| blob | 11ef7d405dd4c817da6671c5df9a36d5be44085c |
3 <html>
4 <head>
12 </style>
13 </head>
17 <!--#include virtual="menu.html.incl"-->
22 Default Checkers</a>. These are checkers with known issues or limitations that
23 keep them from being on by default. They are likely to have false positives.
24 Bug reports are welcome but will likely not be investigated for some time.
25 Patches welcome!
26 <ul>
37 </ul>
39 <!-- ============================= clone alpha ============================= -->
46 <tbody>
50 Reports similar pieces of code.</div></div></a></td>
53 void log();
55 int max(int a, int b) { // warn
56 log();
57 if (a > b)
58 return a;
59 return b;
60 }
62 int maxClone(int x, int y) { // similar code here
63 log();
64 if (x > y)
65 return x;
66 return y;
67 }
68 </pre></div></div></td></tr>
69 </tbody></table>
71 <!-- ============================= core alpha ============================= -->
77 <tbody>
84 void test() {
85 BOOL b = -1; // warn
86 }
87 </pre></div></div></td></tr>
90 <tr><td><a id="alpha.core.CallAndMessageUnInitRefArg"><div class="namedescr expandable"><span class="name">
93 Check for uninitialized arguments in function calls and Objective-C
94 message expressions.</div></div></a></td>
97 void test(void) {
98 int t;
99 int &p = t;
100 int &s = p;
101 int &q = s;
102 foo(q); // warn
103 }
106 void test(void) {
107 int x;
108 foo(&x); // warn
109 }
110 </pre></div></div></td></tr>
116 Check when casting a malloc'ed type T, whether the size is a multiple of the
119 checks enabled).</div></div></a></td>
122 void test() {
123 int *x = (int *)malloc(11); // warn
124 }
125 </pre></div></div></td></tr>
131 Check for cast from non-struct pointer to struct pointer.</div></div></a></td>
134 // C
135 struct s {};
137 void test(int *p) {
138 struct s *ps = (struct s *) p; // warn
139 }
142 // C++
143 class c {};
145 void test(int *p) {
146 c *pc = (c *) p; // warn
147 }
148 </pre></div></div></td></tr>
154 Loss of sign or precision in implicit conversions</div></div></a></td>
157 void test(unsigned U, signed S) {
159 if (U < S) {
160 }
161 }
162 if (S < -10) {
163 if (U < S) { // warn (loss of sign)
164 }
165 }
166 }
169 void test() {
171 short X = A; // warn (loss of precision)
172 }
173 </pre></div></div></td></tr>
176 <tr><td><a id="alpha.core.DynamicTypeChecker"><div class="namedescr expandable"><span class="name">
179 Check for cases where the dynamic and the static type of an
180 object are unrelated.</div></div></a></td>
183 id date = [NSDate date];
185 // Warning: Object has a dynamic type 'NSDate *' which is
186 // incompatible with static type 'NSNumber *'"
187 NSNumber *number = date;
188 [number doubleValue];
189 </pre></div></div></td></tr>
195 Check for assignment of a fixed address to a pointer.</div></div></a></td>
198 void test() {
199 int *p;
200 p = (int *) 0x10000; // warn
201 }
202 </pre></div></div></td></tr>
208 Warn about suspicious uses of identical expressions.</div></div></a></td>
211 // C
212 void test() {
213 int a = 5;
214 int b = a | 4 | a; // warn: identical expr on both sides
215 }
218 // C++
219 bool f(void);
221 void test(bool b) {
222 int i = 10;
223 if (f()) { // warn: true and false branches are identical
224 do {
225 i--;
226 } while (f());
227 } else {
228 do {
229 i--;
230 } while (f());
231 }
232 }
233 </pre></div></div></td></tr>
239 Check for pointer arithmetic on locations other than array
240 elements.</div></div></a></td>
243 void test() {
244 int x;
245 int *p;
246 p = &x + 1; // warn
247 }
248 </pre></div></div></td></tr>
254 Check for pointer subtractions on two pointers pointing to different memory
255 chunks.</div></div></a></td>
258 void test() {
259 int x, y;
260 int d = &y - &x; // warn
261 }
262 </pre></div></div></td></tr>
268 Warn about unintended use of <code>sizeof()</code> on pointer
269 expressions.</div></div></a></td>
272 struct s {};
274 int test(struct s *p) {
275 return sizeof(p);
276 // warn: sizeof(ptr) can produce an unexpected result
277 }
278 </pre></div></div></td></tr>
281 <tr><td><a id="alpha.core.StackAddressAsyncEscape"><div class="namedescr expandable"><span class="name">
284 Check that addresses to stack memory do not escape the function that involves
285 <code>dispatch_after</code> or <code>dispatch_async</code>. This checker is
286 a part of core.StackAddressEscape, but is
287 <a href=https://reviews.llvm.org/D41042>temporarily disabled</a> until some
288 false positives are fixed.</div></div></a></td>
291 dispatch_block_t test_block_inside_block_async_leak() {
292 int x = 123;
293 void (^inner)(void) = ^void(void) {
294 int y = x;
295 ++y;
296 };
297 void (^outer)(void) = ^void(void) {
298 int z = x;
299 ++z;
300 inner();
301 };
302 return outer; // warn: address of stack-allocated block is captured by a
303 // returned block
304 }
305 </pre></div></div></td></tr>
308 <tr><td><a id="alpha.core.TestAfterDivZero"><div class="namedescr expandable"><span class="name">
311 Check for division by variable that is later compared against 0.
312 Either the comparison is useless or there is division by zero.
313 </div></div></a></td>
316 void test(int x) {
317 var = 77 / x;
318 if (x == 0) { } // warn
319 }
320 </pre></div></div></td></tr>
323 </tbody></table>
325 <!-- =========================== cplusplus alpha =========================== -->
329 <thead><tr><td>Name, Description</td><td>Example</td></tr></thead>
330 <tbody>
333 <tr><td><a id="alpha.cplusplus.ArrayDelete"><div class="namedescr expandable"><span class="name">
336 Reports destructions of arrays of polymorphic objects that are destructed as
337 their base class
338 </div></div></a></td>
341 Base *create() {
342 Base *x = new Derived[10]; // note: Casting from 'Derived' to 'Base' here
343 return x;
344 }
346 void sink(Base *x) {
347 delete[] x; // warn: Deleting an array of 'Derived' objects as their base class 'Base' undefined
348 }
350 </pre></div></div></td></tr>
353 <tr><td><a id="alpha.cplusplus.DeleteWithNonVirtualDtor"><div class="namedescr expandable"><span class="name">
356 Reports destructions of polymorphic objects with a non-virtual destructor in
357 their base class
358 </div></div></a></td>
361 NonVirtual *create() {
362 NonVirtual *x = new NVDerived(); // note: Casting from 'NVDerived' to
363 // 'NonVirtual' here
364 return x;
365 }
367 void sink(NonVirtual *x) {
368 delete x; // warn: destruction of a polymorphic object with no virtual
369 // destructor
370 }
371 </pre></div></div></td></tr>
373 <tr><td><a id="alpha.cplusplus.InvalidatedIterator"><div class="namedescr expandable"><span class="name">
376 Check for use of invalidated iterators.
377 </div></div></a></td>
380 void bad_copy_assign_operator_list1(std::list<int> &L1,
381 const std::list<int> &L2) {
382 auto i0 = L1.cbegin();
383 L1 = L2;
384 *i0; // warn: invalidated iterator accessed
385 }
386 </pre></div></div></td></tr>
389 <tr><td><a id="alpha.cplusplus.IteratorRange"><div class="namedescr expandable"><span class="name">
392 Check for iterators used outside their valid ranges.
393 </div></div></a></td>
396 void simple_bad_end(const std::vector<int> &v) {
397 auto i = v.end();
398 *i; // warn: iterator accessed outside of its range
399 }
400 </pre></div></div></td></tr>
403 <tr><td><a id="alpha.cplusplus.MismatchedIterator"><div class="namedescr expandable"><span class="name">
406 Check for use of iterators of different containers where iterators of the same
407 container are expected.
408 </div></div></a></td>
411 void bad_insert3(std::vector<int> &v1, std::vector<int> &v2) {
412 v2.insert(v1.cbegin(), v2.cbegin(), v2.cend()); // warn: container accessed
413 // using foreign
414 // iterator argument
415 v1.insert(v1.cbegin(), v1.cbegin(), v2.cend()); // warn: iterators of
416 // different containers
417 // used where the same
418 // container is
419 // expected
420 v1.insert(v1.cbegin(), v2.cbegin(), v1.cend()); // warn: iterators of
421 // different containers
422 // used where the same
423 // container is
424 // expected
425 }
426 </pre></div></div></td></tr>
432 Method calls on a moved-from object and copying a moved-from object will be
433 reported.
434 </div></div></a></td>
437 struct A {
438 void foo() {}
439 };
441 void f() {
442 A a;
443 A b = std::move(a); // note: 'a' became 'moved-from' here
444 a.foo(); // warn: method call on a 'moved-from' object 'a'
445 }
446 </pre></div></div></td></tr>
449 </tbody></table>
452 <!-- =========================== dead code alpha =========================== -->
456 <thead><tr><td>Name, Description</td><td>Example</td></tr></thead>
458 <tbody>
459 <tr><td><a id="alpha.deadcode.UnreachableCode"><div class="namedescr expandable"><span class="name">
462 Check unreachable code.</div></div></a></td>
465 // C
466 int test() {
467 int x = 1;
468 while(x);
469 return x; // warn
470 }
473 // C++
474 void test() {
475 int a = 2;
477 while (a > 1)
478 a--;
480 if (a > 1)
481 a++; // warn
482 }
485 // Objective-C
486 void test(id x) {
487 return;
488 [x retain]; // warn
489 }
490 </pre></div></div></td></tr>
491 </tbody></table>
493 <!-- =========================== llvm alpha =========================== -->
497 <thead><tr><td>Name, Description</td><td>Example</td></tr></thead>
499 <tbody>
503 Check code for LLVM codebase conventions:
504 <ul>
505 <li>A <code>StringRef</code> should not be bound to a temporary std::string
506 whose lifetime is shorter than the <code>StringRef</code>'s.</li>
507 <li>Clang AST nodes should not have fields that can allocate memory.</li>
508 </ul>
509 </div></div></a></td>
512 <!-- TODO: Add examples, as currently it's hard to get this checker working. -->
513 </pre></div></div></td></tr>
515 </tbody></table>
518 <!-- ============================== OS X alpha ============================== -->
522 <thead><tr><td>Name, Description</td><td>Example</td></tr></thead>
524 <tbody>
525 <tr><td><a id="alpha.osx.cocoa.DirectIvarAssignment"><div class="namedescr expandable"><span class="name">
528 Check that Objective C properties follow the following rule: the property
529 should be set with the setter, not though a direct assignment.</div></div></a></td>
532 @interface MyClass : NSObject {}
533 @property (readonly) id A;
534 - (void) foo;
535 @end
537 @implementation MyClass
538 - (void) foo {
539 _A = 0; // warn
540 }
541 @end
542 </pre></div></div></td></tr>
545 <tr><td><a id="alpha.osx.cocoa.DirectIvarAssignmentForAnnotatedFunctions"><div class="namedescr expandable"><span class="name">
548 Check for direct assignments to instance variables in the methods annotated
549 with <code>objc_no_direct_instance_variable_assignment</code>.</div></div></a></td>
552 @interface MyClass : NSObject {}
553 @property (readonly) id A;
554 - (void) fAnnotated __attribute__((
556 - (void) fNotAnnotated;
557 @end
559 @implementation MyClass
560 - (void) fAnnotated {
561 _A = 0; // warn
562 }
563 - (void) fNotAnnotated {
564 _A = 0; // no warn
565 }
566 @end
567 </pre></div></div></td></tr>
570 <tr><td><a id="alpha.osx.cocoa.InstanceVariableInvalidation"><div class="namedescr expandable"><span class="name">
573 Check that the invalidatable instance variables are invalidated in the methods
574 annotated with <code>objc_instance_variable_invalidator</code>.</div></div></a></td>
577 @protocol Invalidation <NSObject>
578 - (void) invalidate
580 @end
582 @interface InvalidationImpObj : NSObject <Invalidation>
583 @end
585 @interface SubclassInvalidationImpObj : InvalidationImpObj {
586 InvalidationImpObj *var;
587 }
588 - (void)invalidate;
589 @end
591 @implementation SubclassInvalidationImpObj
592 - (void) invalidate {}
593 @end
594 // warn: var needs to be invalidated or set to nil
595 </pre></div></div></td></tr>
598 <tr><td><a id="alpha.osx.cocoa.MissingInvalidationMethod"><div class="namedescr expandable"><span class="name">
601 Check that the invalidation methods are present in classes that contain
602 invalidatable instance variables.</div></div></a></td>
605 @protocol Invalidation <NSObject>
606 - (void)invalidate
608 @end
610 @interface NeedInvalidation : NSObject <Invalidation>
611 @end
613 @interface MissingInvalidationMethodDecl : NSObject {
614 NeedInvalidation *Var; // warn
615 }
616 @end
618 @implementation MissingInvalidationMethodDecl
619 @end
620 </pre></div></div></td></tr>
623 <tr><td><a id="alpha.osx.cocoa.localizability.PluralMisuseChecker"><div class="namedescr expandable"><span class="name">
626 Warns against using one vs. many plural pattern in code
627 when generating localized strings.
628 </div></div></a></td>
631 NSString *reminderText =
633 if (reminderCount == 1) {
634 // Warning: Plural cases are not supported across all languages.
635 // Use a .stringsdict file instead
636 reminderText =
638 } else if (reminderCount >= 2) {
639 // Warning: Plural cases are not supported across all languages.
640 // Use a .stringsdict file instead
641 reminderText =
642 [NSString stringWithFormat:
644 reminderCount];
645 }
646 </pre></div></div></td></tr>
648 </tbody></table>
650 <!-- =========================== security alpha =========================== -->
654 <thead><tr><td>Name, Description</td><td>Example</td></tr></thead>
656 <tbody>
660 Warn about buffer overflows (older checker).</div></div></a></td>
663 void test() {
665 char c = s[1]; // warn
666 }
669 struct seven_words {
670 int c[7];
671 };
673 void test() {
674 struct seven_words a, *p;
675 p = &a;
676 p[0] = a;
677 p[1] = a;
678 p[2] = a; // warn
679 }
682 // note: requires unix.Malloc or
683 // alpha.unix.MallocWithAnnotations checks enabled.
684 void test() {
685 int *p = malloc(12);
686 p[3] = 4; // warn
687 }
690 void test() {
691 char a[2];
692 int *b = (int*)a;
693 b[1] = 3; // warn
694 }
695 </pre></div></div></td></tr>
698 <tr><td><a id="alpha.security.ArrayBoundV2"><div class="namedescr expandable"><span class="name">
701 Warn about buffer overflows (newer checker).</div></div></a></td>
704 void test() {
706 char c = s[1]; // warn
707 }
710 void test() {
711 int buf[100];
712 int *p = buf;
713 p = p + 99;
714 p[1] = 1; // warn
715 }
718 // note: compiler has internal check for this.
719 // Use -Wno-array-bounds to suppress compiler warning.
720 void test() {
721 int buf[100][100];
722 buf[0][-1] = 1; // warn
723 }
726 // note: requires alpha.security.taint check turned on.
727 void test() {
729 int x = getchar();
730 char c = s[x]; // warn: index is tainted
731 }
732 </pre></div></div></td></tr>
735 <tr><td><a id="alpha.security.MallocOverflow"><div class="namedescr expandable"><span class="name">
738 Check for overflows in the arguments to <code>malloc()</code>.</div></div></a></td>
741 void test(int n) {
742 void *p = malloc(n * sizeof(int)); // warn
743 }
744 </pre></div></div></td></tr>
747 <tr><td><a id="alpha.security.MmapWriteExec"><div class="namedescr expandable"><span class="name">
750 Warn on <code>mmap()<code> calls that are both writable and executable.
751 </div></div></a></td>
754 void test(int n) {
755 void *c = mmap(NULL, 32, PROT_READ | PROT_WRITE | PROT_EXEC,
756 MAP_PRIVATE | MAP_ANON, -1, 0);
757 // warn: Both PROT_WRITE and PROT_EXEC flags are set. This can lead to
758 // exploitable memory regions, which could be overwritten with malicious
759 // code
760 }
761 </pre></div></div></td></tr>
764 <tr><td><a id="alpha.security.ReturnPtrRange"><div class="namedescr expandable"><span class="name">
767 Check for an out-of-bound pointer being returned to callers.</div></div></a></td>
770 static int A[10];
772 int *test() {
773 int *p = A + 10;
774 return p; // warn
775 }
778 int test(void) {
779 int x;
780 return x; // warn: undefined or garbage returned
781 }
782 </pre></div></div></td></tr>
785 <tr><td><a id="alpha.security.taint.TaintPropagation"><div class="namedescr expandable"><span class="name">
788 Generate taint information used by other checkers.</div></div></a></td>
791 void test() {
792 char x = getchar(); // 'x' marked as tainted
793 system(&x); // warn: untrusted data is passed to a system call
794 }
797 // note: compiler internally checks if the second param to
798 // sprintf is a string literal or not.
799 // Use -Wno-format-security to suppress compiler warning.
800 void test() {
801 char s[10], buf[10];
804 sprintf(buf, s); // warn: untrusted data as a format string
805 }
808 void test() {
809 size_t ts;
811 int *p = (int *)malloc(ts * sizeof(int));
812 // warn: untrusted data as buffer size
813 }
814 </pre></div></div></td></tr>
816 </tbody></table>
818 <!-- ============================= unix alpha ============================= -->
822 <thead><tr><td>Name, Description</td><td>Example</td></tr></thead>
823 <tbody>
826 <tr><td><a id="alpha.unix.BlockInCriticalSection"><div class="namedescr expandable"><span class="name">
829 Check for calls to blocking functions inside a critical section. Applies to:
830 <div class=functions>
831 lock<br>
832 unlock<br>
833 sleep<br>
834 getc<br>
835 fgets<br>
836 read<br>
837 revc<br>
838 pthread_mutex_lock<br>
839 pthread_mutex_unlock<br>
840 mtx_lock<br>
841 mtx_timedlock<br>
842 mtx_trylock<br>
843 mtx_unlock<br>
844 lock_guard<br>
845 unique_lock</div>
846 </div></div></a></td>
849 void test() {
850 std::mutex m;
851 m.lock();
852 sleep(3); // warn: a blocking function sleep is called inside a critical
853 // section
854 m.unlock();
855 }
856 </pre></div></div></td></tr>
862 Check improper use of <code>chroot</code>.</div></div></a></td>
865 void f();
867 void test() {
870 }
871 </pre></div></div></td></tr>
877 Simple lock -> unlock checker; applies to:<div class=functions>
878 pthread_mutex_lock<br>
879 pthread_rwlock_rdlock<br>
880 pthread_rwlock_wrlock<br>
881 lck_mtx_lock<br>
882 lck_rw_lock_exclusive<br>
883 lck_rw_lock_shared<br>
884 pthread_mutex_trylock<br>
885 pthread_rwlock_tryrdlock<br>
886 pthread_rwlock_tryrwlock<br>
887 lck_mtx_try_lock<br>
888 lck_rw_try_lock_exclusive<br>
889 lck_rw_try_lock_shared<br>
890 pthread_mutex_unlock<br>
891 pthread_rwlock_unlock<br>
892 lck_mtx_unlock<br>
893 lck_rw_done</div></div></div></a></td>
896 pthread_mutex_t mtx;
898 void test() {
899 pthread_mutex_lock(&mtx);
900 pthread_mutex_lock(&mtx);
901 // warn: this lock has already been acquired
902 }
905 lck_mtx_t lck1, lck2;
907 void test() {
908 lck_mtx_lock(&lck1);
909 lck_mtx_lock(&lck2);
910 lck_mtx_unlock(&lck1);
911 // warn: this was not the most recently acquired lock
912 }
915 lck_mtx_t lck1, lck2;
917 void test() {
918 if (lck_mtx_try_lock(&lck1) == 0)
919 return;
921 lck_mtx_lock(&lck2);
922 lck_mtx_unlock(&lck1);
923 // warn: this was not the most recently acquired lock
924 }
925 </pre></div></div></td></tr>
931 Check for misuses of stream APIs:<div class=functions>
932 fopen<br>
933 fclose</div>(demo checker, the subject of the demo
937 2012 LLVM Developers' Meeting).</a></div></div></a></td>
940 void test() {
942 } // warn: opened file is never closed
945 void test() {
948 if (F)
949 fclose(F);
951 fclose(F); // warn: closing a previously closed file stream
952 }
953 </pre></div></div></td></tr>
959 Check stream handling functions:<div class=functions>fopen<br>
960 tmpfile<br>
961 fclose<br>
962 fread<br>
963 fwrite<br>
964 fseek<br>
965 ftell<br>
966 rewind<br>
967 fgetpos<br>
968 fsetpos<br>
969 clearerr<br>
970 feof<br>
971 ferror<br>
972 fileno</div></div></div></a></td>
975 void test() {
977 } // warn: opened file is never closed
980 void test() {
982 fseek(p, 1, SEEK_SET); // warn: stream pointer might be NULL
983 fclose(p);
984 }
987 void test() {
990 if (p)
991 fseek(p, 1, 3);
992 // warn: third arg should be SEEK_SET, SEEK_END, or SEEK_CUR
994 fclose(p);
995 }
998 void test() {
1000 fclose(p);
1001 fclose(p); // warn: already closed
1002 }
1005 void test() {
1006 FILE *p = tmpfile();
1007 ftell(p); // warn: stream pointer might be NULL
1008 fclose(p);
1009 }
1010 </pre></div></div></td></tr>
1013 <tr><td><a id="alpha.unix.cstring.BufferOverlap"><div class="namedescr expandable"><span class="name">
1016 Checks for overlap in two buffer arguments; applies to:<div class=functions>
1017 memcpy<br>
1018 mempcpy</div></div></div></a></td>
1021 void test() {
1022 int a[4] = {0};
1023 memcpy(a + 2, a + 1, 8); // warn
1024 }
1025 </pre></div></div></td></tr>
1028 <tr><td><a id="alpha.unix.cstring.NotNullTerminated"><div class="namedescr expandable"><span class="name">
1031 Check for arguments which are not null-terminated strings; applies
1032 to:<div class=functions>
1033 strlen<br>
1034 strnlen<br>
1035 strcpy<br>
1036 strncpy<br>
1037 strcat<br>
1038 strncat</div></div></div></td>
1041 void test() {
1042 int y = strlen((char *)&test); // warn
1043 }
1044 </pre></div></div></a></td></tr>
1047 <tr><td><a id="alpha.unix.cstring.OutOfBounds"><div class="namedescr expandable"><span class="name">
1050 Check for out-of-bounds access in string functions; applies
1051 to:<div class=functions>
1052 strncopy<br>
1053 strncat</div></div></div></a></td>
1056 void test(char *y) {
1057 char x[4];
1058 if (strlen(y) == 4)
1059 strncpy(x, y, 5); // warn
1060 }
1061 </pre></div></div></td></tr>
1063 </tbody></table>
1065 <!-- =========================== nondeterminism alpha =========================== -->
1069 <thead><tr><td>Name, Description</td><td>Example</td></tr></thead>
1071 <tbody>
1072 <tr><td><a id="alpha.nondeterminism.PointerIteration"><div class="namedescr expandable"><span class="name">
1075 Check for non-determinism caused by iterating unordered containers of pointers.</div></div></a></td>
1078 // C++
1079 void test() {
1080 int a = 1, b = 2;
1081 std::unordered_set<int *> UnorderedPtrSet = {&a, &b};
1083 for (auto i : UnorderedPtrSet) // warn
1084 f(i);
1085 }
1086 </pre></div></div></td></tr>
1087 <tr><td><a id="alpha.nondeterminism.PointerSorting"><div class="namedescr expandable"><span class="name">
1090 Check for non-determinism caused by sorting of pointers.</div></div></a></td>
1093 // C++
1094 void test() {
1095 int a = 1, b = 2;
1096 std::vector<int *> V = {&a, &b};
1097 std::sort(V.begin(), V.end()); // warn
1098 }
1099 </pre></div></div></td></tr>
1100 </tbody></table>
1102 </div> <!-- page -->
1103 </div> <!-- content -->
1104 </body>
1105 </html>