1//===--- Checkers.td - Static Analyzer Checkers -===-----------------------===// 2// 3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4// See https://llvm.org/LICENSE.txt for license information. 5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6// 7//===----------------------------------------------------------------------===// 8 9include "CheckerBase.td" 10 11//===----------------------------------------------------------------------===// 12// Packages. 13//===----------------------------------------------------------------------===// 14 15// The Alpha package is for checkers that have too many false positives to be 16// turned on by default. The hierarchy under Alpha should be organized in the 17// hierarchy checkers would have had if they were truly at the top level. 18// (For example, a Cocoa-specific checker that is alpha should be in 19// alpha.osx.cocoa). 20def Alpha : Package<"alpha">; 21 22def Core : Package<"core">; 23def CoreBuiltin : Package<"builtin">, ParentPackage<Core>, Hidden; 24def CoreUninitialized : Package<"uninitialized">, ParentPackage<Core>; 25def CoreAlpha : Package<"core">, ParentPackage<Alpha>; 26 27// The OptIn package is for checkers that are not alpha and that would normally 28// be on by default but where the driver does not have enough information to 29// determine when they are applicable. For example, localizability checkers fit 30// this criterion because the driver cannot determine whether a project is 31// localized or not -- this is best determined at the IDE or build-system level. 32// 33// The checker hierarchy under OptIn should mirror that in Alpha: checkers 34// should be organized as if they were at the top level. 35// 36// Note: OptIn is *not* intended for checkers that are too noisy to be on by 37// default. Such checkers belong in the alpha package. 38def OptIn : Package<"optin">; 39 40// In the Portability package reside checkers for finding code that relies on 41// implementation-defined behavior. Such checks are wanted for cross-platform 42// development, but unwanted for developers who target only a single platform. 43def PortabilityOptIn : Package<"portability">, ParentPackage<OptIn>; 44 45def Nullability : Package<"nullability">, 46 PackageOptions<[ 47 CmdLineOption<Boolean, 48 "NoDiagnoseCallsToSystemHeaders", 49 "Suppresses warnings for violating nullability annotations " 50 "of system header functions. This is useful if you are " 51 "concerned with your custom nullability annotations more " 52 "than with following nullability specifications of system " 53 "header functions.", 54 "false", 55 Released> 56 ]>; 57 58def Cplusplus : Package<"cplusplus">; 59def CplusplusAlpha : Package<"cplusplus">, ParentPackage<Alpha>; 60def CplusplusOptIn : Package<"cplusplus">, ParentPackage<OptIn>; 61 62def Valist : Package<"valist">; 63 64def DeadCode : Package<"deadcode">; 65def DeadCodeAlpha : Package<"deadcode">, ParentPackage<Alpha>; 66 67def Performance : Package<"performance">, ParentPackage<OptIn>; 68 69def Security : Package <"security">; 70def InsecureAPI : Package<"insecureAPI">, ParentPackage<Security>; 71def SecurityAlpha : Package<"security">, ParentPackage<Alpha>; 72def Taint : Package<"taint">, ParentPackage<SecurityAlpha>; 73 74def CERT : Package<"cert">, ParentPackage<SecurityAlpha>; 75def POS : Package<"pos">, ParentPackage<CERT>; 76def ENV : Package<"env">, ParentPackage<CERT>; 77 78def Unix : Package<"unix">; 79def UnixAlpha : Package<"unix">, ParentPackage<Alpha>; 80def CString : Package<"cstring">, ParentPackage<Unix>; 81def CStringAlpha : Package<"cstring">, ParentPackage<UnixAlpha>; 82 83def OSX : Package<"osx">; 84def OSXAlpha : Package<"osx">, ParentPackage<Alpha>; 85def OSXOptIn : Package<"osx">, ParentPackage<OptIn>; 86 87def Cocoa : Package<"cocoa">, ParentPackage<OSX>; 88def CocoaAlpha : Package<"cocoa">, ParentPackage<OSXAlpha>; 89def CocoaOptIn : Package<"cocoa">, ParentPackage<OSXOptIn>; 90 91def CoreFoundation : Package<"coreFoundation">, ParentPackage<OSX>; 92def Containers : Package<"containers">, ParentPackage<CoreFoundation>; 93 94def LocalizabilityAlpha : Package<"localizability">, ParentPackage<CocoaAlpha>; 95def LocalizabilityOptIn : Package<"localizability">, ParentPackage<CocoaOptIn>; 96 97def MPI : Package<"mpi">, ParentPackage<OptIn>; 98 99def LLVM : Package<"llvm">; 100def LLVMAlpha : Package<"llvm">, ParentPackage<Alpha>; 101 102// The APIModeling package is for checkers that model APIs and don't perform 103// any diagnostics. These checkers are always turned on; this package is 104// intended for API modeling that is not controlled by the target triple. 105def APIModeling : Package<"apiModeling">, Hidden; 106def APIModelingAlpha : Package<"apiModeling">, ParentPackage<Alpha>, Hidden; 107 108def GoogleAPIModeling : Package<"google">, ParentPackage<APIModeling>, Hidden; 109def LLVMAPIModeling : Package<"llvm">, ParentPackage<APIModeling>, Hidden; 110 111def Debug : Package<"debug">, Hidden; 112 113def CloneDetectionAlpha : Package<"clone">, ParentPackage<Alpha>; 114 115def NonDeterminismAlpha : Package<"nondeterminism">, ParentPackage<Alpha>; 116 117def Fuchsia : Package<"fuchsia">; 118def FuchsiaAlpha : Package<"fuchsia">, ParentPackage<Alpha>; 119 120def WebKit : Package<"webkit">; 121def WebKitAlpha : Package<"webkit">, ParentPackage<Alpha>; 122 123//===----------------------------------------------------------------------===// 124// Core Checkers. 125//===----------------------------------------------------------------------===// 126 127let ParentPackage = Core in { 128 129def CallAndMessageModeling : Checker<"CallAndMessageModeling">, 130 HelpText<"Responsible for essential modeling and assumptions after a " 131 "function/method call. For instance, if we can't reason about the " 132 "nullability of the implicit this parameter after a method call, " 133 "this checker conservatively assumes it to be non-null">, 134 Documentation<HasDocumentation>, 135 Hidden; 136 137def CallAndMessageChecker : Checker<"CallAndMessage">, 138 HelpText<"Check for logical errors for function calls and Objective-C " 139 "message expressions (e.g., uninitialized arguments, null function " 140 "pointers)">, 141 CheckerOptions<[ 142 CmdLineOption<Boolean, 143 "FunctionPointer", 144 "Check whether a called function pointer is null or " 145 "undefined", 146 "true", 147 Released>, 148 CmdLineOption<Boolean, 149 "ParameterCount", 150 "Check whether a function was called with the appropriate " 151 "number of arguments", 152 "true", 153 Released>, 154 CmdLineOption<Boolean, 155 "CXXThisMethodCall", 156 "Check whether the implicit this parameter is null or " 157 "undefined upon a method call", 158 "true", 159 Released>, 160 CmdLineOption<Boolean, 161 "CXXDeallocationArg", 162 "Check whether the argument of operator delete is undefined", 163 "true", 164 Released>, 165 CmdLineOption<Boolean, 166 "ArgInitializedness", 167 "Check whether any of the pass-by-value parameters is " 168 "undefined", 169 "true", 170 Released>, 171 CmdLineOption<Boolean, 172 "ArgPointeeInitializedness", 173 "Check whether the pointee of a pass-by-reference or " 174 "pass-by-pointer is undefined", 175 "false", 176 InAlpha>, 177 CmdLineOption<Boolean, 178 "NilReceiver", 179 "Check whether the reciever in the message expression is nil", 180 "true", 181 Released>, 182 CmdLineOption<Boolean, 183 "UndefReceiver", 184 "Check whether the reciever in the message expression is " 185 "undefined", 186 "true", 187 Released>, 188 ]>, 189 Documentation<HasDocumentation>, 190 Dependencies<[CallAndMessageModeling]>; 191 192def DereferenceChecker : Checker<"NullDereference">, 193 HelpText<"Check for dereferences of null pointers">, 194 CheckerOptions<[ 195 CmdLineOption<Boolean, 196 "SuppressAddressSpaces", 197 "Suppresses warning when pointer dereferences an address space", 198 "true", 199 Released> 200 ]>, 201 Documentation<HasDocumentation>; 202 203def NonNullParamChecker : Checker<"NonNullParamChecker">, 204 HelpText<"Check for null pointers passed as arguments to a function whose " 205 "arguments are references or marked with the 'nonnull' attribute">, 206 Documentation<HasDocumentation>; 207 208def VLASizeChecker : Checker<"VLASize">, 209 HelpText<"Check for declarations of VLA of undefined or zero size">, 210 Documentation<HasDocumentation>; 211 212def DivZeroChecker : Checker<"DivideZero">, 213 HelpText<"Check for division by zero">, 214 Documentation<HasDocumentation>; 215 216def UndefResultChecker : Checker<"UndefinedBinaryOperatorResult">, 217 HelpText<"Check for undefined results of binary operators">, 218 Documentation<HasDocumentation>; 219 220def StackAddrEscapeBase : Checker<"StackAddrEscapeBase">, 221 HelpText<"Generate information about stack address escapes.">, 222 Documentation<NotDocumented>, 223 Hidden; 224 225def StackAddrEscapeChecker : Checker<"StackAddressEscape">, 226 HelpText<"Check that addresses to stack memory do not escape the function">, 227 Dependencies<[StackAddrEscapeBase]>, 228 Documentation<HasDocumentation>; 229 230def DynamicTypePropagation : Checker<"DynamicTypePropagation">, 231 HelpText<"Generate dynamic type information">, 232 Documentation<NotDocumented>, 233 Hidden; 234 235def NonnullGlobalConstantsChecker: Checker<"NonnilStringConstants">, 236 HelpText<"Assume that const string-like globals are non-null">, 237 Documentation<NotDocumented>, 238 Hidden; 239 240} // end "core" 241 242let ParentPackage = CoreAlpha in { 243 244def BoolAssignmentChecker : Checker<"BoolAssignment">, 245 HelpText<"Warn about assigning non-{0,1} values to Boolean variables">, 246 Documentation<HasDocumentation>; 247 248def CastSizeChecker : Checker<"CastSize">, 249 HelpText<"Check when casting a malloc'ed type T, whether the size is a " 250 "multiple of the size of T">, 251 Documentation<HasDocumentation>; 252 253def CastToStructChecker : Checker<"CastToStruct">, 254 HelpText<"Check for cast from non-struct pointer to struct pointer">, 255 Documentation<HasDocumentation>; 256 257def ConversionChecker : Checker<"Conversion">, 258 HelpText<"Loss of sign/precision in implicit conversions">, 259 Documentation<HasDocumentation>; 260 261def IdenticalExprChecker : Checker<"IdenticalExpr">, 262 HelpText<"Warn about unintended use of identical expressions in operators">, 263 Documentation<HasDocumentation>; 264 265def FixedAddressChecker : Checker<"FixedAddr">, 266 HelpText<"Check for assignment of a fixed address to a pointer">, 267 Documentation<HasDocumentation>; 268 269def PointerArithChecker : Checker<"PointerArithm">, 270 HelpText<"Check for pointer arithmetic on locations other than array " 271 "elements">, 272 Documentation<HasDocumentation>; 273 274def PointerSubChecker : Checker<"PointerSub">, 275 HelpText<"Check for pointer subtractions on two pointers pointing to " 276 "different memory chunks">, 277 Documentation<HasDocumentation>; 278 279def SizeofPointerChecker : Checker<"SizeofPtr">, 280 HelpText<"Warn about unintended use of sizeof() on pointer expressions">, 281 Documentation<HasDocumentation>; 282 283def TestAfterDivZeroChecker : Checker<"TestAfterDivZero">, 284 HelpText<"Check for division by variable that is later compared against 0. " 285 "Either the comparison is useless or there is division by zero.">, 286 Documentation<HasDocumentation>; 287 288def DynamicTypeChecker : Checker<"DynamicTypeChecker">, 289 HelpText<"Check for cases where the dynamic and the static type of an object " 290 "are unrelated.">, 291 Documentation<HasDocumentation>; 292 293def StackAddrAsyncEscapeChecker : Checker<"StackAddressAsyncEscape">, 294 HelpText<"Check that addresses to stack memory do not escape the function">, 295 Dependencies<[StackAddrEscapeBase]>, 296 Documentation<HasDocumentation>; 297 298def PthreadLockBase : Checker<"PthreadLockBase">, 299 HelpText<"Helper registering multiple checks.">, 300 Documentation<NotDocumented>, 301 Hidden; 302 303def C11LockChecker : Checker<"C11Lock">, 304 HelpText<"Simple lock -> unlock checker">, 305 Dependencies<[PthreadLockBase]>, 306 Documentation<HasDocumentation>; 307 308} // end "alpha.core" 309 310//===----------------------------------------------------------------------===// 311// Nullability checkers. 312//===----------------------------------------------------------------------===// 313 314let ParentPackage = Nullability in { 315 316def NullabilityBase : Checker<"NullabilityBase">, 317 HelpText<"Stores information during the analysis about nullability.">, 318 Documentation<NotDocumented>, 319 Hidden; 320 321def NullPassedToNonnullChecker : Checker<"NullPassedToNonnull">, 322 HelpText<"Warns when a null pointer is passed to a pointer which has a " 323 "_Nonnull type.">, 324 Dependencies<[NullabilityBase]>, 325 Documentation<HasDocumentation>; 326 327def NullReturnedFromNonnullChecker : Checker<"NullReturnedFromNonnull">, 328 HelpText<"Warns when a null pointer is returned from a function that has " 329 "_Nonnull return type.">, 330 Dependencies<[NullabilityBase]>, 331 Documentation<HasDocumentation>; 332 333def NullableDereferencedChecker : Checker<"NullableDereferenced">, 334 HelpText<"Warns when a nullable pointer is dereferenced.">, 335 Dependencies<[NullabilityBase]>, 336 Documentation<HasDocumentation>; 337 338def NullablePassedToNonnullChecker : Checker<"NullablePassedToNonnull">, 339 HelpText<"Warns when a nullable pointer is passed to a pointer which has a " 340 "_Nonnull type.">, 341 Dependencies<[NullabilityBase]>, 342 Documentation<HasDocumentation>; 343 344def NullableReturnedFromNonnullChecker : Checker<"NullableReturnedFromNonnull">, 345 HelpText<"Warns when a nullable pointer is returned from a function that has " 346 "_Nonnull return type.">, 347 Dependencies<[NullabilityBase]>, 348 Documentation<NotDocumented>; 349 350} // end "nullability" 351 352//===----------------------------------------------------------------------===// 353// APIModeling. 354//===----------------------------------------------------------------------===// 355 356let ParentPackage = APIModeling in { 357 358def ErrnoModeling : Checker<"Errno">, 359 HelpText<"Make the special value 'errno' available to other checkers.">, 360 Documentation<NotDocumented>; 361 362def StdCLibraryFunctionsChecker : Checker<"StdCLibraryFunctions">, 363 HelpText<"Improve modeling of the C standard library functions">, 364 // Uninitialized value check is a mandatory dependency. This Checker asserts 365 // that arguments are always initialized. 366 Dependencies<[CallAndMessageModeling]>, 367 CheckerOptions<[ 368 CmdLineOption<Boolean, 369 "DisplayLoadedSummaries", 370 "If set to true, the checker displays the found summaries " 371 "for the given translation unit.", 372 "false", 373 Released, 374 Hide>, 375 CmdLineOption<Boolean, 376 "ModelPOSIX", 377 "If set to true, the checker models functions from the " 378 "POSIX standard.", 379 "false", 380 InAlpha> 381 ]>, 382 Documentation<NotDocumented>, 383 Hidden; 384 385def TrustNonnullChecker : Checker<"TrustNonnull">, 386 HelpText<"Trust that returns from framework methods annotated with _Nonnull " 387 "are not null">, 388 Documentation<NotDocumented>; 389 390def TrustReturnsNonnullChecker : Checker<"TrustReturnsNonnull">, 391 HelpText<"Trust that returns from methods annotated with returns_nonnull " 392 "are not null">, 393 Documentation<NotDocumented>; 394 395} // end "apiModeling" 396 397//===----------------------------------------------------------------------===// 398// Evaluate "builtin" functions. 399//===----------------------------------------------------------------------===// 400 401let ParentPackage = CoreBuiltin in { 402 403def NoReturnFunctionChecker : Checker<"NoReturnFunctions">, 404 HelpText<"Evaluate \"panic\" functions that are known to not return to the " 405 "caller">, 406 Documentation<NotDocumented>; 407 408def BuiltinFunctionChecker : Checker<"BuiltinFunctions">, 409 HelpText<"Evaluate compiler builtin functions (e.g., alloca())">, 410 Documentation<NotDocumented>; 411 412} // end "core.builtin" 413 414//===----------------------------------------------------------------------===// 415// Uninitialized values checkers. 416//===----------------------------------------------------------------------===// 417 418let ParentPackage = CoreUninitialized in { 419 420def UndefinedArraySubscriptChecker : Checker<"ArraySubscript">, 421 HelpText<"Check for uninitialized values used as array subscripts">, 422 Documentation<HasDocumentation>; 423 424def UndefinedAssignmentChecker : Checker<"Assign">, 425 HelpText<"Check for assigning uninitialized values">, 426 Documentation<HasDocumentation>; 427 428def UndefBranchChecker : Checker<"Branch">, 429 HelpText<"Check for uninitialized values used as branch conditions">, 430 Documentation<HasDocumentation>; 431 432def UndefCapturedBlockVarChecker : Checker<"CapturedBlockVariable">, 433 HelpText<"Check for blocks that capture uninitialized values">, 434 Documentation<NotDocumented>; 435 436def ReturnUndefChecker : Checker<"UndefReturn">, 437 HelpText<"Check for uninitialized values being returned to the caller">, 438 Documentation<HasDocumentation>; 439 440} // end "core.uninitialized" 441 442//===----------------------------------------------------------------------===// 443// Unix API checkers. 444//===----------------------------------------------------------------------===// 445 446let ParentPackage = CString in { 447 448def CStringModeling : Checker<"CStringModeling">, 449 HelpText<"The base of several CString related checkers. On it's own it emits " 450 "no reports, but adds valuable information to the analysis when " 451 "enabled.">, 452 Documentation<NotDocumented>, 453 Hidden; 454 455def CStringNullArg : Checker<"NullArg">, 456 HelpText<"Check for null pointers being passed as arguments to C string " 457 "functions">, 458 Dependencies<[CStringModeling]>, 459 Documentation<HasDocumentation>; 460 461def CStringSyntaxChecker : Checker<"BadSizeArg">, 462 HelpText<"Check the size argument passed into C string functions for common " 463 "erroneous patterns">, 464 Dependencies<[CStringModeling]>, 465 Documentation<HasDocumentation>; 466 467} // end "unix.cstring" 468 469let ParentPackage = CStringAlpha in { 470 471def CStringOutOfBounds : Checker<"OutOfBounds">, 472 HelpText<"Check for out-of-bounds access in string functions">, 473 Dependencies<[CStringModeling]>, 474 Documentation<HasDocumentation>; 475 476def CStringBufferOverlap : Checker<"BufferOverlap">, 477 HelpText<"Checks for overlap in two buffer arguments">, 478 Dependencies<[CStringModeling]>, 479 Documentation<HasDocumentation>; 480 481def CStringNotNullTerm : Checker<"NotNullTerminated">, 482 HelpText<"Check for arguments which are not null-terminating strings">, 483 Dependencies<[CStringModeling]>, 484 Documentation<HasDocumentation>; 485 486def CStringUninitializedRead : Checker<"UninitializedRead">, 487 HelpText<"Checks if the string manipulation function would read uninitialized bytes">, 488 Dependencies<[CStringModeling]>, 489 Documentation<HasDocumentation>; 490 491} // end "alpha.unix.cstring" 492 493let ParentPackage = Unix in { 494 495def UnixAPIMisuseChecker : Checker<"API">, 496 HelpText<"Check calls to various UNIX/Posix functions">, 497 Documentation<HasDocumentation>; 498 499def DynamicMemoryModeling: Checker<"DynamicMemoryModeling">, 500 HelpText<"The base of several malloc() related checkers. On it's own it " 501 "emits no reports, but adds valuable information to the analysis " 502 "when enabled.">, 503 CheckerOptions<[ 504 CmdLineOption<Boolean, 505 "Optimistic", 506 "If set to true, the checker assumes that all the " 507 "allocating and deallocating functions are annotated with " 508 "ownership_holds, ownership_takes and ownership_returns.", 509 "false", 510 InAlpha>, 511 CmdLineOption<Boolean, 512 "AddNoOwnershipChangeNotes", 513 "Add an additional note to the bug report for leak-like " 514 "bugs. Dynamically allocated objects passed to functions " 515 "that neither deallocated it, or have taken responsibility " 516 "of the ownership are noted, similarly to " 517 "NoStoreFuncVisitor.", 518 "true", 519 Released, 520 Hide> 521 ]>, 522 Dependencies<[CStringModeling]>, 523 Documentation<NotDocumented>, 524 Hidden; 525 526def MallocChecker: Checker<"Malloc">, 527 HelpText<"Check for memory leaks, double free, and use-after-free problems. " 528 "Traces memory managed by malloc()/free().">, 529 Dependencies<[DynamicMemoryModeling]>, 530 Documentation<HasDocumentation>; 531 532def MallocSizeofChecker : Checker<"MallocSizeof">, 533 HelpText<"Check for dubious malloc arguments involving sizeof">, 534 Documentation<HasDocumentation>; 535 536def MismatchedDeallocatorChecker : Checker<"MismatchedDeallocator">, 537 HelpText<"Check for mismatched deallocators.">, 538 Dependencies<[DynamicMemoryModeling]>, 539 Documentation<HasDocumentation>; 540 541def VforkChecker : Checker<"Vfork">, 542 HelpText<"Check for proper usage of vfork">, 543 Documentation<HasDocumentation>; 544 545} // end "unix" 546 547let ParentPackage = UnixAlpha in { 548 549def ErrnoChecker : Checker<"Errno">, 550 HelpText<"Check for improper use of 'errno'">, 551 Dependencies<[ErrnoModeling]>, 552 CheckerOptions<[ 553 CmdLineOption<Boolean, 554 "AllowErrnoReadOutsideConditionExpressions", 555 "Allow read of undefined value from errno outside of conditions", 556 "true", 557 InAlpha>, 558 ]>, 559 Documentation<HasDocumentation>; 560 561def ChrootChecker : Checker<"Chroot">, 562 HelpText<"Check improper use of chroot">, 563 Documentation<HasDocumentation>; 564 565def PthreadLockChecker : Checker<"PthreadLock">, 566 HelpText<"Simple lock -> unlock checker">, 567 Dependencies<[PthreadLockBase]>, 568 Documentation<HasDocumentation>; 569 570def StreamChecker : Checker<"Stream">, 571 HelpText<"Check stream handling functions">, 572 Documentation<HasDocumentation>; 573 574def SimpleStreamChecker : Checker<"SimpleStream">, 575 HelpText<"Check for misuses of stream APIs">, 576 Documentation<HasDocumentation>; 577 578def BlockInCriticalSectionChecker : Checker<"BlockInCriticalSection">, 579 HelpText<"Check for calls to blocking functions inside a critical section">, 580 Documentation<HasDocumentation>; 581 582def StdCLibraryFunctionArgsChecker : Checker<"StdCLibraryFunctionArgs">, 583 HelpText<"Check constraints of arguments of C standard library functions, " 584 "such as whether the parameter of isalpha is in the range [0, 255] " 585 "or is EOF.">, 586 Dependencies<[StdCLibraryFunctionsChecker]>, 587 WeakDependencies<[CallAndMessageChecker, NonNullParamChecker, StreamChecker]>, 588 Documentation<HasDocumentation>; 589 590} // end "alpha.unix" 591 592//===----------------------------------------------------------------------===// 593// C++ checkers. 594//===----------------------------------------------------------------------===// 595 596let ParentPackage = Cplusplus in { 597 598def InnerPointerChecker : Checker<"InnerPointer">, 599 HelpText<"Check for inner pointers of C++ containers used after " 600 "re/deallocation">, 601 Dependencies<[DynamicMemoryModeling]>, 602 Documentation<NotDocumented>; 603 604def NewDeleteChecker : Checker<"NewDelete">, 605 HelpText<"Check for double-free and use-after-free problems. Traces memory " 606 "managed by new/delete.">, 607 Dependencies<[DynamicMemoryModeling]>, 608 Documentation<HasDocumentation>; 609 610def NewDeleteLeaksChecker : Checker<"NewDeleteLeaks">, 611 HelpText<"Check for memory leaks. Traces memory managed by new/delete.">, 612 Dependencies<[DynamicMemoryModeling]>, 613 Documentation<HasDocumentation>; 614 615def PlacementNewChecker : Checker<"PlacementNew">, 616 HelpText<"Check if default placement new is provided with pointers to " 617 "sufficient storage capacity">, 618 Dependencies<[DynamicMemoryModeling]>, 619 Documentation<HasDocumentation>; 620 621def CXXSelfAssignmentChecker : Checker<"SelfAssignment">, 622 HelpText<"Checks C++ copy and move assignment operators for self assignment">, 623 Documentation<NotDocumented>, 624 Hidden; 625 626def SmartPtrModeling: Checker<"SmartPtrModeling">, 627 HelpText<"Model behavior of C++ smart pointers">, 628 Documentation<NotDocumented>, 629 CheckerOptions<[ 630 CmdLineOption<Boolean, 631 "ModelSmartPtrDereference", 632 "Enable modeling for SmartPtr null dereferences", 633 "false", 634 InAlpha, 635 Hide>, 636 ]>, 637 Hidden; 638 639def StringChecker: Checker<"StringChecker">, 640 HelpText<"Checks C++ std::string bugs">, 641 Documentation<HasDocumentation>; 642 643def MoveChecker: Checker<"Move">, 644 HelpText<"Find use-after-move bugs in C++">, 645 CheckerOptions<[ 646 CmdLineOption<String, 647 "WarnOn", 648 "In non-aggressive mode, only warn on use-after-move of " 649 "local variables (or local rvalue references) and of STL " 650 "objects. The former is possible because local variables (or " 651 "local rvalue references) are not tempting their user to " 652 "re-use the storage. The latter is possible because STL " 653 "objects are known to end up in a valid but unspecified " 654 "state after the move and their state-reset methods are also " 655 "known, which allows us to predict precisely when " 656 "use-after-move is invalid. Some STL objects are known to " 657 "conform to additional contracts after move, so they are not " 658 "tracked. However, smart pointers specifically are tracked " 659 "because we can perform extra checking over them. In " 660 "aggressive mode, warn on any use-after-move because the " 661 "user has intentionally asked us to completely eliminate " 662 "use-after-move in his code. Values: \"KnownsOnly\", " 663 "\"KnownsAndLocals\", \"All\".", 664 "KnownsAndLocals", 665 Released> 666 ]>, 667 Documentation<HasDocumentation>; 668 669def VirtualCallModeling : Checker<"VirtualCallModeling">, 670 HelpText<"Auxiliary modeling for the virtual method call checkers">, 671 Documentation<NotDocumented>, 672 Hidden; 673 674def PureVirtualCallChecker : Checker<"PureVirtualCall">, 675 HelpText<"Check pure virtual function calls during construction/destruction">, 676 Dependencies<[VirtualCallModeling]>, 677 Documentation<HasDocumentation>; 678} // end: "cplusplus" 679 680let ParentPackage = CplusplusOptIn in { 681 682def UninitializedObjectChecker: Checker<"UninitializedObject">, 683 HelpText<"Reports uninitialized fields after object construction">, 684 CheckerOptions<[ 685 CmdLineOption<Boolean, 686 "Pedantic", 687 "If set to false, the checker won't emit warnings " 688 "for objects that don't have at least one initialized " 689 "field.", 690 "false", 691 Released>, 692 CmdLineOption<Boolean, 693 "NotesAsWarnings", 694 "If set to true, the checker will emit a warning " 695 "for each uninitalized field, as opposed to emitting one " 696 "warning per constructor call, and listing the uninitialized " 697 "fields that belongs to it in notes.", 698 "false", 699 Released, 700 Hide>, 701 CmdLineOption<Boolean, 702 "CheckPointeeInitialization", 703 "If set to false, the checker will not analyze " 704 "the pointee of pointer/reference fields, and will only " 705 "check whether the object itself is initialized.", 706 "false", 707 InAlpha>, 708 CmdLineOption<String, 709 "IgnoreRecordsWithField", 710 "If supplied, the checker will not analyze " 711 "structures that have a field with a name or type name that " 712 "matches the given pattern.", 713 "\"\"", 714 Released>, 715 CmdLineOption<Boolean, 716 "IgnoreGuardedFields", 717 "If set to true, the checker will analyze _syntactically_ " 718 "whether the found uninitialized object is used without a " 719 "preceding assert call. Defaults to false.", 720 "false", 721 InAlpha> 722 ]>, 723 Documentation<HasDocumentation>; 724 725def VirtualCallChecker : Checker<"VirtualCall">, 726 HelpText<"Check virtual function calls during construction/destruction">, 727 CheckerOptions<[ 728 CmdLineOption<Boolean, 729 "ShowFixIts", 730 "Enable fix-it hints for this checker", 731 "false", 732 InAlpha>, 733 CmdLineOption<Boolean, 734 "PureOnly", 735 "Disables the checker. Keeps cplusplus.PureVirtualCall " 736 "enabled. This option is only provided for backwards " 737 "compatibility.", 738 "false", 739 InAlpha> 740 ]>, 741 Dependencies<[VirtualCallModeling]>, 742 Documentation<HasDocumentation>; 743 744} // end: "optin.cplusplus" 745 746let ParentPackage = CplusplusAlpha in { 747 748def ContainerModeling : Checker<"ContainerModeling">, 749 HelpText<"Models C++ containers">, 750 Documentation<NotDocumented>, 751 Hidden; 752 753def DeleteWithNonVirtualDtorChecker : Checker<"DeleteWithNonVirtualDtor">, 754 HelpText<"Reports destructions of polymorphic objects with a non-virtual " 755 "destructor in their base class">, 756 Documentation<HasDocumentation>; 757 758def EnumCastOutOfRangeChecker : Checker<"EnumCastOutOfRange">, 759 HelpText<"Check integer to enumeration casts for out of range values">, 760 Documentation<HasDocumentation>; 761 762def IteratorModeling : Checker<"IteratorModeling">, 763 HelpText<"Models iterators of C++ containers">, 764 Dependencies<[ContainerModeling]>, 765 Documentation<NotDocumented>, 766 Hidden; 767 768def STLAlgorithmModeling : Checker<"STLAlgorithmModeling">, 769 HelpText<"Models the algorithm library of the C++ STL.">, 770 CheckerOptions<[ 771 CmdLineOption<Boolean, 772 "AggressiveStdFindModeling", 773 "Enables exploration of the failure branch in std::find-like " 774 "functions.", 775 "false", 776 Released> 777 ]>, 778 Dependencies<[ContainerModeling]>, 779 Documentation<NotDocumented>; 780 781def InvalidatedIteratorChecker : Checker<"InvalidatedIterator">, 782 HelpText<"Check for use of invalidated iterators">, 783 Dependencies<[IteratorModeling]>, 784 Documentation<HasDocumentation>; 785 786def IteratorRangeChecker : Checker<"IteratorRange">, 787 HelpText<"Check for iterators used outside their valid ranges">, 788 Dependencies<[IteratorModeling]>, 789 Documentation<HasDocumentation>; 790 791def MismatchedIteratorChecker : Checker<"MismatchedIterator">, 792 HelpText<"Check for use of iterators of different containers where iterators " 793 "of the same container are expected">, 794 Dependencies<[IteratorModeling]>, 795 Documentation<HasDocumentation>; 796 797def SmartPtrChecker: Checker<"SmartPtr">, 798 HelpText<"Find the dereference of null SmrtPtr">, 799 Dependencies<[SmartPtrModeling]>, 800 Documentation<HasDocumentation>; 801 802} // end: "alpha.cplusplus" 803 804 805//===----------------------------------------------------------------------===// 806// Valist checkers. 807//===----------------------------------------------------------------------===// 808 809let ParentPackage = Valist in { 810 811def ValistBase : Checker<"ValistBase">, 812 HelpText<"Gathers information about va_lists.">, 813 Documentation<NotDocumented>, 814 Hidden; 815 816def UninitializedChecker : Checker<"Uninitialized">, 817 HelpText<"Check for usages of uninitialized (or already released) va_lists.">, 818 Dependencies<[ValistBase]>, 819 Documentation<NotDocumented>; 820 821def UnterminatedChecker : Checker<"Unterminated">, 822 HelpText<"Check for va_lists which are not released by a va_end call.">, 823 Dependencies<[ValistBase]>, 824 Documentation<NotDocumented>; 825 826def CopyToSelfChecker : Checker<"CopyToSelf">, 827 HelpText<"Check for va_lists which are copied onto itself.">, 828 Dependencies<[ValistBase]>, 829 Documentation<NotDocumented>; 830 831} // end : "valist" 832 833//===----------------------------------------------------------------------===// 834// Deadcode checkers. 835//===----------------------------------------------------------------------===// 836 837let ParentPackage = DeadCode in { 838 839def DeadStoresChecker : Checker<"DeadStores">, 840 HelpText<"Check for values stored to variables that are never read " 841 "afterwards">, 842 CheckerOptions<[ 843 CmdLineOption<Boolean, 844 "WarnForDeadNestedAssignments", 845 "Warns for deadstores in nested assignments." 846 "E.g.: if ((P = f())) where P is unused.", 847 "true", 848 Released>, 849 CmdLineOption<Boolean, 850 "ShowFixIts", 851 "Enable fix-it hints for this checker", 852 "false", 853 InAlpha> 854 ]>, 855 Documentation<HasDocumentation>; 856 857} // end DeadCode 858 859let ParentPackage = DeadCodeAlpha in { 860 861def UnreachableCodeChecker : Checker<"UnreachableCode">, 862 HelpText<"Check unreachable code">, 863 Documentation<HasDocumentation>; 864 865} // end "alpha.deadcode" 866 867//===----------------------------------------------------------------------===// 868// Performance checkers. 869//===----------------------------------------------------------------------===// 870 871let ParentPackage = Performance in { 872 873def PaddingChecker : Checker<"Padding">, 874 HelpText<"Check for excessively padded structs.">, 875 CheckerOptions<[ 876 CmdLineOption<Integer, 877 "AllowedPad", 878 "Reports are only generated if the excessive padding exceeds " 879 "'AllowedPad' in bytes.", 880 "24", 881 Released> 882 ]>, 883 Documentation<NotDocumented>; 884 885} // end: "padding" 886 887//===----------------------------------------------------------------------===// 888// Security checkers. 889//===----------------------------------------------------------------------===// 890 891let ParentPackage = InsecureAPI in { 892 893def SecuritySyntaxChecker : Checker<"SecuritySyntaxChecker">, 894 HelpText<"Base of various security function related checkers">, 895 Documentation<NotDocumented>, 896 Hidden; 897 898def bcmp : Checker<"bcmp">, 899 HelpText<"Warn on uses of the 'bcmp' function">, 900 Dependencies<[SecuritySyntaxChecker]>, 901 Documentation<HasDocumentation>; 902 903def bcopy : Checker<"bcopy">, 904 HelpText<"Warn on uses of the 'bcopy' function">, 905 Dependencies<[SecuritySyntaxChecker]>, 906 Documentation<HasDocumentation>; 907 908def bzero : Checker<"bzero">, 909 HelpText<"Warn on uses of the 'bzero' function">, 910 Dependencies<[SecuritySyntaxChecker]>, 911 Documentation<HasDocumentation>; 912 913def gets : Checker<"gets">, 914 HelpText<"Warn on uses of the 'gets' function">, 915 Dependencies<[SecuritySyntaxChecker]>, 916 Documentation<HasDocumentation>; 917 918def getpw : Checker<"getpw">, 919 HelpText<"Warn on uses of the 'getpw' function">, 920 Dependencies<[SecuritySyntaxChecker]>, 921 Documentation<HasDocumentation>; 922 923def mktemp : Checker<"mktemp">, 924 HelpText<"Warn on uses of the 'mktemp' function">, 925 Dependencies<[SecuritySyntaxChecker]>, 926 Documentation<HasDocumentation>; 927 928def mkstemp : Checker<"mkstemp">, 929 HelpText<"Warn when 'mkstemp' is passed fewer than 6 X's in the format " 930 "string">, 931 Dependencies<[SecuritySyntaxChecker]>, 932 Documentation<HasDocumentation>; 933 934def rand : Checker<"rand">, 935 HelpText<"Warn on uses of the 'rand', 'random', and related functions">, 936 Dependencies<[SecuritySyntaxChecker]>, 937 Documentation<HasDocumentation>; 938 939def strcpy : Checker<"strcpy">, 940 HelpText<"Warn on uses of the 'strcpy' and 'strcat' functions">, 941 Dependencies<[SecuritySyntaxChecker]>, 942 Documentation<HasDocumentation>; 943 944def vfork : Checker<"vfork">, 945 HelpText<"Warn on uses of the 'vfork' function">, 946 Dependencies<[SecuritySyntaxChecker]>, 947 Documentation<HasDocumentation>; 948 949def UncheckedReturn : Checker<"UncheckedReturn">, 950 HelpText<"Warn on uses of functions whose return values must be always " 951 "checked">, 952 Dependencies<[SecuritySyntaxChecker]>, 953 Documentation<HasDocumentation>; 954 955def DeprecatedOrUnsafeBufferHandling : 956 Checker<"DeprecatedOrUnsafeBufferHandling">, 957 HelpText<"Warn on uses of unsecure or deprecated buffer manipulating " 958 "functions">, 959 Dependencies<[SecuritySyntaxChecker]>, 960 Documentation<HasDocumentation>; 961 962def decodeValueOfObjCType : Checker<"decodeValueOfObjCType">, 963 HelpText<"Warn on uses of the '-decodeValueOfObjCType:at:' method">, 964 Dependencies<[SecuritySyntaxChecker]>, 965 Documentation<HasDocumentation>; 966 967} // end "security.insecureAPI" 968 969let ParentPackage = Security in { 970 971def FloatLoopCounter : Checker<"FloatLoopCounter">, 972 HelpText<"Warn on using a floating point value as a loop counter (CERT: " 973 "FLP30-C, FLP30-CPP)">, 974 Dependencies<[SecuritySyntaxChecker]>, 975 Documentation<HasDocumentation>; 976 977} // end "security" 978 979let ParentPackage = POS in { 980 981 def PutenvWithAuto : Checker<"34c">, 982 HelpText<"Finds calls to the 'putenv' function which pass a pointer to " 983 "an automatic variable as the argument.">, 984 Documentation<HasDocumentation>; 985 986} // end "alpha.cert.pos" 987 988let ParentPackage = ENV in { 989 990 def InvalidPtrChecker : Checker<"InvalidPtr">, 991 HelpText<"Finds usages of possibly invalidated pointers">, 992 Documentation<HasDocumentation>; 993 994} // end "alpha.cert.env" 995 996let ParentPackage = SecurityAlpha in { 997 998def ArrayBoundChecker : Checker<"ArrayBound">, 999 HelpText<"Warn about buffer overflows (older checker)">, 1000 Documentation<HasDocumentation>; 1001 1002def ArrayBoundCheckerV2 : Checker<"ArrayBoundV2">, 1003 HelpText<"Warn about buffer overflows (newer checker)">, 1004 Documentation<HasDocumentation>; 1005 1006def ReturnPointerRangeChecker : Checker<"ReturnPtrRange">, 1007 HelpText<"Check for an out-of-bound pointer being returned to callers">, 1008 Documentation<HasDocumentation>; 1009 1010def MallocOverflowSecurityChecker : Checker<"MallocOverflow">, 1011 HelpText<"Check for overflows in the arguments to malloc()">, 1012 Documentation<HasDocumentation>; 1013 1014def MmapWriteExecChecker : Checker<"MmapWriteExec">, 1015 HelpText<"Warn on mmap() calls that are both writable and executable">, 1016 CheckerOptions<[ 1017 CmdLineOption<Integer, 1018 "MmapProtExec", 1019 "Specifies the value of PROT_EXEC", 1020 "0x04", 1021 Released>, 1022 CmdLineOption<Integer, 1023 "MmapProtRead", 1024 "Specifies the value of PROT_READ", 1025 "0x01", 1026 Released> 1027 ]>, 1028 Documentation<HasDocumentation>; 1029 1030} // end "alpha.security" 1031 1032//===----------------------------------------------------------------------===// 1033// Taint checkers. 1034//===----------------------------------------------------------------------===// 1035 1036let ParentPackage = Taint in { 1037 1038def GenericTaintChecker : Checker<"TaintPropagation">, 1039 HelpText<"Generate taint information used by other checkers">, 1040 CheckerOptions<[ 1041 CmdLineOption<String, 1042 "Config", 1043 "Specifies the name of the configuration file.", 1044 "", 1045 InAlpha>, 1046 ]>, 1047 Documentation<HasDocumentation>; 1048 1049} // end "alpha.security.taint" 1050 1051//===----------------------------------------------------------------------===// 1052// Mac OS X, Cocoa, and Core Foundation checkers. 1053//===----------------------------------------------------------------------===// 1054 1055let ParentPackage = Cocoa in { 1056 1057def RetainCountBase : Checker<"RetainCountBase">, 1058 HelpText<"Common base of various retain count related checkers">, 1059 Documentation<NotDocumented>, 1060 Hidden; 1061 1062} // end "osx.cocoa" 1063 1064let ParentPackage = OSX in { 1065 1066def NSOrCFErrorDerefChecker : Checker<"NSOrCFErrorDerefChecker">, 1067 HelpText<"Implementation checker for NSErrorChecker and CFErrorChecker">, 1068 Documentation<NotDocumented>, 1069 Hidden; 1070 1071def NumberObjectConversionChecker : Checker<"NumberObjectConversion">, 1072 HelpText<"Check for erroneous conversions of objects representing numbers " 1073 "into numbers">, 1074 CheckerOptions<[ 1075 CmdLineOption<Boolean, 1076 "Pedantic", 1077 "Enables detection of more conversion patterns (which are " 1078 "most likely more harmless, and therefore are more likely to " 1079 "produce false positives).", 1080 "false", 1081 Released> 1082 ]>, 1083 Documentation<NotDocumented>; 1084 1085def MacOSXAPIChecker : Checker<"API">, 1086 HelpText<"Check for proper uses of various Apple APIs">, 1087 Documentation<HasDocumentation>; 1088 1089def MacOSKeychainAPIChecker : Checker<"SecKeychainAPI">, 1090 HelpText<"Check for proper uses of Secure Keychain APIs">, 1091 Documentation<HasDocumentation>; 1092 1093def MIGChecker : Checker<"MIG">, 1094 HelpText<"Find violations of the Mach Interface Generator " 1095 "calling convention">, 1096 Documentation<NotDocumented>; 1097 1098def ObjCPropertyChecker : Checker<"ObjCProperty">, 1099 HelpText<"Check for proper uses of Objective-C properties">, 1100 Documentation<NotDocumented>; 1101 1102def OSObjectRetainCountChecker : Checker<"OSObjectRetainCount">, 1103 HelpText<"Check for leaks and improper reference count management for " 1104 "OSObject">, 1105 Dependencies<[RetainCountBase]>, 1106 Documentation<NotDocumented>; 1107 1108} // end "osx" 1109 1110let ParentPackage = Cocoa in { 1111 1112def RunLoopAutoreleaseLeakChecker : Checker<"RunLoopAutoreleaseLeak">, 1113 HelpText<"Check for leaked memory in autorelease pools that will never be " 1114 "drained">, 1115 Documentation<NotDocumented>; 1116 1117def ObjCAtSyncChecker : Checker<"AtSync">, 1118 HelpText<"Check for nil pointers used as mutexes for @synchronized">, 1119 Documentation<HasDocumentation>; 1120 1121def NilArgChecker : Checker<"NilArg">, 1122 HelpText<"Check for prohibited nil arguments to ObjC method calls">, 1123 Documentation<HasDocumentation>; 1124 1125def ClassReleaseChecker : Checker<"ClassRelease">, 1126 HelpText<"Check for sending 'retain', 'release', or 'autorelease' directly " 1127 "to a Class">, 1128 Documentation<HasDocumentation>; 1129 1130def VariadicMethodTypeChecker : Checker<"VariadicMethodTypes">, 1131 HelpText<"Check for passing non-Objective-C types to variadic collection " 1132 "initialization methods that expect only Objective-C types">, 1133 Documentation<HasDocumentation>; 1134 1135def NSAutoreleasePoolChecker : Checker<"NSAutoreleasePool">, 1136 HelpText<"Warn for suboptimal uses of NSAutoreleasePool in Objective-C GC " 1137 "mode">, 1138 Documentation<HasDocumentation>; 1139 1140def ObjCMethSigsChecker : Checker<"IncompatibleMethodTypes">, 1141 HelpText<"Warn about Objective-C method signatures with type " 1142 "incompatibilities">, 1143 Documentation<HasDocumentation>; 1144 1145def ObjCUnusedIvarsChecker : Checker<"UnusedIvars">, 1146 HelpText<"Warn about private ivars that are never used">, 1147 Documentation<HasDocumentation>; 1148 1149def ObjCSelfInitChecker : Checker<"SelfInit">, 1150 HelpText<"Check that 'self' is properly initialized inside an initializer " 1151 "method">, 1152 Documentation<HasDocumentation>; 1153 1154def ObjCLoopChecker : Checker<"Loops">, 1155 HelpText<"Improved modeling of loops using Cocoa collection types">, 1156 Documentation<NotDocumented>; 1157 1158def ObjCNonNilReturnValueChecker : Checker<"NonNilReturnValue">, 1159 HelpText<"Model the APIs that are guaranteed to return a non-nil value">, 1160 Documentation<NotDocumented>; 1161 1162def ObjCSuperCallChecker : Checker<"MissingSuperCall">, 1163 HelpText<"Warn about Objective-C methods that lack a necessary call to " 1164 "super">, 1165 Documentation<NotDocumented>; 1166 1167def NSErrorChecker : Checker<"NSError">, 1168 HelpText<"Check usage of NSError** parameters">, 1169 Dependencies<[NSOrCFErrorDerefChecker]>, 1170 Documentation<HasDocumentation>; 1171 1172def RetainCountChecker : Checker<"RetainCount">, 1173 HelpText<"Check for leaks and improper reference count management">, 1174 CheckerOptions<[ 1175 CmdLineOption<Boolean, 1176 "TrackNSCFStartParam", 1177 "Check not only that the code follows retain-release rules " 1178 "with respect to objects it allocates or borrows from " 1179 "elsewhere, but also that it fulfills its own retain count " 1180 "specification with respect to objects that it receives as " 1181 "arguments.", 1182 "false", 1183 Released> 1184 ]>, 1185 Dependencies<[RetainCountBase]>, 1186 Documentation<HasDocumentation>; 1187 1188def ObjCGenericsChecker : Checker<"ObjCGenerics">, 1189 HelpText<"Check for type errors when using Objective-C generics">, 1190 Dependencies<[DynamicTypePropagation]>, 1191 Documentation<HasDocumentation>; 1192 1193def ObjCDeallocChecker : Checker<"Dealloc">, 1194 HelpText<"Warn about Objective-C classes that lack a correct implementation " 1195 "of -dealloc">, 1196 Documentation<HasDocumentation>; 1197 1198def ObjCSuperDeallocChecker : Checker<"SuperDealloc">, 1199 HelpText<"Warn about improper use of '[super dealloc]' in Objective-C">, 1200 Documentation<HasDocumentation>; 1201 1202def AutoreleaseWriteChecker : Checker<"AutoreleaseWrite">, 1203 HelpText<"Warn about potentially crashing writes to autoreleasing objects " 1204 "from different autoreleasing pools in Objective-C">, 1205 Documentation<NotDocumented>; 1206 1207} // end "osx.cocoa" 1208 1209let ParentPackage = Performance in { 1210 1211def GCDAntipattern : Checker<"GCDAntipattern">, 1212 HelpText<"Check for performance anti-patterns when using Grand Central " 1213 "Dispatch">, 1214 Documentation<NotDocumented>; 1215} // end "optin.performance" 1216 1217let ParentPackage = OSXOptIn in { 1218 1219def OSObjectCStyleCast : Checker<"OSObjectCStyleCast">, 1220 HelpText<"Checker for C-style casts of OSObjects">, 1221 Documentation<NotDocumented>; 1222 1223} // end "optin.osx" 1224 1225let ParentPackage = CocoaAlpha in { 1226 1227def IvarInvalidationModeling : Checker<"IvarInvalidationModeling">, 1228 HelpText<"Gathers information for annotation driven invalidation checking " 1229 "for classes that contains a method annotated with " 1230 "'objc_instance_variable_invalidator'">, 1231 Documentation<NotDocumented>, 1232 Hidden; 1233 1234def InstanceVariableInvalidation : Checker<"InstanceVariableInvalidation">, 1235 HelpText<"Check that the invalidatable instance variables are invalidated in " 1236 "the methods annotated with objc_instance_variable_invalidator">, 1237 Dependencies<[IvarInvalidationModeling]>, 1238 Documentation<HasDocumentation>; 1239 1240def MissingInvalidationMethod : Checker<"MissingInvalidationMethod">, 1241 HelpText<"Check that the invalidation methods are present in classes that " 1242 "contain invalidatable instance variables">, 1243 Dependencies<[IvarInvalidationModeling]>, 1244 Documentation<HasDocumentation>; 1245 1246def DirectIvarAssignment : Checker<"DirectIvarAssignment">, 1247 HelpText<"Check for direct assignments to instance variables">, 1248 CheckerOptions<[ 1249 CmdLineOption<Boolean, 1250 "AnnotatedFunctions", 1251 "Check for direct assignments to instance variables in the " 1252 "methods annotated with " 1253 "objc_no_direct_instance_variable_assignment", 1254 "false", 1255 InAlpha> 1256 ]>, 1257 Documentation<HasDocumentation>; 1258 1259} // end "alpha.osx.cocoa" 1260 1261let ParentPackage = CoreFoundation in { 1262 1263def CFNumberChecker : Checker<"CFNumber">, 1264 HelpText<"Check for proper uses of CFNumber APIs">, 1265 Documentation<HasDocumentation>; 1266 1267def CFRetainReleaseChecker : Checker<"CFRetainRelease">, 1268 HelpText<"Check for null arguments to CFRetain/CFRelease/CFMakeCollectable">, 1269 Documentation<HasDocumentation>; 1270 1271def CFErrorChecker : Checker<"CFError">, 1272 HelpText<"Check usage of CFErrorRef* parameters">, 1273 Dependencies<[NSOrCFErrorDerefChecker]>, 1274 Documentation<HasDocumentation>; 1275 1276} // end "osx.coreFoundation" 1277 1278let ParentPackage = Containers in { 1279 1280def ObjCContainersASTChecker : Checker<"PointerSizedValues">, 1281 HelpText<"Warns if 'CFArray', 'CFDictionary', 'CFSet' are created with " 1282 "non-pointer-size values">, 1283 Documentation<HasDocumentation>; 1284 1285def ObjCContainersChecker : Checker<"OutOfBounds">, 1286 HelpText<"Checks for index out-of-bounds when using 'CFArray' API">, 1287 Documentation<HasDocumentation>; 1288 1289} // end "osx.coreFoundation.containers" 1290 1291let ParentPackage = LocalizabilityOptIn in { 1292 1293def NonLocalizedStringChecker : Checker<"NonLocalizedStringChecker">, 1294 HelpText<"Warns about uses of non-localized NSStrings passed to UI methods " 1295 "expecting localized NSStrings">, 1296 CheckerOptions<[ 1297 CmdLineOption<Boolean, 1298 "AggressiveReport", 1299 "Marks a string being returned by any call as localized if " 1300 "it is in LocStringFunctions (LSF) or the function is " 1301 "annotated. Otherwise, we mark it as NonLocalized " 1302 "(Aggressive) or NonLocalized only if it is not backed by a " 1303 "SymRegion (Non-Aggressive), basically leaving only string " 1304 "literals as NonLocalized.", 1305 "false", 1306 InAlpha, 1307 Hide> 1308 ]>, 1309 Documentation<HasDocumentation>; 1310 1311def EmptyLocalizationContextChecker : 1312 Checker<"EmptyLocalizationContextChecker">, 1313 HelpText<"Check that NSLocalizedString macros include a comment for context">, 1314 Documentation<HasDocumentation>; 1315 1316} // end "optin.osx.cocoa.localizability" 1317 1318let ParentPackage = LocalizabilityAlpha in { 1319 1320def PluralMisuseChecker : Checker<"PluralMisuseChecker">, 1321 HelpText<"Warns against using one vs. many plural pattern in code when " 1322 "generating localized strings.">, 1323 Documentation<HasDocumentation>; 1324 1325} // end "alpha.osx.cocoa.localizability" 1326 1327let ParentPackage = MPI in { 1328 1329def MPIChecker : Checker<"MPI-Checker">, 1330 HelpText<"Checks MPI code">, 1331 Documentation<HasDocumentation>; 1332 1333} // end "optin.mpi" 1334 1335//===----------------------------------------------------------------------===// 1336// Checkers for LLVM development. 1337//===----------------------------------------------------------------------===// 1338 1339let ParentPackage = LLVMAlpha in { 1340 1341def LLVMConventionsChecker : Checker<"Conventions">, 1342 HelpText<"Check code for LLVM codebase conventions">, 1343 Documentation<HasDocumentation>; 1344 1345} // end "llvm" 1346 1347let ParentPackage = LLVMAPIModeling in { 1348 1349def CastValueChecker : Checker<"CastValue">, 1350 HelpText<"Model implementation of custom RTTIs">, 1351 Documentation<NotDocumented>; 1352 1353def ReturnValueChecker : Checker<"ReturnValue">, 1354 HelpText<"Model the guaranteed boolean return value of function calls">, 1355 Documentation<NotDocumented>; 1356 1357} // end "apiModeling.llvm" 1358 1359//===----------------------------------------------------------------------===// 1360// Checkers modeling Google APIs. 1361//===----------------------------------------------------------------------===// 1362 1363let ParentPackage = GoogleAPIModeling in { 1364 1365def GTestChecker : Checker<"GTest">, 1366 HelpText<"Model gtest assertion APIs">, 1367 Documentation<NotDocumented>; 1368 1369} // end "apiModeling.google" 1370 1371//===----------------------------------------------------------------------===// 1372// Debugging checkers (for analyzer development). 1373//===----------------------------------------------------------------------===// 1374 1375let ParentPackage = Debug in { 1376 1377def AnalysisOrderChecker : Checker<"AnalysisOrder">, 1378 HelpText<"Print callbacks that are called during analysis in order">, 1379 CheckerOptions<[ 1380 CmdLineOption<Boolean, 1381 "PreStmtCastExpr", 1382 "", 1383 "false", 1384 Released, 1385 Hide>, 1386 CmdLineOption<Boolean, 1387 "PostStmtCastExpr", 1388 "", 1389 "false", 1390 Released, 1391 Hide>, 1392 CmdLineOption<Boolean, 1393 "PreStmtArraySubscriptExpr", 1394 "", 1395 "false", 1396 Released, 1397 Hide>, 1398 CmdLineOption<Boolean, 1399 "PostStmtArraySubscriptExpr", 1400 "", 1401 "false", 1402 Released, 1403 Hide>, 1404 CmdLineOption<Boolean, 1405 "PreStmtCXXNewExpr", 1406 "", 1407 "false", 1408 Released, 1409 Hide>, 1410 CmdLineOption<Boolean, 1411 "PostStmtCXXNewExpr", 1412 "", 1413 "false", 1414 Released, 1415 Hide>, 1416 CmdLineOption<Boolean, 1417 "PreStmtCXXDeleteExpr", 1418 "", 1419 "false", 1420 Released, 1421 Hide>, 1422 CmdLineOption<Boolean, 1423 "PostStmtCXXDeleteExpr", 1424 "", 1425 "false", 1426 Released, 1427 Hide>, 1428 CmdLineOption<Boolean, 1429 "PreStmtCXXConstructExpr", 1430 "", 1431 "false", 1432 Released, 1433 Hide>, 1434 CmdLineOption<Boolean, 1435 "PostStmtCXXConstructExpr", 1436 "", 1437 "false", 1438 Released, 1439 Hide>, 1440 CmdLineOption<Boolean, 1441 "PreStmtOffsetOfExpr", 1442 "", 1443 "false", 1444 Released, 1445 Hide>, 1446 CmdLineOption<Boolean, 1447 "PostStmtOffsetOfExpr", 1448 "", 1449 "false", 1450 Released, 1451 Hide>, 1452 CmdLineOption<Boolean, 1453 "EvalCall", 1454 "", 1455 "false", 1456 Released, 1457 Hide>, 1458 CmdLineOption<Boolean, 1459 "PreCall", 1460 "", 1461 "false", 1462 Released, 1463 Hide>, 1464 CmdLineOption<Boolean, 1465 "PostCall", 1466 "", 1467 "false", 1468 Released, 1469 Hide>, 1470 CmdLineOption<Boolean, 1471 "EndFunction", 1472 "", 1473 "false", 1474 Released, 1475 Hide>, 1476 CmdLineOption<Boolean, 1477 "EndAnalysis", 1478 "", 1479 "false", 1480 Released, 1481 Hide>, 1482 CmdLineOption<Boolean, 1483 "NewAllocator", 1484 "", 1485 "false", 1486 Released, 1487 Hide>, 1488 CmdLineOption<Boolean, 1489 "Bind", 1490 "", 1491 "false", 1492 Released, 1493 Hide>, 1494 CmdLineOption<Boolean, 1495 "LiveSymbols", 1496 "", 1497 "false", 1498 Released, 1499 Hide>, 1500 CmdLineOption<Boolean, 1501 "RegionChanges", 1502 "", 1503 "false", 1504 Released, 1505 Hide>, 1506 CmdLineOption<Boolean, 1507 "PointerEscape", 1508 "", 1509 "false", 1510 Released, 1511 Hide>, 1512 CmdLineOption<Boolean, 1513 "*", 1514 "Enables all callbacks.", 1515 "false", 1516 Released, 1517 Hide> 1518 ]>, 1519 Documentation<NotDocumented>; 1520 1521def DominatorsTreeDumper : Checker<"DumpDominators">, 1522 HelpText<"Print the dominance tree for a given CFG">, 1523 Documentation<NotDocumented>; 1524 1525def PostDominatorsTreeDumper : Checker<"DumpPostDominators">, 1526 HelpText<"Print the post dominance tree for a given CFG">, 1527 Documentation<NotDocumented>; 1528 1529def ControlDependencyTreeDumper : Checker<"DumpControlDependencies">, 1530 HelpText<"Print the post control dependency tree for a given CFG">, 1531 Documentation<NotDocumented>; 1532 1533def LiveVariablesDumper : Checker<"DumpLiveVars">, 1534 HelpText<"Print results of live variable analysis">, 1535 Documentation<NotDocumented>; 1536 1537def LiveExpressionsDumper : Checker<"DumpLiveExprs">, 1538 HelpText<"Print results of live expression analysis">, 1539 Documentation<NotDocumented>; 1540 1541def CFGViewer : Checker<"ViewCFG">, 1542 HelpText<"View Control-Flow Graphs using GraphViz">, 1543 Documentation<NotDocumented>; 1544 1545def CFGDumper : Checker<"DumpCFG">, 1546 HelpText<"Display Control-Flow Graphs">, 1547 Documentation<NotDocumented>; 1548 1549def CallGraphViewer : Checker<"ViewCallGraph">, 1550 HelpText<"View Call Graph using GraphViz">, 1551 Documentation<NotDocumented>; 1552 1553def CallGraphDumper : Checker<"DumpCallGraph">, 1554 HelpText<"Display Call Graph">, 1555 Documentation<NotDocumented>; 1556 1557def ConfigDumper : Checker<"ConfigDumper">, 1558 HelpText<"Dump config table">, 1559 Documentation<NotDocumented>; 1560 1561def TraversalDumper : Checker<"DumpTraversal">, 1562 HelpText<"Print branch conditions as they are traversed by the engine">, 1563 Documentation<NotDocumented>; 1564 1565def CallDumper : Checker<"DumpCalls">, 1566 HelpText<"Print calls as they are traversed by the engine">, 1567 Documentation<NotDocumented>; 1568 1569def AnalyzerStatsChecker : Checker<"Stats">, 1570 HelpText<"Emit warnings with analyzer statistics">, 1571 Documentation<NotDocumented>; 1572 1573def TaintTesterChecker : Checker<"TaintTest">, 1574 HelpText<"Mark tainted symbols as such.">, 1575 Documentation<NotDocumented>; 1576 1577// This checker *technically* depends on SteamChecker, but we don't allow 1578// dependency checkers to emit diagnostics, and a debug checker isn't worth 1579// the chore needed to create a modeling portion on its own. Since this checker 1580// is for development purposes only anyways, make sure that StreamChecker is 1581// also enabled, at least for the time being. 1582def StreamTesterChecker : Checker<"StreamTester">, 1583 HelpText<"Add test functions to StreamChecker for test and debugging " 1584 "purposes.">, 1585 Documentation<NotDocumented>; 1586 1587def ErrnoTesterChecker : Checker<"ErrnoTest">, 1588 HelpText<"Check modeling aspects of 'errno'.">, 1589 Dependencies<[ErrnoModeling]>, 1590 Documentation<NotDocumented>; 1591 1592def ExprInspectionChecker : Checker<"ExprInspection">, 1593 HelpText<"Check the analyzer's understanding of expressions">, 1594 Documentation<NotDocumented>; 1595 1596def ExplodedGraphViewer : Checker<"ViewExplodedGraph">, 1597 HelpText<"View Exploded Graphs using GraphViz">, 1598 Documentation<NotDocumented>; 1599 1600def ReportStmts : Checker<"ReportStmts">, 1601 HelpText<"Emits a warning for every statement.">, 1602 Documentation<NotDocumented>; 1603 1604def DebugContainerModeling : Checker<"DebugContainerModeling">, 1605 HelpText<"Check the analyzer's understanding of C++ containers">, 1606 Dependencies<[ContainerModeling]>, 1607 Documentation<NotDocumented>; 1608 1609def DebugIteratorModeling : Checker<"DebugIteratorModeling">, 1610 HelpText<"Check the analyzer's understanding of C++ iterators">, 1611 Dependencies<[DebugContainerModeling, IteratorModeling]>, 1612 Documentation<NotDocumented>; 1613 1614def StdCLibraryFunctionsTesterChecker : Checker<"StdCLibraryFunctionsTester">, 1615 HelpText<"Add test functions to the summary map, so testing of individual " 1616 "summary constituents becomes possible.">, 1617 Dependencies<[StdCLibraryFunctionsChecker]>, 1618 Documentation<NotDocumented>; 1619 1620} // end "debug" 1621 1622 1623//===----------------------------------------------------------------------===// 1624// Clone Detection 1625//===----------------------------------------------------------------------===// 1626 1627let ParentPackage = CloneDetectionAlpha in { 1628 1629def CloneChecker : Checker<"CloneChecker">, 1630 HelpText<"Reports similar pieces of code.">, 1631 CheckerOptions<[ 1632 CmdLineOption<Integer, 1633 "MinimumCloneComplexity", 1634 "Ensures that every clone has at least the given complexity. " 1635 "Complexity is here defined as the total amount of children " 1636 "of a statement. This constraint assumes the first statement " 1637 "in the group is representative for all other statements in " 1638 "the group in terms of complexity.", 1639 "50", 1640 Released>, 1641 CmdLineOption<Boolean, 1642 "ReportNormalClones", 1643 "Report all clones, even less suspicious ones.", 1644 "true", 1645 Released>, 1646 CmdLineOption<String, 1647 "IgnoredFilesPattern", 1648 "If supplied, the checker wont analyze files with a filename " 1649 "that matches the given pattern.", 1650 "\"\"", 1651 Released> 1652 ]>, 1653 Documentation<HasDocumentation>; 1654 1655} // end "clone" 1656 1657//===----------------------------------------------------------------------===// 1658// Portability checkers. 1659//===----------------------------------------------------------------------===// 1660 1661let ParentPackage = PortabilityOptIn in { 1662 1663def UnixAPIPortabilityChecker : Checker<"UnixAPI">, 1664 HelpText<"Finds implementation-defined behavior in UNIX/Posix functions">, 1665 Documentation<NotDocumented>; 1666 1667} // end optin.portability 1668 1669//===----------------------------------------------------------------------===// 1670// NonDeterminism checkers. 1671//===----------------------------------------------------------------------===// 1672 1673let ParentPackage = NonDeterminismAlpha in { 1674 1675def PointerIterationChecker : Checker<"PointerIteration">, 1676 HelpText<"Checks for non-determinism caused by iteration of unordered containers of pointers">, 1677 Documentation<HasDocumentation>; 1678 1679def PointerSortingChecker : Checker<"PointerSorting">, 1680 HelpText<"Check for non-determinism caused by sorting of pointers">, 1681 Documentation<HasDocumentation>; 1682 1683} // end alpha.nondeterminism 1684 1685//===----------------------------------------------------------------------===// 1686// Fuchsia checkers. 1687//===----------------------------------------------------------------------===// 1688 1689let ParentPackage = Fuchsia in { 1690 1691def FuchsiaHandleChecker : Checker<"HandleChecker">, 1692 HelpText<"A Checker that detect leaks related to Fuchsia handles">, 1693 Documentation<HasDocumentation>; 1694 1695} 1696 1697let ParentPackage = FuchsiaAlpha in { 1698 1699def FuchsiaLockChecker : Checker<"Lock">, 1700 HelpText<"Check for the correct usage of locking APIs.">, 1701 Dependencies<[PthreadLockBase]>, 1702 Documentation<HasDocumentation>; 1703 1704} // end fuchsia 1705 1706//===----------------------------------------------------------------------===// 1707// WebKit checkers. 1708//===----------------------------------------------------------------------===// 1709 1710let ParentPackage = WebKit in { 1711 1712def RefCntblBaseVirtualDtorChecker : Checker<"RefCntblBaseVirtualDtor">, 1713 HelpText<"Check for any ref-countable base class having virtual destructor.">, 1714 Documentation<HasDocumentation>; 1715 1716def NoUncountedMemberChecker : Checker<"NoUncountedMemberChecker">, 1717 HelpText<"Check for no uncounted member variables.">, 1718 Documentation<HasDocumentation>; 1719 1720def UncountedLambdaCapturesChecker : Checker<"UncountedLambdaCapturesChecker">, 1721 HelpText<"Check uncounted lambda captures.">, 1722 Documentation<HasDocumentation>; 1723 1724} // end webkit 1725 1726let ParentPackage = WebKitAlpha in { 1727 1728def UncountedCallArgsChecker : Checker<"UncountedCallArgsChecker">, 1729 HelpText<"Check uncounted call arguments.">, 1730 Documentation<HasDocumentation>; 1731 1732def UncountedLocalVarsChecker : Checker<"UncountedLocalVarsChecker">, 1733 HelpText<"Check uncounted local variables.">, 1734 Documentation<HasDocumentation>; 1735 1736} // end alpha.webkit 1737