Checkers.td revision de9f25365ca1fbc146eefeb839053b1cf9b75ae1 
1//===--- Checkers.td - Static Analyzer Checkers -===-----------------------===//
2//
3//                     The LLVM Compiler Infrastructure
4//
5// This file is distributed under the University of Illinois Open Source
6// License. See LICENSE.TXT for details.
7//
8//===----------------------------------------------------------------------===//
9
10include "clang/StaticAnalyzer/Checkers/CheckerBase.td"
11
12//===----------------------------------------------------------------------===//
13// Packages.
14//===----------------------------------------------------------------------===//
15
16def Experimental : Package<"experimental">;
17
18def Core : Package<"core">;
19def CoreBuiltin : Package<"builtin">, InPackage<Core>;
20def CoreUninitialized  : Package<"uninitialized">, InPackage<Core>;
21def CoreExperimental : Package<"core">, InPackage<Experimental>, Hidden;
22
23def Cplusplus : Package<"cplusplus">;
24def CplusplusExperimental : Package<"cplusplus">, InPackage<Experimental>, Hidden;
25
26def DeadCode : Package<"deadcode">;
27def DeadCodeExperimental : Package<"deadcode">, InPackage<Experimental>, Hidden;
28
29def Security : Package <"security">;
30def SecurityExperimental : Package<"security">, InPackage<Experimental>, Hidden;
31def Taint : Package<"taint">, InPackage<SecurityExperimental>, Hidden;  
32
33def Unix : Package<"unix">;
34def UnixExperimental : Package<"unix">, InPackage<Experimental>, Hidden;
35
36def OSX : Package<"osx">;
37def OSXExperimental : Package<"osx">, InPackage<Experimental>, Hidden;
38def Cocoa : Package<"cocoa">, InPackage<OSX>;
39def CocoaExperimental : Package<"cocoa">, InPackage<OSXExperimental>, Hidden;
40def CoreFoundation : Package<"coreFoundation">, InPackage<OSX>;
41
42def LLVM : Package<"llvm">;
43def Debug : Package<"debug">;
44
45//===----------------------------------------------------------------------===//
46// Core Checkers.
47//===----------------------------------------------------------------------===//
48
49let ParentPackage = Core in {
50
51def DereferenceChecker : Checker<"NullDereference">,
52  HelpText<"Check for dereferences of null pointers">,
53  DescFile<"DereferenceChecker.cpp">;
54
55def CallAndMessageChecker : Checker<"CallAndMessage">,
56  HelpText<"Check for logical errors for function calls and Objective-C message expressions (e.g., uninitialized arguments, null function pointers)">,
57  DescFile<"CallAndMessageChecker.cpp">;
58
59def AdjustedReturnValueChecker : Checker<"AdjustedReturnValue">,
60  HelpText<"Check to see if the return value of a function call is different than the caller expects (e.g., from calls through function pointers)">,
61  DescFile<"AdjustedReturnValueChecker.cpp">;
62
63def AttrNonNullChecker : Checker<"AttributeNonNull">,
64  HelpText<"Check for null pointers passed as arguments to a function whose arguments are marked with the 'nonnull' attribute">,
65  DescFile<"AttrNonNullChecker.cpp">;
66
67def VLASizeChecker : Checker<"VLASize">,
68  HelpText<"Check for declarations of VLA of undefined or zero size">,
69  DescFile<"VLASizeChecker.cpp">;
70
71def DivZeroChecker : Checker<"DivideZero">,
72  HelpText<"Check for division by zero">,
73  DescFile<"DivZeroChecker.cpp">;
74
75def UndefResultChecker : Checker<"UndefinedBinaryOperatorResult">,
76  HelpText<"Check for undefined results of binary operators">,
77  DescFile<"UndefResultChecker.cpp">;
78
79def StackAddrEscapeChecker : Checker<"StackAddressEscape">,
80  HelpText<"Check that addresses to stack memory do not escape the function">,
81  DescFile<"StackAddrEscapeChecker.cpp">;
82
83} // end "core"
84
85let ParentPackage = CoreExperimental in {
86
87def CastSizeChecker : Checker<"CastSize">,
88  HelpText<"Check when casting a malloc'ed type T, whether the size is a multiple of the size of T">,
89  DescFile<"CastSizeChecker.cpp">;
90
91def CastToStructChecker : Checker<"CastToStruct">,
92  HelpText<"Check for cast from non-struct pointer to struct pointer">,
93  DescFile<"CastToStructChecker.cpp">;
94
95def FixedAddressChecker : Checker<"FixedAddr">,
96  HelpText<"Check for assignment of a fixed address to a pointer">,
97  DescFile<"FixedAddressChecker.cpp">;
98
99def PointerArithChecker : Checker<"PointerArithm">,
100  HelpText<"Check for pointer arithmetic on locations other than array elements">,
101  DescFile<"PointerArithChecker">;
102
103def PointerSubChecker : Checker<"PointerSub">,
104  HelpText<"Check for pointer subtractions on two pointers pointing to different memory chunks">,
105  DescFile<"PointerSubChecker">;
106
107def SizeofPointerChecker : Checker<"SizeofPtr">,
108  HelpText<"Warn about unintended use of sizeof() on pointer expressions">,
109  DescFile<"CheckSizeofPointer.cpp">;
110
111} // end "core.experimental"
112
113//===----------------------------------------------------------------------===//
114// Evaluate "builtin" functions.
115//===----------------------------------------------------------------------===//
116
117let ParentPackage = CoreBuiltin in {
118
119def NoReturnFunctionChecker : Checker<"NoReturnFunctions">,
120  HelpText<"Evaluate \"panic\" functions that are known to not return to the caller">,
121  DescFile<"NoReturnFunctionChecker.cpp">;
122
123def BuiltinFunctionChecker : Checker<"BuiltinFunctions">,
124  HelpText<"Evaluate compiler builtin functions (e.g., alloca())">,
125  DescFile<"BuiltinFunctionChecker.cpp">;
126
127} // end "core.builtin"
128
129//===----------------------------------------------------------------------===//
130// Uninitialized values checkers.
131//===----------------------------------------------------------------------===//
132
133let ParentPackage = CoreUninitialized in {
134
135def UndefinedArraySubscriptChecker : Checker<"ArraySubscript">,
136  HelpText<"Check for uninitialized values used as array subscripts">,
137  DescFile<"UndefinedArraySubscriptChecker.cpp">;
138
139def UndefinedAssignmentChecker : Checker<"Assign">,
140  HelpText<"Check for assigning uninitialized values">,
141  DescFile<"UndefinedAssignmentChecker.cpp">;
142
143def UndefBranchChecker : Checker<"Branch">,
144  HelpText<"Check for uninitialized values used as branch conditions">,
145  DescFile<"UndefBranchChecker.cpp">;
146
147def UndefCapturedBlockVarChecker : Checker<"CapturedBlockVariable">,
148  HelpText<"Check for blocks that capture uninitialized values">,
149  DescFile<"UndefCapturedBlockVarChecker.cpp">;
150  
151def ReturnUndefChecker : Checker<"UndefReturn">,
152  HelpText<"Check for uninitialized values being returned to the caller">,
153  DescFile<"ReturnUndefChecker.cpp">;
154
155} // end "core.uninitialized"
156
157//===----------------------------------------------------------------------===//
158// C++ checkers.
159//===----------------------------------------------------------------------===//
160
161let ParentPackage = CplusplusExperimental in {
162
163def IteratorsChecker : Checker<"Iterators">,
164  HelpText<"Check improper uses of STL vector iterators">,
165  DescFile<"IteratorsChecker.cpp">;
166
167def VirtualCallChecker : Checker<"VirtualCall">,
168  HelpText<"Check virtual function calls during construction or destruction">, 
169  DescFile<"VirtualCallChecker.cpp">;
170
171} // end: "cplusplus.experimental"
172
173//===----------------------------------------------------------------------===//
174// Deadcode checkers.
175//===----------------------------------------------------------------------===//
176
177let ParentPackage = DeadCode in {
178
179def DeadStoresChecker : Checker<"DeadStores">,
180  HelpText<"Check for values stored to variables that are never read afterwards">,
181  DescFile<"DeadStoresChecker.cpp">;
182
183def IdempotentOperationChecker : Checker<"IdempotentOperations">,
184  HelpText<"Warn about idempotent operations">,
185  DescFile<"IdempotentOperationChecker.cpp">;
186
187} // end DeadCode
188
189let ParentPackage = DeadCodeExperimental in {
190
191def UnreachableCodeChecker : Checker<"UnreachableCode">,
192  HelpText<"Check unreachable code">,
193  DescFile<"UnreachableCodeChecker.cpp">;
194
195} // end "deadcode.experimental"
196
197//===----------------------------------------------------------------------===//
198// Security checkers.
199//===----------------------------------------------------------------------===//
200
201let ParentPackage = SecurityExperimental in {
202
203def SecuritySyntaxChecker : Checker<"SecuritySyntactic">,
204  HelpText<"Perform quick security API checks that require no data flow">,
205  DescFile<"CheckSecuritySyntaxOnly.cpp">;
206
207def ArrayBoundChecker : Checker<"ArrayBound">,
208  HelpText<"Warn about buffer overflows (older checker)">,
209  DescFile<"ArrayBoundChecker.cpp">;  
210
211def ArrayBoundCheckerV2 : Checker<"ArrayBoundV2">,
212  HelpText<"Warn about buffer overflows (newer checker)">,
213  DescFile<"ArrayBoundCheckerV2.cpp">;
214
215def ReturnPointerRangeChecker : Checker<"ReturnPtrRange">,
216  HelpText<"Check for an out-of-bound pointer being returned to callers">,
217  DescFile<"ReturnPointerRangeChecker.cpp">;
218
219def MallocOverflowSecurityChecker : Checker<"MallocOverflow">,
220  HelpText<"Check for overflows in the arguments to malloc()">,
221  DescFile<"MallocOverflowSecurityChecker.cpp">;
222
223} // end "security.experimental"
224
225//===----------------------------------------------------------------------===//
226// Taint checkers.
227//===----------------------------------------------------------------------===//
228
229let ParentPackage = Taint in {
230
231def GenericTaintChecker : Checker<"TaintPropagation">,
232  HelpText<"Generate taint information used by other checkers">,
233  DescFile<"GenericTaintChecker.cpp">;
234
235} // end "experimental.security.taint"
236
237//===----------------------------------------------------------------------===//
238// Unix API checkers.
239//===----------------------------------------------------------------------===//
240
241let ParentPackage = Unix in {
242
243def UnixAPIChecker : Checker<"API">,
244  HelpText<"Check calls to various UNIX/Posix functions">,
245  DescFile<"UnixAPIChecker.cpp">;
246  
247} // end "unix"
248
249let ParentPackage = UnixExperimental in {
250
251def ChrootChecker : Checker<"Chroot">,
252  HelpText<"Check improper use of chroot">,
253  DescFile<"ChrootChecker.cpp">;
254
255def CStringChecker : Checker<"CString">,
256  HelpText<"Check calls to functions in <string.h>">,
257  DescFile<"CStringChecker.cpp">;
258
259def MallocChecker : Checker<"Malloc">,
260  HelpText<"Check for potential memory leaks, double free, and use-after-free problems">,
261  DescFile<"MallocChecker.cpp">;
262
263def MallocSizeofChecker : Checker<"MallocSizeof">,
264  HelpText<"Check for dubious malloc arguments involving sizeof">,
265  DescFile<"MallocSizeofChecker.cpp">;
266
267def PthreadLockChecker : Checker<"PthreadLock">,
268  HelpText<"Simple lock -> unlock checker">,
269  DescFile<"PthreadLockChecker.cpp">;
270
271def StreamChecker : Checker<"Stream">,
272  HelpText<"Check stream handling functions">,
273  DescFile<"StreamChecker.cpp">;
274
275} // end "unix.experimental"
276
277//===----------------------------------------------------------------------===//
278// Mac OS X, Cocoa, and Core Foundation checkers.
279//===----------------------------------------------------------------------===//
280
281let ParentPackage = OSX in {
282
283def MacOSXAPIChecker : Checker<"API">,
284  InPackage<OSX>,
285  HelpText<"Check for proper uses of various Mac OS X APIs">,
286  DescFile<"MacOSXAPIChecker.cpp">;
287
288def OSAtomicChecker : Checker<"AtomicCAS">,
289  InPackage<OSX>,
290  HelpText<"Evaluate calls to OSAtomic functions">,
291  DescFile<"OSAtomicChecker.cpp">;
292
293def MacOSKeychainAPIChecker : Checker<"SecKeychainAPI">,
294  InPackage<OSX>,
295  HelpText<"Check for proper uses of Secure Keychain APIs">,
296  DescFile<"MacOSKeychainAPIChecker.cpp">;
297
298} // end "macosx"
299
300let ParentPackage = Cocoa in {
301
302def ObjCAtSyncChecker : Checker<"AtSync">,
303  HelpText<"Check for null pointers used as mutexes for @synchronized">,
304  DescFile<"ObjCAtSyncChecker.cpp">;
305
306def NilArgChecker : Checker<"NilArg">,
307  HelpText<"Check for prohibited nil arguments to ObjC method calls">,
308  DescFile<"BasicObjCFoundationChecks.cpp">;
309
310def ClassReleaseChecker : Checker<"ClassRelease">,
311  HelpText<"Check for sending 'retain', 'release', or 'autorelease' directly to a Class">,
312  DescFile<"BasicObjCFoundationChecks.cpp">;
313
314def VariadicMethodTypeChecker : Checker<"VariadicMethodTypes">,
315  HelpText<"Check for passing non-Objective-C types to variadic methods that expect "
316           "only Objective-C types">,
317  DescFile<"BasicObjCFoundationChecks.cpp">;
318
319def NSAutoreleasePoolChecker : Checker<"NSAutoreleasePool">,
320  HelpText<"Warn for suboptimal uses of NSAutoreleasePool in Objective-C GC mode">,
321  DescFile<"NSAutoreleasePoolChecker.cpp">;
322
323def ObjCMethSigsChecker : Checker<"IncompatibleMethodTypes">,
324  HelpText<"Warn about Objective-C method signatures with type incompatibilities">,
325  DescFile<"CheckObjCInstMethSignature.cpp">;
326
327def ObjCUnusedIvarsChecker : Checker<"UnusedIvars">,
328  HelpText<"Warn about private ivars that are never used">,
329  DescFile<"ObjCUnusedIVarsChecker.cpp">;
330 
331def NSErrorChecker : Checker<"NSError">,
332  HelpText<"Check usage of NSError** parameters">,
333  DescFile<"NSErrorChecker.cpp">;
334
335def RetainCountChecker : Checker<"RetainCount">,
336  HelpText<"Check for leaks and improper reference count management">,
337  DescFile<"RetainCountChecker.cpp">;
338
339} // end "cocoa"
340
341let ParentPackage = CocoaExperimental in {
342
343def ObjCSelfInitChecker : Checker<"SelfInit">,
344  HelpText<"Check that 'self' is properly initialized inside an initializer method">,
345  DescFile<"ObjCSelfInitChecker.cpp">;
346
347def ObjCDeallocChecker : Checker<"Dealloc">,
348  HelpText<"Warn about Objective-C classes that lack a correct implementation of -dealloc">,
349  DescFile<"CheckObjCDealloc.cpp">;
350
351} // end "cocoa.experimental"
352
353let ParentPackage = CoreFoundation in {
354
355def CFNumberCreateChecker : Checker<"CFNumber">,
356  HelpText<"Check for proper uses of CFNumberCreate">,
357  DescFile<"BasicObjCFoundationChecks.cpp">;
358
359def CFRetainReleaseChecker : Checker<"CFRetainRelease">,
360  HelpText<"Check for null arguments to CFRetain/CFRelease">,
361  DescFile<"BasicObjCFoundationChecks.cpp">;
362
363def CFErrorChecker : Checker<"CFError">,
364  HelpText<"Check usage of CFErrorRef* parameters">,
365  DescFile<"NSErrorChecker.cpp">;
366}
367
368//===----------------------------------------------------------------------===//
369// Checkers for LLVM development.
370//===----------------------------------------------------------------------===//
371
372def LLVMConventionsChecker : Checker<"Conventions">,
373  InPackage<LLVM>,
374  HelpText<"Check code for LLVM codebase conventions">,
375  DescFile<"LLVMConventionsChecker.cpp">;
376
377//===----------------------------------------------------------------------===//
378// Debugging checkers (for analyzer development).
379//===----------------------------------------------------------------------===//
380
381let ParentPackage = Debug in {
382
383def DominatorsTreeDumper : Checker<"DumpDominators">,
384  HelpText<"Print the dominance tree for a given CFG">,
385  DescFile<"DebugCheckers.cpp">;
386
387def LiveVariablesDumper : Checker<"DumpLiveVars">,
388  HelpText<"Print results of live variable analysis">,
389  DescFile<"DebugCheckers.cpp">;
390
391def CFGViewer : Checker<"ViewCFG">,
392  HelpText<"View Control-Flow Graphs using GraphViz">,
393  DescFile<"DebugCheckers.cpp">;
394
395def CFGDumper : Checker<"DumpCFG">,
396  HelpText<"Display Control-Flow Graphs">,
397  DescFile<"DebugCheckers.cpp">;
398
399def AnalyzerStatsChecker : Checker<"Stats">,
400  HelpText<"Emit warnings with analyzer statistics">,
401  DescFile<"AnalyzerStatsChecker.cpp">;
402
403def TaintTesterChecker : Checker<"TaintTest">,
404  HelpText<"Mark tainted symbols as such.">,
405  DescFile<"TaintTesterChecker.cpp">;
406
407} // end "debug"
408
409