 const auto *CE = dyn_cast_or_null<CallExpr>(Call.getOriginExpr()); in checkCXXNewOrCXXDelete()
1148 assert(isStandardNewDelete(Call)); in checkCXXNewOrCXXDelete()
1158 MallocMemAux(C, Call, CE->getArg(0), UndefinedVal(), State, AF_CXXNew); in checkCXXNewOrCXXDelete()
1159 State = ProcessZeroAllocCheck(Call, 0, State); in checkCXXNewOrCXXDelete()
1162 State = MallocMemAux(C, Call, CE->getArg(0), UndefinedVal(), State, in checkCXXNewOrCXXDelete()
1164 State = ProcessZeroAllocCheck(Call, 0, State); in checkCXXNewOrCXXDelete()
1167 State = FreeMemAux(C, Call, State, 0, false, IsKnownToBeAllocatedMemory, in checkCXXNewOrCXXDelete()
1171 State = FreeMemAux(C, Call, State, 0, false, IsKnownToBeAllocatedMemory, in checkCXXNewOrCXXDelete()
1181 void MallocChecker::checkGMalloc0(const CallEvent &Call, in checkGMalloc0() argument
1186 State = MallocMemAux(C, Call, Call.getArgExpr(0), zeroVal, State, AF_Malloc); in checkGMalloc0()
1187 State = ProcessZeroAllocCheck(Call, 0, State); in checkGMalloc0()
1191 void MallocChecker::checkGMemdup(const CallEvent &Call, in checkGMemdup() argument
1194 State = MallocMemAux(C, Call, Call.getArgExpr(1), UndefinedVal(), State, in checkGMemdup()
1196 State = ProcessZeroAllocCheck(Call, 1, State); in checkGMemdup()
1200 void MallocChecker::checkGMallocN(const CallEvent &Call, in checkGMallocN() argument
1204 SVal TotalSize = evalMulForBufferSize(C, Call.getArgExpr(0), Call.getArgExpr(1)); in checkGMallocN()
1205 State = MallocMemAux(C, Call, TotalSize, Init, State, AF_Malloc); in checkGMallocN()
1206 State = ProcessZeroAllocCheck(Call, 0, State); in checkGMallocN()
1207 State = ProcessZeroAllocCheck(Call, 1, State); in checkGMallocN()
1211 void MallocChecker::checkGMallocN0(const CallEvent &Call, in checkGMallocN0() argument
1216 SVal TotalSize = evalMulForBufferSize(C, Call.getArgExpr(0), Call.getArgExpr(1)); in checkGMallocN0()
1217 State = MallocMemAux(C, Call, TotalSize, Init, State, AF_Malloc); in checkGMallocN0()
1218 State = ProcessZeroAllocCheck(Call, 0, State); in checkGMallocN0()
1219 State = ProcessZeroAllocCheck(Call, 1, State); in checkGMallocN0()
1223 void MallocChecker::checkReallocN(const CallEvent &Call, in checkReallocN() argument
1226 State = ReallocMemAux(C, Call, /*ShouldFreeOnFail=*/false, State, AF_Malloc, in checkReallocN()
1228 State = ProcessZeroAllocCheck(Call, 1, State); in checkReallocN()
1229 State = ProcessZeroAllocCheck(Call, 2, State); in checkReallocN()
1233 void MallocChecker::checkOwnershipAttr(const CallEvent &Call, in checkOwnershipAttr() argument
1236 const auto *CE = dyn_cast_or_null<CallExpr>(Call.getOriginExpr()); in checkOwnershipAttr()
1250 State = MallocMemReturnsAttr(C, Call, I, State); in checkOwnershipAttr()
1254 State = FreeMemAttr(C, Call, I, State); in checkOwnershipAttr()
1262 void MallocChecker::checkPostCall(const CallEvent &Call, in checkPostCall() argument
1266 if (!Call.getOriginExpr()) in checkPostCall()
1271 if (const CheckFn *Callback = FreeingMemFnMap.lookup(Call)) { in checkPostCall()
1272 (*Callback)(this, Call, C); in checkPostCall()
1276 if (const CheckFn *Callback = AllocatingMemFnMap.lookup(Call)) { in checkPostCall()
1277 (*Callback)(this, Call, C); in checkPostCall()
1281 if (const CheckFn *Callback = ReallocatingMemFnMap.lookup(Call)) { in checkPostCall()
1282 (*Callback)(this, Call, C); in checkPostCall()
1286 if (isStandardNewDelete(Call)) { in checkPostCall()
1287 checkCXXNewOrCXXDelete(Call, C); in checkPostCall()
1291 checkOwnershipAttr(Call, C); in checkPostCall()
1296 const CallEvent &Call, const unsigned IndexOfSizeArg, ProgramStateRef State, in ProcessZeroAllocCheck() argument
1302 RetVal = Call.getReturnValue(); in ProcessZeroAllocCheck()
1306 if (const CallExpr *CE = dyn_cast<CallExpr>(Call.getOriginExpr())) { in ProcessZeroAllocCheck()
1309 dyn_cast<CXXNewExpr>(Call.getOriginExpr())) { in ProcessZeroAllocCheck()
1321 State->getSVal(Arg, Call.getLocationContext()).getAs<DefinedSVal>(); in ProcessZeroAllocCheck()
1400 MallocChecker::processNewAllocation(const CXXAllocatorCall &Call, in processNewAllocation() argument
1403 if (!isStandardNewDelete(Call)) in processNewAllocation()
1406 const CXXNewExpr *NE = Call.getOriginExpr(); in processNewAllocation()
1421 SVal Target = Call.getObjectUnderConstruction(); in processNewAllocation()
1423 State = ProcessZeroAllocCheck(Call, 0, State, Target); in processNewAllocation()
1427 void MallocChecker::checkNewAllocator(const CXXAllocatorCall &Call, in checkNewAllocator() argument
1431 Call, C, in checkNewAllocator()
1432 (Call.getOriginExpr()->isArray() ? AF_CXXNewArray : AF_CXXNew)); in checkNewAllocator()
1437 static bool isKnownDeallocObjCMethodName(const ObjCMethodCall &Call) { in isKnownDeallocObjCMethodName() argument
1443 StringRef FirstSlot = Call.getSelector().getNameForSlot(0); in isKnownDeallocObjCMethodName()
1449 static Optional<bool> getFreeWhenDoneArg(const ObjCMethodCall &Call) { in getFreeWhenDoneArg() argument
1450 Selector S = Call.getSelector(); in getFreeWhenDoneArg()
1455 return !Call.getArgSVal(i).isZeroConstant(); in getFreeWhenDoneArg()
1460 void MallocChecker::checkPostObjCMessage(const ObjCMethodCall &Call, in checkPostObjCMessage() argument
1465 if (!isKnownDeallocObjCMethodName(Call)) in checkPostObjCMessage()
1468 if (Optional<bool> FreeWhenDone = getFreeWhenDoneArg(Call)) in checkPostObjCMessage()
1472 if (Call.hasNonZeroCallbackArg()) in checkPostObjCMessage()
1477 FreeMemAux(C, Call.getArgExpr(0), Call, C.getState(), in checkPostObjCMessage()
1485 MallocChecker::MallocMemReturnsAttr(CheckerContext &C, const CallEvent &Call, in MallocMemReturnsAttr() argument
1496 return MallocMemAux(C, Call, Call.getArgExpr(I->getASTIndex()), in MallocMemReturnsAttr()
1499 return MallocMemAux(C, Call, UnknownVal(), UndefinedVal(), State, AF_Malloc); in MallocMemReturnsAttr()
1503 const CallEvent &Call, in MallocMemAux() argument
1511 return MallocMemAux(C, Call, C.getSVal(SizeEx), Init, State, Family); in MallocMemAux()
1515 const CallEvent &Call, SVal Size, in MallocMemAux() argument
1521 const Expr *CE = Call.getOriginExpr(); in MallocMemAux()
1572 const CallEvent &Call, in FreeMemAttr() argument
1585 FreeMemAux(C, Call, State, Arg.getASTIndex(), in FreeMemAttr()
1595 const CallEvent &Call, in FreeMemAux() argument
1603 if (Call.getNumArgs() < (Num + 1)) in FreeMemAux()
1606 return FreeMemAux(C, Call.getArgExpr(Num), Call, State, Hold, in FreeMemAux()
1690 CheckerContext &C, const Expr *ArgExpr, const CallEvent &Call, in FreeMemAux() argument
1718 const Expr *ParentExpr = Call.getOriginExpr(); in FreeMemAux()
2357 MallocChecker::ReallocMemAux(CheckerContext &C, const CallEvent &Call, in ReallocMemAux() argument
2363 const CallExpr *CE = cast<CallExpr>(Call.getOriginExpr()); in ReallocMemAux()
2409 C, Call, TotalSize, UndefinedVal(), StatePtrIsNull, Family); in ReallocMemAux()
2427 C, Call, StateSizeIsZero, 0, false, IsKnownToBeAllocated, Family)) in ReallocMemAux()
2432 FreeMemAux(C, Call, State, 0, false, IsKnownToBeAllocated, Family)) { in ReallocMemAux()
2435 MallocMemAux(C, Call, TotalSize, UnknownVal(), stateFree, Family); in ReallocMemAux()
2465 const CallEvent &Call, in CallocMem() argument
2470 if (Call.getNumArgs() < 2) in CallocMem()
2476 evalMulForBufferSize(C, Call.getArgExpr(0), Call.getArgExpr(1)); in CallocMem()
2478 return MallocMemAux(C, Call, TotalSize, zeroVal, State, AF_Malloc); in CallocMem()
2646 void MallocChecker::checkPreCall(const CallEvent &Call, in checkPreCall() argument
2649 if (const auto *DC = dyn_cast<CXXDeallocatorCall>(&Call)) { in checkPreCall()
2661 State = FreeMemAux(C, DE->getArgument(), Call, State, in checkPreCall()
2669 if (const auto *DC = dyn_cast<CXXDestructorCall>(&Call)) { in checkPreCall()
2676 if (const AnyFunctionCall *FC = dyn_cast<AnyFunctionCall>(&Call)) { in checkPreCall()
2681 if (ChecksEnabled[CK_MallocChecker] && isFreeingCall(Call)) in checkPreCall()
2686 if (const CXXInstanceCall *CC = dyn_cast<CXXInstanceCall>(&Call)) { in checkPreCall()
2693 for (unsigned I = 0, E = Call.getNumArgs(); I != E; ++I) { in checkPreCall()
2694 SVal ArgSVal = Call.getArgSVal(I); in checkPreCall()
2699 if (checkUseAfterFree(Sym, C, Call.getArgExpr(I))) in checkPreCall()
2791 const CallEvent &Call, CheckerContext &C) const { in suppressDeallocationsInSuspiciousContexts() argument
2792 if (Call.getNumArgs() == 0) in suppressDeallocationsInSuspiciousContexts()
2810 for (const Expr *Arg : cast<CallExpr>(Call.getOriginExpr())->arguments()) in suppressDeallocationsInSuspiciousContexts()
2909 const CallEvent *Call, in mayFreeAnyEscapedMemoryOrIsModeledExplicitly() argument
2912 assert(Call); in mayFreeAnyEscapedMemoryOrIsModeledExplicitly()
2919 if (!(isa<SimpleFunctionCall>(Call) || isa<ObjCMethodCall>(Call))) in mayFreeAnyEscapedMemoryOrIsModeledExplicitly()
2923 if (const ObjCMethodCall *Msg = dyn_cast<ObjCMethodCall>(Call)) { in mayFreeAnyEscapedMemoryOrIsModeledExplicitly()
2926 if (!Call->isInSystemHeader() || Call->argumentsMayEscape()) in mayFreeAnyEscapedMemoryOrIsModeledExplicitly()
2974 const FunctionDecl *FD = cast<SimpleFunctionCall>(Call)->getDecl(); in mayFreeAnyEscapedMemoryOrIsModeledExplicitly()
2980 if (isMemCall(*Call)) in mayFreeAnyEscapedMemoryOrIsModeledExplicitly()
2984 if (!Call->isInSystemHeader()) in mayFreeAnyEscapedMemoryOrIsModeledExplicitly()
2999 for (unsigned i = 1; i < Call->getNumArgs(); ++i) { in mayFreeAnyEscapedMemoryOrIsModeledExplicitly()
3000 const Expr *ArgE = Call->getArgExpr(i)->IgnoreParenCasts(); in mayFreeAnyEscapedMemoryOrIsModeledExplicitly()
3015 if (Call->getNumArgs() >= 4 && Call->getArgSVal(4).isConstant(0)) in mayFreeAnyEscapedMemoryOrIsModeledExplicitly()
3023 if (Call->getNumArgs() >= 1) { in mayFreeAnyEscapedMemoryOrIsModeledExplicitly()
3024 const Expr *ArgE = Call->getArgExpr(0)->IgnoreParenCasts(); in mayFreeAnyEscapedMemoryOrIsModeledExplicitly()
3059 if (Call->argumentsMayEscape()) in mayFreeAnyEscapedMemoryOrIsModeledExplicitly()
3069 const CallEvent *Call, in checkPointerEscape() argument
3071 return checkPointerEscapeAux(State, Escaped, Call, Kind, in checkPointerEscape()
3077 const CallEvent *Call, in checkConstPointerEscape() argument
3080 return checkPointerEscapeAux(State, Escaped, Call, Kind, in checkConstPointerEscape()
3091 const CallEvent *Call, PointerEscapeKind Kind, in checkPointerEscapeAux() argument
3097 !mayFreeAnyEscapedMemoryOrIsModeledExplicitly(Call, State, in checkPointerEscapeAux()
3241 CallEventRef<> Call = CEMgr.getSimpleCall(CallE, state, CurrentLC); in VisitNode() local
3242 if (const auto *D = dyn_cast_or_null<NamedDecl>(Call->getDecl())) in VisitNode()