Checkers.td revision 7fc800356f3c86a0c63e94353d7a1ac5a0ffbf66
1//===--- Checkers.td - Static Analyzer Checkers -===-----------------------===// 2// 3// The LLVM Compiler Infrastructure 4// 5// This file is distributed under the University of Illinois Open Source 6// License. See LICENSE.TXT for details. 7// 8//===----------------------------------------------------------------------===// 9 10include "clang/StaticAnalyzer/Checkers/CheckerBase.td" 11 12//===----------------------------------------------------------------------===// 13// Packages. 14//===----------------------------------------------------------------------===// 15 16def Experimental : Package<"experimental">; 17 18def Core : Package<"core">; 19def CoreBuiltin : Package<"builtin">, InPackage<Core>; 20def CoreUninitialized : Package<"uninitialized">, InPackage<Core>; 21def CoreExperimental : Package<"core">, InPackage<Experimental>, Hidden; 22 23def Cplusplus : Package<"cplusplus">; 24def CplusplusExperimental : Package<"cplusplus">, InPackage<Experimental>, Hidden; 25 26def DeadCode : Package<"deadcode">; 27def DeadCodeExperimental : Package<"deadcode">, InPackage<Experimental>, Hidden; 28 29def Security : Package <"security">; 30def InsecureAPI : Package<"insecureAPI">, InPackage<Security>; 31def SecurityExperimental : Package<"security">, InPackage<Experimental>, Hidden; 32def Taint : Package<"taint">, InPackage<SecurityExperimental>, Hidden; 33 34def Unix : Package<"unix">; 35def UnixExperimental : Package<"unix">, InPackage<Experimental>, Hidden; 36 37def OSX : Package<"osx">; 38def OSXExperimental : Package<"osx">, InPackage<Experimental>, Hidden; 39def Cocoa : Package<"cocoa">, InPackage<OSX>; 40def CocoaExperimental : Package<"cocoa">, InPackage<OSXExperimental>, Hidden; 41def CoreFoundation : Package<"coreFoundation">, InPackage<OSX>; 42def Containers : Package<"Containers">, InPackage<CoreFoundation>; 43 44def LLVM : Package<"llvm">; 45def Debug : Package<"debug">; 46 47//===----------------------------------------------------------------------===// 48// Core Checkers. 49//===----------------------------------------------------------------------===// 50 51let ParentPackage = Core in { 52 53def DereferenceChecker : Checker<"NullDereference">, 54 HelpText<"Check for dereferences of null pointers">, 55 DescFile<"DereferenceChecker.cpp">; 56 57def CallAndMessageChecker : Checker<"CallAndMessage">, 58 HelpText<"Check for logical errors for function calls and Objective-C message expressions (e.g., uninitialized arguments, null function pointers)">, 59 DescFile<"CallAndMessageChecker.cpp">; 60 61def AdjustedReturnValueChecker : Checker<"AdjustedReturnValue">, 62 HelpText<"Check to see if the return value of a function call is different than the caller expects (e.g., from calls through function pointers)">, 63 DescFile<"AdjustedReturnValueChecker.cpp">; 64 65def AttrNonNullChecker : Checker<"AttributeNonNull">, 66 HelpText<"Check for null pointers passed as arguments to a function whose arguments are marked with the 'nonnull' attribute">, 67 DescFile<"AttrNonNullChecker.cpp">; 68 69def VLASizeChecker : Checker<"VLASize">, 70 HelpText<"Check for declarations of VLA of undefined or zero size">, 71 DescFile<"VLASizeChecker.cpp">; 72 73def DivZeroChecker : Checker<"DivideZero">, 74 HelpText<"Check for division by zero">, 75 DescFile<"DivZeroChecker.cpp">; 76 77def UndefResultChecker : Checker<"UndefinedBinaryOperatorResult">, 78 HelpText<"Check for undefined results of binary operators">, 79 DescFile<"UndefResultChecker.cpp">; 80 81def StackAddrEscapeChecker : Checker<"StackAddressEscape">, 82 HelpText<"Check that addresses to stack memory do not escape the function">, 83 DescFile<"StackAddrEscapeChecker.cpp">; 84 85} // end "core" 86 87let ParentPackage = CoreExperimental in { 88 89def CastSizeChecker : Checker<"CastSize">, 90 HelpText<"Check when casting a malloc'ed type T, whether the size is a multiple of the size of T">, 91 DescFile<"CastSizeChecker.cpp">; 92 93def CastToStructChecker : Checker<"CastToStruct">, 94 HelpText<"Check for cast from non-struct pointer to struct pointer">, 95 DescFile<"CastToStructChecker.cpp">; 96 97def FixedAddressChecker : Checker<"FixedAddr">, 98 HelpText<"Check for assignment of a fixed address to a pointer">, 99 DescFile<"FixedAddressChecker.cpp">; 100 101def PointerArithChecker : Checker<"PointerArithm">, 102 HelpText<"Check for pointer arithmetic on locations other than array elements">, 103 DescFile<"PointerArithChecker">; 104 105def PointerSubChecker : Checker<"PointerSub">, 106 HelpText<"Check for pointer subtractions on two pointers pointing to different memory chunks">, 107 DescFile<"PointerSubChecker">; 108 109def SizeofPointerChecker : Checker<"SizeofPtr">, 110 HelpText<"Warn about unintended use of sizeof() on pointer expressions">, 111 DescFile<"CheckSizeofPointer.cpp">; 112 113} // end "core.experimental" 114 115//===----------------------------------------------------------------------===// 116// Evaluate "builtin" functions. 117//===----------------------------------------------------------------------===// 118 119let ParentPackage = CoreBuiltin in { 120 121def NoReturnFunctionChecker : Checker<"NoReturnFunctions">, 122 HelpText<"Evaluate \"panic\" functions that are known to not return to the caller">, 123 DescFile<"NoReturnFunctionChecker.cpp">; 124 125def BuiltinFunctionChecker : Checker<"BuiltinFunctions">, 126 HelpText<"Evaluate compiler builtin functions (e.g., alloca())">, 127 DescFile<"BuiltinFunctionChecker.cpp">; 128 129} // end "core.builtin" 130 131//===----------------------------------------------------------------------===// 132// Uninitialized values checkers. 133//===----------------------------------------------------------------------===// 134 135let ParentPackage = CoreUninitialized in { 136 137def UndefinedArraySubscriptChecker : Checker<"ArraySubscript">, 138 HelpText<"Check for uninitialized values used as array subscripts">, 139 DescFile<"UndefinedArraySubscriptChecker.cpp">; 140 141def UndefinedAssignmentChecker : Checker<"Assign">, 142 HelpText<"Check for assigning uninitialized values">, 143 DescFile<"UndefinedAssignmentChecker.cpp">; 144 145def UndefBranchChecker : Checker<"Branch">, 146 HelpText<"Check for uninitialized values used as branch conditions">, 147 DescFile<"UndefBranchChecker.cpp">; 148 149def UndefCapturedBlockVarChecker : Checker<"CapturedBlockVariable">, 150 HelpText<"Check for blocks that capture uninitialized values">, 151 DescFile<"UndefCapturedBlockVarChecker.cpp">; 152 153def ReturnUndefChecker : Checker<"UndefReturn">, 154 HelpText<"Check for uninitialized values being returned to the caller">, 155 DescFile<"ReturnUndefChecker.cpp">; 156 157} // end "core.uninitialized" 158 159//===----------------------------------------------------------------------===// 160// C++ checkers. 161//===----------------------------------------------------------------------===// 162 163let ParentPackage = CplusplusExperimental in { 164 165def IteratorsChecker : Checker<"Iterators">, 166 HelpText<"Check improper uses of STL vector iterators">, 167 DescFile<"IteratorsChecker.cpp">; 168 169def VirtualCallChecker : Checker<"VirtualCall">, 170 HelpText<"Check virtual function calls during construction or destruction">, 171 DescFile<"VirtualCallChecker.cpp">; 172 173} // end: "cplusplus.experimental" 174 175//===----------------------------------------------------------------------===// 176// Deadcode checkers. 177//===----------------------------------------------------------------------===// 178 179let ParentPackage = DeadCode in { 180 181def DeadStoresChecker : Checker<"DeadStores">, 182 HelpText<"Check for values stored to variables that are never read afterwards">, 183 DescFile<"DeadStoresChecker.cpp">; 184} // end DeadCode 185 186let ParentPackage = DeadCodeExperimental in { 187 188def IdempotentOperationChecker : Checker<"IdempotentOperations">, 189 HelpText<"Warn about idempotent operations">, 190 DescFile<"IdempotentOperationChecker.cpp">; 191 192def UnreachableCodeChecker : Checker<"UnreachableCode">, 193 HelpText<"Check unreachable code">, 194 DescFile<"UnreachableCodeChecker.cpp">; 195 196} // end "deadcode.experimental" 197 198//===----------------------------------------------------------------------===// 199// Security checkers. 200//===----------------------------------------------------------------------===// 201 202let ParentPackage = InsecureAPI in { 203 def gets : Checker<"gets">, 204 HelpText<"Warn on uses of the 'gets' function">, 205 DescFile<"CheckSecuritySyntaxOnly.cpp">; 206 def getpw : Checker<"getpw">, 207 HelpText<"Warn on uses of the 'getpw' function">, 208 DescFile<"CheckSecuritySyntaxOnly.cpp">; 209 def mktemp : Checker<"mktemp">, 210 HelpText<"Warn on uses of the 'mktemp' function">, 211 DescFile<"CheckSecuritySyntaxOnly.cpp">; 212 def mkstemp : Checker<"mkstemp">, 213 HelpText<"Warn when 'mkstemp' is passed fewer than 6 X's in the format string">, 214 DescFile<"CheckSecuritySyntaxOnly.cpp">; 215 def rand : Checker<"rand">, 216 HelpText<"Warn on uses of the 'rand', 'random', and related functions">, 217 DescFile<"CheckSecuritySyntaxOnly.cpp">; 218 def strcpy : Checker<"strcpy">, 219 HelpText<"Warn on uses of the 'strcpy' and 'strcat' functions">, 220 DescFile<"CheckSecuritySyntaxOnly.cpp">; 221 def vfork : Checker<"vfork">, 222 HelpText<"Warn on uses of the 'vfork' function">, 223 DescFile<"CheckSecuritySyntaxOnly.cpp">; 224 def UncheckedReturn : Checker<"UncheckedReturn">, 225 HelpText<"Warn on uses of functions whose return values must be always checked">, 226 DescFile<"CheckSecuritySyntaxOnly.cpp">; 227} 228let ParentPackage = Security in { 229 def FloatLoopCounter : Checker<"FloatLoopCounter">, 230 HelpText<"Warn on using a floating point value as a loop counter (CERT: FLP30-C, FLP30-CPP)">, 231 DescFile<"CheckSecuritySyntaxOnly.cpp">; 232} 233 234let ParentPackage = SecurityExperimental in { 235 236def ArrayBoundChecker : Checker<"ArrayBound">, 237 HelpText<"Warn about buffer overflows (older checker)">, 238 DescFile<"ArrayBoundChecker.cpp">; 239 240def ArrayBoundCheckerV2 : Checker<"ArrayBoundV2">, 241 HelpText<"Warn about buffer overflows (newer checker)">, 242 DescFile<"ArrayBoundCheckerV2.cpp">; 243 244def ReturnPointerRangeChecker : Checker<"ReturnPtrRange">, 245 HelpText<"Check for an out-of-bound pointer being returned to callers">, 246 DescFile<"ReturnPointerRangeChecker.cpp">; 247 248def MallocOverflowSecurityChecker : Checker<"MallocOverflow">, 249 HelpText<"Check for overflows in the arguments to malloc()">, 250 DescFile<"MallocOverflowSecurityChecker.cpp">; 251 252} // end "security.experimental" 253 254//===----------------------------------------------------------------------===// 255// Taint checkers. 256//===----------------------------------------------------------------------===// 257 258let ParentPackage = Taint in { 259 260def GenericTaintChecker : Checker<"TaintPropagation">, 261 HelpText<"Generate taint information used by other checkers">, 262 DescFile<"GenericTaintChecker.cpp">; 263 264} // end "experimental.security.taint" 265 266//===----------------------------------------------------------------------===// 267// Unix API checkers. 268//===----------------------------------------------------------------------===// 269 270let ParentPackage = Unix in { 271 272def UnixAPIChecker : Checker<"API">, 273 HelpText<"Check calls to various UNIX/Posix functions">, 274 DescFile<"UnixAPIChecker.cpp">; 275 276} // end "unix" 277 278let ParentPackage = UnixExperimental in { 279 280def ChrootChecker : Checker<"Chroot">, 281 HelpText<"Check improper use of chroot">, 282 DescFile<"ChrootChecker.cpp">; 283 284def CStringChecker : Checker<"CString">, 285 HelpText<"Check calls to functions in <string.h>">, 286 DescFile<"CStringChecker.cpp">; 287 288def MallocChecker : Checker<"Malloc">, 289 HelpText<"Check for potential memory leaks, double free, and use-after-free problems">, 290 DescFile<"MallocChecker.cpp">; 291 292def MallocSizeofChecker : Checker<"MallocSizeof">, 293 HelpText<"Check for dubious malloc arguments involving sizeof">, 294 DescFile<"MallocSizeofChecker.cpp">; 295 296def PthreadLockChecker : Checker<"PthreadLock">, 297 HelpText<"Simple lock -> unlock checker">, 298 DescFile<"PthreadLockChecker.cpp">; 299 300def StreamChecker : Checker<"Stream">, 301 HelpText<"Check stream handling functions">, 302 DescFile<"StreamChecker.cpp">; 303 304} // end "unix.experimental" 305 306//===----------------------------------------------------------------------===// 307// Mac OS X, Cocoa, and Core Foundation checkers. 308//===----------------------------------------------------------------------===// 309 310let ParentPackage = OSX in { 311 312def MacOSXAPIChecker : Checker<"API">, 313 InPackage<OSX>, 314 HelpText<"Check for proper uses of various Mac OS X APIs">, 315 DescFile<"MacOSXAPIChecker.cpp">; 316 317def OSAtomicChecker : Checker<"AtomicCAS">, 318 InPackage<OSX>, 319 HelpText<"Evaluate calls to OSAtomic functions">, 320 DescFile<"OSAtomicChecker.cpp">; 321 322def MacOSKeychainAPIChecker : Checker<"SecKeychainAPI">, 323 InPackage<OSX>, 324 HelpText<"Check for proper uses of Secure Keychain APIs">, 325 DescFile<"MacOSKeychainAPIChecker.cpp">; 326 327} // end "macosx" 328 329let ParentPackage = Cocoa in { 330 331def ObjCAtSyncChecker : Checker<"AtSync">, 332 HelpText<"Check for null pointers used as mutexes for @synchronized">, 333 DescFile<"ObjCAtSyncChecker.cpp">; 334 335def NilArgChecker : Checker<"NilArg">, 336 HelpText<"Check for prohibited nil arguments to ObjC method calls">, 337 DescFile<"BasicObjCFoundationChecks.cpp">; 338 339def ClassReleaseChecker : Checker<"ClassRelease">, 340 HelpText<"Check for sending 'retain', 'release', or 'autorelease' directly to a Class">, 341 DescFile<"BasicObjCFoundationChecks.cpp">; 342 343def VariadicMethodTypeChecker : Checker<"VariadicMethodTypes">, 344 HelpText<"Check for passing non-Objective-C types to variadic methods that expect " 345 "only Objective-C types">, 346 DescFile<"BasicObjCFoundationChecks.cpp">; 347 348def NSAutoreleasePoolChecker : Checker<"NSAutoreleasePool">, 349 HelpText<"Warn for suboptimal uses of NSAutoreleasePool in Objective-C GC mode">, 350 DescFile<"NSAutoreleasePoolChecker.cpp">; 351 352def ObjCMethSigsChecker : Checker<"IncompatibleMethodTypes">, 353 HelpText<"Warn about Objective-C method signatures with type incompatibilities">, 354 DescFile<"CheckObjCInstMethSignature.cpp">; 355 356def ObjCUnusedIvarsChecker : Checker<"UnusedIvars">, 357 HelpText<"Warn about private ivars that are never used">, 358 DescFile<"ObjCUnusedIVarsChecker.cpp">; 359 360def NSErrorChecker : Checker<"NSError">, 361 HelpText<"Check usage of NSError** parameters">, 362 DescFile<"NSErrorChecker.cpp">; 363 364def RetainCountChecker : Checker<"RetainCount">, 365 HelpText<"Check for leaks and improper reference count management">, 366 DescFile<"RetainCountChecker.cpp">; 367 368} // end "cocoa" 369 370let ParentPackage = CocoaExperimental in { 371 372def ObjCContainersChecker : Checker<"Containers">, 373 HelpText<"Deep checks for common pitfalls when using 'CFArray' APIs">, 374 DescFile<"ObjCContainersChecker.cpp">; 375 376def ObjCSelfInitChecker : Checker<"SelfInit">, 377 HelpText<"Check that 'self' is properly initialized inside an initializer method">, 378 DescFile<"ObjCSelfInitChecker.cpp">; 379 380def ObjCDeallocChecker : Checker<"Dealloc">, 381 HelpText<"Warn about Objective-C classes that lack a correct implementation of -dealloc">, 382 DescFile<"CheckObjCDealloc.cpp">; 383 384} // end "cocoa.experimental" 385 386let ParentPackage = CoreFoundation in { 387 388def CFNumberCreateChecker : Checker<"CFNumber">, 389 HelpText<"Check for proper uses of CFNumberCreate">, 390 DescFile<"BasicObjCFoundationChecks.cpp">; 391 392def CFRetainReleaseChecker : Checker<"CFRetainRelease">, 393 HelpText<"Check for null arguments to CFRetain/CFRelease">, 394 DescFile<"BasicObjCFoundationChecks.cpp">; 395 396def CFErrorChecker : Checker<"CFError">, 397 HelpText<"Check usage of CFErrorRef* parameters">, 398 DescFile<"NSErrorChecker.cpp">; 399} 400 401let ParentPackage = Containers in { 402def ObjCContainersASTChecker : Checker<"PointerSizedValues">, 403 HelpText<"Warns if 'CFArray', 'CFDictionary', 'CFSet' are created with non-pointer-size values">, 404 DescFile<"ObjCContainersASTChecker.cpp">; 405} 406//===----------------------------------------------------------------------===// 407// Checkers for LLVM development. 408//===----------------------------------------------------------------------===// 409 410def LLVMConventionsChecker : Checker<"Conventions">, 411 InPackage<LLVM>, 412 HelpText<"Check code for LLVM codebase conventions">, 413 DescFile<"LLVMConventionsChecker.cpp">; 414 415//===----------------------------------------------------------------------===// 416// Debugging checkers (for analyzer development). 417//===----------------------------------------------------------------------===// 418 419let ParentPackage = Debug in { 420 421def DominatorsTreeDumper : Checker<"DumpDominators">, 422 HelpText<"Print the dominance tree for a given CFG">, 423 DescFile<"DebugCheckers.cpp">; 424 425def LiveVariablesDumper : Checker<"DumpLiveVars">, 426 HelpText<"Print results of live variable analysis">, 427 DescFile<"DebugCheckers.cpp">; 428 429def CFGViewer : Checker<"ViewCFG">, 430 HelpText<"View Control-Flow Graphs using GraphViz">, 431 DescFile<"DebugCheckers.cpp">; 432 433def CFGDumper : Checker<"DumpCFG">, 434 HelpText<"Display Control-Flow Graphs">, 435 DescFile<"DebugCheckers.cpp">; 436 437def AnalyzerStatsChecker : Checker<"Stats">, 438 HelpText<"Emit warnings with analyzer statistics">, 439 DescFile<"AnalyzerStatsChecker.cpp">; 440 441def TaintTesterChecker : Checker<"TaintTest">, 442 HelpText<"Mark tainted symbols as such.">, 443 DescFile<"TaintTesterChecker.cpp">; 444 445} // end "debug" 446 447