1//===--- Checkers.td - Static Analyzer Checkers -===-----------------------===// 2// 3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4// See https://llvm.org/LICENSE.txt for license information. 5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6// 7//===----------------------------------------------------------------------===// 8 9include "CheckerBase.td" 10 11//===----------------------------------------------------------------------===// 12// Packages. 13//===----------------------------------------------------------------------===// 14 15// The Alpha package is for checkers that have too many false positives to be 16// turned on by default. The hierarchy under Alpha should be organized in the 17// hierarchy checkers would have had if they were truly at the top level. 18// (For example, a Cocoa-specific checker that is alpha should be in 19// alpha.osx.cocoa). 20def Alpha : Package<"alpha">; 21 22def Core : Package<"core">; 23def CoreBuiltin : Package<"builtin">, ParentPackage<Core>, Hidden; 24def CoreUninitialized : Package<"uninitialized">, ParentPackage<Core>; 25def CoreAlpha : Package<"core">, ParentPackage<Alpha>; 26 27// The OptIn package is for checkers that are not alpha and that would normally 28// be on by default but where the driver does not have enough information to 29// determine when they are applicable. For example, localizability checkers fit 30// this criterion because the driver cannot determine whether a project is 31// localized or not -- this is best determined at the IDE or build-system level. 32// 33// The checker hierarchy under OptIn should mirror that in Alpha: checkers 34// should be organized as if they were at the top level. 35// 36// Note: OptIn is *not* intended for checkers that are too noisy to be on by 37// default. Such checkers belong in the alpha package. 38def OptIn : Package<"optin">; 39 40// In the Portability package reside checkers for finding code that relies on 41// implementation-defined behavior. Such checks are wanted for cross-platform 42// development, but unwanted for developers who target only a single platform. 43def PortabilityOptIn : Package<"portability">, ParentPackage<OptIn>; 44 45def Nullability : Package<"nullability">, 46 PackageOptions<[ 47 CmdLineOption<Boolean, 48 "NoDiagnoseCallsToSystemHeaders", 49 "Suppresses warnings for violating nullability annotations " 50 "of system header functions. This is useful if you are " 51 "concerned with your custom nullability annotations more " 52 "than with following nullability specifications of system " 53 "header functions.", 54 "false", 55 Released> 56 ]>; 57 58def Cplusplus : Package<"cplusplus">; 59def CplusplusAlpha : Package<"cplusplus">, ParentPackage<Alpha>; 60def CplusplusOptIn : Package<"cplusplus">, ParentPackage<OptIn>; 61 62def Valist : Package<"valist">; 63 64def DeadCode : Package<"deadcode">; 65def DeadCodeAlpha : Package<"deadcode">, ParentPackage<Alpha>; 66 67def Performance : Package<"performance">, ParentPackage<OptIn>; 68 69def Security : Package <"security">; 70def InsecureAPI : Package<"insecureAPI">, ParentPackage<Security>; 71def SecurityAlpha : Package<"security">, ParentPackage<Alpha>; 72def Taint : Package<"taint">, ParentPackage<SecurityAlpha>; 73 74def CERT : Package<"cert">, ParentPackage<SecurityAlpha>; 75def POS : Package<"pos">, ParentPackage<CERT>; 76 77def Unix : Package<"unix">; 78def UnixAlpha : Package<"unix">, ParentPackage<Alpha>; 79def CString : Package<"cstring">, ParentPackage<Unix>; 80def CStringAlpha : Package<"cstring">, ParentPackage<UnixAlpha>; 81 82def OSX : Package<"osx">; 83def OSXAlpha : Package<"osx">, ParentPackage<Alpha>; 84def OSXOptIn : Package<"osx">, ParentPackage<OptIn>; 85 86def Cocoa : Package<"cocoa">, ParentPackage<OSX>; 87def CocoaAlpha : Package<"cocoa">, ParentPackage<OSXAlpha>; 88def CocoaOptIn : Package<"cocoa">, ParentPackage<OSXOptIn>; 89 90def CoreFoundation : Package<"coreFoundation">, ParentPackage<OSX>; 91def Containers : Package<"containers">, ParentPackage<CoreFoundation>; 92 93def LocalizabilityAlpha : Package<"localizability">, ParentPackage<CocoaAlpha>; 94def LocalizabilityOptIn : Package<"localizability">, ParentPackage<CocoaOptIn>; 95 96def MPI : Package<"mpi">, ParentPackage<OptIn>; 97 98def LLVM : Package<"llvm">; 99def LLVMAlpha : Package<"llvm">, ParentPackage<Alpha>; 100 101// The APIModeling package is for checkers that model APIs and don't perform 102// any diagnostics. These checkers are always turned on; this package is 103// intended for API modeling that is not controlled by the target triple. 104def APIModeling : Package<"apiModeling">, Hidden; 105def APIModelingAlpha : Package<"apiModeling">, ParentPackage<Alpha>, Hidden; 106 107def GoogleAPIModeling : Package<"google">, ParentPackage<APIModeling>, Hidden; 108def LLVMAPIModeling : Package<"llvm">, ParentPackage<APIModeling>, Hidden; 109 110def Debug : Package<"debug">, Hidden; 111 112def CloneDetectionAlpha : Package<"clone">, ParentPackage<Alpha>; 113 114def NonDeterminismAlpha : Package<"nondeterminism">, ParentPackage<Alpha>; 115 116def Fuchsia : Package<"fuchsia">; 117def FuchsiaAlpha : Package<"fuchsia">, ParentPackage<Alpha>; 118 119def WebKit : Package<"webkit">; 120def WebKitAlpha : Package<"webkit">, ParentPackage<Alpha>; 121 122//===----------------------------------------------------------------------===// 123// Core Checkers. 124//===----------------------------------------------------------------------===// 125 126let ParentPackage = Core in { 127 128def CallAndMessageModeling : Checker<"CallAndMessageModeling">, 129 HelpText<"Responsible for essential modeling and assumptions after a " 130 "function/method call. For instance, if we can't reason about the " 131 "nullability of the implicit this parameter after a method call, " 132 "this checker conservatively assumes it to be non-null">, 133 Documentation<HasDocumentation>, 134 Hidden; 135 136def CallAndMessageChecker : Checker<"CallAndMessage">, 137 HelpText<"Check for logical errors for function calls and Objective-C " 138 "message expressions (e.g., uninitialized arguments, null function " 139 "pointers)">, 140 CheckerOptions<[ 141 CmdLineOption<Boolean, 142 "FunctionPointer", 143 "Check whether a called function pointer is null or " 144 "undefined", 145 "true", 146 Released>, 147 CmdLineOption<Boolean, 148 "ParameterCount", 149 "Check whether a function was called with the appropriate " 150 "number of arguments", 151 "true", 152 Released>, 153 CmdLineOption<Boolean, 154 "CXXThisMethodCall", 155 "Check whether the implicit this parameter is null or " 156 "undefined upon a method call", 157 "true", 158 Released>, 159 CmdLineOption<Boolean, 160 "CXXDeallocationArg", 161 "Check whether the argument of operator delete is undefined", 162 "true", 163 Released>, 164 CmdLineOption<Boolean, 165 "ArgInitializedness", 166 "Check whether any of the pass-by-value parameters is " 167 "undefined", 168 "true", 169 Released>, 170 CmdLineOption<Boolean, 171 "ArgPointeeInitializedness", 172 "Check whether the pointee of a pass-by-reference or " 173 "pass-by-pointer is undefined", 174 "false", 175 InAlpha>, 176 CmdLineOption<Boolean, 177 "NilReceiver", 178 "Check whether the reciever in the message expression is nil", 179 "true", 180 Released>, 181 CmdLineOption<Boolean, 182 "UndefReceiver", 183 "Check whether the reciever in the message expression is " 184 "undefined", 185 "true", 186 Released>, 187 ]>, 188 Documentation<HasDocumentation>, 189 Dependencies<[CallAndMessageModeling]>; 190 191def DereferenceChecker : Checker<"NullDereference">, 192 HelpText<"Check for dereferences of null pointers">, 193 Documentation<HasDocumentation>; 194 195def NonNullParamChecker : Checker<"NonNullParamChecker">, 196 HelpText<"Check for null pointers passed as arguments to a function whose " 197 "arguments are references or marked with the 'nonnull' attribute">, 198 Documentation<HasDocumentation>; 199 200def VLASizeChecker : Checker<"VLASize">, 201 HelpText<"Check for declarations of VLA of undefined or zero size">, 202 Documentation<HasDocumentation>; 203 204def DivZeroChecker : Checker<"DivideZero">, 205 HelpText<"Check for division by zero">, 206 Documentation<HasDocumentation>; 207 208def UndefResultChecker : Checker<"UndefinedBinaryOperatorResult">, 209 HelpText<"Check for undefined results of binary operators">, 210 Documentation<HasDocumentation>; 211 212def StackAddrEscapeBase : Checker<"StackAddrEscapeBase">, 213 HelpText<"Generate information about stack address escapes.">, 214 Documentation<NotDocumented>, 215 Hidden; 216 217def StackAddrEscapeChecker : Checker<"StackAddressEscape">, 218 HelpText<"Check that addresses to stack memory do not escape the function">, 219 Dependencies<[StackAddrEscapeBase]>, 220 Documentation<HasDocumentation>; 221 222def DynamicTypePropagation : Checker<"DynamicTypePropagation">, 223 HelpText<"Generate dynamic type information">, 224 Documentation<NotDocumented>, 225 Hidden; 226 227def NonnullGlobalConstantsChecker: Checker<"NonnilStringConstants">, 228 HelpText<"Assume that const string-like globals are non-null">, 229 Documentation<NotDocumented>, 230 Hidden; 231 232} // end "core" 233 234let ParentPackage = CoreAlpha in { 235 236def BoolAssignmentChecker : Checker<"BoolAssignment">, 237 HelpText<"Warn about assigning non-{0,1} values to Boolean variables">, 238 Documentation<HasAlphaDocumentation>; 239 240def CastSizeChecker : Checker<"CastSize">, 241 HelpText<"Check when casting a malloc'ed type T, whether the size is a " 242 "multiple of the size of T">, 243 Documentation<HasAlphaDocumentation>; 244 245def CastToStructChecker : Checker<"CastToStruct">, 246 HelpText<"Check for cast from non-struct pointer to struct pointer">, 247 Documentation<HasAlphaDocumentation>; 248 249def ConversionChecker : Checker<"Conversion">, 250 HelpText<"Loss of sign/precision in implicit conversions">, 251 Documentation<HasAlphaDocumentation>; 252 253def IdenticalExprChecker : Checker<"IdenticalExpr">, 254 HelpText<"Warn about unintended use of identical expressions in operators">, 255 Documentation<HasAlphaDocumentation>; 256 257def FixedAddressChecker : Checker<"FixedAddr">, 258 HelpText<"Check for assignment of a fixed address to a pointer">, 259 Documentation<HasAlphaDocumentation>; 260 261def PointerArithChecker : Checker<"PointerArithm">, 262 HelpText<"Check for pointer arithmetic on locations other than array " 263 "elements">, 264 Documentation<HasAlphaDocumentation>; 265 266def PointerSubChecker : Checker<"PointerSub">, 267 HelpText<"Check for pointer subtractions on two pointers pointing to " 268 "different memory chunks">, 269 Documentation<HasAlphaDocumentation>; 270 271def SizeofPointerChecker : Checker<"SizeofPtr">, 272 HelpText<"Warn about unintended use of sizeof() on pointer expressions">, 273 Documentation<HasAlphaDocumentation>; 274 275def TestAfterDivZeroChecker : Checker<"TestAfterDivZero">, 276 HelpText<"Check for division by variable that is later compared against 0. " 277 "Either the comparison is useless or there is division by zero.">, 278 Documentation<HasAlphaDocumentation>; 279 280def DynamicTypeChecker : Checker<"DynamicTypeChecker">, 281 HelpText<"Check for cases where the dynamic and the static type of an object " 282 "are unrelated.">, 283 Documentation<HasAlphaDocumentation>; 284 285def StackAddrAsyncEscapeChecker : Checker<"StackAddressAsyncEscape">, 286 HelpText<"Check that addresses to stack memory do not escape the function">, 287 Dependencies<[StackAddrEscapeBase]>, 288 Documentation<HasAlphaDocumentation>; 289 290def PthreadLockBase : Checker<"PthreadLockBase">, 291 HelpText<"Helper registering multiple checks.">, 292 Documentation<NotDocumented>, 293 Hidden; 294 295def C11LockChecker : Checker<"C11Lock">, 296 HelpText<"Simple lock -> unlock checker">, 297 Dependencies<[PthreadLockBase]>, 298 Documentation<HasAlphaDocumentation>; 299 300} // end "alpha.core" 301 302//===----------------------------------------------------------------------===// 303// Nullability checkers. 304//===----------------------------------------------------------------------===// 305 306let ParentPackage = Nullability in { 307 308def NullabilityBase : Checker<"NullabilityBase">, 309 HelpText<"Stores information during the analysis about nullability.">, 310 Documentation<NotDocumented>, 311 Hidden; 312 313def NullPassedToNonnullChecker : Checker<"NullPassedToNonnull">, 314 HelpText<"Warns when a null pointer is passed to a pointer which has a " 315 "_Nonnull type.">, 316 Dependencies<[NullabilityBase]>, 317 Documentation<HasDocumentation>; 318 319def NullReturnedFromNonnullChecker : Checker<"NullReturnedFromNonnull">, 320 HelpText<"Warns when a null pointer is returned from a function that has " 321 "_Nonnull return type.">, 322 Dependencies<[NullabilityBase]>, 323 Documentation<HasDocumentation>; 324 325def NullableDereferencedChecker : Checker<"NullableDereferenced">, 326 HelpText<"Warns when a nullable pointer is dereferenced.">, 327 Dependencies<[NullabilityBase]>, 328 Documentation<HasDocumentation>; 329 330def NullablePassedToNonnullChecker : Checker<"NullablePassedToNonnull">, 331 HelpText<"Warns when a nullable pointer is passed to a pointer which has a " 332 "_Nonnull type.">, 333 Dependencies<[NullabilityBase]>, 334 Documentation<HasDocumentation>; 335 336def NullableReturnedFromNonnullChecker : Checker<"NullableReturnedFromNonnull">, 337 HelpText<"Warns when a nullable pointer is returned from a function that has " 338 "_Nonnull return type.">, 339 Dependencies<[NullabilityBase]>, 340 Documentation<NotDocumented>; 341 342} // end "nullability" 343 344//===----------------------------------------------------------------------===// 345// APIModeling. 346//===----------------------------------------------------------------------===// 347 348let ParentPackage = APIModeling in { 349 350def StdCLibraryFunctionsChecker : Checker<"StdCLibraryFunctions">, 351 HelpText<"Improve modeling of the C standard library functions">, 352 Dependencies<[CallAndMessageModeling]>, 353 CheckerOptions<[ 354 CmdLineOption<Boolean, 355 "DisplayLoadedSummaries", 356 "If set to true, the checker displays the found summaries " 357 "for the given translation unit.", 358 "false", 359 Released, 360 Hide>, 361 CmdLineOption<Boolean, 362 "ModelPOSIX", 363 "If set to true, the checker models functions from the " 364 "POSIX standard.", 365 "false", 366 InAlpha> 367 ]>, 368 Documentation<NotDocumented>, 369 Hidden; 370 371def TrustNonnullChecker : Checker<"TrustNonnull">, 372 HelpText<"Trust that returns from framework methods annotated with _Nonnull " 373 "are not null">, 374 Documentation<NotDocumented>; 375 376} // end "apiModeling" 377 378//===----------------------------------------------------------------------===// 379// Evaluate "builtin" functions. 380//===----------------------------------------------------------------------===// 381 382let ParentPackage = CoreBuiltin in { 383 384def NoReturnFunctionChecker : Checker<"NoReturnFunctions">, 385 HelpText<"Evaluate \"panic\" functions that are known to not return to the " 386 "caller">, 387 Documentation<NotDocumented>; 388 389def BuiltinFunctionChecker : Checker<"BuiltinFunctions">, 390 HelpText<"Evaluate compiler builtin functions (e.g., alloca())">, 391 Documentation<NotDocumented>; 392 393} // end "core.builtin" 394 395//===----------------------------------------------------------------------===// 396// Uninitialized values checkers. 397//===----------------------------------------------------------------------===// 398 399let ParentPackage = CoreUninitialized in { 400 401def UndefinedArraySubscriptChecker : Checker<"ArraySubscript">, 402 HelpText<"Check for uninitialized values used as array subscripts">, 403 Documentation<HasDocumentation>; 404 405def UndefinedAssignmentChecker : Checker<"Assign">, 406 HelpText<"Check for assigning uninitialized values">, 407 Documentation<HasDocumentation>; 408 409def UndefBranchChecker : Checker<"Branch">, 410 HelpText<"Check for uninitialized values used as branch conditions">, 411 Documentation<HasDocumentation>; 412 413def UndefCapturedBlockVarChecker : Checker<"CapturedBlockVariable">, 414 HelpText<"Check for blocks that capture uninitialized values">, 415 Documentation<NotDocumented>; 416 417def ReturnUndefChecker : Checker<"UndefReturn">, 418 HelpText<"Check for uninitialized values being returned to the caller">, 419 Documentation<HasDocumentation>; 420 421} // end "core.uninitialized" 422 423//===----------------------------------------------------------------------===// 424// Unix API checkers. 425//===----------------------------------------------------------------------===// 426 427let ParentPackage = CString in { 428 429def CStringModeling : Checker<"CStringModeling">, 430 HelpText<"The base of several CString related checkers. On it's own it emits " 431 "no reports, but adds valuable information to the analysis when " 432 "enabled.">, 433 Documentation<NotDocumented>, 434 Hidden; 435 436def CStringNullArg : Checker<"NullArg">, 437 HelpText<"Check for null pointers being passed as arguments to C string " 438 "functions">, 439 Dependencies<[CStringModeling]>, 440 Documentation<HasDocumentation>; 441 442def CStringSyntaxChecker : Checker<"BadSizeArg">, 443 HelpText<"Check the size argument passed into C string functions for common " 444 "erroneous patterns">, 445 Dependencies<[CStringModeling]>, 446 Documentation<HasDocumentation>; 447 448} // end "unix.cstring" 449 450let ParentPackage = CStringAlpha in { 451 452def CStringOutOfBounds : Checker<"OutOfBounds">, 453 HelpText<"Check for out-of-bounds access in string functions">, 454 Dependencies<[CStringModeling]>, 455 Documentation<HasAlphaDocumentation>; 456 457def CStringBufferOverlap : Checker<"BufferOverlap">, 458 HelpText<"Checks for overlap in two buffer arguments">, 459 Dependencies<[CStringModeling]>, 460 Documentation<HasAlphaDocumentation>; 461 462def CStringNotNullTerm : Checker<"NotNullTerminated">, 463 HelpText<"Check for arguments which are not null-terminating strings">, 464 Dependencies<[CStringModeling]>, 465 Documentation<HasAlphaDocumentation>; 466 467} // end "alpha.unix.cstring" 468 469let ParentPackage = Unix in { 470 471def UnixAPIMisuseChecker : Checker<"API">, 472 HelpText<"Check calls to various UNIX/Posix functions">, 473 Documentation<HasDocumentation>; 474 475def DynamicMemoryModeling: Checker<"DynamicMemoryModeling">, 476 HelpText<"The base of several malloc() related checkers. On it's own it " 477 "emits no reports, but adds valuable information to the analysis " 478 "when enabled.">, 479 CheckerOptions<[ 480 CmdLineOption<Boolean, 481 "Optimistic", 482 "If set to true, the checker assumes that all the " 483 "allocating and deallocating functions are annotated with " 484 "ownership_holds, ownership_takes and ownership_returns.", 485 "false", 486 InAlpha> 487 ]>, 488 Dependencies<[CStringModeling]>, 489 Documentation<NotDocumented>, 490 Hidden; 491 492def MallocChecker: Checker<"Malloc">, 493 HelpText<"Check for memory leaks, double free, and use-after-free problems. " 494 "Traces memory managed by malloc()/free().">, 495 Dependencies<[DynamicMemoryModeling]>, 496 Documentation<HasDocumentation>; 497 498def MallocSizeofChecker : Checker<"MallocSizeof">, 499 HelpText<"Check for dubious malloc arguments involving sizeof">, 500 Documentation<HasDocumentation>; 501 502def MismatchedDeallocatorChecker : Checker<"MismatchedDeallocator">, 503 HelpText<"Check for mismatched deallocators.">, 504 Dependencies<[DynamicMemoryModeling]>, 505 Documentation<HasDocumentation>; 506 507def VforkChecker : Checker<"Vfork">, 508 HelpText<"Check for proper usage of vfork">, 509 Documentation<HasDocumentation>; 510 511} // end "unix" 512 513let ParentPackage = UnixAlpha in { 514 515def ChrootChecker : Checker<"Chroot">, 516 HelpText<"Check improper use of chroot">, 517 Documentation<HasAlphaDocumentation>; 518 519def PthreadLockChecker : Checker<"PthreadLock">, 520 HelpText<"Simple lock -> unlock checker">, 521 Dependencies<[PthreadLockBase]>, 522 Documentation<HasAlphaDocumentation>; 523 524def StreamChecker : Checker<"Stream">, 525 HelpText<"Check stream handling functions">, 526 Documentation<HasAlphaDocumentation>; 527 528def SimpleStreamChecker : Checker<"SimpleStream">, 529 HelpText<"Check for misuses of stream APIs">, 530 Documentation<HasAlphaDocumentation>; 531 532def BlockInCriticalSectionChecker : Checker<"BlockInCriticalSection">, 533 HelpText<"Check for calls to blocking functions inside a critical section">, 534 Documentation<HasAlphaDocumentation>; 535 536def StdCLibraryFunctionArgsChecker : Checker<"StdCLibraryFunctionArgs">, 537 HelpText<"Check constraints of arguments of C standard library functions, " 538 "such as whether the parameter of isalpha is in the range [0, 255] " 539 "or is EOF.">, 540 Dependencies<[StdCLibraryFunctionsChecker]>, 541 WeakDependencies<[NonNullParamChecker]>, 542 Documentation<NotDocumented>; 543 544} // end "alpha.unix" 545 546//===----------------------------------------------------------------------===// 547// C++ checkers. 548//===----------------------------------------------------------------------===// 549 550let ParentPackage = Cplusplus in { 551 552def InnerPointerChecker : Checker<"InnerPointer">, 553 HelpText<"Check for inner pointers of C++ containers used after " 554 "re/deallocation">, 555 Dependencies<[DynamicMemoryModeling]>, 556 Documentation<NotDocumented>; 557 558def NewDeleteChecker : Checker<"NewDelete">, 559 HelpText<"Check for double-free and use-after-free problems. Traces memory " 560 "managed by new/delete.">, 561 Dependencies<[DynamicMemoryModeling]>, 562 Documentation<HasDocumentation>; 563 564def NewDeleteLeaksChecker : Checker<"NewDeleteLeaks">, 565 HelpText<"Check for memory leaks. Traces memory managed by new/delete.">, 566 Dependencies<[DynamicMemoryModeling]>, 567 Documentation<HasDocumentation>; 568 569def PlacementNewChecker : Checker<"PlacementNew">, 570 HelpText<"Check if default placement new is provided with pointers to " 571 "sufficient storage capacity">, 572 Dependencies<[DynamicMemoryModeling]>, 573 Documentation<HasDocumentation>; 574 575def CXXSelfAssignmentChecker : Checker<"SelfAssignment">, 576 HelpText<"Checks C++ copy and move assignment operators for self assignment">, 577 Documentation<NotDocumented>, 578 Hidden; 579 580def SmartPtrModeling: Checker<"SmartPtrModeling">, 581 HelpText<"Model behavior of C++ smart pointers">, 582 Documentation<NotDocumented>, 583 CheckerOptions<[ 584 CmdLineOption<Boolean, 585 "ModelSmartPtrDereference", 586 "Enable modeling for SmartPtr null dereferences", 587 "false", 588 InAlpha, 589 Hide>, 590 ]>, 591 Hidden; 592 593def MoveChecker: Checker<"Move">, 594 HelpText<"Find use-after-move bugs in C++">, 595 CheckerOptions<[ 596 CmdLineOption<String, 597 "WarnOn", 598 "In non-aggressive mode, only warn on use-after-move of " 599 "local variables (or local rvalue references) and of STL " 600 "objects. The former is possible because local variables (or " 601 "local rvalue references) are not tempting their user to " 602 "re-use the storage. The latter is possible because STL " 603 "objects are known to end up in a valid but unspecified " 604 "state after the move and their state-reset methods are also " 605 "known, which allows us to predict precisely when " 606 "use-after-move is invalid. Some STL objects are known to " 607 "conform to additional contracts after move, so they are not " 608 "tracked. However, smart pointers specifically are tracked " 609 "because we can perform extra checking over them. In " 610 "aggressive mode, warn on any use-after-move because the " 611 "user has intentionally asked us to completely eliminate " 612 "use-after-move in his code. Values: \"KnownsOnly\", " 613 "\"KnownsAndLocals\", \"All\".", 614 "KnownsAndLocals", 615 Released> 616 ]>, 617 Documentation<HasDocumentation>; 618 619def VirtualCallModeling : Checker<"VirtualCallModeling">, 620 HelpText<"Auxiliary modeling for the virtual method call checkers">, 621 Documentation<NotDocumented>, 622 Hidden; 623 624def PureVirtualCallChecker : Checker<"PureVirtualCall">, 625 HelpText<"Check pure virtual function calls during construction/destruction">, 626 Dependencies<[VirtualCallModeling]>, 627 Documentation<HasDocumentation>; 628} // end: "cplusplus" 629 630let ParentPackage = CplusplusOptIn in { 631 632def UninitializedObjectChecker: Checker<"UninitializedObject">, 633 HelpText<"Reports uninitialized fields after object construction">, 634 CheckerOptions<[ 635 CmdLineOption<Boolean, 636 "Pedantic", 637 "If set to false, the checker won't emit warnings " 638 "for objects that don't have at least one initialized " 639 "field.", 640 "false", 641 Released>, 642 CmdLineOption<Boolean, 643 "NotesAsWarnings", 644 "If set to true, the checker will emit a warning " 645 "for each uninitalized field, as opposed to emitting one " 646 "warning per constructor call, and listing the uninitialized " 647 "fields that belongs to it in notes.", 648 "false", 649 Released, 650 Hide>, 651 CmdLineOption<Boolean, 652 "CheckPointeeInitialization", 653 "If set to false, the checker will not analyze " 654 "the pointee of pointer/reference fields, and will only " 655 "check whether the object itself is initialized.", 656 "false", 657 InAlpha>, 658 CmdLineOption<String, 659 "IgnoreRecordsWithField", 660 "If supplied, the checker will not analyze " 661 "structures that have a field with a name or type name that " 662 "matches the given pattern.", 663 "\"\"", 664 Released>, 665 CmdLineOption<Boolean, 666 "IgnoreGuardedFields", 667 "If set to true, the checker will analyze _syntactically_ " 668 "whether the found uninitialized object is used without a " 669 "preceding assert call. Defaults to false.", 670 "false", 671 InAlpha> 672 ]>, 673 Documentation<HasAlphaDocumentation>; 674 675def VirtualCallChecker : Checker<"VirtualCall">, 676 HelpText<"Check virtual function calls during construction/destruction">, 677 CheckerOptions<[ 678 CmdLineOption<Boolean, 679 "ShowFixIts", 680 "Enable fix-it hints for this checker", 681 "false", 682 InAlpha>, 683 CmdLineOption<Boolean, 684 "PureOnly", 685 "Disables the checker. Keeps cplusplus.PureVirtualCall " 686 "enabled. This option is only provided for backwards " 687 "compatibility.", 688 "false", 689 InAlpha> 690 ]>, 691 Dependencies<[VirtualCallModeling]>, 692 Documentation<HasDocumentation>; 693 694} // end: "optin.cplusplus" 695 696let ParentPackage = CplusplusAlpha in { 697 698def ContainerModeling : Checker<"ContainerModeling">, 699 HelpText<"Models C++ containers">, 700 Documentation<NotDocumented>, 701 Hidden; 702 703def DeleteWithNonVirtualDtorChecker : Checker<"DeleteWithNonVirtualDtor">, 704 HelpText<"Reports destructions of polymorphic objects with a non-virtual " 705 "destructor in their base class">, 706 Documentation<HasAlphaDocumentation>; 707 708def EnumCastOutOfRangeChecker : Checker<"EnumCastOutOfRange">, 709 HelpText<"Check integer to enumeration casts for out of range values">, 710 Documentation<HasAlphaDocumentation>; 711 712def IteratorModeling : Checker<"IteratorModeling">, 713 HelpText<"Models iterators of C++ containers">, 714 Dependencies<[ContainerModeling]>, 715 Documentation<NotDocumented>, 716 Hidden; 717 718def STLAlgorithmModeling : Checker<"STLAlgorithmModeling">, 719 HelpText<"Models the algorithm library of the C++ STL.">, 720 CheckerOptions<[ 721 CmdLineOption<Boolean, 722 "AggressiveStdFindModeling", 723 "Enables exploration of the failure branch in std::find-like " 724 "functions.", 725 "false", 726 Released> 727 ]>, 728 Dependencies<[ContainerModeling]>, 729 Documentation<NotDocumented>; 730 731def InvalidatedIteratorChecker : Checker<"InvalidatedIterator">, 732 HelpText<"Check for use of invalidated iterators">, 733 Dependencies<[IteratorModeling]>, 734 Documentation<HasAlphaDocumentation>; 735 736def IteratorRangeChecker : Checker<"IteratorRange">, 737 HelpText<"Check for iterators used outside their valid ranges">, 738 Dependencies<[IteratorModeling]>, 739 Documentation<HasAlphaDocumentation>; 740 741def MismatchedIteratorChecker : Checker<"MismatchedIterator">, 742 HelpText<"Check for use of iterators of different containers where iterators " 743 "of the same container are expected">, 744 Dependencies<[IteratorModeling]>, 745 Documentation<HasAlphaDocumentation>; 746 747def SmartPtrChecker: Checker<"SmartPtr">, 748 HelpText<"Find the dereference of null SmrtPtr">, 749 Dependencies<[SmartPtrModeling]>, 750 Documentation<HasAlphaDocumentation>; 751 752} // end: "alpha.cplusplus" 753 754 755//===----------------------------------------------------------------------===// 756// Valist checkers. 757//===----------------------------------------------------------------------===// 758 759let ParentPackage = Valist in { 760 761def ValistBase : Checker<"ValistBase">, 762 HelpText<"Gathers information about va_lists.">, 763 Documentation<NotDocumented>, 764 Hidden; 765 766def UninitializedChecker : Checker<"Uninitialized">, 767 HelpText<"Check for usages of uninitialized (or already released) va_lists.">, 768 Dependencies<[ValistBase]>, 769 Documentation<NotDocumented>; 770 771def UnterminatedChecker : Checker<"Unterminated">, 772 HelpText<"Check for va_lists which are not released by a va_end call.">, 773 Dependencies<[ValistBase]>, 774 Documentation<NotDocumented>; 775 776def CopyToSelfChecker : Checker<"CopyToSelf">, 777 HelpText<"Check for va_lists which are copied onto itself.">, 778 Dependencies<[ValistBase]>, 779 Documentation<NotDocumented>; 780 781} // end : "valist" 782 783//===----------------------------------------------------------------------===// 784// Deadcode checkers. 785//===----------------------------------------------------------------------===// 786 787let ParentPackage = DeadCode in { 788 789def DeadStoresChecker : Checker<"DeadStores">, 790 HelpText<"Check for values stored to variables that are never read " 791 "afterwards">, 792 CheckerOptions<[ 793 CmdLineOption<Boolean, 794 "WarnForDeadNestedAssignments", 795 "Warns for deadstores in nested assignments." 796 "E.g.: if ((P = f())) where P is unused.", 797 "true", 798 Released>, 799 CmdLineOption<Boolean, 800 "ShowFixIts", 801 "Enable fix-it hints for this checker", 802 "false", 803 InAlpha> 804 ]>, 805 Documentation<HasDocumentation>; 806 807} // end DeadCode 808 809let ParentPackage = DeadCodeAlpha in { 810 811def UnreachableCodeChecker : Checker<"UnreachableCode">, 812 HelpText<"Check unreachable code">, 813 Documentation<HasAlphaDocumentation>; 814 815} // end "alpha.deadcode" 816 817//===----------------------------------------------------------------------===// 818// Performance checkers. 819//===----------------------------------------------------------------------===// 820 821let ParentPackage = Performance in { 822 823def PaddingChecker : Checker<"Padding">, 824 HelpText<"Check for excessively padded structs.">, 825 CheckerOptions<[ 826 CmdLineOption<Integer, 827 "AllowedPad", 828 "Reports are only generated if the excessive padding exceeds " 829 "'AllowedPad' in bytes.", 830 "24", 831 Released> 832 ]>, 833 Documentation<NotDocumented>; 834 835} // end: "padding" 836 837//===----------------------------------------------------------------------===// 838// Security checkers. 839//===----------------------------------------------------------------------===// 840 841let ParentPackage = InsecureAPI in { 842 843def SecuritySyntaxChecker : Checker<"SecuritySyntaxChecker">, 844 HelpText<"Base of various security function related checkers">, 845 Documentation<NotDocumented>, 846 Hidden; 847 848def bcmp : Checker<"bcmp">, 849 HelpText<"Warn on uses of the 'bcmp' function">, 850 Dependencies<[SecuritySyntaxChecker]>, 851 Documentation<HasDocumentation>; 852 853def bcopy : Checker<"bcopy">, 854 HelpText<"Warn on uses of the 'bcopy' function">, 855 Dependencies<[SecuritySyntaxChecker]>, 856 Documentation<HasDocumentation>; 857 858def bzero : Checker<"bzero">, 859 HelpText<"Warn on uses of the 'bzero' function">, 860 Dependencies<[SecuritySyntaxChecker]>, 861 Documentation<HasDocumentation>; 862 863def gets : Checker<"gets">, 864 HelpText<"Warn on uses of the 'gets' function">, 865 Dependencies<[SecuritySyntaxChecker]>, 866 Documentation<HasDocumentation>; 867 868def getpw : Checker<"getpw">, 869 HelpText<"Warn on uses of the 'getpw' function">, 870 Dependencies<[SecuritySyntaxChecker]>, 871 Documentation<HasDocumentation>; 872 873def mktemp : Checker<"mktemp">, 874 HelpText<"Warn on uses of the 'mktemp' function">, 875 Dependencies<[SecuritySyntaxChecker]>, 876 Documentation<HasDocumentation>; 877 878def mkstemp : Checker<"mkstemp">, 879 HelpText<"Warn when 'mkstemp' is passed fewer than 6 X's in the format " 880 "string">, 881 Dependencies<[SecuritySyntaxChecker]>, 882 Documentation<HasDocumentation>; 883 884def rand : Checker<"rand">, 885 HelpText<"Warn on uses of the 'rand', 'random', and related functions">, 886 Dependencies<[SecuritySyntaxChecker]>, 887 Documentation<HasDocumentation>; 888 889def strcpy : Checker<"strcpy">, 890 HelpText<"Warn on uses of the 'strcpy' and 'strcat' functions">, 891 Dependencies<[SecuritySyntaxChecker]>, 892 Documentation<HasDocumentation>; 893 894def vfork : Checker<"vfork">, 895 HelpText<"Warn on uses of the 'vfork' function">, 896 Dependencies<[SecuritySyntaxChecker]>, 897 Documentation<HasDocumentation>; 898 899def UncheckedReturn : Checker<"UncheckedReturn">, 900 HelpText<"Warn on uses of functions whose return values must be always " 901 "checked">, 902 Dependencies<[SecuritySyntaxChecker]>, 903 Documentation<HasDocumentation>; 904 905def DeprecatedOrUnsafeBufferHandling : 906 Checker<"DeprecatedOrUnsafeBufferHandling">, 907 HelpText<"Warn on uses of unsecure or deprecated buffer manipulating " 908 "functions">, 909 Dependencies<[SecuritySyntaxChecker]>, 910 Documentation<HasDocumentation>; 911 912def decodeValueOfObjCType : Checker<"decodeValueOfObjCType">, 913 HelpText<"Warn on uses of the '-decodeValueOfObjCType:at:' method">, 914 Dependencies<[SecuritySyntaxChecker]>, 915 Documentation<HasDocumentation>; 916 917} // end "security.insecureAPI" 918 919let ParentPackage = Security in { 920 921def FloatLoopCounter : Checker<"FloatLoopCounter">, 922 HelpText<"Warn on using a floating point value as a loop counter (CERT: " 923 "FLP30-C, FLP30-CPP)">, 924 Dependencies<[SecuritySyntaxChecker]>, 925 Documentation<HasDocumentation>; 926 927} // end "security" 928 929let ParentPackage = POS in { 930 931 def PutenvWithAuto : Checker<"34c">, 932 HelpText<"Finds calls to the 'putenv' function which pass a pointer to " 933 "an automatic variable as the argument.">, 934 Documentation<HasDocumentation>; 935 936} // end "alpha.cert.pos" 937 938let ParentPackage = SecurityAlpha in { 939 940def ArrayBoundChecker : Checker<"ArrayBound">, 941 HelpText<"Warn about buffer overflows (older checker)">, 942 Documentation<HasAlphaDocumentation>; 943 944def ArrayBoundCheckerV2 : Checker<"ArrayBoundV2">, 945 HelpText<"Warn about buffer overflows (newer checker)">, 946 Documentation<HasAlphaDocumentation>; 947 948def ReturnPointerRangeChecker : Checker<"ReturnPtrRange">, 949 HelpText<"Check for an out-of-bound pointer being returned to callers">, 950 Documentation<HasAlphaDocumentation>; 951 952def MallocOverflowSecurityChecker : Checker<"MallocOverflow">, 953 HelpText<"Check for overflows in the arguments to malloc()">, 954 Documentation<HasAlphaDocumentation>; 955 956def MmapWriteExecChecker : Checker<"MmapWriteExec">, 957 HelpText<"Warn on mmap() calls that are both writable and executable">, 958 CheckerOptions<[ 959 CmdLineOption<Integer, 960 "MmapProtExec", 961 "Specifies the value of PROT_EXEC", 962 "0x04", 963 Released>, 964 CmdLineOption<Integer, 965 "MmapProtRead", 966 "Specifies the value of PROT_READ", 967 "0x01", 968 Released> 969 ]>, 970 Documentation<HasAlphaDocumentation>; 971 972} // end "alpha.security" 973 974//===----------------------------------------------------------------------===// 975// Taint checkers. 976//===----------------------------------------------------------------------===// 977 978let ParentPackage = Taint in { 979 980def GenericTaintChecker : Checker<"TaintPropagation">, 981 HelpText<"Generate taint information used by other checkers">, 982 CheckerOptions<[ 983 CmdLineOption<String, 984 "Config", 985 "Specifies the name of the configuration file.", 986 "", 987 InAlpha>, 988 ]>, 989 Documentation<HasAlphaDocumentation>; 990 991} // end "alpha.security.taint" 992 993//===----------------------------------------------------------------------===// 994// Mac OS X, Cocoa, and Core Foundation checkers. 995//===----------------------------------------------------------------------===// 996 997let ParentPackage = Cocoa in { 998 999def RetainCountBase : Checker<"RetainCountBase">, 1000 HelpText<"Common base of various retain count related checkers">, 1001 Documentation<NotDocumented>, 1002 Hidden; 1003 1004} // end "osx.cocoa" 1005 1006let ParentPackage = OSX in { 1007 1008def NSOrCFErrorDerefChecker : Checker<"NSOrCFErrorDerefChecker">, 1009 HelpText<"Implementation checker for NSErrorChecker and CFErrorChecker">, 1010 Documentation<NotDocumented>, 1011 Hidden; 1012 1013def NumberObjectConversionChecker : Checker<"NumberObjectConversion">, 1014 HelpText<"Check for erroneous conversions of objects representing numbers " 1015 "into numbers">, 1016 CheckerOptions<[ 1017 CmdLineOption<Boolean, 1018 "Pedantic", 1019 "Enables detection of more conversion patterns (which are " 1020 "most likely more harmless, and therefore are more likely to " 1021 "produce false positives).", 1022 "false", 1023 Released> 1024 ]>, 1025 Documentation<NotDocumented>; 1026 1027def MacOSXAPIChecker : Checker<"API">, 1028 HelpText<"Check for proper uses of various Apple APIs">, 1029 Documentation<HasDocumentation>; 1030 1031def MacOSKeychainAPIChecker : Checker<"SecKeychainAPI">, 1032 HelpText<"Check for proper uses of Secure Keychain APIs">, 1033 Documentation<HasDocumentation>; 1034 1035def MIGChecker : Checker<"MIG">, 1036 HelpText<"Find violations of the Mach Interface Generator " 1037 "calling convention">, 1038 Documentation<NotDocumented>; 1039 1040def ObjCPropertyChecker : Checker<"ObjCProperty">, 1041 HelpText<"Check for proper uses of Objective-C properties">, 1042 Documentation<NotDocumented>; 1043 1044def OSObjectRetainCountChecker : Checker<"OSObjectRetainCount">, 1045 HelpText<"Check for leaks and improper reference count management for " 1046 "OSObject">, 1047 Dependencies<[RetainCountBase]>, 1048 Documentation<NotDocumented>; 1049 1050} // end "osx" 1051 1052let ParentPackage = Cocoa in { 1053 1054def RunLoopAutoreleaseLeakChecker : Checker<"RunLoopAutoreleaseLeak">, 1055 HelpText<"Check for leaked memory in autorelease pools that will never be " 1056 "drained">, 1057 Documentation<NotDocumented>; 1058 1059def ObjCAtSyncChecker : Checker<"AtSync">, 1060 HelpText<"Check for nil pointers used as mutexes for @synchronized">, 1061 Documentation<HasDocumentation>; 1062 1063def NilArgChecker : Checker<"NilArg">, 1064 HelpText<"Check for prohibited nil arguments to ObjC method calls">, 1065 Documentation<HasDocumentation>; 1066 1067def ClassReleaseChecker : Checker<"ClassRelease">, 1068 HelpText<"Check for sending 'retain', 'release', or 'autorelease' directly " 1069 "to a Class">, 1070 Documentation<HasDocumentation>; 1071 1072def VariadicMethodTypeChecker : Checker<"VariadicMethodTypes">, 1073 HelpText<"Check for passing non-Objective-C types to variadic collection " 1074 "initialization methods that expect only Objective-C types">, 1075 Documentation<HasDocumentation>; 1076 1077def NSAutoreleasePoolChecker : Checker<"NSAutoreleasePool">, 1078 HelpText<"Warn for suboptimal uses of NSAutoreleasePool in Objective-C GC " 1079 "mode">, 1080 Documentation<HasDocumentation>; 1081 1082def ObjCMethSigsChecker : Checker<"IncompatibleMethodTypes">, 1083 HelpText<"Warn about Objective-C method signatures with type " 1084 "incompatibilities">, 1085 Documentation<HasDocumentation>; 1086 1087def ObjCUnusedIvarsChecker : Checker<"UnusedIvars">, 1088 HelpText<"Warn about private ivars that are never used">, 1089 Documentation<HasDocumentation>; 1090 1091def ObjCSelfInitChecker : Checker<"SelfInit">, 1092 HelpText<"Check that 'self' is properly initialized inside an initializer " 1093 "method">, 1094 Documentation<HasDocumentation>; 1095 1096def ObjCLoopChecker : Checker<"Loops">, 1097 HelpText<"Improved modeling of loops using Cocoa collection types">, 1098 Documentation<NotDocumented>; 1099 1100def ObjCNonNilReturnValueChecker : Checker<"NonNilReturnValue">, 1101 HelpText<"Model the APIs that are guaranteed to return a non-nil value">, 1102 Documentation<NotDocumented>; 1103 1104def ObjCSuperCallChecker : Checker<"MissingSuperCall">, 1105 HelpText<"Warn about Objective-C methods that lack a necessary call to " 1106 "super">, 1107 Documentation<NotDocumented>; 1108 1109def NSErrorChecker : Checker<"NSError">, 1110 HelpText<"Check usage of NSError** parameters">, 1111 Dependencies<[NSOrCFErrorDerefChecker]>, 1112 Documentation<HasDocumentation>; 1113 1114def RetainCountChecker : Checker<"RetainCount">, 1115 HelpText<"Check for leaks and improper reference count management">, 1116 CheckerOptions<[ 1117 CmdLineOption<Boolean, 1118 "TrackNSCFStartParam", 1119 "Check not only that the code follows retain-release rules " 1120 "with respect to objects it allocates or borrows from " 1121 "elsewhere, but also that it fulfills its own retain count " 1122 "specification with respect to objects that it receives as " 1123 "arguments.", 1124 "false", 1125 Released> 1126 ]>, 1127 Dependencies<[RetainCountBase]>, 1128 Documentation<HasDocumentation>; 1129 1130def ObjCGenericsChecker : Checker<"ObjCGenerics">, 1131 HelpText<"Check for type errors when using Objective-C generics">, 1132 Dependencies<[DynamicTypePropagation]>, 1133 Documentation<HasDocumentation>; 1134 1135def ObjCDeallocChecker : Checker<"Dealloc">, 1136 HelpText<"Warn about Objective-C classes that lack a correct implementation " 1137 "of -dealloc">, 1138 Documentation<HasDocumentation>; 1139 1140def ObjCSuperDeallocChecker : Checker<"SuperDealloc">, 1141 HelpText<"Warn about improper use of '[super dealloc]' in Objective-C">, 1142 Documentation<HasDocumentation>; 1143 1144def AutoreleaseWriteChecker : Checker<"AutoreleaseWrite">, 1145 HelpText<"Warn about potentially crashing writes to autoreleasing objects " 1146 "from different autoreleasing pools in Objective-C">, 1147 Documentation<NotDocumented>; 1148 1149} // end "osx.cocoa" 1150 1151let ParentPackage = Performance in { 1152 1153def GCDAntipattern : Checker<"GCDAntipattern">, 1154 HelpText<"Check for performance anti-patterns when using Grand Central " 1155 "Dispatch">, 1156 Documentation<NotDocumented>; 1157} // end "optin.performance" 1158 1159let ParentPackage = OSXOptIn in { 1160 1161def OSObjectCStyleCast : Checker<"OSObjectCStyleCast">, 1162 HelpText<"Checker for C-style casts of OSObjects">, 1163 Documentation<NotDocumented>; 1164 1165} // end "optin.osx" 1166 1167let ParentPackage = CocoaAlpha in { 1168 1169def IvarInvalidationModeling : Checker<"IvarInvalidationModeling">, 1170 HelpText<"Gathers information for annotation driven invalidation checking " 1171 "for classes that contains a method annotated with " 1172 "'objc_instance_variable_invalidator'">, 1173 Documentation<NotDocumented>, 1174 Hidden; 1175 1176def InstanceVariableInvalidation : Checker<"InstanceVariableInvalidation">, 1177 HelpText<"Check that the invalidatable instance variables are invalidated in " 1178 "the methods annotated with objc_instance_variable_invalidator">, 1179 Dependencies<[IvarInvalidationModeling]>, 1180 Documentation<HasAlphaDocumentation>; 1181 1182def MissingInvalidationMethod : Checker<"MissingInvalidationMethod">, 1183 HelpText<"Check that the invalidation methods are present in classes that " 1184 "contain invalidatable instance variables">, 1185 Dependencies<[IvarInvalidationModeling]>, 1186 Documentation<HasAlphaDocumentation>; 1187 1188def DirectIvarAssignment : Checker<"DirectIvarAssignment">, 1189 HelpText<"Check for direct assignments to instance variables">, 1190 CheckerOptions<[ 1191 CmdLineOption<Boolean, 1192 "AnnotatedFunctions", 1193 "Check for direct assignments to instance variables in the " 1194 "methods annotated with " 1195 "objc_no_direct_instance_variable_assignment", 1196 "false", 1197 InAlpha> 1198 ]>, 1199 Documentation<HasAlphaDocumentation>; 1200 1201} // end "alpha.osx.cocoa" 1202 1203let ParentPackage = CoreFoundation in { 1204 1205def CFNumberChecker : Checker<"CFNumber">, 1206 HelpText<"Check for proper uses of CFNumber APIs">, 1207 Documentation<HasDocumentation>; 1208 1209def CFRetainReleaseChecker : Checker<"CFRetainRelease">, 1210 HelpText<"Check for null arguments to CFRetain/CFRelease/CFMakeCollectable">, 1211 Documentation<HasDocumentation>; 1212 1213def CFErrorChecker : Checker<"CFError">, 1214 HelpText<"Check usage of CFErrorRef* parameters">, 1215 Dependencies<[NSOrCFErrorDerefChecker]>, 1216 Documentation<HasDocumentation>; 1217 1218} // end "osx.coreFoundation" 1219 1220let ParentPackage = Containers in { 1221 1222def ObjCContainersASTChecker : Checker<"PointerSizedValues">, 1223 HelpText<"Warns if 'CFArray', 'CFDictionary', 'CFSet' are created with " 1224 "non-pointer-size values">, 1225 Documentation<HasDocumentation>; 1226 1227def ObjCContainersChecker : Checker<"OutOfBounds">, 1228 HelpText<"Checks for index out-of-bounds when using 'CFArray' API">, 1229 Documentation<HasDocumentation>; 1230 1231} // end "osx.coreFoundation.containers" 1232 1233let ParentPackage = LocalizabilityOptIn in { 1234 1235def NonLocalizedStringChecker : Checker<"NonLocalizedStringChecker">, 1236 HelpText<"Warns about uses of non-localized NSStrings passed to UI methods " 1237 "expecting localized NSStrings">, 1238 CheckerOptions<[ 1239 CmdLineOption<Boolean, 1240 "AggressiveReport", 1241 "Marks a string being returned by any call as localized if " 1242 "it is in LocStringFunctions (LSF) or the function is " 1243 "annotated. Otherwise, we mark it as NonLocalized " 1244 "(Aggressive) or NonLocalized only if it is not backed by a " 1245 "SymRegion (Non-Aggressive), basically leaving only string " 1246 "literals as NonLocalized.", 1247 "false", 1248 InAlpha, 1249 Hide> 1250 ]>, 1251 Documentation<HasDocumentation>; 1252 1253def EmptyLocalizationContextChecker : 1254 Checker<"EmptyLocalizationContextChecker">, 1255 HelpText<"Check that NSLocalizedString macros include a comment for context">, 1256 Documentation<HasDocumentation>; 1257 1258} // end "optin.osx.cocoa.localizability" 1259 1260let ParentPackage = LocalizabilityAlpha in { 1261 1262def PluralMisuseChecker : Checker<"PluralMisuseChecker">, 1263 HelpText<"Warns against using one vs. many plural pattern in code when " 1264 "generating localized strings.">, 1265 Documentation<HasAlphaDocumentation>; 1266 1267} // end "alpha.osx.cocoa.localizability" 1268 1269let ParentPackage = MPI in { 1270 1271def MPIChecker : Checker<"MPI-Checker">, 1272 HelpText<"Checks MPI code">, 1273 Documentation<HasDocumentation>; 1274 1275} // end "optin.mpi" 1276 1277//===----------------------------------------------------------------------===// 1278// Checkers for LLVM development. 1279//===----------------------------------------------------------------------===// 1280 1281let ParentPackage = LLVMAlpha in { 1282 1283def LLVMConventionsChecker : Checker<"Conventions">, 1284 HelpText<"Check code for LLVM codebase conventions">, 1285 Documentation<HasAlphaDocumentation>; 1286 1287} // end "llvm" 1288 1289let ParentPackage = LLVMAPIModeling in { 1290 1291def CastValueChecker : Checker<"CastValue">, 1292 HelpText<"Model implementation of custom RTTIs">, 1293 Documentation<NotDocumented>; 1294 1295def ReturnValueChecker : Checker<"ReturnValue">, 1296 HelpText<"Model the guaranteed boolean return value of function calls">, 1297 Documentation<NotDocumented>; 1298 1299} // end "apiModeling.llvm" 1300 1301//===----------------------------------------------------------------------===// 1302// Checkers modeling Google APIs. 1303//===----------------------------------------------------------------------===// 1304 1305let ParentPackage = GoogleAPIModeling in { 1306 1307def GTestChecker : Checker<"GTest">, 1308 HelpText<"Model gtest assertion APIs">, 1309 Documentation<NotDocumented>; 1310 1311} // end "apiModeling.google" 1312 1313//===----------------------------------------------------------------------===// 1314// Debugging checkers (for analyzer development). 1315//===----------------------------------------------------------------------===// 1316 1317let ParentPackage = Debug in { 1318 1319def AnalysisOrderChecker : Checker<"AnalysisOrder">, 1320 HelpText<"Print callbacks that are called during analysis in order">, 1321 CheckerOptions<[ 1322 CmdLineOption<Boolean, 1323 "PreStmtCastExpr", 1324 "", 1325 "false", 1326 Released, 1327 Hide>, 1328 CmdLineOption<Boolean, 1329 "PostStmtCastExpr", 1330 "", 1331 "false", 1332 Released, 1333 Hide>, 1334 CmdLineOption<Boolean, 1335 "PreStmtArraySubscriptExpr", 1336 "", 1337 "false", 1338 Released, 1339 Hide>, 1340 CmdLineOption<Boolean, 1341 "PostStmtArraySubscriptExpr", 1342 "", 1343 "false", 1344 Released, 1345 Hide>, 1346 CmdLineOption<Boolean, 1347 "PreStmtCXXNewExpr", 1348 "", 1349 "false", 1350 Released, 1351 Hide>, 1352 CmdLineOption<Boolean, 1353 "PostStmtCXXNewExpr", 1354 "", 1355 "false", 1356 Released, 1357 Hide>, 1358 CmdLineOption<Boolean, 1359 "PreStmtCXXDeleteExpr", 1360 "", 1361 "false", 1362 Released, 1363 Hide>, 1364 CmdLineOption<Boolean, 1365 "PostStmtCXXDeleteExpr", 1366 "", 1367 "false", 1368 Released, 1369 Hide>, 1370 CmdLineOption<Boolean, 1371 "PreStmtCXXConstructExpr", 1372 "", 1373 "false", 1374 Released, 1375 Hide>, 1376 CmdLineOption<Boolean, 1377 "PostStmtCXXConstructExpr", 1378 "", 1379 "false", 1380 Released, 1381 Hide>, 1382 CmdLineOption<Boolean, 1383 "PreStmtOffsetOfExpr", 1384 "", 1385 "false", 1386 Released, 1387 Hide>, 1388 CmdLineOption<Boolean, 1389 "PostStmtOffsetOfExpr", 1390 "", 1391 "false", 1392 Released, 1393 Hide>, 1394 CmdLineOption<Boolean, 1395 "EvalCall", 1396 "", 1397 "false", 1398 Released, 1399 Hide>, 1400 CmdLineOption<Boolean, 1401 "PreCall", 1402 "", 1403 "false", 1404 Released, 1405 Hide>, 1406 CmdLineOption<Boolean, 1407 "PostCall", 1408 "", 1409 "false", 1410 Released, 1411 Hide>, 1412 CmdLineOption<Boolean, 1413 "EndFunction", 1414 "", 1415 "false", 1416 Released, 1417 Hide>, 1418 CmdLineOption<Boolean, 1419 "EndAnalysis", 1420 "", 1421 "false", 1422 Released, 1423 Hide>, 1424 CmdLineOption<Boolean, 1425 "NewAllocator", 1426 "", 1427 "false", 1428 Released, 1429 Hide>, 1430 CmdLineOption<Boolean, 1431 "Bind", 1432 "", 1433 "false", 1434 Released, 1435 Hide>, 1436 CmdLineOption<Boolean, 1437 "LiveSymbols", 1438 "", 1439 "false", 1440 Released, 1441 Hide>, 1442 CmdLineOption<Boolean, 1443 "RegionChanges", 1444 "", 1445 "false", 1446 Released, 1447 Hide>, 1448 CmdLineOption<Boolean, 1449 "PointerEscape", 1450 "", 1451 "false", 1452 Released, 1453 Hide>, 1454 CmdLineOption<Boolean, 1455 "*", 1456 "Enables all callbacks.", 1457 "false", 1458 Released, 1459 Hide> 1460 ]>, 1461 Documentation<NotDocumented>; 1462 1463def DominatorsTreeDumper : Checker<"DumpDominators">, 1464 HelpText<"Print the dominance tree for a given CFG">, 1465 Documentation<NotDocumented>; 1466 1467def PostDominatorsTreeDumper : Checker<"DumpPostDominators">, 1468 HelpText<"Print the post dominance tree for a given CFG">, 1469 Documentation<NotDocumented>; 1470 1471def ControlDependencyTreeDumper : Checker<"DumpControlDependencies">, 1472 HelpText<"Print the post control dependency tree for a given CFG">, 1473 Documentation<NotDocumented>; 1474 1475def LiveVariablesDumper : Checker<"DumpLiveVars">, 1476 HelpText<"Print results of live variable analysis">, 1477 Documentation<NotDocumented>; 1478 1479def LiveStatementsDumper : Checker<"DumpLiveStmts">, 1480 HelpText<"Print results of live statement analysis">, 1481 Documentation<NotDocumented>; 1482 1483def CFGViewer : Checker<"ViewCFG">, 1484 HelpText<"View Control-Flow Graphs using GraphViz">, 1485 Documentation<NotDocumented>; 1486 1487def CFGDumper : Checker<"DumpCFG">, 1488 HelpText<"Display Control-Flow Graphs">, 1489 Documentation<NotDocumented>; 1490 1491def CallGraphViewer : Checker<"ViewCallGraph">, 1492 HelpText<"View Call Graph using GraphViz">, 1493 Documentation<NotDocumented>; 1494 1495def CallGraphDumper : Checker<"DumpCallGraph">, 1496 HelpText<"Display Call Graph">, 1497 Documentation<NotDocumented>; 1498 1499def ConfigDumper : Checker<"ConfigDumper">, 1500 HelpText<"Dump config table">, 1501 Documentation<NotDocumented>; 1502 1503def TraversalDumper : Checker<"DumpTraversal">, 1504 HelpText<"Print branch conditions as they are traversed by the engine">, 1505 Documentation<NotDocumented>; 1506 1507def CallDumper : Checker<"DumpCalls">, 1508 HelpText<"Print calls as they are traversed by the engine">, 1509 Documentation<NotDocumented>; 1510 1511def AnalyzerStatsChecker : Checker<"Stats">, 1512 HelpText<"Emit warnings with analyzer statistics">, 1513 Documentation<NotDocumented>; 1514 1515def TaintTesterChecker : Checker<"TaintTest">, 1516 HelpText<"Mark tainted symbols as such.">, 1517 Documentation<NotDocumented>; 1518 1519// This checker *technically* depends on SteamChecker, but we don't allow 1520// dependency checkers to emit diagnostics, and a debug checker isn't worth 1521// the chore needed to create a modeling portion on its own. Since this checker 1522// is for development purposes only anyways, make sure that StreamChecker is 1523// also enabled, at least for the time being. 1524def StreamTesterChecker : Checker<"StreamTester">, 1525 HelpText<"Add test functions to StreamChecker for test and debugging " 1526 "purposes.">, 1527 Documentation<NotDocumented>; 1528 1529def ExprInspectionChecker : Checker<"ExprInspection">, 1530 HelpText<"Check the analyzer's understanding of expressions">, 1531 Documentation<NotDocumented>; 1532 1533def ExplodedGraphViewer : Checker<"ViewExplodedGraph">, 1534 HelpText<"View Exploded Graphs using GraphViz">, 1535 Documentation<NotDocumented>; 1536 1537def ReportStmts : Checker<"ReportStmts">, 1538 HelpText<"Emits a warning for every statement.">, 1539 Documentation<NotDocumented>; 1540 1541def DebugContainerModeling : Checker<"DebugContainerModeling">, 1542 HelpText<"Check the analyzer's understanding of C++ containers">, 1543 Dependencies<[ContainerModeling]>, 1544 Documentation<NotDocumented>; 1545 1546def DebugIteratorModeling : Checker<"DebugIteratorModeling">, 1547 HelpText<"Check the analyzer's understanding of C++ iterators">, 1548 Dependencies<[DebugContainerModeling, IteratorModeling]>, 1549 Documentation<NotDocumented>; 1550 1551def StdCLibraryFunctionsTesterChecker : Checker<"StdCLibraryFunctionsTester">, 1552 HelpText<"Add test functions to the summary map, so testing of individual " 1553 "summary constituents becomes possible.">, 1554 Dependencies<[StdCLibraryFunctionsChecker]>, 1555 Documentation<NotDocumented>; 1556 1557} // end "debug" 1558 1559 1560//===----------------------------------------------------------------------===// 1561// Clone Detection 1562//===----------------------------------------------------------------------===// 1563 1564let ParentPackage = CloneDetectionAlpha in { 1565 1566def CloneChecker : Checker<"CloneChecker">, 1567 HelpText<"Reports similar pieces of code.">, 1568 CheckerOptions<[ 1569 CmdLineOption<Integer, 1570 "MinimumCloneComplexity", 1571 "Ensures that every clone has at least the given complexity. " 1572 "Complexity is here defined as the total amount of children " 1573 "of a statement. This constraint assumes the first statement " 1574 "in the group is representative for all other statements in " 1575 "the group in terms of complexity.", 1576 "50", 1577 Released>, 1578 CmdLineOption<Boolean, 1579 "ReportNormalClones", 1580 "Report all clones, even less suspicious ones.", 1581 "true", 1582 Released>, 1583 CmdLineOption<String, 1584 "IgnoredFilesPattern", 1585 "If supplied, the checker wont analyze files with a filename " 1586 "that matches the given pattern.", 1587 "\"\"", 1588 Released> 1589 ]>, 1590 Documentation<HasAlphaDocumentation>; 1591 1592} // end "clone" 1593 1594//===----------------------------------------------------------------------===// 1595// Portability checkers. 1596//===----------------------------------------------------------------------===// 1597 1598let ParentPackage = PortabilityOptIn in { 1599 1600def UnixAPIPortabilityChecker : Checker<"UnixAPI">, 1601 HelpText<"Finds implementation-defined behavior in UNIX/Posix functions">, 1602 Documentation<NotDocumented>; 1603 1604} // end optin.portability 1605 1606//===----------------------------------------------------------------------===// 1607// NonDeterminism checkers. 1608//===----------------------------------------------------------------------===// 1609 1610let ParentPackage = NonDeterminismAlpha in { 1611 1612def PointerIterationChecker : Checker<"PointerIteration">, 1613 HelpText<"Checks for non-determinism caused by iteration of unordered containers of pointers">, 1614 Documentation<HasDocumentation>; 1615 1616def PointerSortingChecker : Checker<"PointerSorting">, 1617 HelpText<"Check for non-determinism caused by sorting of pointers">, 1618 Documentation<HasDocumentation>; 1619 1620} // end alpha.nondeterminism 1621 1622//===----------------------------------------------------------------------===// 1623// Fuchsia checkers. 1624//===----------------------------------------------------------------------===// 1625 1626let ParentPackage = Fuchsia in { 1627 1628def FuchsiaHandleChecker : Checker<"HandleChecker">, 1629 HelpText<"A Checker that detect leaks related to Fuchsia handles">, 1630 Documentation<HasDocumentation>; 1631 1632} 1633 1634let ParentPackage = FuchsiaAlpha in { 1635 1636def FuchsiaLockChecker : Checker<"Lock">, 1637 HelpText<"Check for the correct usage of locking APIs.">, 1638 Dependencies<[PthreadLockBase]>, 1639 Documentation<HasDocumentation>; 1640 1641} // end fuchsia 1642 1643//===----------------------------------------------------------------------===// 1644// WebKit checkers. 1645//===----------------------------------------------------------------------===// 1646 1647let ParentPackage = WebKit in { 1648 1649def RefCntblBaseVirtualDtorChecker : Checker<"RefCntblBaseVirtualDtor">, 1650 HelpText<"Check for any ref-countable base class having virtual destructor.">, 1651 Documentation<HasDocumentation>; 1652 1653def NoUncountedMemberChecker : Checker<"NoUncountedMemberChecker">, 1654 HelpText<"Check for no uncounted member variables.">, 1655 Documentation<HasDocumentation>; 1656 1657} // end webkit 1658 1659let ParentPackage = WebKitAlpha in { 1660 1661def UncountedCallArgsChecker : Checker<"UncountedCallArgsChecker">, 1662 HelpText<"Check uncounted call arguments.">, 1663 Documentation<HasDocumentation>; 1664 1665} // end alpha.webkit 1666