Index: cfe/trunk/www/analyzer/alpha_checks.html =================================================================== --- cfe/trunk/www/analyzer/alpha_checks.html +++ cfe/trunk/www/analyzer/alpha_checks.html @@ -107,6 +107,7 @@ } +
dispatch_after
or dispatch_async
. This checker is
+a part of core.StackAddressEscape, but is
+temporarily disabled until some
+false positives are fixed.+dispatch_block_t test_block_inside_block_async_leak() { + int x = 123; + void (^inner)(void) = ^void(void) { + int y = x; + ++y; + }; + void (^outer)(void) = ^void(void) { + int z = x; + ++z; + inner(); + }; + return outer; // warn: address of stack-allocated block is captured by a + // returned block +} +
Name, Description | Example |
-alpha.cplusplus.VirtualCall
+alpha.cplusplus.DeleteWithNonVirtualDtor
(C++)
-Check virtual member function calls during construction or
-destruction. |
+Reports destructions of polymorphic objects with a non-virtual destructor in
+their base class
+
-class A { -public: - A() { - f(); // warn - } - virtual void f(); -}; - |
+alpha.cplusplus.InvalidatedIterator
+(C++)
+Check for use of invalidated iterators.
+ |
+-class A { -public: - ~A() { - this->f(); // warn - } - virtual void f(); +void bad_copy_assign_operator_list1(std::list |
+alpha.cplusplus.IteratorRange
+(C++)
+Check for iterators used outside their valid ranges.
+ |
+
+ +void simple_bad_end(const std::vector |
+alpha.cplusplus.MismatchedIterator
+(C++)
+Check for use of iterators of different containers where iterators of the same
+container are expected.
+ |
+
+ +void bad_insert3(std::vector |
+alpha.cplusplus.MisusedMovedObject
+(C++)
+Method calls on a moved-from object and copying a moved-from object will be
+reported.
+ |
+
+ +struct A { + void foo() {} }; + +void f() { + A a; + A b = std::move(a); // note: 'a' became 'moved-from' here + a.foo(); // warn: method call on a 'moved-from' object 'a' +} |
alpha.cplusplus.UninitializedObject
(C++)
-This checker reports uninitialized fields in objects created
-after a constructor call. It doesn't only find direct uninitialized
-fields, but rather makes a deep inspection of the object,
-analyzing all of it's fields subfields. -The checker regards inherited fields as direct fields, so one -will recieve warnings for uninitialized inherited data members -as well. +This checker reports uninitialized fields in objects created after a constructor +call. It doesn't only find direct uninitialized fields, but rather makes a deep +inspection of the object, analyzing all of it's fields subfields. +The checker regards inherited fields as direct fields, so one will recieve +warnings for uninitialized inherited data members as well. It has several options:
|
@@ -437,82 +536,12 @@
A a(&b, &c); // warning: 3 uninitialized fields
// after the constructor call
}
- - - - |
Name, Description | Example |
-alpha.valist.CopyToSelf
-(C)
-Calls to the va_copy macro should not copy onto itself. |
-
- -#include <stdarg.h> - -void test(int x, ...) { - va_list args; - va_start(args, x); - va_copy(args, args); // warn - va_end(args); -} |
-alpha.valist.Uninitialized
-(C)
-Calls to the va_arg , va_copy , or
-va_end macro must happen after calling va_start and
-before calling va_end . |
-
- -#include <stdarg.h> - -void test(int x, ...) { - va_list args; - int y = va_arg(args, int); // warn -} - -#include <stdarg.h> - -void test(int x, ...) { - va_list args; - va_start(args, x); - va_end(args); - int z = va_arg(args, int); // warn -} - |
-alpha.valist.Unterminated
-(C)
-Every va_start must be matched by a va_end . A va_list
-can only be ended once. |
-
- -#include <stdarg.h> - -void test(int x, ...) { - va_list args; - va_start(args, x); - int y = x + va_arg(args, int); -} // warn: missing va_end - |
+alpha.security.MmapWriteExec
+(C)
+Warn on mmap() |
+
+ +void test(int n) { + void *c = mmap(NULL, 32, PROT_READ | PROT_WRITE | PROT_EXEC, + MAP_PRIVATE | MAP_ANON, -1, 0); + // warn: Both PROT_WRITE and PROT_EXEC flags are set. This can lead to + // exploitable memory regions, which could be overwritten with malicious + // code +} + | ||||||||||
alpha.security.ReturnPtrRange
(C)
Check for an out-of-bound pointer being returned to callers. |
@@ -842,8 +888,42 @@
Name, Description | Example | ||||
+alpha.unix.BlockInCriticalSection
+(C)
+Check for calls to blocking functions inside a critical section. Applies to:
+
+lock
++unlock +sleep +getc +fgets +read +revc +pthread_mutex_lock +pthread_mutex_unlock +mtx_lock +mtx_timedlock +mtx_trylock +mtx_unlock +lock_guard +unique_lock |
+
+ +void test() { + std::mutex m; + m.lock(); + sleep(3); // warn: a blocking function sleep is called inside a critical + // section + m.unlock(); +} + | ||||
alpha.unix.Chroot
(C)
@@ -858,6 +938,7 @@
}
| |||||
alpha.unix.PthreadLock
(C)
Index: cfe/trunk/www/analyzer/available_checks.html
===================================================================
--- cfe/trunk/www/analyzer/available_checks.html
+++ cfe/trunk/www/analyzer/available_checks.html
@@ -543,8 +543,35 @@
Name, Description | Example | |
+
+optin.cplusplus.VirtualCall
+(C++)
+Check virtual member function calls during construction or
+destruction.
+ +class A { +public: + A() { + f(); // warn + } + virtual void f(); +}; + +class A { +public: + ~A() { + this->f(); // warn + } + virtual void f(); +}; +
optin.mpi.MPI-Checker
(C)
Checks MPI code |