1//===--- Checkers.td - Static Analyzer Checkers -===-----------------------===// 2// 3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4// See https://llvm.org/LICENSE.txt for license information. 5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6// 7//===----------------------------------------------------------------------===// 8 9include "CheckerBase.td" 10 11//===----------------------------------------------------------------------===// 12// Packages. 13//===----------------------------------------------------------------------===// 14 15// The Alpha package is for checkers that have too many false positives to be 16// turned on by default. The hierarchy under Alpha should be organized in the 17// hierarchy checkers would have had if they were truly at the top level. 18// (For example, a Cocoa-specific checker that is alpha should be in 19// alpha.osx.cocoa). 20def Alpha : Package<"alpha">; 21 22def Core : Package<"core">; 23def CoreBuiltin : Package<"builtin">, ParentPackage<Core>, Hidden; 24def CoreUninitialized : Package<"uninitialized">, ParentPackage<Core>; 25def CoreAlpha : Package<"core">, ParentPackage<Alpha>; 26 27// The OptIn package is for checkers that are not alpha and that would normally 28// be on by default but where the driver does not have enough information to 29// determine when they are applicable. For example, localizability checkers fit 30// this criterion because the driver cannot determine whether a project is 31// localized or not -- this is best determined at the IDE or build-system level. 32// 33// The checker hierarchy under OptIn should mirror that in Alpha: checkers 34// should be organized as if they were at the top level. 35// 36// Note: OptIn is *not* intended for checkers that are too noisy to be on by 37// default. Such checkers belong in the alpha package. 38def OptIn : Package<"optin">; 39def CoreOptIn : Package<"core">, ParentPackage<OptIn>; 40 41// In the Portability package reside checkers for finding code that relies on 42// implementation-defined behavior. Such checks are wanted for cross-platform 43// development, but unwanted for developers who target only a single platform. 44def PortabilityOptIn : Package<"portability">, ParentPackage<OptIn>; 45 46def Nullability : Package<"nullability">, 47 PackageOptions<[ 48 CmdLineOption<Boolean, 49 "NoDiagnoseCallsToSystemHeaders", 50 "Suppresses warnings for violating nullability annotations " 51 "of system header functions. This is useful if you are " 52 "concerned with your custom nullability annotations more " 53 "than with following nullability specifications of system " 54 "header functions.", 55 "false", 56 Released> 57 ]>; 58 59def Cplusplus : Package<"cplusplus">; 60def CplusplusAlpha : Package<"cplusplus">, ParentPackage<Alpha>; 61def CplusplusOptIn : Package<"cplusplus">, ParentPackage<OptIn>; 62 63def Valist : Package<"valist">; 64 65def DeadCode : Package<"deadcode">; 66def DeadCodeAlpha : Package<"deadcode">, ParentPackage<Alpha>; 67 68def Performance : Package<"performance">, ParentPackage<OptIn>; 69 70def Security : Package <"security">; 71def InsecureAPI : Package<"insecureAPI">, ParentPackage<Security>; 72def SecurityAlpha : Package<"security">, ParentPackage<Alpha>; 73def Taint : Package<"taint">, ParentPackage<SecurityAlpha>; 74 75def CERT : Package<"cert">, ParentPackage<Security>; 76def ENV : Package<"env">, ParentPackage<CERT>; 77 78def CERTAlpha : Package<"cert">, ParentPackage<SecurityAlpha>; 79def POSAlpha : Package<"pos">, ParentPackage<CERTAlpha>; 80 81def Unix : Package<"unix">; 82def UnixAlpha : Package<"unix">, ParentPackage<Alpha>; 83def CString : Package<"cstring">, ParentPackage<Unix>; 84def CStringAlpha : Package<"cstring">, ParentPackage<UnixAlpha>; 85 86def OSX : Package<"osx">; 87def OSXAlpha : Package<"osx">, ParentPackage<Alpha>; 88def OSXOptIn : Package<"osx">, ParentPackage<OptIn>; 89 90def Cocoa : Package<"cocoa">, ParentPackage<OSX>; 91def CocoaAlpha : Package<"cocoa">, ParentPackage<OSXAlpha>; 92def CocoaOptIn : Package<"cocoa">, ParentPackage<OSXOptIn>; 93 94def CoreFoundation : Package<"coreFoundation">, ParentPackage<OSX>; 95def Containers : Package<"containers">, ParentPackage<CoreFoundation>; 96 97def LocalizabilityAlpha : Package<"localizability">, ParentPackage<CocoaAlpha>; 98def LocalizabilityOptIn : Package<"localizability">, ParentPackage<CocoaOptIn>; 99 100def MPI : Package<"mpi">, ParentPackage<OptIn>; 101 102def LLVM : Package<"llvm">; 103def LLVMAlpha : Package<"llvm">, ParentPackage<Alpha>; 104 105// The APIModeling package is for checkers that model APIs and don't perform 106// any diagnostics. These checkers are always turned on; this package is 107// intended for API modeling that is not controlled by the target triple. 108def APIModeling : Package<"apiModeling">, Hidden; 109def APIModelingAlpha : Package<"apiModeling">, ParentPackage<Alpha>, Hidden; 110 111def GoogleAPIModeling : Package<"google">, ParentPackage<APIModeling>, Hidden; 112def LLVMAPIModeling : Package<"llvm">, ParentPackage<APIModeling>, Hidden; 113 114def Debug : Package<"debug">, Hidden; 115 116def CloneDetectionAlpha : Package<"clone">, ParentPackage<Alpha>; 117 118def NonDeterminismAlpha : Package<"nondeterminism">, ParentPackage<Alpha>; 119 120def Fuchsia : Package<"fuchsia">; 121def FuchsiaAlpha : Package<"fuchsia">, ParentPackage<Alpha>; 122 123def WebKit : Package<"webkit">; 124def WebKitAlpha : Package<"webkit">, ParentPackage<Alpha>; 125 126//===----------------------------------------------------------------------===// 127// Core Checkers. 128//===----------------------------------------------------------------------===// 129 130let ParentPackage = Core in { 131 132def BitwiseShiftChecker : Checker<"BitwiseShift">, 133 HelpText<"Finds cases where bitwise shift operation causes undefined behaviour.">, 134 CheckerOptions<[ 135 CmdLineOption<Boolean, 136 "Pedantic", 137 "If set to true, the checker reports undefined behavior even " 138 "if it is supported by most compilers. (This flag has no " 139 "effect in C++20 where these constructs are legal.)", 140 "false", 141 Released>, 142 ]>, 143 Documentation<HasDocumentation>; 144 145def CallAndMessageModeling : Checker<"CallAndMessageModeling">, 146 HelpText<"Responsible for essential modeling and assumptions after a " 147 "function/method call. For instance, if we can't reason about the " 148 "nullability of the implicit this parameter after a method call, " 149 "this checker conservatively assumes it to be non-null">, 150 Documentation<HasDocumentation>, 151 Hidden; 152 153def CallAndMessageChecker : Checker<"CallAndMessage">, 154 HelpText<"Check for logical errors for function calls and Objective-C " 155 "message expressions (e.g., uninitialized arguments, null function " 156 "pointers)">, 157 CheckerOptions<[ 158 CmdLineOption<Boolean, 159 "FunctionPointer", 160 "Check whether a called function pointer is null or " 161 "undefined", 162 "true", 163 Released>, 164 CmdLineOption<Boolean, 165 "ParameterCount", 166 "Check whether a function was called with the appropriate " 167 "number of arguments", 168 "true", 169 Released>, 170 CmdLineOption<Boolean, 171 "CXXThisMethodCall", 172 "Check whether the implicit this parameter is null or " 173 "undefined upon a method call", 174 "true", 175 Released>, 176 CmdLineOption<Boolean, 177 "CXXDeallocationArg", 178 "Check whether the argument of operator delete is undefined", 179 "true", 180 Released>, 181 CmdLineOption<Boolean, 182 "ArgInitializedness", 183 "Check whether any of the pass-by-value parameters is " 184 "undefined", 185 "true", 186 Released>, 187 CmdLineOption<Boolean, 188 "ArgPointeeInitializedness", 189 "Check whether the pointee of a pass-by-reference or " 190 "pass-by-pointer is undefined", 191 "false", 192 InAlpha>, 193 CmdLineOption<Boolean, 194 "NilReceiver", 195 "Check whether the reciever in the message expression is nil", 196 "true", 197 Released>, 198 CmdLineOption<Boolean, 199 "UndefReceiver", 200 "Check whether the reciever in the message expression is " 201 "undefined", 202 "true", 203 Released>, 204 ]>, 205 Documentation<HasDocumentation>, 206 Dependencies<[CallAndMessageModeling]>; 207 208def DereferenceChecker : Checker<"NullDereference">, 209 HelpText<"Check for dereferences of null pointers">, 210 CheckerOptions<[ 211 CmdLineOption<Boolean, 212 "SuppressAddressSpaces", 213 "Suppresses warning when pointer dereferences an address space", 214 "true", 215 Released> 216 ]>, 217 Documentation<HasDocumentation>; 218 219def NonNullParamChecker : Checker<"NonNullParamChecker">, 220 HelpText<"Check for null pointers passed as arguments to a function whose " 221 "arguments are references or marked with the 'nonnull' attribute">, 222 Documentation<HasDocumentation>; 223 224def VLASizeChecker : Checker<"VLASize">, 225 HelpText<"Check for declarations of VLA of undefined or zero size">, 226 Documentation<HasDocumentation>; 227 228def DivZeroChecker : Checker<"DivideZero">, 229 HelpText<"Check for division by zero">, 230 Documentation<HasDocumentation>; 231 232def UndefResultChecker : Checker<"UndefinedBinaryOperatorResult">, 233 HelpText<"Check for undefined results of binary operators">, 234 Documentation<HasDocumentation>; 235 236def StackAddrEscapeBase : Checker<"StackAddrEscapeBase">, 237 HelpText<"Generate information about stack address escapes.">, 238 Documentation<NotDocumented>, 239 Hidden; 240 241def StackAddrEscapeChecker : Checker<"StackAddressEscape">, 242 HelpText<"Check that addresses to stack memory do not escape the function">, 243 Dependencies<[StackAddrEscapeBase]>, 244 Documentation<HasDocumentation>; 245 246def DynamicTypePropagation : Checker<"DynamicTypePropagation">, 247 HelpText<"Generate dynamic type information">, 248 Documentation<NotDocumented>, 249 Hidden; 250 251def NonnullGlobalConstantsChecker: Checker<"NonnilStringConstants">, 252 HelpText<"Assume that const string-like globals are non-null">, 253 Documentation<NotDocumented>, 254 Hidden; 255 256} // end "core" 257 258let ParentPackage = CoreAlpha in { 259 260def BoolAssignmentChecker : Checker<"BoolAssignment">, 261 HelpText<"Warn about assigning non-{0,1} values to Boolean variables">, 262 Documentation<HasDocumentation>; 263 264def CastSizeChecker : Checker<"CastSize">, 265 HelpText<"Check when casting a malloc'ed type T, whether the size is a " 266 "multiple of the size of T">, 267 Documentation<HasDocumentation>; 268 269def CastToStructChecker : Checker<"CastToStruct">, 270 HelpText<"Check for cast from non-struct pointer to struct pointer">, 271 Documentation<HasDocumentation>; 272 273def ConversionChecker : Checker<"Conversion">, 274 HelpText<"Loss of sign/precision in implicit conversions">, 275 Documentation<HasDocumentation>; 276 277def IdenticalExprChecker : Checker<"IdenticalExpr">, 278 HelpText<"Warn about unintended use of identical expressions in operators">, 279 Documentation<HasDocumentation>; 280 281def FixedAddressChecker : Checker<"FixedAddr">, 282 HelpText<"Check for assignment of a fixed address to a pointer">, 283 Documentation<HasDocumentation>; 284 285def PointerArithChecker : Checker<"PointerArithm">, 286 HelpText<"Check for pointer arithmetic on locations other than array " 287 "elements">, 288 Documentation<HasDocumentation>; 289 290def PointerSubChecker : Checker<"PointerSub">, 291 HelpText<"Check for pointer subtractions on two pointers pointing to " 292 "different memory chunks">, 293 Documentation<HasDocumentation>; 294 295def SizeofPointerChecker : Checker<"SizeofPtr">, 296 HelpText<"Warn about unintended use of sizeof() on pointer expressions">, 297 Documentation<HasDocumentation>; 298 299def TestAfterDivZeroChecker : Checker<"TestAfterDivZero">, 300 HelpText<"Check for division by variable that is later compared against 0. " 301 "Either the comparison is useless or there is division by zero.">, 302 Documentation<HasDocumentation>; 303 304def DynamicTypeChecker : Checker<"DynamicTypeChecker">, 305 HelpText<"Check for cases where the dynamic and the static type of an object " 306 "are unrelated.">, 307 Documentation<HasDocumentation>; 308 309def StackAddrAsyncEscapeChecker : Checker<"StackAddressAsyncEscape">, 310 HelpText<"Check that addresses to stack memory do not escape the function">, 311 Dependencies<[StackAddrEscapeBase]>, 312 Documentation<HasDocumentation>; 313 314def PthreadLockBase : Checker<"PthreadLockBase">, 315 HelpText<"Helper registering multiple checks.">, 316 Documentation<NotDocumented>, 317 Hidden; 318 319def C11LockChecker : Checker<"C11Lock">, 320 HelpText<"Simple lock -> unlock checker">, 321 Dependencies<[PthreadLockBase]>, 322 Documentation<HasDocumentation>; 323 324def StdVariantChecker : Checker<"StdVariant">, 325 HelpText<"Check for bad type access for std::variant.">, 326 Documentation<HasDocumentation>; 327 328} // end "alpha.core" 329 330//===----------------------------------------------------------------------===// 331// Nullability checkers. 332//===----------------------------------------------------------------------===// 333 334let ParentPackage = Nullability in { 335 336def NullabilityBase : Checker<"NullabilityBase">, 337 HelpText<"Stores information during the analysis about nullability.">, 338 Documentation<NotDocumented>, 339 Hidden; 340 341def NullPassedToNonnullChecker : Checker<"NullPassedToNonnull">, 342 HelpText<"Warns when a null pointer is passed to a pointer which has a " 343 "_Nonnull type.">, 344 Dependencies<[NullabilityBase]>, 345 Documentation<HasDocumentation>; 346 347def NullReturnedFromNonnullChecker : Checker<"NullReturnedFromNonnull">, 348 HelpText<"Warns when a null pointer is returned from a function that has " 349 "_Nonnull return type.">, 350 Dependencies<[NullabilityBase]>, 351 Documentation<HasDocumentation>; 352 353def NullableDereferencedChecker : Checker<"NullableDereferenced">, 354 HelpText<"Warns when a nullable pointer is dereferenced.">, 355 Dependencies<[NullabilityBase]>, 356 Documentation<HasDocumentation>; 357 358def NullablePassedToNonnullChecker : Checker<"NullablePassedToNonnull">, 359 HelpText<"Warns when a nullable pointer is passed to a pointer which has a " 360 "_Nonnull type.">, 361 Dependencies<[NullabilityBase]>, 362 Documentation<HasDocumentation>; 363 364def NullableReturnedFromNonnullChecker : Checker<"NullableReturnedFromNonnull">, 365 HelpText<"Warns when a nullable pointer is returned from a function that has " 366 "_Nonnull return type.">, 367 Dependencies<[NullabilityBase]>, 368 Documentation<NotDocumented>; 369 370} // end "nullability" 371 372//===----------------------------------------------------------------------===// 373// APIModeling. 374//===----------------------------------------------------------------------===// 375 376let ParentPackage = APIModeling in { 377 378def ErrnoModeling : Checker<"Errno">, 379 HelpText<"Make the special value 'errno' available to other checkers.">, 380 Documentation<NotDocumented>; 381 382def TrustNonnullChecker : Checker<"TrustNonnull">, 383 HelpText<"Trust that returns from framework methods annotated with _Nonnull " 384 "are not null">, 385 Documentation<NotDocumented>; 386 387def TrustReturnsNonnullChecker : Checker<"TrustReturnsNonnull">, 388 HelpText<"Trust that returns from methods annotated with returns_nonnull " 389 "are not null">, 390 Documentation<NotDocumented>; 391 392} // end "apiModeling" 393 394//===----------------------------------------------------------------------===// 395// Evaluate "builtin" functions. 396//===----------------------------------------------------------------------===// 397 398let ParentPackage = CoreBuiltin in { 399 400def NoReturnFunctionChecker : Checker<"NoReturnFunctions">, 401 HelpText<"Evaluate \"panic\" functions that are known to not return to the " 402 "caller">, 403 Documentation<NotDocumented>; 404 405def BuiltinFunctionChecker : Checker<"BuiltinFunctions">, 406 HelpText<"Evaluate compiler builtin functions (e.g., alloca())">, 407 Documentation<NotDocumented>; 408 409} // end "core.builtin" 410 411//===----------------------------------------------------------------------===// 412// Uninitialized values checkers. 413//===----------------------------------------------------------------------===// 414 415let ParentPackage = CoreUninitialized in { 416 417def UndefinedArraySubscriptChecker : Checker<"ArraySubscript">, 418 HelpText<"Check for uninitialized values used as array subscripts">, 419 Documentation<HasDocumentation>; 420 421def UndefinedAssignmentChecker : Checker<"Assign">, 422 HelpText<"Check for assigning uninitialized values">, 423 Documentation<HasDocumentation>; 424 425def UndefBranchChecker : Checker<"Branch">, 426 HelpText<"Check for uninitialized values used as branch conditions">, 427 Documentation<HasDocumentation>; 428 429def UndefCapturedBlockVarChecker : Checker<"CapturedBlockVariable">, 430 HelpText<"Check for blocks that capture uninitialized values">, 431 Documentation<NotDocumented>; 432 433def ReturnUndefChecker : Checker<"UndefReturn">, 434 HelpText<"Check for uninitialized values being returned to the caller">, 435 Documentation<HasDocumentation>; 436 437def UndefinedNewArraySizeChecker : Checker<"NewArraySize">, 438 HelpText<"Check if the size of the array in a new[] expression is undefined">, 439 Documentation<HasDocumentation>; 440 441} // end "core.uninitialized" 442 443//===----------------------------------------------------------------------===// 444// Optin checkers for core language features 445//===----------------------------------------------------------------------===// 446 447let ParentPackage = CoreOptIn in { 448 449def EnumCastOutOfRangeChecker : Checker<"EnumCastOutOfRange">, 450 HelpText<"Check integer to enumeration casts for out of range values">, 451 Documentation<HasDocumentation>; 452 453} // end "optin.core" 454 455//===----------------------------------------------------------------------===// 456// Unix API checkers. 457//===----------------------------------------------------------------------===// 458 459let ParentPackage = CString in { 460 461def CStringModeling : Checker<"CStringModeling">, 462 HelpText<"The base of several CString related checkers. On it's own it emits " 463 "no reports, but adds valuable information to the analysis when " 464 "enabled.">, 465 Documentation<NotDocumented>, 466 Hidden; 467 468def CStringNullArg : Checker<"NullArg">, 469 HelpText<"Check for null pointers being passed as arguments to C string " 470 "functions">, 471 Dependencies<[CStringModeling]>, 472 Documentation<HasDocumentation>; 473 474def CStringSyntaxChecker : Checker<"BadSizeArg">, 475 HelpText<"Check the size argument passed into C string functions for common " 476 "erroneous patterns">, 477 Dependencies<[CStringModeling]>, 478 Documentation<HasDocumentation>; 479 480} // end "unix.cstring" 481 482let ParentPackage = CStringAlpha in { 483 484def CStringOutOfBounds : Checker<"OutOfBounds">, 485 HelpText<"Check for out-of-bounds access in string functions">, 486 Dependencies<[CStringModeling]>, 487 Documentation<HasDocumentation>; 488 489def CStringBufferOverlap : Checker<"BufferOverlap">, 490 HelpText<"Checks for overlap in two buffer arguments">, 491 Dependencies<[CStringModeling]>, 492 Documentation<HasDocumentation>; 493 494def CStringNotNullTerm : Checker<"NotNullTerminated">, 495 HelpText<"Check for arguments which are not null-terminating strings">, 496 Dependencies<[CStringModeling]>, 497 Documentation<HasDocumentation>; 498 499def CStringUninitializedRead : Checker<"UninitializedRead">, 500 HelpText<"Checks if the string manipulation function would read uninitialized bytes">, 501 Dependencies<[CStringModeling]>, 502 Documentation<HasDocumentation>; 503 504} // end "alpha.unix.cstring" 505 506let ParentPackage = Unix in { 507 508def UnixAPIMisuseChecker : Checker<"API">, 509 HelpText<"Check calls to various UNIX/Posix functions">, 510 Documentation<HasDocumentation>; 511 512def DynamicMemoryModeling: Checker<"DynamicMemoryModeling">, 513 HelpText<"The base of several malloc() related checkers. On it's own it " 514 "emits no reports, but adds valuable information to the analysis " 515 "when enabled.">, 516 CheckerOptions<[ 517 CmdLineOption<Boolean, 518 "Optimistic", 519 "If set to true, the checker assumes that all the " 520 "allocating and deallocating functions are annotated with " 521 "ownership_holds, ownership_takes and ownership_returns.", 522 "false", 523 InAlpha>, 524 CmdLineOption<Boolean, 525 "AddNoOwnershipChangeNotes", 526 "Add an additional note to the bug report for leak-like " 527 "bugs. Dynamically allocated objects passed to functions " 528 "that neither deallocated it, or have taken responsibility " 529 "of the ownership are noted, similarly to " 530 "NoStoreFuncVisitor.", 531 "true", 532 Released, 533 Hide> 534 ]>, 535 Dependencies<[CStringModeling]>, 536 Documentation<NotDocumented>, 537 Hidden; 538 539def ErrnoChecker : Checker<"Errno">, 540 HelpText<"Check for improper use of 'errno'">, 541 Dependencies<[ErrnoModeling]>, 542 CheckerOptions<[ 543 CmdLineOption<Boolean, 544 "AllowErrnoReadOutsideConditionExpressions", 545 "Allow read of undefined value from errno outside of conditions", 546 "true", 547 InAlpha>, 548 ]>, 549 Documentation<HasDocumentation>; 550 551def MallocChecker: Checker<"Malloc">, 552 HelpText<"Check for memory leaks, double free, and use-after-free problems. " 553 "Traces memory managed by malloc()/free().">, 554 Dependencies<[DynamicMemoryModeling]>, 555 Documentation<HasDocumentation>; 556 557def MallocSizeofChecker : Checker<"MallocSizeof">, 558 HelpText<"Check for dubious malloc arguments involving sizeof">, 559 Documentation<HasDocumentation>; 560 561def MismatchedDeallocatorChecker : Checker<"MismatchedDeallocator">, 562 HelpText<"Check for mismatched deallocators.">, 563 Dependencies<[DynamicMemoryModeling]>, 564 Documentation<HasDocumentation>; 565 566def StdCLibraryFunctionsChecker : Checker<"StdCLibraryFunctions">, 567 HelpText<"Check for invalid arguments of C standard library functions, " 568 "and apply relations between arguments and return value">, 569 CheckerOptions<[ 570 CmdLineOption<Boolean, 571 "DisplayLoadedSummaries", 572 "If set to true, the checker displays the found summaries " 573 "for the given translation unit.", 574 "false", 575 Released, 576 Hide>, 577 CmdLineOption<Boolean, 578 "ModelPOSIX", 579 "If set to true, the checker models additional functions " 580 "from the POSIX standard.", 581 "false", 582 InAlpha> 583 ]>, 584 WeakDependencies<[CallAndMessageChecker, NonNullParamChecker]>, 585 Documentation<HasDocumentation>; 586 587def VforkChecker : Checker<"Vfork">, 588 HelpText<"Check for proper usage of vfork">, 589 Documentation<HasDocumentation>; 590 591} // end "unix" 592 593let ParentPackage = UnixAlpha in { 594 595def ChrootChecker : Checker<"Chroot">, 596 HelpText<"Check improper use of chroot">, 597 Documentation<HasDocumentation>; 598 599def PthreadLockChecker : Checker<"PthreadLock">, 600 HelpText<"Simple lock -> unlock checker">, 601 Dependencies<[PthreadLockBase]>, 602 Documentation<HasDocumentation>; 603 604def StreamChecker : Checker<"Stream">, 605 HelpText<"Check stream handling functions">, 606 WeakDependencies<[NonNullParamChecker]>, 607 Documentation<HasDocumentation>; 608 609def SimpleStreamChecker : Checker<"SimpleStream">, 610 HelpText<"Check for misuses of stream APIs">, 611 Documentation<HasDocumentation>; 612 613def BlockInCriticalSectionChecker : Checker<"BlockInCriticalSection">, 614 HelpText<"Check for calls to blocking functions inside a critical section">, 615 Documentation<HasDocumentation>; 616 617} // end "alpha.unix" 618 619//===----------------------------------------------------------------------===// 620// C++ checkers. 621//===----------------------------------------------------------------------===// 622 623let ParentPackage = Cplusplus in { 624 625def InnerPointerChecker : Checker<"InnerPointer">, 626 HelpText<"Check for inner pointers of C++ containers used after " 627 "re/deallocation">, 628 Dependencies<[DynamicMemoryModeling]>, 629 Documentation<NotDocumented>; 630 631def NewDeleteChecker : Checker<"NewDelete">, 632 HelpText<"Check for double-free and use-after-free problems. Traces memory " 633 "managed by new/delete.">, 634 Dependencies<[DynamicMemoryModeling]>, 635 Documentation<HasDocumentation>; 636 637def NewDeleteLeaksChecker : Checker<"NewDeleteLeaks">, 638 HelpText<"Check for memory leaks. Traces memory managed by new/delete.">, 639 Dependencies<[DynamicMemoryModeling]>, 640 Documentation<HasDocumentation>; 641 642def PlacementNewChecker : Checker<"PlacementNew">, 643 HelpText<"Check if default placement new is provided with pointers to " 644 "sufficient storage capacity">, 645 Dependencies<[DynamicMemoryModeling]>, 646 Documentation<HasDocumentation>; 647 648def CXXSelfAssignmentChecker : Checker<"SelfAssignment">, 649 HelpText<"Checks C++ copy and move assignment operators for self assignment">, 650 Documentation<NotDocumented>, 651 Hidden; 652 653def SmartPtrModeling: Checker<"SmartPtrModeling">, 654 HelpText<"Model behavior of C++ smart pointers">, 655 Documentation<NotDocumented>, 656 CheckerOptions<[ 657 CmdLineOption<Boolean, 658 "ModelSmartPtrDereference", 659 "Enable modeling for SmartPtr null dereferences", 660 "false", 661 InAlpha, 662 Hide>, 663 ]>, 664 Hidden; 665 666def StringChecker: Checker<"StringChecker">, 667 HelpText<"Checks C++ std::string bugs">, 668 Documentation<HasDocumentation>; 669 670def MoveChecker: Checker<"Move">, 671 HelpText<"Find use-after-move bugs in C++">, 672 CheckerOptions<[ 673 CmdLineOption<String, 674 "WarnOn", 675 "In non-aggressive mode, only warn on use-after-move of " 676 "local variables (or local rvalue references) and of STL " 677 "objects. The former is possible because local variables (or " 678 "local rvalue references) are not tempting their user to " 679 "re-use the storage. The latter is possible because STL " 680 "objects are known to end up in a valid but unspecified " 681 "state after the move and their state-reset methods are also " 682 "known, which allows us to predict precisely when " 683 "use-after-move is invalid. Some STL objects are known to " 684 "conform to additional contracts after move, so they are not " 685 "tracked. However, smart pointers specifically are tracked " 686 "because we can perform extra checking over them. In " 687 "aggressive mode, warn on any use-after-move because the " 688 "user has intentionally asked us to completely eliminate " 689 "use-after-move in his code. Values: \"KnownsOnly\", " 690 "\"KnownsAndLocals\", \"All\".", 691 "KnownsAndLocals", 692 Released> 693 ]>, 694 Documentation<HasDocumentation>; 695 696def VirtualCallModeling : Checker<"VirtualCallModeling">, 697 HelpText<"Auxiliary modeling for the virtual method call checkers">, 698 Documentation<NotDocumented>, 699 Hidden; 700 701def PureVirtualCallChecker : Checker<"PureVirtualCall">, 702 HelpText<"Check pure virtual function calls during construction/destruction">, 703 Dependencies<[VirtualCallModeling]>, 704 Documentation<HasDocumentation>; 705} // end: "cplusplus" 706 707let ParentPackage = CplusplusOptIn in { 708 709def UninitializedObjectChecker: Checker<"UninitializedObject">, 710 HelpText<"Reports uninitialized fields after object construction">, 711 CheckerOptions<[ 712 CmdLineOption<Boolean, 713 "Pedantic", 714 "If set to false, the checker won't emit warnings " 715 "for objects that don't have at least one initialized " 716 "field.", 717 "false", 718 Released>, 719 CmdLineOption<Boolean, 720 "NotesAsWarnings", 721 "If set to true, the checker will emit a warning " 722 "for each uninitalized field, as opposed to emitting one " 723 "warning per constructor call, and listing the uninitialized " 724 "fields that belongs to it in notes.", 725 "false", 726 Released, 727 Hide>, 728 CmdLineOption<Boolean, 729 "CheckPointeeInitialization", 730 "If set to false, the checker will not analyze " 731 "the pointee of pointer/reference fields, and will only " 732 "check whether the object itself is initialized.", 733 "false", 734 InAlpha>, 735 CmdLineOption<String, 736 "IgnoreRecordsWithField", 737 "If supplied, the checker will not analyze " 738 "structures that have a field with a name or type name that " 739 "matches the given pattern.", 740 "\"\"", 741 Released>, 742 CmdLineOption<Boolean, 743 "IgnoreGuardedFields", 744 "If set to true, the checker will analyze _syntactically_ " 745 "whether the found uninitialized object is used without a " 746 "preceding assert call. Defaults to false.", 747 "false", 748 InAlpha> 749 ]>, 750 Documentation<HasDocumentation>; 751 752def VirtualCallChecker : Checker<"VirtualCall">, 753 HelpText<"Check virtual function calls during construction/destruction">, 754 CheckerOptions<[ 755 CmdLineOption<Boolean, 756 "ShowFixIts", 757 "Enable fix-it hints for this checker", 758 "false", 759 InAlpha>, 760 CmdLineOption<Boolean, 761 "PureOnly", 762 "Disables the checker. Keeps cplusplus.PureVirtualCall " 763 "enabled. This option is only provided for backwards " 764 "compatibility.", 765 "false", 766 InAlpha> 767 ]>, 768 Dependencies<[VirtualCallModeling]>, 769 Documentation<HasDocumentation>; 770 771} // end: "optin.cplusplus" 772 773let ParentPackage = CplusplusAlpha in { 774 775def ContainerModeling : Checker<"ContainerModeling">, 776 HelpText<"Models C++ containers">, 777 Documentation<NotDocumented>, 778 Hidden; 779 780def CXXArrayDeleteChecker : Checker<"ArrayDelete">, 781 HelpText<"Reports destructions of arrays of polymorphic objects that are " 782 "destructed as their base class.">, 783 Documentation<HasDocumentation>; 784 785def DeleteWithNonVirtualDtorChecker : Checker<"DeleteWithNonVirtualDtor">, 786 HelpText<"Reports destructions of polymorphic objects with a non-virtual " 787 "destructor in their base class">, 788 Documentation<HasDocumentation>; 789 790def IteratorModeling : Checker<"IteratorModeling">, 791 HelpText<"Models iterators of C++ containers">, 792 Dependencies<[ContainerModeling]>, 793 Documentation<NotDocumented>, 794 Hidden; 795 796def STLAlgorithmModeling : Checker<"STLAlgorithmModeling">, 797 HelpText<"Models the algorithm library of the C++ STL.">, 798 CheckerOptions<[ 799 CmdLineOption<Boolean, 800 "AggressiveStdFindModeling", 801 "Enables exploration of the failure branch in std::find-like " 802 "functions.", 803 "false", 804 Released> 805 ]>, 806 Dependencies<[ContainerModeling]>, 807 Documentation<NotDocumented>; 808 809def InvalidatedIteratorChecker : Checker<"InvalidatedIterator">, 810 HelpText<"Check for use of invalidated iterators">, 811 Dependencies<[IteratorModeling]>, 812 Documentation<HasDocumentation>; 813 814def IteratorRangeChecker : Checker<"IteratorRange">, 815 HelpText<"Check for iterators used outside their valid ranges">, 816 Dependencies<[IteratorModeling]>, 817 Documentation<HasDocumentation>; 818 819def MismatchedIteratorChecker : Checker<"MismatchedIterator">, 820 HelpText<"Check for use of iterators of different containers where iterators " 821 "of the same container are expected">, 822 Dependencies<[IteratorModeling]>, 823 Documentation<HasDocumentation>; 824 825def SmartPtrChecker: Checker<"SmartPtr">, 826 HelpText<"Find the dereference of null SmrtPtr">, 827 Dependencies<[SmartPtrModeling]>, 828 Documentation<HasDocumentation>; 829 830} // end: "alpha.cplusplus" 831 832 833//===----------------------------------------------------------------------===// 834// Valist checkers. 835//===----------------------------------------------------------------------===// 836 837let ParentPackage = Valist in { 838 839def ValistBase : Checker<"ValistBase">, 840 HelpText<"Gathers information about va_lists.">, 841 Documentation<NotDocumented>, 842 Hidden; 843 844def UninitializedChecker : Checker<"Uninitialized">, 845 HelpText<"Check for usages of uninitialized (or already released) va_lists.">, 846 Dependencies<[ValistBase]>, 847 Documentation<NotDocumented>; 848 849def UnterminatedChecker : Checker<"Unterminated">, 850 HelpText<"Check for va_lists which are not released by a va_end call.">, 851 Dependencies<[ValistBase]>, 852 Documentation<NotDocumented>; 853 854def CopyToSelfChecker : Checker<"CopyToSelf">, 855 HelpText<"Check for va_lists which are copied onto itself.">, 856 Dependencies<[ValistBase]>, 857 Documentation<NotDocumented>; 858 859} // end : "valist" 860 861//===----------------------------------------------------------------------===// 862// Deadcode checkers. 863//===----------------------------------------------------------------------===// 864 865let ParentPackage = DeadCode in { 866 867def DeadStoresChecker : Checker<"DeadStores">, 868 HelpText<"Check for values stored to variables that are never read " 869 "afterwards">, 870 CheckerOptions<[ 871 CmdLineOption<Boolean, 872 "WarnForDeadNestedAssignments", 873 "Warns for deadstores in nested assignments." 874 "E.g.: if ((P = f())) where P is unused.", 875 "true", 876 Released>, 877 CmdLineOption<Boolean, 878 "ShowFixIts", 879 "Enable fix-it hints for this checker", 880 "false", 881 InAlpha> 882 ]>, 883 Documentation<HasDocumentation>; 884 885} // end DeadCode 886 887let ParentPackage = DeadCodeAlpha in { 888 889def UnreachableCodeChecker : Checker<"UnreachableCode">, 890 HelpText<"Check unreachable code">, 891 Documentation<HasDocumentation>; 892 893} // end "alpha.deadcode" 894 895//===----------------------------------------------------------------------===// 896// Performance checkers. 897//===----------------------------------------------------------------------===// 898 899let ParentPackage = Performance in { 900 901def PaddingChecker : Checker<"Padding">, 902 HelpText<"Check for excessively padded structs.">, 903 CheckerOptions<[ 904 CmdLineOption<Integer, 905 "AllowedPad", 906 "Reports are only generated if the excessive padding exceeds " 907 "'AllowedPad' in bytes.", 908 "24", 909 Released> 910 ]>, 911 Documentation<NotDocumented>; 912 913} // end: "padding" 914 915//===----------------------------------------------------------------------===// 916// Security checkers. 917//===----------------------------------------------------------------------===// 918 919let ParentPackage = InsecureAPI in { 920 921def SecuritySyntaxChecker : Checker<"SecuritySyntaxChecker">, 922 HelpText<"Base of various security function related checkers">, 923 Documentation<NotDocumented>, 924 Hidden; 925 926def bcmp : Checker<"bcmp">, 927 HelpText<"Warn on uses of the 'bcmp' function">, 928 Dependencies<[SecuritySyntaxChecker]>, 929 Documentation<HasDocumentation>; 930 931def bcopy : Checker<"bcopy">, 932 HelpText<"Warn on uses of the 'bcopy' function">, 933 Dependencies<[SecuritySyntaxChecker]>, 934 Documentation<HasDocumentation>; 935 936def bzero : Checker<"bzero">, 937 HelpText<"Warn on uses of the 'bzero' function">, 938 Dependencies<[SecuritySyntaxChecker]>, 939 Documentation<HasDocumentation>; 940 941def gets : Checker<"gets">, 942 HelpText<"Warn on uses of the 'gets' function">, 943 Dependencies<[SecuritySyntaxChecker]>, 944 Documentation<HasDocumentation>; 945 946def getpw : Checker<"getpw">, 947 HelpText<"Warn on uses of the 'getpw' function">, 948 Dependencies<[SecuritySyntaxChecker]>, 949 Documentation<HasDocumentation>; 950 951def mktemp : Checker<"mktemp">, 952 HelpText<"Warn on uses of the 'mktemp' function">, 953 Dependencies<[SecuritySyntaxChecker]>, 954 Documentation<HasDocumentation>; 955 956def mkstemp : Checker<"mkstemp">, 957 HelpText<"Warn when 'mkstemp' is passed fewer than 6 X's in the format " 958 "string">, 959 Dependencies<[SecuritySyntaxChecker]>, 960 Documentation<HasDocumentation>; 961 962def rand : Checker<"rand">, 963 HelpText<"Warn on uses of the 'rand', 'random', and related functions">, 964 Dependencies<[SecuritySyntaxChecker]>, 965 Documentation<HasDocumentation>; 966 967def strcpy : Checker<"strcpy">, 968 HelpText<"Warn on uses of the 'strcpy' and 'strcat' functions">, 969 Dependencies<[SecuritySyntaxChecker]>, 970 Documentation<HasDocumentation>; 971 972def vfork : Checker<"vfork">, 973 HelpText<"Warn on uses of the 'vfork' function">, 974 Dependencies<[SecuritySyntaxChecker]>, 975 Documentation<HasDocumentation>; 976 977def UncheckedReturn : Checker<"UncheckedReturn">, 978 HelpText<"Warn on uses of functions whose return values must be always " 979 "checked">, 980 Dependencies<[SecuritySyntaxChecker]>, 981 Documentation<HasDocumentation>; 982 983def DeprecatedOrUnsafeBufferHandling : 984 Checker<"DeprecatedOrUnsafeBufferHandling">, 985 HelpText<"Warn on uses of unsecure or deprecated buffer manipulating " 986 "functions">, 987 Dependencies<[SecuritySyntaxChecker]>, 988 Documentation<HasDocumentation>; 989 990def decodeValueOfObjCType : Checker<"decodeValueOfObjCType">, 991 HelpText<"Warn on uses of the '-decodeValueOfObjCType:at:' method">, 992 Dependencies<[SecuritySyntaxChecker]>, 993 Documentation<HasDocumentation>; 994 995} // end "security.insecureAPI" 996 997let ParentPackage = Security in { 998 999def FloatLoopCounter : Checker<"FloatLoopCounter">, 1000 HelpText<"Warn on using a floating point value as a loop counter (CERT: " 1001 "FLP30-C, FLP30-CPP)">, 1002 Dependencies<[SecuritySyntaxChecker]>, 1003 Documentation<HasDocumentation>; 1004 1005} // end "security" 1006 1007let ParentPackage = ENV in { 1008 1009 def InvalidPtrChecker : Checker<"InvalidPtr">, 1010 HelpText<"Finds usages of possibly invalidated pointers">, 1011 CheckerOptions<[ 1012 CmdLineOption<Boolean, 1013 "InvalidatingGetEnv", 1014 "Regard getenv as an invalidating call (as per POSIX " 1015 "standard), which can lead to false positives depending on " 1016 "implementation.", 1017 "false", 1018 Released>, 1019 ]>, 1020 Documentation<HasDocumentation>; 1021 1022} // end "security.cert.env" 1023 1024let ParentPackage = POSAlpha in { 1025 1026 def PutenvWithAuto : Checker<"34c">, 1027 HelpText<"Finds calls to the 'putenv' function which pass a pointer to " 1028 "an automatic variable as the argument.">, 1029 Documentation<HasDocumentation>; 1030 1031} // end "alpha.cert.pos" 1032 1033let ParentPackage = SecurityAlpha in { 1034 1035def ArrayBoundChecker : Checker<"ArrayBound">, 1036 HelpText<"Warn about buffer overflows (older checker)">, 1037 Documentation<HasDocumentation>; 1038 1039def ArrayBoundCheckerV2 : Checker<"ArrayBoundV2">, 1040 HelpText<"Warn about buffer overflows (newer checker)">, 1041 Documentation<HasDocumentation>; 1042 1043def ReturnPointerRangeChecker : Checker<"ReturnPtrRange">, 1044 HelpText<"Check for an out-of-bound pointer being returned to callers">, 1045 Documentation<HasDocumentation>; 1046 1047def MallocOverflowSecurityChecker : Checker<"MallocOverflow">, 1048 HelpText<"Check for overflows in the arguments to malloc()">, 1049 Documentation<HasDocumentation>; 1050 1051def MmapWriteExecChecker : Checker<"MmapWriteExec">, 1052 HelpText<"Warn on mmap() calls that are both writable and executable">, 1053 CheckerOptions<[ 1054 CmdLineOption<Integer, 1055 "MmapProtExec", 1056 "Specifies the value of PROT_EXEC", 1057 "0x04", 1058 Released>, 1059 CmdLineOption<Integer, 1060 "MmapProtRead", 1061 "Specifies the value of PROT_READ", 1062 "0x01", 1063 Released> 1064 ]>, 1065 Documentation<HasDocumentation>; 1066 1067} // end "alpha.security" 1068 1069//===----------------------------------------------------------------------===// 1070// Taint checkers. 1071//===----------------------------------------------------------------------===// 1072 1073let ParentPackage = Taint in { 1074 1075def GenericTaintChecker : Checker<"TaintPropagation">, 1076 HelpText<"Generate taint information used by other checkers">, 1077 CheckerOptions<[ 1078 CmdLineOption<String, 1079 "Config", 1080 "Specifies the name of the configuration file.", 1081 "", 1082 InAlpha>, 1083 ]>, 1084 Documentation<HasDocumentation>; 1085 1086} // end "alpha.security.taint" 1087 1088//===----------------------------------------------------------------------===// 1089// Mac OS X, Cocoa, and Core Foundation checkers. 1090//===----------------------------------------------------------------------===// 1091 1092let ParentPackage = Cocoa in { 1093 1094def RetainCountBase : Checker<"RetainCountBase">, 1095 HelpText<"Common base of various retain count related checkers">, 1096 Documentation<NotDocumented>, 1097 Hidden; 1098 1099} // end "osx.cocoa" 1100 1101let ParentPackage = OSX in { 1102 1103def NSOrCFErrorDerefChecker : Checker<"NSOrCFErrorDerefChecker">, 1104 HelpText<"Implementation checker for NSErrorChecker and CFErrorChecker">, 1105 Documentation<NotDocumented>, 1106 Hidden; 1107 1108def NumberObjectConversionChecker : Checker<"NumberObjectConversion">, 1109 HelpText<"Check for erroneous conversions of objects representing numbers " 1110 "into numbers">, 1111 CheckerOptions<[ 1112 CmdLineOption<Boolean, 1113 "Pedantic", 1114 "Enables detection of more conversion patterns (which are " 1115 "most likely more harmless, and therefore are more likely to " 1116 "produce false positives).", 1117 "false", 1118 Released> 1119 ]>, 1120 Documentation<NotDocumented>; 1121 1122def MacOSXAPIChecker : Checker<"API">, 1123 HelpText<"Check for proper uses of various Apple APIs">, 1124 Documentation<HasDocumentation>; 1125 1126def MacOSKeychainAPIChecker : Checker<"SecKeychainAPI">, 1127 HelpText<"Check for proper uses of Secure Keychain APIs">, 1128 Documentation<HasDocumentation>; 1129 1130def MIGChecker : Checker<"MIG">, 1131 HelpText<"Find violations of the Mach Interface Generator " 1132 "calling convention">, 1133 Documentation<NotDocumented>; 1134 1135def ObjCPropertyChecker : Checker<"ObjCProperty">, 1136 HelpText<"Check for proper uses of Objective-C properties">, 1137 Documentation<NotDocumented>; 1138 1139def OSObjectRetainCountChecker : Checker<"OSObjectRetainCount">, 1140 HelpText<"Check for leaks and improper reference count management for " 1141 "OSObject">, 1142 Dependencies<[RetainCountBase]>, 1143 Documentation<NotDocumented>; 1144 1145} // end "osx" 1146 1147let ParentPackage = Cocoa in { 1148 1149def RunLoopAutoreleaseLeakChecker : Checker<"RunLoopAutoreleaseLeak">, 1150 HelpText<"Check for leaked memory in autorelease pools that will never be " 1151 "drained">, 1152 Documentation<NotDocumented>; 1153 1154def ObjCAtSyncChecker : Checker<"AtSync">, 1155 HelpText<"Check for nil pointers used as mutexes for @synchronized">, 1156 Documentation<HasDocumentation>; 1157 1158def NilArgChecker : Checker<"NilArg">, 1159 HelpText<"Check for prohibited nil arguments to ObjC method calls">, 1160 Documentation<HasDocumentation>; 1161 1162def ClassReleaseChecker : Checker<"ClassRelease">, 1163 HelpText<"Check for sending 'retain', 'release', or 'autorelease' directly " 1164 "to a Class">, 1165 Documentation<HasDocumentation>; 1166 1167def VariadicMethodTypeChecker : Checker<"VariadicMethodTypes">, 1168 HelpText<"Check for passing non-Objective-C types to variadic collection " 1169 "initialization methods that expect only Objective-C types">, 1170 Documentation<HasDocumentation>; 1171 1172def NSAutoreleasePoolChecker : Checker<"NSAutoreleasePool">, 1173 HelpText<"Warn for suboptimal uses of NSAutoreleasePool in Objective-C GC " 1174 "mode">, 1175 Documentation<HasDocumentation>; 1176 1177def ObjCMethSigsChecker : Checker<"IncompatibleMethodTypes">, 1178 HelpText<"Warn about Objective-C method signatures with type " 1179 "incompatibilities">, 1180 Documentation<HasDocumentation>; 1181 1182def ObjCUnusedIvarsChecker : Checker<"UnusedIvars">, 1183 HelpText<"Warn about private ivars that are never used">, 1184 Documentation<HasDocumentation>; 1185 1186def ObjCSelfInitChecker : Checker<"SelfInit">, 1187 HelpText<"Check that 'self' is properly initialized inside an initializer " 1188 "method">, 1189 Documentation<HasDocumentation>; 1190 1191def ObjCLoopChecker : Checker<"Loops">, 1192 HelpText<"Improved modeling of loops using Cocoa collection types">, 1193 Documentation<NotDocumented>; 1194 1195def ObjCNonNilReturnValueChecker : Checker<"NonNilReturnValue">, 1196 HelpText<"Model the APIs that are guaranteed to return a non-nil value">, 1197 Documentation<NotDocumented>; 1198 1199def ObjCSuperCallChecker : Checker<"MissingSuperCall">, 1200 HelpText<"Warn about Objective-C methods that lack a necessary call to " 1201 "super">, 1202 Documentation<NotDocumented>; 1203 1204def NSErrorChecker : Checker<"NSError">, 1205 HelpText<"Check usage of NSError** parameters">, 1206 Dependencies<[NSOrCFErrorDerefChecker]>, 1207 Documentation<HasDocumentation>; 1208 1209def RetainCountChecker : Checker<"RetainCount">, 1210 HelpText<"Check for leaks and improper reference count management">, 1211 CheckerOptions<[ 1212 CmdLineOption<Boolean, 1213 "TrackNSCFStartParam", 1214 "Check not only that the code follows retain-release rules " 1215 "with respect to objects it allocates or borrows from " 1216 "elsewhere, but also that it fulfills its own retain count " 1217 "specification with respect to objects that it receives as " 1218 "arguments.", 1219 "false", 1220 Released> 1221 ]>, 1222 Dependencies<[RetainCountBase]>, 1223 Documentation<HasDocumentation>; 1224 1225def ObjCGenericsChecker : Checker<"ObjCGenerics">, 1226 HelpText<"Check for type errors when using Objective-C generics">, 1227 Dependencies<[DynamicTypePropagation]>, 1228 Documentation<HasDocumentation>; 1229 1230def ObjCDeallocChecker : Checker<"Dealloc">, 1231 HelpText<"Warn about Objective-C classes that lack a correct implementation " 1232 "of -dealloc">, 1233 Documentation<HasDocumentation>; 1234 1235def ObjCSuperDeallocChecker : Checker<"SuperDealloc">, 1236 HelpText<"Warn about improper use of '[super dealloc]' in Objective-C">, 1237 Documentation<HasDocumentation>; 1238 1239def AutoreleaseWriteChecker : Checker<"AutoreleaseWrite">, 1240 HelpText<"Warn about potentially crashing writes to autoreleasing objects " 1241 "from different autoreleasing pools in Objective-C">, 1242 Documentation<NotDocumented>; 1243 1244} // end "osx.cocoa" 1245 1246let ParentPackage = Performance in { 1247 1248def GCDAntipattern : Checker<"GCDAntipattern">, 1249 HelpText<"Check for performance anti-patterns when using Grand Central " 1250 "Dispatch">, 1251 Documentation<NotDocumented>; 1252} // end "optin.performance" 1253 1254let ParentPackage = OSXOptIn in { 1255 1256def OSObjectCStyleCast : Checker<"OSObjectCStyleCast">, 1257 HelpText<"Checker for C-style casts of OSObjects">, 1258 Documentation<NotDocumented>; 1259 1260} // end "optin.osx" 1261 1262let ParentPackage = CocoaAlpha in { 1263 1264def IvarInvalidationModeling : Checker<"IvarInvalidationModeling">, 1265 HelpText<"Gathers information for annotation driven invalidation checking " 1266 "for classes that contains a method annotated with " 1267 "'objc_instance_variable_invalidator'">, 1268 Documentation<NotDocumented>, 1269 Hidden; 1270 1271def InstanceVariableInvalidation : Checker<"InstanceVariableInvalidation">, 1272 HelpText<"Check that the invalidatable instance variables are invalidated in " 1273 "the methods annotated with objc_instance_variable_invalidator">, 1274 Dependencies<[IvarInvalidationModeling]>, 1275 Documentation<HasDocumentation>; 1276 1277def MissingInvalidationMethod : Checker<"MissingInvalidationMethod">, 1278 HelpText<"Check that the invalidation methods are present in classes that " 1279 "contain invalidatable instance variables">, 1280 Dependencies<[IvarInvalidationModeling]>, 1281 Documentation<HasDocumentation>; 1282 1283def DirectIvarAssignment : Checker<"DirectIvarAssignment">, 1284 HelpText<"Check for direct assignments to instance variables">, 1285 CheckerOptions<[ 1286 CmdLineOption<Boolean, 1287 "AnnotatedFunctions", 1288 "Check for direct assignments to instance variables in the " 1289 "methods annotated with " 1290 "objc_no_direct_instance_variable_assignment", 1291 "false", 1292 InAlpha> 1293 ]>, 1294 Documentation<HasDocumentation>; 1295 1296} // end "alpha.osx.cocoa" 1297 1298let ParentPackage = CoreFoundation in { 1299 1300def CFNumberChecker : Checker<"CFNumber">, 1301 HelpText<"Check for proper uses of CFNumber APIs">, 1302 Documentation<HasDocumentation>; 1303 1304def CFRetainReleaseChecker : Checker<"CFRetainRelease">, 1305 HelpText<"Check for null arguments to CFRetain/CFRelease/CFMakeCollectable">, 1306 Documentation<HasDocumentation>; 1307 1308def CFErrorChecker : Checker<"CFError">, 1309 HelpText<"Check usage of CFErrorRef* parameters">, 1310 Dependencies<[NSOrCFErrorDerefChecker]>, 1311 Documentation<HasDocumentation>; 1312 1313} // end "osx.coreFoundation" 1314 1315let ParentPackage = Containers in { 1316 1317def ObjCContainersASTChecker : Checker<"PointerSizedValues">, 1318 HelpText<"Warns if 'CFArray', 'CFDictionary', 'CFSet' are created with " 1319 "non-pointer-size values">, 1320 Documentation<HasDocumentation>; 1321 1322def ObjCContainersChecker : Checker<"OutOfBounds">, 1323 HelpText<"Checks for index out-of-bounds when using 'CFArray' API">, 1324 Documentation<HasDocumentation>; 1325 1326} // end "osx.coreFoundation.containers" 1327 1328let ParentPackage = LocalizabilityOptIn in { 1329 1330def NonLocalizedStringChecker : Checker<"NonLocalizedStringChecker">, 1331 HelpText<"Warns about uses of non-localized NSStrings passed to UI methods " 1332 "expecting localized NSStrings">, 1333 CheckerOptions<[ 1334 CmdLineOption<Boolean, 1335 "AggressiveReport", 1336 "Marks a string being returned by any call as localized if " 1337 "it is in LocStringFunctions (LSF) or the function is " 1338 "annotated. Otherwise, we mark it as NonLocalized " 1339 "(Aggressive) or NonLocalized only if it is not backed by a " 1340 "SymRegion (Non-Aggressive), basically leaving only string " 1341 "literals as NonLocalized.", 1342 "false", 1343 InAlpha, 1344 Hide> 1345 ]>, 1346 Documentation<HasDocumentation>; 1347 1348def EmptyLocalizationContextChecker : 1349 Checker<"EmptyLocalizationContextChecker">, 1350 HelpText<"Check that NSLocalizedString macros include a comment for context">, 1351 Documentation<HasDocumentation>; 1352 1353} // end "optin.osx.cocoa.localizability" 1354 1355let ParentPackage = LocalizabilityAlpha in { 1356 1357def PluralMisuseChecker : Checker<"PluralMisuseChecker">, 1358 HelpText<"Warns against using one vs. many plural pattern in code when " 1359 "generating localized strings.">, 1360 Documentation<HasDocumentation>; 1361 1362} // end "alpha.osx.cocoa.localizability" 1363 1364let ParentPackage = MPI in { 1365 1366def MPIChecker : Checker<"MPI-Checker">, 1367 HelpText<"Checks MPI code">, 1368 Documentation<HasDocumentation>; 1369 1370} // end "optin.mpi" 1371 1372//===----------------------------------------------------------------------===// 1373// Checkers for LLVM development. 1374//===----------------------------------------------------------------------===// 1375 1376let ParentPackage = LLVMAlpha in { 1377 1378def LLVMConventionsChecker : Checker<"Conventions">, 1379 HelpText<"Check code for LLVM codebase conventions">, 1380 Documentation<HasDocumentation>; 1381 1382} // end "llvm" 1383 1384let ParentPackage = LLVMAPIModeling in { 1385 1386def CastValueChecker : Checker<"CastValue">, 1387 HelpText<"Model implementation of custom RTTIs">, 1388 Documentation<NotDocumented>; 1389 1390def ReturnValueChecker : Checker<"ReturnValue">, 1391 HelpText<"Model the guaranteed boolean return value of function calls">, 1392 Documentation<NotDocumented>; 1393 1394} // end "apiModeling.llvm" 1395 1396//===----------------------------------------------------------------------===// 1397// Checkers modeling Google APIs. 1398//===----------------------------------------------------------------------===// 1399 1400let ParentPackage = GoogleAPIModeling in { 1401 1402def GTestChecker : Checker<"GTest">, 1403 HelpText<"Model gtest assertion APIs">, 1404 Documentation<NotDocumented>; 1405 1406} // end "apiModeling.google" 1407 1408//===----------------------------------------------------------------------===// 1409// Debugging checkers (for analyzer development). 1410//===----------------------------------------------------------------------===// 1411 1412let ParentPackage = Debug in { 1413 1414def AnalysisOrderChecker : Checker<"AnalysisOrder">, 1415 HelpText<"Print callbacks that are called during analysis in order">, 1416 CheckerOptions<[ 1417 CmdLineOption<Boolean, 1418 "PreStmtCastExpr", 1419 "", 1420 "false", 1421 Released, 1422 Hide>, 1423 CmdLineOption<Boolean, 1424 "PostStmtCastExpr", 1425 "", 1426 "false", 1427 Released, 1428 Hide>, 1429 CmdLineOption<Boolean, 1430 "PreStmtArraySubscriptExpr", 1431 "", 1432 "false", 1433 Released, 1434 Hide>, 1435 CmdLineOption<Boolean, 1436 "PostStmtArraySubscriptExpr", 1437 "", 1438 "false", 1439 Released, 1440 Hide>, 1441 CmdLineOption<Boolean, 1442 "PreStmtCXXNewExpr", 1443 "", 1444 "false", 1445 Released, 1446 Hide>, 1447 CmdLineOption<Boolean, 1448 "PostStmtCXXNewExpr", 1449 "", 1450 "false", 1451 Released, 1452 Hide>, 1453 CmdLineOption<Boolean, 1454 "PreStmtCXXDeleteExpr", 1455 "", 1456 "false", 1457 Released, 1458 Hide>, 1459 CmdLineOption<Boolean, 1460 "PostStmtCXXDeleteExpr", 1461 "", 1462 "false", 1463 Released, 1464 Hide>, 1465 CmdLineOption<Boolean, 1466 "PreStmtCXXConstructExpr", 1467 "", 1468 "false", 1469 Released, 1470 Hide>, 1471 CmdLineOption<Boolean, 1472 "PostStmtCXXConstructExpr", 1473 "", 1474 "false", 1475 Released, 1476 Hide>, 1477 CmdLineOption<Boolean, 1478 "PreStmtOffsetOfExpr", 1479 "", 1480 "false", 1481 Released, 1482 Hide>, 1483 CmdLineOption<Boolean, 1484 "PostStmtOffsetOfExpr", 1485 "", 1486 "false", 1487 Released, 1488 Hide>, 1489 CmdLineOption<Boolean, 1490 "EvalCall", 1491 "", 1492 "false", 1493 Released, 1494 Hide>, 1495 CmdLineOption<Boolean, 1496 "PreCall", 1497 "", 1498 "false", 1499 Released, 1500 Hide>, 1501 CmdLineOption<Boolean, 1502 "PostCall", 1503 "", 1504 "false", 1505 Released, 1506 Hide>, 1507 CmdLineOption<Boolean, 1508 "EndFunction", 1509 "", 1510 "false", 1511 Released, 1512 Hide>, 1513 CmdLineOption<Boolean, 1514 "EndAnalysis", 1515 "", 1516 "false", 1517 Released, 1518 Hide>, 1519 CmdLineOption<Boolean, 1520 "NewAllocator", 1521 "", 1522 "false", 1523 Released, 1524 Hide>, 1525 CmdLineOption<Boolean, 1526 "Bind", 1527 "", 1528 "false", 1529 Released, 1530 Hide>, 1531 CmdLineOption<Boolean, 1532 "LiveSymbols", 1533 "", 1534 "false", 1535 Released, 1536 Hide>, 1537 CmdLineOption<Boolean, 1538 "RegionChanges", 1539 "", 1540 "false", 1541 Released, 1542 Hide>, 1543 CmdLineOption<Boolean, 1544 "PointerEscape", 1545 "", 1546 "false", 1547 Released, 1548 Hide>, 1549 CmdLineOption<Boolean, 1550 "*", 1551 "Enables all callbacks.", 1552 "false", 1553 Released, 1554 Hide> 1555 ]>, 1556 Documentation<NotDocumented>; 1557 1558def DominatorsTreeDumper : Checker<"DumpDominators">, 1559 HelpText<"Print the dominance tree for a given CFG">, 1560 Documentation<NotDocumented>; 1561 1562def PostDominatorsTreeDumper : Checker<"DumpPostDominators">, 1563 HelpText<"Print the post dominance tree for a given CFG">, 1564 Documentation<NotDocumented>; 1565 1566def ControlDependencyTreeDumper : Checker<"DumpControlDependencies">, 1567 HelpText<"Print the post control dependency tree for a given CFG">, 1568 Documentation<NotDocumented>; 1569 1570def LiveVariablesDumper : Checker<"DumpLiveVars">, 1571 HelpText<"Print results of live variable analysis">, 1572 Documentation<NotDocumented>; 1573 1574def LiveExpressionsDumper : Checker<"DumpLiveExprs">, 1575 HelpText<"Print results of live expression analysis">, 1576 Documentation<NotDocumented>; 1577 1578def CFGViewer : Checker<"ViewCFG">, 1579 HelpText<"View Control-Flow Graphs using GraphViz">, 1580 Documentation<NotDocumented>; 1581 1582def CFGDumper : Checker<"DumpCFG">, 1583 HelpText<"Display Control-Flow Graphs">, 1584 Documentation<NotDocumented>; 1585 1586def CallGraphViewer : Checker<"ViewCallGraph">, 1587 HelpText<"View Call Graph using GraphViz">, 1588 Documentation<NotDocumented>; 1589 1590def CallGraphDumper : Checker<"DumpCallGraph">, 1591 HelpText<"Display Call Graph">, 1592 Documentation<NotDocumented>; 1593 1594def ConfigDumper : Checker<"ConfigDumper">, 1595 HelpText<"Dump config table">, 1596 Documentation<NotDocumented>; 1597 1598def TraversalDumper : Checker<"DumpTraversal">, 1599 HelpText<"Print branch conditions as they are traversed by the engine">, 1600 Documentation<NotDocumented>; 1601 1602def CallDumper : Checker<"DumpCalls">, 1603 HelpText<"Print calls as they are traversed by the engine">, 1604 Documentation<NotDocumented>; 1605 1606def AnalyzerStatsChecker : Checker<"Stats">, 1607 HelpText<"Emit warnings with analyzer statistics">, 1608 Documentation<NotDocumented>; 1609 1610def TaintTesterChecker : Checker<"TaintTest">, 1611 HelpText<"Mark tainted symbols as such.">, 1612 Documentation<NotDocumented>; 1613 1614// This checker *technically* depends on SteamChecker, but we don't allow 1615// dependency checkers to emit diagnostics, and a debug checker isn't worth 1616// the chore needed to create a modeling portion on its own. Since this checker 1617// is for development purposes only anyways, make sure that StreamChecker is 1618// also enabled, at least for the time being. 1619def StreamTesterChecker : Checker<"StreamTester">, 1620 HelpText<"Add test functions to StreamChecker for test and debugging " 1621 "purposes.">, 1622 Documentation<NotDocumented>; 1623 1624def ErrnoTesterChecker : Checker<"ErrnoTest">, 1625 HelpText<"Check modeling aspects of 'errno'.">, 1626 Dependencies<[ErrnoModeling]>, 1627 Documentation<NotDocumented>; 1628 1629def ExprInspectionChecker : Checker<"ExprInspection">, 1630 HelpText<"Check the analyzer's understanding of expressions">, 1631 Documentation<NotDocumented>; 1632 1633def ExplodedGraphViewer : Checker<"ViewExplodedGraph">, 1634 HelpText<"View Exploded Graphs using GraphViz">, 1635 Documentation<NotDocumented>; 1636 1637def ReportStmts : Checker<"ReportStmts">, 1638 HelpText<"Emits a warning for every statement.">, 1639 Documentation<NotDocumented>; 1640 1641def DebugContainerModeling : Checker<"DebugContainerModeling">, 1642 HelpText<"Check the analyzer's understanding of C++ containers">, 1643 Dependencies<[ContainerModeling]>, 1644 Documentation<NotDocumented>; 1645 1646def DebugIteratorModeling : Checker<"DebugIteratorModeling">, 1647 HelpText<"Check the analyzer's understanding of C++ iterators">, 1648 Dependencies<[DebugContainerModeling, IteratorModeling]>, 1649 Documentation<NotDocumented>; 1650 1651def StdCLibraryFunctionsTesterChecker : Checker<"StdCLibraryFunctionsTester">, 1652 HelpText<"Add test functions to the summary map, so testing of individual " 1653 "summary constituents becomes possible.">, 1654 WeakDependencies<[StdCLibraryFunctionsChecker]>, 1655 Documentation<NotDocumented>; 1656 1657} // end "debug" 1658 1659 1660//===----------------------------------------------------------------------===// 1661// Clone Detection 1662//===----------------------------------------------------------------------===// 1663 1664let ParentPackage = CloneDetectionAlpha in { 1665 1666def CloneChecker : Checker<"CloneChecker">, 1667 HelpText<"Reports similar pieces of code.">, 1668 CheckerOptions<[ 1669 CmdLineOption<Integer, 1670 "MinimumCloneComplexity", 1671 "Ensures that every clone has at least the given complexity. " 1672 "Complexity is here defined as the total amount of children " 1673 "of a statement. This constraint assumes the first statement " 1674 "in the group is representative for all other statements in " 1675 "the group in terms of complexity.", 1676 "50", 1677 Released>, 1678 CmdLineOption<Boolean, 1679 "ReportNormalClones", 1680 "Report all clones, even less suspicious ones.", 1681 "true", 1682 Released>, 1683 CmdLineOption<String, 1684 "IgnoredFilesPattern", 1685 "If supplied, the checker wont analyze files with a filename " 1686 "that matches the given pattern.", 1687 "\"\"", 1688 Released> 1689 ]>, 1690 Documentation<HasDocumentation>; 1691 1692} // end "clone" 1693 1694//===----------------------------------------------------------------------===// 1695// Portability checkers. 1696//===----------------------------------------------------------------------===// 1697 1698let ParentPackage = PortabilityOptIn in { 1699 1700def UnixAPIPortabilityChecker : Checker<"UnixAPI">, 1701 HelpText<"Finds implementation-defined behavior in UNIX/Posix functions">, 1702 Documentation<NotDocumented>; 1703 1704} // end optin.portability 1705 1706//===----------------------------------------------------------------------===// 1707// NonDeterminism checkers. 1708//===----------------------------------------------------------------------===// 1709 1710let ParentPackage = NonDeterminismAlpha in { 1711 1712def PointerIterationChecker : Checker<"PointerIteration">, 1713 HelpText<"Checks for non-determinism caused by iteration of unordered containers of pointers">, 1714 Documentation<HasDocumentation>; 1715 1716def PointerSortingChecker : Checker<"PointerSorting">, 1717 HelpText<"Check for non-determinism caused by sorting of pointers">, 1718 Documentation<HasDocumentation>; 1719 1720} // end alpha.nondeterminism 1721 1722//===----------------------------------------------------------------------===// 1723// Fuchsia checkers. 1724//===----------------------------------------------------------------------===// 1725 1726let ParentPackage = Fuchsia in { 1727 1728def FuchsiaHandleChecker : Checker<"HandleChecker">, 1729 HelpText<"A Checker that detect leaks related to Fuchsia handles">, 1730 Documentation<HasDocumentation>; 1731 1732} 1733 1734let ParentPackage = FuchsiaAlpha in { 1735 1736def FuchsiaLockChecker : Checker<"Lock">, 1737 HelpText<"Check for the correct usage of locking APIs.">, 1738 Dependencies<[PthreadLockBase]>, 1739 Documentation<HasDocumentation>; 1740 1741} // end fuchsia 1742 1743//===----------------------------------------------------------------------===// 1744// WebKit checkers. 1745//===----------------------------------------------------------------------===// 1746 1747let ParentPackage = WebKit in { 1748 1749def RefCntblBaseVirtualDtorChecker : Checker<"RefCntblBaseVirtualDtor">, 1750 HelpText<"Check for any ref-countable base class having virtual destructor.">, 1751 Documentation<HasDocumentation>; 1752 1753def NoUncountedMemberChecker : Checker<"NoUncountedMemberChecker">, 1754 HelpText<"Check for no uncounted member variables.">, 1755 Documentation<HasDocumentation>; 1756 1757def UncountedLambdaCapturesChecker : Checker<"UncountedLambdaCapturesChecker">, 1758 HelpText<"Check uncounted lambda captures.">, 1759 Documentation<HasDocumentation>; 1760 1761} // end webkit 1762 1763let ParentPackage = WebKitAlpha in { 1764 1765def UncountedCallArgsChecker : Checker<"UncountedCallArgsChecker">, 1766 HelpText<"Check uncounted call arguments.">, 1767 Documentation<HasDocumentation>; 1768 1769def UncountedLocalVarsChecker : Checker<"UncountedLocalVarsChecker">, 1770 HelpText<"Check uncounted local variables.">, 1771 Documentation<HasDocumentation>; 1772 1773} // end alpha.webkit 1774