1//===--- Checkers.td - Static Analyzer Checkers -===-----------------------===// 2// 3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4// See https://llvm.org/LICENSE.txt for license information. 5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6// 7//===----------------------------------------------------------------------===// 8 9include "CheckerBase.td" 10 11//===----------------------------------------------------------------------===// 12// Packages. 13//===----------------------------------------------------------------------===// 14 15// The Alpha package is for checkers that have too many false positives to be 16// turned on by default. The hierarchy under Alpha should be organized in the 17// hierarchy checkers would have had if they were truly at the top level. 18// (For example, a Cocoa-specific checker that is alpha should be in 19// alpha.osx.cocoa). 20def Alpha : Package<"alpha">; 21 22def Core : Package<"core">; 23def CoreBuiltin : Package<"builtin">, ParentPackage<Core>, Hidden; 24def CoreUninitialized : Package<"uninitialized">, ParentPackage<Core>; 25def CoreAlpha : Package<"core">, ParentPackage<Alpha>; 26 27// The OptIn package is for checkers that are not alpha and that would normally 28// be on by default but where the driver does not have enough information to 29// determine when they are applicable. For example, localizability checkers fit 30// this criterion because the driver cannot determine whether a project is 31// localized or not -- this is best determined at the IDE or build-system level. 32// 33// The checker hierarchy under OptIn should mirror that in Alpha: checkers 34// should be organized as if they were at the top level. 35// 36// Note: OptIn is *not* intended for checkers that are too noisy to be on by 37// default. Such checkers belong in the alpha package. 38def OptIn : Package<"optin">; 39 40// In the Portability package reside checkers for finding code that relies on 41// implementation-defined behavior. Such checks are wanted for cross-platform 42// development, but unwanted for developers who target only a single platform. 43def PortabilityOptIn : Package<"portability">, ParentPackage<OptIn>; 44 45def Nullability : Package<"nullability">, 46 PackageOptions<[ 47 CmdLineOption<Boolean, 48 "NoDiagnoseCallsToSystemHeaders", 49 "Suppresses warnings for violating nullability annotations " 50 "of system header functions. This is useful if you are " 51 "concerned with your custom nullability annotations more " 52 "than with following nullability specifications of system " 53 "header functions.", 54 "false", 55 Released> 56 ]>; 57 58def Cplusplus : Package<"cplusplus">; 59def CplusplusAlpha : Package<"cplusplus">, ParentPackage<Alpha>; 60def CplusplusOptIn : Package<"cplusplus">, ParentPackage<OptIn>; 61 62def Valist : Package<"valist">; 63 64def DeadCode : Package<"deadcode">; 65def DeadCodeAlpha : Package<"deadcode">, ParentPackage<Alpha>; 66 67def Performance : Package<"performance">, ParentPackage<OptIn>; 68 69def Security : Package <"security">; 70def InsecureAPI : Package<"insecureAPI">, ParentPackage<Security>; 71def SecurityAlpha : Package<"security">, ParentPackage<Alpha>; 72def Taint : Package<"taint">, ParentPackage<SecurityAlpha>; 73 74def CERT : Package<"cert">, ParentPackage<SecurityAlpha>; 75def POS : Package<"pos">, ParentPackage<CERT>; 76def ENV : Package<"env">, ParentPackage<CERT>; 77 78def Unix : Package<"unix">; 79def UnixAlpha : Package<"unix">, ParentPackage<Alpha>; 80def CString : Package<"cstring">, ParentPackage<Unix>; 81def CStringAlpha : Package<"cstring">, ParentPackage<UnixAlpha>; 82 83def OSX : Package<"osx">; 84def OSXAlpha : Package<"osx">, ParentPackage<Alpha>; 85def OSXOptIn : Package<"osx">, ParentPackage<OptIn>; 86 87def Cocoa : Package<"cocoa">, ParentPackage<OSX>; 88def CocoaAlpha : Package<"cocoa">, ParentPackage<OSXAlpha>; 89def CocoaOptIn : Package<"cocoa">, ParentPackage<OSXOptIn>; 90 91def CoreFoundation : Package<"coreFoundation">, ParentPackage<OSX>; 92def Containers : Package<"containers">, ParentPackage<CoreFoundation>; 93 94def LocalizabilityAlpha : Package<"localizability">, ParentPackage<CocoaAlpha>; 95def LocalizabilityOptIn : Package<"localizability">, ParentPackage<CocoaOptIn>; 96 97def MPI : Package<"mpi">, ParentPackage<OptIn>; 98 99def LLVM : Package<"llvm">; 100def LLVMAlpha : Package<"llvm">, ParentPackage<Alpha>; 101 102// The APIModeling package is for checkers that model APIs and don't perform 103// any diagnostics. These checkers are always turned on; this package is 104// intended for API modeling that is not controlled by the target triple. 105def APIModeling : Package<"apiModeling">, Hidden; 106def APIModelingAlpha : Package<"apiModeling">, ParentPackage<Alpha>, Hidden; 107 108def GoogleAPIModeling : Package<"google">, ParentPackage<APIModeling>, Hidden; 109def LLVMAPIModeling : Package<"llvm">, ParentPackage<APIModeling>, Hidden; 110 111def Debug : Package<"debug">, Hidden; 112 113def CloneDetectionAlpha : Package<"clone">, ParentPackage<Alpha>; 114 115def NonDeterminismAlpha : Package<"nondeterminism">, ParentPackage<Alpha>; 116 117def Fuchsia : Package<"fuchsia">; 118def FuchsiaAlpha : Package<"fuchsia">, ParentPackage<Alpha>; 119 120def WebKit : Package<"webkit">; 121def WebKitAlpha : Package<"webkit">, ParentPackage<Alpha>; 122 123//===----------------------------------------------------------------------===// 124// Core Checkers. 125//===----------------------------------------------------------------------===// 126 127let ParentPackage = Core in { 128 129def CallAndMessageModeling : Checker<"CallAndMessageModeling">, 130 HelpText<"Responsible for essential modeling and assumptions after a " 131 "function/method call. For instance, if we can't reason about the " 132 "nullability of the implicit this parameter after a method call, " 133 "this checker conservatively assumes it to be non-null">, 134 Documentation<HasDocumentation>, 135 Hidden; 136 137def CallAndMessageChecker : Checker<"CallAndMessage">, 138 HelpText<"Check for logical errors for function calls and Objective-C " 139 "message expressions (e.g., uninitialized arguments, null function " 140 "pointers)">, 141 CheckerOptions<[ 142 CmdLineOption<Boolean, 143 "FunctionPointer", 144 "Check whether a called function pointer is null or " 145 "undefined", 146 "true", 147 Released>, 148 CmdLineOption<Boolean, 149 "ParameterCount", 150 "Check whether a function was called with the appropriate " 151 "number of arguments", 152 "true", 153 Released>, 154 CmdLineOption<Boolean, 155 "CXXThisMethodCall", 156 "Check whether the implicit this parameter is null or " 157 "undefined upon a method call", 158 "true", 159 Released>, 160 CmdLineOption<Boolean, 161 "CXXDeallocationArg", 162 "Check whether the argument of operator delete is undefined", 163 "true", 164 Released>, 165 CmdLineOption<Boolean, 166 "ArgInitializedness", 167 "Check whether any of the pass-by-value parameters is " 168 "undefined", 169 "true", 170 Released>, 171 CmdLineOption<Boolean, 172 "ArgPointeeInitializedness", 173 "Check whether the pointee of a pass-by-reference or " 174 "pass-by-pointer is undefined", 175 "false", 176 InAlpha>, 177 CmdLineOption<Boolean, 178 "NilReceiver", 179 "Check whether the reciever in the message expression is nil", 180 "true", 181 Released>, 182 CmdLineOption<Boolean, 183 "UndefReceiver", 184 "Check whether the reciever in the message expression is " 185 "undefined", 186 "true", 187 Released>, 188 ]>, 189 Documentation<HasDocumentation>, 190 Dependencies<[CallAndMessageModeling]>; 191 192def DereferenceChecker : Checker<"NullDereference">, 193 HelpText<"Check for dereferences of null pointers">, 194 CheckerOptions<[ 195 CmdLineOption<Boolean, 196 "SuppressAddressSpaces", 197 "Suppresses warning when pointer dereferences an address space", 198 "true", 199 Released> 200 ]>, 201 Documentation<HasDocumentation>; 202 203def NonNullParamChecker : Checker<"NonNullParamChecker">, 204 HelpText<"Check for null pointers passed as arguments to a function whose " 205 "arguments are references or marked with the 'nonnull' attribute">, 206 Documentation<HasDocumentation>; 207 208def VLASizeChecker : Checker<"VLASize">, 209 HelpText<"Check for declarations of VLA of undefined or zero size">, 210 Documentation<HasDocumentation>; 211 212def DivZeroChecker : Checker<"DivideZero">, 213 HelpText<"Check for division by zero">, 214 Documentation<HasDocumentation>; 215 216def UndefResultChecker : Checker<"UndefinedBinaryOperatorResult">, 217 HelpText<"Check for undefined results of binary operators">, 218 Documentation<HasDocumentation>; 219 220def StackAddrEscapeBase : Checker<"StackAddrEscapeBase">, 221 HelpText<"Generate information about stack address escapes.">, 222 Documentation<NotDocumented>, 223 Hidden; 224 225def StackAddrEscapeChecker : Checker<"StackAddressEscape">, 226 HelpText<"Check that addresses to stack memory do not escape the function">, 227 Dependencies<[StackAddrEscapeBase]>, 228 Documentation<HasDocumentation>; 229 230def DynamicTypePropagation : Checker<"DynamicTypePropagation">, 231 HelpText<"Generate dynamic type information">, 232 Documentation<NotDocumented>, 233 Hidden; 234 235def NonnullGlobalConstantsChecker: Checker<"NonnilStringConstants">, 236 HelpText<"Assume that const string-like globals are non-null">, 237 Documentation<NotDocumented>, 238 Hidden; 239 240} // end "core" 241 242let ParentPackage = CoreAlpha in { 243 244def BoolAssignmentChecker : Checker<"BoolAssignment">, 245 HelpText<"Warn about assigning non-{0,1} values to Boolean variables">, 246 Documentation<HasDocumentation>; 247 248def CastSizeChecker : Checker<"CastSize">, 249 HelpText<"Check when casting a malloc'ed type T, whether the size is a " 250 "multiple of the size of T">, 251 Documentation<HasDocumentation>; 252 253def CastToStructChecker : Checker<"CastToStruct">, 254 HelpText<"Check for cast from non-struct pointer to struct pointer">, 255 Documentation<HasDocumentation>; 256 257def ConversionChecker : Checker<"Conversion">, 258 HelpText<"Loss of sign/precision in implicit conversions">, 259 Documentation<HasDocumentation>; 260 261def IdenticalExprChecker : Checker<"IdenticalExpr">, 262 HelpText<"Warn about unintended use of identical expressions in operators">, 263 Documentation<HasDocumentation>; 264 265def FixedAddressChecker : Checker<"FixedAddr">, 266 HelpText<"Check for assignment of a fixed address to a pointer">, 267 Documentation<HasDocumentation>; 268 269def PointerArithChecker : Checker<"PointerArithm">, 270 HelpText<"Check for pointer arithmetic on locations other than array " 271 "elements">, 272 Documentation<HasDocumentation>; 273 274def PointerSubChecker : Checker<"PointerSub">, 275 HelpText<"Check for pointer subtractions on two pointers pointing to " 276 "different memory chunks">, 277 Documentation<HasDocumentation>; 278 279def SizeofPointerChecker : Checker<"SizeofPtr">, 280 HelpText<"Warn about unintended use of sizeof() on pointer expressions">, 281 Documentation<HasDocumentation>; 282 283def TestAfterDivZeroChecker : Checker<"TestAfterDivZero">, 284 HelpText<"Check for division by variable that is later compared against 0. " 285 "Either the comparison is useless or there is division by zero.">, 286 Documentation<HasDocumentation>; 287 288def DynamicTypeChecker : Checker<"DynamicTypeChecker">, 289 HelpText<"Check for cases where the dynamic and the static type of an object " 290 "are unrelated.">, 291 Documentation<HasDocumentation>; 292 293def StackAddrAsyncEscapeChecker : Checker<"StackAddressAsyncEscape">, 294 HelpText<"Check that addresses to stack memory do not escape the function">, 295 Dependencies<[StackAddrEscapeBase]>, 296 Documentation<HasDocumentation>; 297 298def PthreadLockBase : Checker<"PthreadLockBase">, 299 HelpText<"Helper registering multiple checks.">, 300 Documentation<NotDocumented>, 301 Hidden; 302 303def C11LockChecker : Checker<"C11Lock">, 304 HelpText<"Simple lock -> unlock checker">, 305 Dependencies<[PthreadLockBase]>, 306 Documentation<HasDocumentation>; 307 308} // end "alpha.core" 309 310//===----------------------------------------------------------------------===// 311// Nullability checkers. 312//===----------------------------------------------------------------------===// 313 314let ParentPackage = Nullability in { 315 316def NullabilityBase : Checker<"NullabilityBase">, 317 HelpText<"Stores information during the analysis about nullability.">, 318 Documentation<NotDocumented>, 319 Hidden; 320 321def NullPassedToNonnullChecker : Checker<"NullPassedToNonnull">, 322 HelpText<"Warns when a null pointer is passed to a pointer which has a " 323 "_Nonnull type.">, 324 Dependencies<[NullabilityBase]>, 325 Documentation<HasDocumentation>; 326 327def NullReturnedFromNonnullChecker : Checker<"NullReturnedFromNonnull">, 328 HelpText<"Warns when a null pointer is returned from a function that has " 329 "_Nonnull return type.">, 330 Dependencies<[NullabilityBase]>, 331 Documentation<HasDocumentation>; 332 333def NullableDereferencedChecker : Checker<"NullableDereferenced">, 334 HelpText<"Warns when a nullable pointer is dereferenced.">, 335 Dependencies<[NullabilityBase]>, 336 Documentation<HasDocumentation>; 337 338def NullablePassedToNonnullChecker : Checker<"NullablePassedToNonnull">, 339 HelpText<"Warns when a nullable pointer is passed to a pointer which has a " 340 "_Nonnull type.">, 341 Dependencies<[NullabilityBase]>, 342 Documentation<HasDocumentation>; 343 344def NullableReturnedFromNonnullChecker : Checker<"NullableReturnedFromNonnull">, 345 HelpText<"Warns when a nullable pointer is returned from a function that has " 346 "_Nonnull return type.">, 347 Dependencies<[NullabilityBase]>, 348 Documentation<NotDocumented>; 349 350} // end "nullability" 351 352//===----------------------------------------------------------------------===// 353// APIModeling. 354//===----------------------------------------------------------------------===// 355 356let ParentPackage = APIModeling in { 357 358def ErrnoModeling : Checker<"Errno">, 359 HelpText<"Make the special value 'errno' available to other checkers.">, 360 Documentation<NotDocumented>; 361 362def TrustNonnullChecker : Checker<"TrustNonnull">, 363 HelpText<"Trust that returns from framework methods annotated with _Nonnull " 364 "are not null">, 365 Documentation<NotDocumented>; 366 367def TrustReturnsNonnullChecker : Checker<"TrustReturnsNonnull">, 368 HelpText<"Trust that returns from methods annotated with returns_nonnull " 369 "are not null">, 370 Documentation<NotDocumented>; 371 372} // end "apiModeling" 373 374//===----------------------------------------------------------------------===// 375// Evaluate "builtin" functions. 376//===----------------------------------------------------------------------===// 377 378let ParentPackage = CoreBuiltin in { 379 380def NoReturnFunctionChecker : Checker<"NoReturnFunctions">, 381 HelpText<"Evaluate \"panic\" functions that are known to not return to the " 382 "caller">, 383 Documentation<NotDocumented>; 384 385def BuiltinFunctionChecker : Checker<"BuiltinFunctions">, 386 HelpText<"Evaluate compiler builtin functions (e.g., alloca())">, 387 Documentation<NotDocumented>; 388 389} // end "core.builtin" 390 391//===----------------------------------------------------------------------===// 392// Uninitialized values checkers. 393//===----------------------------------------------------------------------===// 394 395let ParentPackage = CoreUninitialized in { 396 397def UndefinedArraySubscriptChecker : Checker<"ArraySubscript">, 398 HelpText<"Check for uninitialized values used as array subscripts">, 399 Documentation<HasDocumentation>; 400 401def UndefinedAssignmentChecker : Checker<"Assign">, 402 HelpText<"Check for assigning uninitialized values">, 403 Documentation<HasDocumentation>; 404 405def UndefBranchChecker : Checker<"Branch">, 406 HelpText<"Check for uninitialized values used as branch conditions">, 407 Documentation<HasDocumentation>; 408 409def UndefCapturedBlockVarChecker : Checker<"CapturedBlockVariable">, 410 HelpText<"Check for blocks that capture uninitialized values">, 411 Documentation<NotDocumented>; 412 413def ReturnUndefChecker : Checker<"UndefReturn">, 414 HelpText<"Check for uninitialized values being returned to the caller">, 415 Documentation<HasDocumentation>; 416 417def UndefinedNewArraySizeChecker : Checker<"NewArraySize">, 418 HelpText<"Check if the size of the array in a new[] expression is undefined">, 419 Documentation<HasDocumentation>; 420 421} // end "core.uninitialized" 422 423//===----------------------------------------------------------------------===// 424// Unix API checkers. 425//===----------------------------------------------------------------------===// 426 427let ParentPackage = CString in { 428 429def CStringModeling : Checker<"CStringModeling">, 430 HelpText<"The base of several CString related checkers. On it's own it emits " 431 "no reports, but adds valuable information to the analysis when " 432 "enabled.">, 433 Documentation<NotDocumented>, 434 Hidden; 435 436def CStringNullArg : Checker<"NullArg">, 437 HelpText<"Check for null pointers being passed as arguments to C string " 438 "functions">, 439 Dependencies<[CStringModeling]>, 440 Documentation<HasDocumentation>; 441 442def CStringSyntaxChecker : Checker<"BadSizeArg">, 443 HelpText<"Check the size argument passed into C string functions for common " 444 "erroneous patterns">, 445 Dependencies<[CStringModeling]>, 446 Documentation<HasDocumentation>; 447 448} // end "unix.cstring" 449 450let ParentPackage = CStringAlpha in { 451 452def CStringOutOfBounds : Checker<"OutOfBounds">, 453 HelpText<"Check for out-of-bounds access in string functions">, 454 Dependencies<[CStringModeling]>, 455 Documentation<HasDocumentation>; 456 457def CStringBufferOverlap : Checker<"BufferOverlap">, 458 HelpText<"Checks for overlap in two buffer arguments">, 459 Dependencies<[CStringModeling]>, 460 Documentation<HasDocumentation>; 461 462def CStringNotNullTerm : Checker<"NotNullTerminated">, 463 HelpText<"Check for arguments which are not null-terminating strings">, 464 Dependencies<[CStringModeling]>, 465 Documentation<HasDocumentation>; 466 467def CStringUninitializedRead : Checker<"UninitializedRead">, 468 HelpText<"Checks if the string manipulation function would read uninitialized bytes">, 469 Dependencies<[CStringModeling]>, 470 Documentation<HasDocumentation>; 471 472} // end "alpha.unix.cstring" 473 474let ParentPackage = Unix in { 475 476def UnixAPIMisuseChecker : Checker<"API">, 477 HelpText<"Check calls to various UNIX/Posix functions">, 478 Documentation<HasDocumentation>; 479 480def DynamicMemoryModeling: Checker<"DynamicMemoryModeling">, 481 HelpText<"The base of several malloc() related checkers. On it's own it " 482 "emits no reports, but adds valuable information to the analysis " 483 "when enabled.">, 484 CheckerOptions<[ 485 CmdLineOption<Boolean, 486 "Optimistic", 487 "If set to true, the checker assumes that all the " 488 "allocating and deallocating functions are annotated with " 489 "ownership_holds, ownership_takes and ownership_returns.", 490 "false", 491 InAlpha>, 492 CmdLineOption<Boolean, 493 "AddNoOwnershipChangeNotes", 494 "Add an additional note to the bug report for leak-like " 495 "bugs. Dynamically allocated objects passed to functions " 496 "that neither deallocated it, or have taken responsibility " 497 "of the ownership are noted, similarly to " 498 "NoStoreFuncVisitor.", 499 "true", 500 Released, 501 Hide> 502 ]>, 503 Dependencies<[CStringModeling]>, 504 Documentation<NotDocumented>, 505 Hidden; 506 507def MallocChecker: Checker<"Malloc">, 508 HelpText<"Check for memory leaks, double free, and use-after-free problems. " 509 "Traces memory managed by malloc()/free().">, 510 Dependencies<[DynamicMemoryModeling]>, 511 Documentation<HasDocumentation>; 512 513def MallocSizeofChecker : Checker<"MallocSizeof">, 514 HelpText<"Check for dubious malloc arguments involving sizeof">, 515 Documentation<HasDocumentation>; 516 517def MismatchedDeallocatorChecker : Checker<"MismatchedDeallocator">, 518 HelpText<"Check for mismatched deallocators.">, 519 Dependencies<[DynamicMemoryModeling]>, 520 Documentation<HasDocumentation>; 521 522def VforkChecker : Checker<"Vfork">, 523 HelpText<"Check for proper usage of vfork">, 524 Documentation<HasDocumentation>; 525 526} // end "unix" 527 528let ParentPackage = UnixAlpha in { 529 530def ErrnoChecker : Checker<"Errno">, 531 HelpText<"Check for improper use of 'errno'">, 532 Dependencies<[ErrnoModeling]>, 533 CheckerOptions<[ 534 CmdLineOption<Boolean, 535 "AllowErrnoReadOutsideConditionExpressions", 536 "Allow read of undefined value from errno outside of conditions", 537 "true", 538 InAlpha>, 539 ]>, 540 Documentation<HasDocumentation>; 541 542def ChrootChecker : Checker<"Chroot">, 543 HelpText<"Check improper use of chroot">, 544 Documentation<HasDocumentation>; 545 546def PthreadLockChecker : Checker<"PthreadLock">, 547 HelpText<"Simple lock -> unlock checker">, 548 Dependencies<[PthreadLockBase]>, 549 Documentation<HasDocumentation>; 550 551def StreamChecker : Checker<"Stream">, 552 HelpText<"Check stream handling functions">, 553 WeakDependencies<[NonNullParamChecker]>, 554 Documentation<HasDocumentation>; 555 556def SimpleStreamChecker : Checker<"SimpleStream">, 557 HelpText<"Check for misuses of stream APIs">, 558 Documentation<HasDocumentation>; 559 560def BlockInCriticalSectionChecker : Checker<"BlockInCriticalSection">, 561 HelpText<"Check for calls to blocking functions inside a critical section">, 562 Documentation<HasDocumentation>; 563 564def StdCLibraryFunctionsChecker : Checker<"StdCLibraryFunctions">, 565 HelpText<"Check for invalid arguments of C standard library functions, " 566 "and apply relations between arguments and return value">, 567 CheckerOptions<[ 568 CmdLineOption<Boolean, 569 "DisplayLoadedSummaries", 570 "If set to true, the checker displays the found summaries " 571 "for the given translation unit.", 572 "false", 573 Released, 574 Hide>, 575 CmdLineOption<Boolean, 576 "ModelPOSIX", 577 "If set to true, the checker models additional functions " 578 "from the POSIX standard.", 579 "false", 580 InAlpha> 581 ]>, 582 WeakDependencies<[CallAndMessageChecker, NonNullParamChecker, StreamChecker]>, 583 Documentation<HasDocumentation>; 584 585} // end "alpha.unix" 586 587//===----------------------------------------------------------------------===// 588// C++ checkers. 589//===----------------------------------------------------------------------===// 590 591let ParentPackage = Cplusplus in { 592 593def InnerPointerChecker : Checker<"InnerPointer">, 594 HelpText<"Check for inner pointers of C++ containers used after " 595 "re/deallocation">, 596 Dependencies<[DynamicMemoryModeling]>, 597 Documentation<NotDocumented>; 598 599def NewDeleteChecker : Checker<"NewDelete">, 600 HelpText<"Check for double-free and use-after-free problems. Traces memory " 601 "managed by new/delete.">, 602 Dependencies<[DynamicMemoryModeling]>, 603 Documentation<HasDocumentation>; 604 605def NewDeleteLeaksChecker : Checker<"NewDeleteLeaks">, 606 HelpText<"Check for memory leaks. Traces memory managed by new/delete.">, 607 Dependencies<[DynamicMemoryModeling]>, 608 Documentation<HasDocumentation>; 609 610def PlacementNewChecker : Checker<"PlacementNew">, 611 HelpText<"Check if default placement new is provided with pointers to " 612 "sufficient storage capacity">, 613 Dependencies<[DynamicMemoryModeling]>, 614 Documentation<HasDocumentation>; 615 616def CXXSelfAssignmentChecker : Checker<"SelfAssignment">, 617 HelpText<"Checks C++ copy and move assignment operators for self assignment">, 618 Documentation<NotDocumented>, 619 Hidden; 620 621def SmartPtrModeling: Checker<"SmartPtrModeling">, 622 HelpText<"Model behavior of C++ smart pointers">, 623 Documentation<NotDocumented>, 624 CheckerOptions<[ 625 CmdLineOption<Boolean, 626 "ModelSmartPtrDereference", 627 "Enable modeling for SmartPtr null dereferences", 628 "false", 629 InAlpha, 630 Hide>, 631 ]>, 632 Hidden; 633 634def StringChecker: Checker<"StringChecker">, 635 HelpText<"Checks C++ std::string bugs">, 636 Documentation<HasDocumentation>; 637 638def MoveChecker: Checker<"Move">, 639 HelpText<"Find use-after-move bugs in C++">, 640 CheckerOptions<[ 641 CmdLineOption<String, 642 "WarnOn", 643 "In non-aggressive mode, only warn on use-after-move of " 644 "local variables (or local rvalue references) and of STL " 645 "objects. The former is possible because local variables (or " 646 "local rvalue references) are not tempting their user to " 647 "re-use the storage. The latter is possible because STL " 648 "objects are known to end up in a valid but unspecified " 649 "state after the move and their state-reset methods are also " 650 "known, which allows us to predict precisely when " 651 "use-after-move is invalid. Some STL objects are known to " 652 "conform to additional contracts after move, so they are not " 653 "tracked. However, smart pointers specifically are tracked " 654 "because we can perform extra checking over them. In " 655 "aggressive mode, warn on any use-after-move because the " 656 "user has intentionally asked us to completely eliminate " 657 "use-after-move in his code. Values: \"KnownsOnly\", " 658 "\"KnownsAndLocals\", \"All\".", 659 "KnownsAndLocals", 660 Released> 661 ]>, 662 Documentation<HasDocumentation>; 663 664def VirtualCallModeling : Checker<"VirtualCallModeling">, 665 HelpText<"Auxiliary modeling for the virtual method call checkers">, 666 Documentation<NotDocumented>, 667 Hidden; 668 669def PureVirtualCallChecker : Checker<"PureVirtualCall">, 670 HelpText<"Check pure virtual function calls during construction/destruction">, 671 Dependencies<[VirtualCallModeling]>, 672 Documentation<HasDocumentation>; 673} // end: "cplusplus" 674 675let ParentPackage = CplusplusOptIn in { 676 677def UninitializedObjectChecker: Checker<"UninitializedObject">, 678 HelpText<"Reports uninitialized fields after object construction">, 679 CheckerOptions<[ 680 CmdLineOption<Boolean, 681 "Pedantic", 682 "If set to false, the checker won't emit warnings " 683 "for objects that don't have at least one initialized " 684 "field.", 685 "false", 686 Released>, 687 CmdLineOption<Boolean, 688 "NotesAsWarnings", 689 "If set to true, the checker will emit a warning " 690 "for each uninitalized field, as opposed to emitting one " 691 "warning per constructor call, and listing the uninitialized " 692 "fields that belongs to it in notes.", 693 "false", 694 Released, 695 Hide>, 696 CmdLineOption<Boolean, 697 "CheckPointeeInitialization", 698 "If set to false, the checker will not analyze " 699 "the pointee of pointer/reference fields, and will only " 700 "check whether the object itself is initialized.", 701 "false", 702 InAlpha>, 703 CmdLineOption<String, 704 "IgnoreRecordsWithField", 705 "If supplied, the checker will not analyze " 706 "structures that have a field with a name or type name that " 707 "matches the given pattern.", 708 "\"\"", 709 Released>, 710 CmdLineOption<Boolean, 711 "IgnoreGuardedFields", 712 "If set to true, the checker will analyze _syntactically_ " 713 "whether the found uninitialized object is used without a " 714 "preceding assert call. Defaults to false.", 715 "false", 716 InAlpha> 717 ]>, 718 Documentation<HasDocumentation>; 719 720def VirtualCallChecker : Checker<"VirtualCall">, 721 HelpText<"Check virtual function calls during construction/destruction">, 722 CheckerOptions<[ 723 CmdLineOption<Boolean, 724 "ShowFixIts", 725 "Enable fix-it hints for this checker", 726 "false", 727 InAlpha>, 728 CmdLineOption<Boolean, 729 "PureOnly", 730 "Disables the checker. Keeps cplusplus.PureVirtualCall " 731 "enabled. This option is only provided for backwards " 732 "compatibility.", 733 "false", 734 InAlpha> 735 ]>, 736 Dependencies<[VirtualCallModeling]>, 737 Documentation<HasDocumentation>; 738 739} // end: "optin.cplusplus" 740 741let ParentPackage = CplusplusAlpha in { 742 743def ContainerModeling : Checker<"ContainerModeling">, 744 HelpText<"Models C++ containers">, 745 Documentation<NotDocumented>, 746 Hidden; 747 748def DeleteWithNonVirtualDtorChecker : Checker<"DeleteWithNonVirtualDtor">, 749 HelpText<"Reports destructions of polymorphic objects with a non-virtual " 750 "destructor in their base class">, 751 Documentation<HasDocumentation>; 752 753def EnumCastOutOfRangeChecker : Checker<"EnumCastOutOfRange">, 754 HelpText<"Check integer to enumeration casts for out of range values">, 755 Documentation<HasDocumentation>; 756 757def IteratorModeling : Checker<"IteratorModeling">, 758 HelpText<"Models iterators of C++ containers">, 759 Dependencies<[ContainerModeling]>, 760 Documentation<NotDocumented>, 761 Hidden; 762 763def STLAlgorithmModeling : Checker<"STLAlgorithmModeling">, 764 HelpText<"Models the algorithm library of the C++ STL.">, 765 CheckerOptions<[ 766 CmdLineOption<Boolean, 767 "AggressiveStdFindModeling", 768 "Enables exploration of the failure branch in std::find-like " 769 "functions.", 770 "false", 771 Released> 772 ]>, 773 Dependencies<[ContainerModeling]>, 774 Documentation<NotDocumented>; 775 776def InvalidatedIteratorChecker : Checker<"InvalidatedIterator">, 777 HelpText<"Check for use of invalidated iterators">, 778 Dependencies<[IteratorModeling]>, 779 Documentation<HasDocumentation>; 780 781def IteratorRangeChecker : Checker<"IteratorRange">, 782 HelpText<"Check for iterators used outside their valid ranges">, 783 Dependencies<[IteratorModeling]>, 784 Documentation<HasDocumentation>; 785 786def MismatchedIteratorChecker : Checker<"MismatchedIterator">, 787 HelpText<"Check for use of iterators of different containers where iterators " 788 "of the same container are expected">, 789 Dependencies<[IteratorModeling]>, 790 Documentation<HasDocumentation>; 791 792def SmartPtrChecker: Checker<"SmartPtr">, 793 HelpText<"Find the dereference of null SmrtPtr">, 794 Dependencies<[SmartPtrModeling]>, 795 Documentation<HasDocumentation>; 796 797} // end: "alpha.cplusplus" 798 799 800//===----------------------------------------------------------------------===// 801// Valist checkers. 802//===----------------------------------------------------------------------===// 803 804let ParentPackage = Valist in { 805 806def ValistBase : Checker<"ValistBase">, 807 HelpText<"Gathers information about va_lists.">, 808 Documentation<NotDocumented>, 809 Hidden; 810 811def UninitializedChecker : Checker<"Uninitialized">, 812 HelpText<"Check for usages of uninitialized (or already released) va_lists.">, 813 Dependencies<[ValistBase]>, 814 Documentation<NotDocumented>; 815 816def UnterminatedChecker : Checker<"Unterminated">, 817 HelpText<"Check for va_lists which are not released by a va_end call.">, 818 Dependencies<[ValistBase]>, 819 Documentation<NotDocumented>; 820 821def CopyToSelfChecker : Checker<"CopyToSelf">, 822 HelpText<"Check for va_lists which are copied onto itself.">, 823 Dependencies<[ValistBase]>, 824 Documentation<NotDocumented>; 825 826} // end : "valist" 827 828//===----------------------------------------------------------------------===// 829// Deadcode checkers. 830//===----------------------------------------------------------------------===// 831 832let ParentPackage = DeadCode in { 833 834def DeadStoresChecker : Checker<"DeadStores">, 835 HelpText<"Check for values stored to variables that are never read " 836 "afterwards">, 837 CheckerOptions<[ 838 CmdLineOption<Boolean, 839 "WarnForDeadNestedAssignments", 840 "Warns for deadstores in nested assignments." 841 "E.g.: if ((P = f())) where P is unused.", 842 "true", 843 Released>, 844 CmdLineOption<Boolean, 845 "ShowFixIts", 846 "Enable fix-it hints for this checker", 847 "false", 848 InAlpha> 849 ]>, 850 Documentation<HasDocumentation>; 851 852} // end DeadCode 853 854let ParentPackage = DeadCodeAlpha in { 855 856def UnreachableCodeChecker : Checker<"UnreachableCode">, 857 HelpText<"Check unreachable code">, 858 Documentation<HasDocumentation>; 859 860} // end "alpha.deadcode" 861 862//===----------------------------------------------------------------------===// 863// Performance checkers. 864//===----------------------------------------------------------------------===// 865 866let ParentPackage = Performance in { 867 868def PaddingChecker : Checker<"Padding">, 869 HelpText<"Check for excessively padded structs.">, 870 CheckerOptions<[ 871 CmdLineOption<Integer, 872 "AllowedPad", 873 "Reports are only generated if the excessive padding exceeds " 874 "'AllowedPad' in bytes.", 875 "24", 876 Released> 877 ]>, 878 Documentation<NotDocumented>; 879 880} // end: "padding" 881 882//===----------------------------------------------------------------------===// 883// Security checkers. 884//===----------------------------------------------------------------------===// 885 886let ParentPackage = InsecureAPI in { 887 888def SecuritySyntaxChecker : Checker<"SecuritySyntaxChecker">, 889 HelpText<"Base of various security function related checkers">, 890 Documentation<NotDocumented>, 891 Hidden; 892 893def bcmp : Checker<"bcmp">, 894 HelpText<"Warn on uses of the 'bcmp' function">, 895 Dependencies<[SecuritySyntaxChecker]>, 896 Documentation<HasDocumentation>; 897 898def bcopy : Checker<"bcopy">, 899 HelpText<"Warn on uses of the 'bcopy' function">, 900 Dependencies<[SecuritySyntaxChecker]>, 901 Documentation<HasDocumentation>; 902 903def bzero : Checker<"bzero">, 904 HelpText<"Warn on uses of the 'bzero' function">, 905 Dependencies<[SecuritySyntaxChecker]>, 906 Documentation<HasDocumentation>; 907 908def gets : Checker<"gets">, 909 HelpText<"Warn on uses of the 'gets' function">, 910 Dependencies<[SecuritySyntaxChecker]>, 911 Documentation<HasDocumentation>; 912 913def getpw : Checker<"getpw">, 914 HelpText<"Warn on uses of the 'getpw' function">, 915 Dependencies<[SecuritySyntaxChecker]>, 916 Documentation<HasDocumentation>; 917 918def mktemp : Checker<"mktemp">, 919 HelpText<"Warn on uses of the 'mktemp' function">, 920 Dependencies<[SecuritySyntaxChecker]>, 921 Documentation<HasDocumentation>; 922 923def mkstemp : Checker<"mkstemp">, 924 HelpText<"Warn when 'mkstemp' is passed fewer than 6 X's in the format " 925 "string">, 926 Dependencies<[SecuritySyntaxChecker]>, 927 Documentation<HasDocumentation>; 928 929def rand : Checker<"rand">, 930 HelpText<"Warn on uses of the 'rand', 'random', and related functions">, 931 Dependencies<[SecuritySyntaxChecker]>, 932 Documentation<HasDocumentation>; 933 934def strcpy : Checker<"strcpy">, 935 HelpText<"Warn on uses of the 'strcpy' and 'strcat' functions">, 936 Dependencies<[SecuritySyntaxChecker]>, 937 Documentation<HasDocumentation>; 938 939def vfork : Checker<"vfork">, 940 HelpText<"Warn on uses of the 'vfork' function">, 941 Dependencies<[SecuritySyntaxChecker]>, 942 Documentation<HasDocumentation>; 943 944def UncheckedReturn : Checker<"UncheckedReturn">, 945 HelpText<"Warn on uses of functions whose return values must be always " 946 "checked">, 947 Dependencies<[SecuritySyntaxChecker]>, 948 Documentation<HasDocumentation>; 949 950def DeprecatedOrUnsafeBufferHandling : 951 Checker<"DeprecatedOrUnsafeBufferHandling">, 952 HelpText<"Warn on uses of unsecure or deprecated buffer manipulating " 953 "functions">, 954 Dependencies<[SecuritySyntaxChecker]>, 955 Documentation<HasDocumentation>; 956 957def decodeValueOfObjCType : Checker<"decodeValueOfObjCType">, 958 HelpText<"Warn on uses of the '-decodeValueOfObjCType:at:' method">, 959 Dependencies<[SecuritySyntaxChecker]>, 960 Documentation<HasDocumentation>; 961 962} // end "security.insecureAPI" 963 964let ParentPackage = Security in { 965 966def FloatLoopCounter : Checker<"FloatLoopCounter">, 967 HelpText<"Warn on using a floating point value as a loop counter (CERT: " 968 "FLP30-C, FLP30-CPP)">, 969 Dependencies<[SecuritySyntaxChecker]>, 970 Documentation<HasDocumentation>; 971 972} // end "security" 973 974let ParentPackage = POS in { 975 976 def PutenvWithAuto : Checker<"34c">, 977 HelpText<"Finds calls to the 'putenv' function which pass a pointer to " 978 "an automatic variable as the argument.">, 979 Documentation<HasDocumentation>; 980 981} // end "alpha.cert.pos" 982 983let ParentPackage = ENV in { 984 985 def InvalidPtrChecker : Checker<"InvalidPtr">, 986 HelpText<"Finds usages of possibly invalidated pointers">, 987 Documentation<HasDocumentation>; 988 989} // end "alpha.cert.env" 990 991let ParentPackage = SecurityAlpha in { 992 993def ArrayBoundChecker : Checker<"ArrayBound">, 994 HelpText<"Warn about buffer overflows (older checker)">, 995 Documentation<HasDocumentation>; 996 997def ArrayBoundCheckerV2 : Checker<"ArrayBoundV2">, 998 HelpText<"Warn about buffer overflows (newer checker)">, 999 Documentation<HasDocumentation>; 1000 1001def ReturnPointerRangeChecker : Checker<"ReturnPtrRange">, 1002 HelpText<"Check for an out-of-bound pointer being returned to callers">, 1003 Documentation<HasDocumentation>; 1004 1005def MallocOverflowSecurityChecker : Checker<"MallocOverflow">, 1006 HelpText<"Check for overflows in the arguments to malloc()">, 1007 Documentation<HasDocumentation>; 1008 1009def MmapWriteExecChecker : Checker<"MmapWriteExec">, 1010 HelpText<"Warn on mmap() calls that are both writable and executable">, 1011 CheckerOptions<[ 1012 CmdLineOption<Integer, 1013 "MmapProtExec", 1014 "Specifies the value of PROT_EXEC", 1015 "0x04", 1016 Released>, 1017 CmdLineOption<Integer, 1018 "MmapProtRead", 1019 "Specifies the value of PROT_READ", 1020 "0x01", 1021 Released> 1022 ]>, 1023 Documentation<HasDocumentation>; 1024 1025} // end "alpha.security" 1026 1027//===----------------------------------------------------------------------===// 1028// Taint checkers. 1029//===----------------------------------------------------------------------===// 1030 1031let ParentPackage = Taint in { 1032 1033def GenericTaintChecker : Checker<"TaintPropagation">, 1034 HelpText<"Generate taint information used by other checkers">, 1035 CheckerOptions<[ 1036 CmdLineOption<String, 1037 "Config", 1038 "Specifies the name of the configuration file.", 1039 "", 1040 InAlpha>, 1041 ]>, 1042 Documentation<HasDocumentation>; 1043 1044} // end "alpha.security.taint" 1045 1046//===----------------------------------------------------------------------===// 1047// Mac OS X, Cocoa, and Core Foundation checkers. 1048//===----------------------------------------------------------------------===// 1049 1050let ParentPackage = Cocoa in { 1051 1052def RetainCountBase : Checker<"RetainCountBase">, 1053 HelpText<"Common base of various retain count related checkers">, 1054 Documentation<NotDocumented>, 1055 Hidden; 1056 1057} // end "osx.cocoa" 1058 1059let ParentPackage = OSX in { 1060 1061def NSOrCFErrorDerefChecker : Checker<"NSOrCFErrorDerefChecker">, 1062 HelpText<"Implementation checker for NSErrorChecker and CFErrorChecker">, 1063 Documentation<NotDocumented>, 1064 Hidden; 1065 1066def NumberObjectConversionChecker : Checker<"NumberObjectConversion">, 1067 HelpText<"Check for erroneous conversions of objects representing numbers " 1068 "into numbers">, 1069 CheckerOptions<[ 1070 CmdLineOption<Boolean, 1071 "Pedantic", 1072 "Enables detection of more conversion patterns (which are " 1073 "most likely more harmless, and therefore are more likely to " 1074 "produce false positives).", 1075 "false", 1076 Released> 1077 ]>, 1078 Documentation<NotDocumented>; 1079 1080def MacOSXAPIChecker : Checker<"API">, 1081 HelpText<"Check for proper uses of various Apple APIs">, 1082 Documentation<HasDocumentation>; 1083 1084def MacOSKeychainAPIChecker : Checker<"SecKeychainAPI">, 1085 HelpText<"Check for proper uses of Secure Keychain APIs">, 1086 Documentation<HasDocumentation>; 1087 1088def MIGChecker : Checker<"MIG">, 1089 HelpText<"Find violations of the Mach Interface Generator " 1090 "calling convention">, 1091 Documentation<NotDocumented>; 1092 1093def ObjCPropertyChecker : Checker<"ObjCProperty">, 1094 HelpText<"Check for proper uses of Objective-C properties">, 1095 Documentation<NotDocumented>; 1096 1097def OSObjectRetainCountChecker : Checker<"OSObjectRetainCount">, 1098 HelpText<"Check for leaks and improper reference count management for " 1099 "OSObject">, 1100 Dependencies<[RetainCountBase]>, 1101 Documentation<NotDocumented>; 1102 1103} // end "osx" 1104 1105let ParentPackage = Cocoa in { 1106 1107def RunLoopAutoreleaseLeakChecker : Checker<"RunLoopAutoreleaseLeak">, 1108 HelpText<"Check for leaked memory in autorelease pools that will never be " 1109 "drained">, 1110 Documentation<NotDocumented>; 1111 1112def ObjCAtSyncChecker : Checker<"AtSync">, 1113 HelpText<"Check for nil pointers used as mutexes for @synchronized">, 1114 Documentation<HasDocumentation>; 1115 1116def NilArgChecker : Checker<"NilArg">, 1117 HelpText<"Check for prohibited nil arguments to ObjC method calls">, 1118 Documentation<HasDocumentation>; 1119 1120def ClassReleaseChecker : Checker<"ClassRelease">, 1121 HelpText<"Check for sending 'retain', 'release', or 'autorelease' directly " 1122 "to a Class">, 1123 Documentation<HasDocumentation>; 1124 1125def VariadicMethodTypeChecker : Checker<"VariadicMethodTypes">, 1126 HelpText<"Check for passing non-Objective-C types to variadic collection " 1127 "initialization methods that expect only Objective-C types">, 1128 Documentation<HasDocumentation>; 1129 1130def NSAutoreleasePoolChecker : Checker<"NSAutoreleasePool">, 1131 HelpText<"Warn for suboptimal uses of NSAutoreleasePool in Objective-C GC " 1132 "mode">, 1133 Documentation<HasDocumentation>; 1134 1135def ObjCMethSigsChecker : Checker<"IncompatibleMethodTypes">, 1136 HelpText<"Warn about Objective-C method signatures with type " 1137 "incompatibilities">, 1138 Documentation<HasDocumentation>; 1139 1140def ObjCUnusedIvarsChecker : Checker<"UnusedIvars">, 1141 HelpText<"Warn about private ivars that are never used">, 1142 Documentation<HasDocumentation>; 1143 1144def ObjCSelfInitChecker : Checker<"SelfInit">, 1145 HelpText<"Check that 'self' is properly initialized inside an initializer " 1146 "method">, 1147 Documentation<HasDocumentation>; 1148 1149def ObjCLoopChecker : Checker<"Loops">, 1150 HelpText<"Improved modeling of loops using Cocoa collection types">, 1151 Documentation<NotDocumented>; 1152 1153def ObjCNonNilReturnValueChecker : Checker<"NonNilReturnValue">, 1154 HelpText<"Model the APIs that are guaranteed to return a non-nil value">, 1155 Documentation<NotDocumented>; 1156 1157def ObjCSuperCallChecker : Checker<"MissingSuperCall">, 1158 HelpText<"Warn about Objective-C methods that lack a necessary call to " 1159 "super">, 1160 Documentation<NotDocumented>; 1161 1162def NSErrorChecker : Checker<"NSError">, 1163 HelpText<"Check usage of NSError** parameters">, 1164 Dependencies<[NSOrCFErrorDerefChecker]>, 1165 Documentation<HasDocumentation>; 1166 1167def RetainCountChecker : Checker<"RetainCount">, 1168 HelpText<"Check for leaks and improper reference count management">, 1169 CheckerOptions<[ 1170 CmdLineOption<Boolean, 1171 "TrackNSCFStartParam", 1172 "Check not only that the code follows retain-release rules " 1173 "with respect to objects it allocates or borrows from " 1174 "elsewhere, but also that it fulfills its own retain count " 1175 "specification with respect to objects that it receives as " 1176 "arguments.", 1177 "false", 1178 Released> 1179 ]>, 1180 Dependencies<[RetainCountBase]>, 1181 Documentation<HasDocumentation>; 1182 1183def ObjCGenericsChecker : Checker<"ObjCGenerics">, 1184 HelpText<"Check for type errors when using Objective-C generics">, 1185 Dependencies<[DynamicTypePropagation]>, 1186 Documentation<HasDocumentation>; 1187 1188def ObjCDeallocChecker : Checker<"Dealloc">, 1189 HelpText<"Warn about Objective-C classes that lack a correct implementation " 1190 "of -dealloc">, 1191 Documentation<HasDocumentation>; 1192 1193def ObjCSuperDeallocChecker : Checker<"SuperDealloc">, 1194 HelpText<"Warn about improper use of '[super dealloc]' in Objective-C">, 1195 Documentation<HasDocumentation>; 1196 1197def AutoreleaseWriteChecker : Checker<"AutoreleaseWrite">, 1198 HelpText<"Warn about potentially crashing writes to autoreleasing objects " 1199 "from different autoreleasing pools in Objective-C">, 1200 Documentation<NotDocumented>; 1201 1202} // end "osx.cocoa" 1203 1204let ParentPackage = Performance in { 1205 1206def GCDAntipattern : Checker<"GCDAntipattern">, 1207 HelpText<"Check for performance anti-patterns when using Grand Central " 1208 "Dispatch">, 1209 Documentation<NotDocumented>; 1210} // end "optin.performance" 1211 1212let ParentPackage = OSXOptIn in { 1213 1214def OSObjectCStyleCast : Checker<"OSObjectCStyleCast">, 1215 HelpText<"Checker for C-style casts of OSObjects">, 1216 Documentation<NotDocumented>; 1217 1218} // end "optin.osx" 1219 1220let ParentPackage = CocoaAlpha in { 1221 1222def IvarInvalidationModeling : Checker<"IvarInvalidationModeling">, 1223 HelpText<"Gathers information for annotation driven invalidation checking " 1224 "for classes that contains a method annotated with " 1225 "'objc_instance_variable_invalidator'">, 1226 Documentation<NotDocumented>, 1227 Hidden; 1228 1229def InstanceVariableInvalidation : Checker<"InstanceVariableInvalidation">, 1230 HelpText<"Check that the invalidatable instance variables are invalidated in " 1231 "the methods annotated with objc_instance_variable_invalidator">, 1232 Dependencies<[IvarInvalidationModeling]>, 1233 Documentation<HasDocumentation>; 1234 1235def MissingInvalidationMethod : Checker<"MissingInvalidationMethod">, 1236 HelpText<"Check that the invalidation methods are present in classes that " 1237 "contain invalidatable instance variables">, 1238 Dependencies<[IvarInvalidationModeling]>, 1239 Documentation<HasDocumentation>; 1240 1241def DirectIvarAssignment : Checker<"DirectIvarAssignment">, 1242 HelpText<"Check for direct assignments to instance variables">, 1243 CheckerOptions<[ 1244 CmdLineOption<Boolean, 1245 "AnnotatedFunctions", 1246 "Check for direct assignments to instance variables in the " 1247 "methods annotated with " 1248 "objc_no_direct_instance_variable_assignment", 1249 "false", 1250 InAlpha> 1251 ]>, 1252 Documentation<HasDocumentation>; 1253 1254} // end "alpha.osx.cocoa" 1255 1256let ParentPackage = CoreFoundation in { 1257 1258def CFNumberChecker : Checker<"CFNumber">, 1259 HelpText<"Check for proper uses of CFNumber APIs">, 1260 Documentation<HasDocumentation>; 1261 1262def CFRetainReleaseChecker : Checker<"CFRetainRelease">, 1263 HelpText<"Check for null arguments to CFRetain/CFRelease/CFMakeCollectable">, 1264 Documentation<HasDocumentation>; 1265 1266def CFErrorChecker : Checker<"CFError">, 1267 HelpText<"Check usage of CFErrorRef* parameters">, 1268 Dependencies<[NSOrCFErrorDerefChecker]>, 1269 Documentation<HasDocumentation>; 1270 1271} // end "osx.coreFoundation" 1272 1273let ParentPackage = Containers in { 1274 1275def ObjCContainersASTChecker : Checker<"PointerSizedValues">, 1276 HelpText<"Warns if 'CFArray', 'CFDictionary', 'CFSet' are created with " 1277 "non-pointer-size values">, 1278 Documentation<HasDocumentation>; 1279 1280def ObjCContainersChecker : Checker<"OutOfBounds">, 1281 HelpText<"Checks for index out-of-bounds when using 'CFArray' API">, 1282 Documentation<HasDocumentation>; 1283 1284} // end "osx.coreFoundation.containers" 1285 1286let ParentPackage = LocalizabilityOptIn in { 1287 1288def NonLocalizedStringChecker : Checker<"NonLocalizedStringChecker">, 1289 HelpText<"Warns about uses of non-localized NSStrings passed to UI methods " 1290 "expecting localized NSStrings">, 1291 CheckerOptions<[ 1292 CmdLineOption<Boolean, 1293 "AggressiveReport", 1294 "Marks a string being returned by any call as localized if " 1295 "it is in LocStringFunctions (LSF) or the function is " 1296 "annotated. Otherwise, we mark it as NonLocalized " 1297 "(Aggressive) or NonLocalized only if it is not backed by a " 1298 "SymRegion (Non-Aggressive), basically leaving only string " 1299 "literals as NonLocalized.", 1300 "false", 1301 InAlpha, 1302 Hide> 1303 ]>, 1304 Documentation<HasDocumentation>; 1305 1306def EmptyLocalizationContextChecker : 1307 Checker<"EmptyLocalizationContextChecker">, 1308 HelpText<"Check that NSLocalizedString macros include a comment for context">, 1309 Documentation<HasDocumentation>; 1310 1311} // end "optin.osx.cocoa.localizability" 1312 1313let ParentPackage = LocalizabilityAlpha in { 1314 1315def PluralMisuseChecker : Checker<"PluralMisuseChecker">, 1316 HelpText<"Warns against using one vs. many plural pattern in code when " 1317 "generating localized strings.">, 1318 Documentation<HasDocumentation>; 1319 1320} // end "alpha.osx.cocoa.localizability" 1321 1322let ParentPackage = MPI in { 1323 1324def MPIChecker : Checker<"MPI-Checker">, 1325 HelpText<"Checks MPI code">, 1326 Documentation<HasDocumentation>; 1327 1328} // end "optin.mpi" 1329 1330//===----------------------------------------------------------------------===// 1331// Checkers for LLVM development. 1332//===----------------------------------------------------------------------===// 1333 1334let ParentPackage = LLVMAlpha in { 1335 1336def LLVMConventionsChecker : Checker<"Conventions">, 1337 HelpText<"Check code for LLVM codebase conventions">, 1338 Documentation<HasDocumentation>; 1339 1340} // end "llvm" 1341 1342let ParentPackage = LLVMAPIModeling in { 1343 1344def CastValueChecker : Checker<"CastValue">, 1345 HelpText<"Model implementation of custom RTTIs">, 1346 Documentation<NotDocumented>; 1347 1348def ReturnValueChecker : Checker<"ReturnValue">, 1349 HelpText<"Model the guaranteed boolean return value of function calls">, 1350 Documentation<NotDocumented>; 1351 1352} // end "apiModeling.llvm" 1353 1354//===----------------------------------------------------------------------===// 1355// Checkers modeling Google APIs. 1356//===----------------------------------------------------------------------===// 1357 1358let ParentPackage = GoogleAPIModeling in { 1359 1360def GTestChecker : Checker<"GTest">, 1361 HelpText<"Model gtest assertion APIs">, 1362 Documentation<NotDocumented>; 1363 1364} // end "apiModeling.google" 1365 1366//===----------------------------------------------------------------------===// 1367// Debugging checkers (for analyzer development). 1368//===----------------------------------------------------------------------===// 1369 1370let ParentPackage = Debug in { 1371 1372def AnalysisOrderChecker : Checker<"AnalysisOrder">, 1373 HelpText<"Print callbacks that are called during analysis in order">, 1374 CheckerOptions<[ 1375 CmdLineOption<Boolean, 1376 "PreStmtCastExpr", 1377 "", 1378 "false", 1379 Released, 1380 Hide>, 1381 CmdLineOption<Boolean, 1382 "PostStmtCastExpr", 1383 "", 1384 "false", 1385 Released, 1386 Hide>, 1387 CmdLineOption<Boolean, 1388 "PreStmtArraySubscriptExpr", 1389 "", 1390 "false", 1391 Released, 1392 Hide>, 1393 CmdLineOption<Boolean, 1394 "PostStmtArraySubscriptExpr", 1395 "", 1396 "false", 1397 Released, 1398 Hide>, 1399 CmdLineOption<Boolean, 1400 "PreStmtCXXNewExpr", 1401 "", 1402 "false", 1403 Released, 1404 Hide>, 1405 CmdLineOption<Boolean, 1406 "PostStmtCXXNewExpr", 1407 "", 1408 "false", 1409 Released, 1410 Hide>, 1411 CmdLineOption<Boolean, 1412 "PreStmtCXXDeleteExpr", 1413 "", 1414 "false", 1415 Released, 1416 Hide>, 1417 CmdLineOption<Boolean, 1418 "PostStmtCXXDeleteExpr", 1419 "", 1420 "false", 1421 Released, 1422 Hide>, 1423 CmdLineOption<Boolean, 1424 "PreStmtCXXConstructExpr", 1425 "", 1426 "false", 1427 Released, 1428 Hide>, 1429 CmdLineOption<Boolean, 1430 "PostStmtCXXConstructExpr", 1431 "", 1432 "false", 1433 Released, 1434 Hide>, 1435 CmdLineOption<Boolean, 1436 "PreStmtOffsetOfExpr", 1437 "", 1438 "false", 1439 Released, 1440 Hide>, 1441 CmdLineOption<Boolean, 1442 "PostStmtOffsetOfExpr", 1443 "", 1444 "false", 1445 Released, 1446 Hide>, 1447 CmdLineOption<Boolean, 1448 "EvalCall", 1449 "", 1450 "false", 1451 Released, 1452 Hide>, 1453 CmdLineOption<Boolean, 1454 "PreCall", 1455 "", 1456 "false", 1457 Released, 1458 Hide>, 1459 CmdLineOption<Boolean, 1460 "PostCall", 1461 "", 1462 "false", 1463 Released, 1464 Hide>, 1465 CmdLineOption<Boolean, 1466 "EndFunction", 1467 "", 1468 "false", 1469 Released, 1470 Hide>, 1471 CmdLineOption<Boolean, 1472 "EndAnalysis", 1473 "", 1474 "false", 1475 Released, 1476 Hide>, 1477 CmdLineOption<Boolean, 1478 "NewAllocator", 1479 "", 1480 "false", 1481 Released, 1482 Hide>, 1483 CmdLineOption<Boolean, 1484 "Bind", 1485 "", 1486 "false", 1487 Released, 1488 Hide>, 1489 CmdLineOption<Boolean, 1490 "LiveSymbols", 1491 "", 1492 "false", 1493 Released, 1494 Hide>, 1495 CmdLineOption<Boolean, 1496 "RegionChanges", 1497 "", 1498 "false", 1499 Released, 1500 Hide>, 1501 CmdLineOption<Boolean, 1502 "PointerEscape", 1503 "", 1504 "false", 1505 Released, 1506 Hide>, 1507 CmdLineOption<Boolean, 1508 "*", 1509 "Enables all callbacks.", 1510 "false", 1511 Released, 1512 Hide> 1513 ]>, 1514 Documentation<NotDocumented>; 1515 1516def DominatorsTreeDumper : Checker<"DumpDominators">, 1517 HelpText<"Print the dominance tree for a given CFG">, 1518 Documentation<NotDocumented>; 1519 1520def PostDominatorsTreeDumper : Checker<"DumpPostDominators">, 1521 HelpText<"Print the post dominance tree for a given CFG">, 1522 Documentation<NotDocumented>; 1523 1524def ControlDependencyTreeDumper : Checker<"DumpControlDependencies">, 1525 HelpText<"Print the post control dependency tree for a given CFG">, 1526 Documentation<NotDocumented>; 1527 1528def LiveVariablesDumper : Checker<"DumpLiveVars">, 1529 HelpText<"Print results of live variable analysis">, 1530 Documentation<NotDocumented>; 1531 1532def LiveExpressionsDumper : Checker<"DumpLiveExprs">, 1533 HelpText<"Print results of live expression analysis">, 1534 Documentation<NotDocumented>; 1535 1536def CFGViewer : Checker<"ViewCFG">, 1537 HelpText<"View Control-Flow Graphs using GraphViz">, 1538 Documentation<NotDocumented>; 1539 1540def CFGDumper : Checker<"DumpCFG">, 1541 HelpText<"Display Control-Flow Graphs">, 1542 Documentation<NotDocumented>; 1543 1544def CallGraphViewer : Checker<"ViewCallGraph">, 1545 HelpText<"View Call Graph using GraphViz">, 1546 Documentation<NotDocumented>; 1547 1548def CallGraphDumper : Checker<"DumpCallGraph">, 1549 HelpText<"Display Call Graph">, 1550 Documentation<NotDocumented>; 1551 1552def ConfigDumper : Checker<"ConfigDumper">, 1553 HelpText<"Dump config table">, 1554 Documentation<NotDocumented>; 1555 1556def TraversalDumper : Checker<"DumpTraversal">, 1557 HelpText<"Print branch conditions as they are traversed by the engine">, 1558 Documentation<NotDocumented>; 1559 1560def CallDumper : Checker<"DumpCalls">, 1561 HelpText<"Print calls as they are traversed by the engine">, 1562 Documentation<NotDocumented>; 1563 1564def AnalyzerStatsChecker : Checker<"Stats">, 1565 HelpText<"Emit warnings with analyzer statistics">, 1566 Documentation<NotDocumented>; 1567 1568def TaintTesterChecker : Checker<"TaintTest">, 1569 HelpText<"Mark tainted symbols as such.">, 1570 Documentation<NotDocumented>; 1571 1572// This checker *technically* depends on SteamChecker, but we don't allow 1573// dependency checkers to emit diagnostics, and a debug checker isn't worth 1574// the chore needed to create a modeling portion on its own. Since this checker 1575// is for development purposes only anyways, make sure that StreamChecker is 1576// also enabled, at least for the time being. 1577def StreamTesterChecker : Checker<"StreamTester">, 1578 HelpText<"Add test functions to StreamChecker for test and debugging " 1579 "purposes.">, 1580 Documentation<NotDocumented>; 1581 1582def ErrnoTesterChecker : Checker<"ErrnoTest">, 1583 HelpText<"Check modeling aspects of 'errno'.">, 1584 Dependencies<[ErrnoModeling]>, 1585 Documentation<NotDocumented>; 1586 1587def ExprInspectionChecker : Checker<"ExprInspection">, 1588 HelpText<"Check the analyzer's understanding of expressions">, 1589 Documentation<NotDocumented>; 1590 1591def ExplodedGraphViewer : Checker<"ViewExplodedGraph">, 1592 HelpText<"View Exploded Graphs using GraphViz">, 1593 Documentation<NotDocumented>; 1594 1595def ReportStmts : Checker<"ReportStmts">, 1596 HelpText<"Emits a warning for every statement.">, 1597 Documentation<NotDocumented>; 1598 1599def DebugContainerModeling : Checker<"DebugContainerModeling">, 1600 HelpText<"Check the analyzer's understanding of C++ containers">, 1601 Dependencies<[ContainerModeling]>, 1602 Documentation<NotDocumented>; 1603 1604def DebugIteratorModeling : Checker<"DebugIteratorModeling">, 1605 HelpText<"Check the analyzer's understanding of C++ iterators">, 1606 Dependencies<[DebugContainerModeling, IteratorModeling]>, 1607 Documentation<NotDocumented>; 1608 1609def StdCLibraryFunctionsTesterChecker : Checker<"StdCLibraryFunctionsTester">, 1610 HelpText<"Add test functions to the summary map, so testing of individual " 1611 "summary constituents becomes possible.">, 1612 Documentation<NotDocumented>; 1613 1614} // end "debug" 1615 1616 1617//===----------------------------------------------------------------------===// 1618// Clone Detection 1619//===----------------------------------------------------------------------===// 1620 1621let ParentPackage = CloneDetectionAlpha in { 1622 1623def CloneChecker : Checker<"CloneChecker">, 1624 HelpText<"Reports similar pieces of code.">, 1625 CheckerOptions<[ 1626 CmdLineOption<Integer, 1627 "MinimumCloneComplexity", 1628 "Ensures that every clone has at least the given complexity. " 1629 "Complexity is here defined as the total amount of children " 1630 "of a statement. This constraint assumes the first statement " 1631 "in the group is representative for all other statements in " 1632 "the group in terms of complexity.", 1633 "50", 1634 Released>, 1635 CmdLineOption<Boolean, 1636 "ReportNormalClones", 1637 "Report all clones, even less suspicious ones.", 1638 "true", 1639 Released>, 1640 CmdLineOption<String, 1641 "IgnoredFilesPattern", 1642 "If supplied, the checker wont analyze files with a filename " 1643 "that matches the given pattern.", 1644 "\"\"", 1645 Released> 1646 ]>, 1647 Documentation<HasDocumentation>; 1648 1649} // end "clone" 1650 1651//===----------------------------------------------------------------------===// 1652// Portability checkers. 1653//===----------------------------------------------------------------------===// 1654 1655let ParentPackage = PortabilityOptIn in { 1656 1657def UnixAPIPortabilityChecker : Checker<"UnixAPI">, 1658 HelpText<"Finds implementation-defined behavior in UNIX/Posix functions">, 1659 Documentation<NotDocumented>; 1660 1661} // end optin.portability 1662 1663//===----------------------------------------------------------------------===// 1664// NonDeterminism checkers. 1665//===----------------------------------------------------------------------===// 1666 1667let ParentPackage = NonDeterminismAlpha in { 1668 1669def PointerIterationChecker : Checker<"PointerIteration">, 1670 HelpText<"Checks for non-determinism caused by iteration of unordered containers of pointers">, 1671 Documentation<HasDocumentation>; 1672 1673def PointerSortingChecker : Checker<"PointerSorting">, 1674 HelpText<"Check for non-determinism caused by sorting of pointers">, 1675 Documentation<HasDocumentation>; 1676 1677} // end alpha.nondeterminism 1678 1679//===----------------------------------------------------------------------===// 1680// Fuchsia checkers. 1681//===----------------------------------------------------------------------===// 1682 1683let ParentPackage = Fuchsia in { 1684 1685def FuchsiaHandleChecker : Checker<"HandleChecker">, 1686 HelpText<"A Checker that detect leaks related to Fuchsia handles">, 1687 Documentation<HasDocumentation>; 1688 1689} 1690 1691let ParentPackage = FuchsiaAlpha in { 1692 1693def FuchsiaLockChecker : Checker<"Lock">, 1694 HelpText<"Check for the correct usage of locking APIs.">, 1695 Dependencies<[PthreadLockBase]>, 1696 Documentation<HasDocumentation>; 1697 1698} // end fuchsia 1699 1700//===----------------------------------------------------------------------===// 1701// WebKit checkers. 1702//===----------------------------------------------------------------------===// 1703 1704let ParentPackage = WebKit in { 1705 1706def RefCntblBaseVirtualDtorChecker : Checker<"RefCntblBaseVirtualDtor">, 1707 HelpText<"Check for any ref-countable base class having virtual destructor.">, 1708 Documentation<HasDocumentation>; 1709 1710def NoUncountedMemberChecker : Checker<"NoUncountedMemberChecker">, 1711 HelpText<"Check for no uncounted member variables.">, 1712 Documentation<HasDocumentation>; 1713 1714def UncountedLambdaCapturesChecker : Checker<"UncountedLambdaCapturesChecker">, 1715 HelpText<"Check uncounted lambda captures.">, 1716 Documentation<HasDocumentation>; 1717 1718} // end webkit 1719 1720let ParentPackage = WebKitAlpha in { 1721 1722def UncountedCallArgsChecker : Checker<"UncountedCallArgsChecker">, 1723 HelpText<"Check uncounted call arguments.">, 1724 Documentation<HasDocumentation>; 1725 1726def UncountedLocalVarsChecker : Checker<"UncountedLocalVarsChecker">, 1727 HelpText<"Check uncounted local variables.">, 1728 Documentation<HasDocumentation>; 1729 1730} // end alpha.webkit 1731