1//===--- Checkers.td - Static Analyzer Checkers -===-----------------------===// 2// 3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4// See https://llvm.org/LICENSE.txt for license information. 5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6// 7//===----------------------------------------------------------------------===// 8 9include "CheckerBase.td" 10 11//===----------------------------------------------------------------------===// 12// Packages. 13//===----------------------------------------------------------------------===// 14 15// The Alpha package is for checkers that have too many false positives to be 16// turned on by default. The hierarchy under Alpha should be organized in the 17// hierarchy checkers would have had if they were truly at the top level. 18// (For example, a Cocoa-specific checker that is alpha should be in 19// alpha.osx.cocoa). 20def Alpha : Package<"alpha">; 21 22def Core : Package<"core">; 23def CoreBuiltin : Package<"builtin">, ParentPackage<Core>, Hidden; 24def CoreUninitialized : Package<"uninitialized">, ParentPackage<Core>; 25def CoreAlpha : Package<"core">, ParentPackage<Alpha>; 26 27// The OptIn package is for checkers that are not alpha and that would normally 28// be on by default but where the driver does not have enough information to 29// determine when they are applicable. For example, localizability checkers fit 30// this criterion because the driver cannot determine whether a project is 31// localized or not -- this is best determined at the IDE or build-system level. 32// 33// The checker hierarchy under OptIn should mirror that in Alpha: checkers 34// should be organized as if they were at the top level. 35// 36// Note: OptIn is *not* intended for checkers that are too noisy to be on by 37// default. Such checkers belong in the alpha package. 38def OptIn : Package<"optin">; 39 40// In the Portability package reside checkers for finding code that relies on 41// implementation-defined behavior. Such checks are wanted for cross-platform 42// development, but unwanted for developers who target only a single platform. 43def PortabilityOptIn : Package<"portability">, ParentPackage<OptIn>; 44 45def Nullability : Package<"nullability">, 46 PackageOptions<[ 47 CmdLineOption<Boolean, 48 "NoDiagnoseCallsToSystemHeaders", 49 "Suppresses warnings for violating nullability annotations " 50 "of system header functions. This is useful if you are " 51 "concerned with your custom nullability annotations more " 52 "than with following nullability specifications of system " 53 "header functions.", 54 "false", 55 Released> 56 ]>; 57 58def Cplusplus : Package<"cplusplus">; 59def CplusplusAlpha : Package<"cplusplus">, ParentPackage<Alpha>; 60def CplusplusOptIn : Package<"cplusplus">, ParentPackage<OptIn>; 61 62def Valist : Package<"valist">; 63 64def DeadCode : Package<"deadcode">; 65def DeadCodeAlpha : Package<"deadcode">, ParentPackage<Alpha>; 66 67def Performance : Package<"performance">, ParentPackage<OptIn>; 68 69def Security : Package <"security">; 70def InsecureAPI : Package<"insecureAPI">, ParentPackage<Security>; 71def SecurityAlpha : Package<"security">, ParentPackage<Alpha>; 72def Taint : Package<"taint">, ParentPackage<SecurityAlpha>; 73 74def CERT : Package<"cert">, ParentPackage<SecurityAlpha>; 75def POS : Package<"pos">, ParentPackage<CERT>; 76 77def Unix : Package<"unix">; 78def UnixAlpha : Package<"unix">, ParentPackage<Alpha>; 79def CString : Package<"cstring">, ParentPackage<Unix>; 80def CStringAlpha : Package<"cstring">, ParentPackage<UnixAlpha>; 81 82def OSX : Package<"osx">; 83def OSXAlpha : Package<"osx">, ParentPackage<Alpha>; 84def OSXOptIn : Package<"osx">, ParentPackage<OptIn>; 85 86def Cocoa : Package<"cocoa">, ParentPackage<OSX>; 87def CocoaAlpha : Package<"cocoa">, ParentPackage<OSXAlpha>; 88def CocoaOptIn : Package<"cocoa">, ParentPackage<OSXOptIn>; 89 90def CoreFoundation : Package<"coreFoundation">, ParentPackage<OSX>; 91def Containers : Package<"containers">, ParentPackage<CoreFoundation>; 92 93def LocalizabilityAlpha : Package<"localizability">, ParentPackage<CocoaAlpha>; 94def LocalizabilityOptIn : Package<"localizability">, ParentPackage<CocoaOptIn>; 95 96def MPI : Package<"mpi">, ParentPackage<OptIn>; 97 98def LLVM : Package<"llvm">; 99def LLVMAlpha : Package<"llvm">, ParentPackage<Alpha>; 100 101// The APIModeling package is for checkers that model APIs and don't perform 102// any diagnostics. These checkers are always turned on; this package is 103// intended for API modeling that is not controlled by the target triple. 104def APIModeling : Package<"apiModeling">, Hidden; 105def APIModelingAlpha : Package<"apiModeling">, ParentPackage<Alpha>, Hidden; 106 107def GoogleAPIModeling : Package<"google">, ParentPackage<APIModeling>, Hidden; 108def LLVMAPIModeling : Package<"llvm">, ParentPackage<APIModeling>, Hidden; 109 110def Debug : Package<"debug">, Hidden; 111 112def CloneDetectionAlpha : Package<"clone">, ParentPackage<Alpha>; 113 114def NonDeterminismAlpha : Package<"nondeterminism">, ParentPackage<Alpha>; 115 116def Fuchsia : Package<"fuchsia">; 117def FuchsiaAlpha : Package<"fuchsia">, ParentPackage<Alpha>; 118 119def WebKit : Package<"webkit">; 120def WebKitAlpha : Package<"webkit">, ParentPackage<Alpha>; 121 122//===----------------------------------------------------------------------===// 123// Core Checkers. 124//===----------------------------------------------------------------------===// 125 126let ParentPackage = Core in { 127 128def CallAndMessageModeling : Checker<"CallAndMessageModeling">, 129 HelpText<"Responsible for essential modeling and assumptions after a " 130 "function/method call. For instance, if we can't reason about the " 131 "nullability of the implicit this parameter after a method call, " 132 "this checker conservatively assumes it to be non-null">, 133 Documentation<HasDocumentation>, 134 Hidden; 135 136def CallAndMessageChecker : Checker<"CallAndMessage">, 137 HelpText<"Check for logical errors for function calls and Objective-C " 138 "message expressions (e.g., uninitialized arguments, null function " 139 "pointers)">, 140 CheckerOptions<[ 141 CmdLineOption<Boolean, 142 "FunctionPointer", 143 "Check whether a called function pointer is null or " 144 "undefined", 145 "true", 146 Released>, 147 CmdLineOption<Boolean, 148 "ParameterCount", 149 "Check whether a function was called with the appropriate " 150 "number of arguments", 151 "true", 152 Released>, 153 CmdLineOption<Boolean, 154 "CXXThisMethodCall", 155 "Check whether the implicit this parameter is null or " 156 "undefined upon a method call", 157 "true", 158 Released>, 159 CmdLineOption<Boolean, 160 "CXXDeallocationArg", 161 "Check whether the argument of operator delete is undefined", 162 "true", 163 Released>, 164 CmdLineOption<Boolean, 165 "ArgInitializedness", 166 "Check whether any of the pass-by-value parameters is " 167 "undefined", 168 "true", 169 Released>, 170 CmdLineOption<Boolean, 171 "ArgPointeeInitializedness", 172 "Check whether the pointee of a pass-by-reference or " 173 "pass-by-pointer is undefined", 174 "false", 175 InAlpha>, 176 CmdLineOption<Boolean, 177 "NilReceiver", 178 "Check whether the reciever in the message expression is nil", 179 "true", 180 Released>, 181 CmdLineOption<Boolean, 182 "UndefReceiver", 183 "Check whether the reciever in the message expression is " 184 "undefined", 185 "true", 186 Released>, 187 ]>, 188 Documentation<HasDocumentation>, 189 Dependencies<[CallAndMessageModeling]>; 190 191def DereferenceChecker : Checker<"NullDereference">, 192 HelpText<"Check for dereferences of null pointers">, 193 Documentation<HasDocumentation>; 194 195def NonNullParamChecker : Checker<"NonNullParamChecker">, 196 HelpText<"Check for null pointers passed as arguments to a function whose " 197 "arguments are references or marked with the 'nonnull' attribute">, 198 Documentation<HasDocumentation>; 199 200def VLASizeChecker : Checker<"VLASize">, 201 HelpText<"Check for declarations of VLA of undefined or zero size">, 202 Documentation<HasDocumentation>; 203 204def DivZeroChecker : Checker<"DivideZero">, 205 HelpText<"Check for division by zero">, 206 Documentation<HasDocumentation>; 207 208def UndefResultChecker : Checker<"UndefinedBinaryOperatorResult">, 209 HelpText<"Check for undefined results of binary operators">, 210 Documentation<HasDocumentation>; 211 212def StackAddrEscapeBase : Checker<"StackAddrEscapeBase">, 213 HelpText<"Generate information about stack address escapes.">, 214 Documentation<NotDocumented>, 215 Hidden; 216 217def StackAddrEscapeChecker : Checker<"StackAddressEscape">, 218 HelpText<"Check that addresses to stack memory do not escape the function">, 219 Dependencies<[StackAddrEscapeBase]>, 220 Documentation<HasDocumentation>; 221 222def DynamicTypePropagation : Checker<"DynamicTypePropagation">, 223 HelpText<"Generate dynamic type information">, 224 Documentation<NotDocumented>, 225 Hidden; 226 227def NonnullGlobalConstantsChecker: Checker<"NonnilStringConstants">, 228 HelpText<"Assume that const string-like globals are non-null">, 229 Documentation<NotDocumented>, 230 Hidden; 231 232} // end "core" 233 234let ParentPackage = CoreAlpha in { 235 236def BoolAssignmentChecker : Checker<"BoolAssignment">, 237 HelpText<"Warn about assigning non-{0,1} values to Boolean variables">, 238 Documentation<HasAlphaDocumentation>; 239 240def CastSizeChecker : Checker<"CastSize">, 241 HelpText<"Check when casting a malloc'ed type T, whether the size is a " 242 "multiple of the size of T">, 243 Documentation<HasAlphaDocumentation>; 244 245def CastToStructChecker : Checker<"CastToStruct">, 246 HelpText<"Check for cast from non-struct pointer to struct pointer">, 247 Documentation<HasAlphaDocumentation>; 248 249def ConversionChecker : Checker<"Conversion">, 250 HelpText<"Loss of sign/precision in implicit conversions">, 251 Documentation<HasAlphaDocumentation>; 252 253def IdenticalExprChecker : Checker<"IdenticalExpr">, 254 HelpText<"Warn about unintended use of identical expressions in operators">, 255 Documentation<HasAlphaDocumentation>; 256 257def FixedAddressChecker : Checker<"FixedAddr">, 258 HelpText<"Check for assignment of a fixed address to a pointer">, 259 Documentation<HasAlphaDocumentation>; 260 261def PointerArithChecker : Checker<"PointerArithm">, 262 HelpText<"Check for pointer arithmetic on locations other than array " 263 "elements">, 264 Documentation<HasAlphaDocumentation>; 265 266def PointerSubChecker : Checker<"PointerSub">, 267 HelpText<"Check for pointer subtractions on two pointers pointing to " 268 "different memory chunks">, 269 Documentation<HasAlphaDocumentation>; 270 271def SizeofPointerChecker : Checker<"SizeofPtr">, 272 HelpText<"Warn about unintended use of sizeof() on pointer expressions">, 273 Documentation<HasAlphaDocumentation>; 274 275def TestAfterDivZeroChecker : Checker<"TestAfterDivZero">, 276 HelpText<"Check for division by variable that is later compared against 0. " 277 "Either the comparison is useless or there is division by zero.">, 278 Documentation<HasAlphaDocumentation>; 279 280def DynamicTypeChecker : Checker<"DynamicTypeChecker">, 281 HelpText<"Check for cases where the dynamic and the static type of an object " 282 "are unrelated.">, 283 Documentation<HasAlphaDocumentation>; 284 285def StackAddrAsyncEscapeChecker : Checker<"StackAddressAsyncEscape">, 286 HelpText<"Check that addresses to stack memory do not escape the function">, 287 Dependencies<[StackAddrEscapeBase]>, 288 Documentation<HasAlphaDocumentation>; 289 290def PthreadLockBase : Checker<"PthreadLockBase">, 291 HelpText<"Helper registering multiple checks.">, 292 Documentation<NotDocumented>, 293 Hidden; 294 295def C11LockChecker : Checker<"C11Lock">, 296 HelpText<"Simple lock -> unlock checker">, 297 Dependencies<[PthreadLockBase]>, 298 Documentation<HasAlphaDocumentation>; 299 300} // end "alpha.core" 301 302//===----------------------------------------------------------------------===// 303// Nullability checkers. 304//===----------------------------------------------------------------------===// 305 306let ParentPackage = Nullability in { 307 308def NullabilityBase : Checker<"NullabilityBase">, 309 HelpText<"Stores information during the analysis about nullability.">, 310 Documentation<NotDocumented>, 311 Hidden; 312 313def NullPassedToNonnullChecker : Checker<"NullPassedToNonnull">, 314 HelpText<"Warns when a null pointer is passed to a pointer which has a " 315 "_Nonnull type.">, 316 Dependencies<[NullabilityBase]>, 317 Documentation<HasDocumentation>; 318 319def NullReturnedFromNonnullChecker : Checker<"NullReturnedFromNonnull">, 320 HelpText<"Warns when a null pointer is returned from a function that has " 321 "_Nonnull return type.">, 322 Dependencies<[NullabilityBase]>, 323 Documentation<HasDocumentation>; 324 325def NullableDereferencedChecker : Checker<"NullableDereferenced">, 326 HelpText<"Warns when a nullable pointer is dereferenced.">, 327 Dependencies<[NullabilityBase]>, 328 Documentation<HasDocumentation>; 329 330def NullablePassedToNonnullChecker : Checker<"NullablePassedToNonnull">, 331 HelpText<"Warns when a nullable pointer is passed to a pointer which has a " 332 "_Nonnull type.">, 333 Dependencies<[NullabilityBase]>, 334 Documentation<HasDocumentation>; 335 336def NullableReturnedFromNonnullChecker : Checker<"NullableReturnedFromNonnull">, 337 HelpText<"Warns when a nullable pointer is returned from a function that has " 338 "_Nonnull return type.">, 339 Dependencies<[NullabilityBase]>, 340 Documentation<NotDocumented>; 341 342} // end "nullability" 343 344//===----------------------------------------------------------------------===// 345// APIModeling. 346//===----------------------------------------------------------------------===// 347 348let ParentPackage = APIModeling in { 349 350def StdCLibraryFunctionsChecker : Checker<"StdCLibraryFunctions">, 351 HelpText<"Improve modeling of the C standard library functions">, 352 // Uninitialized value check is a mandatory dependency. This Checker asserts 353 // that arguments are always initialized. 354 Dependencies<[CallAndMessageModeling]>, 355 CheckerOptions<[ 356 CmdLineOption<Boolean, 357 "DisplayLoadedSummaries", 358 "If set to true, the checker displays the found summaries " 359 "for the given translation unit.", 360 "false", 361 Released, 362 Hide>, 363 CmdLineOption<Boolean, 364 "ModelPOSIX", 365 "If set to true, the checker models functions from the " 366 "POSIX standard.", 367 "false", 368 InAlpha> 369 ]>, 370 Documentation<NotDocumented>, 371 Hidden; 372 373def TrustNonnullChecker : Checker<"TrustNonnull">, 374 HelpText<"Trust that returns from framework methods annotated with _Nonnull " 375 "are not null">, 376 Documentation<NotDocumented>; 377 378} // end "apiModeling" 379 380//===----------------------------------------------------------------------===// 381// Evaluate "builtin" functions. 382//===----------------------------------------------------------------------===// 383 384let ParentPackage = CoreBuiltin in { 385 386def NoReturnFunctionChecker : Checker<"NoReturnFunctions">, 387 HelpText<"Evaluate \"panic\" functions that are known to not return to the " 388 "caller">, 389 Documentation<NotDocumented>; 390 391def BuiltinFunctionChecker : Checker<"BuiltinFunctions">, 392 HelpText<"Evaluate compiler builtin functions (e.g., alloca())">, 393 Documentation<NotDocumented>; 394 395} // end "core.builtin" 396 397//===----------------------------------------------------------------------===// 398// Uninitialized values checkers. 399//===----------------------------------------------------------------------===// 400 401let ParentPackage = CoreUninitialized in { 402 403def UndefinedArraySubscriptChecker : Checker<"ArraySubscript">, 404 HelpText<"Check for uninitialized values used as array subscripts">, 405 Documentation<HasDocumentation>; 406 407def UndefinedAssignmentChecker : Checker<"Assign">, 408 HelpText<"Check for assigning uninitialized values">, 409 Documentation<HasDocumentation>; 410 411def UndefBranchChecker : Checker<"Branch">, 412 HelpText<"Check for uninitialized values used as branch conditions">, 413 Documentation<HasDocumentation>; 414 415def UndefCapturedBlockVarChecker : Checker<"CapturedBlockVariable">, 416 HelpText<"Check for blocks that capture uninitialized values">, 417 Documentation<NotDocumented>; 418 419def ReturnUndefChecker : Checker<"UndefReturn">, 420 HelpText<"Check for uninitialized values being returned to the caller">, 421 Documentation<HasDocumentation>; 422 423} // end "core.uninitialized" 424 425//===----------------------------------------------------------------------===// 426// Unix API checkers. 427//===----------------------------------------------------------------------===// 428 429let ParentPackage = CString in { 430 431def CStringModeling : Checker<"CStringModeling">, 432 HelpText<"The base of several CString related checkers. On it's own it emits " 433 "no reports, but adds valuable information to the analysis when " 434 "enabled.">, 435 Documentation<NotDocumented>, 436 Hidden; 437 438def CStringNullArg : Checker<"NullArg">, 439 HelpText<"Check for null pointers being passed as arguments to C string " 440 "functions">, 441 Dependencies<[CStringModeling]>, 442 Documentation<HasDocumentation>; 443 444def CStringSyntaxChecker : Checker<"BadSizeArg">, 445 HelpText<"Check the size argument passed into C string functions for common " 446 "erroneous patterns">, 447 Dependencies<[CStringModeling]>, 448 Documentation<HasDocumentation>; 449 450} // end "unix.cstring" 451 452let ParentPackage = CStringAlpha in { 453 454def CStringOutOfBounds : Checker<"OutOfBounds">, 455 HelpText<"Check for out-of-bounds access in string functions">, 456 Dependencies<[CStringModeling]>, 457 Documentation<HasAlphaDocumentation>; 458 459def CStringBufferOverlap : Checker<"BufferOverlap">, 460 HelpText<"Checks for overlap in two buffer arguments">, 461 Dependencies<[CStringModeling]>, 462 Documentation<HasAlphaDocumentation>; 463 464def CStringNotNullTerm : Checker<"NotNullTerminated">, 465 HelpText<"Check for arguments which are not null-terminating strings">, 466 Dependencies<[CStringModeling]>, 467 Documentation<HasAlphaDocumentation>; 468 469} // end "alpha.unix.cstring" 470 471let ParentPackage = Unix in { 472 473def UnixAPIMisuseChecker : Checker<"API">, 474 HelpText<"Check calls to various UNIX/Posix functions">, 475 Documentation<HasDocumentation>; 476 477def DynamicMemoryModeling: Checker<"DynamicMemoryModeling">, 478 HelpText<"The base of several malloc() related checkers. On it's own it " 479 "emits no reports, but adds valuable information to the analysis " 480 "when enabled.">, 481 CheckerOptions<[ 482 CmdLineOption<Boolean, 483 "Optimistic", 484 "If set to true, the checker assumes that all the " 485 "allocating and deallocating functions are annotated with " 486 "ownership_holds, ownership_takes and ownership_returns.", 487 "false", 488 InAlpha> 489 ]>, 490 Dependencies<[CStringModeling]>, 491 Documentation<NotDocumented>, 492 Hidden; 493 494def MallocChecker: Checker<"Malloc">, 495 HelpText<"Check for memory leaks, double free, and use-after-free problems. " 496 "Traces memory managed by malloc()/free().">, 497 Dependencies<[DynamicMemoryModeling]>, 498 Documentation<HasDocumentation>; 499 500def MallocSizeofChecker : Checker<"MallocSizeof">, 501 HelpText<"Check for dubious malloc arguments involving sizeof">, 502 Documentation<HasDocumentation>; 503 504def MismatchedDeallocatorChecker : Checker<"MismatchedDeallocator">, 505 HelpText<"Check for mismatched deallocators.">, 506 Dependencies<[DynamicMemoryModeling]>, 507 Documentation<HasDocumentation>; 508 509def VforkChecker : Checker<"Vfork">, 510 HelpText<"Check for proper usage of vfork">, 511 Documentation<HasDocumentation>; 512 513} // end "unix" 514 515let ParentPackage = UnixAlpha in { 516 517def ChrootChecker : Checker<"Chroot">, 518 HelpText<"Check improper use of chroot">, 519 Documentation<HasAlphaDocumentation>; 520 521def PthreadLockChecker : Checker<"PthreadLock">, 522 HelpText<"Simple lock -> unlock checker">, 523 Dependencies<[PthreadLockBase]>, 524 Documentation<HasAlphaDocumentation>; 525 526def StreamChecker : Checker<"Stream">, 527 HelpText<"Check stream handling functions">, 528 Documentation<HasAlphaDocumentation>; 529 530def SimpleStreamChecker : Checker<"SimpleStream">, 531 HelpText<"Check for misuses of stream APIs">, 532 Documentation<HasAlphaDocumentation>; 533 534def BlockInCriticalSectionChecker : Checker<"BlockInCriticalSection">, 535 HelpText<"Check for calls to blocking functions inside a critical section">, 536 Documentation<HasAlphaDocumentation>; 537 538def StdCLibraryFunctionArgsChecker : Checker<"StdCLibraryFunctionArgs">, 539 HelpText<"Check constraints of arguments of C standard library functions, " 540 "such as whether the parameter of isalpha is in the range [0, 255] " 541 "or is EOF.">, 542 Dependencies<[StdCLibraryFunctionsChecker]>, 543 WeakDependencies<[CallAndMessageChecker, NonNullParamChecker, StreamChecker]>, 544 Documentation<NotDocumented>; 545 546} // end "alpha.unix" 547 548//===----------------------------------------------------------------------===// 549// C++ checkers. 550//===----------------------------------------------------------------------===// 551 552let ParentPackage = Cplusplus in { 553 554def InnerPointerChecker : Checker<"InnerPointer">, 555 HelpText<"Check for inner pointers of C++ containers used after " 556 "re/deallocation">, 557 Dependencies<[DynamicMemoryModeling]>, 558 Documentation<NotDocumented>; 559 560def NewDeleteChecker : Checker<"NewDelete">, 561 HelpText<"Check for double-free and use-after-free problems. Traces memory " 562 "managed by new/delete.">, 563 Dependencies<[DynamicMemoryModeling]>, 564 Documentation<HasDocumentation>; 565 566def NewDeleteLeaksChecker : Checker<"NewDeleteLeaks">, 567 HelpText<"Check for memory leaks. Traces memory managed by new/delete.">, 568 Dependencies<[DynamicMemoryModeling]>, 569 Documentation<HasDocumentation>; 570 571def PlacementNewChecker : Checker<"PlacementNew">, 572 HelpText<"Check if default placement new is provided with pointers to " 573 "sufficient storage capacity">, 574 Dependencies<[DynamicMemoryModeling]>, 575 Documentation<HasDocumentation>; 576 577def CXXSelfAssignmentChecker : Checker<"SelfAssignment">, 578 HelpText<"Checks C++ copy and move assignment operators for self assignment">, 579 Documentation<NotDocumented>, 580 Hidden; 581 582def SmartPtrModeling: Checker<"SmartPtrModeling">, 583 HelpText<"Model behavior of C++ smart pointers">, 584 Documentation<NotDocumented>, 585 CheckerOptions<[ 586 CmdLineOption<Boolean, 587 "ModelSmartPtrDereference", 588 "Enable modeling for SmartPtr null dereferences", 589 "false", 590 InAlpha, 591 Hide>, 592 ]>, 593 Hidden; 594 595def MoveChecker: Checker<"Move">, 596 HelpText<"Find use-after-move bugs in C++">, 597 CheckerOptions<[ 598 CmdLineOption<String, 599 "WarnOn", 600 "In non-aggressive mode, only warn on use-after-move of " 601 "local variables (or local rvalue references) and of STL " 602 "objects. The former is possible because local variables (or " 603 "local rvalue references) are not tempting their user to " 604 "re-use the storage. The latter is possible because STL " 605 "objects are known to end up in a valid but unspecified " 606 "state after the move and their state-reset methods are also " 607 "known, which allows us to predict precisely when " 608 "use-after-move is invalid. Some STL objects are known to " 609 "conform to additional contracts after move, so they are not " 610 "tracked. However, smart pointers specifically are tracked " 611 "because we can perform extra checking over them. In " 612 "aggressive mode, warn on any use-after-move because the " 613 "user has intentionally asked us to completely eliminate " 614 "use-after-move in his code. Values: \"KnownsOnly\", " 615 "\"KnownsAndLocals\", \"All\".", 616 "KnownsAndLocals", 617 Released> 618 ]>, 619 Documentation<HasDocumentation>; 620 621def VirtualCallModeling : Checker<"VirtualCallModeling">, 622 HelpText<"Auxiliary modeling for the virtual method call checkers">, 623 Documentation<NotDocumented>, 624 Hidden; 625 626def PureVirtualCallChecker : Checker<"PureVirtualCall">, 627 HelpText<"Check pure virtual function calls during construction/destruction">, 628 Dependencies<[VirtualCallModeling]>, 629 Documentation<HasDocumentation>; 630} // end: "cplusplus" 631 632let ParentPackage = CplusplusOptIn in { 633 634def UninitializedObjectChecker: Checker<"UninitializedObject">, 635 HelpText<"Reports uninitialized fields after object construction">, 636 CheckerOptions<[ 637 CmdLineOption<Boolean, 638 "Pedantic", 639 "If set to false, the checker won't emit warnings " 640 "for objects that don't have at least one initialized " 641 "field.", 642 "false", 643 Released>, 644 CmdLineOption<Boolean, 645 "NotesAsWarnings", 646 "If set to true, the checker will emit a warning " 647 "for each uninitalized field, as opposed to emitting one " 648 "warning per constructor call, and listing the uninitialized " 649 "fields that belongs to it in notes.", 650 "false", 651 Released, 652 Hide>, 653 CmdLineOption<Boolean, 654 "CheckPointeeInitialization", 655 "If set to false, the checker will not analyze " 656 "the pointee of pointer/reference fields, and will only " 657 "check whether the object itself is initialized.", 658 "false", 659 InAlpha>, 660 CmdLineOption<String, 661 "IgnoreRecordsWithField", 662 "If supplied, the checker will not analyze " 663 "structures that have a field with a name or type name that " 664 "matches the given pattern.", 665 "\"\"", 666 Released>, 667 CmdLineOption<Boolean, 668 "IgnoreGuardedFields", 669 "If set to true, the checker will analyze _syntactically_ " 670 "whether the found uninitialized object is used without a " 671 "preceding assert call. Defaults to false.", 672 "false", 673 InAlpha> 674 ]>, 675 Documentation<HasAlphaDocumentation>; 676 677def VirtualCallChecker : Checker<"VirtualCall">, 678 HelpText<"Check virtual function calls during construction/destruction">, 679 CheckerOptions<[ 680 CmdLineOption<Boolean, 681 "ShowFixIts", 682 "Enable fix-it hints for this checker", 683 "false", 684 InAlpha>, 685 CmdLineOption<Boolean, 686 "PureOnly", 687 "Disables the checker. Keeps cplusplus.PureVirtualCall " 688 "enabled. This option is only provided for backwards " 689 "compatibility.", 690 "false", 691 InAlpha> 692 ]>, 693 Dependencies<[VirtualCallModeling]>, 694 Documentation<HasDocumentation>; 695 696} // end: "optin.cplusplus" 697 698let ParentPackage = CplusplusAlpha in { 699 700def ContainerModeling : Checker<"ContainerModeling">, 701 HelpText<"Models C++ containers">, 702 Documentation<NotDocumented>, 703 Hidden; 704 705def DeleteWithNonVirtualDtorChecker : Checker<"DeleteWithNonVirtualDtor">, 706 HelpText<"Reports destructions of polymorphic objects with a non-virtual " 707 "destructor in their base class">, 708 Documentation<HasAlphaDocumentation>; 709 710def EnumCastOutOfRangeChecker : Checker<"EnumCastOutOfRange">, 711 HelpText<"Check integer to enumeration casts for out of range values">, 712 Documentation<HasAlphaDocumentation>; 713 714def IteratorModeling : Checker<"IteratorModeling">, 715 HelpText<"Models iterators of C++ containers">, 716 Dependencies<[ContainerModeling]>, 717 Documentation<NotDocumented>, 718 Hidden; 719 720def STLAlgorithmModeling : Checker<"STLAlgorithmModeling">, 721 HelpText<"Models the algorithm library of the C++ STL.">, 722 CheckerOptions<[ 723 CmdLineOption<Boolean, 724 "AggressiveStdFindModeling", 725 "Enables exploration of the failure branch in std::find-like " 726 "functions.", 727 "false", 728 Released> 729 ]>, 730 Dependencies<[ContainerModeling]>, 731 Documentation<NotDocumented>; 732 733def InvalidatedIteratorChecker : Checker<"InvalidatedIterator">, 734 HelpText<"Check for use of invalidated iterators">, 735 Dependencies<[IteratorModeling]>, 736 Documentation<HasAlphaDocumentation>; 737 738def IteratorRangeChecker : Checker<"IteratorRange">, 739 HelpText<"Check for iterators used outside their valid ranges">, 740 Dependencies<[IteratorModeling]>, 741 Documentation<HasAlphaDocumentation>; 742 743def MismatchedIteratorChecker : Checker<"MismatchedIterator">, 744 HelpText<"Check for use of iterators of different containers where iterators " 745 "of the same container are expected">, 746 Dependencies<[IteratorModeling]>, 747 Documentation<HasAlphaDocumentation>; 748 749def SmartPtrChecker: Checker<"SmartPtr">, 750 HelpText<"Find the dereference of null SmrtPtr">, 751 Dependencies<[SmartPtrModeling]>, 752 Documentation<HasAlphaDocumentation>; 753 754} // end: "alpha.cplusplus" 755 756 757//===----------------------------------------------------------------------===// 758// Valist checkers. 759//===----------------------------------------------------------------------===// 760 761let ParentPackage = Valist in { 762 763def ValistBase : Checker<"ValistBase">, 764 HelpText<"Gathers information about va_lists.">, 765 Documentation<NotDocumented>, 766 Hidden; 767 768def UninitializedChecker : Checker<"Uninitialized">, 769 HelpText<"Check for usages of uninitialized (or already released) va_lists.">, 770 Dependencies<[ValistBase]>, 771 Documentation<NotDocumented>; 772 773def UnterminatedChecker : Checker<"Unterminated">, 774 HelpText<"Check for va_lists which are not released by a va_end call.">, 775 Dependencies<[ValistBase]>, 776 Documentation<NotDocumented>; 777 778def CopyToSelfChecker : Checker<"CopyToSelf">, 779 HelpText<"Check for va_lists which are copied onto itself.">, 780 Dependencies<[ValistBase]>, 781 Documentation<NotDocumented>; 782 783} // end : "valist" 784 785//===----------------------------------------------------------------------===// 786// Deadcode checkers. 787//===----------------------------------------------------------------------===// 788 789let ParentPackage = DeadCode in { 790 791def DeadStoresChecker : Checker<"DeadStores">, 792 HelpText<"Check for values stored to variables that are never read " 793 "afterwards">, 794 CheckerOptions<[ 795 CmdLineOption<Boolean, 796 "WarnForDeadNestedAssignments", 797 "Warns for deadstores in nested assignments." 798 "E.g.: if ((P = f())) where P is unused.", 799 "true", 800 Released>, 801 CmdLineOption<Boolean, 802 "ShowFixIts", 803 "Enable fix-it hints for this checker", 804 "false", 805 InAlpha> 806 ]>, 807 Documentation<HasDocumentation>; 808 809} // end DeadCode 810 811let ParentPackage = DeadCodeAlpha in { 812 813def UnreachableCodeChecker : Checker<"UnreachableCode">, 814 HelpText<"Check unreachable code">, 815 Documentation<HasAlphaDocumentation>; 816 817} // end "alpha.deadcode" 818 819//===----------------------------------------------------------------------===// 820// Performance checkers. 821//===----------------------------------------------------------------------===// 822 823let ParentPackage = Performance in { 824 825def PaddingChecker : Checker<"Padding">, 826 HelpText<"Check for excessively padded structs.">, 827 CheckerOptions<[ 828 CmdLineOption<Integer, 829 "AllowedPad", 830 "Reports are only generated if the excessive padding exceeds " 831 "'AllowedPad' in bytes.", 832 "24", 833 Released> 834 ]>, 835 Documentation<NotDocumented>; 836 837} // end: "padding" 838 839//===----------------------------------------------------------------------===// 840// Security checkers. 841//===----------------------------------------------------------------------===// 842 843let ParentPackage = InsecureAPI in { 844 845def SecuritySyntaxChecker : Checker<"SecuritySyntaxChecker">, 846 HelpText<"Base of various security function related checkers">, 847 Documentation<NotDocumented>, 848 Hidden; 849 850def bcmp : Checker<"bcmp">, 851 HelpText<"Warn on uses of the 'bcmp' function">, 852 Dependencies<[SecuritySyntaxChecker]>, 853 Documentation<HasDocumentation>; 854 855def bcopy : Checker<"bcopy">, 856 HelpText<"Warn on uses of the 'bcopy' function">, 857 Dependencies<[SecuritySyntaxChecker]>, 858 Documentation<HasDocumentation>; 859 860def bzero : Checker<"bzero">, 861 HelpText<"Warn on uses of the 'bzero' function">, 862 Dependencies<[SecuritySyntaxChecker]>, 863 Documentation<HasDocumentation>; 864 865def gets : Checker<"gets">, 866 HelpText<"Warn on uses of the 'gets' function">, 867 Dependencies<[SecuritySyntaxChecker]>, 868 Documentation<HasDocumentation>; 869 870def getpw : Checker<"getpw">, 871 HelpText<"Warn on uses of the 'getpw' function">, 872 Dependencies<[SecuritySyntaxChecker]>, 873 Documentation<HasDocumentation>; 874 875def mktemp : Checker<"mktemp">, 876 HelpText<"Warn on uses of the 'mktemp' function">, 877 Dependencies<[SecuritySyntaxChecker]>, 878 Documentation<HasDocumentation>; 879 880def mkstemp : Checker<"mkstemp">, 881 HelpText<"Warn when 'mkstemp' is passed fewer than 6 X's in the format " 882 "string">, 883 Dependencies<[SecuritySyntaxChecker]>, 884 Documentation<HasDocumentation>; 885 886def rand : Checker<"rand">, 887 HelpText<"Warn on uses of the 'rand', 'random', and related functions">, 888 Dependencies<[SecuritySyntaxChecker]>, 889 Documentation<HasDocumentation>; 890 891def strcpy : Checker<"strcpy">, 892 HelpText<"Warn on uses of the 'strcpy' and 'strcat' functions">, 893 Dependencies<[SecuritySyntaxChecker]>, 894 Documentation<HasDocumentation>; 895 896def vfork : Checker<"vfork">, 897 HelpText<"Warn on uses of the 'vfork' function">, 898 Dependencies<[SecuritySyntaxChecker]>, 899 Documentation<HasDocumentation>; 900 901def UncheckedReturn : Checker<"UncheckedReturn">, 902 HelpText<"Warn on uses of functions whose return values must be always " 903 "checked">, 904 Dependencies<[SecuritySyntaxChecker]>, 905 Documentation<HasDocumentation>; 906 907def DeprecatedOrUnsafeBufferHandling : 908 Checker<"DeprecatedOrUnsafeBufferHandling">, 909 HelpText<"Warn on uses of unsecure or deprecated buffer manipulating " 910 "functions">, 911 Dependencies<[SecuritySyntaxChecker]>, 912 Documentation<HasDocumentation>; 913 914def decodeValueOfObjCType : Checker<"decodeValueOfObjCType">, 915 HelpText<"Warn on uses of the '-decodeValueOfObjCType:at:' method">, 916 Dependencies<[SecuritySyntaxChecker]>, 917 Documentation<HasDocumentation>; 918 919} // end "security.insecureAPI" 920 921let ParentPackage = Security in { 922 923def FloatLoopCounter : Checker<"FloatLoopCounter">, 924 HelpText<"Warn on using a floating point value as a loop counter (CERT: " 925 "FLP30-C, FLP30-CPP)">, 926 Dependencies<[SecuritySyntaxChecker]>, 927 Documentation<HasDocumentation>; 928 929} // end "security" 930 931let ParentPackage = POS in { 932 933 def PutenvWithAuto : Checker<"34c">, 934 HelpText<"Finds calls to the 'putenv' function which pass a pointer to " 935 "an automatic variable as the argument.">, 936 Documentation<HasDocumentation>; 937 938} // end "alpha.cert.pos" 939 940let ParentPackage = SecurityAlpha in { 941 942def ArrayBoundChecker : Checker<"ArrayBound">, 943 HelpText<"Warn about buffer overflows (older checker)">, 944 Documentation<HasAlphaDocumentation>; 945 946def ArrayBoundCheckerV2 : Checker<"ArrayBoundV2">, 947 HelpText<"Warn about buffer overflows (newer checker)">, 948 Documentation<HasAlphaDocumentation>; 949 950def ReturnPointerRangeChecker : Checker<"ReturnPtrRange">, 951 HelpText<"Check for an out-of-bound pointer being returned to callers">, 952 Documentation<HasAlphaDocumentation>; 953 954def MallocOverflowSecurityChecker : Checker<"MallocOverflow">, 955 HelpText<"Check for overflows in the arguments to malloc()">, 956 Documentation<HasAlphaDocumentation>; 957 958def MmapWriteExecChecker : Checker<"MmapWriteExec">, 959 HelpText<"Warn on mmap() calls that are both writable and executable">, 960 CheckerOptions<[ 961 CmdLineOption<Integer, 962 "MmapProtExec", 963 "Specifies the value of PROT_EXEC", 964 "0x04", 965 Released>, 966 CmdLineOption<Integer, 967 "MmapProtRead", 968 "Specifies the value of PROT_READ", 969 "0x01", 970 Released> 971 ]>, 972 Documentation<HasAlphaDocumentation>; 973 974} // end "alpha.security" 975 976//===----------------------------------------------------------------------===// 977// Taint checkers. 978//===----------------------------------------------------------------------===// 979 980let ParentPackage = Taint in { 981 982def GenericTaintChecker : Checker<"TaintPropagation">, 983 HelpText<"Generate taint information used by other checkers">, 984 CheckerOptions<[ 985 CmdLineOption<String, 986 "Config", 987 "Specifies the name of the configuration file.", 988 "", 989 InAlpha>, 990 ]>, 991 Documentation<HasAlphaDocumentation>; 992 993} // end "alpha.security.taint" 994 995//===----------------------------------------------------------------------===// 996// Mac OS X, Cocoa, and Core Foundation checkers. 997//===----------------------------------------------------------------------===// 998 999let ParentPackage = Cocoa in { 1000 1001def RetainCountBase : Checker<"RetainCountBase">, 1002 HelpText<"Common base of various retain count related checkers">, 1003 Documentation<NotDocumented>, 1004 Hidden; 1005 1006} // end "osx.cocoa" 1007 1008let ParentPackage = OSX in { 1009 1010def NSOrCFErrorDerefChecker : Checker<"NSOrCFErrorDerefChecker">, 1011 HelpText<"Implementation checker for NSErrorChecker and CFErrorChecker">, 1012 Documentation<NotDocumented>, 1013 Hidden; 1014 1015def NumberObjectConversionChecker : Checker<"NumberObjectConversion">, 1016 HelpText<"Check for erroneous conversions of objects representing numbers " 1017 "into numbers">, 1018 CheckerOptions<[ 1019 CmdLineOption<Boolean, 1020 "Pedantic", 1021 "Enables detection of more conversion patterns (which are " 1022 "most likely more harmless, and therefore are more likely to " 1023 "produce false positives).", 1024 "false", 1025 Released> 1026 ]>, 1027 Documentation<NotDocumented>; 1028 1029def MacOSXAPIChecker : Checker<"API">, 1030 HelpText<"Check for proper uses of various Apple APIs">, 1031 Documentation<HasDocumentation>; 1032 1033def MacOSKeychainAPIChecker : Checker<"SecKeychainAPI">, 1034 HelpText<"Check for proper uses of Secure Keychain APIs">, 1035 Documentation<HasDocumentation>; 1036 1037def MIGChecker : Checker<"MIG">, 1038 HelpText<"Find violations of the Mach Interface Generator " 1039 "calling convention">, 1040 Documentation<NotDocumented>; 1041 1042def ObjCPropertyChecker : Checker<"ObjCProperty">, 1043 HelpText<"Check for proper uses of Objective-C properties">, 1044 Documentation<NotDocumented>; 1045 1046def OSObjectRetainCountChecker : Checker<"OSObjectRetainCount">, 1047 HelpText<"Check for leaks and improper reference count management for " 1048 "OSObject">, 1049 Dependencies<[RetainCountBase]>, 1050 Documentation<NotDocumented>; 1051 1052} // end "osx" 1053 1054let ParentPackage = Cocoa in { 1055 1056def RunLoopAutoreleaseLeakChecker : Checker<"RunLoopAutoreleaseLeak">, 1057 HelpText<"Check for leaked memory in autorelease pools that will never be " 1058 "drained">, 1059 Documentation<NotDocumented>; 1060 1061def ObjCAtSyncChecker : Checker<"AtSync">, 1062 HelpText<"Check for nil pointers used as mutexes for @synchronized">, 1063 Documentation<HasDocumentation>; 1064 1065def NilArgChecker : Checker<"NilArg">, 1066 HelpText<"Check for prohibited nil arguments to ObjC method calls">, 1067 Documentation<HasDocumentation>; 1068 1069def ClassReleaseChecker : Checker<"ClassRelease">, 1070 HelpText<"Check for sending 'retain', 'release', or 'autorelease' directly " 1071 "to a Class">, 1072 Documentation<HasDocumentation>; 1073 1074def VariadicMethodTypeChecker : Checker<"VariadicMethodTypes">, 1075 HelpText<"Check for passing non-Objective-C types to variadic collection " 1076 "initialization methods that expect only Objective-C types">, 1077 Documentation<HasDocumentation>; 1078 1079def NSAutoreleasePoolChecker : Checker<"NSAutoreleasePool">, 1080 HelpText<"Warn for suboptimal uses of NSAutoreleasePool in Objective-C GC " 1081 "mode">, 1082 Documentation<HasDocumentation>; 1083 1084def ObjCMethSigsChecker : Checker<"IncompatibleMethodTypes">, 1085 HelpText<"Warn about Objective-C method signatures with type " 1086 "incompatibilities">, 1087 Documentation<HasDocumentation>; 1088 1089def ObjCUnusedIvarsChecker : Checker<"UnusedIvars">, 1090 HelpText<"Warn about private ivars that are never used">, 1091 Documentation<HasDocumentation>; 1092 1093def ObjCSelfInitChecker : Checker<"SelfInit">, 1094 HelpText<"Check that 'self' is properly initialized inside an initializer " 1095 "method">, 1096 Documentation<HasDocumentation>; 1097 1098def ObjCLoopChecker : Checker<"Loops">, 1099 HelpText<"Improved modeling of loops using Cocoa collection types">, 1100 Documentation<NotDocumented>; 1101 1102def ObjCNonNilReturnValueChecker : Checker<"NonNilReturnValue">, 1103 HelpText<"Model the APIs that are guaranteed to return a non-nil value">, 1104 Documentation<NotDocumented>; 1105 1106def ObjCSuperCallChecker : Checker<"MissingSuperCall">, 1107 HelpText<"Warn about Objective-C methods that lack a necessary call to " 1108 "super">, 1109 Documentation<NotDocumented>; 1110 1111def NSErrorChecker : Checker<"NSError">, 1112 HelpText<"Check usage of NSError** parameters">, 1113 Dependencies<[NSOrCFErrorDerefChecker]>, 1114 Documentation<HasDocumentation>; 1115 1116def RetainCountChecker : Checker<"RetainCount">, 1117 HelpText<"Check for leaks and improper reference count management">, 1118 CheckerOptions<[ 1119 CmdLineOption<Boolean, 1120 "TrackNSCFStartParam", 1121 "Check not only that the code follows retain-release rules " 1122 "with respect to objects it allocates or borrows from " 1123 "elsewhere, but also that it fulfills its own retain count " 1124 "specification with respect to objects that it receives as " 1125 "arguments.", 1126 "false", 1127 Released> 1128 ]>, 1129 Dependencies<[RetainCountBase]>, 1130 Documentation<HasDocumentation>; 1131 1132def ObjCGenericsChecker : Checker<"ObjCGenerics">, 1133 HelpText<"Check for type errors when using Objective-C generics">, 1134 Dependencies<[DynamicTypePropagation]>, 1135 Documentation<HasDocumentation>; 1136 1137def ObjCDeallocChecker : Checker<"Dealloc">, 1138 HelpText<"Warn about Objective-C classes that lack a correct implementation " 1139 "of -dealloc">, 1140 Documentation<HasDocumentation>; 1141 1142def ObjCSuperDeallocChecker : Checker<"SuperDealloc">, 1143 HelpText<"Warn about improper use of '[super dealloc]' in Objective-C">, 1144 Documentation<HasDocumentation>; 1145 1146def AutoreleaseWriteChecker : Checker<"AutoreleaseWrite">, 1147 HelpText<"Warn about potentially crashing writes to autoreleasing objects " 1148 "from different autoreleasing pools in Objective-C">, 1149 Documentation<NotDocumented>; 1150 1151} // end "osx.cocoa" 1152 1153let ParentPackage = Performance in { 1154 1155def GCDAntipattern : Checker<"GCDAntipattern">, 1156 HelpText<"Check for performance anti-patterns when using Grand Central " 1157 "Dispatch">, 1158 Documentation<NotDocumented>; 1159} // end "optin.performance" 1160 1161let ParentPackage = OSXOptIn in { 1162 1163def OSObjectCStyleCast : Checker<"OSObjectCStyleCast">, 1164 HelpText<"Checker for C-style casts of OSObjects">, 1165 Documentation<NotDocumented>; 1166 1167} // end "optin.osx" 1168 1169let ParentPackage = CocoaAlpha in { 1170 1171def IvarInvalidationModeling : Checker<"IvarInvalidationModeling">, 1172 HelpText<"Gathers information for annotation driven invalidation checking " 1173 "for classes that contains a method annotated with " 1174 "'objc_instance_variable_invalidator'">, 1175 Documentation<NotDocumented>, 1176 Hidden; 1177 1178def InstanceVariableInvalidation : Checker<"InstanceVariableInvalidation">, 1179 HelpText<"Check that the invalidatable instance variables are invalidated in " 1180 "the methods annotated with objc_instance_variable_invalidator">, 1181 Dependencies<[IvarInvalidationModeling]>, 1182 Documentation<HasAlphaDocumentation>; 1183 1184def MissingInvalidationMethod : Checker<"MissingInvalidationMethod">, 1185 HelpText<"Check that the invalidation methods are present in classes that " 1186 "contain invalidatable instance variables">, 1187 Dependencies<[IvarInvalidationModeling]>, 1188 Documentation<HasAlphaDocumentation>; 1189 1190def DirectIvarAssignment : Checker<"DirectIvarAssignment">, 1191 HelpText<"Check for direct assignments to instance variables">, 1192 CheckerOptions<[ 1193 CmdLineOption<Boolean, 1194 "AnnotatedFunctions", 1195 "Check for direct assignments to instance variables in the " 1196 "methods annotated with " 1197 "objc_no_direct_instance_variable_assignment", 1198 "false", 1199 InAlpha> 1200 ]>, 1201 Documentation<HasAlphaDocumentation>; 1202 1203} // end "alpha.osx.cocoa" 1204 1205let ParentPackage = CoreFoundation in { 1206 1207def CFNumberChecker : Checker<"CFNumber">, 1208 HelpText<"Check for proper uses of CFNumber APIs">, 1209 Documentation<HasDocumentation>; 1210 1211def CFRetainReleaseChecker : Checker<"CFRetainRelease">, 1212 HelpText<"Check for null arguments to CFRetain/CFRelease/CFMakeCollectable">, 1213 Documentation<HasDocumentation>; 1214 1215def CFErrorChecker : Checker<"CFError">, 1216 HelpText<"Check usage of CFErrorRef* parameters">, 1217 Dependencies<[NSOrCFErrorDerefChecker]>, 1218 Documentation<HasDocumentation>; 1219 1220} // end "osx.coreFoundation" 1221 1222let ParentPackage = Containers in { 1223 1224def ObjCContainersASTChecker : Checker<"PointerSizedValues">, 1225 HelpText<"Warns if 'CFArray', 'CFDictionary', 'CFSet' are created with " 1226 "non-pointer-size values">, 1227 Documentation<HasDocumentation>; 1228 1229def ObjCContainersChecker : Checker<"OutOfBounds">, 1230 HelpText<"Checks for index out-of-bounds when using 'CFArray' API">, 1231 Documentation<HasDocumentation>; 1232 1233} // end "osx.coreFoundation.containers" 1234 1235let ParentPackage = LocalizabilityOptIn in { 1236 1237def NonLocalizedStringChecker : Checker<"NonLocalizedStringChecker">, 1238 HelpText<"Warns about uses of non-localized NSStrings passed to UI methods " 1239 "expecting localized NSStrings">, 1240 CheckerOptions<[ 1241 CmdLineOption<Boolean, 1242 "AggressiveReport", 1243 "Marks a string being returned by any call as localized if " 1244 "it is in LocStringFunctions (LSF) or the function is " 1245 "annotated. Otherwise, we mark it as NonLocalized " 1246 "(Aggressive) or NonLocalized only if it is not backed by a " 1247 "SymRegion (Non-Aggressive), basically leaving only string " 1248 "literals as NonLocalized.", 1249 "false", 1250 InAlpha, 1251 Hide> 1252 ]>, 1253 Documentation<HasDocumentation>; 1254 1255def EmptyLocalizationContextChecker : 1256 Checker<"EmptyLocalizationContextChecker">, 1257 HelpText<"Check that NSLocalizedString macros include a comment for context">, 1258 Documentation<HasDocumentation>; 1259 1260} // end "optin.osx.cocoa.localizability" 1261 1262let ParentPackage = LocalizabilityAlpha in { 1263 1264def PluralMisuseChecker : Checker<"PluralMisuseChecker">, 1265 HelpText<"Warns against using one vs. many plural pattern in code when " 1266 "generating localized strings.">, 1267 Documentation<HasAlphaDocumentation>; 1268 1269} // end "alpha.osx.cocoa.localizability" 1270 1271let ParentPackage = MPI in { 1272 1273def MPIChecker : Checker<"MPI-Checker">, 1274 HelpText<"Checks MPI code">, 1275 Documentation<HasDocumentation>; 1276 1277} // end "optin.mpi" 1278 1279//===----------------------------------------------------------------------===// 1280// Checkers for LLVM development. 1281//===----------------------------------------------------------------------===// 1282 1283let ParentPackage = LLVMAlpha in { 1284 1285def LLVMConventionsChecker : Checker<"Conventions">, 1286 HelpText<"Check code for LLVM codebase conventions">, 1287 Documentation<HasAlphaDocumentation>; 1288 1289} // end "llvm" 1290 1291let ParentPackage = LLVMAPIModeling in { 1292 1293def CastValueChecker : Checker<"CastValue">, 1294 HelpText<"Model implementation of custom RTTIs">, 1295 Documentation<NotDocumented>; 1296 1297def ReturnValueChecker : Checker<"ReturnValue">, 1298 HelpText<"Model the guaranteed boolean return value of function calls">, 1299 Documentation<NotDocumented>; 1300 1301} // end "apiModeling.llvm" 1302 1303//===----------------------------------------------------------------------===// 1304// Checkers modeling Google APIs. 1305//===----------------------------------------------------------------------===// 1306 1307let ParentPackage = GoogleAPIModeling in { 1308 1309def GTestChecker : Checker<"GTest">, 1310 HelpText<"Model gtest assertion APIs">, 1311 Documentation<NotDocumented>; 1312 1313} // end "apiModeling.google" 1314 1315//===----------------------------------------------------------------------===// 1316// Debugging checkers (for analyzer development). 1317//===----------------------------------------------------------------------===// 1318 1319let ParentPackage = Debug in { 1320 1321def AnalysisOrderChecker : Checker<"AnalysisOrder">, 1322 HelpText<"Print callbacks that are called during analysis in order">, 1323 CheckerOptions<[ 1324 CmdLineOption<Boolean, 1325 "PreStmtCastExpr", 1326 "", 1327 "false", 1328 Released, 1329 Hide>, 1330 CmdLineOption<Boolean, 1331 "PostStmtCastExpr", 1332 "", 1333 "false", 1334 Released, 1335 Hide>, 1336 CmdLineOption<Boolean, 1337 "PreStmtArraySubscriptExpr", 1338 "", 1339 "false", 1340 Released, 1341 Hide>, 1342 CmdLineOption<Boolean, 1343 "PostStmtArraySubscriptExpr", 1344 "", 1345 "false", 1346 Released, 1347 Hide>, 1348 CmdLineOption<Boolean, 1349 "PreStmtCXXNewExpr", 1350 "", 1351 "false", 1352 Released, 1353 Hide>, 1354 CmdLineOption<Boolean, 1355 "PostStmtCXXNewExpr", 1356 "", 1357 "false", 1358 Released, 1359 Hide>, 1360 CmdLineOption<Boolean, 1361 "PreStmtCXXDeleteExpr", 1362 "", 1363 "false", 1364 Released, 1365 Hide>, 1366 CmdLineOption<Boolean, 1367 "PostStmtCXXDeleteExpr", 1368 "", 1369 "false", 1370 Released, 1371 Hide>, 1372 CmdLineOption<Boolean, 1373 "PreStmtCXXConstructExpr", 1374 "", 1375 "false", 1376 Released, 1377 Hide>, 1378 CmdLineOption<Boolean, 1379 "PostStmtCXXConstructExpr", 1380 "", 1381 "false", 1382 Released, 1383 Hide>, 1384 CmdLineOption<Boolean, 1385 "PreStmtOffsetOfExpr", 1386 "", 1387 "false", 1388 Released, 1389 Hide>, 1390 CmdLineOption<Boolean, 1391 "PostStmtOffsetOfExpr", 1392 "", 1393 "false", 1394 Released, 1395 Hide>, 1396 CmdLineOption<Boolean, 1397 "EvalCall", 1398 "", 1399 "false", 1400 Released, 1401 Hide>, 1402 CmdLineOption<Boolean, 1403 "PreCall", 1404 "", 1405 "false", 1406 Released, 1407 Hide>, 1408 CmdLineOption<Boolean, 1409 "PostCall", 1410 "", 1411 "false", 1412 Released, 1413 Hide>, 1414 CmdLineOption<Boolean, 1415 "EndFunction", 1416 "", 1417 "false", 1418 Released, 1419 Hide>, 1420 CmdLineOption<Boolean, 1421 "EndAnalysis", 1422 "", 1423 "false", 1424 Released, 1425 Hide>, 1426 CmdLineOption<Boolean, 1427 "NewAllocator", 1428 "", 1429 "false", 1430 Released, 1431 Hide>, 1432 CmdLineOption<Boolean, 1433 "Bind", 1434 "", 1435 "false", 1436 Released, 1437 Hide>, 1438 CmdLineOption<Boolean, 1439 "LiveSymbols", 1440 "", 1441 "false", 1442 Released, 1443 Hide>, 1444 CmdLineOption<Boolean, 1445 "RegionChanges", 1446 "", 1447 "false", 1448 Released, 1449 Hide>, 1450 CmdLineOption<Boolean, 1451 "PointerEscape", 1452 "", 1453 "false", 1454 Released, 1455 Hide>, 1456 CmdLineOption<Boolean, 1457 "*", 1458 "Enables all callbacks.", 1459 "false", 1460 Released, 1461 Hide> 1462 ]>, 1463 Documentation<NotDocumented>; 1464 1465def DominatorsTreeDumper : Checker<"DumpDominators">, 1466 HelpText<"Print the dominance tree for a given CFG">, 1467 Documentation<NotDocumented>; 1468 1469def PostDominatorsTreeDumper : Checker<"DumpPostDominators">, 1470 HelpText<"Print the post dominance tree for a given CFG">, 1471 Documentation<NotDocumented>; 1472 1473def ControlDependencyTreeDumper : Checker<"DumpControlDependencies">, 1474 HelpText<"Print the post control dependency tree for a given CFG">, 1475 Documentation<NotDocumented>; 1476 1477def LiveVariablesDumper : Checker<"DumpLiveVars">, 1478 HelpText<"Print results of live variable analysis">, 1479 Documentation<NotDocumented>; 1480 1481def LiveExpressionsDumper : Checker<"DumpLiveExprs">, 1482 HelpText<"Print results of live expression analysis">, 1483 Documentation<NotDocumented>; 1484 1485def CFGViewer : Checker<"ViewCFG">, 1486 HelpText<"View Control-Flow Graphs using GraphViz">, 1487 Documentation<NotDocumented>; 1488 1489def CFGDumper : Checker<"DumpCFG">, 1490 HelpText<"Display Control-Flow Graphs">, 1491 Documentation<NotDocumented>; 1492 1493def CallGraphViewer : Checker<"ViewCallGraph">, 1494 HelpText<"View Call Graph using GraphViz">, 1495 Documentation<NotDocumented>; 1496 1497def CallGraphDumper : Checker<"DumpCallGraph">, 1498 HelpText<"Display Call Graph">, 1499 Documentation<NotDocumented>; 1500 1501def ConfigDumper : Checker<"ConfigDumper">, 1502 HelpText<"Dump config table">, 1503 Documentation<NotDocumented>; 1504 1505def TraversalDumper : Checker<"DumpTraversal">, 1506 HelpText<"Print branch conditions as they are traversed by the engine">, 1507 Documentation<NotDocumented>; 1508 1509def CallDumper : Checker<"DumpCalls">, 1510 HelpText<"Print calls as they are traversed by the engine">, 1511 Documentation<NotDocumented>; 1512 1513def AnalyzerStatsChecker : Checker<"Stats">, 1514 HelpText<"Emit warnings with analyzer statistics">, 1515 Documentation<NotDocumented>; 1516 1517def TaintTesterChecker : Checker<"TaintTest">, 1518 HelpText<"Mark tainted symbols as such.">, 1519 Documentation<NotDocumented>; 1520 1521// This checker *technically* depends on SteamChecker, but we don't allow 1522// dependency checkers to emit diagnostics, and a debug checker isn't worth 1523// the chore needed to create a modeling portion on its own. Since this checker 1524// is for development purposes only anyways, make sure that StreamChecker is 1525// also enabled, at least for the time being. 1526def StreamTesterChecker : Checker<"StreamTester">, 1527 HelpText<"Add test functions to StreamChecker for test and debugging " 1528 "purposes.">, 1529 Documentation<NotDocumented>; 1530 1531def ExprInspectionChecker : Checker<"ExprInspection">, 1532 HelpText<"Check the analyzer's understanding of expressions">, 1533 Documentation<NotDocumented>; 1534 1535def ExplodedGraphViewer : Checker<"ViewExplodedGraph">, 1536 HelpText<"View Exploded Graphs using GraphViz">, 1537 Documentation<NotDocumented>; 1538 1539def ReportStmts : Checker<"ReportStmts">, 1540 HelpText<"Emits a warning for every statement.">, 1541 Documentation<NotDocumented>; 1542 1543def DebugContainerModeling : Checker<"DebugContainerModeling">, 1544 HelpText<"Check the analyzer's understanding of C++ containers">, 1545 Dependencies<[ContainerModeling]>, 1546 Documentation<NotDocumented>; 1547 1548def DebugIteratorModeling : Checker<"DebugIteratorModeling">, 1549 HelpText<"Check the analyzer's understanding of C++ iterators">, 1550 Dependencies<[DebugContainerModeling, IteratorModeling]>, 1551 Documentation<NotDocumented>; 1552 1553def StdCLibraryFunctionsTesterChecker : Checker<"StdCLibraryFunctionsTester">, 1554 HelpText<"Add test functions to the summary map, so testing of individual " 1555 "summary constituents becomes possible.">, 1556 Dependencies<[StdCLibraryFunctionsChecker]>, 1557 Documentation<NotDocumented>; 1558 1559} // end "debug" 1560 1561 1562//===----------------------------------------------------------------------===// 1563// Clone Detection 1564//===----------------------------------------------------------------------===// 1565 1566let ParentPackage = CloneDetectionAlpha in { 1567 1568def CloneChecker : Checker<"CloneChecker">, 1569 HelpText<"Reports similar pieces of code.">, 1570 CheckerOptions<[ 1571 CmdLineOption<Integer, 1572 "MinimumCloneComplexity", 1573 "Ensures that every clone has at least the given complexity. " 1574 "Complexity is here defined as the total amount of children " 1575 "of a statement. This constraint assumes the first statement " 1576 "in the group is representative for all other statements in " 1577 "the group in terms of complexity.", 1578 "50", 1579 Released>, 1580 CmdLineOption<Boolean, 1581 "ReportNormalClones", 1582 "Report all clones, even less suspicious ones.", 1583 "true", 1584 Released>, 1585 CmdLineOption<String, 1586 "IgnoredFilesPattern", 1587 "If supplied, the checker wont analyze files with a filename " 1588 "that matches the given pattern.", 1589 "\"\"", 1590 Released> 1591 ]>, 1592 Documentation<HasAlphaDocumentation>; 1593 1594} // end "clone" 1595 1596//===----------------------------------------------------------------------===// 1597// Portability checkers. 1598//===----------------------------------------------------------------------===// 1599 1600let ParentPackage = PortabilityOptIn in { 1601 1602def UnixAPIPortabilityChecker : Checker<"UnixAPI">, 1603 HelpText<"Finds implementation-defined behavior in UNIX/Posix functions">, 1604 Documentation<NotDocumented>; 1605 1606} // end optin.portability 1607 1608//===----------------------------------------------------------------------===// 1609// NonDeterminism checkers. 1610//===----------------------------------------------------------------------===// 1611 1612let ParentPackage = NonDeterminismAlpha in { 1613 1614def PointerIterationChecker : Checker<"PointerIteration">, 1615 HelpText<"Checks for non-determinism caused by iteration of unordered containers of pointers">, 1616 Documentation<HasDocumentation>; 1617 1618def PointerSortingChecker : Checker<"PointerSorting">, 1619 HelpText<"Check for non-determinism caused by sorting of pointers">, 1620 Documentation<HasDocumentation>; 1621 1622} // end alpha.nondeterminism 1623 1624//===----------------------------------------------------------------------===// 1625// Fuchsia checkers. 1626//===----------------------------------------------------------------------===// 1627 1628let ParentPackage = Fuchsia in { 1629 1630def FuchsiaHandleChecker : Checker<"HandleChecker">, 1631 HelpText<"A Checker that detect leaks related to Fuchsia handles">, 1632 Documentation<HasDocumentation>; 1633 1634} 1635 1636let ParentPackage = FuchsiaAlpha in { 1637 1638def FuchsiaLockChecker : Checker<"Lock">, 1639 HelpText<"Check for the correct usage of locking APIs.">, 1640 Dependencies<[PthreadLockBase]>, 1641 Documentation<HasDocumentation>; 1642 1643} // end fuchsia 1644 1645//===----------------------------------------------------------------------===// 1646// WebKit checkers. 1647//===----------------------------------------------------------------------===// 1648 1649let ParentPackage = WebKit in { 1650 1651def RefCntblBaseVirtualDtorChecker : Checker<"RefCntblBaseVirtualDtor">, 1652 HelpText<"Check for any ref-countable base class having virtual destructor.">, 1653 Documentation<HasDocumentation>; 1654 1655def NoUncountedMemberChecker : Checker<"NoUncountedMemberChecker">, 1656 HelpText<"Check for no uncounted member variables.">, 1657 Documentation<HasDocumentation>; 1658 1659def UncountedLambdaCapturesChecker : Checker<"UncountedLambdaCapturesChecker">, 1660 HelpText<"Check uncounted lambda captures.">, 1661 Documentation<HasDocumentation>; 1662 1663} // end webkit 1664 1665let ParentPackage = WebKitAlpha in { 1666 1667def UncountedCallArgsChecker : Checker<"UncountedCallArgsChecker">, 1668 HelpText<"Check uncounted call arguments.">, 1669 Documentation<HasDocumentation>; 1670 1671def UncountedLocalVarsChecker : Checker<"UncountedLocalVarsChecker">, 1672 HelpText<"Check uncounted local variables.">, 1673 Documentation<HasDocumentation>; 1674 1675} // end alpha.webkit 1676