Checkers.td revision 3d578130c438585476d31f0e8c0bf3223992d683
1//===--- Checkers.td - Static Analyzer Checkers -===-----------------------===// 2// 3// The LLVM Compiler Infrastructure 4// 5// This file is distributed under the University of Illinois Open Source 6// License. See LICENSE.TXT for details. 7// 8//===----------------------------------------------------------------------===// 9 10include "clang/StaticAnalyzer/Checkers/CheckerBase.td" 11 12//===----------------------------------------------------------------------===// 13// Packages. 14//===----------------------------------------------------------------------===// 15 16def Alpha : Package<"alpha">; 17 18def Core : Package<"core">; 19def CoreBuiltin : Package<"builtin">, InPackage<Core>; 20def CoreUninitialized : Package<"uninitialized">, InPackage<Core>; 21def CoreAlpha : Package<"core">, InPackage<Alpha>, Hidden; 22 23def Cplusplus : Package<"cplusplus">; 24def CplusplusAlpha : Package<"cplusplus">, InPackage<Alpha>, Hidden; 25 26def DeadCode : Package<"deadcode">; 27def DeadCodeAlpha : Package<"deadcode">, InPackage<Alpha>, Hidden; 28 29def Security : Package <"security">; 30def InsecureAPI : Package<"insecureAPI">, InPackage<Security>; 31def SecurityAlpha : Package<"security">, InPackage<Alpha>, Hidden; 32def Taint : Package<"taint">, InPackage<SecurityAlpha>, Hidden; 33 34def Unix : Package<"unix">; 35def UnixAlpha : Package<"unix">, InPackage<Alpha>, Hidden; 36def CString : Package<"cstring">, InPackage<Unix>, Hidden; 37def CStringAlpha : Package<"cstring">, InPackage<UnixAlpha>, Hidden; 38 39def OSX : Package<"osx">; 40def OSXAlpha : Package<"osx">, InPackage<Alpha>, Hidden; 41def Cocoa : Package<"cocoa">, InPackage<OSX>; 42def CocoaAlpha : Package<"cocoa">, InPackage<OSXAlpha>, Hidden; 43def CoreFoundation : Package<"coreFoundation">, InPackage<OSX>; 44def Containers : Package<"containers">, InPackage<CoreFoundation>; 45 46def LLVM : Package<"llvm">; 47def Debug : Package<"debug">; 48 49//===----------------------------------------------------------------------===// 50// Core Checkers. 51//===----------------------------------------------------------------------===// 52 53let ParentPackage = Core in { 54 55def DereferenceChecker : Checker<"NullDereference">, 56 HelpText<"Check for dereferences of null pointers">, 57 DescFile<"DereferenceChecker.cpp">; 58 59def CallAndMessageChecker : Checker<"CallAndMessage">, 60 HelpText<"Check for logical errors for function calls and Objective-C message expressions (e.g., uninitialized arguments, null function pointers)">, 61 DescFile<"CallAndMessageChecker.cpp">; 62 63def AdjustedReturnValueChecker : Checker<"AdjustedReturnValue">, 64 HelpText<"Check to see if the return value of a function call is different than the caller expects (e.g., from calls through function pointers)">, 65 DescFile<"AdjustedReturnValueChecker.cpp">; 66 67def AttrNonNullChecker : Checker<"AttributeNonNull">, 68 HelpText<"Check for null pointers passed as arguments to a function whose arguments are marked with the 'nonnull' attribute">, 69 DescFile<"AttrNonNullChecker.cpp">; 70 71def VLASizeChecker : Checker<"VLASize">, 72 HelpText<"Check for declarations of VLA of undefined or zero size">, 73 DescFile<"VLASizeChecker.cpp">; 74 75def DivZeroChecker : Checker<"DivideZero">, 76 HelpText<"Check for division by zero">, 77 DescFile<"DivZeroChecker.cpp">; 78 79def UndefResultChecker : Checker<"UndefinedBinaryOperatorResult">, 80 HelpText<"Check for undefined results of binary operators">, 81 DescFile<"UndefResultChecker.cpp">; 82 83def StackAddrEscapeChecker : Checker<"StackAddressEscape">, 84 HelpText<"Check that addresses to stack memory do not escape the function">, 85 DescFile<"StackAddrEscapeChecker.cpp">; 86 87def DynamicTypePropagation : Checker<"DynamicTypePropagation">, 88 HelpText<"Generate dynamic type information">, 89 DescFile<"DynamicTypePropagation.cpp">; 90 91} // end "core" 92 93let ParentPackage = CoreAlpha in { 94 95def BoolAssignmentChecker : Checker<"BoolAssignment">, 96 HelpText<"Warn about assigning non-{0,1} values to Boolean variables">, 97 DescFile<"BoolAssignmentChecker.cpp">; 98 99def CastSizeChecker : Checker<"CastSize">, 100 HelpText<"Check when casting a malloc'ed type T, whether the size is a multiple of the size of T">, 101 DescFile<"CastSizeChecker.cpp">; 102 103def CastToStructChecker : Checker<"CastToStruct">, 104 HelpText<"Check for cast from non-struct pointer to struct pointer">, 105 DescFile<"CastToStructChecker.cpp">; 106 107def FixedAddressChecker : Checker<"FixedAddr">, 108 HelpText<"Check for assignment of a fixed address to a pointer">, 109 DescFile<"FixedAddressChecker.cpp">; 110 111def PointerArithChecker : Checker<"PointerArithm">, 112 HelpText<"Check for pointer arithmetic on locations other than array elements">, 113 DescFile<"PointerArithChecker">; 114 115def PointerSubChecker : Checker<"PointerSub">, 116 HelpText<"Check for pointer subtractions on two pointers pointing to different memory chunks">, 117 DescFile<"PointerSubChecker">; 118 119def SizeofPointerChecker : Checker<"SizeofPtr">, 120 HelpText<"Warn about unintended use of sizeof() on pointer expressions">, 121 DescFile<"CheckSizeofPointer.cpp">; 122 123} // end "core.experimental" 124 125//===----------------------------------------------------------------------===// 126// Evaluate "builtin" functions. 127//===----------------------------------------------------------------------===// 128 129let ParentPackage = CoreBuiltin in { 130 131def NoReturnFunctionChecker : Checker<"NoReturnFunctions">, 132 HelpText<"Evaluate \"panic\" functions that are known to not return to the caller">, 133 DescFile<"NoReturnFunctionChecker.cpp">; 134 135def BuiltinFunctionChecker : Checker<"BuiltinFunctions">, 136 HelpText<"Evaluate compiler builtin functions (e.g., alloca())">, 137 DescFile<"BuiltinFunctionChecker.cpp">; 138 139} // end "core.builtin" 140 141//===----------------------------------------------------------------------===// 142// Uninitialized values checkers. 143//===----------------------------------------------------------------------===// 144 145let ParentPackage = CoreUninitialized in { 146 147def UndefinedArraySubscriptChecker : Checker<"ArraySubscript">, 148 HelpText<"Check for uninitialized values used as array subscripts">, 149 DescFile<"UndefinedArraySubscriptChecker.cpp">; 150 151def UndefinedAssignmentChecker : Checker<"Assign">, 152 HelpText<"Check for assigning uninitialized values">, 153 DescFile<"UndefinedAssignmentChecker.cpp">; 154 155def UndefBranchChecker : Checker<"Branch">, 156 HelpText<"Check for uninitialized values used as branch conditions">, 157 DescFile<"UndefBranchChecker.cpp">; 158 159def UndefCapturedBlockVarChecker : Checker<"CapturedBlockVariable">, 160 HelpText<"Check for blocks that capture uninitialized values">, 161 DescFile<"UndefCapturedBlockVarChecker.cpp">; 162 163def ReturnUndefChecker : Checker<"UndefReturn">, 164 HelpText<"Check for uninitialized values being returned to the caller">, 165 DescFile<"ReturnUndefChecker.cpp">; 166 167} // end "core.uninitialized" 168 169//===----------------------------------------------------------------------===// 170// C++ checkers. 171//===----------------------------------------------------------------------===// 172 173let ParentPackage = CplusplusAlpha in { 174 175def VirtualCallChecker : Checker<"VirtualCall">, 176 HelpText<"Check virtual function calls during construction or destruction">, 177 DescFile<"VirtualCallChecker.cpp">; 178 179} // end: "cplusplus.experimental" 180 181//===----------------------------------------------------------------------===// 182// Deadcode checkers. 183//===----------------------------------------------------------------------===// 184 185let ParentPackage = DeadCode in { 186 187def DeadStoresChecker : Checker<"DeadStores">, 188 HelpText<"Check for values stored to variables that are never read afterwards">, 189 DescFile<"DeadStoresChecker.cpp">; 190} // end DeadCode 191 192let ParentPackage = DeadCodeAlpha in { 193 194def IdempotentOperationChecker : Checker<"IdempotentOperations">, 195 HelpText<"Warn about idempotent operations">, 196 DescFile<"IdempotentOperationChecker.cpp">; 197 198def UnreachableCodeChecker : Checker<"UnreachableCode">, 199 HelpText<"Check unreachable code">, 200 DescFile<"UnreachableCodeChecker.cpp">; 201 202} // end "deadcode.experimental" 203 204//===----------------------------------------------------------------------===// 205// Security checkers. 206//===----------------------------------------------------------------------===// 207 208let ParentPackage = InsecureAPI in { 209 def gets : Checker<"gets">, 210 HelpText<"Warn on uses of the 'gets' function">, 211 DescFile<"CheckSecuritySyntaxOnly.cpp">; 212 def getpw : Checker<"getpw">, 213 HelpText<"Warn on uses of the 'getpw' function">, 214 DescFile<"CheckSecuritySyntaxOnly.cpp">; 215 def mktemp : Checker<"mktemp">, 216 HelpText<"Warn on uses of the 'mktemp' function">, 217 DescFile<"CheckSecuritySyntaxOnly.cpp">; 218 def mkstemp : Checker<"mkstemp">, 219 HelpText<"Warn when 'mkstemp' is passed fewer than 6 X's in the format string">, 220 DescFile<"CheckSecuritySyntaxOnly.cpp">; 221 def rand : Checker<"rand">, 222 HelpText<"Warn on uses of the 'rand', 'random', and related functions">, 223 DescFile<"CheckSecuritySyntaxOnly.cpp">; 224 def strcpy : Checker<"strcpy">, 225 HelpText<"Warn on uses of the 'strcpy' and 'strcat' functions">, 226 DescFile<"CheckSecuritySyntaxOnly.cpp">; 227 def vfork : Checker<"vfork">, 228 HelpText<"Warn on uses of the 'vfork' function">, 229 DescFile<"CheckSecuritySyntaxOnly.cpp">; 230 def UncheckedReturn : Checker<"UncheckedReturn">, 231 HelpText<"Warn on uses of functions whose return values must be always checked">, 232 DescFile<"CheckSecuritySyntaxOnly.cpp">; 233} 234let ParentPackage = Security in { 235 def FloatLoopCounter : Checker<"FloatLoopCounter">, 236 HelpText<"Warn on using a floating point value as a loop counter (CERT: FLP30-C, FLP30-CPP)">, 237 DescFile<"CheckSecuritySyntaxOnly.cpp">; 238} 239 240let ParentPackage = SecurityAlpha in { 241 242def ArrayBoundChecker : Checker<"ArrayBound">, 243 HelpText<"Warn about buffer overflows (older checker)">, 244 DescFile<"ArrayBoundChecker.cpp">; 245 246def ArrayBoundCheckerV2 : Checker<"ArrayBoundV2">, 247 HelpText<"Warn about buffer overflows (newer checker)">, 248 DescFile<"ArrayBoundCheckerV2.cpp">; 249 250def ReturnPointerRangeChecker : Checker<"ReturnPtrRange">, 251 HelpText<"Check for an out-of-bound pointer being returned to callers">, 252 DescFile<"ReturnPointerRangeChecker.cpp">; 253 254def MallocOverflowSecurityChecker : Checker<"MallocOverflow">, 255 HelpText<"Check for overflows in the arguments to malloc()">, 256 DescFile<"MallocOverflowSecurityChecker.cpp">; 257 258} // end "security.experimental" 259 260//===----------------------------------------------------------------------===// 261// Taint checkers. 262//===----------------------------------------------------------------------===// 263 264let ParentPackage = Taint in { 265 266def GenericTaintChecker : Checker<"TaintPropagation">, 267 HelpText<"Generate taint information used by other checkers">, 268 DescFile<"GenericTaintChecker.cpp">; 269 270} // end "experimental.security.taint" 271 272//===----------------------------------------------------------------------===// 273// Unix API checkers. 274//===----------------------------------------------------------------------===// 275 276let ParentPackage = Unix in { 277 278def UnixAPIChecker : Checker<"API">, 279 HelpText<"Check calls to various UNIX/Posix functions">, 280 DescFile<"UnixAPIChecker.cpp">; 281 282def MallocPessimistic : Checker<"Malloc">, 283 HelpText<"Check for memory leaks, double free, and use-after-free problems.">, 284 DescFile<"MallocChecker.cpp">; 285 286def MallocSizeofChecker : Checker<"MallocSizeof">, 287 HelpText<"Check for dubious malloc arguments involving sizeof">, 288 DescFile<"MallocSizeofChecker.cpp">; 289 290} // end "unix" 291 292let ParentPackage = UnixAlpha in { 293 294def ChrootChecker : Checker<"Chroot">, 295 HelpText<"Check improper use of chroot">, 296 DescFile<"ChrootChecker.cpp">; 297 298def MallocOptimistic : Checker<"MallocWithAnnotations">, 299 HelpText<"Check for memory leaks, double free, and use-after-free problems. Assumes that all user-defined functions which might free a pointer are annotated.">, 300 DescFile<"MallocChecker.cpp">; 301 302def PthreadLockChecker : Checker<"PthreadLock">, 303 HelpText<"Simple lock -> unlock checker">, 304 DescFile<"PthreadLockChecker.cpp">; 305 306def StreamChecker : Checker<"Stream">, 307 HelpText<"Check stream handling functions">, 308 DescFile<"StreamChecker.cpp">; 309 310} // end "unix.experimental" 311 312let ParentPackage = CString in { 313 314def CStringNullArg : Checker<"NullArg">, 315 HelpText<"Check for null pointers being passed as arguments to C string functions">, 316 DescFile<"CStringChecker.cpp">; 317 318def CStringSyntaxChecker : Checker<"BadSizeArg">, 319 HelpText<"Check the size argument passed into C string functions for common erroneous patterns">, 320 DescFile<"CStringSyntaxChecker.cpp">; 321} 322 323let ParentPackage = CStringAlpha in { 324 325def CStringOutOfBounds : Checker<"OutOfBounds">, 326 HelpText<"Check for out-of-bounds access in string functions">, 327 DescFile<"CStringChecker.cpp">; 328 329def CStringBufferOverlap : Checker<"BufferOverlap">, 330 HelpText<"Checks for overlap in two buffer arguments">, 331 DescFile<"CStringChecker.cpp">; 332 333def CStringNotNullTerm : Checker<"NotNullTerminated">, 334 HelpText<"Check for arguments which are not null-terminating strings">, 335 DescFile<"CStringChecker.cpp">; 336} 337 338//===----------------------------------------------------------------------===// 339// Mac OS X, Cocoa, and Core Foundation checkers. 340//===----------------------------------------------------------------------===// 341 342let ParentPackage = OSX in { 343 344def MacOSXAPIChecker : Checker<"API">, 345 InPackage<OSX>, 346 HelpText<"Check for proper uses of various Mac OS X APIs">, 347 DescFile<"MacOSXAPIChecker.cpp">; 348 349def OSAtomicChecker : Checker<"AtomicCAS">, 350 InPackage<OSX>, 351 HelpText<"Evaluate calls to OSAtomic functions">, 352 DescFile<"OSAtomicChecker.cpp">; 353 354def MacOSKeychainAPIChecker : Checker<"SecKeychainAPI">, 355 InPackage<OSX>, 356 HelpText<"Check for proper uses of Secure Keychain APIs">, 357 DescFile<"MacOSKeychainAPIChecker.cpp">; 358 359} // end "macosx" 360 361let ParentPackage = Cocoa in { 362 363def ObjCAtSyncChecker : Checker<"AtSync">, 364 HelpText<"Check for nil pointers used as mutexes for @synchronized">, 365 DescFile<"ObjCAtSyncChecker.cpp">; 366 367def NilArgChecker : Checker<"NilArg">, 368 HelpText<"Check for prohibited nil arguments to ObjC method calls">, 369 DescFile<"BasicObjCFoundationChecks.cpp">; 370 371def ClassReleaseChecker : Checker<"ClassRelease">, 372 HelpText<"Check for sending 'retain', 'release', or 'autorelease' directly to a Class">, 373 DescFile<"BasicObjCFoundationChecks.cpp">; 374 375def VariadicMethodTypeChecker : Checker<"VariadicMethodTypes">, 376 HelpText<"Check for passing non-Objective-C types to variadic collection " 377 "initialization methods that expect only Objective-C types">, 378 DescFile<"BasicObjCFoundationChecks.cpp">; 379 380def NSAutoreleasePoolChecker : Checker<"NSAutoreleasePool">, 381 HelpText<"Warn for suboptimal uses of NSAutoreleasePool in Objective-C GC mode">, 382 DescFile<"NSAutoreleasePoolChecker.cpp">; 383 384def ObjCMethSigsChecker : Checker<"IncompatibleMethodTypes">, 385 HelpText<"Warn about Objective-C method signatures with type incompatibilities">, 386 DescFile<"CheckObjCInstMethSignature.cpp">; 387 388def ObjCUnusedIvarsChecker : Checker<"UnusedIvars">, 389 HelpText<"Warn about private ivars that are never used">, 390 DescFile<"ObjCUnusedIVarsChecker.cpp">; 391 392def ObjCSelfInitChecker : Checker<"SelfInit">, 393 HelpText<"Check that 'self' is properly initialized inside an initializer method">, 394 DescFile<"ObjCSelfInitChecker.cpp">; 395 396def ObjCLoopChecker : Checker<"Loops">, 397 HelpText<"Improved modeling of loops using Cocoa collection types">, 398 DescFile<"BasicObjCFoundationChecks.cpp">; 399 400def ObjCNonNilReturnValueChecker : Checker<"NonNilReturnValue">, 401 HelpText<"Model the APIs that are guaranteed to return a non-nil value">, 402 DescFile<"BasicObjCFoundationChecks.cpp">; 403 404def NSErrorChecker : Checker<"NSError">, 405 HelpText<"Check usage of NSError** parameters">, 406 DescFile<"NSErrorChecker.cpp">; 407 408def RetainCountChecker : Checker<"RetainCount">, 409 HelpText<"Check for leaks and improper reference count management">, 410 DescFile<"RetainCountChecker.cpp">; 411 412} // end "osx.cocoa" 413 414let ParentPackage = CocoaAlpha in { 415 416def ObjCDeallocChecker : Checker<"Dealloc">, 417 HelpText<"Warn about Objective-C classes that lack a correct implementation of -dealloc">, 418 DescFile<"CheckObjCDealloc.cpp">; 419 420} // end "cocoa.alpha" 421 422let ParentPackage = CoreFoundation in { 423 424def CFNumberCreateChecker : Checker<"CFNumber">, 425 HelpText<"Check for proper uses of CFNumberCreate">, 426 DescFile<"BasicObjCFoundationChecks.cpp">; 427 428def CFRetainReleaseChecker : Checker<"CFRetainRelease">, 429 HelpText<"Check for null arguments to CFRetain/CFRelease">, 430 DescFile<"BasicObjCFoundationChecks.cpp">; 431 432def CFErrorChecker : Checker<"CFError">, 433 HelpText<"Check usage of CFErrorRef* parameters">, 434 DescFile<"NSErrorChecker.cpp">; 435} 436 437let ParentPackage = Containers in { 438def ObjCContainersASTChecker : Checker<"PointerSizedValues">, 439 HelpText<"Warns if 'CFArray', 'CFDictionary', 'CFSet' are created with non-pointer-size values">, 440 DescFile<"ObjCContainersASTChecker.cpp">; 441 442def ObjCContainersChecker : Checker<"OutOfBounds">, 443 HelpText<"Checks for index out-of-bounds when using 'CFArray' API">, 444 DescFile<"ObjCContainersChecker.cpp">; 445 446} 447//===----------------------------------------------------------------------===// 448// Checkers for LLVM development. 449//===----------------------------------------------------------------------===// 450 451def LLVMConventionsChecker : Checker<"Conventions">, 452 InPackage<LLVM>, 453 HelpText<"Check code for LLVM codebase conventions">, 454 DescFile<"LLVMConventionsChecker.cpp">; 455 456//===----------------------------------------------------------------------===// 457// Debugging checkers (for analyzer development). 458//===----------------------------------------------------------------------===// 459 460let ParentPackage = Debug in { 461 462def DominatorsTreeDumper : Checker<"DumpDominators">, 463 HelpText<"Print the dominance tree for a given CFG">, 464 DescFile<"DebugCheckers.cpp">; 465 466def LiveVariablesDumper : Checker<"DumpLiveVars">, 467 HelpText<"Print results of live variable analysis">, 468 DescFile<"DebugCheckers.cpp">; 469 470def CFGViewer : Checker<"ViewCFG">, 471 HelpText<"View Control-Flow Graphs using GraphViz">, 472 DescFile<"DebugCheckers.cpp">; 473 474def CFGDumper : Checker<"DumpCFG">, 475 HelpText<"Display Control-Flow Graphs">, 476 DescFile<"DebugCheckers.cpp">; 477 478def CallGraphViewer : Checker<"ViewCallGraph">, 479 HelpText<"View Call Graph using GraphViz">, 480 DescFile<"DebugCheckers.cpp">; 481 482def CallGraphDumper : Checker<"DumpCallGraph">, 483 HelpText<"Display Call Graph">, 484 DescFile<"DebugCheckers.cpp">; 485 486def TraversalDumper : Checker<"DumpTraversal">, 487 HelpText<"Print branch conditions as they are traversed by the engine">, 488 DescFile<"TraversalChecker.cpp">; 489 490def CallDumper : Checker<"DumpCalls">, 491 HelpText<"Print calls as they are traversed by the engine">, 492 DescFile<"TraversalChecker.cpp">; 493 494def AnalyzerStatsChecker : Checker<"Stats">, 495 HelpText<"Emit warnings with analyzer statistics">, 496 DescFile<"AnalyzerStatsChecker.cpp">; 497 498def TaintTesterChecker : Checker<"TaintTest">, 499 HelpText<"Mark tainted symbols as such.">, 500 DescFile<"TaintTesterChecker.cpp">; 501 502def ExprInspectionChecker : Checker<"ExprInspection">, 503 HelpText<"Check the analyzer's understanding of expressions">, 504 DescFile<"ExprInspectionChecker.cpp">; 505 506} // end "debug" 507 508