Index: cfe/trunk/docs/analyzer/checkers.rst =================================================================== --- cfe/trunk/docs/analyzer/checkers.rst +++ cfe/trunk/docs/analyzer/checkers.rst @@ -29,6 +29,8 @@ null pointer dereference, usage of uninitialized values, etc. *These checkers must be always switched on as other checker rely on them.* +.. _core-CallAndMessage: + core.CallAndMessage (C, C++, ObjC) """""""""""""""""""""""""""""""""" Check for logical errors for function calls and Objective-C message expressions (e.g., uninitialized arguments, null function pointers). @@ -36,6 +38,8 @@ .. literalinclude:: checkers/callandmessage_example.c :language: objc +.. _core-DivideZero: + core.DivideZero (C, C++, ObjC) """""""""""""""""""""""""""""" Check for division by zero. @@ -43,6 +47,8 @@ .. literalinclude:: checkers/dividezero_example.c :language: c +.. _core-NonNullParamChecker: + core.NonNullParamChecker (C, C++, ObjC) """"""""""""""""""""""""""""""""""""""" Check for null pointers passed as arguments to a function whose arguments are references or marked with the 'nonnull' attribute. @@ -56,6 +62,8 @@ f(p); // warn } +.. _core-NullDereference: + core.NullDereference (C, C++, ObjC) """"""""""""""""""""""""""""""""""" Check for dereferences of null pointers. @@ -99,6 +107,8 @@ obj->x = 1; // warn } +.. _core-StackAddressEscape: + core.StackAddressEscape (C) """"""""""""""""""""""""""" Check that addresses to stack memory do not escape the function. @@ -123,6 +133,8 @@ } +.. _core-UndefinedBinaryOperatorResult: + core.UndefinedBinaryOperatorResult (C) """""""""""""""""""""""""""""""""""""" Check for undefined results of binary operators. @@ -134,6 +146,8 @@ int y = x + 1; // warn: left operand is garbage } +.. _core-VLASize: + core.VLASize (C) """""""""""""""" Check for declarations of Variable Length Arrays of undefined or zero size. @@ -152,6 +166,8 @@ int vla2[x]; // warn: zero size } +.. _core-uninitialized-ArraySubscript: + core.uninitialized.ArraySubscript (C) """"""""""""""""""""""""""""""""""""" Check for uninitialized values used as array subscripts. @@ -163,6 +179,8 @@ int x = a[i]; // warn: array subscript is undefined } +.. _core-uninitialized-Assign: + core.uninitialized.Assign (C) """"""""""""""""""""""""""""" Check for assigning uninitialized values. @@ -174,6 +192,8 @@ x |= 1; // warn: left expression is uninitialized } +.. _core-uninitialized-Branch: + core.uninitialized.Branch (C) """"""""""""""""""""""""""""" Check for uninitialized values used as branch conditions. @@ -186,6 +206,8 @@ return; } +.. _core-uninitialized-CapturedBlockVariable: + core.uninitialized.CapturedBlockVariable (C) """""""""""""""""""""""""""""""""""""""""""" Check for blocks that capture uninitialized values. @@ -197,6 +219,8 @@ ^{ int y = x; }(); // warn } +.. _core-uninitialized-UndefReturn: + core.uninitialized.UndefReturn (C) """""""""""""""""""""""""""""""""" Check for uninitialized values being returned to the caller. @@ -216,10 +240,14 @@ C++ Checkers. +.. _cplusplus-InnerPointer: + cplusplus.InnerPointer """""""""""""""""""""" Check for inner pointers of C++ containers used after re/deallocation. +.. _cplusplus-NewDelete: + cplusplus.NewDelete (C++) """"""""""""""""""""""""" Check for double-free and use-after-free problems. Traces memory managed by new/delete. @@ -227,6 +255,8 @@ .. literalinclude:: checkers/newdelete_example.cpp :language: cpp +.. _cplusplus-NewDeleteLeaks: + cplusplus.NewDeleteLeaks (C++) """""""""""""""""""""""""""""" Check for memory leaks. Traces memory managed by new/delete. @@ -238,6 +268,8 @@ } // warn +.. _cplusplus-SelfAssignment: + cplusplus.SelfAssignment (C++) """""""""""""""""""""""""""""" Checks C++ copy and move assignment operators for self assignment. @@ -249,6 +281,8 @@ Dead Code Checkers. +.. _deadcode-DeadStores: + deadcode.DeadStores (C) """"""""""""""""""""""" Check for values stored to variables that are never read afterwards. @@ -267,6 +301,8 @@ Objective C checkers that warn for null pointer passing and dereferencing errors. +.. _nullability-NullPassedToNonnull: + nullability.NullPassedToNonnull (ObjC) """""""""""""""""""""""""""""""""""""" Warns when a null pointer is passed to a pointer which has a _Nonnull type. @@ -278,6 +314,8 @@ // Warning: nil passed to a callee that requires a non-null 1st parameter NSString *greeting = [@"Hello " stringByAppendingString:name]; +.. _nullability-NullReturnedFromNonnull: + nullability.NullReturnedFromNonnull (ObjC) """""""""""""""""""""""""""""""""""""""""" Warns when a null pointer is returned from a function that has _Nonnull return type. @@ -294,6 +332,8 @@ return result; } +.. _nullability-NullableDereferenced: + nullability.NullableDereferenced (ObjC) """"""""""""""""""""""""""""""""""""""" Warns when a nullable pointer is dereferenced. @@ -313,6 +353,8 @@ next->data = 7; } +.. _nullability-NullablePassedToNonnull: + nullability.NullablePassedToNonnull (ObjC) """""""""""""""""""""""""""""""""""""""""" Warns when a nullable pointer is passed to a pointer which has a _Nonnull type. @@ -328,6 +370,8 @@ takesNonnull(p); // warn } +.. _nullability-NullableReturnedFromNonnull: + nullability.NullableReturnedFromNonnull (ObjC) """""""""""""""""""""""""""""""""""""""""""""" Warns when a nullable pointer is returned from a function that has _Nonnull return type. @@ -339,6 +383,8 @@ Checkers for portability, performance or coding style specific rules. +.. _optin-cplusplus-UninitializedObject: + optin.cplusplus.UninitializedObject (C++) """"""""""""""""""""""""""""""""""""""""" @@ -443,6 +489,8 @@ structures that have a field with a name or type name that matches the given pattern. *Defaults to ""*. +.. _optin-cplusplus-VirtualCall: + optin.cplusplus.VirtualCall (C++) """"""""""""""""""""""""""""""""" Check virtual function calls during construction or destruction. @@ -465,6 +513,8 @@ virtual void f(); }; +.. _optin-mpi-MPI-Checker: + optin.mpi.MPI-Checker (C) """"""""""""""""""""""""" Checks MPI code. @@ -494,6 +544,8 @@ MPI_Wait(&sendReq1[1][7][9], MPI_STATUS_IGNORE); // warn } +.. _optin-osx-cocoa-localizability-EmptyLocalizationContextChecker: + optin.osx.cocoa.localizability.EmptyLocalizationContextChecker (ObjC) """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" Check that NSLocalizedString macros include a comment for context. @@ -507,6 +559,8 @@ @"LocalizedString", nil, [[NSBundle alloc] init], nil,@""); // warn } +.. _optin-osx-cocoa-localizability-NonLocalizedStringChecker: + optin.osx.cocoa.localizability.NonLocalizedStringChecker (ObjC) """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" Warns about uses of non-localized NSStrings passed to UI methods expecting localized NSStrings. @@ -523,14 +577,20 @@ // Warning: User-facing text should use localized string macro [alarmStateLabel setText:alarmText]; +.. _optin-performance-GCDAntipattern: + optin.performance.GCDAntipattern """""""""""""""""""""""""""""""" Check for performance anti-patterns when using Grand Central Dispatch. +.. _optin-performance-Padding: + optin.performance.Padding """"""""""""""""""""""""" Check for excessively padded structs. +.. _optin-portability-UnixAPI: + optin.portability.UnixAPI """"""""""""""""""""""""" Finds implementation-defined behavior in UNIX/Posix functions. @@ -543,6 +603,8 @@ Security related checkers. +.. _security-FloatLoopCounter: + security.FloatLoopCounter (C) """"""""""""""""""""""""""""" Warn on using a floating point value as a loop counter (CERT: FLP30-C, FLP30-CPP). @@ -553,6 +615,8 @@ for (float x = 0.1f; x <= 1.0f; x += 0.1f) {} // warn } +.. _security-insecureAPI-UncheckedReturn: + security.insecureAPI.UncheckedReturn (C) """""""""""""""""""""""""""""""""""""""" Warn on uses of functions whose return values must be always checked. @@ -563,6 +627,8 @@ setuid(1); // warn } +.. _security-insecureAPI-bcmp: + security.insecureAPI.bcmp (C) """"""""""""""""""""""""""""" Warn on uses of the 'bcmp' function. @@ -573,6 +639,8 @@ bcmp(ptr0, ptr1, n); // warn } +.. _security-insecureAPI-bcopy: + security.insecureAPI.bcopy (C) """""""""""""""""""""""""""""" Warn on uses of the 'bcopy' function. @@ -583,6 +651,8 @@ bcopy(src, dst, n); // warn } +.. _security-insecureAPI-bzero: + security.insecureAPI.bzero (C) """""""""""""""""""""""""""""" Warn on uses of the 'bzero' function. @@ -593,6 +663,8 @@ bzero(ptr, n); // warn } +.. _security-insecureAPI-getpw: + security.insecureAPI.getpw (C) """""""""""""""""""""""""""""" Warn on uses of the 'getpw' function. @@ -604,6 +676,8 @@ getpw(2, buff); // warn } +.. _security-insecureAPI-gets: + security.insecureAPI.gets (C) """"""""""""""""""""""""""""" Warn on uses of the 'gets' function. @@ -615,6 +689,8 @@ gets(buff); // warn } +.. _security-insecureAPI-mkstemp: + security.insecureAPI.mkstemp (C) """""""""""""""""""""""""""""""" Warn when 'mkstemp' is passed fewer than 6 X's in the format string. @@ -625,6 +701,8 @@ mkstemp("XX"); // warn } +.. _security-insecureAPI-mktemp: + security.insecureAPI.mktemp (C) """"""""""""""""""""""""""""""" Warn on uses of the ``mktemp`` function. @@ -635,6 +713,8 @@ char *x = mktemp("/tmp/zxcv"); // warn: insecure, use mkstemp } +.. _security-insecureAPI-rand: + security.insecureAPI.rand (C) """"""""""""""""""""""""""""" Warn on uses of inferior random number generating functions (only if arc4random function is available): @@ -646,6 +726,8 @@ random(); // warn } +.. _security-insecureAPI-strcpy: + security.insecureAPI.strcpy (C) """"""""""""""""""""""""""""""" Warn on uses of the ``strcpy`` and ``strcat`` functions. @@ -660,6 +742,8 @@ } +.. _security-insecureAPI-vfork: + security.insecureAPI.vfork (C) """""""""""""""""""""""""""""" Warn on uses of the 'vfork' function. @@ -670,6 +754,8 @@ vfork(); // warn } +.. _security-insecureAPI-DeprecatedOrUnsafeBufferHandling: + security.insecureAPI.DeprecatedOrUnsafeBufferHandling (C) """"""""""""""""""""""""""""""""""""""""""""""""""""""""" Warn on occurrences of unsafe or deprecated buffer handling functions, which now have a secure variant: ``sprintf, vsprintf, scanf, wscanf, fscanf, fwscanf, vscanf, vwscanf, vfscanf, vfwscanf, sscanf, swscanf, vsscanf, vswscanf, swprintf, snprintf, vswprintf, vsnprintf, memcpy, memmove, strncpy, strncat, memset`` @@ -687,6 +773,8 @@ ^^^^ POSIX/Unix checkers. +.. _unix-API: + unix.API (C) """""""""""" Check calls to various UNIX/Posix functions: ``open, pthread_once, calloc, malloc, realloc, alloca``. @@ -694,6 +782,8 @@ .. literalinclude:: checkers/unix_api_example.c :language: c +.. _unix-Malloc: + unix.Malloc (C) """"""""""""""" Check for memory leaks, double free, and use-after-free problems. Traces memory managed by malloc()/free(). @@ -701,6 +791,8 @@ .. literalinclude:: checkers/unix_malloc_example.c :language: c +.. _unix-MallocSizeof: + unix.MallocSizeof (C) """"""""""""""""""""" Check for dubious ``malloc`` arguments involving ``sizeof``. @@ -714,6 +806,8 @@ free(p); } +.. _unix-MismatchedDeallocator: + unix.MismatchedDeallocator (C, C++) """"""""""""""""""""""""""""""""""" Check for mismatched deallocators. @@ -721,6 +815,8 @@ .. literalinclude:: checkers/mismatched_deallocator_example.cpp :language: c +.. _unix-Vfork: + unix.Vfork (C) """""""""""""" Check for proper usage of ``vfork``. @@ -751,6 +847,8 @@ while(1); } +.. _unix-cstring-BadSizeArg: + unix.cstring.BadSizeArg (C) """"""""""""""""""""""""""" Check the size argument passed into C string functions for common erroneous patterns. Use ``-Wno-strncat-size`` compiler option to mute other ``strncat``-related compiler warnings. @@ -763,6 +861,8 @@ // warn: potential buffer overflow } +.. _unix-cstrisng-NullArg: + unix.cstrisng.NullArg (C) """"""""""""""""""""""""" Check for null pointers being passed as arguments to C string functions: @@ -780,6 +880,8 @@ ^^^ macOS checkers. +.. _osx-API: + osx.API (C) """"""""""" Check for proper uses of various Apple APIs. @@ -791,6 +893,8 @@ dispatch_once(&pred, ^(){}); // warn: dispatch_once uses local } +.. _osx-NumberObjectConversion: + osx.NumberObjectConversion (C, C++, ObjC) """"""""""""""""""""""""""""""""""""""""" Check for erroneous conversions of objects representing numbers into numbers. @@ -804,6 +908,8 @@ [self displayPhotos]; } +.. _osx-ObjCProperty: + osx.ObjCProperty (ObjC) """"""""""""""""""""""" Check for proper uses of Objective-C properties. @@ -818,6 +924,8 @@ } +.. _osx-SecKeychainAPI: + osx.SecKeychainAPI (C) """""""""""""""""""""" Check for proper uses of Secure Keychain APIs. @@ -825,6 +933,8 @@ .. literalinclude:: checkers/seckeychainapi_example.m :language: objc +.. _osx-cocoa-AtSync: + osx.cocoa.AtSync (ObjC) """"""""""""""""""""""" Check for nil pointers used as mutexes for @synchronized. @@ -841,10 +951,14 @@ @synchronized(y) {} // warn: uninitialized value used as mutex } +.. _osx-cocoa-AutoreleaseWrite: + osx.cocoa.AutoreleaseWrite """""""""""""""""""""""""" Warn about potentially crashing writes to autoreleasing objects from different autoreleasing pools in Objective-C. +.. _osx-cocoa-ClassRelease: + osx.cocoa.ClassRelease (ObjC) """"""""""""""""""""""""""""" Check for sending 'retain', 'release', or 'autorelease' directly to a Class. @@ -858,6 +972,8 @@ [MyClass release]; // warn } +.. _osx-cocoa-Dealloc: + osx.cocoa.Dealloc (ObjC) """""""""""""""""""""""" Warn about Objective-C classes that lack a correct implementation of -dealloc @@ -865,6 +981,8 @@ .. literalinclude:: checkers/dealloc_example.m :language: objc +.. _osx-cocoa-IncompatibleMethodTypes: + osx.cocoa.IncompatibleMethodTypes (ObjC) """""""""""""""""""""""""""""""""""""""" Warn about Objective-C method signatures with type incompatibilities. @@ -887,10 +1005,14 @@ - (float)foo { return 1.0; } // warn @end +.. _osx-cocoa-Loops: + osx.cocoa.Loops """"""""""""""" Improved modeling of loops using Cocoa collection types. +.. _osx-cocoa-MissingSuperCall: + osx.cocoa.MissingSuperCall (ObjC) """"""""""""""""""""""""""""""""" Warn about Objective-C methods that lack a necessary call to super. @@ -904,6 +1026,8 @@ @end +.. _osx-cocoa-NSAutoreleasePool: + osx.cocoa.NSAutoreleasePool (ObjC) """""""""""""""""""""""""""""""""" Warn for suboptimal uses of NSAutoreleasePool in Objective-C GC mode. @@ -915,6 +1039,8 @@ [pool release]; // warn } +.. _osx-cocoa-NSError: + osx.cocoa.NSError (ObjC) """""""""""""""""""""""" Check usage of NSError parameters. @@ -943,6 +1069,8 @@ } @end +.. _osx-cocoa-NilArg: + osx.cocoa.NilArg (ObjC) """"""""""""""""""""""" Check for prohibited nil arguments to ObjC method calls. @@ -965,10 +1093,14 @@ } +.. _osx-cocoa-NonNilReturnValue: + osx.cocoa.NonNilReturnValue """"""""""""""""""""""""""" Models the APIs that are guaranteed to return a non-nil value. +.. _osx-cocoa-ObjCGenerics: + osx.cocoa.ObjCGenerics (ObjC) """"""""""""""""""""""""""""" Check for type errors when using Objective-C generics. @@ -982,6 +1114,8 @@ // to incompatible type 'NSString *' [birthDates addObject: [NSDate date]]; +.. _osx-cocoa-RetainCount: + osx.cocoa.RetainCount (ObjC) """""""""""""""""""""""""""" Check for leaks and improper reference count management @@ -998,10 +1132,14 @@ } +.. _osx-cocoa-RunLoopAutoreleaseLeak: + osx.cocoa.RunLoopAutoreleaseLeak """""""""""""""""""""""""""""""" Check for leaked memory in autorelease pools that will never be drained. +.. _osx-cocoa-SelfInit: + osx.cocoa.SelfInit (ObjC) """"""""""""""""""""""""" Check that 'self' is properly initialized inside an initializer method. @@ -1034,6 +1172,8 @@ } @end +.. _osx-cocoa-SuperDealloc: + osx.cocoa.SuperDealloc (ObjC) """"""""""""""""""""""""""""" Warn about improper use of '[super dealloc]' in Objective-C. @@ -1052,6 +1192,8 @@ } @end +.. _osx-cocoa-UnusedIvars: + osx.cocoa.UnusedIvars (ObjC) """""""""""""""""""""""""""" Warn about private ivars that are never used. @@ -1067,6 +1209,8 @@ @implementation MyObj @end +.. _osx-cocoa-VariadicMethodTypes: + osx.cocoa.VariadicMethodTypes (ObjC) """""""""""""""""""""""""""""""""""" Check for passing non-Objective-C types to variadic collection @@ -1079,6 +1223,8 @@ // warn: argument should be an ObjC pointer type, not 'char *' } +.. _osx-coreFoundation-CFError: + osx.coreFoundation.CFError (C) """""""""""""""""""""""""""""" Check usage of CFErrorRef* parameters @@ -1095,6 +1241,8 @@ return 0; } +.. _osx-coreFoundation-CFNumber: + osx.coreFoundation.CFNumber (C) """"""""""""""""""""""""""""""" Check for proper uses of CFNumber APIs. @@ -1106,6 +1254,8 @@ // warn: 8 bit integer is used to initialize a 16 bit integer } +.. _osx-coreFoundation-CFRetainRelease: + osx.coreFoundation.CFRetainRelease (C) """""""""""""""""""""""""""""""""""""" Check for null arguments to CFRetain/CFRelease/CFMakeCollectable. @@ -1124,6 +1274,8 @@ CFRelease(p); // warn } +.. _osx-coreFoundation-containers-OutOfBounds: + osx.coreFoundation.containers.OutOfBounds (C) """"""""""""""""""""""""""""""""""""""""""""" Checks for index out-of-bounds when using 'CFArray' API. @@ -1135,6 +1287,8 @@ CFArrayGetValueAtIndex(A, 0); // warn } +.. _osx-coreFoundation-containers-PointerSizedValues: + osx.coreFoundation.containers.PointerSizedValues (C) """""""""""""""""""""""""""""""""""""""""""""""""""" Warns if 'CFArray', 'CFDictionary', 'CFSet' are created with non-pointer-size values. @@ -1158,6 +1312,8 @@ alpha.clone ^^^^^^^^^^^ +.. _alpha-clone-CloneChecker: + alpha.clone.CloneChecker (C, C++, ObjC) """"""""""""""""""""""""""""""""""""""" Reports similar pieces of code. @@ -1180,6 +1336,8 @@ return y; } +.. _alpha-core-BoolAssignment: + alpha.core.BoolAssignment (ObjC) """""""""""""""""""""""""""""""" Warn about assigning non-{0,1} values to boolean variables. @@ -1193,6 +1351,8 @@ alpha.core ^^^^^^^^^^ +.. _alpha-core-CallAndMessageUnInitRefArg: + alpha.core.CallAndMessageUnInitRefArg (C,C++, ObjC) """"""""""""""""""""""""""""""""""""""""""""""""""" Check for logical errors for function calls and Objective-C @@ -1213,6 +1373,8 @@ foo(&x); // warn } +.. _alpha-core-CastSize: + alpha.core.CastSize (C) """"""""""""""""""""""" Check when casting a malloc'ed type ``T``, whether the size is a multiple of the size of ``T``. @@ -1223,6 +1385,8 @@ int *x = (int *) malloc(11); // warn } +.. _alpha-core-CastToStruct: + alpha.core.CastToStruct (C, C++) """""""""""""""""""""""""""""""" Check for cast from non-struct pointer to struct pointer. @@ -1243,6 +1407,8 @@ c *pc = (c *) p; // warn } +.. _alpha-core-Conversion: + alpha.core.Conversion (C, C++, ObjC) """""""""""""""""""""""""""""""""""" Loss of sign/precision in implicit conversions. @@ -1265,6 +1431,8 @@ short X = A; // warn (loss of precision) } +.. _alpha-core-DynamicTypeChecker: + alpha.core.DynamicTypeChecker (ObjC) """""""""""""""""""""""""""""""""""" Check for cases where the dynamic and the static type of an object are unrelated. @@ -1279,6 +1447,8 @@ NSNumber *number = date; [number doubleValue]; +.. _alpha-core-FixedAddr: + alpha.core.FixedAddr (C) """""""""""""""""""""""" Check for assignment of a fixed address to a pointer. @@ -1290,6 +1460,8 @@ p = (int *) 0x10000; // warn } +.. _alpha-core-IdenticalExpr: + alpha.core.IdenticalExpr (C, C++) """"""""""""""""""""""""""""""""" Warn about unintended use of identical expressions in operators. @@ -1318,6 +1490,8 @@ } } +.. _alpha-core-PointerArithm: + alpha.core.PointerArithm (C) """""""""""""""""""""""""""" Check for pointer arithmetic on locations other than array elements. @@ -1330,6 +1504,8 @@ p = &x + 1; // warn } +.. _alpha-core-PointerSub: + alpha.core.PointerSub (C) """"""""""""""""""""""""" Check for pointer subtractions on two pointers pointing to different memory chunks. @@ -1341,6 +1517,8 @@ int d = &y - &x; // warn } +.. _alpha-core-SizeofPtr: + alpha.core.SizeofPtr (C) """""""""""""""""""""""" Warn about unintended use of ``sizeof()`` on pointer expressions. @@ -1354,6 +1532,8 @@ // warn: sizeof(ptr) can produce an unexpected result } +.. _alpha-core-StackAddressAsyncEscape: + alpha.core.StackAddressAsyncEscape (C) """""""""""""""""""""""""""""""""""""" Check that addresses to stack memory do not escape the function that involves dispatch_after or dispatch_async. @@ -1376,6 +1556,8 @@ // returned block } +.. _alpha-core-TestAfterDivZero: + alpha.core.TestAfterDivZero (C) """"""""""""""""""""""""""""""" Check for division by variable that is later compared against 0. @@ -1391,6 +1573,8 @@ alpha.cplusplus ^^^^^^^^^^^^^^^ +.. _alpha-cplusplus-DeleteWithNonVirtualDtor: + alpha.cplusplus.DeleteWithNonVirtualDtor (C++) """""""""""""""""""""""""""""""""""""""""""""" Reports destructions of polymorphic objects with a non-virtual destructor in their base class. @@ -1408,6 +1592,8 @@ // destructor } +.. _alpha-cplusplus-EnumCastOutOfRange: + alpha.cplusplus.EnumCastOutOfRange (C++) """""""""""""""""""""""""""""""""""""""" Check for integer to enumeration casts that could result in undefined values. @@ -1423,6 +1609,8 @@ // warn: the value provided to the cast expression is not in the valid range of values for the enum +.. _alpha-cplusplus-InvalidatedIterator: + alpha.cplusplus.InvalidatedIterator (C++) """"""""""""""""""""""""""""""""""""""""" Check for use of invalidated iterators. @@ -1437,6 +1625,8 @@ } +.. _alpha-cplusplus-IteratorRange: + alpha.cplusplus.IteratorRange (C++) """"""""""""""""""""""""""""""""""" Check for iterators used outside their valid ranges. @@ -1448,6 +1638,8 @@ *i; // warn: iterator accessed outside of its range } +.. _alpha-cplusplus-MismatchedIterator: + alpha.cplusplus.MismatchedIterator (C++) """""""""""""""""""""""""""""""""""""""" Check for use of iterators of different containers where iterators of the same container are expected. @@ -1470,6 +1662,8 @@ // expected } +.. _alpha-cplusplus-MisusedMovedObject: + alpha.cplusplus.MisusedMovedObject (C++) """""""""""""""""""""""""""""""""""""""" Method calls on a moved-from object and copying a moved-from object will be reported. @@ -1489,6 +1683,8 @@ alpha.deadcode ^^^^^^^^^^^^^^ +.. _alpha-deadcode-UnreachableCode: + alpha.deadcode.UnreachableCode (C, C++) """"""""""""""""""""""""""""""""""""""" Check unreachable code. @@ -1522,6 +1718,8 @@ alpha.llvm ^^^^^^^^^^ +.. _alpha-llvm-Conventions: + alpha.llvm.Conventions """""""""""""""""""""" @@ -1534,6 +1732,8 @@ alpha.osx ^^^^^^^^^ +.. _alpha-osx-cocoa-DirectIvarAssignment: + alpha.osx.cocoa.DirectIvarAssignment (ObjC) """"""""""""""""""""""""""""""""""""""""""" Check for direct assignments to instance variables. @@ -1552,6 +1752,8 @@ } @end +.. _alpha-osx-cocoa-DirectIvarAssignmentForAnnotatedFunctions: + alpha.osx.cocoa.DirectIvarAssignmentForAnnotatedFunctions (ObjC) """""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" Check for direct assignments to instance variables in @@ -1576,6 +1778,8 @@ @end +.. _alpha-osx-cocoa-InstanceVariableInvalidation: + alpha.osx.cocoa.InstanceVariableInvalidation (ObjC) """"""""""""""""""""""""""""""""""""""""""""""""""" Check that the invalidatable instance variables are @@ -1602,6 +1806,8 @@ @end // warn: var needs to be invalidated or set to nil +.. _alpha-osx-cocoa-MissingInvalidationMethod: + alpha.osx.cocoa.MissingInvalidationMethod (ObjC) """""""""""""""""""""""""""""""""""""""""""""""" Check that the invalidation methods are present in classes that contain invalidatable instance variables. @@ -1624,6 +1830,8 @@ @implementation MissingInvalidationMethodDecl @end +.. _alpha-osx-cocoa-localizability-PluralMisuseChecker: + alpha.osx.cocoa.localizability.PluralMisuseChecker (ObjC) """"""""""""""""""""""""""""""""""""""""""""""""""""""""" Warns against using one vs. many plural pattern in code when generating localized strings. @@ -1648,6 +1856,8 @@ alpha.security ^^^^^^^^^^^^^^ +.. _alpha-security-ArrayBound: + alpha.security.ArrayBound (C) """"""""""""""""""""""""""""" Warn about buffer overflows (older checker). @@ -1684,6 +1894,8 @@ b[1] = 3; // warn } +.. _alpha-security-ArrayBoundV2: + alpha.security.ArrayBoundV2 (C) """"""""""""""""""""""""""""""" Warn about buffer overflows (newer checker). @@ -1716,6 +1928,8 @@ char c = s[x]; // warn: index is tainted } +.. _alpha-security-MallocOverflow: + alpha.security.MallocOverflow (C) """"""""""""""""""""""""""""""""" Check for overflows in the arguments to malloc(). @@ -1726,6 +1940,8 @@ void *p = malloc(n * sizeof(int)); // warn } +.. _alpha-security-MmapWriteExec: + alpha.security.MmapWriteExec (C) """""""""""""""""""""""""""""""" Warn on mmap() calls that are both writable and executable. @@ -1740,6 +1956,8 @@ // code } +.. _alpha-security-ReturnPtrRange: + alpha.security.ReturnPtrRange (C) """"""""""""""""""""""""""""""""" Check for an out-of-bound pointer being returned to callers. @@ -1758,6 +1976,8 @@ return x; // warn: undefined or garbage returned } +.. _alpha-security-taint-TaintPropagation: + alpha.security.taint.TaintPropagation (C, C++) """""""""""""""""""""""""""""""""""""""""""""" Generate taint information used by other checkers. @@ -1790,6 +2010,8 @@ alpha.unix ^^^^^^^^^^^ +.. _alpha-unix-BlockInCriticalSection: + alpha.unix.BlockInCriticalSection (C) """"""""""""""""""""""""""""""""""""" Check for calls to blocking functions inside a critical section. @@ -1806,6 +2028,8 @@ m.unlock(); } +.. _alpha-unix-Chroot: + alpha.unix.Chroot (C) """"""""""""""""""""" Check improper use of chroot. @@ -1819,6 +2043,8 @@ f(); // warn: no call of chdir("/") immediately after chroot } +.. _alpha-unix-PthreadLock: + alpha.unix.PthreadLock (C) """""""""""""""""""""""""" Simple lock -> unlock checker. @@ -1857,6 +2083,8 @@ // warn: this was not the most recently acquired lock } +.. _alpha-unix-SimpleStream: + alpha.unix.SimpleStream (C) """"""""""""""""""""""""""" Check for misuses of stream APIs. Check for misuses of stream APIs: ``fopen, fclose`` @@ -1879,6 +2107,8 @@ fclose(F); // warn: closing a previously closed file stream } +.. _alpha-unix-Stream: + alpha.unix.Stream (C) """"""""""""""""""""" Check stream handling functions: ``fopen, tmpfile, fclose, fread, fwrite, fseek, ftell, rewind, fgetpos,`` @@ -1919,6 +2149,8 @@ } +.. _alpha-unix-cstring-BufferOverlap: + alpha.unix.cstring.BufferOverlap (C) """""""""""""""""""""""""""""""""""" Checks for overlap in two buffer arguments. Applies to: ``memcpy, mempcpy``. @@ -1930,6 +2162,8 @@ memcpy(a + 2, a + 1, 8); // warn } +.. _alpha-unix-cstring-NotNullTerminated: + alpha.unix.cstring.NotNullTerminated (C) """""""""""""""""""""""""""""""""""""""" Check for arguments which are not null-terminated strings; applies to: ``strlen, strnlen, strcpy, strncpy, strcat, strncat``. @@ -1940,6 +2174,8 @@ int y = strlen((char *)&test); // warn } +.. _alpha-unix-cstring-OutOfBounds: + alpha.unix.cstring.OutOfBounds (C) """""""""""""""""""""""""""""""""" Check for out-of-bounds access in string functions; applies to:`` strncopy, strncat``. @@ -1951,6 +2187,8 @@ int y = strlen((char *)&test); // warn } +.. _alpha-nondeterminism-PointerIteration: + alpha.nondeterminism.PointerIteration (C++) """"""""""""""""""""""""""""""""""""""""""" Check for non-determinism caused by iterating unordered containers of pointers. @@ -1965,6 +2203,8 @@ f(i); } +.. _alpha-nondeterminism-PointerSorting: + alpha.nondeterminism.PointerSorting (C++) """"""""""""""""""""""""""""""""""""""""" Check for non-determinism caused by sorting of pointers. @@ -1990,58 +2230,86 @@ Checkers used for debugging the analyzer. :doc:`developer-docs/DebugChecks` page contains a detailed description. +.. _debug-AnalysisOrder: + debug.AnalysisOrder """"""""""""""""""" Print callbacks that are called during analysis in order. +.. _debug-ConfigDumper: + debug.ConfigDumper """""""""""""""""" Dump config table. +.. _debug-DumpCFG Display: + debug.DumpCFG Display """"""""""""""""""""" Control-Flow Graphs. +.. _debug-DumpCallGraph: + debug.DumpCallGraph """"""""""""""""""" Display Call Graph. +.. _debug-DumpCalls: + debug.DumpCalls """"""""""""""" Print calls as they are traversed by the engine. +.. _debug-DumpDominators: + debug.DumpDominators """""""""""""""""""" Print the dominance tree for a given CFG. +.. _debug-DumpLiveVars: + debug.DumpLiveVars """""""""""""""""" Print results of live variable analysis. +.. _debug-DumpTraversal: + debug.DumpTraversal """"""""""""""""""" Print branch conditions as they are traversed by the engine. +.. _debug-ExprInspection: + debug.ExprInspection """""""""""""""""""" Check the analyzer's understanding of expressions. +.. _debug-Stats: + debug.Stats """"""""""" Emit warnings with analyzer statistics. +.. _debug-TaintTest: + debug.TaintTest """"""""""""""" Mark tainted symbols as such. +.. _debug-ViewCFG: + debug.ViewCFG """"""""""""" View Control-Flow Graphs using GraphViz. +.. _debug-ViewCallGraph: + debug.ViewCallGraph """"""""""""""""""" View Call Graph using GraphViz. +.. _debug-ViewExplodedGraph: + debug.ViewExplodedGraph """"""""""""""""""""""" View Exploded Graphs using GraphViz.