1 //===--- Checkers.td - Static Analyzer Checkers -===-----------------------===//
3 // The LLVM Compiler Infrastructure
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
8 //===----------------------------------------------------------------------===//
10 include "clang/StaticAnalyzer/Checkers/CheckerBase.td"
12 //===----------------------------------------------------------------------===//
14 //===----------------------------------------------------------------------===//
16 def Experimental : Package<"experimental">;
18 def Core : Package<"core">;
19 def CoreBuiltin : Package<"builtin">, InPackage<Core>;
20 def CoreUninitialized : Package<"uninitialized">, InPackage<Core>;
21 def CoreExperimental : Package<"core">, InPackage<Experimental>, Hidden;
23 def Cplusplus : Package<"cplusplus">;
24 def CplusplusExperimental : Package<"cplusplus">, InPackage<Experimental>, Hidden;
26 def DeadCode : Package<"deadcode">;
27 def DeadCodeExperimental : Package<"deadcode">, InPackage<Experimental>, Hidden;
29 def Security : Package <"security">;
30 def InsecureAPI : Package<"insecureAPI">, InPackage<Security>;
31 def SecurityExperimental : Package<"security">, InPackage<Experimental>, Hidden;
32 def Taint : Package<"taint">, InPackage<SecurityExperimental>, Hidden;
34 def Unix : Package<"unix">;
35 def UnixExperimental : Package<"unix">, InPackage<Experimental>, Hidden;
36 def CString : Package<"cstring">, InPackage<Unix>, Hidden;
37 def CStringExperimental : Package<"cstring">, InPackage<UnixExperimental>, Hidden;
39 def OSX : Package<"osx">;
40 def OSXExperimental : Package<"osx">, InPackage<Experimental>, Hidden;
41 def Cocoa : Package<"cocoa">, InPackage<OSX>;
42 def CocoaExperimental : Package<"cocoa">, InPackage<OSXExperimental>, Hidden;
43 def CoreFoundation : Package<"coreFoundation">, InPackage<OSX>;
44 def Containers : Package<"containers">, InPackage<CoreFoundation>;
46 def LLVM : Package<"llvm">;
47 def Debug : Package<"debug">;
49 //===----------------------------------------------------------------------===//
51 //===----------------------------------------------------------------------===//
53 let ParentPackage = Core in {
55 def DereferenceChecker : Checker<"NullDereference">,
56 HelpText<"Check for dereferences of null pointers">,
57 DescFile<"DereferenceChecker.cpp">;
59 def CallAndMessageChecker : Checker<"CallAndMessage">,
60 HelpText<"Check for logical errors for function calls and Objective-C message expressions (e.g., uninitialized arguments, null function pointers)">,
61 DescFile<"CallAndMessageChecker.cpp">;
63 def AdjustedReturnValueChecker : Checker<"AdjustedReturnValue">,
64 HelpText<"Check to see if the return value of a function call is different than the caller expects (e.g., from calls through function pointers)">,
65 DescFile<"AdjustedReturnValueChecker.cpp">;
67 def AttrNonNullChecker : Checker<"AttributeNonNull">,
68 HelpText<"Check for null pointers passed as arguments to a function whose arguments are marked with the 'nonnull' attribute">,
69 DescFile<"AttrNonNullChecker.cpp">;
71 def VLASizeChecker : Checker<"VLASize">,
72 HelpText<"Check for declarations of VLA of undefined or zero size">,
73 DescFile<"VLASizeChecker.cpp">;
75 def DivZeroChecker : Checker<"DivideZero">,
76 HelpText<"Check for division by zero">,
77 DescFile<"DivZeroChecker.cpp">;
79 def UndefResultChecker : Checker<"UndefinedBinaryOperatorResult">,
80 HelpText<"Check for undefined results of binary operators">,
81 DescFile<"UndefResultChecker.cpp">;
83 def StackAddrEscapeChecker : Checker<"StackAddressEscape">,
84 HelpText<"Check that addresses to stack memory do not escape the function">,
85 DescFile<"StackAddrEscapeChecker.cpp">;
89 let ParentPackage = CoreExperimental in {
91 def BoolAssignmentChecker : Checker<"BoolAssignment">,
92 HelpText<"Warn about assigning non-{0,1} values to Boolean variables">,
93 DescFile<"BoolAssignmentChecker.cpp">;
95 def CastSizeChecker : Checker<"CastSize">,
96 HelpText<"Check when casting a malloc'ed type T, whether the size is a multiple of the size of T">,
97 DescFile<"CastSizeChecker.cpp">;
99 def CastToStructChecker : Checker<"CastToStruct">,
100 HelpText<"Check for cast from non-struct pointer to struct pointer">,
101 DescFile<"CastToStructChecker.cpp">;
103 def FixedAddressChecker : Checker<"FixedAddr">,
104 HelpText<"Check for assignment of a fixed address to a pointer">,
105 DescFile<"FixedAddressChecker.cpp">;
107 def PointerArithChecker : Checker<"PointerArithm">,
108 HelpText<"Check for pointer arithmetic on locations other than array elements">,
109 DescFile<"PointerArithChecker">;
111 def PointerSubChecker : Checker<"PointerSub">,
112 HelpText<"Check for pointer subtractions on two pointers pointing to different memory chunks">,
113 DescFile<"PointerSubChecker">;
115 def SizeofPointerChecker : Checker<"SizeofPtr">,
116 HelpText<"Warn about unintended use of sizeof() on pointer expressions">,
117 DescFile<"CheckSizeofPointer.cpp">;
119 } // end "core.experimental"
121 //===----------------------------------------------------------------------===//
122 // Evaluate "builtin" functions.
123 //===----------------------------------------------------------------------===//
125 let ParentPackage = CoreBuiltin in {
127 def NoReturnFunctionChecker : Checker<"NoReturnFunctions">,
128 HelpText<"Evaluate \"panic\" functions that are known to not return to the caller">,
129 DescFile<"NoReturnFunctionChecker.cpp">;
131 def BuiltinFunctionChecker : Checker<"BuiltinFunctions">,
132 HelpText<"Evaluate compiler builtin functions (e.g., alloca())">,
133 DescFile<"BuiltinFunctionChecker.cpp">;
135 } // end "core.builtin"
137 //===----------------------------------------------------------------------===//
138 // Uninitialized values checkers.
139 //===----------------------------------------------------------------------===//
141 let ParentPackage = CoreUninitialized in {
143 def UndefinedArraySubscriptChecker : Checker<"ArraySubscript">,
144 HelpText<"Check for uninitialized values used as array subscripts">,
145 DescFile<"UndefinedArraySubscriptChecker.cpp">;
147 def UndefinedAssignmentChecker : Checker<"Assign">,
148 HelpText<"Check for assigning uninitialized values">,
149 DescFile<"UndefinedAssignmentChecker.cpp">;
151 def UndefBranchChecker : Checker<"Branch">,
152 HelpText<"Check for uninitialized values used as branch conditions">,
153 DescFile<"UndefBranchChecker.cpp">;
155 def UndefCapturedBlockVarChecker : Checker<"CapturedBlockVariable">,
156 HelpText<"Check for blocks that capture uninitialized values">,
157 DescFile<"UndefCapturedBlockVarChecker.cpp">;
159 def ReturnUndefChecker : Checker<"UndefReturn">,
160 HelpText<"Check for uninitialized values being returned to the caller">,
161 DescFile<"ReturnUndefChecker.cpp">;
163 } // end "core.uninitialized"
165 //===----------------------------------------------------------------------===//
167 //===----------------------------------------------------------------------===//
169 let ParentPackage = CplusplusExperimental in {
171 def IteratorsChecker : Checker<"Iterators">,
172 HelpText<"Check improper uses of STL vector iterators">,
173 DescFile<"IteratorsChecker.cpp">;
175 def VirtualCallChecker : Checker<"VirtualCall">,
176 HelpText<"Check virtual function calls during construction or destruction">,
177 DescFile<"VirtualCallChecker.cpp">;
179 } // end: "cplusplus.experimental"
181 //===----------------------------------------------------------------------===//
182 // Deadcode checkers.
183 //===----------------------------------------------------------------------===//
185 let ParentPackage = DeadCode in {
187 def DeadStoresChecker : Checker<"DeadStores">,
188 HelpText<"Check for values stored to variables that are never read afterwards">,
189 DescFile<"DeadStoresChecker.cpp">;
192 let ParentPackage = DeadCodeExperimental in {
194 def IdempotentOperationChecker : Checker<"IdempotentOperations">,
195 HelpText<"Warn about idempotent operations">,
196 DescFile<"IdempotentOperationChecker.cpp">;
198 def UnreachableCodeChecker : Checker<"UnreachableCode">,
199 HelpText<"Check unreachable code">,
200 DescFile<"UnreachableCodeChecker.cpp">;
202 } // end "deadcode.experimental"
204 //===----------------------------------------------------------------------===//
205 // Security checkers.
206 //===----------------------------------------------------------------------===//
208 let ParentPackage = InsecureAPI in {
209 def gets : Checker<"gets">,
210 HelpText<"Warn on uses of the 'gets' function">,
211 DescFile<"CheckSecuritySyntaxOnly.cpp">;
212 def getpw : Checker<"getpw">,
213 HelpText<"Warn on uses of the 'getpw' function">,
214 DescFile<"CheckSecuritySyntaxOnly.cpp">;
215 def mktemp : Checker<"mktemp">,
216 HelpText<"Warn on uses of the 'mktemp' function">,
217 DescFile<"CheckSecuritySyntaxOnly.cpp">;
218 def mkstemp : Checker<"mkstemp">,
219 HelpText<"Warn when 'mkstemp' is passed fewer than 6 X's in the format string">,
220 DescFile<"CheckSecuritySyntaxOnly.cpp">;
221 def rand : Checker<"rand">,
222 HelpText<"Warn on uses of the 'rand', 'random', and related functions">,
223 DescFile<"CheckSecuritySyntaxOnly.cpp">;
224 def strcpy : Checker<"strcpy">,
225 HelpText<"Warn on uses of the 'strcpy' and 'strcat' functions">,
226 DescFile<"CheckSecuritySyntaxOnly.cpp">;
227 def vfork : Checker<"vfork">,
228 HelpText<"Warn on uses of the 'vfork' function">,
229 DescFile<"CheckSecuritySyntaxOnly.cpp">;
230 def UncheckedReturn : Checker<"UncheckedReturn">,
231 HelpText<"Warn on uses of functions whose return values must be always checked">,
232 DescFile<"CheckSecuritySyntaxOnly.cpp">;
234 let ParentPackage = Security in {
235 def FloatLoopCounter : Checker<"FloatLoopCounter">,
236 HelpText<"Warn on using a floating point value as a loop counter (CERT: FLP30-C, FLP30-CPP)">,
237 DescFile<"CheckSecuritySyntaxOnly.cpp">;
240 let ParentPackage = SecurityExperimental in {
242 def ArrayBoundChecker : Checker<"ArrayBound">,
243 HelpText<"Warn about buffer overflows (older checker)">,
244 DescFile<"ArrayBoundChecker.cpp">;
246 def ArrayBoundCheckerV2 : Checker<"ArrayBoundV2">,
247 HelpText<"Warn about buffer overflows (newer checker)">,
248 DescFile<"ArrayBoundCheckerV2.cpp">;
250 def ReturnPointerRangeChecker : Checker<"ReturnPtrRange">,
251 HelpText<"Check for an out-of-bound pointer being returned to callers">,
252 DescFile<"ReturnPointerRangeChecker.cpp">;
254 def MallocOverflowSecurityChecker : Checker<"MallocOverflow">,
255 HelpText<"Check for overflows in the arguments to malloc()">,
256 DescFile<"MallocOverflowSecurityChecker.cpp">;
258 } // end "security.experimental"
260 //===----------------------------------------------------------------------===//
262 //===----------------------------------------------------------------------===//
264 let ParentPackage = Taint in {
266 def GenericTaintChecker : Checker<"TaintPropagation">,
267 HelpText<"Generate taint information used by other checkers">,
268 DescFile<"GenericTaintChecker.cpp">;
270 } // end "experimental.security.taint"
272 //===----------------------------------------------------------------------===//
273 // Unix API checkers.
274 //===----------------------------------------------------------------------===//
276 let ParentPackage = Unix in {
278 def UnixAPIChecker : Checker<"API">,
279 HelpText<"Check calls to various UNIX/Posix functions">,
280 DescFile<"UnixAPIChecker.cpp">;
282 def MallocPessimistic : Checker<"Malloc">,
283 HelpText<"Check for memory leaks, double free, and use-after-free problems.">,
284 DescFile<"MallocChecker.cpp">;
288 let ParentPackage = UnixExperimental in {
290 def ChrootChecker : Checker<"Chroot">,
291 HelpText<"Check improper use of chroot">,
292 DescFile<"ChrootChecker.cpp">;
294 def MallocOptimistic : Checker<"MallocWithAnnotations">,
295 HelpText<"Check for memory leaks, double free, and use-after-free problems. Assumes that all user-defined functions which might free a pointer are annotated.">,
296 DescFile<"MallocChecker.cpp">;
298 def MallocSizeofChecker : Checker<"MallocSizeof">,
299 HelpText<"Check for dubious malloc arguments involving sizeof">,
300 DescFile<"MallocSizeofChecker.cpp">;
302 def PthreadLockChecker : Checker<"PthreadLock">,
303 HelpText<"Simple lock -> unlock checker">,
304 DescFile<"PthreadLockChecker.cpp">;
306 def StreamChecker : Checker<"Stream">,
307 HelpText<"Check stream handling functions">,
308 DescFile<"StreamChecker.cpp">;
310 } // end "unix.experimental"
312 let ParentPackage = CString in {
314 def CStringNullArg : Checker<"NullArg">,
315 HelpText<"Check for null pointers being passed as arguments to C string functions">,
316 DescFile<"CStringChecker.cpp">;
318 def CStringSyntaxChecker : Checker<"BadSizeArg">,
319 HelpText<"Check the size argument passed into C string functions for common erroneous patterns">,
320 DescFile<"CStringSyntaxChecker.cpp">;
323 let ParentPackage = CStringExperimental in {
325 def CStringOutOfBounds : Checker<"OutOfBounds">,
326 HelpText<"Check for out-of-bounds access in string functions">,
327 DescFile<"CStringChecker.cpp">;
329 def CStringBufferOverlap : Checker<"BufferOverlap">,
330 HelpText<"Checks for overlap in two buffer arguments">,
331 DescFile<"CStringChecker.cpp">;
333 def CStringNotNullTerm : Checker<"NotNullTerminated">,
334 HelpText<"Check for arguments which are not null-terminating strings">,
335 DescFile<"CStringChecker.cpp">;
338 //===----------------------------------------------------------------------===//
339 // Mac OS X, Cocoa, and Core Foundation checkers.
340 //===----------------------------------------------------------------------===//
342 let ParentPackage = OSX in {
344 def MacOSXAPIChecker : Checker<"API">,
346 HelpText<"Check for proper uses of various Mac OS X APIs">,
347 DescFile<"MacOSXAPIChecker.cpp">;
349 def OSAtomicChecker : Checker<"AtomicCAS">,
351 HelpText<"Evaluate calls to OSAtomic functions">,
352 DescFile<"OSAtomicChecker.cpp">;
354 def MacOSKeychainAPIChecker : Checker<"SecKeychainAPI">,
356 HelpText<"Check for proper uses of Secure Keychain APIs">,
357 DescFile<"MacOSKeychainAPIChecker.cpp">;
361 let ParentPackage = Cocoa in {
363 def ObjCAtSyncChecker : Checker<"AtSync">,
364 HelpText<"Check for null pointers used as mutexes for @synchronized">,
365 DescFile<"ObjCAtSyncChecker.cpp">;
367 def NilArgChecker : Checker<"NilArg">,
368 HelpText<"Check for prohibited nil arguments to ObjC method calls">,
369 DescFile<"BasicObjCFoundationChecks.cpp">;
371 def ClassReleaseChecker : Checker<"ClassRelease">,
372 HelpText<"Check for sending 'retain', 'release', or 'autorelease' directly to a Class">,
373 DescFile<"BasicObjCFoundationChecks.cpp">;
375 def VariadicMethodTypeChecker : Checker<"VariadicMethodTypes">,
376 HelpText<"Check for passing non-Objective-C types to variadic methods that expect "
377 "only Objective-C types">,
378 DescFile<"BasicObjCFoundationChecks.cpp">;
380 def NSAutoreleasePoolChecker : Checker<"NSAutoreleasePool">,
381 HelpText<"Warn for suboptimal uses of NSAutoreleasePool in Objective-C GC mode">,
382 DescFile<"NSAutoreleasePoolChecker.cpp">;
384 def ObjCMethSigsChecker : Checker<"IncompatibleMethodTypes">,
385 HelpText<"Warn about Objective-C method signatures with type incompatibilities">,
386 DescFile<"CheckObjCInstMethSignature.cpp">;
388 def ObjCUnusedIvarsChecker : Checker<"UnusedIvars">,
389 HelpText<"Warn about private ivars that are never used">,
390 DescFile<"ObjCUnusedIVarsChecker.cpp">;
392 def ObjCSelfInitChecker : Checker<"SelfInit">,
393 HelpText<"Check that 'self' is properly initialized inside an initializer method">,
394 DescFile<"ObjCSelfInitChecker.cpp">;
396 def NSErrorChecker : Checker<"NSError">,
397 HelpText<"Check usage of NSError** parameters">,
398 DescFile<"NSErrorChecker.cpp">;
400 def RetainCountChecker : Checker<"RetainCount">,
401 HelpText<"Check for leaks and improper reference count management">,
402 DescFile<"RetainCountChecker.cpp">;
406 let ParentPackage = CocoaExperimental in {
408 def ObjCDeallocChecker : Checker<"Dealloc">,
409 HelpText<"Warn about Objective-C classes that lack a correct implementation of -dealloc">,
410 DescFile<"CheckObjCDealloc.cpp">;
412 } // end "cocoa.experimental"
414 let ParentPackage = CoreFoundation in {
416 def CFNumberCreateChecker : Checker<"CFNumber">,
417 HelpText<"Check for proper uses of CFNumberCreate">,
418 DescFile<"BasicObjCFoundationChecks.cpp">;
420 def CFRetainReleaseChecker : Checker<"CFRetainRelease">,
421 HelpText<"Check for null arguments to CFRetain/CFRelease">,
422 DescFile<"BasicObjCFoundationChecks.cpp">;
424 def CFErrorChecker : Checker<"CFError">,
425 HelpText<"Check usage of CFErrorRef* parameters">,
426 DescFile<"NSErrorChecker.cpp">;
429 let ParentPackage = Containers in {
430 def ObjCContainersASTChecker : Checker<"PointerSizedValues">,
431 HelpText<"Warns if 'CFArray', 'CFDictionary', 'CFSet' are created with non-pointer-size values">,
432 DescFile<"ObjCContainersASTChecker.cpp">;
434 def ObjCContainersChecker : Checker<"OutOfBounds">,
435 HelpText<"Checks for index out-of-bounds when using 'CFArray' API">,
436 DescFile<"ObjCContainersChecker.cpp">;
439 //===----------------------------------------------------------------------===//
440 // Checkers for LLVM development.
441 //===----------------------------------------------------------------------===//
443 def LLVMConventionsChecker : Checker<"Conventions">,
445 HelpText<"Check code for LLVM codebase conventions">,
446 DescFile<"LLVMConventionsChecker.cpp">;
448 //===----------------------------------------------------------------------===//
449 // Debugging checkers (for analyzer development).
450 //===----------------------------------------------------------------------===//
452 let ParentPackage = Debug in {
454 def DominatorsTreeDumper : Checker<"DumpDominators">,
455 HelpText<"Print the dominance tree for a given CFG">,
456 DescFile<"DebugCheckers.cpp">;
458 def LiveVariablesDumper : Checker<"DumpLiveVars">,
459 HelpText<"Print results of live variable analysis">,
460 DescFile<"DebugCheckers.cpp">;
462 def CFGViewer : Checker<"ViewCFG">,
463 HelpText<"View Control-Flow Graphs using GraphViz">,
464 DescFile<"DebugCheckers.cpp">;
466 def CFGDumper : Checker<"DumpCFG">,
467 HelpText<"Display Control-Flow Graphs">,
468 DescFile<"DebugCheckers.cpp">;
470 def CallGraphViewer : Checker<"ViewCallGraph">,
471 HelpText<"View Call Graph using GraphViz">,
472 DescFile<"DebugCheckers.cpp">;
474 def CallGraphDumper : Checker<"DumpCallGraph">,
475 HelpText<"Display Call Graph">,
476 DescFile<"DebugCheckers.cpp">;
478 def AnalyzerStatsChecker : Checker<"Stats">,
479 HelpText<"Emit warnings with analyzer statistics">,
480 DescFile<"AnalyzerStatsChecker.cpp">;
482 def TaintTesterChecker : Checker<"TaintTest">,
483 HelpText<"Mark tainted symbols as such.">,
484 DescFile<"TaintTesterChecker.cpp">;
projects / FreeBSD / stable / 9.git / blob