Checkers.td revision e85deb356f5d2d2172b7ef70314bc9cfc742a936
1//===--- Checkers.td - Static Analyzer Checkers -===-----------------------===// 2// 3// The LLVM Compiler Infrastructure 4// 5// This file is distributed under the University of Illinois Open Source 6// License. See LICENSE.TXT for details. 7// 8//===----------------------------------------------------------------------===// 9 10include "clang/StaticAnalyzer/Checkers/CheckerBase.td" 11 12//===----------------------------------------------------------------------===// 13// Packages. 14//===----------------------------------------------------------------------===// 15 16def Alpha : Package<"alpha">; 17 18def Core : Package<"core">; 19def CoreBuiltin : Package<"builtin">, InPackage<Core>; 20def CoreUninitialized : Package<"uninitialized">, InPackage<Core>; 21def CoreAlpha : Package<"core">, InPackage<Alpha>, Hidden; 22 23def Cplusplus : Package<"cplusplus">; 24def CplusplusAlpha : Package<"cplusplus">, InPackage<Alpha>, Hidden; 25 26def DeadCode : Package<"deadcode">; 27def DeadCodeAlpha : Package<"deadcode">, InPackage<Alpha>, Hidden; 28 29def Security : Package <"security">; 30def InsecureAPI : Package<"insecureAPI">, InPackage<Security>; 31def SecurityAlpha : Package<"security">, InPackage<Alpha>, Hidden; 32def Taint : Package<"taint">, InPackage<SecurityAlpha>, Hidden; 33 34def Unix : Package<"unix">; 35def UnixAlpha : Package<"unix">, InPackage<Alpha>, Hidden; 36def CString : Package<"cstring">, InPackage<Unix>, Hidden; 37def CStringAlpha : Package<"cstring">, InPackage<UnixAlpha>, Hidden; 38 39def OSX : Package<"osx">; 40def OSXAlpha : Package<"osx">, InPackage<Alpha>, Hidden; 41def Cocoa : Package<"cocoa">, InPackage<OSX>; 42def CocoaAlpha : Package<"cocoa">, InPackage<OSXAlpha>, Hidden; 43def CoreFoundation : Package<"coreFoundation">, InPackage<OSX>; 44def Containers : Package<"containers">, InPackage<CoreFoundation>; 45 46def LLVM : Package<"llvm">; 47def Debug : Package<"debug">; 48 49//===----------------------------------------------------------------------===// 50// Core Checkers. 51//===----------------------------------------------------------------------===// 52 53let ParentPackage = Core in { 54 55def DereferenceChecker : Checker<"NullDereference">, 56 HelpText<"Check for dereferences of null pointers">, 57 DescFile<"DereferenceChecker.cpp">; 58 59def CallAndMessageChecker : Checker<"CallAndMessage">, 60 HelpText<"Check for logical errors for function calls and Objective-C message expressions (e.g., uninitialized arguments, null function pointers)">, 61 DescFile<"CallAndMessageChecker.cpp">; 62 63def NonNullParamChecker : Checker<"NonNullParamChecker">, 64 HelpText<"Check for null pointers passed as arguments to a function whose arguments are references or marked with the 'nonnull' attribute">, 65 DescFile<"NonNullParamChecker.cpp">; 66 67def VLASizeChecker : Checker<"VLASize">, 68 HelpText<"Check for declarations of VLA of undefined or zero size">, 69 DescFile<"VLASizeChecker.cpp">; 70 71def DivZeroChecker : Checker<"DivideZero">, 72 HelpText<"Check for division by zero">, 73 DescFile<"DivZeroChecker.cpp">; 74 75def UndefResultChecker : Checker<"UndefinedBinaryOperatorResult">, 76 HelpText<"Check for undefined results of binary operators">, 77 DescFile<"UndefResultChecker.cpp">; 78 79def StackAddrEscapeChecker : Checker<"StackAddressEscape">, 80 HelpText<"Check that addresses to stack memory do not escape the function">, 81 DescFile<"StackAddrEscapeChecker.cpp">; 82 83def DynamicTypePropagation : Checker<"DynamicTypePropagation">, 84 HelpText<"Generate dynamic type information">, 85 DescFile<"DynamicTypePropagation.cpp">; 86 87} // end "core" 88 89let ParentPackage = CoreAlpha in { 90 91def BoolAssignmentChecker : Checker<"BoolAssignment">, 92 HelpText<"Warn about assigning non-{0,1} values to Boolean variables">, 93 DescFile<"BoolAssignmentChecker.cpp">; 94 95def CastSizeChecker : Checker<"CastSize">, 96 HelpText<"Check when casting a malloc'ed type T, whether the size is a multiple of the size of T">, 97 DescFile<"CastSizeChecker.cpp">; 98 99def CastToStructChecker : Checker<"CastToStruct">, 100 HelpText<"Check for cast from non-struct pointer to struct pointer">, 101 DescFile<"CastToStructChecker.cpp">; 102 103def FixedAddressChecker : Checker<"FixedAddr">, 104 HelpText<"Check for assignment of a fixed address to a pointer">, 105 DescFile<"FixedAddressChecker.cpp">; 106 107def PointerArithChecker : Checker<"PointerArithm">, 108 HelpText<"Check for pointer arithmetic on locations other than array elements">, 109 DescFile<"PointerArithChecker">; 110 111def PointerSubChecker : Checker<"PointerSub">, 112 HelpText<"Check for pointer subtractions on two pointers pointing to different memory chunks">, 113 DescFile<"PointerSubChecker">; 114 115def SizeofPointerChecker : Checker<"SizeofPtr">, 116 HelpText<"Warn about unintended use of sizeof() on pointer expressions">, 117 DescFile<"CheckSizeofPointer.cpp">; 118 119} // end "alpha.core" 120 121//===----------------------------------------------------------------------===// 122// Evaluate "builtin" functions. 123//===----------------------------------------------------------------------===// 124 125let ParentPackage = CoreBuiltin in { 126 127def NoReturnFunctionChecker : Checker<"NoReturnFunctions">, 128 HelpText<"Evaluate \"panic\" functions that are known to not return to the caller">, 129 DescFile<"NoReturnFunctionChecker.cpp">; 130 131def BuiltinFunctionChecker : Checker<"BuiltinFunctions">, 132 HelpText<"Evaluate compiler builtin functions (e.g., alloca())">, 133 DescFile<"BuiltinFunctionChecker.cpp">; 134 135} // end "core.builtin" 136 137//===----------------------------------------------------------------------===// 138// Uninitialized values checkers. 139//===----------------------------------------------------------------------===// 140 141let ParentPackage = CoreUninitialized in { 142 143def UndefinedArraySubscriptChecker : Checker<"ArraySubscript">, 144 HelpText<"Check for uninitialized values used as array subscripts">, 145 DescFile<"UndefinedArraySubscriptChecker.cpp">; 146 147def UndefinedAssignmentChecker : Checker<"Assign">, 148 HelpText<"Check for assigning uninitialized values">, 149 DescFile<"UndefinedAssignmentChecker.cpp">; 150 151def UndefBranchChecker : Checker<"Branch">, 152 HelpText<"Check for uninitialized values used as branch conditions">, 153 DescFile<"UndefBranchChecker.cpp">; 154 155def UndefCapturedBlockVarChecker : Checker<"CapturedBlockVariable">, 156 HelpText<"Check for blocks that capture uninitialized values">, 157 DescFile<"UndefCapturedBlockVarChecker.cpp">; 158 159def ReturnUndefChecker : Checker<"UndefReturn">, 160 HelpText<"Check for uninitialized values being returned to the caller">, 161 DescFile<"ReturnUndefChecker.cpp">; 162 163} // end "core.uninitialized" 164 165//===----------------------------------------------------------------------===// 166// C++ checkers. 167//===----------------------------------------------------------------------===// 168 169let ParentPackage = Cplusplus in { 170} // end: "cplusplus" 171 172let ParentPackage = CplusplusAlpha in { 173 174def VirtualCallChecker : Checker<"VirtualCall">, 175 HelpText<"Check virtual function calls during construction or destruction">, 176 DescFile<"VirtualCallChecker.cpp">; 177 178def NewDeleteChecker : Checker<"NewDelete">, 179 HelpText<"Check for double-free and use-after-free problems. Traces memory managed by new/delete.">, 180 DescFile<"MallocChecker.cpp">; 181 182def NewDeleteLeaksChecker : Checker<"NewDeleteLeaks">, 183 HelpText<"Check for memory leaks. Traces memory managed by new/delete.">, 184 DescFile<"MallocChecker.cpp">; 185 186} // end: "alpha.cplusplus" 187 188//===----------------------------------------------------------------------===// 189// Deadcode checkers. 190//===----------------------------------------------------------------------===// 191 192let ParentPackage = DeadCode in { 193 194def DeadStoresChecker : Checker<"DeadStores">, 195 HelpText<"Check for values stored to variables that are never read afterwards">, 196 DescFile<"DeadStoresChecker.cpp">; 197} // end DeadCode 198 199let ParentPackage = DeadCodeAlpha in { 200 201def IdempotentOperationChecker : Checker<"IdempotentOperations">, 202 HelpText<"Warn about idempotent operations">, 203 DescFile<"IdempotentOperationChecker.cpp">; 204 205def UnreachableCodeChecker : Checker<"UnreachableCode">, 206 HelpText<"Check unreachable code">, 207 DescFile<"UnreachableCodeChecker.cpp">; 208 209} // end "alpha.deadcode" 210 211//===----------------------------------------------------------------------===// 212// Security checkers. 213//===----------------------------------------------------------------------===// 214 215let ParentPackage = InsecureAPI in { 216 def gets : Checker<"gets">, 217 HelpText<"Warn on uses of the 'gets' function">, 218 DescFile<"CheckSecuritySyntaxOnly.cpp">; 219 def getpw : Checker<"getpw">, 220 HelpText<"Warn on uses of the 'getpw' function">, 221 DescFile<"CheckSecuritySyntaxOnly.cpp">; 222 def mktemp : Checker<"mktemp">, 223 HelpText<"Warn on uses of the 'mktemp' function">, 224 DescFile<"CheckSecuritySyntaxOnly.cpp">; 225 def mkstemp : Checker<"mkstemp">, 226 HelpText<"Warn when 'mkstemp' is passed fewer than 6 X's in the format string">, 227 DescFile<"CheckSecuritySyntaxOnly.cpp">; 228 def rand : Checker<"rand">, 229 HelpText<"Warn on uses of the 'rand', 'random', and related functions">, 230 DescFile<"CheckSecuritySyntaxOnly.cpp">; 231 def strcpy : Checker<"strcpy">, 232 HelpText<"Warn on uses of the 'strcpy' and 'strcat' functions">, 233 DescFile<"CheckSecuritySyntaxOnly.cpp">; 234 def vfork : Checker<"vfork">, 235 HelpText<"Warn on uses of the 'vfork' function">, 236 DescFile<"CheckSecuritySyntaxOnly.cpp">; 237 def UncheckedReturn : Checker<"UncheckedReturn">, 238 HelpText<"Warn on uses of functions whose return values must be always checked">, 239 DescFile<"CheckSecuritySyntaxOnly.cpp">; 240} 241let ParentPackage = Security in { 242 def FloatLoopCounter : Checker<"FloatLoopCounter">, 243 HelpText<"Warn on using a floating point value as a loop counter (CERT: FLP30-C, FLP30-CPP)">, 244 DescFile<"CheckSecuritySyntaxOnly.cpp">; 245} 246 247let ParentPackage = SecurityAlpha in { 248 249def ArrayBoundChecker : Checker<"ArrayBound">, 250 HelpText<"Warn about buffer overflows (older checker)">, 251 DescFile<"ArrayBoundChecker.cpp">; 252 253def ArrayBoundCheckerV2 : Checker<"ArrayBoundV2">, 254 HelpText<"Warn about buffer overflows (newer checker)">, 255 DescFile<"ArrayBoundCheckerV2.cpp">; 256 257def ReturnPointerRangeChecker : Checker<"ReturnPtrRange">, 258 HelpText<"Check for an out-of-bound pointer being returned to callers">, 259 DescFile<"ReturnPointerRangeChecker.cpp">; 260 261def MallocOverflowSecurityChecker : Checker<"MallocOverflow">, 262 HelpText<"Check for overflows in the arguments to malloc()">, 263 DescFile<"MallocOverflowSecurityChecker.cpp">; 264 265} // end "alpha.security" 266 267//===----------------------------------------------------------------------===// 268// Taint checkers. 269//===----------------------------------------------------------------------===// 270 271let ParentPackage = Taint in { 272 273def GenericTaintChecker : Checker<"TaintPropagation">, 274 HelpText<"Generate taint information used by other checkers">, 275 DescFile<"GenericTaintChecker.cpp">; 276 277} // end "alpha.security.taint" 278 279//===----------------------------------------------------------------------===// 280// Unix API checkers. 281//===----------------------------------------------------------------------===// 282 283let ParentPackage = Unix in { 284 285def UnixAPIChecker : Checker<"API">, 286 HelpText<"Check calls to various UNIX/Posix functions">, 287 DescFile<"UnixAPIChecker.cpp">; 288 289def MallocPessimistic : Checker<"Malloc">, 290 HelpText<"Check for memory leaks, double free, and use-after-free problems. Traces memory managed by malloc()/free().">, 291 DescFile<"MallocChecker.cpp">; 292 293def MallocSizeofChecker : Checker<"MallocSizeof">, 294 HelpText<"Check for dubious malloc arguments involving sizeof">, 295 DescFile<"MallocSizeofChecker.cpp">; 296 297def MismatchedDeallocatorChecker : Checker<"MismatchedDeallocator">, 298 HelpText<"Check for mismatched deallocators.">, 299 DescFile<"MallocChecker.cpp">; 300 301} // end "unix" 302 303let ParentPackage = UnixAlpha in { 304 305def ChrootChecker : Checker<"Chroot">, 306 HelpText<"Check improper use of chroot">, 307 DescFile<"ChrootChecker.cpp">; 308 309def MallocOptimistic : Checker<"MallocWithAnnotations">, 310 HelpText<"Check for memory leaks, double free, and use-after-free problems. Traces memory managed by malloc()/free(). Assumes that all user-defined functions which might free a pointer are annotated.">, 311 DescFile<"MallocChecker.cpp">; 312 313def PthreadLockChecker : Checker<"PthreadLock">, 314 HelpText<"Simple lock -> unlock checker">, 315 DescFile<"PthreadLockChecker.cpp">; 316 317def StreamChecker : Checker<"Stream">, 318 HelpText<"Check stream handling functions">, 319 DescFile<"StreamChecker.cpp">; 320 321def SimpleStreamChecker : Checker<"SimpleStream">, 322 HelpText<"Check for misuses of stream APIs">, 323 DescFile<"SimpleStreamChecker.cpp">; 324 325} // end "alpha.unix" 326 327let ParentPackage = CString in { 328 329def CStringNullArg : Checker<"NullArg">, 330 HelpText<"Check for null pointers being passed as arguments to C string functions">, 331 DescFile<"CStringChecker.cpp">; 332 333def CStringSyntaxChecker : Checker<"BadSizeArg">, 334 HelpText<"Check the size argument passed into C string functions for common erroneous patterns">, 335 DescFile<"CStringSyntaxChecker.cpp">; 336} 337 338let ParentPackage = CStringAlpha in { 339 340def CStringOutOfBounds : Checker<"OutOfBounds">, 341 HelpText<"Check for out-of-bounds access in string functions">, 342 DescFile<"CStringChecker.cpp">; 343 344def CStringBufferOverlap : Checker<"BufferOverlap">, 345 HelpText<"Checks for overlap in two buffer arguments">, 346 DescFile<"CStringChecker.cpp">; 347 348def CStringNotNullTerm : Checker<"NotNullTerminated">, 349 HelpText<"Check for arguments which are not null-terminating strings">, 350 DescFile<"CStringChecker.cpp">; 351} 352 353//===----------------------------------------------------------------------===// 354// Mac OS X, Cocoa, and Core Foundation checkers. 355//===----------------------------------------------------------------------===// 356 357let ParentPackage = OSX in { 358 359def MacOSXAPIChecker : Checker<"API">, 360 InPackage<OSX>, 361 HelpText<"Check for proper uses of various Apple APIs">, 362 DescFile<"MacOSXAPIChecker.cpp">; 363 364def MacOSKeychainAPIChecker : Checker<"SecKeychainAPI">, 365 InPackage<OSX>, 366 HelpText<"Check for proper uses of Secure Keychain APIs">, 367 DescFile<"MacOSKeychainAPIChecker.cpp">; 368 369} // end "osx" 370 371let ParentPackage = Cocoa in { 372 373def ObjCAtSyncChecker : Checker<"AtSync">, 374 HelpText<"Check for nil pointers used as mutexes for @synchronized">, 375 DescFile<"ObjCAtSyncChecker.cpp">; 376 377def NilArgChecker : Checker<"NilArg">, 378 HelpText<"Check for prohibited nil arguments to ObjC method calls">, 379 DescFile<"BasicObjCFoundationChecks.cpp">; 380 381def ClassReleaseChecker : Checker<"ClassRelease">, 382 HelpText<"Check for sending 'retain', 'release', or 'autorelease' directly to a Class">, 383 DescFile<"BasicObjCFoundationChecks.cpp">; 384 385def VariadicMethodTypeChecker : Checker<"VariadicMethodTypes">, 386 HelpText<"Check for passing non-Objective-C types to variadic collection " 387 "initialization methods that expect only Objective-C types">, 388 DescFile<"BasicObjCFoundationChecks.cpp">; 389 390def NSAutoreleasePoolChecker : Checker<"NSAutoreleasePool">, 391 HelpText<"Warn for suboptimal uses of NSAutoreleasePool in Objective-C GC mode">, 392 DescFile<"NSAutoreleasePoolChecker.cpp">; 393 394def ObjCMethSigsChecker : Checker<"IncompatibleMethodTypes">, 395 HelpText<"Warn about Objective-C method signatures with type incompatibilities">, 396 DescFile<"CheckObjCInstMethSignature.cpp">; 397 398def ObjCUnusedIvarsChecker : Checker<"UnusedIvars">, 399 HelpText<"Warn about private ivars that are never used">, 400 DescFile<"ObjCUnusedIVarsChecker.cpp">; 401 402def ObjCSelfInitChecker : Checker<"SelfInit">, 403 HelpText<"Check that 'self' is properly initialized inside an initializer method">, 404 DescFile<"ObjCSelfInitChecker.cpp">; 405 406def ObjCLoopChecker : Checker<"Loops">, 407 HelpText<"Improved modeling of loops using Cocoa collection types">, 408 DescFile<"BasicObjCFoundationChecks.cpp">; 409 410def ObjCNonNilReturnValueChecker : Checker<"NonNilReturnValue">, 411 HelpText<"Model the APIs that are guaranteed to return a non-nil value">, 412 DescFile<"BasicObjCFoundationChecks.cpp">; 413 414def NSErrorChecker : Checker<"NSError">, 415 HelpText<"Check usage of NSError** parameters">, 416 DescFile<"NSErrorChecker.cpp">; 417 418def RetainCountChecker : Checker<"RetainCount">, 419 HelpText<"Check for leaks and improper reference count management">, 420 DescFile<"RetainCountChecker.cpp">; 421 422} // end "osx.cocoa" 423 424let ParentPackage = CocoaAlpha in { 425 426def ObjCDeallocChecker : Checker<"Dealloc">, 427 HelpText<"Warn about Objective-C classes that lack a correct implementation of -dealloc">, 428 DescFile<"CheckObjCDealloc.cpp">; 429 430def InstanceVariableInvalidation : Checker<"InstanceVariableInvalidation">, 431 HelpText<"Check that the invalidatable instance variables are invalidated in the methods annotated with objc_instance_variable_invalidator">, 432 DescFile<"IvarInvalidationChecker.cpp">; 433 434def MissingInvalidationMethod : Checker<"MissingInvalidationMethod">, 435 HelpText<"Check that the invalidation methods are present in classes that contain invalidatable instance variables">, 436 DescFile<"IvarInvalidationChecker.cpp">; 437 438def DirectIvarAssignment : Checker<"DirectIvarAssignment">, 439 HelpText<"Check for direct assignments to instance variables">, 440 DescFile<"DirectIvarAssignment.cpp">; 441 442def DirectIvarAssignmentForAnnotatedFunctions : Checker<"DirectIvarAssignmentForAnnotatedFunctions">, 443 HelpText<"Check for direct assignments to instance variables in the methods annotated with objc_no_direct_instance_variable_assignment">, 444 DescFile<"DirectIvarAssignment.cpp">; 445 446def ObjCSuperCallChecker : Checker<"MissingSuperCall">, 447 HelpText<"Warn about Objective-C methods that lack a necessary call to super">, 448 DescFile<"ObjCMissingSuperCallChecker.cpp">; 449 450} // end "alpha.osx.cocoa" 451 452let ParentPackage = CoreFoundation in { 453 454def CFNumberCreateChecker : Checker<"CFNumber">, 455 HelpText<"Check for proper uses of CFNumberCreate">, 456 DescFile<"BasicObjCFoundationChecks.cpp">; 457 458def CFRetainReleaseChecker : Checker<"CFRetainRelease">, 459 HelpText<"Check for null arguments to CFRetain/CFRelease/CFMakeCollectable">, 460 DescFile<"BasicObjCFoundationChecks.cpp">; 461 462def CFErrorChecker : Checker<"CFError">, 463 HelpText<"Check usage of CFErrorRef* parameters">, 464 DescFile<"NSErrorChecker.cpp">; 465} 466 467let ParentPackage = Containers in { 468def ObjCContainersASTChecker : Checker<"PointerSizedValues">, 469 HelpText<"Warns if 'CFArray', 'CFDictionary', 'CFSet' are created with non-pointer-size values">, 470 DescFile<"ObjCContainersASTChecker.cpp">; 471 472def ObjCContainersChecker : Checker<"OutOfBounds">, 473 HelpText<"Checks for index out-of-bounds when using 'CFArray' API">, 474 DescFile<"ObjCContainersChecker.cpp">; 475 476} 477//===----------------------------------------------------------------------===// 478// Checkers for LLVM development. 479//===----------------------------------------------------------------------===// 480 481def LLVMConventionsChecker : Checker<"Conventions">, 482 InPackage<LLVM>, 483 HelpText<"Check code for LLVM codebase conventions">, 484 DescFile<"LLVMConventionsChecker.cpp">; 485 486//===----------------------------------------------------------------------===// 487// Debugging checkers (for analyzer development). 488//===----------------------------------------------------------------------===// 489 490let ParentPackage = Debug in { 491 492def DominatorsTreeDumper : Checker<"DumpDominators">, 493 HelpText<"Print the dominance tree for a given CFG">, 494 DescFile<"DebugCheckers.cpp">; 495 496def LiveVariablesDumper : Checker<"DumpLiveVars">, 497 HelpText<"Print results of live variable analysis">, 498 DescFile<"DebugCheckers.cpp">; 499 500def CFGViewer : Checker<"ViewCFG">, 501 HelpText<"View Control-Flow Graphs using GraphViz">, 502 DescFile<"DebugCheckers.cpp">; 503 504def CFGDumper : Checker<"DumpCFG">, 505 HelpText<"Display Control-Flow Graphs">, 506 DescFile<"DebugCheckers.cpp">; 507 508def CallGraphViewer : Checker<"ViewCallGraph">, 509 HelpText<"View Call Graph using GraphViz">, 510 DescFile<"DebugCheckers.cpp">; 511 512def CallGraphDumper : Checker<"DumpCallGraph">, 513 HelpText<"Display Call Graph">, 514 DescFile<"DebugCheckers.cpp">; 515 516def ConfigDumper : Checker<"ConfigDumper">, 517 HelpText<"Dump config table">, 518 DescFile<"DebugCheckers.cpp">; 519 520def TraversalDumper : Checker<"DumpTraversal">, 521 HelpText<"Print branch conditions as they are traversed by the engine">, 522 DescFile<"TraversalChecker.cpp">; 523 524def CallDumper : Checker<"DumpCalls">, 525 HelpText<"Print calls as they are traversed by the engine">, 526 DescFile<"TraversalChecker.cpp">; 527 528def AnalyzerStatsChecker : Checker<"Stats">, 529 HelpText<"Emit warnings with analyzer statistics">, 530 DescFile<"AnalyzerStatsChecker.cpp">; 531 532def TaintTesterChecker : Checker<"TaintTest">, 533 HelpText<"Mark tainted symbols as such.">, 534 DescFile<"TaintTesterChecker.cpp">; 535 536def ExprInspectionChecker : Checker<"ExprInspection">, 537 HelpText<"Check the analyzer's understanding of expressions">, 538 DescFile<"ExprInspectionChecker.cpp">; 539 540} // end "debug" 541