Checkers.td revision 231361ad343d655e4bbb1574ccbb4173b72dadfd 
1//===--- Checkers.td - Static Analyzer Checkers -===-----------------------===//
2//
3//                     The LLVM Compiler Infrastructure
4//
5// This file is distributed under the University of Illinois Open Source
6// License. See LICENSE.TXT for details.
7//
8//===----------------------------------------------------------------------===//
9
10include "clang/StaticAnalyzer/Checkers/CheckerBase.td"
11
12//===----------------------------------------------------------------------===//
13// Packages.
14//===----------------------------------------------------------------------===//
15
16def Experimental : Package<"experimental">;
17
18def Core : Package<"core">;
19def CoreBuiltin : Package<"builtin">, InPackage<Core>;
20def CoreUninitialized  : Package<"uninitialized">, InPackage<Core>;
21def CoreExperimental : Package<"core">, InPackage<Experimental>, Hidden;
22
23def Cplusplus : Package<"cplusplus">;
24def CplusplusExperimental : Package<"cplusplus">, InPackage<Experimental>, Hidden;
25
26def DeadCode : Package<"deadcode">;
27def DeadCodeExperimental : Package<"deadcode">, InPackage<Experimental>, Hidden;
28
29def Security : Package <"security">;
30def InsecureAPI : Package<"insecureAPI">, InPackage<Security>;
31def SecurityExperimental : Package<"security">, InPackage<Experimental>, Hidden;
32def Taint : Package<"taint">, InPackage<SecurityExperimental>, Hidden;  
33
34def Unix : Package<"unix">;
35def UnixExperimental : Package<"unix">, InPackage<Experimental>, Hidden;
36def CString : Package<"cstring">, InPackage<UnixExperimental>, Hidden;
37
38def OSX : Package<"osx">;
39def OSXExperimental : Package<"osx">, InPackage<Experimental>, Hidden;
40def Cocoa : Package<"cocoa">, InPackage<OSX>;
41def CocoaExperimental : Package<"cocoa">, InPackage<OSXExperimental>, Hidden;
42def CoreFoundation : Package<"coreFoundation">, InPackage<OSX>;
43def Containers : Package<"containers">, InPackage<CoreFoundation>;
44
45def LLVM : Package<"llvm">;
46def Debug : Package<"debug">;
47
48//===----------------------------------------------------------------------===//
49// Core Checkers.
50//===----------------------------------------------------------------------===//
51
52let ParentPackage = Core in {
53
54def DereferenceChecker : Checker<"NullDereference">,
55  HelpText<"Check for dereferences of null pointers">,
56  DescFile<"DereferenceChecker.cpp">;
57
58def CallAndMessageChecker : Checker<"CallAndMessage">,
59  HelpText<"Check for logical errors for function calls and Objective-C message expressions (e.g., uninitialized arguments, null function pointers)">,
60  DescFile<"CallAndMessageChecker.cpp">;
61
62def AdjustedReturnValueChecker : Checker<"AdjustedReturnValue">,
63  HelpText<"Check to see if the return value of a function call is different than the caller expects (e.g., from calls through function pointers)">,
64  DescFile<"AdjustedReturnValueChecker.cpp">;
65
66def AttrNonNullChecker : Checker<"AttributeNonNull">,
67  HelpText<"Check for null pointers passed as arguments to a function whose arguments are marked with the 'nonnull' attribute">,
68  DescFile<"AttrNonNullChecker.cpp">;
69
70def VLASizeChecker : Checker<"VLASize">,
71  HelpText<"Check for declarations of VLA of undefined or zero size">,
72  DescFile<"VLASizeChecker.cpp">;
73
74def DivZeroChecker : Checker<"DivideZero">,
75  HelpText<"Check for division by zero">,
76  DescFile<"DivZeroChecker.cpp">;
77
78def UndefResultChecker : Checker<"UndefinedBinaryOperatorResult">,
79  HelpText<"Check for undefined results of binary operators">,
80  DescFile<"UndefResultChecker.cpp">;
81
82def StackAddrEscapeChecker : Checker<"StackAddressEscape">,
83  HelpText<"Check that addresses to stack memory do not escape the function">,
84  DescFile<"StackAddrEscapeChecker.cpp">;
85
86} // end "core"
87
88let ParentPackage = CoreExperimental in {
89
90def CastSizeChecker : Checker<"CastSize">,
91  HelpText<"Check when casting a malloc'ed type T, whether the size is a multiple of the size of T">,
92  DescFile<"CastSizeChecker.cpp">;
93
94def CastToStructChecker : Checker<"CastToStruct">,
95  HelpText<"Check for cast from non-struct pointer to struct pointer">,
96  DescFile<"CastToStructChecker.cpp">;
97
98def FixedAddressChecker : Checker<"FixedAddr">,
99  HelpText<"Check for assignment of a fixed address to a pointer">,
100  DescFile<"FixedAddressChecker.cpp">;
101
102def PointerArithChecker : Checker<"PointerArithm">,
103  HelpText<"Check for pointer arithmetic on locations other than array elements">,
104  DescFile<"PointerArithChecker">;
105
106def PointerSubChecker : Checker<"PointerSub">,
107  HelpText<"Check for pointer subtractions on two pointers pointing to different memory chunks">,
108  DescFile<"PointerSubChecker">;
109
110def SizeofPointerChecker : Checker<"SizeofPtr">,
111  HelpText<"Warn about unintended use of sizeof() on pointer expressions">,
112  DescFile<"CheckSizeofPointer.cpp">;
113
114} // end "core.experimental"
115
116//===----------------------------------------------------------------------===//
117// Evaluate "builtin" functions.
118//===----------------------------------------------------------------------===//
119
120let ParentPackage = CoreBuiltin in {
121
122def NoReturnFunctionChecker : Checker<"NoReturnFunctions">,
123  HelpText<"Evaluate \"panic\" functions that are known to not return to the caller">,
124  DescFile<"NoReturnFunctionChecker.cpp">;
125
126def BuiltinFunctionChecker : Checker<"BuiltinFunctions">,
127  HelpText<"Evaluate compiler builtin functions (e.g., alloca())">,
128  DescFile<"BuiltinFunctionChecker.cpp">;
129
130} // end "core.builtin"
131
132//===----------------------------------------------------------------------===//
133// Uninitialized values checkers.
134//===----------------------------------------------------------------------===//
135
136let ParentPackage = CoreUninitialized in {
137
138def UndefinedArraySubscriptChecker : Checker<"ArraySubscript">,
139  HelpText<"Check for uninitialized values used as array subscripts">,
140  DescFile<"UndefinedArraySubscriptChecker.cpp">;
141
142def UndefinedAssignmentChecker : Checker<"Assign">,
143  HelpText<"Check for assigning uninitialized values">,
144  DescFile<"UndefinedAssignmentChecker.cpp">;
145
146def UndefBranchChecker : Checker<"Branch">,
147  HelpText<"Check for uninitialized values used as branch conditions">,
148  DescFile<"UndefBranchChecker.cpp">;
149
150def UndefCapturedBlockVarChecker : Checker<"CapturedBlockVariable">,
151  HelpText<"Check for blocks that capture uninitialized values">,
152  DescFile<"UndefCapturedBlockVarChecker.cpp">;
153  
154def ReturnUndefChecker : Checker<"UndefReturn">,
155  HelpText<"Check for uninitialized values being returned to the caller">,
156  DescFile<"ReturnUndefChecker.cpp">;
157
158} // end "core.uninitialized"
159
160//===----------------------------------------------------------------------===//
161// C++ checkers.
162//===----------------------------------------------------------------------===//
163
164let ParentPackage = CplusplusExperimental in {
165
166def IteratorsChecker : Checker<"Iterators">,
167  HelpText<"Check improper uses of STL vector iterators">,
168  DescFile<"IteratorsChecker.cpp">;
169
170def VirtualCallChecker : Checker<"VirtualCall">,
171  HelpText<"Check virtual function calls during construction or destruction">, 
172  DescFile<"VirtualCallChecker.cpp">;
173
174} // end: "cplusplus.experimental"
175
176//===----------------------------------------------------------------------===//
177// Deadcode checkers.
178//===----------------------------------------------------------------------===//
179
180let ParentPackage = DeadCode in {
181
182def DeadStoresChecker : Checker<"DeadStores">,
183  HelpText<"Check for values stored to variables that are never read afterwards">,
184  DescFile<"DeadStoresChecker.cpp">;
185} // end DeadCode
186
187let ParentPackage = DeadCodeExperimental in {
188
189def IdempotentOperationChecker : Checker<"IdempotentOperations">,
190  HelpText<"Warn about idempotent operations">,
191  DescFile<"IdempotentOperationChecker.cpp">;
192
193def UnreachableCodeChecker : Checker<"UnreachableCode">,
194  HelpText<"Check unreachable code">,
195  DescFile<"UnreachableCodeChecker.cpp">;
196
197} // end "deadcode.experimental"
198
199//===----------------------------------------------------------------------===//
200// Security checkers.
201//===----------------------------------------------------------------------===//
202
203let ParentPackage = InsecureAPI in {
204  def gets : Checker<"gets">,
205    HelpText<"Warn on uses of the 'gets' function">,
206    DescFile<"CheckSecuritySyntaxOnly.cpp">;
207  def getpw : Checker<"getpw">,
208    HelpText<"Warn on uses of the 'getpw' function">,
209    DescFile<"CheckSecuritySyntaxOnly.cpp">;
210  def mktemp : Checker<"mktemp">,
211    HelpText<"Warn on uses of the 'mktemp' function">,
212    DescFile<"CheckSecuritySyntaxOnly.cpp">;
213  def mkstemp : Checker<"mkstemp">,
214    HelpText<"Warn when 'mkstemp' is passed fewer than 6 X's in the format string">,
215    DescFile<"CheckSecuritySyntaxOnly.cpp">;
216  def rand : Checker<"rand">,
217    HelpText<"Warn on uses of the 'rand', 'random', and related functions">,
218    DescFile<"CheckSecuritySyntaxOnly.cpp">;
219  def strcpy : Checker<"strcpy">,
220    HelpText<"Warn on uses of the 'strcpy' and 'strcat' functions">,
221    DescFile<"CheckSecuritySyntaxOnly.cpp">;
222  def vfork : Checker<"vfork">,
223    HelpText<"Warn on uses of the 'vfork' function">,
224    DescFile<"CheckSecuritySyntaxOnly.cpp">;
225  def UncheckedReturn : Checker<"UncheckedReturn">,
226    HelpText<"Warn on uses of functions whose return values must be always checked">,
227    DescFile<"CheckSecuritySyntaxOnly.cpp">;
228}
229let ParentPackage = Security in {
230  def FloatLoopCounter : Checker<"FloatLoopCounter">,
231    HelpText<"Warn on using a floating point value as a loop counter (CERT: FLP30-C, FLP30-CPP)">,
232    DescFile<"CheckSecuritySyntaxOnly.cpp">;
233}
234
235let ParentPackage = SecurityExperimental in {
236
237def ArrayBoundChecker : Checker<"ArrayBound">,
238  HelpText<"Warn about buffer overflows (older checker)">,
239  DescFile<"ArrayBoundChecker.cpp">;  
240
241def ArrayBoundCheckerV2 : Checker<"ArrayBoundV2">,
242  HelpText<"Warn about buffer overflows (newer checker)">,
243  DescFile<"ArrayBoundCheckerV2.cpp">;
244
245def ReturnPointerRangeChecker : Checker<"ReturnPtrRange">,
246  HelpText<"Check for an out-of-bound pointer being returned to callers">,
247  DescFile<"ReturnPointerRangeChecker.cpp">;
248
249def MallocOverflowSecurityChecker : Checker<"MallocOverflow">,
250  HelpText<"Check for overflows in the arguments to malloc()">,
251  DescFile<"MallocOverflowSecurityChecker.cpp">;
252
253} // end "security.experimental"
254
255//===----------------------------------------------------------------------===//
256// Taint checkers.
257//===----------------------------------------------------------------------===//
258
259let ParentPackage = Taint in {
260
261def GenericTaintChecker : Checker<"TaintPropagation">,
262  HelpText<"Generate taint information used by other checkers">,
263  DescFile<"GenericTaintChecker.cpp">;
264
265} // end "experimental.security.taint"
266
267//===----------------------------------------------------------------------===//
268// Unix API checkers.
269//===----------------------------------------------------------------------===//
270
271let ParentPackage = Unix in {
272
273def UnixAPIChecker : Checker<"API">,
274  HelpText<"Check calls to various UNIX/Posix functions">,
275  DescFile<"UnixAPIChecker.cpp">;
276  
277} // end "unix"
278
279let ParentPackage = UnixExperimental in {
280
281def ChrootChecker : Checker<"Chroot">,
282  HelpText<"Check improper use of chroot">,
283  DescFile<"ChrootChecker.cpp">;
284
285def MallocOptimistic : Checker<"MallocWithAnnotations">,
286  HelpText<"Check for memory leaks, double free, and use-after-free problems. Assumes that all user-defined functions which might free a pointer are annotated.">,
287  DescFile<"MallocChecker.cpp">;
288
289def MallocPessimistic : Checker<"Malloc">,
290  HelpText<"Check for memory leaks, double free, and use-after-free problems.">,
291  DescFile<"MallocChecker.cpp">;
292
293def MallocSizeofChecker : Checker<"MallocSizeof">,
294  HelpText<"Check for dubious malloc arguments involving sizeof">,
295  DescFile<"MallocSizeofChecker.cpp">;
296
297def PthreadLockChecker : Checker<"PthreadLock">,
298  HelpText<"Simple lock -> unlock checker">,
299  DescFile<"PthreadLockChecker.cpp">;
300
301def StreamChecker : Checker<"Stream">,
302  HelpText<"Check stream handling functions">,
303  DescFile<"StreamChecker.cpp">;
304
305} // end "unix.experimental"
306
307let ParentPackage = CString in {
308
309def CStringNullArg : Checker<"NullArg">,
310  HelpText<"Check for null pointers being passed as arguments to C string functions">,
311  DescFile<"CStringChecker.cpp">;
312
313def CStringOutOfBounds : Checker<"OutOfBounds">,
314  HelpText<"Check for out-of-bounds access in string functions">,
315  DescFile<"CStringChecker.cpp">;
316
317def CStringBufferOverlap : Checker<"BufferOverlap">,
318  HelpText<"Checks for overlap in two buffer arguments">,
319  DescFile<"CStringChecker.cpp">;
320
321def CStringNotNullTerm : Checker<"NotNullTerminated">,
322  HelpText<"Check for arguments which are not null-terminating strings">,
323  DescFile<"CStringChecker.cpp">;
324
325def CStringSyntaxChecker : Checker<"BadSizeArg">,
326  HelpText<"Check the size argument passed into C string functions for common erroneous patterns">,
327  DescFile<"CStringSyntaxChecker.cpp">;  
328}
329
330//===----------------------------------------------------------------------===//
331// Mac OS X, Cocoa, and Core Foundation checkers.
332//===----------------------------------------------------------------------===//
333
334let ParentPackage = OSX in {
335
336def MacOSXAPIChecker : Checker<"API">,
337  InPackage<OSX>,
338  HelpText<"Check for proper uses of various Mac OS X APIs">,
339  DescFile<"MacOSXAPIChecker.cpp">;
340
341def OSAtomicChecker : Checker<"AtomicCAS">,
342  InPackage<OSX>,
343  HelpText<"Evaluate calls to OSAtomic functions">,
344  DescFile<"OSAtomicChecker.cpp">;
345
346def MacOSKeychainAPIChecker : Checker<"SecKeychainAPI">,
347  InPackage<OSX>,
348  HelpText<"Check for proper uses of Secure Keychain APIs">,
349  DescFile<"MacOSKeychainAPIChecker.cpp">;
350
351} // end "macosx"
352
353let ParentPackage = Cocoa in {
354
355def ObjCAtSyncChecker : Checker<"AtSync">,
356  HelpText<"Check for null pointers used as mutexes for @synchronized">,
357  DescFile<"ObjCAtSyncChecker.cpp">;
358
359def NilArgChecker : Checker<"NilArg">,
360  HelpText<"Check for prohibited nil arguments to ObjC method calls">,
361  DescFile<"BasicObjCFoundationChecks.cpp">;
362
363def ClassReleaseChecker : Checker<"ClassRelease">,
364  HelpText<"Check for sending 'retain', 'release', or 'autorelease' directly to a Class">,
365  DescFile<"BasicObjCFoundationChecks.cpp">;
366
367def VariadicMethodTypeChecker : Checker<"VariadicMethodTypes">,
368  HelpText<"Check for passing non-Objective-C types to variadic methods that expect "
369           "only Objective-C types">,
370  DescFile<"BasicObjCFoundationChecks.cpp">;
371
372def NSAutoreleasePoolChecker : Checker<"NSAutoreleasePool">,
373  HelpText<"Warn for suboptimal uses of NSAutoreleasePool in Objective-C GC mode">,
374  DescFile<"NSAutoreleasePoolChecker.cpp">;
375
376def ObjCMethSigsChecker : Checker<"IncompatibleMethodTypes">,
377  HelpText<"Warn about Objective-C method signatures with type incompatibilities">,
378  DescFile<"CheckObjCInstMethSignature.cpp">;
379
380def ObjCUnusedIvarsChecker : Checker<"UnusedIvars">,
381  HelpText<"Warn about private ivars that are never used">,
382  DescFile<"ObjCUnusedIVarsChecker.cpp">;
383
384def ObjCSelfInitChecker : Checker<"SelfInit">,
385  HelpText<"Check that 'self' is properly initialized inside an initializer method">,
386  DescFile<"ObjCSelfInitChecker.cpp">;
387
388def NSErrorChecker : Checker<"NSError">,
389  HelpText<"Check usage of NSError** parameters">,
390  DescFile<"NSErrorChecker.cpp">;
391
392def RetainCountChecker : Checker<"RetainCount">,
393  HelpText<"Check for leaks and improper reference count management">,
394  DescFile<"RetainCountChecker.cpp">;
395
396} // end "cocoa"
397
398let ParentPackage = CocoaExperimental in {
399
400def ObjCDeallocChecker : Checker<"Dealloc">,
401  HelpText<"Warn about Objective-C classes that lack a correct implementation of -dealloc">,
402  DescFile<"CheckObjCDealloc.cpp">;
403
404} // end "cocoa.experimental"
405
406let ParentPackage = CoreFoundation in {
407
408def CFNumberCreateChecker : Checker<"CFNumber">,
409  HelpText<"Check for proper uses of CFNumberCreate">,
410  DescFile<"BasicObjCFoundationChecks.cpp">;
411
412def CFRetainReleaseChecker : Checker<"CFRetainRelease">,
413  HelpText<"Check for null arguments to CFRetain/CFRelease">,
414  DescFile<"BasicObjCFoundationChecks.cpp">;
415
416def CFErrorChecker : Checker<"CFError">,
417  HelpText<"Check usage of CFErrorRef* parameters">,
418  DescFile<"NSErrorChecker.cpp">;
419}
420
421let ParentPackage = Containers in {
422def ObjCContainersASTChecker : Checker<"PointerSizedValues">,
423  HelpText<"Warns if 'CFArray', 'CFDictionary', 'CFSet' are created with non-pointer-size values">,
424  DescFile<"ObjCContainersASTChecker.cpp">;
425
426def ObjCContainersChecker : Checker<"OutOfBounds">,
427  HelpText<"Checks for index out-of-bounds when using 'CFArray' API">,
428  DescFile<"ObjCContainersChecker.cpp">;
429    
430}
431//===----------------------------------------------------------------------===//
432// Checkers for LLVM development.
433//===----------------------------------------------------------------------===//
434
435def LLVMConventionsChecker : Checker<"Conventions">,
436  InPackage<LLVM>,
437  HelpText<"Check code for LLVM codebase conventions">,
438  DescFile<"LLVMConventionsChecker.cpp">;
439
440//===----------------------------------------------------------------------===//
441// Debugging checkers (for analyzer development).
442//===----------------------------------------------------------------------===//
443
444let ParentPackage = Debug in {
445
446def DominatorsTreeDumper : Checker<"DumpDominators">,
447  HelpText<"Print the dominance tree for a given CFG">,
448  DescFile<"DebugCheckers.cpp">;
449
450def LiveVariablesDumper : Checker<"DumpLiveVars">,
451  HelpText<"Print results of live variable analysis">,
452  DescFile<"DebugCheckers.cpp">;
453
454def CFGViewer : Checker<"ViewCFG">,
455  HelpText<"View Control-Flow Graphs using GraphViz">,
456  DescFile<"DebugCheckers.cpp">;
457
458def CFGDumper : Checker<"DumpCFG">,
459  HelpText<"Display Control-Flow Graphs">,
460  DescFile<"DebugCheckers.cpp">;
461
462def AnalyzerStatsChecker : Checker<"Stats">,
463  HelpText<"Emit warnings with analyzer statistics">,
464  DescFile<"AnalyzerStatsChecker.cpp">;
465
466def TaintTesterChecker : Checker<"TaintTest">,
467  HelpText<"Mark tainted symbols as such.">,
468  DescFile<"TaintTesterChecker.cpp">;
469
470} // end "debug"
471
472