Lines Matching refs:Call
287 static bool isStandardNewDelete(const CallEvent &Call) { in isStandardNewDelete() argument
288 if (!Call.getDecl() || !isa<FunctionDecl>(Call.getDecl())) in isStandardNewDelete()
290 return isStandardNewDelete(cast<FunctionDecl>(Call.getDecl())); in isStandardNewDelete()
333 void checkPreCall(const CallEvent &Call, CheckerContext &C) const;
334 void checkPostCall(const CallEvent &Call, CheckerContext &C) const;
335 void checkNewAllocator(const CXXAllocatorCall &Call, CheckerContext &C) const;
336 void checkPostObjCMessage(const ObjCMethodCall &Call, CheckerContext &C) const;
348 const CallEvent *Call,
352 const CallEvent *Call,
370 void NAME(const CallEvent &Call, CheckerContext &C) const;
388 void checkRealloc(const CallEvent &Call, CheckerContext &C,
392 const CallEvent &Call, CheckerContext &C)>;
401 bool isFreeingCall(const CallEvent &Call) const;
444 bool isMemCall(const CallEvent &Call) const;
459 processNewAllocation(const CXXAllocatorCall &Call, CheckerContext &C,
471 ProcessZeroAllocCheck(const CallEvent &Call, const unsigned IndexOfSizeArg,
492 MallocMemReturnsAttr(CheckerContext &C, const CallEvent &Call,
505 MallocMemAux(CheckerContext &C, const CallEvent &Call, const Expr *SizeEx,
518 MallocMemAux(CheckerContext &C, const CallEvent &Call, SVal Size, SVal Init,
524 performKernelMalloc(const CallEvent &Call, CheckerContext &C,
545 const CallEvent &Call,
569 FreeMemAux(CheckerContext &C, const CallEvent &Call, ProgramStateRef State,
593 FreeMemAux(CheckerContext &C, const Expr *ArgExpr, const CallEvent &Call,
611 ReallocMemAux(CheckerContext &C, const CallEvent &Call, bool ShouldFreeOnFail,
630 CallocMem(CheckerContext &C, const CallEvent &Call, ProgramStateRef State);
634 bool suppressDeallocationsInSuspiciousContexts(const CallEvent &Call,
658 bool mayFreeAnyEscapedMemoryOrIsModeledExplicitly(const CallEvent *Call,
666 const CallEvent *Call, PointerEscapeKind Kind,
795 bool isFreeingCallAsWritten(const CallExpr &Call) const { in isFreeingCallAsWritten()
796 if (Checker.FreeingMemFnMap.lookupAsWritten(Call) || in isFreeingCallAsWritten()
797 Checker.ReallocatingMemFnMap.lookupAsWritten(Call)) in isFreeingCallAsWritten()
801 llvm::dyn_cast_or_null<FunctionDecl>(Call.getCalleeDecl())) in isFreeingCallAsWritten()
831 if (const auto *Call = Match.getNodeAs<CallExpr>("call")) in doesFnIntendToHandleOwnership() local
832 if (isFreeingCallAsWritten(*Call)) in doesFnIntendToHandleOwnership()
875 const ObjCMethodCall &Call, in maybeEmitNoteForObjCSelf() argument
883 const CXXConstructorCall &Call, in maybeEmitNoteForCXXThis() argument
890 maybeEmitNoteForParameters(PathSensitiveBugReport &R, const CallEvent &Call, in maybeEmitNoteForParameters() argument
896 ArrayRef<ParmVarDecl *> Parameters = Call.parameters(); in maybeEmitNoteForParameters()
897 for (unsigned I = 0; I < Call.getNumArgs() && I < Parameters.size(); ++I) { in maybeEmitNoteForParameters()
898 SVal V = Call.getArgSVal(I); in maybeEmitNoteForParameters()
1099 bool MallocChecker::isFreeingCall(const CallEvent &Call) const { in isFreeingCall()
1100 if (FreeingMemFnMap.lookup(Call) || ReallocatingMemFnMap.lookup(Call)) in isFreeingCall()
1103 if (const auto *Func = dyn_cast_or_null<FunctionDecl>(Call.getDecl())) in isFreeingCall()
1109 bool MallocChecker::isMemCall(const CallEvent &Call) const { in isMemCall()
1110 if (FreeingMemFnMap.lookup(Call) || AllocatingMemFnMap.lookup(Call) || in isMemCall()
1111 ReallocatingMemFnMap.lookup(Call)) in isMemCall()
1117 const auto *Func = dyn_cast<FunctionDecl>(Call.getDecl()); in isMemCall()
1122 MallocChecker::performKernelMalloc(const CallEvent &Call, CheckerContext &C, in performKernelMalloc() argument
1165 if (Call.getNumArgs() < 2) in performKernelMalloc()
1168 const Expr *FlagsEx = Call.getArgExpr(Call.getNumArgs() - 1); in performKernelMalloc()
1194 return MallocMemAux(C, Call, Call.getArgExpr(0), ZeroVal, TrueState, in performKernelMalloc()
1212 void MallocChecker::checkBasicAlloc(const CallEvent &Call, in checkBasicAlloc() argument
1215 State = MallocMemAux(C, Call, Call.getArgExpr(0), UndefinedVal(), State, in checkBasicAlloc()
1217 State = ProcessZeroAllocCheck(Call, 0, State); in checkBasicAlloc()
1221 void MallocChecker::checkKernelMalloc(const CallEvent &Call, in checkKernelMalloc() argument
1225 performKernelMalloc(Call, C, State); in checkKernelMalloc()
1229 State = MallocMemAux(C, Call, Call.getArgExpr(0), UndefinedVal(), State, in checkKernelMalloc()
1234 static bool isStandardRealloc(const CallEvent &Call) { in isStandardRealloc() argument
1235 const FunctionDecl *FD = dyn_cast<FunctionDecl>(Call.getDecl()); in isStandardRealloc()
1248 static bool isGRealloc(const CallEvent &Call) { in isGRealloc() argument
1249 const FunctionDecl *FD = dyn_cast<FunctionDecl>(Call.getDecl()); in isGRealloc()
1262 void MallocChecker::checkRealloc(const CallEvent &Call, CheckerContext &C, in checkRealloc() argument
1270 if (!isStandardRealloc(Call) && !isGRealloc(Call)) in checkRealloc()
1273 State = ReallocMemAux(C, Call, ShouldFreeOnFail, State, AF_Malloc); in checkRealloc()
1274 State = ProcessZeroAllocCheck(Call, 1, State); in checkRealloc()
1278 void MallocChecker::checkCalloc(const CallEvent &Call, in checkCalloc() argument
1281 State = CallocMem(C, Call, State); in checkCalloc()
1282 State = ProcessZeroAllocCheck(Call, 0, State); in checkCalloc()
1283 State = ProcessZeroAllocCheck(Call, 1, State); in checkCalloc()
1287 void MallocChecker::checkFree(const CallEvent &Call, CheckerContext &C) const { in checkFree() argument
1290 if (suppressDeallocationsInSuspiciousContexts(Call, C)) in checkFree()
1292 State = FreeMemAux(C, Call, State, 0, false, IsKnownToBeAllocatedMemory, in checkFree()
1297 void MallocChecker::checkAlloca(const CallEvent &Call, in checkAlloca() argument
1300 State = MallocMemAux(C, Call, Call.getArgExpr(0), UndefinedVal(), State, in checkAlloca()
1302 State = ProcessZeroAllocCheck(Call, 0, State); in checkAlloca()
1306 void MallocChecker::checkStrdup(const CallEvent &Call, in checkStrdup() argument
1309 const auto *CE = dyn_cast_or_null<CallExpr>(Call.getOriginExpr()); in checkStrdup()
1317 void MallocChecker::checkIfNameIndex(const CallEvent &Call, in checkIfNameIndex() argument
1323 MallocMemAux(C, Call, UnknownVal(), UnknownVal(), State, AF_IfNameIndex); in checkIfNameIndex()
1328 void MallocChecker::checkIfFreeNameIndex(const CallEvent &Call, in checkIfFreeNameIndex() argument
1332 State = FreeMemAux(C, Call, State, 0, false, IsKnownToBeAllocatedMemory, in checkIfFreeNameIndex()
1337 void MallocChecker::checkCXXNewOrCXXDelete(const CallEvent &Call, in checkCXXNewOrCXXDelete() argument
1341 const auto *CE = dyn_cast_or_null<CallExpr>(Call.getOriginExpr()); in checkCXXNewOrCXXDelete()
1345 assert(isStandardNewDelete(Call)); in checkCXXNewOrCXXDelete()
1355 MallocMemAux(C, Call, CE->getArg(0), UndefinedVal(), State, AF_CXXNew); in checkCXXNewOrCXXDelete()
1356 State = ProcessZeroAllocCheck(Call, 0, State); in checkCXXNewOrCXXDelete()
1359 State = MallocMemAux(C, Call, CE->getArg(0), UndefinedVal(), State, in checkCXXNewOrCXXDelete()
1361 State = ProcessZeroAllocCheck(Call, 0, State); in checkCXXNewOrCXXDelete()
1364 State = FreeMemAux(C, Call, State, 0, false, IsKnownToBeAllocatedMemory, in checkCXXNewOrCXXDelete()
1368 State = FreeMemAux(C, Call, State, 0, false, IsKnownToBeAllocatedMemory, in checkCXXNewOrCXXDelete()
1378 void MallocChecker::checkGMalloc0(const CallEvent &Call, in checkGMalloc0() argument
1383 State = MallocMemAux(C, Call, Call.getArgExpr(0), zeroVal, State, AF_Malloc); in checkGMalloc0()
1384 State = ProcessZeroAllocCheck(Call, 0, State); in checkGMalloc0()
1388 void MallocChecker::checkGMemdup(const CallEvent &Call, in checkGMemdup() argument
1392 MallocMemAux(C, Call, Call.getArgExpr(1), UnknownVal(), State, AF_Malloc); in checkGMemdup()
1393 State = ProcessZeroAllocCheck(Call, 1, State); in checkGMemdup()
1397 void MallocChecker::checkGMallocN(const CallEvent &Call, in checkGMallocN() argument
1401 SVal TotalSize = evalMulForBufferSize(C, Call.getArgExpr(0), Call.getArgExpr(1)); in checkGMallocN()
1402 State = MallocMemAux(C, Call, TotalSize, Init, State, AF_Malloc); in checkGMallocN()
1403 State = ProcessZeroAllocCheck(Call, 0, State); in checkGMallocN()
1404 State = ProcessZeroAllocCheck(Call, 1, State); in checkGMallocN()
1408 void MallocChecker::checkGMallocN0(const CallEvent &Call, in checkGMallocN0() argument
1413 SVal TotalSize = evalMulForBufferSize(C, Call.getArgExpr(0), Call.getArgExpr(1)); in checkGMallocN0()
1414 State = MallocMemAux(C, Call, TotalSize, Init, State, AF_Malloc); in checkGMallocN0()
1415 State = ProcessZeroAllocCheck(Call, 0, State); in checkGMallocN0()
1416 State = ProcessZeroAllocCheck(Call, 1, State); in checkGMallocN0()
1420 void MallocChecker::checkReallocN(const CallEvent &Call, in checkReallocN() argument
1423 State = ReallocMemAux(C, Call, /*ShouldFreeOnFail=*/false, State, AF_Malloc, in checkReallocN()
1425 State = ProcessZeroAllocCheck(Call, 1, State); in checkReallocN()
1426 State = ProcessZeroAllocCheck(Call, 2, State); in checkReallocN()
1430 void MallocChecker::checkOwnershipAttr(const CallEvent &Call, in checkOwnershipAttr() argument
1433 const auto *CE = dyn_cast_or_null<CallExpr>(Call.getOriginExpr()); in checkOwnershipAttr()
1447 State = MallocMemReturnsAttr(C, Call, I, State); in checkOwnershipAttr()
1451 State = FreeMemAttr(C, Call, I, State); in checkOwnershipAttr()
1459 void MallocChecker::checkPostCall(const CallEvent &Call, in checkPostCall() argument
1463 if (!Call.getOriginExpr()) in checkPostCall()
1468 if (const CheckFn *Callback = FreeingMemFnMap.lookup(Call)) { in checkPostCall()
1469 (*Callback)(this, Call, C); in checkPostCall()
1473 if (const CheckFn *Callback = AllocatingMemFnMap.lookup(Call)) { in checkPostCall()
1474 (*Callback)(this, Call, C); in checkPostCall()
1478 if (const CheckFn *Callback = ReallocatingMemFnMap.lookup(Call)) { in checkPostCall()
1479 (*Callback)(this, Call, C); in checkPostCall()
1483 if (isStandardNewDelete(Call)) { in checkPostCall()
1484 checkCXXNewOrCXXDelete(Call, C); in checkPostCall()
1488 checkOwnershipAttr(Call, C); in checkPostCall()
1493 const CallEvent &Call, const unsigned IndexOfSizeArg, ProgramStateRef State, in ProcessZeroAllocCheck() argument
1499 RetVal = Call.getReturnValue(); in ProcessZeroAllocCheck()
1503 if (const CallExpr *CE = dyn_cast<CallExpr>(Call.getOriginExpr())) { in ProcessZeroAllocCheck()
1506 dyn_cast<CXXNewExpr>(Call.getOriginExpr())) { in ProcessZeroAllocCheck()
1518 State->getSVal(Arg, Call.getLocationContext()).getAs<DefinedSVal>(); in ProcessZeroAllocCheck()
1597 MallocChecker::processNewAllocation(const CXXAllocatorCall &Call, in processNewAllocation() argument
1600 if (!isStandardNewDelete(Call)) in processNewAllocation()
1603 const CXXNewExpr *NE = Call.getOriginExpr(); in processNewAllocation()
1618 SVal Target = Call.getObjectUnderConstruction(); in processNewAllocation()
1620 State = ProcessZeroAllocCheck(Call, 0, State, Target); in processNewAllocation()
1624 void MallocChecker::checkNewAllocator(const CXXAllocatorCall &Call, in checkNewAllocator() argument
1628 Call, C, in checkNewAllocator()
1629 (Call.getOriginExpr()->isArray() ? AF_CXXNewArray : AF_CXXNew)); in checkNewAllocator()
1634 static bool isKnownDeallocObjCMethodName(const ObjCMethodCall &Call) { in isKnownDeallocObjCMethodName() argument
1640 StringRef FirstSlot = Call.getSelector().getNameForSlot(0); in isKnownDeallocObjCMethodName()
1646 static std::optional<bool> getFreeWhenDoneArg(const ObjCMethodCall &Call) { in getFreeWhenDoneArg() argument
1647 Selector S = Call.getSelector(); in getFreeWhenDoneArg()
1652 return !Call.getArgSVal(i).isZeroConstant(); in getFreeWhenDoneArg()
1657 void MallocChecker::checkPostObjCMessage(const ObjCMethodCall &Call, in checkPostObjCMessage() argument
1662 if (!isKnownDeallocObjCMethodName(Call)) in checkPostObjCMessage()
1665 if (std::optional<bool> FreeWhenDone = getFreeWhenDoneArg(Call)) in checkPostObjCMessage()
1669 if (Call.hasNonZeroCallbackArg()) in checkPostObjCMessage()
1674 FreeMemAux(C, Call.getArgExpr(0), Call, C.getState(), in checkPostObjCMessage()
1682 MallocChecker::MallocMemReturnsAttr(CheckerContext &C, const CallEvent &Call, in MallocMemReturnsAttr() argument
1693 return MallocMemAux(C, Call, Call.getArgExpr(I->getASTIndex()), in MallocMemReturnsAttr()
1696 return MallocMemAux(C, Call, UnknownVal(), UndefinedVal(), State, AF_Malloc); in MallocMemReturnsAttr()
1700 const CallEvent &Call, in MallocMemAux() argument
1708 return MallocMemAux(C, Call, C.getSVal(SizeEx), Init, State, Family); in MallocMemAux()
1712 const CallEvent &Call, SVal Size, in MallocMemAux() argument
1718 const Expr *CE = Call.getOriginExpr(); in MallocMemAux()
1773 const CallEvent &Call, in FreeMemAttr() argument
1786 FreeMemAux(C, Call, State, Arg.getASTIndex(), in FreeMemAttr()
1796 const CallEvent &Call, in FreeMemAux() argument
1804 if (Call.getNumArgs() < (Num + 1)) in FreeMemAux()
1807 return FreeMemAux(C, Call.getArgExpr(Num), Call, State, Hold, in FreeMemAux()
1891 CheckerContext &C, const Expr *ArgExpr, const CallEvent &Call, in FreeMemAux() argument
1919 const Expr *ParentExpr = Call.getOriginExpr(); in FreeMemAux()
2561 MallocChecker::ReallocMemAux(CheckerContext &C, const CallEvent &Call, in ReallocMemAux() argument
2567 const CallExpr *CE = cast<CallExpr>(Call.getOriginExpr()); in ReallocMemAux()
2614 C, Call, TotalSize, UndefinedVal(), StatePtrIsNull, Family); in ReallocMemAux()
2632 C, Call, StateSizeIsZero, 0, false, IsKnownToBeAllocated, Family)) in ReallocMemAux()
2637 FreeMemAux(C, Call, State, 0, false, IsKnownToBeAllocated, Family)) { in ReallocMemAux()
2640 MallocMemAux(C, Call, TotalSize, UnknownVal(), stateFree, Family); in ReallocMemAux()
2670 const CallEvent &Call, in CallocMem() argument
2675 if (Call.getNumArgs() < 2) in CallocMem()
2681 evalMulForBufferSize(C, Call.getArgExpr(0), Call.getArgExpr(1)); in CallocMem()
2683 return MallocMemAux(C, Call, TotalSize, zeroVal, State, AF_Malloc); in CallocMem()
2853 void MallocChecker::checkPreCall(const CallEvent &Call, in checkPreCall() argument
2856 if (const auto *DC = dyn_cast<CXXDeallocatorCall>(&Call)) { in checkPreCall()
2868 State = FreeMemAux(C, DE->getArgument(), Call, State, in checkPreCall()
2876 if (const auto *DC = dyn_cast<CXXDestructorCall>(&Call)) { in checkPreCall()
2883 if (const AnyFunctionCall *FC = dyn_cast<AnyFunctionCall>(&Call)) { in checkPreCall()
2888 if (ChecksEnabled[CK_MallocChecker] && isFreeingCall(Call)) in checkPreCall()
2893 if (const CXXInstanceCall *CC = dyn_cast<CXXInstanceCall>(&Call)) { in checkPreCall()
2900 for (unsigned I = 0, E = Call.getNumArgs(); I != E; ++I) { in checkPreCall()
2901 SVal ArgSVal = Call.getArgSVal(I); in checkPreCall()
2906 if (checkUseAfterFree(Sym, C, Call.getArgExpr(I))) in checkPreCall()
2998 const CallEvent &Call, CheckerContext &C) const { in suppressDeallocationsInSuspiciousContexts() argument
2999 if (Call.getNumArgs() == 0) in suppressDeallocationsInSuspiciousContexts()
3017 for (const Expr *Arg : cast<CallExpr>(Call.getOriginExpr())->arguments()) in suppressDeallocationsInSuspiciousContexts()
3116 const CallEvent *Call, in mayFreeAnyEscapedMemoryOrIsModeledExplicitly() argument
3119 assert(Call); in mayFreeAnyEscapedMemoryOrIsModeledExplicitly()
3126 if (!isa<SimpleFunctionCall, ObjCMethodCall>(Call)) in mayFreeAnyEscapedMemoryOrIsModeledExplicitly()
3130 if (const ObjCMethodCall *Msg = dyn_cast<ObjCMethodCall>(Call)) { in mayFreeAnyEscapedMemoryOrIsModeledExplicitly()
3133 if (!Call->isInSystemHeader() || Call->argumentsMayEscape()) in mayFreeAnyEscapedMemoryOrIsModeledExplicitly()
3181 const FunctionDecl *FD = cast<SimpleFunctionCall>(Call)->getDecl(); in mayFreeAnyEscapedMemoryOrIsModeledExplicitly()
3187 if (isMemCall(*Call)) in mayFreeAnyEscapedMemoryOrIsModeledExplicitly()
3191 if (!Call->isInSystemHeader()) in mayFreeAnyEscapedMemoryOrIsModeledExplicitly()
3206 for (unsigned i = 1; i < Call->getNumArgs(); ++i) { in mayFreeAnyEscapedMemoryOrIsModeledExplicitly()
3207 const Expr *ArgE = Call->getArgExpr(i)->IgnoreParenCasts(); in mayFreeAnyEscapedMemoryOrIsModeledExplicitly()
3222 if (Call->getNumArgs() >= 4 && Call->getArgSVal(4).isConstant(0)) in mayFreeAnyEscapedMemoryOrIsModeledExplicitly()
3230 if (Call->getNumArgs() >= 1) { in mayFreeAnyEscapedMemoryOrIsModeledExplicitly()
3231 const Expr *ArgE = Call->getArgExpr(0)->IgnoreParenCasts(); in mayFreeAnyEscapedMemoryOrIsModeledExplicitly()
3266 if (Call->argumentsMayEscape()) in mayFreeAnyEscapedMemoryOrIsModeledExplicitly()
3276 const CallEvent *Call, in checkPointerEscape() argument
3278 return checkPointerEscapeAux(State, Escaped, Call, Kind, in checkPointerEscape()
3284 const CallEvent *Call, in checkConstPointerEscape() argument
3287 return checkPointerEscapeAux(State, Escaped, Call, Kind, in checkConstPointerEscape()
3298 const CallEvent *Call, PointerEscapeKind Kind, in checkPointerEscapeAux() argument
3304 !mayFreeAnyEscapedMemoryOrIsModeledExplicitly(Call, State, in checkPointerEscapeAux()
3449 CallEventRef<> Call = CEMgr.getSimpleCall(CallE, state, CurrentLC); in VisitNode() local
3450 if (const auto *D = dyn_cast_or_null<NamedDecl>(Call->getDecl())) in VisitNode()