Checkers.td source code [clang_source_code/include/clang/StaticAnalyzer/Checkers/Checkers.td]

1	//===--- Checkers.td - Static Analyzer Checkers -===-----------------------===//
2	//
3	// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4	// See https://llvm.org/LICENSE.txt for license information.
5	// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6	//
7	//===----------------------------------------------------------------------===//
8
9	include "CheckerBase.td"
10
11	//===----------------------------------------------------------------------===//
12	// Packages.
13	//===----------------------------------------------------------------------===//
14
15	// The Alpha package is for checkers that have too many false positives to be
16	// turned on by default. The hierarchy under Alpha should be organized in the
17	// hierarchy checkers would have had if they were truly at the top level.
18	// (For example, a Cocoa-specific checker that is alpha should be in
19	// alpha.osx.cocoa).
20	def Alpha : Package<"alpha">;
21
22	def Core : Package<"core">;
23	def CoreBuiltin : Package<"builtin">, ParentPackage<Core>;
24	def CoreUninitialized : Package<"uninitialized">, ParentPackage<Core>;
25	def CoreAlpha : Package<"core">, ParentPackage<Alpha>;
26
27	// The OptIn package is for checkers that are not alpha and that would normally
28	// be on by default but where the driver does not have enough information to
29	// determine when they are applicable. For example, localizability checkers fit
30	// this criterion because the driver cannot determine whether a project is
31	// localized or not -- this is best determined at the IDE or build-system level.
32	//
33	// The checker hierarchy under OptIn should mirror that in Alpha: checkers
34	// should be organized as if they were at the top level.
35	//
36	// Note: OptIn is not intended for checkers that are too noisy to be on by
37	// default. Such checkers belong in the alpha package.
38	def OptIn : Package<"optin">;
39
40	// In the Portability package reside checkers for finding code that relies on
41	// implementation-defined behavior. Such checks are wanted for cross-platform
42	// development, but unwanted for developers who target only a single platform.
43	def PortabilityOptIn : Package<"portability">, ParentPackage<OptIn>;
44
45	def Nullability : Package<"nullability">;
46
47	def Cplusplus : Package<"cplusplus">;
48	def CplusplusAlpha : Package<"cplusplus">, ParentPackage<Alpha>;
49	def CplusplusOptIn : Package<"cplusplus">, ParentPackage<OptIn>;
50
51	def Valist : Package<"valist">;
52
53	def DeadCode : Package<"deadcode">;
54	def DeadCodeAlpha : Package<"deadcode">, ParentPackage<Alpha>;
55
56	def Performance : Package<"performance">, ParentPackage<OptIn>;
57
58	def Security : Package <"security">;
59	def InsecureAPI : Package<"insecureAPI">, ParentPackage<Security>;
60	def SecurityAlpha : Package<"security">, ParentPackage<Alpha>;
61	def Taint : Package<"taint">, ParentPackage<SecurityAlpha>;
62
63	def Unix : Package<"unix">;
64	def UnixAlpha : Package<"unix">, ParentPackage<Alpha>;
65	def CString : Package<"cstring">, ParentPackage<Unix>;
66	def CStringAlpha : Package<"cstring">, ParentPackage<UnixAlpha>;
67
68	def OSX : Package<"osx">;
69	def OSXAlpha : Package<"osx">, ParentPackage<Alpha>;
70	def OSXOptIn : Package<"osx">, ParentPackage<OptIn>;
71
72	def Cocoa : Package<"cocoa">, ParentPackage<OSX>;
73	def CocoaAlpha : Package<"cocoa">, ParentPackage<OSXAlpha>;
74	def CocoaOptIn : Package<"cocoa">, ParentPackage<OSXOptIn>;
75
76	def CoreFoundation : Package<"coreFoundation">, ParentPackage<OSX>;
77	def Containers : Package<"containers">, ParentPackage<CoreFoundation>;
78
79	def LocalizabilityAlpha : Package<"localizability">, ParentPackage<CocoaAlpha>;
80	def LocalizabilityOptIn : Package<"localizability">, ParentPackage<CocoaOptIn>;
81
82	def MPI : Package<"mpi">, ParentPackage<OptIn>;
83
84	def LLVM : Package<"llvm">;
85	def LLVMAlpha : Package<"llvm">, ParentPackage<Alpha>;
86
87	// The APIModeling package is for checkers that model APIs and don't perform
88	// any diagnostics. These checkers are always turned on; this package is
89	// intended for API modeling that is not controlled by the target triple.
90	def APIModeling : Package<"apiModeling">;
91	def GoogleAPIModeling : Package<"google">, ParentPackage<APIModeling>;
92
93	def Debug : Package<"debug">;
94
95	def CloneDetectionAlpha : Package<"clone">, ParentPackage<Alpha>;
96
97	def NonDeterminismAlpha : Package<"nondeterminism">, ParentPackage<Alpha>;
98
99	//===----------------------------------------------------------------------===//
100	// Core Checkers.
101	//===----------------------------------------------------------------------===//
102
103	let ParentPackage = Core in {
104
105	def DereferenceChecker : Checker<"NullDereference">,
106	HelpText<"Check for dereferences of null pointers">,
107	Documentation<HasDocumentation>;
108
109	def CallAndMessageChecker : Checker<"CallAndMessage">,
110	HelpText<"Check for logical errors for function calls and Objective-C "
111	"message expressions (e.g., uninitialized arguments, null function "
112	"pointers)">,
113	Documentation<HasDocumentation>;
114
115	def NonNullParamChecker : Checker<"NonNullParamChecker">,
116	HelpText<"Check for null pointers passed as arguments to a function whose "
117	"arguments are references or marked with the 'nonnull' attribute">,
118	Documentation<HasDocumentation>;
119
120	def VLASizeChecker : Checker<"VLASize">,
121	HelpText<"Check for declarations of VLA of undefined or zero size">,
122	Documentation<HasDocumentation>;
123
124	def DivZeroChecker : Checker<"DivideZero">,
125	HelpText<"Check for division by zero">,
126	Documentation<HasDocumentation>;
127
128	def UndefResultChecker : Checker<"UndefinedBinaryOperatorResult">,
129	HelpText<"Check for undefined results of binary operators">,
130	Documentation<HasDocumentation>;
131
132	def StackAddrEscapeBase : Checker<"StackAddrEscapeBase">,
133	HelpText<"Generate information about stack address escapes.">,
134	Documentation<NotDocumented>;
135
136	def StackAddrEscapeChecker : Checker<"StackAddressEscape">,
137	HelpText<"Check that addresses to stack memory do not escape the function">,
138	Dependencies<[StackAddrEscapeBase]>,
139	Documentation<HasDocumentation>;
140
141	def DynamicTypePropagation : Checker<"DynamicTypePropagation">,
142	HelpText<"Generate dynamic type information">,
143	Documentation<NotDocumented>;
144
145	def NonnullGlobalConstantsChecker: Checker<"NonnilStringConstants">,
146	HelpText<"Assume that const string-like globals are non-null">,
147	Documentation<NotDocumented>;
148
149	} // end "core"
150
151	let ParentPackage = CoreAlpha in {
152
153	def BoolAssignmentChecker : Checker<"BoolAssignment">,
154	HelpText<"Warn about assigning non-{0,1} values to Boolean variables">,
155	Documentation<HasAlphaDocumentation>;
156
157	def CastSizeChecker : Checker<"CastSize">,
158	HelpText<"Check when casting a malloc'ed type T, whether the size is a "
159	"multiple of the size of T">,
160	Documentation<HasAlphaDocumentation>;
161
162	def CastToStructChecker : Checker<"CastToStruct">,
163	HelpText<"Check for cast from non-struct pointer to struct pointer">,
164	Documentation<HasAlphaDocumentation>;
165
166	def ConversionChecker : Checker<"Conversion">,
167	HelpText<"Loss of sign/precision in implicit conversions">,
168	Documentation<HasAlphaDocumentation>;
169
170	def IdenticalExprChecker : Checker<"IdenticalExpr">,
171	HelpText<"Warn about unintended use of identical expressions in operators">,
172	Documentation<HasAlphaDocumentation>;
173
174	def FixedAddressChecker : Checker<"FixedAddr">,
175	HelpText<"Check for assignment of a fixed address to a pointer">,
176	Documentation<HasAlphaDocumentation>;
177
178	def PointerArithChecker : Checker<"PointerArithm">,
179	HelpText<"Check for pointer arithmetic on locations other than array "
180	"elements">,
181	Documentation<HasAlphaDocumentation>;
182
183	def PointerSubChecker : Checker<"PointerSub">,
184	HelpText<"Check for pointer subtractions on two pointers pointing to "
185	"different memory chunks">,
186	Documentation<HasAlphaDocumentation>;
187
188	def SizeofPointerChecker : Checker<"SizeofPtr">,
189	HelpText<"Warn about unintended use of sizeof() on pointer expressions">,
190	Documentation<HasAlphaDocumentation>;
191
192	def CallAndMessageUnInitRefArg : Checker<"CallAndMessageUnInitRefArg">,
193	HelpText<"Check for logical errors for function calls and Objective-C "
194	"message expressions (e.g., uninitialized arguments, null function "
195	"pointers, and pointer to undefined variables)">,
196	Dependencies<[CallAndMessageChecker]>,
197	Documentation<HasAlphaDocumentation>;
198
199	def TestAfterDivZeroChecker : Checker<"TestAfterDivZero">,
200	HelpText<"Check for division by variable that is later compared against 0. "
201	"Either the comparison is useless or there is division by zero.">,
202	Documentation<HasAlphaDocumentation>;
203
204	def DynamicTypeChecker : Checker<"DynamicTypeChecker">,
205	HelpText<"Check for cases where the dynamic and the static type of an object "
206	"are unrelated.">,
207	Documentation<HasAlphaDocumentation>;
208
209	def StackAddrAsyncEscapeChecker : Checker<"StackAddressAsyncEscape">,
210	HelpText<"Check that addresses to stack memory do not escape the function">,
211	Dependencies<[StackAddrEscapeBase]>,
212	Documentation<HasAlphaDocumentation>;
213
214	} // end "alpha.core"
215
216	//===----------------------------------------------------------------------===//
217	// Nullability checkers.
218	//===----------------------------------------------------------------------===//
219
220	let ParentPackage = Nullability in {
221
222	def NullabilityBase : Checker<"NullabilityBase">,
223	HelpText<"Stores information during the analysis about nullability.">,
224	Documentation<NotDocumented>;
225
226	def NullPassedToNonnullChecker : Checker<"NullPassedToNonnull">,
227	HelpText<"Warns when a null pointer is passed to a pointer which has a "
228	"_Nonnull type.">,
229	Dependencies<[NullabilityBase]>,
230	Documentation<HasDocumentation>;
231
232	def NullReturnedFromNonnullChecker : Checker<"NullReturnedFromNonnull">,
233	HelpText<"Warns when a null pointer is returned from a function that has "
234	"_Nonnull return type.">,
235	Dependencies<[NullabilityBase]>,
236	Documentation<HasDocumentation>;
237
238	def NullableDereferencedChecker : Checker<"NullableDereferenced">,
239	HelpText<"Warns when a nullable pointer is dereferenced.">,
240	Dependencies<[NullabilityBase]>,
241	Documentation<HasDocumentation>;
242
243	def NullablePassedToNonnullChecker : Checker<"NullablePassedToNonnull">,
244	HelpText<"Warns when a nullable pointer is passed to a pointer which has a "
245	"_Nonnull type.">,
246	Dependencies<[NullabilityBase]>,
247	Documentation<HasDocumentation>;
248
249	def NullableReturnedFromNonnullChecker : Checker<"NullableReturnedFromNonnull">,
250	HelpText<"Warns when a nullable pointer is returned from a function that has "
251	"_Nonnull return type.">,
252	Dependencies<[NullabilityBase]>,
253	Documentation<NotDocumented>;
254
255	} // end "nullability"
256
257	//===----------------------------------------------------------------------===//
258	// APIModeling.
259	//===----------------------------------------------------------------------===//
260
261	let ParentPackage = APIModeling in {
262
263	def StdCLibraryFunctionsChecker : Checker<"StdCLibraryFunctions">,
264	HelpText<"Improve modeling of the C standard library functions">,
265	Documentation<NotDocumented>;
266
267	def TrustNonnullChecker : Checker<"TrustNonnull">,
268	HelpText<"Trust that returns from framework methods annotated with _Nonnull "
269	"are not null">,
270	Documentation<NotDocumented>;
271
272	} // end "apiModeling"
273
274	//===----------------------------------------------------------------------===//
275	// Evaluate "builtin" functions.
276	//===----------------------------------------------------------------------===//
277
278	let ParentPackage = CoreBuiltin in {
279
280	def NoReturnFunctionChecker : Checker<"NoReturnFunctions">,
281	HelpText<"Evaluate \"panic\" functions that are known to not return to the "
282	"caller">,
283	Documentation<NotDocumented>;
284
285	def BuiltinFunctionChecker : Checker<"BuiltinFunctions">,
286	HelpText<"Evaluate compiler builtin functions (e.g., alloca())">,
287	Documentation<NotDocumented>;
288
289	} // end "core.builtin"
290
291	//===----------------------------------------------------------------------===//
292	// Uninitialized values checkers.
293	//===----------------------------------------------------------------------===//
294
295	let ParentPackage = CoreUninitialized in {
296
297	def UndefinedArraySubscriptChecker : Checker<"ArraySubscript">,
298	HelpText<"Check for uninitialized values used as array subscripts">,
299	Documentation<HasDocumentation>;
300
301	def UndefinedAssignmentChecker : Checker<"Assign">,
302	HelpText<"Check for assigning uninitialized values">,
303	Documentation<HasDocumentation>;
304
305	def UndefBranchChecker : Checker<"Branch">,
306	HelpText<"Check for uninitialized values used as branch conditions">,
307	Documentation<HasDocumentation>;
308
309	def UndefCapturedBlockVarChecker : Checker<"CapturedBlockVariable">,
310	HelpText<"Check for blocks that capture uninitialized values">,
311	Documentation<NotDocumented>;
312
313	def ReturnUndefChecker : Checker<"UndefReturn">,
314	HelpText<"Check for uninitialized values being returned to the caller">,
315	Documentation<HasDocumentation>;
316
317	} // end "core.uninitialized"
318
319	//===----------------------------------------------------------------------===//
320	// Unix API checkers.
321	//===----------------------------------------------------------------------===//
322
323	let ParentPackage = CString in {
324
325	def CStringModeling : Checker<"CStringModeling">,
326	HelpText<"The base of several CString related checkers. On it's own it emits "
327	"no reports, but adds valuable information to the analysis when "
328	"enabled.">,
329	Documentation<NotDocumented>;
330
331	def CStringNullArg : Checker<"NullArg">,
332	HelpText<"Check for null pointers being passed as arguments to C string "
333	"functions">,
334	Dependencies<[CStringModeling]>,
335	Documentation<HasDocumentation>;
336
337	def CStringSyntaxChecker : Checker<"BadSizeArg">,
338	HelpText<"Check the size argument passed into C string functions for common "
339	"erroneous patterns">,
340	Dependencies<[CStringModeling]>,
341	Documentation<HasDocumentation>;
342
343	} // end "unix.cstring"
344
345	let ParentPackage = CStringAlpha in {
346
347	def CStringOutOfBounds : Checker<"OutOfBounds">,
348	HelpText<"Check for out-of-bounds access in string functions">,
349	Dependencies<[CStringModeling]>,
350	Documentation<HasAlphaDocumentation>;
351
352	def CStringBufferOverlap : Checker<"BufferOverlap">,
353	HelpText<"Checks for overlap in two buffer arguments">,
354	Dependencies<[CStringModeling]>,
355	Documentation<HasAlphaDocumentation>;
356
357	def CStringNotNullTerm : Checker<"NotNullTerminated">,
358	HelpText<"Check for arguments which are not null-terminating strings">,
359	Dependencies<[CStringModeling]>,
360	Documentation<HasAlphaDocumentation>;
361
362	} // end "alpha.unix.cstring"
363
364	let ParentPackage = Unix in {
365
366	def UnixAPIMisuseChecker : Checker<"API">,
367	HelpText<"Check calls to various UNIX/Posix functions">,
368	Documentation<HasDocumentation>;
369
370	def DynamicMemoryModeling: Checker<"DynamicMemoryModeling">,
371	HelpText<"The base of several malloc() related checkers. On it's own it "
372	"emits no reports, but adds valuable information to the analysis "
373	"when enabled.">,
374	Dependencies<[CStringModeling]>,
375	Documentation<NotDocumented>;
376
377	def MallocChecker: Checker<"Malloc">,
378	HelpText<"Check for memory leaks, double free, and use-after-free problems. "
379	"Traces memory managed by malloc()/free().">,
380	Dependencies<[DynamicMemoryModeling]>,
381	Documentation<HasDocumentation>;
382
383	def MallocSizeofChecker : Checker<"MallocSizeof">,
384	HelpText<"Check for dubious malloc arguments involving sizeof">,
385	Documentation<HasDocumentation>;
386
387	def MismatchedDeallocatorChecker : Checker<"MismatchedDeallocator">,
388	HelpText<"Check for mismatched deallocators.">,
389	Dependencies<[DynamicMemoryModeling]>,
390	Documentation<HasDocumentation>;
391
392	def VforkChecker : Checker<"Vfork">,
393	HelpText<"Check for proper usage of vfork">,
394	Documentation<HasDocumentation>;
395
396	} // end "unix"
397
398	let ParentPackage = UnixAlpha in {
399
400	def ChrootChecker : Checker<"Chroot">,
401	HelpText<"Check improper use of chroot">,
402	Documentation<HasAlphaDocumentation>;
403
404	def PthreadLockChecker : Checker<"PthreadLock">,
405	HelpText<"Simple lock -> unlock checker">,
406	Documentation<HasAlphaDocumentation>;
407
408	def StreamChecker : Checker<"Stream">,
409	HelpText<"Check stream handling functions">,
410	Documentation<HasAlphaDocumentation>;
411
412	def SimpleStreamChecker : Checker<"SimpleStream">,
413	HelpText<"Check for misuses of stream APIs">,
414	Documentation<HasAlphaDocumentation>;
415
416	def BlockInCriticalSectionChecker : Checker<"BlockInCriticalSection">,
417	HelpText<"Check for calls to blocking functions inside a critical section">,
418	Documentation<HasAlphaDocumentation>;
419
420	} // end "alpha.unix"
421
422	//===----------------------------------------------------------------------===//
423	// C++ checkers.
424	//===----------------------------------------------------------------------===//
425
426	let ParentPackage = Cplusplus in {
427
428	def InnerPointerChecker : Checker<"InnerPointer">,
429	HelpText<"Check for inner pointers of C++ containers used after "
430	"re/deallocation">,
431	Dependencies<[DynamicMemoryModeling]>,
432	Documentation<NotDocumented>;
433
434	def NewDeleteChecker : Checker<"NewDelete">,
435	HelpText<"Check for double-free and use-after-free problems. Traces memory "
436	"managed by new/delete.">,
437	Dependencies<[DynamicMemoryModeling]>,
438	Documentation<HasDocumentation>;
439
440	def NewDeleteLeaksChecker : Checker<"NewDeleteLeaks">,
441	HelpText<"Check for memory leaks. Traces memory managed by new/delete.">,
442	Dependencies<[NewDeleteChecker]>,
443	Documentation<HasDocumentation>;
444
445	def CXXSelfAssignmentChecker : Checker<"SelfAssignment">,
446	HelpText<"Checks C++ copy and move assignment operators for self assignment">,
447	Documentation<NotDocumented>;
448
449	def MoveChecker: Checker<"Move">,
450	HelpText<"Find use-after-move bugs in C++">,
451	Documentation<HasDocumentation>;
452
453	} // end: "cplusplus"
454
455	let ParentPackage = CplusplusOptIn in {
456
457	def VirtualCallChecker : Checker<"VirtualCall">,
458	HelpText<"Check virtual function calls during construction or destruction">,
459	Documentation<HasDocumentation>;
460
461	} // end: "optin.cplusplus"
462
463	let ParentPackage = CplusplusAlpha in {
464
465	def DeleteWithNonVirtualDtorChecker : Checker<"DeleteWithNonVirtualDtor">,
466	HelpText<"Reports destructions of polymorphic objects with a non-virtual "
467	"destructor in their base class">,
468	Documentation<HasAlphaDocumentation>;
469
470	def EnumCastOutOfRangeChecker : Checker<"EnumCastOutOfRange">,
471	HelpText<"Check integer to enumeration casts for out of range values">,
472	Documentation<HasAlphaDocumentation>;
473
474	def IteratorModeling : Checker<"IteratorModeling">,
475	HelpText<"Models iterators of C++ containers">,
476	Documentation<NotDocumented>;
477
478	def InvalidatedIteratorChecker : Checker<"InvalidatedIterator">,
479	HelpText<"Check for use of invalidated iterators">,
480	Dependencies<[IteratorModeling]>,
481	Documentation<HasAlphaDocumentation>;
482
483	def IteratorRangeChecker : Checker<"IteratorRange">,
484	HelpText<"Check for iterators used outside their valid ranges">,
485	Dependencies<[IteratorModeling]>,
486	Documentation<HasAlphaDocumentation>;
487
488	def MismatchedIteratorChecker : Checker<"MismatchedIterator">,
489	HelpText<"Check for use of iterators of different containers where iterators "
490	"of the same container are expected">,
491	Dependencies<[IteratorModeling]>,
492	Documentation<HasAlphaDocumentation>;
493
494	def UninitializedObjectChecker: Checker<"UninitializedObject">,
495	HelpText<"Reports uninitialized fields after object construction">,
496	Documentation<HasAlphaDocumentation>;
497
498	} // end: "alpha.cplusplus"
499
500
501	//===----------------------------------------------------------------------===//
502	// Valist checkers.
503	//===----------------------------------------------------------------------===//
504
505	let ParentPackage = Valist in {
506
507	def ValistBase : Checker<"ValistBase">,
508	HelpText<"Gathers information about va_lists.">,
509	Documentation<NotDocumented>;
510
511	def UninitializedChecker : Checker<"Uninitialized">,
512	HelpText<"Check for usages of uninitialized (or already released) va_lists.">,
513	Dependencies<[ValistBase]>,
514	Documentation<NotDocumented>;
515
516	def UnterminatedChecker : Checker<"Unterminated">,
517	HelpText<"Check for va_lists which are not released by a va_end call.">,
518	Dependencies<[ValistBase]>,
519	Documentation<NotDocumented>;
520
521	def CopyToSelfChecker : Checker<"CopyToSelf">,
522	HelpText<"Check for va_lists which are copied onto itself.">,
523	Dependencies<[ValistBase]>,
524	Documentation<NotDocumented>;
525
526	} // end : "valist"
527
528	//===----------------------------------------------------------------------===//
529	// Deadcode checkers.
530	//===----------------------------------------------------------------------===//
531
532	let ParentPackage = DeadCode in {
533
534	def DeadStoresChecker : Checker<"DeadStores">,
535	HelpText<"Check for values stored to variables that are never read "
536	"afterwards">,
537	Documentation<HasDocumentation>;
538
539	} // end DeadCode
540
541	let ParentPackage = DeadCodeAlpha in {
542
543	def UnreachableCodeChecker : Checker<"UnreachableCode">,
544	HelpText<"Check unreachable code">,
545	Documentation<HasAlphaDocumentation>;
546
547	} // end "alpha.deadcode"
548
549	//===----------------------------------------------------------------------===//
550	// Performance checkers.
551	//===----------------------------------------------------------------------===//
552
553	let ParentPackage = Performance in {
554
555	def PaddingChecker : Checker<"Padding">,
556	HelpText<"Check for excessively padded structs.">,
557	Documentation<NotDocumented>;
558
559	} // end: "padding"
560
561	//===----------------------------------------------------------------------===//
562	// Security checkers.
563	//===----------------------------------------------------------------------===//
564
565	let ParentPackage = InsecureAPI in {
566
567	def SecuritySyntaxChecker : Checker<"SecuritySyntaxChecker">,
568	HelpText<"Base of various security function related checkers">,
569	Documentation<NotDocumented>;
570
571	def bcmp : Checker<"bcmp">,
572	HelpText<"Warn on uses of the 'bcmp' function">,
573	Dependencies<[SecuritySyntaxChecker]>,
574	Documentation<HasDocumentation>;
575
576	def bcopy : Checker<"bcopy">,
577	HelpText<"Warn on uses of the 'bcopy' function">,
578	Dependencies<[SecuritySyntaxChecker]>,
579	Documentation<HasDocumentation>;
580
581	def bzero : Checker<"bzero">,
582	HelpText<"Warn on uses of the 'bzero' function">,
583	Dependencies<[SecuritySyntaxChecker]>,
584	Documentation<HasDocumentation>;
585
586	def gets : Checker<"gets">,
587	HelpText<"Warn on uses of the 'gets' function">,
588	Dependencies<[SecuritySyntaxChecker]>,
589	Documentation<HasDocumentation>;
590
591	def getpw : Checker<"getpw">,
592	HelpText<"Warn on uses of the 'getpw' function">,
593	Dependencies<[SecuritySyntaxChecker]>,
594	Documentation<HasDocumentation>;
595
596	def mktemp : Checker<"mktemp">,
597	HelpText<"Warn on uses of the 'mktemp' function">,
598	Dependencies<[SecuritySyntaxChecker]>,
599	Documentation<HasDocumentation>;
600
601	def mkstemp : Checker<"mkstemp">,
602	HelpText<"Warn when 'mkstemp' is passed fewer than 6 X's in the format "
603	"string">,
604	Dependencies<[SecuritySyntaxChecker]>,
605	Documentation<HasDocumentation>;
606
607	def rand : Checker<"rand">,
608	HelpText<"Warn on uses of the 'rand', 'random', and related functions">,
609	Dependencies<[SecuritySyntaxChecker]>,
610	Documentation<HasDocumentation>;
611
612	def strcpy : Checker<"strcpy">,
613	HelpText<"Warn on uses of the 'strcpy' and 'strcat' functions">,
614	Dependencies<[SecuritySyntaxChecker]>,
615	Documentation<HasDocumentation>;
616
617	def vfork : Checker<"vfork">,
618	HelpText<"Warn on uses of the 'vfork' function">,
619	Dependencies<[SecuritySyntaxChecker]>,
620	Documentation<HasDocumentation>;
621
622	def UncheckedReturn : Checker<"UncheckedReturn">,
623	HelpText<"Warn on uses of functions whose return values must be always "
624	"checked">,
625	Dependencies<[SecuritySyntaxChecker]>,
626	Documentation<HasDocumentation>;
627
628	def DeprecatedOrUnsafeBufferHandling :
629	Checker<"DeprecatedOrUnsafeBufferHandling">,
630	HelpText<"Warn on uses of unsecure or deprecated buffer manipulating "
631	"functions">,
632	Dependencies<[SecuritySyntaxChecker]>,
633	Documentation<HasDocumentation>;
634
635	} // end "security.insecureAPI"
636
637	let ParentPackage = Security in {
638
639	def FloatLoopCounter : Checker<"FloatLoopCounter">,
640	HelpText<"Warn on using a floating point value as a loop counter (CERT: "
641	"FLP30-C, FLP30-CPP)">,
642	Dependencies<[SecuritySyntaxChecker]>,
643	Documentation<HasDocumentation>;
644
645	} // end "security"
646
647	let ParentPackage = SecurityAlpha in {
648
649	def ArrayBoundChecker : Checker<"ArrayBound">,
650	HelpText<"Warn about buffer overflows (older checker)">,
651	Documentation<HasAlphaDocumentation>;
652
653	def ArrayBoundCheckerV2 : Checker<"ArrayBoundV2">,
654	HelpText<"Warn about buffer overflows (newer checker)">,
655	Documentation<HasAlphaDocumentation>;
656
657	def ReturnPointerRangeChecker : Checker<"ReturnPtrRange">,
658	HelpText<"Check for an out-of-bound pointer being returned to callers">,
659	Documentation<HasAlphaDocumentation>;
660
661	def MallocOverflowSecurityChecker : Checker<"MallocOverflow">,
662	HelpText<"Check for overflows in the arguments to malloc()">,
663	Documentation<HasAlphaDocumentation>;
664
665	// Operating systems specific PROT_READ/PROT_WRITE values is not implemented,
666	// the defaults are correct for several common operating systems though,
667	// but may need to be overridden via the related analyzer-config flags.
668	def MmapWriteExecChecker : Checker<"MmapWriteExec">,
669	HelpText<"Warn on mmap() calls that are both writable and executable">,
670	Documentation<HasAlphaDocumentation>;
671
672	} // end "alpha.security"
673
674	//===----------------------------------------------------------------------===//
675	// Taint checkers.
676	//===----------------------------------------------------------------------===//
677
678	let ParentPackage = Taint in {
679
680	def GenericTaintChecker : Checker<"TaintPropagation">,
681	HelpText<"Generate taint information used by other checkers">,
682	Documentation<HasAlphaDocumentation>;
683
684	} // end "alpha.security.taint"
685
686	//===----------------------------------------------------------------------===//
687	// Mac OS X, Cocoa, and Core Foundation checkers.
688	//===----------------------------------------------------------------------===//
689
690	let ParentPackage = Cocoa in {
691
692	def RetainCountBase : Checker<"RetainCountBase">,
693	HelpText<"Common base of various retain count related checkers">,
694	Documentation<NotDocumented>;
695
696	} // end "osx.cocoa"
697
698	let ParentPackage = OSX in {
699
700	def NSOrCFErrorDerefChecker : Checker<"NSOrCFErrorDerefChecker">,
701	HelpText<"Implementation checker for NSErrorChecker and CFErrorChecker">,
702	Documentation<NotDocumented>;
703
704	def NumberObjectConversionChecker : Checker<"NumberObjectConversion">,
705	HelpText<"Check for erroneous conversions of objects representing numbers "
706	"into numbers">,
707	Documentation<NotDocumented>;
708
709	def MacOSXAPIChecker : Checker<"API">,
710	HelpText<"Check for proper uses of various Apple APIs">,
711	Documentation<HasDocumentation>;
712
713	def MacOSKeychainAPIChecker : Checker<"SecKeychainAPI">,
714	HelpText<"Check for proper uses of Secure Keychain APIs">,
715	Documentation<HasDocumentation>;
716
717	def MIGChecker : Checker<"MIG">,
718	HelpText<"Find violations of the Mach Interface Generator "
719	"calling convention">,
720	Documentation<NotDocumented>;
721
722	def ObjCPropertyChecker : Checker<"ObjCProperty">,
723	HelpText<"Check for proper uses of Objective-C properties">,
724	Documentation<NotDocumented>;
725
726	def OSObjectRetainCountChecker : Checker<"OSObjectRetainCount">,
727	HelpText<"Check for leaks and improper reference count management for "
728	"OSObject">,
729	Dependencies<[RetainCountBase]>,
730	Documentation<NotDocumented>;
731
732	} // end "osx"
733
734	let ParentPackage = Cocoa in {
735
736	def RunLoopAutoreleaseLeakChecker : Checker<"RunLoopAutoreleaseLeak">,
737	HelpText<"Check for leaked memory in autorelease pools that will never be "
738	"drained">,
739	Documentation<NotDocumented>;
740
741	def ObjCAtSyncChecker : Checker<"AtSync">,
742	HelpText<"Check for nil pointers used as mutexes for @synchronized">,
743	Documentation<HasDocumentation>;
744
745	def NilArgChecker : Checker<"NilArg">,
746	HelpText<"Check for prohibited nil arguments to ObjC method calls">,
747	Documentation<HasDocumentation>;
748
749	def ClassReleaseChecker : Checker<"ClassRelease">,
750	HelpText<"Check for sending 'retain', 'release', or 'autorelease' directly "
751	"to a Class">,
752	Documentation<HasDocumentation>;
753
754	def VariadicMethodTypeChecker : Checker<"VariadicMethodTypes">,
755	HelpText<"Check for passing non-Objective-C types to variadic collection "
756	"initialization methods that expect only Objective-C types">,
757	Documentation<HasDocumentation>;
758
759	def NSAutoreleasePoolChecker : Checker<"NSAutoreleasePool">,
760	HelpText<"Warn for suboptimal uses of NSAutoreleasePool in Objective-C GC "
761	"mode">,
762	Documentation<HasDocumentation>;
763
764	def ObjCMethSigsChecker : Checker<"IncompatibleMethodTypes">,
765	HelpText<"Warn about Objective-C method signatures with type "
766	"incompatibilities">,
767	Documentation<HasDocumentation>;
768
769	def ObjCUnusedIvarsChecker : Checker<"UnusedIvars">,
770	HelpText<"Warn about private ivars that are never used">,
771	Documentation<HasDocumentation>;
772
773	def ObjCSelfInitChecker : Checker<"SelfInit">,
774	HelpText<"Check that 'self' is properly initialized inside an initializer "
775	"method">,
776	Documentation<HasDocumentation>;
777
778	def ObjCLoopChecker : Checker<"Loops">,
779	HelpText<"Improved modeling of loops using Cocoa collection types">,
780	Documentation<NotDocumented>;
781
782	def ObjCNonNilReturnValueChecker : Checker<"NonNilReturnValue">,
783	HelpText<"Model the APIs that are guaranteed to return a non-nil value">,
784	Documentation<NotDocumented>;
785
786	def ObjCSuperCallChecker : Checker<"MissingSuperCall">,
787	HelpText<"Warn about Objective-C methods that lack a necessary call to "
788	"super">,
789	Documentation<NotDocumented>;
790
791	def NSErrorChecker : Checker<"NSError">,
792	HelpText<"Check usage of NSError** parameters">,
793	Dependencies<[NSOrCFErrorDerefChecker]>,
794	Documentation<HasDocumentation>;
795
796	def RetainCountChecker : Checker<"RetainCount">,
797	HelpText<"Check for leaks and improper reference count management">,
798	Dependencies<[RetainCountBase]>,
799	Documentation<HasDocumentation>;
800
801	def ObjCGenericsChecker : Checker<"ObjCGenerics">,
802	HelpText<"Check for type errors when using Objective-C generics">,
803	Dependencies<[DynamicTypePropagation]>,
804	Documentation<HasDocumentation>;
805
806	def ObjCDeallocChecker : Checker<"Dealloc">,
807	HelpText<"Warn about Objective-C classes that lack a correct implementation "
808	"of -dealloc">,
809	Documentation<HasDocumentation>;
810
811	def ObjCSuperDeallocChecker : Checker<"SuperDealloc">,
812	HelpText<"Warn about improper use of '[super dealloc]' in Objective-C">,
813	Documentation<HasDocumentation>;
814
815	def AutoreleaseWriteChecker : Checker<"AutoreleaseWrite">,
816	HelpText<"Warn about potentially crashing writes to autoreleasing objects "
817	"from different autoreleasing pools in Objective-C">,
818	Documentation<NotDocumented>;
819
820	} // end "osx.cocoa"
821
822	let ParentPackage = Performance in {
823
824	def GCDAntipattern : Checker<"GCDAntipattern">,
825	HelpText<"Check for performance anti-patterns when using Grand Central "
826	"Dispatch">,
827	Documentation<NotDocumented>;
828	} // end "optin.performance"
829
830	let ParentPackage = OSXOptIn in {
831
832	def OSObjectCStyleCast : Checker<"OSObjectCStyleCast">,
833	HelpText<"Checker for C-style casts of OSObjects">,
834	Documentation<NotDocumented>;
835
836	} // end "optin.osx"
837
838	let ParentPackage = CocoaAlpha in {
839
840	def IvarInvalidationModeling : Checker<"IvarInvalidationModeling">,
841	HelpText<"Gathers information for annotation driven invalidation checking "
842	"for classes that contains a method annotated with "
843	"'objc_instance_variable_invalidator'">,
844	Documentation<NotDocumented>;
845
846	def InstanceVariableInvalidation : Checker<"InstanceVariableInvalidation">,
847	HelpText<"Check that the invalidatable instance variables are invalidated in "
848	"the methods annotated with objc_instance_variable_invalidator">,
849	Dependencies<[IvarInvalidationModeling]>,
850	Documentation<HasAlphaDocumentation>;
851
852	def MissingInvalidationMethod : Checker<"MissingInvalidationMethod">,
853	HelpText<"Check that the invalidation methods are present in classes that "
854	"contain invalidatable instance variables">,
855	Dependencies<[IvarInvalidationModeling]>,
856	Documentation<HasAlphaDocumentation>;
857
858	def DirectIvarAssignment : Checker<"DirectIvarAssignment">,
859	HelpText<"Check for direct assignments to instance variables">,
860	Documentation<HasAlphaDocumentation>;
861
862	def DirectIvarAssignmentForAnnotatedFunctions :
863	Checker<"DirectIvarAssignmentForAnnotatedFunctions">,
864	HelpText<"Check for direct assignments to instance variables in the methods "
865	"annotated with objc_no_direct_instance_variable_assignment">,
866	Dependencies<[DirectIvarAssignment]>,
867	Documentation<HasAlphaDocumentation>;
868
869	} // end "alpha.osx.cocoa"
870
871	let ParentPackage = CoreFoundation in {
872
873	def CFNumberChecker : Checker<"CFNumber">,
874	HelpText<"Check for proper uses of CFNumber APIs">,
875	Documentation<HasDocumentation>;
876
877	def CFRetainReleaseChecker : Checker<"CFRetainRelease">,
878	HelpText<"Check for null arguments to CFRetain/CFRelease/CFMakeCollectable">,
879	Documentation<HasDocumentation>;
880
881	def CFErrorChecker : Checker<"CFError">,
882	HelpText<"Check usage of CFErrorRef* parameters">,
883	Dependencies<[NSOrCFErrorDerefChecker]>,
884	Documentation<HasDocumentation>;
885
886	} // end "osx.coreFoundation"
887
888	let ParentPackage = Containers in {
889
890	def ObjCContainersASTChecker : Checker<"PointerSizedValues">,
891	HelpText<"Warns if 'CFArray', 'CFDictionary', 'CFSet' are created with "
892	"non-pointer-size values">,
893	Documentation<HasDocumentation>;
894
895	def ObjCContainersChecker : Checker<"OutOfBounds">,
896	HelpText<"Checks for index out-of-bounds when using 'CFArray' API">,
897	Documentation<HasDocumentation>;
898
899	} // end "osx.coreFoundation.containers"
900
901	let ParentPackage = LocalizabilityOptIn in {
902
903	def NonLocalizedStringChecker : Checker<"NonLocalizedStringChecker">,
904	HelpText<"Warns about uses of non-localized NSStrings passed to UI methods "
905	"expecting localized NSStrings">,
906	Documentation<HasDocumentation>;
907
908	def EmptyLocalizationContextChecker :
909	Checker<"EmptyLocalizationContextChecker">,
910	HelpText<"Check that NSLocalizedString macros include a comment for context">,
911	Documentation<HasDocumentation>;
912
913	} // end "optin.osx.cocoa.localizability"
914
915	let ParentPackage = LocalizabilityAlpha in {
916
917	def PluralMisuseChecker : Checker<"PluralMisuseChecker">,
918	HelpText<"Warns against using one vs. many plural pattern in code when "
919	"generating localized strings.">,
920	Documentation<HasAlphaDocumentation>;
921
922	} // end "alpha.osx.cocoa.localizability"
923
924	let ParentPackage = MPI in {
925
926	def MPIChecker : Checker<"MPI-Checker">,
927	HelpText<"Checks MPI code">,
928	Documentation<HasDocumentation>;
929
930	} // end "optin.mpi"
931
932	//===----------------------------------------------------------------------===//
933	// Checkers for LLVM development.
934	//===----------------------------------------------------------------------===//
935
936	let ParentPackage = LLVMAlpha in {
937
938	def LLVMConventionsChecker : Checker<"Conventions">,
939	HelpText<"Check code for LLVM codebase conventions">,
940	Documentation<HasAlphaDocumentation>;
941
942	} // end "llvm"
943
944	//===----------------------------------------------------------------------===//
945	// Checkers modeling Google APIs.
946	//===----------------------------------------------------------------------===//
947
948	let ParentPackage = GoogleAPIModeling in {
949
950	def GTestChecker : Checker<"GTest">,
951	HelpText<"Model gtest assertion APIs">,
952	Documentation<NotDocumented>;
953
954	} // end "apiModeling.google"
955
956	//===----------------------------------------------------------------------===//
957	// Debugging checkers (for analyzer development).
958	//===----------------------------------------------------------------------===//
959
960	let ParentPackage = Debug in {
961
962	def AnalysisOrderChecker : Checker<"AnalysisOrder">,
963	HelpText<"Print callbacks that are called during analysis in order">,
964	Documentation<NotDocumented>;
965
966	def DominatorsTreeDumper : Checker<"DumpDominators">,
967	HelpText<"Print the dominance tree for a given CFG">,
968	Documentation<NotDocumented>;
969
970	def LiveVariablesDumper : Checker<"DumpLiveVars">,
971	HelpText<"Print results of live variable analysis">,
972	Documentation<NotDocumented>;
973
974	def LiveStatementsDumper : Checker<"DumpLiveStmts">,
975	HelpText<"Print results of live statement analysis">,
976	Documentation<NotDocumented>;
977
978	def CFGViewer : Checker<"ViewCFG">,
979	HelpText<"View Control-Flow Graphs using GraphViz">,
980	Documentation<NotDocumented>;
981
982	def CFGDumper : Checker<"DumpCFG">,
983	HelpText<"Display Control-Flow Graphs">,
984	Documentation<NotDocumented>;
985
986	def CallGraphViewer : Checker<"ViewCallGraph">,
987	HelpText<"View Call Graph using GraphViz">,
988	Documentation<NotDocumented>;
989
990	def CallGraphDumper : Checker<"DumpCallGraph">,
991	HelpText<"Display Call Graph">,
992	Documentation<NotDocumented>;
993
994	def ConfigDumper : Checker<"ConfigDumper">,
995	HelpText<"Dump config table">,
996	Documentation<NotDocumented>;
997
998	def TraversalDumper : Checker<"DumpTraversal">,
999	HelpText<"Print branch conditions as they are traversed by the engine">,
1000	Documentation<NotDocumented>;
1001
1002	def CallDumper : Checker<"DumpCalls">,
1003	HelpText<"Print calls as they are traversed by the engine">,
1004	Documentation<NotDocumented>;
1005
1006	def AnalyzerStatsChecker : Checker<"Stats">,
1007	HelpText<"Emit warnings with analyzer statistics">,
1008	Documentation<NotDocumented>;
1009
1010	def TaintTesterChecker : Checker<"TaintTest">,
1011	HelpText<"Mark tainted symbols as such.">,
1012	Documentation<NotDocumented>;
1013
1014	def ExprInspectionChecker : Checker<"ExprInspection">,
1015	HelpText<"Check the analyzer's understanding of expressions">,
1016	Documentation<NotDocumented>;
1017
1018	def ExplodedGraphViewer : Checker<"ViewExplodedGraph">,
1019	HelpText<"View Exploded Graphs using GraphViz">,
1020	Documentation<NotDocumented>;
1021
1022	def ReportStmts : Checker<"ReportStmts">,
1023	HelpText<"Emits a warning for every statement.">,
1024	Documentation<NotDocumented>;
1025
1026	} // end "debug"
1027
1028
1029	//===----------------------------------------------------------------------===//
1030	// Clone Detection
1031	//===----------------------------------------------------------------------===//
1032
1033	let ParentPackage = CloneDetectionAlpha in {
1034
1035	def CloneChecker : Checker<"CloneChecker">,
1036	HelpText<"Reports similar pieces of code.">,
1037	Documentation<HasAlphaDocumentation>;
1038
1039	} // end "clone"
1040
1041	//===----------------------------------------------------------------------===//
1042	// Portability checkers.
1043	//===----------------------------------------------------------------------===//
1044
1045	let ParentPackage = PortabilityOptIn in {
1046
1047	def UnixAPIPortabilityChecker : Checker<"UnixAPI">,
1048	HelpText<"Finds implementation-defined behavior in UNIX/Posix functions">,
1049	Documentation<NotDocumented>;
1050
1051	} // end optin.portability
1052
1053	//===----------------------------------------------------------------------===//
1054	// NonDeterminism checkers.
1055	//===----------------------------------------------------------------------===//
1056
1057	let ParentPackage = NonDeterminismAlpha in {
1058
1059	def PointerSortingChecker : Checker<"PointerSorting">,
1060	HelpText<"Check for non-determinism caused by sorting of pointers">,
1061	Documentation<HasDocumentation>;
1062
1063	} // end alpha.nondeterminism
1064

Clang Project