Checkers.td revision cbd273387a61409f179fcfe8460a8733fcf8f872
1//===--- Checkers.td - Static Analyzer Checkers -===-----------------------===// 2// 3// The LLVM Compiler Infrastructure 4// 5// This file is distributed under the University of Illinois Open Source 6// License. See LICENSE.TXT for details. 7// 8//===----------------------------------------------------------------------===// 9 10include "clang/StaticAnalyzer/Checkers/CheckerBase.td" 11 12//===----------------------------------------------------------------------===// 13// Packages. 14//===----------------------------------------------------------------------===// 15 16def Experimental : Package<"experimental">; 17 18def Core : Package<"core">; 19def CoreBuiltin : Package<"builtin">, InPackage<Core>; 20def CoreUninitialized : Package<"uninitialized">, InPackage<Core>; 21def CoreExperimental : Package<"core">, InPackage<Experimental>, Hidden; 22 23def Cplusplus : Package<"cplusplus">; 24def CplusplusExperimental : Package<"cplusplus">, InPackage<Experimental>, Hidden; 25 26def DeadCode : Package<"deadcode">; 27def DeadCodeExperimental : Package<"deadcode">, InPackage<Experimental>, Hidden; 28 29def Security : Package <"security">; 30def InsecureAPI : Package<"insecureAPI">, InPackage<Security>; 31def SecurityExperimental : Package<"security">, InPackage<Experimental>, Hidden; 32def Taint : Package<"taint">, InPackage<SecurityExperimental>, Hidden; 33 34def Unix : Package<"unix">; 35def UnixExperimental : Package<"unix">, InPackage<Experimental>, Hidden; 36 37def OSX : Package<"osx">; 38def OSXExperimental : Package<"osx">, InPackage<Experimental>, Hidden; 39def Cocoa : Package<"cocoa">, InPackage<OSX>; 40def CocoaExperimental : Package<"cocoa">, InPackage<OSXExperimental>, Hidden; 41def CoreFoundation : Package<"coreFoundation">, InPackage<OSX>; 42 43def LLVM : Package<"llvm">; 44def Debug : Package<"debug">; 45 46//===----------------------------------------------------------------------===// 47// Core Checkers. 48//===----------------------------------------------------------------------===// 49 50let ParentPackage = Core in { 51 52def DereferenceChecker : Checker<"NullDereference">, 53 HelpText<"Check for dereferences of null pointers">, 54 DescFile<"DereferenceChecker.cpp">; 55 56def CallAndMessageChecker : Checker<"CallAndMessage">, 57 HelpText<"Check for logical errors for function calls and Objective-C message expressions (e.g., uninitialized arguments, null function pointers)">, 58 DescFile<"CallAndMessageChecker.cpp">; 59 60def AdjustedReturnValueChecker : Checker<"AdjustedReturnValue">, 61 HelpText<"Check to see if the return value of a function call is different than the caller expects (e.g., from calls through function pointers)">, 62 DescFile<"AdjustedReturnValueChecker.cpp">; 63 64def AttrNonNullChecker : Checker<"AttributeNonNull">, 65 HelpText<"Check for null pointers passed as arguments to a function whose arguments are marked with the 'nonnull' attribute">, 66 DescFile<"AttrNonNullChecker.cpp">; 67 68def VLASizeChecker : Checker<"VLASize">, 69 HelpText<"Check for declarations of VLA of undefined or zero size">, 70 DescFile<"VLASizeChecker.cpp">; 71 72def DivZeroChecker : Checker<"DivideZero">, 73 HelpText<"Check for division by zero">, 74 DescFile<"DivZeroChecker.cpp">; 75 76def UndefResultChecker : Checker<"UndefinedBinaryOperatorResult">, 77 HelpText<"Check for undefined results of binary operators">, 78 DescFile<"UndefResultChecker.cpp">; 79 80def StackAddrEscapeChecker : Checker<"StackAddressEscape">, 81 HelpText<"Check that addresses to stack memory do not escape the function">, 82 DescFile<"StackAddrEscapeChecker.cpp">; 83 84} // end "core" 85 86let ParentPackage = CoreExperimental in { 87 88def CastSizeChecker : Checker<"CastSize">, 89 HelpText<"Check when casting a malloc'ed type T, whether the size is a multiple of the size of T">, 90 DescFile<"CastSizeChecker.cpp">; 91 92def CastToStructChecker : Checker<"CastToStruct">, 93 HelpText<"Check for cast from non-struct pointer to struct pointer">, 94 DescFile<"CastToStructChecker.cpp">; 95 96def FixedAddressChecker : Checker<"FixedAddr">, 97 HelpText<"Check for assignment of a fixed address to a pointer">, 98 DescFile<"FixedAddressChecker.cpp">; 99 100def PointerArithChecker : Checker<"PointerArithm">, 101 HelpText<"Check for pointer arithmetic on locations other than array elements">, 102 DescFile<"PointerArithChecker">; 103 104def PointerSubChecker : Checker<"PointerSub">, 105 HelpText<"Check for pointer subtractions on two pointers pointing to different memory chunks">, 106 DescFile<"PointerSubChecker">; 107 108def SizeofPointerChecker : Checker<"SizeofPtr">, 109 HelpText<"Warn about unintended use of sizeof() on pointer expressions">, 110 DescFile<"CheckSizeofPointer.cpp">; 111 112} // end "core.experimental" 113 114//===----------------------------------------------------------------------===// 115// Evaluate "builtin" functions. 116//===----------------------------------------------------------------------===// 117 118let ParentPackage = CoreBuiltin in { 119 120def NoReturnFunctionChecker : Checker<"NoReturnFunctions">, 121 HelpText<"Evaluate \"panic\" functions that are known to not return to the caller">, 122 DescFile<"NoReturnFunctionChecker.cpp">; 123 124def BuiltinFunctionChecker : Checker<"BuiltinFunctions">, 125 HelpText<"Evaluate compiler builtin functions (e.g., alloca())">, 126 DescFile<"BuiltinFunctionChecker.cpp">; 127 128} // end "core.builtin" 129 130//===----------------------------------------------------------------------===// 131// Uninitialized values checkers. 132//===----------------------------------------------------------------------===// 133 134let ParentPackage = CoreUninitialized in { 135 136def UndefinedArraySubscriptChecker : Checker<"ArraySubscript">, 137 HelpText<"Check for uninitialized values used as array subscripts">, 138 DescFile<"UndefinedArraySubscriptChecker.cpp">; 139 140def UndefinedAssignmentChecker : Checker<"Assign">, 141 HelpText<"Check for assigning uninitialized values">, 142 DescFile<"UndefinedAssignmentChecker.cpp">; 143 144def UndefBranchChecker : Checker<"Branch">, 145 HelpText<"Check for uninitialized values used as branch conditions">, 146 DescFile<"UndefBranchChecker.cpp">; 147 148def UndefCapturedBlockVarChecker : Checker<"CapturedBlockVariable">, 149 HelpText<"Check for blocks that capture uninitialized values">, 150 DescFile<"UndefCapturedBlockVarChecker.cpp">; 151 152def ReturnUndefChecker : Checker<"UndefReturn">, 153 HelpText<"Check for uninitialized values being returned to the caller">, 154 DescFile<"ReturnUndefChecker.cpp">; 155 156} // end "core.uninitialized" 157 158//===----------------------------------------------------------------------===// 159// C++ checkers. 160//===----------------------------------------------------------------------===// 161 162let ParentPackage = CplusplusExperimental in { 163 164def IteratorsChecker : Checker<"Iterators">, 165 HelpText<"Check improper uses of STL vector iterators">, 166 DescFile<"IteratorsChecker.cpp">; 167 168def VirtualCallChecker : Checker<"VirtualCall">, 169 HelpText<"Check virtual function calls during construction or destruction">, 170 DescFile<"VirtualCallChecker.cpp">; 171 172} // end: "cplusplus.experimental" 173 174//===----------------------------------------------------------------------===// 175// Deadcode checkers. 176//===----------------------------------------------------------------------===// 177 178let ParentPackage = DeadCode in { 179 180def DeadStoresChecker : Checker<"DeadStores">, 181 HelpText<"Check for values stored to variables that are never read afterwards">, 182 DescFile<"DeadStoresChecker.cpp">; 183} // end DeadCode 184 185let ParentPackage = DeadCodeExperimental in { 186 187def IdempotentOperationChecker : Checker<"IdempotentOperations">, 188 HelpText<"Warn about idempotent operations">, 189 DescFile<"IdempotentOperationChecker.cpp">; 190 191def UnreachableCodeChecker : Checker<"UnreachableCode">, 192 HelpText<"Check unreachable code">, 193 DescFile<"UnreachableCodeChecker.cpp">; 194 195} // end "deadcode.experimental" 196 197//===----------------------------------------------------------------------===// 198// Security checkers. 199//===----------------------------------------------------------------------===// 200 201let ParentPackage = InsecureAPI in { 202 def gets : Checker<"gets">, 203 HelpText<"Warn on uses of the 'gets' function">, 204 DescFile<"CheckSecuritySyntaxOnly.cpp">; 205 def getpw : Checker<"getpw">, 206 HelpText<"Warn on uses of the 'getpw' function">, 207 DescFile<"CheckSecuritySyntaxOnly.cpp">; 208 def mktemp : Checker<"mktemp">, 209 HelpText<"Warn on uses of the 'mktemp' function">, 210 DescFile<"CheckSecuritySyntaxOnly.cpp">; 211 def mkstemp : Checker<"mkstemp">, 212 HelpText<"Warn when 'mkstemp' is passed fewer than 6 X's in the format string">, 213 DescFile<"CheckSecuritySyntaxOnly.cpp">; 214 def rand : Checker<"rand">, 215 HelpText<"Warn on uses of the 'rand', 'random', and related functions">, 216 DescFile<"CheckSecuritySyntaxOnly.cpp">; 217 def strcpy : Checker<"strcpy">, 218 HelpText<"Warn on uses of the 'strcpy' and 'strcat' functions">, 219 DescFile<"CheckSecuritySyntaxOnly.cpp">; 220 def vfork : Checker<"vfork">, 221 HelpText<"Warn on uses of the 'vfork' function">, 222 DescFile<"CheckSecuritySyntaxOnly.cpp">; 223 def UncheckedReturn : Checker<"UncheckedReturn">, 224 HelpText<"Warn on uses of functions whose return values must be always checked">, 225 DescFile<"CheckSecuritySyntaxOnly.cpp">; 226} 227let ParentPackage = Security in { 228 def FloatLoopCounter : Checker<"FloatLoopCounter">, 229 HelpText<"Warn on using a floating point value as a loop counter (CERT: FLP30-C, FLP30-CPP)">, 230 DescFile<"CheckSecuritySyntaxOnly.cpp">; 231} 232 233let ParentPackage = SecurityExperimental in { 234 235def ArrayBoundChecker : Checker<"ArrayBound">, 236 HelpText<"Warn about buffer overflows (older checker)">, 237 DescFile<"ArrayBoundChecker.cpp">; 238 239def ArrayBoundCheckerV2 : Checker<"ArrayBoundV2">, 240 HelpText<"Warn about buffer overflows (newer checker)">, 241 DescFile<"ArrayBoundCheckerV2.cpp">; 242 243def ReturnPointerRangeChecker : Checker<"ReturnPtrRange">, 244 HelpText<"Check for an out-of-bound pointer being returned to callers">, 245 DescFile<"ReturnPointerRangeChecker.cpp">; 246 247def MallocOverflowSecurityChecker : Checker<"MallocOverflow">, 248 HelpText<"Check for overflows in the arguments to malloc()">, 249 DescFile<"MallocOverflowSecurityChecker.cpp">; 250 251} // end "security.experimental" 252 253//===----------------------------------------------------------------------===// 254// Taint checkers. 255//===----------------------------------------------------------------------===// 256 257let ParentPackage = Taint in { 258 259def GenericTaintChecker : Checker<"TaintPropagation">, 260 HelpText<"Generate taint information used by other checkers">, 261 DescFile<"GenericTaintChecker.cpp">; 262 263} // end "experimental.security.taint" 264 265//===----------------------------------------------------------------------===// 266// Unix API checkers. 267//===----------------------------------------------------------------------===// 268 269let ParentPackage = Unix in { 270 271def UnixAPIChecker : Checker<"API">, 272 HelpText<"Check calls to various UNIX/Posix functions">, 273 DescFile<"UnixAPIChecker.cpp">; 274 275} // end "unix" 276 277let ParentPackage = UnixExperimental in { 278 279def ChrootChecker : Checker<"Chroot">, 280 HelpText<"Check improper use of chroot">, 281 DescFile<"ChrootChecker.cpp">; 282 283def CStringChecker : Checker<"CString">, 284 HelpText<"Check calls to functions in <string.h>">, 285 DescFile<"CStringChecker.cpp">; 286 287def MallocChecker : Checker<"Malloc">, 288 HelpText<"Check for potential memory leaks, double free, and use-after-free problems">, 289 DescFile<"MallocChecker.cpp">; 290 291def MallocSizeofChecker : Checker<"MallocSizeof">, 292 HelpText<"Check for dubious malloc arguments involving sizeof">, 293 DescFile<"MallocSizeofChecker.cpp">; 294 295def PthreadLockChecker : Checker<"PthreadLock">, 296 HelpText<"Simple lock -> unlock checker">, 297 DescFile<"PthreadLockChecker.cpp">; 298 299def StreamChecker : Checker<"Stream">, 300 HelpText<"Check stream handling functions">, 301 DescFile<"StreamChecker.cpp">; 302 303} // end "unix.experimental" 304 305//===----------------------------------------------------------------------===// 306// Mac OS X, Cocoa, and Core Foundation checkers. 307//===----------------------------------------------------------------------===// 308 309let ParentPackage = OSX in { 310 311def MacOSXAPIChecker : Checker<"API">, 312 InPackage<OSX>, 313 HelpText<"Check for proper uses of various Mac OS X APIs">, 314 DescFile<"MacOSXAPIChecker.cpp">; 315 316def OSAtomicChecker : Checker<"AtomicCAS">, 317 InPackage<OSX>, 318 HelpText<"Evaluate calls to OSAtomic functions">, 319 DescFile<"OSAtomicChecker.cpp">; 320 321def MacOSKeychainAPIChecker : Checker<"SecKeychainAPI">, 322 InPackage<OSX>, 323 HelpText<"Check for proper uses of Secure Keychain APIs">, 324 DescFile<"MacOSKeychainAPIChecker.cpp">; 325 326} // end "macosx" 327 328let ParentPackage = Cocoa in { 329 330def ObjCAtSyncChecker : Checker<"AtSync">, 331 HelpText<"Check for null pointers used as mutexes for @synchronized">, 332 DescFile<"ObjCAtSyncChecker.cpp">; 333 334def NilArgChecker : Checker<"NilArg">, 335 HelpText<"Check for prohibited nil arguments to ObjC method calls">, 336 DescFile<"BasicObjCFoundationChecks.cpp">; 337 338def ClassReleaseChecker : Checker<"ClassRelease">, 339 HelpText<"Check for sending 'retain', 'release', or 'autorelease' directly to a Class">, 340 DescFile<"BasicObjCFoundationChecks.cpp">; 341 342def VariadicMethodTypeChecker : Checker<"VariadicMethodTypes">, 343 HelpText<"Check for passing non-Objective-C types to variadic methods that expect " 344 "only Objective-C types">, 345 DescFile<"BasicObjCFoundationChecks.cpp">; 346 347def NSAutoreleasePoolChecker : Checker<"NSAutoreleasePool">, 348 HelpText<"Warn for suboptimal uses of NSAutoreleasePool in Objective-C GC mode">, 349 DescFile<"NSAutoreleasePoolChecker.cpp">; 350 351def ObjCMethSigsChecker : Checker<"IncompatibleMethodTypes">, 352 HelpText<"Warn about Objective-C method signatures with type incompatibilities">, 353 DescFile<"CheckObjCInstMethSignature.cpp">; 354 355def ObjCUnusedIvarsChecker : Checker<"UnusedIvars">, 356 HelpText<"Warn about private ivars that are never used">, 357 DescFile<"ObjCUnusedIVarsChecker.cpp">; 358 359def NSErrorChecker : Checker<"NSError">, 360 HelpText<"Check usage of NSError** parameters">, 361 DescFile<"NSErrorChecker.cpp">; 362 363def RetainCountChecker : Checker<"RetainCount">, 364 HelpText<"Check for leaks and improper reference count management">, 365 DescFile<"RetainCountChecker.cpp">; 366 367} // end "cocoa" 368 369let ParentPackage = CocoaExperimental in { 370 371def ObjCContainersASTChecker : Checker<"ContainerAPI">, 372 HelpText<"Check for common pitfalls when using 'CFArray', 'CFDictionary', 'CFSet' APIs">, 373 DescFile<"ObjCContainersASTChecker.cpp">; 374 375def ObjCSelfInitChecker : Checker<"SelfInit">, 376 HelpText<"Check that 'self' is properly initialized inside an initializer method">, 377 DescFile<"ObjCSelfInitChecker.cpp">; 378 379def ObjCDeallocChecker : Checker<"Dealloc">, 380 HelpText<"Warn about Objective-C classes that lack a correct implementation of -dealloc">, 381 DescFile<"CheckObjCDealloc.cpp">; 382 383} // end "cocoa.experimental" 384 385let ParentPackage = CoreFoundation in { 386 387def CFNumberCreateChecker : Checker<"CFNumber">, 388 HelpText<"Check for proper uses of CFNumberCreate">, 389 DescFile<"BasicObjCFoundationChecks.cpp">; 390 391def CFRetainReleaseChecker : Checker<"CFRetainRelease">, 392 HelpText<"Check for null arguments to CFRetain/CFRelease">, 393 DescFile<"BasicObjCFoundationChecks.cpp">; 394 395def CFErrorChecker : Checker<"CFError">, 396 HelpText<"Check usage of CFErrorRef* parameters">, 397 DescFile<"NSErrorChecker.cpp">; 398} 399 400//===----------------------------------------------------------------------===// 401// Checkers for LLVM development. 402//===----------------------------------------------------------------------===// 403 404def LLVMConventionsChecker : Checker<"Conventions">, 405 InPackage<LLVM>, 406 HelpText<"Check code for LLVM codebase conventions">, 407 DescFile<"LLVMConventionsChecker.cpp">; 408 409//===----------------------------------------------------------------------===// 410// Debugging checkers (for analyzer development). 411//===----------------------------------------------------------------------===// 412 413let ParentPackage = Debug in { 414 415def DominatorsTreeDumper : Checker<"DumpDominators">, 416 HelpText<"Print the dominance tree for a given CFG">, 417 DescFile<"DebugCheckers.cpp">; 418 419def LiveVariablesDumper : Checker<"DumpLiveVars">, 420 HelpText<"Print results of live variable analysis">, 421 DescFile<"DebugCheckers.cpp">; 422 423def CFGViewer : Checker<"ViewCFG">, 424 HelpText<"View Control-Flow Graphs using GraphViz">, 425 DescFile<"DebugCheckers.cpp">; 426 427def CFGDumper : Checker<"DumpCFG">, 428 HelpText<"Display Control-Flow Graphs">, 429 DescFile<"DebugCheckers.cpp">; 430 431def AnalyzerStatsChecker : Checker<"Stats">, 432 HelpText<"Emit warnings with analyzer statistics">, 433 DescFile<"AnalyzerStatsChecker.cpp">; 434 435def TaintTesterChecker : Checker<"TaintTest">, 436 HelpText<"Mark tainted symbols as such.">, 437 DescFile<"TaintTesterChecker.cpp">; 438 439} // end "debug" 440 441