#include "AllocationState.h"
#include "InterCheckerAPI.h"
#include "NoOwnershipChangeVisitor.h"
#include "clang/AST/Attr.h"
#include "clang/AST/DeclCXX.h"
#include "clang/AST/DeclTemplate.h"
#include "clang/AST/Expr.h"
#include "clang/AST/ExprCXX.h"
#include "clang/AST/ParentMap.h"
#include "clang/ASTMatchers/ASTMatchFinder.h"
#include "clang/ASTMatchers/ASTMatchers.h"
#include "clang/Analysis/ProgramPoint.h"
#include "clang/Basic/LLVM.h"
#include "clang/Basic/SourceManager.h"
#include "clang/Basic/TargetInfo.h"
#include "clang/Lex/Lexer.h"
#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
#include "clang/StaticAnalyzer/Checkers/Taint.h"
#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
#include "clang/StaticAnalyzer/Core/BugReporter/CommonBugCategories.h"
#include "clang/StaticAnalyzer/Core/Checker.h"
#include "clang/StaticAnalyzer/Core/CheckerManager.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/CallDescription.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerHelpers.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/DynamicExtent.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/ExplodedGraph.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramStateTrait.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState_Fwd.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/SVals.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/StoreRef.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h"
#include "llvm/ADT/STLExtras.h"
#include "llvm/ADT/SetOperations.h"
#include "llvm/ADT/StringExtras.h"
#include "llvm/Support/Casting.h"
#include "llvm/Support/Compiler.h"
#include "llvm/Support/ErrorHandling.h"
#include "llvm/Support/raw_ostream.h"
#include <functional>
#include <optional>
#include <utility>

Namespaces
namespace	clang
	The JSON file list parser is used to communicate input to InstallAPI.

namespace	clang::ento

namespace	clang::ento::allocation_state

Macros
#define	CASE(ID) case ID: OS << #ID; break;

#define	CHECK_FN(NAME) void NAME(const CallEvent &Call, CheckerContext &C) const;

#define	REGISTER_CHECKER(name)

Functions
static bool	printMemFnName (raw_ostream &os, CheckerContext &C, const Expr *E)
	Print names of allocators and deallocators.

static void	printExpectedAllocName (raw_ostream &os, AllocationFamily Family)
	Print expected name of an allocator based on the deallocator's family derived from the DeallocExpr.

static void	printExpectedDeallocName (raw_ostream &os, AllocationFamily Family)
	Print expected name of a deallocator based on the allocator's family.

static bool	isReleased (SymbolRef Sym, CheckerContext &C)
	Check if the memory associated with this symbol was released.

static ProgramStateRef	MallocUpdateRefState (CheckerContext &C, const Expr *E, ProgramStateRef State, AllocationFamily Family, std::optional< SVal > RetVal=std::nullopt)
	Update the RefState to reflect the new memory allocation.

static bool	isStandardNewDelete (const FunctionDecl *FD)
	Tells if the callee is one of the builtin new/delete operators, including placement operators and other standard overloads.

static bool	isStandardNewDelete (const CallEvent &Call)

static bool	isStandardRealloc (const CallEvent &Call)

static bool	isGRealloc (const CallEvent &Call)

static bool	isFromStdNamespace (const CallEvent &Call)

static QualType	getDeepPointeeType (QualType T)

static bool	hasNonTrivialConstructorCall (const CXXNewExpr *NE)

static bool	isKnownDeallocObjCMethodName (const ObjCMethodCall &Call)

static std::optional< bool >	getFreeWhenDoneArg (const ObjCMethodCall &Call)

static bool	didPreviousFreeFail (ProgramStateRef State, SymbolRef Sym, SymbolRef &RetStatusSymbol)
	Checks if the previous call to free on the given symbol failed - if free failed, returns true.

static void	printOwnershipTakesList (raw_ostream &os, CheckerContext &C, const Expr *E)

static bool	checkIfNewOrNewArrayFamily (const RefState *RS)

static SymbolRef	findFailedReallocSymbol (ProgramStateRef currState, ProgramStateRef prevState)

static bool	isReferenceCountingPointerDestructor (const CXXDestructorDecl *DD)

ProgramStateRef	clang::ento::allocation_state::markReleased (ProgramStateRef State, SymbolRef Sym, const Expr *Origin)

Macro Definition Documentation

◆ CASE

#define CASE ( ID ) case ID: OS << #ID; break;

◆ CHECK_FN

#define CHECK_FN ( NAME ) void NAME(const CallEvent &Call, CheckerContext &C) const;

Definition at line 405 of file MallocChecker.cpp.

◆ REGISTER_CHECKER

#define REGISTER_CHECKER ( name )

Value:

  void ento::register##name(CheckerManager &mgr) {                             \
    MallocChecker *checker = mgr.getChecker<MallocChecker>();                  \
    checker->ChecksEnabled[MallocChecker::CK_##name] = true;                   \
    checker->CheckNames[MallocChecker::CK_##name] =                            \
        mgr.getCurrentCheckerName();                                           \
  }                                                                            \
                                                                               \
  bool ento::shouldRegister##name(const CheckerManager &mgr) { return true; }

Definition at line 3800 of file MallocChecker.cpp.

Function Documentation

◆ checkIfNewOrNewArrayFamily()

static bool checkIfNewOrNewArrayFamily ( const RefState * RS )

static

Definition at line 3466 of file MallocChecker.cpp.

◆ didPreviousFreeFail()

static bool didPreviousFreeFail	(	ProgramStateRef	State,
		SymbolRef	Sym,
		SymbolRef &	RetStatusSymbol
	)

static

Checks if the previous call to free on the given symbol failed - if free failed, returns true.

Also, returns the corresponding return value symbol.

Definition at line 1922 of file MallocChecker.cpp.

References clang::ento::ConditionTruthVal::isConstrainedTrue(), and clang::ento::ConstraintManager::isNull().

◆ findFailedReallocSymbol()

static SymbolRef findFailedReallocSymbol	(	ProgramStateRef	currState,
		ProgramStateRef	prevState
	)

static

Definition at line 3509 of file MallocChecker.cpp.

◆ getDeepPointeeType()

static QualType getDeepPointeeType ( QualType T )

static

Definition at line 1591 of file MallocChecker.cpp.

References clang::Type::getPointeeType(), and clang::T.

Referenced by hasNonTrivialConstructorCall().

◆ getFreeWhenDoneArg()

static std::optional< bool > getFreeWhenDoneArg ( const ObjCMethodCall & Call )

static

Definition at line 1686 of file MallocChecker.cpp.

References clang::Call.

◆ hasNonTrivialConstructorCall()

static bool hasNonTrivialConstructorCall ( const CXXNewExpr * NE )

static

Returns: true if the constructor invoked by NE has an argument of a pointer/reference to a record type.

Definition at line 1602 of file MallocChecker.cpp.

References clang::Type::getAsCXXRecordDecl(), clang::CXXConstructExpr::getConstructor(), getDeepPointeeType(), clang::Type::getPointeeType(), clang::QualType::isNull(), and clang::FunctionDecl::parameters().

◆ isFromStdNamespace()

static bool isFromStdNamespace ( const CallEvent & Call )

static

Definition at line 1392 of file MallocChecker.cpp.

References clang::Call, and clang::Decl::isInStdNamespace().

◆ isGRealloc()

static bool isGRealloc ( const CallEvent & Call )

static

Definition at line 1218 of file MallocChecker.cpp.

References clang::Call, clang::Decl::getASTContext(), clang::FunctionDecl::getDeclaredReturnType(), clang::QualType::getDesugaredType(), clang::FunctionDecl::getParamDecl(), and clang::ValueDecl::getType().

◆ isKnownDeallocObjCMethodName()

static bool isKnownDeallocObjCMethodName ( const ObjCMethodCall & Call )

static

Definition at line 1674 of file MallocChecker.cpp.

References clang::Call.

◆ isReferenceCountingPointerDestructor()

static bool isReferenceCountingPointerDestructor ( const CXXDestructorDecl * DD )

static

Definition at line 3523 of file MallocChecker.cpp.

References clang::NamedDecl::getIdentifier(), clang::IdentifierInfo::getName(), and clang::CXXMethodDecl::getParent().

◆ isReleased()

static bool isReleased	(	SymbolRef	Sym,
		CheckerContext &	C
	)

static

Check if the memory associated with this symbol was released.

Definition at line 3161 of file MallocChecker.cpp.

References clang::C.

◆ isStandardNewDelete() [1/2]

static bool isStandardNewDelete ( const CallEvent & Call )

static

Definition at line 321 of file MallocChecker.cpp.

References clang::Call, and isStandardNewDelete().

◆ isStandardNewDelete() [2/2]

static bool isStandardNewDelete ( const FunctionDecl * FD )

static

Tells if the callee is one of the builtin new/delete operators, including placement operators and other standard overloads.

Definition at line 1034 of file MallocChecker.cpp.

References clang::Decl::getASTContext(), clang::Decl::getLocation(), clang::FunctionDecl::getOverloadedOperator(), clang::ASTContext::getSourceManager(), clang::SourceManager::isInSystemHeader(), and clang::SourceLocation::isValid().

Referenced by isStandardNewDelete().

◆ isStandardRealloc()

static bool isStandardRealloc ( const CallEvent & Call )

static

Definition at line 1207 of file MallocChecker.cpp.

References clang::Call, clang::Decl::getASTContext(), clang::FunctionDecl::getDeclaredReturnType(), clang::QualType::getDesugaredType(), clang::FunctionDecl::getParamDecl(), and clang::ValueDecl::getType().

◆ MallocUpdateRefState()

static ProgramStateRef MallocUpdateRefState	(	CheckerContext &	C,
		const Expr *	E,
		ProgramStateRef	State,
		AllocationFamily	Family,
		std::optional< SVal >	RetVal = `std::nullopt`
	)

static

Update the RefState to reflect the new memory allocation.

The optional RetVal parameter specifies the newly allocated pointer value; if unspecified, the value of expression E is used.

Definition at line 1848 of file MallocChecker.cpp.

References clang::C, and E.

◆ printExpectedAllocName()

static void printExpectedAllocName	(	raw_ostream &	os,
		AllocationFamily	Family
	)

static

Print expected name of an allocator based on the deallocator's family derived from the DeallocExpr.

Definition at line 1998 of file MallocChecker.cpp.

◆ printExpectedDeallocName()

static void printExpectedDeallocName	(	raw_ostream &	os,
		AllocationFamily	Family
	)

static

Print expected name of a deallocator based on the allocator's family.

Definition at line 2025 of file MallocChecker.cpp.

◆ printMemFnName()

static bool printMemFnName	(	raw_ostream &	os,
		CheckerContext &	C,
		const Expr *	E
	)

static

Print names of allocators and deallocators.

Returns: true on success.

Definition at line 1956 of file MallocChecker.cpp.

References E, clang::getOperatorSpelling(), clang::FunctionDecl::isOverloadedOperator(), and clang::Decl::print().

◆ printOwnershipTakesList()

static void printOwnershipTakesList	(	raw_ostream &	os,
		CheckerContext &	C,
		const Expr *	E
	)

static

Definition at line 1935 of file MallocChecker.cpp.

References E, clang::CallExpr::getDirectCallee(), clang::NamedDecl::getName(), and clang::Decl::specific_attrs().

Namespaces

Macros

Functions

Macro Definition Documentation

◆ CASE

◆ CHECK_FN

◆ REGISTER_CHECKER

Function Documentation

◆ checkIfNewOrNewArrayFamily()

◆ didPreviousFreeFail()

◆ findFailedReallocSymbol()

◆ getDeepPointeeType()

◆ getFreeWhenDoneArg()

◆ hasNonTrivialConstructorCall()

◆ isFromStdNamespace()

◆ isGRealloc()

◆ isKnownDeallocObjCMethodName()

◆ isReferenceCountingPointerDestructor()

◆ isReleased()

◆ isStandardNewDelete() [1/2]

◆ isStandardNewDelete() [2/2]

◆ isStandardRealloc()

◆ MallocUpdateRefState()

◆ printExpectedAllocName()

◆ printExpectedDeallocName()

◆ printMemFnName()

◆ printOwnershipTakesList()