| Name, Description | Example |
+alpha.clone.CloneChecker
+(C, C++, ObjC)
+Reports similar pieces of code. |
+
+
+void log();
+
+int max(int a, int b) { // warn
+ log();
+ if (a > b)
+ return a;
+ return b;
+}
+
+int maxClone(int x, int y) { // similar code here
+ log();
+ if (x > y)
+ return x;
+ return y;
+}
+ |
+alpha.core.CallAndMessageUnInitRefArg
+(C, C++)
+Check for logical errors for function calls and Objective-C message
+expressions (e.g., uninitialized arguments, null function pointers,
+and pointer to undefined variables) |
+
+
+void test(void) {
+ int t;
+ int &p = t;
+ int &s = p;
+ int &q = s;
+ foo(q); // warn
+}
+
+void test(void) {
+ int x;
+ foo(&x); // warn
+}
+ | ||||||
alpha.core.CastSize
(C)
Check when casting a malloc'ed type T, whether the size is a multiple of the
@@ -91,6 +147,59 @@
|
+
+alpha.core.Conversion
+(C, C++, ObjC)
+Loss of sign/precision in implicit conversions
+
+void test(unsigned U, signed S) {
+ if (S > 10) {
+ if (U < S) {
+ }
+ }
+ if (S < -10) {
+ if (U < S) { // warn (loss of sign)
+ }
+ }
+}
+
+void test() {
+ long long A = 1LL << 60;
+ short X = A; // warn (loss of precision)
+}
+ |
+
+alpha.core.DynamicTypeChecker
+(ObjC)
+Check for cases where the dynamic and the static type of an
+object are unrelated.
+ +@protocol NSCopying +@end + +__attribute__((objc_root_class)) +@interface NSObject |
@@ -178,6 +287,21 @@
}
alpha.core.FixedAddr
(C)
Check for assignment of a fixed address to a pointer. |
+
+alpha.core.TestAfterDivZero
+(C, C++, ObjC)
+Check for division by variable that is later compared against 0.
+Either the comparison is useless or there is division by zero.
+
+
+void test(int x) {
+ var = 77 / x;
+ if (x == 0) { } // warn
+}
+ |
new/
-delete.
-void test() {
- int *p = new int;
-} // warn
--dealloc.
-
-@interface MyObject : NSObject {
- id _myproperty;
-}
-@end
-
-@implementation MyObject // warn: lacks 'dealloc'
-@end
-
-@interface MyObject : NSObject {}
-@property(assign) id myproperty;
-@end
-
-@implementation MyObject // warn: does not send 'dealloc' to super
-- (void)dealloc {
- self.myproperty = 0;
-}
-@end
-
-@interface MyObject : NSObject {
- id _myproperty;
-}
-@property(retain) id myproperty;
-@end
-
-@implementation MyObject
-@synthesize myproperty = _myproperty;
- // warn: var was retained but wasn't released
-- (void)dealloc {
- [super dealloc];
-}
-@end
-
-@interface MyObject : NSObject {
- id _myproperty;
-}
-@property(assign) id myproperty;
-@end
-
-@implementation MyObject
-@synthesize myproperty = _myproperty;
- // warn: var wasn't retained but was released
-- (void)dealloc {
- [_myproperty release];
- [super dealloc];
-}
-@end
-
+@interface NSObject
++ (id)alloc;
+- (id)init;
+@end
+@interface NSString : NSObject
+- (NSString *)stringByAppendingFormat:(NSString *)format, ...;
++ (instancetype)stringWithFormat:(NSString *)format, ...;
+@end
+
+(NSString *)test2:(int)numOfReminders {
+ if (numOfReminders > 0) {
+ return [NSString stringWithFormat:@"%@, %@", @"Test",
+ (numOfReminders != 1) ?
+ [NSString stringWithFormat:
+ NSLocalizedString(@"%@ Reminders", @"Plural count of reminders"),
+ numOfReminders]
+ : [NSString stringWithFormat:
+ NSLocalizedString(@"1 reminder", @"One reminder")]]; // warn
+ }
+ return nil;
+}
+
-void __attribute((ownership_returns(malloc))) *my_malloc(size_t);
-
-void test() {
- int *p = my_malloc(1);
-} // warn: potential leak
-
-void __attribute((ownership_returns(malloc))) *my_malloc(size_t);
-void __attribute((ownership_takes(malloc, 1))) my_free(void *);
-
-void test() {
- int *p = my_malloc(1);
- my_free(p);
- my_free(p); // warn: attempt to free released
-}
-
-void __attribute((ownership_returns(malloc))) *my_malloc(size_t);
-void __attribute((ownership_holds(malloc, 1))) my_hold(void *);
-
-void test() {
- int *p = my_malloc(1);
- my_hold(p);
- free(p); // warn: attempt to free non-owned memory
-}
-
-void __attribute((ownership_takes(malloc, 1))) my_free(void *);
-
-void test() {
- int *p = malloc(1);
- my_free(p);
- *p = 1; // warn: use after free
-}
-
-void testBlockInCriticalSection() {
- std::mutex m;
- m.lock();
- sleep(3); // warn
- m.unlock();
-}
-
+cplusplus.NewDeleteLeaks
+(C++)
+Check for memory leaks. Traces memory managed by new/
+delete. |
+
+
+void test() {
+ int *p = new int;
+} // warn
+ |
+cplusplus.SelfAssignment
+(C++)
+Checks C++ copy and move assignment operators for self assignment,
+but itself doesn't warn. It's for modeling self assignment -
+other checkers could find errors. |
| Name, Description | Example |
+nullability.NullPassedToNonnull
+(ObjC)
+Warns when a null pointer is passed to a pointer which has a
+_Nonnull type. |
+
+
+typedef struct Dummy { int val; } Dummy;
+void takesNonnull(Dummy *_Nonnull);
+
+void test() {
+ Dummy *q = 0;
+ takesNonnull(q); // warn
+}
+ |
+nullability.NullReturnedFromNonnull
+(ObjC)
+Warns when a null pointer is returned from a function that has
+_Nonnull return type. |
+
+
+typedef struct Dummy { int val; } Dummy;
+
+Dummy *_Nonnull test() {
+ Dummy *p = 0;
+ return p; // warn
+}
+ |
+nullability.NullableDereferenced
+(ObjC)
+Warns when a nullable pointer is dereferenced. |
+
+
+typedef struct Dummy { int val; } Dummy;
+Dummy *_Nullable returnsNullable();
+
+void test() {
+ Dummy *p = returnsNullable();
+ Dummy &r = *p; // warn
+}
+ |
+nullability.NullablePassedToNonnull
+(ObjC)
+Warns when a nullable pointer is passed to a pointer which has a _Nonnull type. |
+
+
+typedef struct Dummy { int val; } Dummy;
+Dummy *_Nullable returnsNullable();
+void takesNonnull(Dummy *_Nonnull);
+
+void test() {
+ Dummy *p = returnsNullable();
+ takesNonnull(p); // warn
+}
+ |
| Name, Description | Example |
+optin.mpi.MPI-Checker
+(C)
+Checks MPI code |
+
+
+void test() {
+ double buf = 0;
+ MPI_Request sendReq1;
+ MPI_Ireduce(MPI_IN_PLACE, &buf, 1, MPI_DOUBLE, MPI_SUM,
+ 0, MPI_COMM_WORLD, &sendReq1);
+} // warn: request 'sendReq1' has no matching wait.
+
+void test() {
+ double buf = 0;
+ MPI_Request sendReq;
+ MPI_Isend(&buf, 1, MPI_DOUBLE, 0, 0, MPI_COMM_WORLD, &sendReq);
+ MPI_Irecv(&buf, 1, MPI_DOUBLE, 0, 0, MPI_COMM_WORLD, &sendReq); // warn
+ MPI_Isend(&buf, 1, MPI_DOUBLE, 0, 0, MPI_COMM_WORLD, &sendReq); // warn
+ MPI_Wait(&sendReq, MPI_STATUS_IGNORE);
+}
+
+void missingNonBlocking() {
+ int rank = 0;
+ MPI_Comm_rank(MPI_COMM_WORLD, &rank);
+ MPI_Request sendReq1[10][10][10];
+ MPI_Wait(&sendReq1[1][7][9], MPI_STATUS_IGNORE); // warn
+}
+ |
+optin.osx.cocoa.localizability.EmptyLocalizationContextChecker
+(ObjC)
+Check that NSLocalizedString macros include a comment for context. |
+
+
+- (void)test {
+ NSString *string = NSLocalizedString(@"LocalizedString", nil); // warn
+ NSString *string2 = NSLocalizedString(@"LocalizedString", @" "); // warn
+ NSString *string3 = NSLocalizedStringWithDefaultValue(
+ @"LocalizedString", nil, [[NSBundle alloc] init], nil,@""); // warn
+}
+ |
+optin.osx.cocoa.localizability.NonLocalizedStringChecker
+(ObjC)
+Warns about uses of non-localized NSStrings passed to UI methods
+expecting localized NSStrings |
+
+
+- (void)test {
+ UILabel *testLabel = [[UILabel alloc] init];
+ NSString *bar = NSLocalizedString(@"Hello", @"Comment");
+
+ if (random()) {
+ bar = @"Unlocalized string";
+ }
+
+ [testLabel setText:bar]; // warn
+}
+ |
+osx.NumberObjectConversion
+(C, C++, ObjC)
+Check for erroneous conversions of objects representing numbers
+into numbers |
+
+
+typedef const struct __CFNumber *CFNumberRef;
+void takes_int(int);
+
+void test(CFNumberRef p) {
+#ifdef PEDANTIC
+ if (p) {} // warn
+ if (!p) {} // warn
+ p ? 1 : 2; // warn
+ if (p == 0) {} // warn
+#else
+ if (p) {} // no-warning
+ if (!p) {} // no-warning
+ p ? 1 : 2; // no-warning
+ if (p == 0) {} // no-warning
+#endif
+ if (p > 0) {} warn
+ int x = p; warn
+ x = p; // warn
+ takes_int(p); // warn
+ takes_int(x); // no-warning
+}
+ | ||||||||
osx.SecKeychainAPI
(C)
Check for improper uses of the Security framework's Keychain APIs:
@@ -581,6 +784,66 @@
|
+
+osx.cocoa.Dealloc
+(ObjC)
+Warn about Objective-C classes that lack a correct implementation
+of -dealloc.
+
+
+@interface MyObject : NSObject {
+ id _myproperty;
+}
+@end
+
+@implementation MyObject // warn: lacks 'dealloc'
+@end
+
+@interface MyObject : NSObject {}
+@property(assign) id myproperty;
+@end
+
+@implementation MyObject // warn: does not send 'dealloc' to super
+- (void)dealloc {
+ self.myproperty = 0;
+}
+@end
+
+@interface MyObject : NSObject {
+ id _myproperty;
+}
+@property(retain) id myproperty;
+@end
+
+@implementation MyObject
+@synthesize myproperty = _myproperty;
+ // warn: var was retained but wasn't released
+- (void)dealloc {
+ [super dealloc];
+}
+@end
+
+@interface MyObject : NSObject {
+ id _myproperty;
+}
+@property(assign) id myproperty;
+@end
+
+@implementation MyObject
+@synthesize myproperty = _myproperty;
+ // warn: var wasn't retained but was released
+- (void)dealloc {
+ [_myproperty release];
+ [super dealloc];
+}
+@end
+ |
@@ -688,6 +951,33 @@
osx.cocoa.IncompatibleMethodTypes
(ObjC)
Check for an incompatible type signature when overriding an Objective-C method. |
+
+osx.cocoa.ObjCGenerics
+(ObjC)
+Check for type errors when using Objective-C generics
+ +@protocol NSCopying +@end + +__attribute__((objc_root_class)) +@interface NSObject +- (void) myFunction:(int*)p myParam:(int) n; +@end + +@interface MyType : NSObject |
@@ -742,6 +1032,33 @@
osx.cocoa.RetainCount
(ObjC)
Check for leaks and violations of the Cocoa Memory Management rules. |
+
+osx.cocoa.SuperDealloc
+(ObjC)
+Warn about improper use of '[super dealloc]' in Objective-C
+
+@interface SuperDeallocThenReleaseIvarClass : NSObject {
+ NSObject *_ivar;
+}
+@end
+
+@implementation SuperDeallocThenReleaseIvarClass
+- (instancetype)initWithIvar:(NSObject *)ivar {
+ self = [super init];
+ if (!self)
+ return nil;
+ _ivar = [ivar retain];
+ return self;
+}
+- (void)dealloc {
+ [super dealloc];
+ [_ivar release]; // warn
+}
+@end
+ |
@@ -855,7 +1172,7 @@
osx.cocoa.UnusedIvars
(ObjC)
Warn about private ivars that are never used. |
+unix.MallocWithAnnotations
+(C)
+This checker isn't a independent checker, it is part of
+ unix.Malloc with configuration option
+Optimistic=true.+Check for memory leaks, double free, and use-after-free problems. Assumes that +all user-defined functions which might free a pointer are +annotated. |
+
+
+void __attribute((ownership_returns(malloc))) *my_malloc(size_t);
+
+void test() {
+ int *p = my_malloc(1);
+} // warn: potential leak
+
+void __attribute((ownership_returns(malloc))) *my_malloc(size_t);
+void __attribute((ownership_takes(malloc, 1))) my_free(void *);
+
+void test() {
+ int *p = my_malloc(1);
+ my_free(p);
+ my_free(p); // warn: attempt to free released
+}
+
+void __attribute((ownership_returns(malloc))) *my_malloc(size_t);
+void __attribute((ownership_holds(malloc, 1))) my_hold(void *);
+
+void test() {
+ int *p = my_malloc(1);
+ my_hold(p);
+ free(p); // warn: attempt to free non-owned memory
+}
+
+void __attribute((ownership_takes(malloc, 1))) my_free(void *);
+
+void test() {
+ int *p = malloc(1);
+ my_free(p);
+ *p = 1; // warn: use after free
+}
+ | |||
unix.MallocSizeof
(C)
Check for dubious malloc, calloc or
@@ -1188,6 +1553,45 @@
+unix.StdCLibraryFunctions
+(C, C++)
+Improve modeling of the C standard library functions.
+ |
+
+unix.Vfork
+(C)
+Check for proper usage of vfork
+
+int test(int x) {
+ pid_t pid = vfork(); // warn
+ if (pid != 0)
+ return 0;
+
+ switch (x) {
+ case 0:
+ pid = 1;
+ execl("", "", 0);
+ _exit(1);
+ break;
+ case 1:
+ x = 0; // warn: this assignment is prohibited
+ break;
+ case 2:
+ foo(); // warn: this function call is prohibited
+ break;
+ default:
+ return 0; // warn: return is prohibited
+ }
+
+ while(1);
+}
+
unix.cstring.BadSizeArg
(C)
Check the size argument passed to strncat for common erroneous
Index: www/analyzer/implicit_checks.html
===================================================================
--- www/analyzer/implicit_checks.html
+++ www/analyzer/implicit_checks.html
@@ -27,7 +27,7 @@
Core Implicit CheckersOS X Implicit Checkers |