Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://clang.llvm.org/doxygen/MallocChecker_8cpp_source.html below:

clang: lib/StaticAnalyzer/Checkers/MallocChecker.cpp Source File

;

std::placeholders;

AllocationFamilyKind {

AllocationFamily {

AllocationFamilyKind

;

std::optional<StringRef> CustomName;

AllocationFamily(AllocationFamilyKind AKind,

std::optional<StringRef> Name = std::nullopt)

:

(AKind), CustomName(Name) {

assert((Kind != AF_Custom || CustomName.has_value()) &&

);

(Kind == AF_Custom && CustomName.value() ==

) {

CustomName = std::nullopt;

std::tie(Kind, CustomName) == std::tie(

.Kind,

.CustomName);

!(*

==

);

Profile(llvm::FoldingSetNodeID &ID)

{

.AddInteger(Kind);

(Kind == AF_Custom)

.AddString(CustomName.value());

AllocationFamily Family;

RefState(Kind k,

*

, AllocationFamily family)

: S(

), K(k), Family(family) {

assert(family.Kind != AF_None);

isAllocated()

{

K == Allocated; }

isAllocatedOfSizeZero()

{

K == AllocatedOfSizeZero; }

()

{

K == Released; }

isRelinquished()

{

K == Relinquished; }

isEscaped()

{

K == Escaped; }

AllocationFamily getAllocationFamily()

{

Family; }

*getStmt()

{

S; }

K ==

.K && S ==

.S && Family ==

.Family;

RefState getAllocated(AllocationFamily family,

*

) {

RefState(Allocated,

, family);

RefState getAllocatedOfSizeZero(

RefState *RS) {

RefState(AllocatedOfSizeZero, RS->getStmt(),

RS->getAllocationFamily());

RefState getReleased(AllocationFamily family,

*

) {

RefState(Released,

, family);

RefState getRelinquished(AllocationFamily family,

*

) {

RefState(Relinquished,

, family);

RefState getEscaped(

RefState *RS) {

RefState(Escaped, RS->getStmt(), RS->getAllocationFamily());

Profile(llvm::FoldingSetNodeID &ID)

{

LLVM_DUMP_METHOD

(raw_ostream &OS)

{

(AllocatedOfSizeZero)

LLVM_DUMP_METHOD

()

{

(llvm::errs()); }

AllocationFamily Family,

std::optional<SVal> RetVal = std::nullopt);

OwnershipAfterReallocKind {

OAR_ToBeFreedAfterFailure,

OAR_DoNotTrackAfterFailure

OwnershipAfterReallocKind

;

ReallocPair(

S, OwnershipAfterReallocKind K)

: ReallocatedSym(S),

(K) {}

Profile(llvm::FoldingSetNodeID &ID)

{

.AddInteger(Kind);

.AddPointer(ReallocatedSym);

ReallocatedSym ==

.ReallocatedSym &&

(!

.getDecl() || !isa<FunctionDecl>(

.getDecl()))

(!

.getDecl() || !isa<FunctionDecl>(

.getDecl()))

:

<check::DeadSymbols, check::PointerEscape,

check::ConstPointerEscape, check::PreStmt<ReturnStmt>,

check::EndFunction, check::PreCall, check::PostCall,

eval::Call, check::NewAllocator,

check::PostStmt<BlockExpr>, check::PostObjCMessage,

check::Location, eval::Assume> {

ShouldIncludeOwnershipAnnotatedFunctions =

;

ShouldRegisterNoOwnershipChangeVisitor =

;

CK_NewDeleteLeaksChecker,

CK_MismatchedDeallocatorChecker,

CK_InnerPointerChecker,

CK_TaintedAllocChecker,

LeakInfo = std::pair<const ExplodedNode *, const MemRegion *>;

ChecksEnabled[CK_NumCheckKinds] = {

};

Assumption)

;

checkLocation(

l,

isLoad,

*S,

*NL,

*Sep)

;

std::unique_ptr<BugType> BT_DoubleFree[CK_NumCheckKinds];

std::unique_ptr<BugType> BT_DoubleDelete;

std::unique_ptr<BugType> BT_Leak[CK_NumCheckKinds];

std::unique_ptr<BugType> BT_UseFree[CK_NumCheckKinds];

std::unique_ptr<BugType> BT_BadFree[CK_NumCheckKinds];

std::unique_ptr<BugType> BT_FreeAlloca[CK_NumCheckKinds];

std::unique_ptr<BugType> BT_MismatchedDealloc;

std::unique_ptr<BugType> BT_OffsetFree[CK_NumCheckKinds];

std::unique_ptr<BugType> BT_UseZerroAllocated[CK_NumCheckKinds];

std::unique_ptr<BugType> BT_TaintedAlloc;

{{CDM::CLibrary, {

}, 3}, &MallocChecker::preGetdelim},

{{CDM::CLibrary, {

}, 4}, &MallocChecker::preGetdelim},

{{CDM::CLibrary, {

}, 3}, &MallocChecker::checkGetdelim},

{{CDM::CLibrary, {

}, 4}, &MallocChecker::checkGetdelim},

{{CDM::CLibrary, {

}, 1}, &MallocChecker::checkFree},

{{CDM::CLibrary, {

}, 1},

&MallocChecker::checkIfFreeNameIndex},

{{CDM::CLibrary, {

}, 1}, &MallocChecker::checkFree},

{{CDM::CLibrary, {

}, 1}, &MallocChecker::checkFree},

isFreeingOwnershipAttrCall(

&

);

isAllocatingOwnershipAttrCall(

&

);

NoMemOwnershipChangeVisitor;

{{CDM::CLibrary, {

}, 1}, &MallocChecker::checkAlloca},

{{CDM::CLibrary, {

}, 1}, &MallocChecker::checkAlloca},

{{CDM::CLibrary, {

}, 2},

&MallocChecker::checkAlloca},

{{CDM::CLibrary, {

}, 1}, &MallocChecker::checkBasicAlloc},

{{CDM::CLibrary, {

}, 3}, &MallocChecker::checkKernelMalloc},

{{CDM::CLibrary, {

}, 2}, &MallocChecker::checkCalloc},

{{CDM::CLibrary, {

}, 1}, &MallocChecker::checkBasicAlloc},

{{CDM::CLibrary, {

}, 2}, &MallocChecker::checkStrdup},

{{CDM::CLibrary, {

}, 1}, &MallocChecker::checkStrdup},

{{CDM::CLibrary, {

}, 1}, &MallocChecker::checkStrdup},

{{CDM::CLibrary, {

}, 2}, &MallocChecker::checkKernelMalloc},

{{CDM::CLibrary, {

}, 1}, &MallocChecker::checkIfNameIndex},

{{CDM::CLibrary, {

}, 1}, &MallocChecker::checkStrdup},

{{CDM::CLibrary, {

}, 1}, &MallocChecker::checkStrdup},

{{CDM::CLibrary, {

}, 1}, &MallocChecker::checkBasicAlloc},

{{CDM::CLibrary, {

}, 1}, &MallocChecker::checkGMalloc0},

{{CDM::CLibrary, {

}, 1}, &MallocChecker::checkBasicAlloc},

{{CDM::CLibrary, {

}, 1}, &MallocChecker::checkGMalloc0},

{{CDM::CLibrary, {

}, 2}, &MallocChecker::checkGMemdup},

{{CDM::CLibrary, {

}, 2}, &MallocChecker::checkGMallocN},

{{CDM::CLibrary, {

}, 2}, &MallocChecker::checkGMallocN0},

{{CDM::CLibrary, {

}, 2}, &MallocChecker::checkGMallocN},

{{CDM::CLibrary, {

}, 2}, &MallocChecker::checkGMallocN0},

{{CDM::CLibrary, {

}, 2},

std::bind(&MallocChecker::checkRealloc, _1,

, _3, _4,

)},

{{CDM::CLibrary, {

}, 2},

std::bind(&MallocChecker::checkRealloc, _1,

, _3, _4,

)},

{{CDM::CLibrary, {

}, 2},

std::bind(&MallocChecker::checkRealloc, _1,

, _3, _4,

)},

{{CDM::CLibrary, {

}, 2},

std::bind(&MallocChecker::checkRealloc, _1,

, _3, _4,

)},

{{CDM::CLibrary, {

}, 3}, &MallocChecker::checkReallocN},

{{CDM::CLibrary, {

}, 3}, &MallocChecker::checkReallocN},

hasOwnershipTakesHolds(

&

)

;

AllocationFamily Family)

;

AllocationFamily Family)

;

std::optional<uint64_t> KernelZeroFlagVal;

KernelZeroSizePtrValueTy = std::optional<int>;

std::optional<KernelZeroSizePtrValueTy> KernelZeroSizePtrValue;

AllocationFamily Family)

;

std::optional<SVal> RetVal = std::nullopt);

isAlloca)

;

AllocationFamily Family)

;

[[nodiscard]] std::optional<ProgramStateRef>

OwnershipAttr *Att,

,

Hold,

&IsKnownToBeAllocated,

AllocationFamily Family,

ReturnsNullOnFailure =

)

;

AllocationFamily Family,

ReturnsNullOnFailure =

,

std::optional<SVal> ArgValOpt = {})

;

SuffixWithN =

)

;

*BlockBytes);

suppressDeallocationsInSuspiciousContexts(

&

,

*S)

;

mayFreeAnyEscapedMemoryOrIsModeledExplicitly(

*

,

IsConstPointerEscape)

;

std::optional<CheckKind> getCheckIfTracked(AllocationFamily Family,

IsALeakCheck =

)

;

IsALeakCheck =

)

;

SummarizeValue(raw_ostream &os,

);

SummarizeRegion(raw_ostream &os,

*MR);

*DeallocExpr,

AllocationFamily Family)

;

*DeallocExpr,

RefState *RS,

Sym,

OwnershipTransferred)

;

*DeallocExpr, AllocationFamily Family,

*AllocExpr =

)

;

*FreeExpr,

AllocationFamily Family)

;

isFreeingCallAsWritten(

&

)

{

*MallocChk =

MallocChecker *

(&

);

(MallocChk->FreeingMemFnMap.lookupAsWritten(

) ||

MallocChk->ReallocatingMemFnMap.lookupAsWritten(

))

(

*

=

llvm::dyn_cast_or_null<FunctionDecl>(

.getCalleeDecl()))

MallocChecker::isFreeingOwnershipAttrCall(

);

CallEnterState->get<RegionState>(Sym) !=

CallExitEndState->get<RegionState>(Sym);

doesFnIntendToHandleOwnership(

*Callee,

*FD = dyn_cast<FunctionDecl>(Callee);

(

*

= Match.getNodeAs<

>(

))

(isFreeingCallAsWritten(*

))

N->getState()->getStateManager().getContext().getSourceManager());

std::make_shared<PathDiagnosticEventPiece>(

L,

);

Profile(llvm::FoldingSetNodeID &ID)

{

.AddPointer(&Tag);

NotificationMode {

, ReallocationFailed };

NotificationMode Mode;

MallocBugVisitor(

S,

isLeak =

)

: Sym(S), Mode(

), FailedReallocSymbol(nullptr),

ReleaseFunctionLC(nullptr), IsLeak(isLeak) {}

*getTag() {

(llvm::FoldingSetNodeID &ID)

{

.AddPointer(getTag());

isAllocated(

RefState *RSCurr,

RefState *RSPrev,

(isa_and_nonnull<CallExpr, CXXNewExpr>(

) &&

(RSCurr->isAllocated() || RSCurr->isAllocatedOfSizeZero())) &&

!(RSPrev->isAllocated() || RSPrev->isAllocatedOfSizeZero())));

(

RefState *RSCurr,

RefState *RSPrev,

(RSCurr && RSCurr->isReleased()) && (!RSPrev || !RSPrev->isReleased());

assert(!IsReleased || (isa_and_nonnull<CallExpr, CXXDeleteExpr>(

)) ||

(!

&& RSCurr->getAllocationFamily().Kind == AF_InnerBuffer));

isRelinquished(

RefState *RSCurr,

RefState *RSPrev,

*

) {

isa_and_nonnull<CallExpr, ObjCMessageExpr, ObjCPropertyRefExpr>(

) &&

(RSCurr && RSCurr->isRelinquished()) &&

(!RSPrev || !RSPrev->isRelinquished()));

hasReallocFailed(

RefState *RSCurr,

RefState *RSPrev,

((!isa_and_nonnull<CallExpr>(

)) &&

(RSCurr->isAllocated() || RSCurr->isAllocatedOfSizeZero())) &&

!(RSPrev->isAllocated() || RSPrev->isAllocatedOfSizeZero())));

std::make_shared<PathDiagnosticEventPiece>(L, BR.

(),

StackHintGeneratorForReallocationFailed

StackHintGeneratorForReallocationFailed(

S, StringRef M)

std::string getMessageForArg(

*ArgE,

ArgIndex)

{

llvm::raw_svector_ostream os(buf);

os <<

<< ArgIndex << llvm::getOrdinalSuffix(ArgIndex)

<<

;

std::string(os.str());

;

state = state->remove<RegionState>(sym);

(Kind != OO_New && Kind != OO_Array_New)

(Kind != OO_Delete && Kind != OO_Array_Delete)

HasBody = FD->

();

L.

() || (!HasBody &&

.isInSystemHeader(L));

MallocChecker::isFreeingOwnershipAttrCall(

&

) {

*

= dyn_cast_or_null<FunctionDecl>(

.getDecl());

&& isFreeingOwnershipAttrCall(

);

MallocChecker::isFreeingOwnershipAttrCall(

*

) {

(

->hasAttrs()) {

(

*I :

->specific_attrs<OwnershipAttr>()) {

OwnershipAttr::OwnershipKind OwnKind = I->getOwnKind();

(OwnKind == OwnershipAttr::Takes || OwnKind == OwnershipAttr::Holds)

MallocChecker::isFreeingCall(

&

)

{

(FreeingMemFnMap.lookup(

) || ReallocatingMemFnMap.lookup(

))

isFreeingOwnershipAttrCall(

);

MallocChecker::isAllocatingOwnershipAttrCall(

&

) {

*

= dyn_cast_or_null<FunctionDecl>(

.getDecl());

&& isAllocatingOwnershipAttrCall(

);

MallocChecker::isAllocatingOwnershipAttrCall(

*

) {

(

*I :

->specific_attrs<OwnershipAttr>()) {

(I->getOwnKind() == OwnershipAttr::Returns)

MallocChecker::isMemCall(

&

)

{

(FreeingMemFnMap.lookup(

) || AllocatingMemFnMap.lookup(

) ||

AllocaMemFnMap.lookup(

) || ReallocatingMemFnMap.lookup(

))

(!ShouldIncludeOwnershipAnnotatedFunctions)

*

= dyn_cast<FunctionDecl>(

.getDecl());

&&

->hasAttr<OwnershipAttr>();

std::optional<ProgramStateRef>

(!KernelZeroFlagVal) {

llvm::Triple::FreeBSD:

KernelZeroFlagVal = 0x0100;

llvm::Triple::NetBSD:

KernelZeroFlagVal = 0x0002;

llvm::Triple::OpenBSD:

KernelZeroFlagVal = 0x0008;

llvm::Triple::Linux:

KernelZeroFlagVal = 0x8000;

std::nullopt;

(

.getNumArgs() < 2)

std::nullopt;

*FlagsEx =

.getArgExpr(

.getNumArgs() - 1);

=

.getSVal(FlagsEx);

(!isa<NonLoc>(

)) {

std::nullopt;

ZeroFlag =

.getSValBuilder()

.makeIntVal(*KernelZeroFlagVal, FlagsEx->

())

MaskedFlagsUC =

.getSValBuilder().evalBinOpNN(State, BO_And,

std::nullopt;

std::tie(TrueState, FalseState) = State->assume(MaskedFlags);

(TrueState && !FalseState) {

ZeroVal =

.getSValBuilder().makeZeroVal(Ctx.

);

MallocMemAux(

,

,

.getArgExpr(0), ZeroVal, TrueState,

AllocationFamily(AF_Malloc));

std::nullopt;

*BlockBytes) {

BlocksVal =

.getSVal(Blocks);

BlockBytesVal =

.getSVal(BlockBytes);

TotalSize = SB.

(State, BO_Mul, BlocksVal, BlockBytesVal,

AllocationFamily(AF_Malloc));

State = ProcessZeroAllocCheck(

,

, 0, State);

.addTransition(State);

std::optional<ProgramStateRef> MaybeState =

performKernelMalloc(

,

, State);

State = *MaybeState;

AllocationFamily(AF_Malloc));

.addTransition(State);

ShouldFreeOnFail)

{

State = ReallocMemAux(

,

, ShouldFreeOnFail, State,

AllocationFamily(AF_Malloc));

State = ProcessZeroAllocCheck(

,

, 1, State);

.addTransition(State);

State = CallocMem(

,

, State);

State = ProcessZeroAllocCheck(

,

, 0, State);

State = ProcessZeroAllocCheck(

,

, 1, State);

.addTransition(State);

IsKnownToBeAllocatedMemory =

;

(suppressDeallocationsInSuspiciousContexts(

,

))

State = FreeMemAux(

,

, State, 0,

, IsKnownToBeAllocatedMemory,

AllocationFamily(AF_Malloc));

.addTransition(State);

AllocationFamily(AF_Alloca));

State = ProcessZeroAllocCheck(

,

, 0, State);

.addTransition(State);

*CE = dyn_cast_or_null<CallExpr>(

.getOriginExpr());

AllocationFamily(AF_Malloc));

.addTransition(State);

AllocationFamily(AF_IfNameIndex));

.addTransition(State);

IsKnownToBeAllocatedMemory =

;

State = FreeMemAux(

,

, State, 0,

, IsKnownToBeAllocatedMemory,

AllocationFamily(AF_IfNameIndex));

.addTransition(State);

IsKnownToBeAllocatedMemory =

;

*CE = dyn_cast_or_null<CallExpr>(

.getOriginExpr());

AllocationFamily(AF_CXXNew));

State = ProcessZeroAllocCheck(

,

, 0, State);

AllocationFamily(AF_CXXNewArray));

State = ProcessZeroAllocCheck(

,

, 0, State);

State = FreeMemAux(

,

, State, 0,

, IsKnownToBeAllocatedMemory,

AllocationFamily(AF_CXXNew));

OO_Array_Delete:

State = FreeMemAux(

,

, State, 0,

, IsKnownToBeAllocatedMemory,

AllocationFamily(AF_CXXNewArray));

assert(

&&

);

.addTransition(State);

State = MallocMemAux(

,

,

.getArgExpr(0), zeroVal, State,

AllocationFamily(AF_Malloc));

State = ProcessZeroAllocCheck(

,

, 0, State);

.addTransition(State);

AllocationFamily(AF_Malloc));

State = ProcessZeroAllocCheck(

,

, 1, State);

.addTransition(State);

TotalSize = evalMulForBufferSize(

,

.getArgExpr(0),

.getArgExpr(1));

State = MallocMemAux(

,

, TotalSize,

, State,

AllocationFamily(AF_Malloc));

State = ProcessZeroAllocCheck(

,

, 0, State);

State = ProcessZeroAllocCheck(

,

, 1, State);

.addTransition(State);

TotalSize = evalMulForBufferSize(

,

.getArgExpr(0),

.getArgExpr(1));

State = MallocMemAux(

,

, TotalSize,

, State,

AllocationFamily(AF_Malloc));

State = ProcessZeroAllocCheck(

,

, 0, State);

State = ProcessZeroAllocCheck(

,

, 1, State);

.addTransition(State);

assert(FD &&

);

IsKnownToBeAllocated =

;

State = FreeMemAux(

,

.getArgExpr(0),

, State,

,

IsKnownToBeAllocated, AllocationFamily(AF_Malloc),

,

.addTransition(State);

*CE = dyn_cast_or_null<CallExpr>(

.getOriginExpr());

LinePtr =

(!LinePtr || !Size || !LinePtr->getAsRegion())

AllocationFamily(AF_Malloc), *LinePtr));

State = ReallocMemAux(

,

,

, State,

AllocationFamily(AF_Malloc),

State = ProcessZeroAllocCheck(

,

, 1, State);

State = ProcessZeroAllocCheck(

,

, 2, State);

.addTransition(State);

*CE = dyn_cast_or_null<CallExpr>(

.getOriginExpr());

(ShouldIncludeOwnershipAnnotatedFunctions ||

ChecksEnabled[CK_MismatchedDeallocatorChecker]) {

(I->getOwnKind()) {

OwnershipAttr::Returns:

State = MallocMemReturnsAttr(

,

, I, State);

OwnershipAttr::Takes:

OwnershipAttr::Holds:

State = FreeMemAttr(

,

, I, State);

.addTransition(State);

(!

.getOriginExpr())

(

CheckFn *Callback = FreeingMemFnMap.lookup(

)) {

(*Callback)(

, State,

,

);

(

CheckFn *Callback = AllocatingMemFnMap.lookup(

)) {

State = MallocBindRetVal(

,

, State,

);

(*Callback)(

, State,

,

);

(

CheckFn *Callback = ReallocatingMemFnMap.lookup(

)) {

State = MallocBindRetVal(

,

, State,

);

(*Callback)(

, State,

,

);

State = MallocBindRetVal(

,

, State,

);

checkCXXNewOrCXXDelete(State,

,

);

checkCXXNewOrCXXDelete(State,

,

);

(

CheckFn *Callback = AllocaMemFnMap.lookup(

)) {

State = MallocBindRetVal(

,

, State,

);

(*Callback)(

, State,

,

);

(isFreeingOwnershipAttrCall(

)) {

checkOwnershipAttr(State,

,

);

(isAllocatingOwnershipAttrCall(

)) {

State = MallocBindRetVal(

,

, State,

);

checkOwnershipAttr(State,

,

);

*Arg =

;

(

*CE = dyn_cast<CallExpr>(

.getOriginExpr())) {

Arg = CE->

(IndexOfSizeArg);

dyn_cast<CXXNewExpr>(

.getOriginExpr())) {

(

->isArray()) {

Arg = *

->getArraySize();

assert(

&&

);

RetVal = State->getSVal(

.getOriginExpr(),

.getLocationContext());

State->getSVal(Arg,

.getLocationContext()).getAs<

>();

&SvalBuilder = State->getStateManager().getSValBuilder();

std::tie(TrueState, FalseState) =

State->assume(SvalBuilder.

(State, *DefArgVal, Zero));

(TrueState && !FalseState) {

Sym = RetVal->getAsLocSymbol();

RefState *RS = State->get<RegionState>(Sym);

(RS->isAllocated())

TrueState->set<RegionState>(Sym,

RefState::getAllocatedOfSizeZero(RS));

TrueState->add<ReallocSizeZeroSymbols>(Sym);

(!PointeeType.isNull()) {

Result = PointeeType;

PointeeType = PointeeType->getPointeeType();

(!NE->getAllocatedType()->getAsCXXRecordDecl())

(

*CtorParam : CtorD->

()) {

(CtorParamPointeeT.

())

AllocationFamily Family)

{

&PM =

.getLocationContext()->getParentMap();

(

.getOriginExpr()->isArray()) {

(

SizeEx =

->getArraySize())

checkTaintedness(

,

,

.getSVal(*SizeEx), State,

AllocationFamily(AF_CXXNewArray));

State = ProcessZeroAllocCheck(

,

, 0, State,

);

(!

.wasInlined) {

AllocationFamily(

.getOriginExpr()->isArray() ? AF_CXXNewArray

.addTransition(State);

StringRef FirstSlot =

.getSelector().getNameForSlot(0);

FirstSlot ==

||

FirstSlot ==

||

FirstSlot ==

;

(

i = 1; i < S.getNumArgs(); ++i)

(S.getNameForSlot(i) ==

)

!

.getArgSVal(i).isZeroConstant();

std::nullopt;

(

.hasNonZeroCallbackArg())

IsKnownToBeAllocatedMemory;

, IsKnownToBeAllocatedMemory,

AllocationFamily(AF_Malloc),

.addTransition(State);

OwnershipAttr *Att,

attrClassName = Att->getModule()->getName();

Family = AllocationFamily(AF_Custom, attrClassName);

(!Att->args().empty()) {

MallocMemAux(

,

,

.getArgExpr(Att->args_begin()->getASTIndex()),

isAlloca)

{

*CE =

.getOriginExpr();

Count =

.blockCount();

State->BindExpr(CE,

.getLocationContext(), RetVal);

AllocationFamily Family)

{

MallocMemAux(

,

,

.getSVal(SizeEx),

, State, Family);

MallocChecker::reportTaintBug(StringRef Msg,

State,

AllocationFamily Family)

{

(

*N =

.generateNonFatalErrorNode(State,

)) {

(!BT_TaintedAlloc)

BT_TaintedAlloc.reset(

(CheckNames[CK_TaintedAllocChecker],

,

R = std::make_unique<PathSensitiveBugReport>(*BT_TaintedAlloc, Msg, N);

(

TaintedSym : TaintedSyms) {

R->markInteresting(TaintedSym);

.emitReport(std::move(R));

AllocationFamily Family)

{

(!ChecksEnabled[CK_TaintedAllocChecker])

std::vector<SymbolRef> TaintedSyms =

(TaintedSyms.empty())

llvm::APSInt MaxValInt = BVF.

(SizeTy);

std::optional<NonLoc> SizeNL = SizeSVal.

<

>();

Cmp = SVB.

(State, BO_GE, *SizeNL, MaxLength, CmpTy)

[StateTooLarge, StateNotTooLarge] = State->assume(*Cmp);

(!StateTooLarge && StateNotTooLarge) {

std::string

=

;

(

.getCalleeIdentifier())

Callee =

.getCalleeIdentifier()->getName().str();

Callee +

,

State,

, TaintedSyms, Family);

AllocationFamily Family)

{

*CE =

.getOriginExpr();

);

RetVal = State->getSVal(CE,

.getLocationContext());

State = State->bindDefaultInitial(RetVal,

, LCtx);

(

.isUndef())

checkTaintedness(

,

, Size, State, AllocationFamily(AF_Malloc));

AllocationFamily Family,

std::optional<SVal> RetVal) {

RetVal = State->getSVal(

,

.getLocationContext());

(!RetVal->getAs<

>())

Sym = RetVal->getAsLocSymbol();

State->set<RegionState>(Sym, RefState::getAllocated(Family,

));

OwnershipAttr *Att,

attrClassName = Att->getModule()->getName();

Family = AllocationFamily(AF_Custom, attrClassName);

IsKnownToBeAllocated =

;

(

&Arg : Att->args()) {

FreeMemAux(

,

, State, Arg.getASTIndex(),

Att->getOwnKind() == OwnershipAttr::Holds,

IsKnownToBeAllocated, Family);

Hold,

&IsKnownToBeAllocated,

AllocationFamily Family,

ReturnsNullOnFailure)

{

(

.getNumArgs() < (

+ 1))

FreeMemAux(

,

.getArgExpr(

),

, State, Hold,

IsKnownToBeAllocated, Family, ReturnsNullOnFailure);

*Ret = State->get<FreeReturnValue>(Sym);

assert(*Ret &&

);

RetStatusSymbol = *Ret;

*CE = dyn_cast<CallExpr>(

);

(I->getOwnKind() != OwnershipAttr::Takes)

os <<

<< I->getModule()->

() <<

;

(

*CE = dyn_cast<CallExpr>(

)) {

(Msg->isInstanceMessage())

Msg->getSelector().

(os);

(

*NE = dyn_cast<CXXNewExpr>(

)) {

(Family.Kind) {

os <<

;

AF_CXXNewArray:

AF_IfNameIndex:

os <<

;

AF_InnerBuffer:

os <<

;

os << Family.CustomName.value();

assert(

&&

);

(Family.Kind) {

AF_CXXNewArray:

os <<

;

AF_IfNameIndex:

os <<

;

AF_InnerBuffer:

os <<

;

os <<

<< Family.CustomName.value()

assert(

&&

);

Hold,

&IsKnownToBeAllocated,

AllocationFamily Family,

ReturnsNullOnFailure,

std::optional<SVal> ArgValOpt)

{

ArgVal = ArgValOpt.value_or(

.getSVal(ArgExpr));

(!isa<DefinedOrUnknownSVal>(ArgVal))

(!isa<Loc>(location))

std::tie(notNullState, nullState) = State->assume(location);

(nullState && !notNullState)

*ParentExpr =

.getOriginExpr();

(Family.Kind != AF_Malloc || !isArgZERO_SIZE_PTR(State,

, ArgVal))

HandleNonHeapDealloc(

, ArgVal, ArgExpr->

(), ParentExpr,

(isa<BlockDataRegion>(R)) {

HandleNonHeapDealloc(

, ArgVal, ArgExpr->

(), ParentExpr,

(!isa<UnknownSpaceRegion, HeapSpaceRegion>(MS)) {

(isa<AllocaRegion>(R))

HandleNonHeapDealloc(

, ArgVal, ArgExpr->

(), ParentExpr,

RefState *RsBase = State->get<RegionState>(SymBase);

PreviousRetStatusSymbol =

;

IsKnownToBeAllocated =

RsBase && (RsBase->isAllocated() || RsBase->isAllocatedOfSizeZero());

(RsBase->getAllocationFamily().Kind == AF_Alloca) {

((RsBase->isReleased() || RsBase->isRelinquished()) &&

HandleDoubleFree(

, ParentExpr->

(), RsBase->isReleased(),

SymBase, PreviousRetStatusSymbol);

}

(RsBase->isAllocated() || RsBase->isAllocatedOfSizeZero() ||

RsBase->isEscaped()) {

DeallocMatchesAlloc = RsBase->getAllocationFamily() == Family;

(!DeallocMatchesAlloc) {

RsBase, SymBase, Hold);

(Offset.isValid() &&

!Offset.hasSymbolicOffset() &&

Offset.getOffset() != 0) {

*AllocExpr = cast<Expr>(RsBase->getStmt());

HandleOffsetFree(

, ArgVal, ArgExpr->

(), ParentExpr,

HandleFunctionPtrFree(

, ArgVal, ArgExpr->

(), ParentExpr,

State = State->remove<FreeReturnValue>(SymBase);

(ReturnsNullOnFailure) {

RetVal =

.getSVal(ParentExpr);

(RetStatusSymbol) {

.getSymbolManager().addSymbolDependency(SymBase, RetStatusSymbol);

State = State->set<FreeReturnValue>(SymBase, RetStatusSymbol);

assert(!RsBase || (RsBase && RsBase->getAllocationFamily() == Family));

State = State->invalidateRegions({location},

.getOriginExpr(),

.blockCount(),

.getLocationContext(),

State->set<RegionState>(SymBase,

RefState::getRelinquished(Family,

State->set<RegionState>(SymBase,

RefState::getReleased(Family, ParentExpr));

std::optional<MallocChecker::CheckKind>

MallocChecker::getCheckIfTracked(AllocationFamily Family,

IsALeakCheck)

{

(Family.Kind) {

AF_IfNameIndex: {

(ChecksEnabled[CK_MallocChecker])

CK_MallocChecker;

std::nullopt;

AF_CXXNewArray: {

(ChecksEnabled[CK_NewDeleteLeaksChecker])

CK_NewDeleteLeaksChecker;

(ChecksEnabled[CK_NewDeleteChecker])

CK_NewDeleteChecker;

std::nullopt;

AF_InnerBuffer: {

(ChecksEnabled[CK_InnerPointerChecker])

CK_InnerPointerChecker;

std::nullopt;

assert(

&&

);

std::nullopt;

assert(

&&

);

std::nullopt;

std::optional<MallocChecker::CheckKind>

IsALeakCheck)

{

(

.getState()->contains<ReallocSizeZeroSymbols>(Sym))

CK_MallocChecker;

RefState *RS =

.getState()->get<RegionState>(Sym);

getCheckIfTracked(RS->getAllocationFamily(), IsALeakCheck);

MallocChecker::SummarizeValue(raw_ostream &os,

) {

(std::optional<nonloc::ConcreteInt> IntVal =

os <<

<< IntVal->getValue() <<

;

(std::optional<loc::ConcreteInt> ConstAddr =

os <<

<< ConstAddr->getValue() <<

;

os <<

<<

->getLabel()->getName() <<

;

MallocChecker::SummarizeRegion(raw_ostream &os,

MemRegion::FunctionCodeRegionKind: {

*FD = cast<FunctionCodeRegion>(MR)->getDecl();

os <<

<< *FD <<

;

os <<

;

MemRegion::BlockCodeRegionKind:

os <<

;

MemRegion::BlockDataRegionKind:

(isa<StackLocalsSpaceRegion>(MS)) {

*VR = dyn_cast<VarRegion>(MR);

os <<

<< VD->

() <<

;

os <<

;

(isa<StackArgumentsSpaceRegion>(MS)) {

*VR = dyn_cast<VarRegion>(MR);

os <<

<< VD->

() <<

;

os <<

;

(isa<GlobalsSpaceRegion>(MS)) {

*VR = dyn_cast<VarRegion>(MR);

os <<

<< VD->

() <<

;

os <<

<< VD->

() <<

;

os <<

;

*DeallocExpr,

AllocationFamily Family)

{

(!ChecksEnabled[CK_MallocChecker] && !ChecksEnabled[CK_NewDeleteChecker]) {

std::optional<MallocChecker::CheckKind> CheckKind = getCheckIfTracked(Family);

(!BT_BadFree[*CheckKind])

BT_BadFree[*CheckKind].reset(

(

llvm::raw_svector_ostream os(buf);

(

*ER = dyn_cast_or_null<ElementRegion>(MR))

MR = ER->getSuperRegion();

os <<

;

os <<

;

Summarized = MR ? SummarizeRegion(os, MR)

: SummarizeValue(os, ArgVal);

os <<

;

os <<

;

R = std::make_unique<PathSensitiveBugReport>(*BT_BadFree[*CheckKind],

R->markInteresting(MR);

R->addRange(

);

.emitReport(std::move(R));

std::optional<MallocChecker::CheckKind> CheckKind;

(ChecksEnabled[CK_MallocChecker])

CheckKind = CK_MallocChecker;

(ChecksEnabled[CK_MismatchedDeallocatorChecker])

CheckKind = CK_MismatchedDeallocatorChecker;

(!BT_FreeAlloca[*CheckKind])

BT_FreeAlloca[*CheckKind].reset(

(

R = std::make_unique<PathSensitiveBugReport>(

*BT_FreeAlloca[*CheckKind],

, N);

R->addRange(

);

.emitReport(std::move(R));

*DeallocExpr,

OwnershipTransferred)

{

(!ChecksEnabled[CK_MismatchedDeallocatorChecker]) {

(!BT_MismatchedDealloc)

BT_MismatchedDealloc.reset(

(CheckNames[CK_MismatchedDeallocatorChecker],

llvm::raw_svector_ostream os(buf);

*AllocExpr = cast<Expr>(RS->getStmt());

llvm::raw_svector_ostream AllocOs(AllocBuf);

llvm::raw_svector_ostream DeallocOs(DeallocBuf);

(OwnershipTransferred) {

os << DeallocOs.str() <<

;

os <<

;

os <<

<< AllocOs.str();

os <<

<< AllocOs.str();

os <<

;

os <<

<< DeallocOs.str();

R = std::make_unique<PathSensitiveBugReport>(*BT_MismatchedDealloc,

R->markInteresting(Sym);

R->addRange(

);

R->addVisitor<MallocBugVisitor>(Sym);

.emitReport(std::move(R));

AllocationFamily Family,

*AllocExpr)

{

(!ChecksEnabled[CK_MallocChecker] && !ChecksEnabled[CK_NewDeleteChecker]) {

std::optional<MallocChecker::CheckKind> CheckKind = getCheckIfTracked(Family);

(!BT_OffsetFree[*CheckKind])

BT_OffsetFree[*CheckKind].reset(

(

llvm::raw_svector_ostream os(buf);

llvm::raw_svector_ostream AllocNameOs(AllocNameBuf);

assert(MR &&

);

assert((Offset.isValid() &&

!Offset.hasSymbolicOffset() &&

Offset.getOffset() != 0) &&

);

offsetBytes = Offset.getOffset() /

.getASTContext().getCharWidth();

os <<

;

os <<

;

os <<

<< ((

(offsetBytes) > 1) ?

:

)

<<

;

os <<

<< AllocNameOs.str();

os <<

;

R = std::make_unique<PathSensitiveBugReport>(*BT_OffsetFree[*CheckKind],

R->addRange(

);

.emitReport(std::move(R));

(!ChecksEnabled[CK_MallocChecker] && !ChecksEnabled[CK_NewDeleteChecker] &&

!ChecksEnabled[CK_InnerPointerChecker]) {

std::optional<MallocChecker::CheckKind> CheckKind = getCheckIfTracked(

, Sym);

(!BT_UseFree[*CheckKind])

BT_UseFree[*CheckKind].reset(

(

AllocationFamily AF =

.getState()->get<RegionState>(Sym)->getAllocationFamily();

R = std::make_unique<PathSensitiveBugReport>(

*BT_UseFree[*CheckKind],

AF.Kind == AF_InnerBuffer

?

:

,

R->markInteresting(Sym);

R->addRange(

);

R->addVisitor<MallocBugVisitor>(Sym);

(AF.Kind == AF_InnerBuffer)

.emitReport(std::move(R));

(!ChecksEnabled[CK_MallocChecker] && !ChecksEnabled[CK_NewDeleteChecker]) {

std::optional<MallocChecker::CheckKind> CheckKind = getCheckIfTracked(

, Sym);

(!BT_DoubleFree[*CheckKind])

BT_DoubleFree[*CheckKind].reset(

(

R = std::make_unique<PathSensitiveBugReport>(

*BT_DoubleFree[*CheckKind],

(Released ?

:

),

R->addRange(

);

R->markInteresting(Sym);

R->markInteresting(PrevSym);

R->addVisitor<MallocBugVisitor>(Sym);

.emitReport(std::move(R));

(!ChecksEnabled[CK_NewDeleteChecker]) {

std::optional<MallocChecker::CheckKind> CheckKind = getCheckIfTracked(

, Sym);

(!BT_DoubleDelete)

BT_DoubleDelete.reset(

(CheckNames[CK_NewDeleteChecker],

R = std::make_unique<PathSensitiveBugReport>(

*BT_DoubleDelete,

, N);

R->markInteresting(Sym);

R->addVisitor<MallocBugVisitor>(Sym);

.emitReport(std::move(R));

(!ChecksEnabled[CK_MallocChecker] && !ChecksEnabled[CK_NewDeleteChecker]) {

std::optional<MallocChecker::CheckKind> CheckKind = getCheckIfTracked(

, Sym);

(!BT_UseZerroAllocated[*CheckKind])

BT_UseZerroAllocated[*CheckKind].reset(

(CheckNames[*CheckKind],

,

R = std::make_unique<PathSensitiveBugReport>(

*BT_UseZerroAllocated[*CheckKind],

, N);

R->addRange(

);

R->markInteresting(Sym);

R->addVisitor<MallocBugVisitor>(Sym);

.emitReport(std::move(R));

*FreeExpr,

AllocationFamily Family)

{

(!ChecksEnabled[CK_MallocChecker]) {

std::optional<MallocChecker::CheckKind> CheckKind = getCheckIfTracked(Family);

(!BT_BadFree[*CheckKind])

BT_BadFree[*CheckKind].reset(

(

llvm::raw_svector_ostream Os(Buf);

(

*ER = dyn_cast_or_null<ElementRegion>(MR))

MR = ER->getSuperRegion();

Os <<

;

Os <<

;

Os <<

;

R = std::make_unique<PathSensitiveBugReport>(*BT_BadFree[*CheckKind],

R->markInteresting(MR);

R->addRange(

);

.emitReport(std::move(R));

AllocationFamily Family,

SuffixWithN)

{

*CE = cast<CallExpr>(

.getOriginExpr());

Arg0Val =

.getSVal(arg0Expr);

(!isa<DefinedOrUnknownSVal>(Arg0Val))

State, arg0Val, svalBuilder.makeNullWithType(arg0Expr->

()));

TotalSize =

.getSVal(Arg1);

TotalSize = evalMulForBufferSize(

, Arg1, CE->

(2));

(!isa<DefinedOrUnknownSVal>(TotalSize))

svalBuilder.makeIntValWithWidth(

svalBuilder.getContext().getSizeType(), 0));

std::tie(StatePtrIsNull, StatePtrNotNull) = State->assume(PtrEQ);

std::tie(StateSizeIsZero, StateSizeNotZero) = State->assume(SizeZero);

PrtIsNull = StatePtrIsNull && !StatePtrNotNull;

SizeIsZero = StateSizeIsZero && !StateSizeNotZero;

(PrtIsNull && !SizeIsZero) {

(PrtIsNull && SizeIsZero)

IsKnownToBeAllocated =

;

,

, StateSizeIsZero, 0,

, IsKnownToBeAllocated, Family))

FreeMemAux(

,

, State, 0,

, IsKnownToBeAllocated, Family)) {

MallocMemAux(

,

, TotalSize,

(), stateFree, Family);

OwnershipAfterReallocKind

= OAR_ToBeFreedAfterFailure;

(ShouldFreeOnFail)

= OAR_FreeOnFailure;

(!IsKnownToBeAllocated)

= OAR_DoNotTrackAfterFailure;

RetVal = stateRealloc->getSVal(CE,

.getLocationContext());

assert(FromPtr && ToPtr &&

);

stateRealloc = stateRealloc->set<ReallocPairs>(ToPtr,

ReallocPair(FromPtr, Kind));

.getSymbolManager().addSymbolDependency(ToPtr, FromPtr);

stateRealloc;

(

.getNumArgs() < 2)

evalMulForBufferSize(

,

.getArgExpr(0),

.getArgExpr(1));

MallocMemAux(

,

, TotalSize, zeroVal, State,

AllocationFamily(AF_Malloc));

MallocChecker::LeakInfo MallocChecker::getAllocationSite(

*N,

*ReferenceRegion =

;

(!State->get<RegionState>(Sym))

(!ReferenceRegion) {

(

*MR =

.getLocationRegionIfPostStore(N)) {

Val = State->getSVal(MR);

ReferenceRegion = MR;

(NContext == LeakContext ||

LeakInfo(AllocNode, ReferenceRegion);

(!ChecksEnabled[CK_MallocChecker] &&

!ChecksEnabled[CK_NewDeleteLeaksChecker])

RefState *RS =

.getState()->get<RegionState>(Sym);

assert(RS &&

);

AllocationFamily Family = RS->getAllocationFamily();

(Family.Kind == AF_Alloca)

std::optional<MallocChecker::CheckKind> CheckKind =

getCheckIfTracked(Family,

);

(!BT_Leak[*CheckKind]) {

BT_Leak[*CheckKind].reset(

(CheckNames[*CheckKind],

,

std::tie(AllocNode, Region) = getAllocationSite(N, Sym,

);

.getSourceManager(),

llvm::raw_svector_ostream os(buf);

os <<

;

os <<

;

R = std::make_unique<PathSensitiveBugReport>(

*BT_Leak[*CheckKind], os.str(), N, LocUsedForUniqueing,

R->markInteresting(Sym);

R->addVisitor<MallocBugVisitor>(Sym,

);

(ShouldRegisterNoOwnershipChangeVisitor)

R->addVisitor<NoMemOwnershipChangeVisitor>(Sym,

);

.emitReport(std::move(R));

MallocChecker::checkDeadSymbols(

&SymReaper,

RegionStateTy OldRS = state->get<RegionState>();

RegionStateTy::Factory &F = state->get_context<RegionState>();

RegionStateTy RS = OldRS;

(

[Sym, State] : RS) {

(SymReaper.

(Sym)) {

(State.isAllocated() || State.isAllocatedOfSizeZero())

Errors.push_back(Sym);

RS = F.remove(RS, Sym);

assert(state->get<ReallocPairs>() ==

.getState()->get<ReallocPairs>());

assert(state->get<FreeReturnValue>() ==

.getState()->get<FreeReturnValue>());

ReallocPairsTy RP = state->get<ReallocPairs>();

(

[Sym, ReallocPair] : RP) {

(SymReaper.

(Sym) || SymReaper.

(ReallocPair.ReallocatedSym)) {

state = state->remove<ReallocPairs>(Sym);

FreeReturnValueTy FR = state->get<FreeReturnValue>();

(

[Sym, RetSym] : FR) {

(SymReaper.

(Sym) || SymReaper.

(RetSym)) {

state = state->remove<FreeReturnValue>(Sym);

(!Errors.empty()) {

N =

.generateNonFatalErrorNode(

.getState(), &Tag);

HandleLeak(Sym, N,

);

.addTransition(state->set<RegionState>(RS), N);

(

*PostFN = PostFnMap.lookup(

)) {

(*PostFN)(

,

.getState(),

,

);

(

*DC = dyn_cast<CXXDeallocatorCall>(&

)) {

(!ChecksEnabled[CK_NewDeleteChecker])

IsKnownToBeAllocated;

, IsKnownToBeAllocated,

AllocationFamily(DE->

() ? AF_CXXNewArray : AF_CXXNew));

.addTransition(State);

(

*DC = dyn_cast<CXXDestructorCall>(&

)) {

Sym = DC->getCXXThisVal().getAsSymbol();

(!Sym || checkDoubleDelete(Sym,

))

(

*PreFN = PreFnMap.lookup(

)) {

(*PreFN)(

,

.getState(),

,

);

(ChecksEnabled[CK_MallocChecker] && isFreeingCall(

))

Sym = CC->getCXXThisVal().getAsSymbol();

(!Sym || checkUseAfterFree(Sym,

, CC->getCXXThisExpr()))

(

I = 0,

=

.getNumArgs(); I !=

; ++I) {

ArgSVal =

.getArgSVal(I);

(isa<Loc>(ArgSVal)) {

(checkUseAfterFree(Sym,

,

.getArgExpr(I)))

MallocChecker::checkPreStmt(

*S,

checkEscapeOnReturn(S,

);

MallocChecker::checkEndFunction(

*S,

checkEscapeOnReturn(S,

);

MallocChecker::checkEscapeOnReturn(

*S,

*

= S->getRetValue();

RetVal =

.getSVal(

);

(isa<FieldRegion, ElementRegion>(MR))

Sym = BMR->getSymbol();

checkUseAfterFree(Sym,

,

);

MallocChecker::checkPostStmt(

*BE,

cast<BlockDataRegion>(

.getSVal(BE).getAsRegion());

(ReferencedVars.empty())

(

&Var : ReferencedVars) {

*VR = Var.getCapturedRegion();

Regions.push_back(VR);

state->scanReachableSymbols<StopTrackingCallback>(Regions).getState();

.addTransition(state);

RefState *RS =

.getState()->get<RegionState>(Sym);

(RS && RS->isReleased());

MallocChecker::suppressDeallocationsInSuspiciousContexts(

(

.getNumArgs() == 0)

StringRef FunctionStr =

;

(

*FD = dyn_cast<FunctionDecl>(

.getStackFrame()->getDecl()))

(Body->getBeginLoc().isValid())

.getSourceManager(),

.getLangOpts());

(!FunctionStr.contains(

))

(

*Arg : cast<CallExpr>(

.getOriginExpr())->arguments())

(

Sym =

.getSVal(Arg).getAsSymbol())

(

RefState *RS = State->get<RegionState>(Sym))

State = State->set<RegionState>(Sym, RefState::getEscaped(RS));

.addTransition(State);

*S)

{

HandleUseAfterFree(

, S->getSourceRange(), Sym);

*S)

{

(

RefState *RS =

.getState()->get<RegionState>(Sym)) {

(RS->isAllocatedOfSizeZero())

HandleUseZeroAlloc(

, RS->getStmt()->getSourceRange(), Sym);

(

.getState()->contains<ReallocSizeZeroSymbols>(Sym)) {

HandleUseZeroAlloc(

, S->getSourceRange(), Sym);

HandleDoubleDelete(

, Sym);

MallocChecker::checkLocation(

l,

isLoad,

*S,

checkUseAfterFree(Sym,

, S);

checkUseZeroAllocated(Sym,

, S);

Assumption)

{

RegionStateTy RS = state->get<RegionState>();

(

Sym : llvm::make_first_range(RS)) {

state = state->remove<RegionState>(Sym);

ReallocPairsTy RP = state->get<ReallocPairs>();

(

[Sym, ReallocPair] : RP) {

ReallocSym = ReallocPair.ReallocatedSym;

(

RefState *RS = state->get<RegionState>(ReallocSym)) {

(RS->isReleased()) {

(ReallocPair.Kind) {

OAR_ToBeFreedAfterFailure:

state = state->set<RegionState>(ReallocSym,

RefState::getAllocated(RS->getAllocationFamily(), RS->getStmt()));

OAR_DoNotTrackAfterFailure:

state = state->remove<RegionState>(ReallocSym);

assert(ReallocPair.Kind == OAR_FreeOnFailure);

state = state->remove<ReallocPairs>(Sym);

MallocChecker::mayFreeAnyEscapedMemoryOrIsModeledExplicitly(

EscapingSymbol =

;

(!isa<SimpleFunctionCall, ObjCMethodCall>(

))

(!

->isInSystemHeader() ||

->argumentsMayEscape())

*FreeWhenDone;

StringRef FirstSlot = Msg->getSelector().getNameForSlot(0);

(FirstSlot.ends_with(

))

(FirstSlot.starts_with(

) ||

FirstSlot.starts_with(

) ||

FirstSlot.starts_with(

) ||

FirstSlot ==

) {

(Msg->getMethodFamily() ==

) {

EscapingSymbol = Msg->getReceiverSVal().getAsSymbol();

(isMemCall(*

))

(!

->isInSystemHeader())

StringRef FName = II->

();

(FName.ends_with(

)) {

(

i = 1; i <

->getNumArgs(); ++i) {

*ArgE =

->getArgExpr(i)->IgnoreParenCasts();

(

*DE = dyn_cast<DeclRefExpr>(ArgE)) {

StringRef DeallocatorName = DE->getFoundDecl()->getName();

(DeallocatorName ==

)

(FName ==

)

(

->getNumArgs() >= 4 &&

->getArgSVal(4).isConstant(0))

(FName ==

|| FName ==

||

FName ==

|| FName ==

) {

(

->getNumArgs() >= 1) {

*ArgE =

->getArgExpr(0)->IgnoreParenCasts();

(

*ArgDRE = dyn_cast<DeclRefExpr>(ArgE))

(

*

= dyn_cast<VarDecl>(ArgDRE->getDecl()))

(FName ==

||

FName ==

||

FName ==

||

FName ==

||

FName ==

) {

(FName ==

&&

(FName ==

&&

(FName ==

&&

(

->argumentsMayEscape())

checkPointerEscapeAux(State, Escaped,

, Kind,

checkPointerEscapeAux(State, Escaped,

, Kind,

(RS->getAllocationFamily().Kind == AF_CXXNewArray ||

RS->getAllocationFamily().Kind == AF_CXXNew);

IsConstPointerEscape)

{

!mayFreeAnyEscapedMemoryOrIsModeledExplicitly(

, State,

(EscapingSymbol && EscapingSymbol != sym)

(

RefState *RS = State->get<RegionState>(sym))

(RS->isAllocated() || RS->isAllocatedOfSizeZero())

State = State->set<RegionState>(sym, RefState::getEscaped(RS));

ArgVal)

{

(!KernelZeroSizePtrValue)

KernelZeroSizePtrValue =

llvm::APSInt *ArgValKnown =

.getSValBuilder().getKnownValue(State, ArgVal);

ArgValKnown && *KernelZeroSizePtrValue &&

ArgValKnown->getSExtValue() == **KernelZeroSizePtrValue;

ReallocPairsTy currMap = currState->get<ReallocPairs>();

ReallocPairsTy prevMap = prevState->get<ReallocPairs>();

(

ReallocPairsTy::value_type &Pair : prevMap) {

(!currMap.lookup(sym))

StringRef N = II->

();

(N.contains_insensitive(

) || N.contains_insensitive(

)) {

(N.contains_insensitive(

) || N.contains_insensitive(

) ||

N.contains_insensitive(

) ||

N.contains_insensitive(

) || N.ends_with_insensitive(

)) {

RefState *RSCurr = state->get<RegionState>(Sym);

RefState *RSPrev = statePrev->get<RegionState>(Sym);

(!S && (!RSCurr || RSCurr->getAllocationFamily().Kind != AF_InnerBuffer))

(ReleaseFunctionLC && (ReleaseFunctionLC == CurrentLC ||

ReleaseFunctionLC->

(CurrentLC))) {

(

*AE = dyn_cast<AtomicExpr>(S)) {

(Op == AtomicExpr::AO__c11_atomic_fetch_add ||

Op == AtomicExpr::AO__c11_atomic_fetch_sub) {

}

(

*CE = dyn_cast<CallExpr>(S)) {

(

*MD =

std::unique_ptr<StackHintGeneratorForSymbol> StackHint =

;

llvm::raw_svector_ostream OS(Buf);

(isAllocated(RSCurr, RSPrev, S)) {

Msg =

;

StackHint = std::make_unique<StackHintGeneratorForSymbol>(

Sym,

);

}

(

(RSCurr, RSPrev, S)) {

Family = RSCurr->getAllocationFamily();

(Family.Kind) {

AF_CXXNewArray:

AF_IfNameIndex:

Msg =

;

StackHint = std::make_unique<StackHintGeneratorForSymbol>(

Sym,

);

AF_InnerBuffer: {

*

= cast<TypedValueRegion>(ObjRegion);

OS <<

<< ObjTy <<

;

OS <<

;

StackHint = std::make_unique<StackHintGeneratorForSymbol>(

Sym,

);

OS <<

;

*S = RSCurr->getStmt();

(

*MemCallE = dyn_cast<CXXMemberCallExpr>(S)) {

OS << MemCallE->getMethodDecl()->getDeclName();

}

(

*OpCallE = dyn_cast<CXXOperatorCallExpr>(S)) {

OS << OpCallE->getDirectCallee()->getDeclName();

}

(

*CallE = dyn_cast<CallExpr>(S)) {

CEMgr.getSimpleCall(CallE, state, CurrentLC, {

, 0});

(

*

= dyn_cast_or_null<NamedDecl>(

->getDecl()))

OS <<

->getDeclName();

StackHint = std::make_unique<StackHintGeneratorForSymbol>(

Sym,

);

assert(

&&

);

assert(!ReleaseFunctionLC &&

);

(

*DD = dyn_cast<CXXDestructorDecl>(LC->

())) {

}

(isRelinquished(RSCurr, RSPrev, S)) {

Msg =

;

StackHint = std::make_unique<StackHintGeneratorForSymbol>(Sym,

);

}

(hasReallocFailed(RSCurr, RSPrev, S)) {

Mode = ReallocationFailed;

Msg =

;

StackHint = std::make_unique<StackHintGeneratorForReallocationFailed>(

Sym,

);

assert((!FailedReallocSymbol || FailedReallocSymbol == sym) &&

);

FailedReallocSymbol = sym;

}

(Mode == ReallocationFailed) {

assert(FailedReallocSymbol &&

);

(!statePrev->get<RegionState>(FailedReallocSymbol)) {

Msg =

;

StackHint = std::make_unique<StackHintGeneratorForSymbol>(

Sym,

);

FailedReallocSymbol =

;

assert(RSCurr->getAllocationFamily().Kind == AF_InnerBuffer);

= std::make_shared<PathDiagnosticEventPiece>(Pos, Msg,

);

MallocChecker::printState(raw_ostream &Out,

State,

*NL,

*Sep)

{

RegionStateTy RS = State->get<RegionState>();

(!RS.isEmpty()) {

Out << Sep <<

<< NL;

(

[Sym,

] : RS) {

RefState *RefS = State->get<RegionState>(Sym);

AllocationFamily Family = RefS->getAllocationFamily();

std::optional<MallocChecker::CheckKind> CheckKind =

getCheckIfTracked(Family);

CheckKind = getCheckIfTracked(Family,

);

Out <<

<< CheckNames[*CheckKind].getName() <<

;

allocation_state {

AllocationFamily Family(AF_InnerBuffer);

State->set<RegionState>(Sym, RefState::getReleased(Family, Origin));

MallocChecker *checker = mgr.

<MallocChecker>();

checker->ChecksEnabled[MallocChecker::CK_InnerPointerChecker] =

;

checker->CheckNames[MallocChecker::CK_InnerPointerChecker] =

checker->ShouldIncludeOwnershipAnnotatedFunctions =

checker->ShouldRegisterNoOwnershipChangeVisitor =

checker,

);

ento::shouldRegisterDynamicMemoryModeling(

&mgr) {

enum clang::sema::@1704::IndirectLocalPathEntry::EntryKind Kind

static void dump(llvm::raw_ostream &OS, StringRef FunctionName, ArrayRef< CounterExpression > Expressions, ArrayRef< CounterMappingRegion > Regions)

Defines the C++ Decl subclasses, other than those for templates (found in DeclTemplate....

Defines the C++ template declaration subclasses.

Defines the clang::Expr interface and subclasses for C++ expressions.

Forward-declares and imports various common LLVM datatypes that clang wants to use unqualified.

llvm::MachO::Target Target

static bool isFromStdNamespace(const CallEvent &Call)

static bool isStandardNew(const FunctionDecl *FD)

#define REGISTER_CHECKER(name)

static bool hasNonTrivialConstructorCall(const CXXNewExpr *NE)

static QualType getDeepPointeeType(QualType T)

static bool isReleased(SymbolRef Sym, CheckerContext &C)

Check if the memory associated with this symbol was released.

static void printExpectedAllocName(raw_ostream &os, AllocationFamily Family)

Print expected name of an allocator based on the deallocator's family derived from the DeallocExpr.

static bool isStandardDelete(const FunctionDecl *FD)

static bool isReferenceCountingPointerDestructor(const CXXDestructorDecl *DD)

static bool isStandardNewDelete(const T &FD)

Tells if the callee is one of the builtin new/delete operators, including placement operators and oth...

static SymbolRef findFailedReallocSymbol(ProgramStateRef currState, ProgramStateRef prevState)

static bool isGRealloc(const CallEvent &Call)

static void printExpectedDeallocName(raw_ostream &os, AllocationFamily Family)

Print expected name of a deallocator based on the allocator's family.

static bool isStandardRealloc(const CallEvent &Call)

static bool didPreviousFreeFail(ProgramStateRef State, SymbolRef Sym, SymbolRef &RetStatusSymbol)

Checks if the previous call to free on the given symbol failed - if free failed, returns true.

static ProgramStateRef MallocUpdateRefState(CheckerContext &C, const Expr *E, ProgramStateRef State, AllocationFamily Family, std::optional< SVal > RetVal=std::nullopt)

Update the RefState to reflect the new memory allocation.

static bool printMemFnName(raw_ostream &os, CheckerContext &C, const Expr *E)

Print names of allocators and deallocators.

static void printOwnershipTakesList(raw_ostream &os, CheckerContext &C, const Expr *E)

static bool isKnownDeallocObjCMethodName(const ObjCMethodCall &Call)

static std::optional< bool > getFreeWhenDoneArg(const ObjCMethodCall &Call)

static bool checkIfNewOrNewArrayFamily(const RefState *RS)

#define REGISTER_MAP_WITH_PROGRAMSTATE(Name, Key, Value)

Declares an immutable map of type NameTy, suitable for placement into the ProgramState.

#define REGISTER_SET_WITH_PROGRAMSTATE(Name, Elem)

Declares an immutable set of type NameTy, suitable for placement into the ProgramState.

static bool contains(const std::set< tok::TokenKind > &Terminators, const Token &Tok)

Defines the SourceManager interface.

__DEVICE__ long long abs(long long __n)

__device__ __2f16 float __ockl_bool s

Holds long-lived AST nodes (such as types and decls) that can be referred to throughout the semantic ...

SourceManager & getSourceManager()

CanQualType getSizeType() const

Return the unique type for "size_t" (C99 7.17), defined in <stddef.h>.

const TargetInfo & getTargetInfo() const

bool getCheckerBooleanOption(StringRef CheckerName, StringRef OptionName, bool SearchInParents=false) const

Interprets an option's string value as a boolean.

bool hasCaptures() const

True if this block (or its nested blocks) captures anything of local storage from its enclosing scope...

BlockExpr - Adaptor class for mixing a BlockDecl with expressions.

const BlockDecl * getBlockDecl() const

Represents a call to a C++ constructor.

CXXConstructorDecl * getConstructor() const

Get the constructor that this expression will (ultimately) call.

Represents a C++ constructor within a class.

Represents a delete expression for memory deallocation and destructor calls, e.g.

Represents a C++ destructor within a class.

const CXXRecordDecl * getParent() const

Return the parent of this method declaration, which is the class in which this method is defined.

Represents a new-expression for memory allocation and constructor calls, e.g: "new CXXNewExpr(foo)".

Represents a C++ struct/union/class.

CallExpr - Represents a function call (C99 6.5.2.2, C++ [expr.call]).

Expr * getArg(unsigned Arg)

getArg - Return the specified argument.

FunctionDecl * getDirectCallee()

If the callee is a FunctionDecl, return it. Otherwise return null.

unsigned getNumArgs() const

getNumArgs - Return the number of actual arguments to this call.

static CharSourceRange getTokenRange(SourceRange R)

DeclContext * getParent()

getParent - Returns the containing DeclContext.

A reference to a declared variable, function, enum, etc.

Decl - This represents one declaration (or definition), e.g.

bool isInStdNamespace() const

ASTContext & getASTContext() const LLVM_READONLY

llvm::iterator_range< specific_attr_iterator< T > > specific_attrs() const

SourceLocation getLocation() const

void print(raw_ostream &Out, unsigned Indentation=0, bool PrintInstantiation=false) const

virtual Decl * getCanonicalDecl()

Retrieves the "canonical" declaration of the given declaration.

SourceLocation getBeginLoc() const LLVM_READONLY

This represents one expression.

Represents a function declaration or definition.

const ParmVarDecl * getParamDecl(unsigned i) const

Stmt * getBody(const FunctionDecl *&Definition) const

Retrieve the body (definition) of the function.

ArrayRef< ParmVarDecl * > parameters() const

bool isOverloadedOperator() const

Whether this function declaration represents an C++ overloaded operator, e.g., "operator+".

OverloadedOperatorKind getOverloadedOperator() const

getOverloadedOperator - Which C++ overloaded operator this function represents, if any.

QualType getDeclaredReturnType() const

Get the declared return type, which may differ from the actual return type if the return type is dedu...

bool hasBody(const FunctionDecl *&Definition) const

Returns true if the function has a body.

One of these records is kept for each identifier that is lexed.

StringRef getName() const

Return the actual identifier string.

static StringRef getSourceText(CharSourceRange Range, const SourceManager &SM, const LangOptions &LangOpts, bool *Invalid=nullptr)

Returns a string for the source that the range encompasses.

It wraps the AnalysisDeclContext to represent both the call stack with the help of StackFrameContext ...

bool isParentOf(const LocationContext *LC) const

const Decl * getDecl() const

const LocationContext * getParent() const

It might return null.

const StackFrameContext * getStackFrame() const

This represents a decl that may have a name.

IdentifierInfo * getIdentifier() const

Get the identifier that names this declaration, if there is one.

StringRef getName() const

Get the name of identifier for this declaration as a StringRef.

std::string getQualifiedNameAsString() const

std::string getNameAsString() const

Get a human-readable name for the declaration, even if it is one of the special kinds of names (C++ c...

An expression that sends a message to the given Objective-C object or class.

bool isConsumedExpr(Expr *E) const

Represents a program point just after an implicit call event.

std::optional< T > getAs() const

Convert to the specified ProgramPoint type, returning std::nullopt if this ProgramPoint is not of the...

A (possibly-)qualified type.

QualType getDesugaredType(const ASTContext &Context) const

Return the specified type with any "sugar" removed from the type.

bool isNull() const

Return true if this QualType doesn't point to a type yet.

ReturnStmt - This represents a return, optionally of an expression: return; return 4;.

Smart pointer class that efficiently represents Objective-C method names.

Encodes a location in the source.

bool isValid() const

Return true if this is a valid SourceLocation object.

bool isInSystemHeader(SourceLocation Loc) const

Returns if a SourceLocation is in a system header.

A trivial tuple used to represent a source range.

It represents a stack frame of the call stack (based on CallEvent).

Stmt - This represents one statement.

SourceRange getSourceRange() const LLVM_READONLY

SourceLocation tokens are not useful in isolation - they are low level value objects created/interpre...

const llvm::Triple & getTriple() const

Returns the target triple of the primary target.

CXXRecordDecl * getAsCXXRecordDecl() const

Retrieves the CXXRecordDecl that this type refers to, either because the type is a RecordType or beca...

bool isFunctionPointerType() const

QualType getPointeeType() const

If this is a pointer, ObjC object pointer, or block pointer, this returns the respective pointee.

Represents a variable declaration or definition.

bool isStaticLocal() const

Returns true if a variable with function scope is a static local variable.

Maps string IDs to AST nodes matched by parts of a matcher.

A record of the "type" of an APSInt, used for conversions.

Represents a call to any sort of function that might have a FunctionDecl.

APSIntPtr getMaxValue(const llvm::APSInt &v)

BlockDataRegion - A region that represents a block instance.

llvm::iterator_range< referenced_vars_iterator > referenced_vars() const

StringRef getDescription() const

A verbose warning message that is appropriate for displaying next to the source code that introduces ...

ProgramStateManager & getStateManager() const

const SourceManager & getSourceManager() const

BugReporterVisitors are used to add custom diagnostics along a path.

virtual void Profile(llvm::FoldingSetNodeID &ID) const =0

virtual PathDiagnosticPieceRef VisitNode(const ExplodedNode *Succ, BugReporterContext &BRC, PathSensitiveBugReport &BR)=0

Return a diagnostic piece which should be associated with the given node.

virtual PathDiagnosticPieceRef getEndPath(BugReporterContext &BRC, const ExplodedNode *N, PathSensitiveBugReport &BR)

Provide custom definition for the final diagnostic piece on the path - the piece, which is displayed ...

Represents the memory allocation call in a C++ new-expression.

Represents a non-static C++ member function call, no matter how it is written.

An immutable map from CallDescriptions to arbitrary data.

Represents an abstract call to a function or method along a particular path.

virtual void printState(raw_ostream &Out, ProgramStateRef State, const char *NL, const char *Sep) const

See CheckerManager::runCheckersForPrintState.

const AnalyzerOptions & getAnalyzerOptions() const

CHECKER * registerChecker(AT &&... Args)

Used to register checkers.

CheckerNameRef getCurrentCheckerName() const

This wrapper is used to ensure that only StringRefs originating from the CheckerRegistry are used as ...

Tag that can use a checker name as a message provider (see SimpleProgramPointTag).

bool isConstrainedTrue() const

Return true if the constraint is perfectly constrained to 'true'.

ConditionTruthVal isNull(ProgramStateRef State, SymbolRef Sym)

Convenience method to query the state to see if a symbol is null or not null, or if neither assumptio...

ElementRegion is used to represent both array elements and casts.

const ProgramStateRef & getState() const

pred_iterator pred_begin()

const Stmt * getStmtForDiagnostics() const

If the node's program point corresponds to a statement, retrieve that statement.

ProgramPoint getLocation() const

getLocation - Returns the edge associated with the given node.

const LocationContext * getLocationContext() const

ExplodedNode * getFirstPred()

static bool isLocType(QualType T)

const VarRegion * getVarRegion(const VarDecl *VD, const LocationContext *LC)

getVarRegion - Retrieve or create the memory region associated with a specified VarDecl and LocationC...

MemRegion - The root abstract class for all memory regions.

LLVM_ATTRIBUTE_RETURNS_NONNULL const MemSpaceRegion * getMemorySpace() const

RegionOffset getAsOffset() const

Compute the offset within the top level memory object.

LLVM_ATTRIBUTE_RETURNS_NONNULL const MemRegion * StripCasts(bool StripBaseAndDerivedCasts=true) const

LLVM_ATTRIBUTE_RETURNS_NONNULL const MemRegion * getBaseRegion() const

virtual void printPretty(raw_ostream &os) const

Print the region for use in diagnostics.

const RegionTy * getAs() const

virtual bool canPrintPretty() const

Returns true if this region can be printed in a user-friendly way.

MemSpaceRegion - A memory region that represents a "memory space"; for example, the set of global var...

Represents any expression that calls an Objective-C method.

static PathDiagnosticLocation createBegin(const Decl *D, const SourceManager &SM)

Create a location for the beginning of the declaration.

static PathDiagnosticLocation create(const Decl *D, const SourceManager &SM)

Create a location corresponding to the given declaration.

void markInteresting(SymbolRef sym, bugreporter::TrackingKind TKind=bugreporter::TrackingKind::Thorough)

Marks a symbol as interesting.

PathDiagnosticLocation getLocation() const override

The primary location of the bug report that points at the undesirable behavior in the code.

void addCallStackHint(PathDiagnosticPieceRef Piece, std::unique_ptr< StackHintGenerator > StackHint)

void markInvalid(const void *Tag, const void *Data)

Marks the current report as invalid, meaning that it is probably a false positive and should not be r...

CallEventManager & getCallEventManager()

A Range represents the closed range [from, to].

Represent a region's offset within the top level base region.

DefinedOrUnknownSVal makeZeroVal(QualType type)

Construct an SVal representing '0' for the specified type.

BasicValueFactory & getBasicValueFactory()

ASTContext & getContext()

nonloc::ConcreteInt makeIntVal(const IntegerLiteral *integer)

virtual SVal evalBinOpNN(ProgramStateRef state, BinaryOperator::Opcode op, NonLoc lhs, NonLoc rhs, QualType resultTy)=0

Create a new value which represents a binary expression with two non- location operands.

QualType getConditionType() const

SVal evalEQ(ProgramStateRef state, SVal lhs, SVal rhs)

SVal evalBinOp(ProgramStateRef state, BinaryOperator::Opcode op, SVal lhs, SVal rhs, QualType type)

DefinedSVal getConjuredHeapSymbolVal(const Expr *E, const LocationContext *LCtx, unsigned Count)

Conjure a symbol representing heap allocated memory region.

loc::MemRegionVal getAllocaRegionVal(const Expr *E, const LocationContext *LCtx, unsigned Count)

Create an SVal representing the result of an alloca()-like call, that is, an AllocaRegion on the stac...

SVal - This represents a symbolic expression, which can be either an L-value or an R-value.

bool isUnknownOrUndef() const

SymbolRef getAsSymbol(bool IncludeBaseRegions=false) const

If this SVal wraps a symbol return that SymbolRef.

std::optional< T > getAs() const

Convert to the specified SVal type, returning std::nullopt if this SVal is not of the desired type.

SymbolRef getAsLocSymbol(bool IncludeBaseRegions=false) const

If this SVal is a location and wraps a symbol, return that SymbolRef.

const MemRegion * getAsRegion() const

SymbolRef getLocSymbolInBase() const

Get the symbol in the SVal or its base region.

T castAs() const

Convert to the specified SVal type, asserting that this SVal is of the desired type.

Constructs a Stack hint for the given symbol.

LLVM_ATTRIBUTE_RETURNS_NONNULL const MemRegion * getSuperRegion() const

virtual void dumpToStream(raw_ostream &os) const

virtual QualType getType() const =0

A class responsible for cleaning up unused symbols.

bool isDead(SymbolRef sym)

Returns whether or not a symbol has been confirmed dead.

virtual bool VisitSymbol(SymbolRef sym)=0

A visitor method invoked by ProgramStateManager::scanReachableSymbols.

SymbolicRegion - A special, "non-concrete" region.

SymbolRef getSymbol() const

It might return null.

TypedRegion - An abstract class representing regions that are typed.

const VarDecl * getDecl() const override=0

const StackFrameContext * getStackFrame() const

It might return null.

Value representing integer constant.

Defines the clang::TargetInfo interface.

__inline void unsigned int _2

const internal::VariadicDynCastAllOfMatcher< Stmt, CXXDeleteExpr > cxxDeleteExpr

Matches delete expressions.

const internal::VariadicDynCastAllOfMatcher< Stmt, CallExpr > callExpr

Matches call expressions.

SmallVector< BoundNodes, 1 > match(MatcherT Matcher, const NodeT &Node, ASTContext &Context)

Returns the results of matching Matcher on Node.

internal::Matcher< T > findAll(const internal::Matcher< T > &Matcher)

Matches if the node or any descendant matches.

const internal::VariadicAllOfMatcher< Stmt > stmt

Matches statements.

const internal::VariadicOperatorMatcherFunc< 2, std::numeric_limits< unsigned >::max()> anyOf

Matches if any of the given matchers matches.

ProgramStateRef markReleased(ProgramStateRef State, SymbolRef Sym, const Expr *Origin)

std::unique_ptr< BugReporterVisitor > getInnerPointerBRVisitor(SymbolRef Sym)

This function provides an additional visitor that augments the bug report with information relevant t...

const MemRegion * getContainerObjRegion(ProgramStateRef State, SymbolRef Sym)

'Sym' represents a pointer to the inner buffer of a container object.

const char *const MemoryError

const char *const TaintedData

std::vector< SymbolRef > getTaintedSymbols(ProgramStateRef State, const Stmt *S, const LocationContext *LCtx, TaintTagType Kind=TaintTagGeneric)

Returns the tainted Symbols for a given Statement and state.

PointerEscapeKind

Describes the different reasons a pointer escapes during analysis.

@ PSK_DirectEscapeOnCall

The pointer has been passed to a function call directly.

ProgramStateRef setDynamicExtent(ProgramStateRef State, const MemRegion *MR, DefinedOrUnknownSVal Extent)

Set the dynamic extent Extent of the region MR.

void registerInnerPointerCheckerAux(CheckerManager &Mgr)

Register the part of MallocChecker connected to InnerPointerChecker.

llvm::DenseSet< SymbolRef > InvalidatedSymbols

std::optional< SVal > getPointeeVal(SVal PtrSVal, ProgramStateRef State)

std::optional< int > tryExpandAsInteger(StringRef Macro, const Preprocessor &PP)

Try to parse the value of a defined preprocessor macro.

std::shared_ptr< PathDiagnosticPiece > PathDiagnosticPieceRef

bool NE(InterpState &S, CodePtr OpPC)

bool Zero(InterpState &S, CodePtr OpPC)

The JSON file list parser is used to communicate input to InstallAPI.

OverloadedOperatorKind

Enumeration specifying the different kinds of C++ overloaded operators.

bool operator==(const CallGraphNode::CallRecord &LHS, const CallGraphNode::CallRecord &RHS)

bool operator!=(CanQual< T > x, CanQual< U > y)

const FunctionProtoType * T

const char * getOperatorSpelling(OverloadedOperatorKind Operator)

Retrieve the spelling of the given overloaded operator, without the preceding "operator" keyword.

@ Other

Other implicit parameter.

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4