[clang][modules] Don't prevent translation of FW_Private includes when explicitly...
[llvm-project.git] / clang / www / analyzer / alpha_checks.html
blobcff0284777bc78a33058092cde0e96040000cc1b
1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
2 "http://www.w3.org/TR/html4/strict.dtd">
3 <html>
4 <head>
5 <title>Alpha Checks</title>
6 <link type="text/css" rel="stylesheet" href="menu.css">
7 <link type="text/css" rel="stylesheet" href="content.css">
8 <script type="text/javascript" src="scripts/menu.js"></script>
9 <script type="text/javascript" src="scripts/expandcollapse.js"></script>
10 <style type="text/css">
11 tr:first-child { width:20%; }
12 </style>
13 </head>
14 <body onload="initExpandCollapse()">
16 <div id="page">
17 <!--#include virtual="menu.html.incl"-->
19 <div id="content">
20 <h1>Alpha Checkers</h1>
21 Experimental checkers in addition to the <a href = "available_checks.html">
22 Default Checkers</a>. These are checkers with known issues or limitations that
23 keep them from being on by default. They are likely to have false positives.
24 Bug reports are welcome but will likely not be investigated for some time.
25 Patches welcome!
26 <ul>
27 <li><a href="#clone_alpha_checkers">Clone Alpha Checkers</a></li>
28 <li><a href="#core_alpha_checkers">Core Alpha Checkers</a></li>
29 <li><a href="#cplusplus_alpha_checkers">C++ Alpha Checkers</a></li>
30 <li><a href="#llvm_alpha_checkers">LLVM Checkers</a></li>
31 <li><a href="#valist_alpha_checkers">Variable Argument Alpha Checkers</a></li>
32 <li><a href="#deadcode_alpha_checkers">Dead Code Alpha Checkers</a></li>
33 <li><a href="#osx_alpha_checkers">OS X Alpha Checkers</a></li>
34 <li><a href="#security_alpha_checkers">Security Alpha Checkers</a></li>
35 <li><a href="#unix_alpha_checkers">Unix Alpha Checkers</a></li>
36 <li><a href="#nondeterminism_alpha_checkers">Non-determinism Alpha Checkers</a></li>
37 </ul>
39 <!-- ============================= clone alpha ============================= -->
41 <h3 id="clone_alpha_checkers">Clone Alpha Checkers</h3>
42 <table class="checkers">
43 <colgroup><col class="namedescr"><col class="example"></colgroup>
44 <thead><tr><td>Name, Description</td><td>Example</td></tr></thead>
46 <tbody>
47 <tr><td><a id="alpha.clone.CloneChecker"><div class="namedescr expandable"><span class="name">
48 alpha.clone.CloneChecker</span><span class="lang">
49 (C, C++, ObjC)</span><div class="descr">
50 Reports similar pieces of code.</div></div></a></td>
51 <td><div class="exampleContainer expandable">
52 <div class="example"><pre>
53 void log();
55 int max(int a, int b) { // warn
56 log();
57 if (a > b)
58 return a;
59 return b;
62 int maxClone(int x, int y) { // similar code here
63 log();
64 if (x > y)
65 return x;
66 return y;
68 </pre></div></div></td></tr>
69 </tbody></table>
71 <!-- ============================= core alpha ============================= -->
72 <h3 id="core_alpha_checkers">Core Alpha Checkers</h3>
73 <table class="checkers">
74 <colgroup><col class="namedescr"><col class="example"></colgroup>
75 <thead><tr><td>Name, Description</td><td>Example</td></tr></thead>
77 <tbody>
78 <tr><td><a id="alpha.core.BoolAssignment"><div class="namedescr expandable"><span class="name">
79 alpha.core.BoolAssignment</span><span class="lang">
80 (ObjC)</span><div class="descr">
81 Warn about assigning non-{0,1} values to boolean variables.</div></div></a></td>
82 <td><div class="exampleContainer expandable">
83 <div class="example"><pre>
84 void test() {
85 BOOL b = -1; // warn
87 </pre></div></div></td></tr>
90 <tr><td><a id="alpha.core.CallAndMessageUnInitRefArg"><div class="namedescr expandable"><span class="name">
91 alpha.core.CallAndMessageUnInitRefArg</span><span class="lang">
92 (C, C++)</span><div class="descr">
93 Check for uninitialized arguments in function calls and Objective-C
94 message expressions.</div></div></a></td>
95 <td><div class="exampleContainer expandable">
96 <div class="example"><pre>
97 void test(void) {
98 int t;
99 int &p = t;
100 int &s = p;
101 int &q = s;
102 foo(q); // warn
104 </pre></div><div class="separator"></div>
105 <div class="example"><pre>
106 void test(void) {
107 int x;
108 foo(&x); // warn
110 </pre></div></div></td></tr>
113 <tr><td><a id="alpha.core.CastSize"><div class="namedescr expandable"><span class="name">
114 alpha.core.CastSize</span><span class="lang">
115 (C)</span><div class="descr">
116 Check when casting a malloc'ed type T, whether the size is a multiple of the
117 size of T (Works only with <span class="name">unix.Malloc</span>
118 or <span class="name">alpha.unix.MallocWithAnnotations</span>
119 checks enabled).</div></div></a></td>
120 <td><div class="exampleContainer expandable">
121 <div class="example"><pre>
122 void test() {
123 int *x = (int *)malloc(11); // warn
125 </pre></div></div></td></tr>
128 <tr><td><a id="alpha.core.CastToStruct"><div class="namedescr expandable"><span class="name">
129 alpha.core.CastToStruct</span><span class="lang">
130 (C, C++)</span><div class="descr">
131 Check for cast from non-struct pointer to struct pointer.</div></div></a></td>
132 <td><div class="exampleContainer expandable">
133 <div class="example"><pre>
134 // C
135 struct s {};
137 void test(int *p) {
138 struct s *ps = (struct s *) p; // warn
140 </pre></div><div class="separator"></div>
141 <div class="example"><pre>
142 // C++
143 class c {};
145 void test(int *p) {
146 c *pc = (c *) p; // warn
148 </pre></div></div></td></tr>
151 <tr><td><a id="alpha.core.Conversion"><div class="namedescr expandable"><span class="name">
152 alpha.core.Conversion</span><span class="lang">
153 (C, C++, ObjC)</span><div class="descr">
154 Loss of sign or precision in implicit conversions</div></div></a></td>
155 <td><div class="exampleContainer expandable">
156 <div class="example"><pre>
157 void test(unsigned U, signed S) {
158 if (S > 10) {
159 if (U < S) {
162 if (S < -10) {
163 if (U < S) { // warn (loss of sign)
167 </pre></div><div class="separator"></div>
168 <div class="example"><pre>
169 void test() {
170 long long A = 1LL << 60;
171 short X = A; // warn (loss of precision)
173 </pre></div></div></td></tr>
176 <tr><td><a id="alpha.core.DynamicTypeChecker"><div class="namedescr expandable"><span class="name">
177 alpha.core.DynamicTypeChecker</span><span class="lang">
178 (ObjC)</span><div class="descr">
179 Check for cases where the dynamic and the static type of an
180 object are unrelated.</div></div></a></td>
181 <td><div class="exampleContainer expandable">
182 <div class="example"><pre>
183 id date = [NSDate date];
185 // Warning: Object has a dynamic type 'NSDate *' which is
186 // incompatible with static type 'NSNumber *'"
187 NSNumber *number = date;
188 [number doubleValue];
189 </pre></div></div></td></tr>
192 <tr><td><a id="alpha.core.FixedAddr"><div class="namedescr expandable"><span class="name">
193 alpha.core.FixedAddr</span><span class="lang">
194 (C)</span><div class="descr">
195 Check for assignment of a fixed address to a pointer.</div></div></a></td>
196 <td><div class="exampleContainer expandable">
197 <div class="example"><pre>
198 void test() {
199 int *p;
200 p = (int *) 0x10000; // warn
202 </pre></div></div></td></tr>
205 <tr><td><a id="alpha.core.IdenticalExpr"><div class="namedescr expandable"><span class="name">
206 alpha.core.IdenticalExpr</span><span class="lang">
207 (C, C++)</span><div class="descr">
208 Warn about suspicious uses of identical expressions.</div></div></a></td>
209 <td><div class="exampleContainer expandable">
210 <div class="example"><pre>
211 // C
212 void test() {
213 int a = 5;
214 int b = a | 4 | a; // warn: identical expr on both sides
216 </pre></div><div class="separator"></div>
217 <div class="example"><pre>
218 // C++
219 bool f(void);
221 void test(bool b) {
222 int i = 10;
223 if (f()) { // warn: true and false branches are identical
224 do {
225 i--;
226 } while (f());
227 } else {
228 do {
229 i--;
230 } while (f());
233 </pre></div></div></td></tr>
236 <tr><td><a id="alpha.core.PointerArithm"><div class="namedescr expandable"><span class="name">
237 alpha.core.PointerArithm</span><span class="lang">
238 (C)</span><div class="descr">
239 Check for pointer arithmetic on locations other than array
240 elements.</div></div></a></td>
241 <td><div class="exampleContainer expandable">
242 <div class="example"><pre>
243 void test() {
244 int x;
245 int *p;
246 p = &amp;x + 1; // warn
248 </pre></div></div></td></tr>
251 <tr><td><a id="alpha.core.PointerSub"><div class="namedescr expandable"><span class="name">
252 alpha.core.PointerSub</span><span class="lang">
253 (C)</span><div class="descr">
254 Check for pointer subtractions on two pointers pointing to different memory
255 chunks.</div></div></a></td>
256 <td><div class="exampleContainer expandable">
257 <div class="example"><pre>
258 void test() {
259 int x, y;
260 int d = &amp;y - &amp;x; // warn
262 </pre></div></div></td></tr>
265 <tr><td><a id="alpha.core.SizeofPtr"><div class="namedescr expandable"><span class="name">
266 alpha.core.SizeofPtr</span><span class="lang">
267 (C)</span><div class="descr">
268 Warn about unintended use of <code>sizeof()</code> on pointer
269 expressions.</div></div></a></td>
270 <td><div class="exampleContainer expandable">
271 <div class="example"><pre>
272 struct s {};
274 int test(struct s *p) {
275 return sizeof(p);
276 // warn: sizeof(ptr) can produce an unexpected result
278 </pre></div></div></td></tr>
281 <tr><td><a id="alpha.core.StackAddressAsyncEscape"><div class="namedescr expandable"><span class="name">
282 alpha.core.StackAddressAsyncEscape</span><span class="lang">
283 (C)</span><div class="descr">
284 Check that addresses to stack memory do not escape the function that involves
285 <code>dispatch_after</code> or <code>dispatch_async</code>. This checker is
286 a part of core.StackAddressEscape, but is
287 <a href=https://reviews.llvm.org/D41042>temporarily disabled</a> until some
288 false positives are fixed.</div></div></a></td>
289 <td><div class="exampleContainer expandable">
290 <div class="example"><pre>
291 dispatch_block_t test_block_inside_block_async_leak() {
292 int x = 123;
293 void (^inner)(void) = ^void(void) {
294 int y = x;
295 ++y;
297 void (^outer)(void) = ^void(void) {
298 int z = x;
299 ++z;
300 inner();
302 return outer; // warn: address of stack-allocated block is captured by a
303 // returned block
305 </pre></div></div></td></tr>
308 <tr><td><a id="alpha.core.TestAfterDivZero"><div class="namedescr expandable"><span class="name">
309 alpha.core.TestAfterDivZero</span><span class="lang">
310 (C, C++, ObjC)</span><div class="descr">
311 Check for division by variable that is later compared against 0.
312 Either the comparison is useless or there is division by zero.
313 </div></div></a></td>
314 <td><div class="exampleContainer expandable">
315 <div class="example"><pre>
316 void test(int x) {
317 var = 77 / x;
318 if (x == 0) { } // warn
320 </pre></div></div></td></tr>
323 </tbody></table>
325 <!-- =========================== cplusplus alpha =========================== -->
326 <h3 id="cplusplus_alpha_checkers">C++ Alpha Checkers</h3>
327 <table class="checkers">
328 <colgroup><col class="namedescr"><col class="example"></colgroup>
329 <thead><tr><td>Name, Description</td><td>Example</td></tr></thead>
330 <tbody>
333 <tr><td><a id="alpha.cplusplus.ArrayDelete"><div class="namedescr expandable"><span class="name">
334 alpha.cplusplus.ArrayDelete</span><span class="lang">
335 (C++)</span><div class="descr">
336 Reports destructions of arrays of polymorphic objects that are destructed as
337 their base class
338 </div></div></a></td>
339 <td><div class="exampleContainer expandable">
340 <div class="example"><pre>
341 Base *create() {
342 Base *x = new Derived[10]; // note: Casting from 'Derived' to 'Base' here
343 return x;
346 void sink(Base *x) {
347 delete[] x; // warn: Deleting an array of 'Derived' objects as their base class 'Base' undefined
350 </pre></div></div></td></tr>
353 <tr><td><a id="alpha.cplusplus.DeleteWithNonVirtualDtor"><div class="namedescr expandable"><span class="name">
354 alpha.cplusplus.DeleteWithNonVirtualDtor</span><span class="lang">
355 (C++)</span><div class="descr">
356 Reports destructions of polymorphic objects with a non-virtual destructor in
357 their base class
358 </div></div></a></td>
359 <td><div class="exampleContainer expandable">
360 <div class="example"><pre>
361 NonVirtual *create() {
362 NonVirtual *x = new NVDerived(); // note: Casting from 'NVDerived' to
363 // 'NonVirtual' here
364 return x;
367 void sink(NonVirtual *x) {
368 delete x; // warn: destruction of a polymorphic object with no virtual
369 // destructor
371 </pre></div></div></td></tr>
373 <tr><td><a id="alpha.cplusplus.EnumCastOutOfRange"><div class="namedescr expandable"><span class="name">
374 alpha.cplusplus.EnumCastOutOfRange</span><span class="lang">
375 (C++)</span><div class="descr">
376 Check for integer to enumeration casts that could result in undefined values.
377 </div></div></a></td>
378 <td><div class="exampleContainer expandable">
379 <div class="example"><pre>
380 enum TestEnum {
381 A = 0
384 void foo() {
385 TestEnum t = static_cast<TestEnum>(-1);
386 // warn: the value provided to the cast expression is not in
387 the valid range of values for the enum
389 </pre></div></div></td></tr>
392 <tr><td><a id="alpha.cplusplus.InvalidatedIterator"><div class="namedescr expandable"><span class="name">
393 alpha.cplusplus.InvalidatedIterator</span><span class="lang">
394 (C++)</span><div class="descr">
395 Check for use of invalidated iterators.
396 </div></div></a></td>
397 <td><div class="exampleContainer expandable">
398 <div class="example"><pre>
399 void bad_copy_assign_operator_list1(std::list<int> &L1,
400 const std::list<int> &L2) {
401 auto i0 = L1.cbegin();
402 L1 = L2;
403 *i0; // warn: invalidated iterator accessed
405 </pre></div></div></td></tr>
408 <tr><td><a id="alpha.cplusplus.IteratorRange"><div class="namedescr expandable"><span class="name">
409 alpha.cplusplus.IteratorRange</span><span class="lang">
410 (C++)</span><div class="descr">
411 Check for iterators used outside their valid ranges.
412 </div></div></a></td>
413 <td><div class="exampleContainer expandable">
414 <div class="example"><pre>
415 void simple_bad_end(const std::vector<int> &v) {
416 auto i = v.end();
417 *i; // warn: iterator accessed outside of its range
419 </pre></div></div></td></tr>
422 <tr><td><a id="alpha.cplusplus.MismatchedIterator"><div class="namedescr expandable"><span class="name">
423 alpha.cplusplus.MismatchedIterator</span><span class="lang">
424 (C++)</span><div class="descr">
425 Check for use of iterators of different containers where iterators of the same
426 container are expected.
427 </div></div></a></td>
428 <td><div class="exampleContainer expandable">
429 <div class="example"><pre>
430 void bad_insert3(std::vector<int> &v1, std::vector<int> &v2) {
431 v2.insert(v1.cbegin(), v2.cbegin(), v2.cend()); // warn: container accessed
432 // using foreign
433 // iterator argument
434 v1.insert(v1.cbegin(), v1.cbegin(), v2.cend()); // warn: iterators of
435 // different containers
436 // used where the same
437 // container is
438 // expected
439 v1.insert(v1.cbegin(), v2.cbegin(), v1.cend()); // warn: iterators of
440 // different containers
441 // used where the same
442 // container is
443 // expected
445 </pre></div></div></td></tr>
448 <tr><td><a id="alpha.cplusplus.Move"><div class="namedescr expandable"><span class="name">
449 alpha.cplusplus.Move</span><span class="lang">
450 (C++)</span><div class="descr">
451 Method calls on a moved-from object and copying a moved-from object will be
452 reported.
453 </div></div></a></td>
454 <td><div class="exampleContainer expandable">
455 <div class="example"><pre>
456 struct A {
457 void foo() {}
460 void f() {
461 A a;
462 A b = std::move(a); // note: 'a' became 'moved-from' here
463 a.foo(); // warn: method call on a 'moved-from' object 'a'
465 </pre></div></div></td></tr>
468 </tbody></table>
471 <!-- =========================== dead code alpha =========================== -->
472 <h3 id="deadcode_alpha_checkers">Dead Code Alpha Checkers</h3>
473 <table class="checkers">
474 <colgroup><col class="namedescr"><col class="example"></colgroup>
475 <thead><tr><td>Name, Description</td><td>Example</td></tr></thead>
477 <tbody>
478 <tr><td><a id="alpha.deadcode.UnreachableCode"><div class="namedescr expandable"><span class="name">
479 alpha.deadcode.UnreachableCode</span><span class="lang">
480 (C, C++, ObjC)</span><div class="descr">
481 Check unreachable code.</div></div></a></td>
482 <td><div class="exampleContainer expandable">
483 <div class="example"><pre>
484 // C
485 int test() {
486 int x = 1;
487 while(x);
488 return x; // warn
490 </pre></div><div class="separator"></div>
491 <div class="example"><pre>
492 // C++
493 void test() {
494 int a = 2;
496 while (a > 1)
497 a--;
499 if (a > 1)
500 a++; // warn
502 </pre></div><div class="separator"></div>
503 <div class="example"><pre>
504 // Objective-C
505 void test(id x) {
506 return;
507 [x retain]; // warn
509 </pre></div></div></td></tr>
510 </tbody></table>
512 <!-- =========================== llvm alpha =========================== -->
513 <h3 id="llvm_alpha_checkers">LLVM Checkers</h3>
514 <table class="checkers">
515 <colgroup><col class="namedescr"><col class="example"></colgroup>
516 <thead><tr><td>Name, Description</td><td>Example</td></tr></thead>
518 <tbody>
519 <tr><td><a id="alpha.llvm.Conventions"><div class="namedescr expandable"><span class="name">
520 alpha.llvm.Conventions</span><span class="lang">
521 (C)</span><div class="descr">
522 Check code for LLVM codebase conventions:
523 <ul>
524 <li>A <code>StringRef</code> should not be bound to a temporary std::string
525 whose lifetime is shorter than the <code>StringRef</code>'s.</li>
526 <li>Clang AST nodes should not have fields that can allocate memory.</li>
527 </ul>
528 </div></div></a></td>
529 <td><div class="exampleContainer expandable">
530 <div class="example"><pre>
531 <!-- TODO: Add examples, as currently it's hard to get this checker working. -->
532 </pre></div></div></td></tr>
534 </tbody></table>
537 <!-- ============================== OS X alpha ============================== -->
538 <h3 id="osx_alpha_checkers">OS X Alpha Checkers</h3>
539 <table class="checkers">
540 <colgroup><col class="namedescr"><col class="example"></colgroup>
541 <thead><tr><td>Name, Description</td><td>Example</td></tr></thead>
543 <tbody>
544 <tr><td><a id="alpha.osx.cocoa.DirectIvarAssignment"><div class="namedescr expandable"><span class="name">
545 alpha.osx.cocoa.DirectIvarAssignment</span><span class="lang">
546 (ObjC)</span><div class="descr">
547 Check that Objective C properties follow the following rule: the property
548 should be set with the setter, not though a direct assignment.</div></div></a></td>
549 <td><div class="exampleContainer expandable">
550 <div class="example"><pre>
551 @interface MyClass : NSObject {}
552 @property (readonly) id A;
553 - (void) foo;
554 @end
556 @implementation MyClass
557 - (void) foo {
558 _A = 0; // warn
560 @end
561 </pre></div></div></td></tr>
564 <tr><td><a id="alpha.osx.cocoa.DirectIvarAssignmentForAnnotatedFunctions"><div class="namedescr expandable"><span class="name">
565 alpha.osx.cocoa.DirectIvarAssignmentForAnnotatedFunctions</span><span class="lang">
566 (ObjC)</span><div class="descr">
567 Check for direct assignments to instance variables in the methods annotated
568 with <code>objc_no_direct_instance_variable_assignment</code>.</div></div></a></td>
569 <td><div class="exampleContainer expandable">
570 <div class="example"><pre>
571 @interface MyClass : NSObject {}
572 @property (readonly) id A;
573 - (void) fAnnotated __attribute__((
574 annotate("objc_no_direct_instance_variable_assignment")));
575 - (void) fNotAnnotated;
576 @end
578 @implementation MyClass
579 - (void) fAnnotated {
580 _A = 0; // warn
582 - (void) fNotAnnotated {
583 _A = 0; // no warn
585 @end
586 </pre></div></div></td></tr>
589 <tr><td><a id="alpha.osx.cocoa.InstanceVariableInvalidation"><div class="namedescr expandable"><span class="name">
590 alpha.osx.cocoa.InstanceVariableInvalidation</span><span class="lang">
591 (ObjC)</span><div class="descr">
592 Check that the invalidatable instance variables are invalidated in the methods
593 annotated with <code>objc_instance_variable_invalidator</code>.</div></div></a></td>
594 <td><div class="exampleContainer expandable">
595 <div class="example"><pre>
596 @protocol Invalidation &lt;NSObject&gt;
597 - (void) invalidate
598 __attribute__((annotate("objc_instance_variable_invalidator")));
599 @end
601 @interface InvalidationImpObj : NSObject &lt;Invalidation&gt;
602 @end
604 @interface SubclassInvalidationImpObj : InvalidationImpObj {
605 InvalidationImpObj *var;
607 - (void)invalidate;
608 @end
610 @implementation SubclassInvalidationImpObj
611 - (void) invalidate {}
612 @end
613 // warn: var needs to be invalidated or set to nil
614 </pre></div></div></td></tr>
617 <tr><td><a id="alpha.osx.cocoa.MissingInvalidationMethod"><div class="namedescr expandable"><span class="name">
618 alpha.osx.cocoa.MissingInvalidationMethod</span><span class="lang">
619 (ObjC)</span><div class="descr">
620 Check that the invalidation methods are present in classes that contain
621 invalidatable instance variables.</div></div></a></td>
622 <td><div class="exampleContainer expandable">
623 <div class="example"><pre>
624 @protocol Invalidation &lt;NSObject&gt;
625 - (void)invalidate
626 __attribute__((annotate("objc_instance_variable_invalidator")));
627 @end
629 @interface NeedInvalidation : NSObject &lt;Invalidation&gt;
630 @end
632 @interface MissingInvalidationMethodDecl : NSObject {
633 NeedInvalidation *Var; // warn
635 @end
637 @implementation MissingInvalidationMethodDecl
638 @end
639 </pre></div></div></td></tr>
642 <tr><td><a id="alpha.osx.cocoa.localizability.PluralMisuseChecker"><div class="namedescr expandable"><span class="name">
643 alpha.osx.cocoa.localizability.PluralMisuseChecker</span><span class="lang">
644 (ObjC)</span><div class="descr">
645 Warns against using one vs. many plural pattern in code
646 when generating localized strings.
647 </div></div></a></td>
648 <td><div class="exampleContainer expandable">
649 <div class="example"><pre>
650 NSString *reminderText =
651 NSLocalizedString(@"None", @"Indicates no reminders");
652 if (reminderCount == 1) {
653 // Warning: Plural cases are not supported across all languages.
654 // Use a .stringsdict file instead
655 reminderText =
656 NSLocalizedString(@"1 Reminder", @"Indicates single reminder");
657 } else if (reminderCount >= 2) {
658 // Warning: Plural cases are not supported across all languages.
659 // Use a .stringsdict file instead
660 reminderText =
661 [NSString stringWithFormat:
662 NSLocalizedString(@"%@ Reminders", @"Indicates multiple reminders"),
663 reminderCount];
665 </pre></div></div></td></tr>
667 </tbody></table>
669 <!-- =========================== security alpha =========================== -->
670 <h3 id="security_alpha_checkers">Security Alpha Checkers</h3>
671 <table class="checkers">
672 <colgroup><col class="namedescr"><col class="example"></colgroup>
673 <thead><tr><td>Name, Description</td><td>Example</td></tr></thead>
675 <tbody>
676 <tr><td><a id="alpha.security.ArrayBound"><div class="namedescr expandable"><span class="name">
677 alpha.security.ArrayBound</span><span class="lang">
678 (C)</span><div class="descr">
679 Warn about buffer overflows (older checker).</div></div></a></td>
680 <td><div class="exampleContainer expandable">
681 <div class="example"><pre>
682 void test() {
683 char *s = "";
684 char c = s[1]; // warn
686 </pre></div><div class="separator"></div>
687 <div class="example"><pre>
688 struct seven_words {
689 int c[7];
692 void test() {
693 struct seven_words a, *p;
694 p = &a;
695 p[0] = a;
696 p[1] = a;
697 p[2] = a; // warn
699 </pre></div><div class="separator"></div>
700 <div class="example"><pre>
701 // note: requires unix.Malloc or
702 // alpha.unix.MallocWithAnnotations checks enabled.
703 void test() {
704 int *p = malloc(12);
705 p[3] = 4; // warn
707 </pre></div><div class="separator"></div>
708 <div class="example"><pre>
709 void test() {
710 char a[2];
711 int *b = (int*)a;
712 b[1] = 3; // warn
714 </pre></div></div></td></tr>
717 <tr><td><a id="alpha.security.ArrayBoundV2"><div class="namedescr expandable"><span class="name">
718 alpha.security.ArrayBoundV2</span><span class="lang">
719 (C)</span><div class="descr">
720 Warn about buffer overflows (newer checker).</div></div></a></td>
721 <td><div class="exampleContainer expandable">
722 <div class="example"><pre>
723 void test() {
724 char *s = "";
725 char c = s[1]; // warn
727 </pre></div><div class="separator"></div>
728 <div class="example"><pre>
729 void test() {
730 int buf[100];
731 int *p = buf;
732 p = p + 99;
733 p[1] = 1; // warn
735 </pre></div><div class="separator"></div>
736 <div class="example"><pre>
737 // note: compiler has internal check for this.
738 // Use -Wno-array-bounds to suppress compiler warning.
739 void test() {
740 int buf[100][100];
741 buf[0][-1] = 1; // warn
743 </pre></div><div class="separator"></div>
744 <div class="example"><pre>
745 // note: requires alpha.security.taint check turned on.
746 void test() {
747 char s[] = "abc";
748 int x = getchar();
749 char c = s[x]; // warn: index is tainted
751 </pre></div></div></td></tr>
754 <tr><td><a id="alpha.security.MallocOverflow"><div class="namedescr expandable"><span class="name">
755 alpha.security.MallocOverflow</span><span class="lang">
756 (C)</span><div class="descr">
757 Check for overflows in the arguments to <code>malloc()</code>.</div></div></a></td>
758 <td><div class="exampleContainer expandable">
759 <div class="example"><pre>
760 void test(int n) {
761 void *p = malloc(n * sizeof(int)); // warn
763 </pre></div></div></td></tr>
766 <tr><td><a id="alpha.security.MmapWriteExec"><div class="namedescr expandable"><span class="name">
767 alpha.security.MmapWriteExec</span><span class="lang">
768 (C)</span><div class="descr">
769 Warn on <code>mmap()<code> calls that are both writable and executable.
770 </div></div></a></td>
771 <td><div class="exampleContainer expandable">
772 <div class="example"><pre>
773 void test(int n) {
774 void *c = mmap(NULL, 32, PROT_READ | PROT_WRITE | PROT_EXEC,
775 MAP_PRIVATE | MAP_ANON, -1, 0);
776 // warn: Both PROT_WRITE and PROT_EXEC flags are set. This can lead to
777 // exploitable memory regions, which could be overwritten with malicious
778 // code
780 </pre></div></div></td></tr>
783 <tr><td><a id="alpha.security.ReturnPtrRange"><div class="namedescr expandable"><span class="name">
784 alpha.security.ReturnPtrRange</span><span class="lang">
785 (C)</span><div class="descr">
786 Check for an out-of-bound pointer being returned to callers.</div></div></a></td>
787 <td><div class="exampleContainer expandable">
788 <div class="example"><pre>
789 static int A[10];
791 int *test() {
792 int *p = A + 10;
793 return p; // warn
795 </pre></div><div class="separator"></div>
796 <div class="example"><pre>
797 int test(void) {
798 int x;
799 return x; // warn: undefined or garbage returned
801 </pre></div></div></td></tr>
804 <tr><td><a id="alpha.security.taint.TaintPropagation"><div class="namedescr expandable"><span class="name">
805 alpha.security.taint.TaintPropagation</span><span class="lang">
806 (C)</span><div class="descr">
807 Generate taint information used by other checkers.</div></div></a></td>
808 <td><div class="exampleContainer expandable">
809 <div class="example"><pre>
810 void test() {
811 char x = getchar(); // 'x' marked as tainted
812 system(&x); // warn: untrusted data is passed to a system call
814 </pre></div><div class="separator"></div>
815 <div class="example"><pre>
816 // note: compiler internally checks if the second param to
817 // sprintf is a string literal or not.
818 // Use -Wno-format-security to suppress compiler warning.
819 void test() {
820 char s[10], buf[10];
821 fscanf(stdin, "%s", s); // 's' marked as tainted
823 sprintf(buf, s); // warn: untrusted data as a format string
825 </pre></div><div class="separator"></div>
826 <div class="example"><pre>
827 void test() {
828 size_t ts;
829 scanf("%zd", &ts); // 'ts' marked as tainted
830 int *p = (int *)malloc(ts * sizeof(int));
831 // warn: untrusted data as buffer size
833 </pre></div></div></td></tr>
835 </tbody></table>
837 <!-- ============================= unix alpha ============================= -->
838 <h3 id="unix_alpha_checkers">Unix Alpha Checkers</h3>
839 <table class="checkers">
840 <colgroup><col class="namedescr"><col class="example"></colgroup>
841 <thead><tr><td>Name, Description</td><td>Example</td></tr></thead>
842 <tbody>
845 <tr><td><a id="alpha.unix.BlockInCriticalSection"><div class="namedescr expandable"><span class="name">
846 alpha.unix.BlockInCriticalSection</span><span class="lang">
847 (C)</span><div class="descr">
848 Check for calls to blocking functions inside a critical section. Applies to:
849 <div class=functions>
850 lock<br>
851 unlock<br>
852 sleep<br>
853 getc<br>
854 fgets<br>
855 read<br>
856 revc<br>
857 pthread_mutex_lock<br>
858 pthread_mutex_unlock<br>
859 mtx_lock<br>
860 mtx_timedlock<br>
861 mtx_trylock<br>
862 mtx_unlock<br>
863 lock_guard<br>
864 unique_lock</div>
865 </div></div></a></td>
866 <td><div class="exampleContainer expandable">
867 <div class="example"><pre>
868 void test() {
869 std::mutex m;
870 m.lock();
871 sleep(3); // warn: a blocking function sleep is called inside a critical
872 // section
873 m.unlock();
875 </pre></div></div></td></tr>
878 <tr><td><a id="alpha.unix.Chroot"><div class="namedescr expandable"><span class="name">
879 alpha.unix.Chroot</span><span class="lang">
880 (C)</span><div class="descr">
881 Check improper use of <code>chroot</code>.</div></div></a></td>
882 <td><div class="exampleContainer expandable">
883 <div class="example"><pre>
884 void f();
886 void test() {
887 chroot("/usr/local");
888 f(); // warn: no call of chdir("/") immediately after chroot
890 </pre></div></div></td></tr>
893 <tr><td><a id="alpha.unix.PthreadLock"><div class="namedescr expandable"><span class="name">
894 alpha.unix.PthreadLock</span><span class="lang">
895 (C)</span><div class="descr">
896 Simple lock -> unlock checker; applies to:<div class=functions>
897 pthread_mutex_lock<br>
898 pthread_rwlock_rdlock<br>
899 pthread_rwlock_wrlock<br>
900 lck_mtx_lock<br>
901 lck_rw_lock_exclusive<br>
902 lck_rw_lock_shared<br>
903 pthread_mutex_trylock<br>
904 pthread_rwlock_tryrdlock<br>
905 pthread_rwlock_tryrwlock<br>
906 lck_mtx_try_lock<br>
907 lck_rw_try_lock_exclusive<br>
908 lck_rw_try_lock_shared<br>
909 pthread_mutex_unlock<br>
910 pthread_rwlock_unlock<br>
911 lck_mtx_unlock<br>
912 lck_rw_done</div></div></div></a></td>
913 <td><div class="exampleContainer expandable">
914 <div class="example"><pre>
915 pthread_mutex_t mtx;
917 void test() {
918 pthread_mutex_lock(&mtx);
919 pthread_mutex_lock(&mtx);
920 // warn: this lock has already been acquired
922 </pre></div><div class="separator"></div>
923 <div class="example"><pre>
924 lck_mtx_t lck1, lck2;
926 void test() {
927 lck_mtx_lock(&lck1);
928 lck_mtx_lock(&lck2);
929 lck_mtx_unlock(&lck1);
930 // warn: this was not the most recently acquired lock
932 </pre></div><div class="separator"></div>
933 <div class="example"><pre>
934 lck_mtx_t lck1, lck2;
936 void test() {
937 if (lck_mtx_try_lock(&lck1) == 0)
938 return;
940 lck_mtx_lock(&lck2);
941 lck_mtx_unlock(&lck1);
942 // warn: this was not the most recently acquired lock
944 </pre></div></div></td></tr>
947 <tr><td><a id="alpha.unix.SimpleStream"><div class="namedescr expandable"><span class="name">
948 alpha.unix.SimpleStream</span><span class="lang">
949 (C)</span><div class="descr">
950 Check for misuses of stream APIs:<div class=functions>
951 fopen<br>
952 fclose</div>(demo checker, the subject of the demo
953 (<a href="https://llvm.org/devmtg/2012-11/Zaks-Rose-Checker24Hours.pdf">Slides</a>
954 ,<a href="https://youtu.be/kdxlsP5QVPw">Video</a>)
955 by Anna Zaks and Jordan Rose presented at the <a href="https://llvm.org/devmtg/2012-11/">
956 2012 LLVM Developers' Meeting).</a></div></div></a></td>
957 <td><div class="exampleContainer expandable">
958 <div class="example"><pre>
959 void test() {
960 FILE *F = fopen("myfile.txt", "w");
961 } // warn: opened file is never closed
962 </pre></div><div class="separator"></div>
963 <div class="example"><pre>
964 void test() {
965 FILE *F = fopen("myfile.txt", "w");
967 if (F)
968 fclose(F);
970 fclose(F); // warn: closing a previously closed file stream
972 </pre></div></div></td></tr>
975 <tr><td><a id="alpha.unix.Stream"><div class="namedescr expandable"><span class="name">
976 alpha.unix.Stream</span><span class="lang">
977 (C)</span><div class="descr">
978 Check stream handling functions:<div class=functions>fopen<br>
979 tmpfile<br>
980 fclose<br>
981 fread<br>
982 fwrite<br>
983 fseek<br>
984 ftell<br>
985 rewind<br>
986 fgetpos<br>
987 fsetpos<br>
988 clearerr<br>
989 feof<br>
990 ferror<br>
991 fileno</div></div></div></a></td>
992 <td><div class="exampleContainer expandable">
993 <div class="example"><pre>
994 void test() {
995 FILE *p = fopen("foo", "r");
996 } // warn: opened file is never closed
997 </pre></div><div class="separator"></div>
998 <div class="example"><pre>
999 void test() {
1000 FILE *p = fopen("foo", "r");
1001 fseek(p, 1, SEEK_SET); // warn: stream pointer might be NULL
1002 fclose(p);
1004 </pre></div><div class="separator"></div>
1005 <div class="example"><pre>
1006 void test() {
1007 FILE *p = fopen("foo", "r");
1009 if (p)
1010 fseek(p, 1, 3);
1011 // warn: third arg should be SEEK_SET, SEEK_END, or SEEK_CUR
1013 fclose(p);
1015 </pre></div><div class="separator"></div>
1016 <div class="example"><pre>
1017 void test() {
1018 FILE *p = fopen("foo", "r");
1019 fclose(p);
1020 fclose(p); // warn: already closed
1022 </pre></div><div class="separator"></div>
1023 <div class="example"><pre>
1024 void test() {
1025 FILE *p = tmpfile();
1026 ftell(p); // warn: stream pointer might be NULL
1027 fclose(p);
1029 </pre></div></div></td></tr>
1032 <tr><td><a id="alpha.unix.cstring.BufferOverlap"><div class="namedescr expandable"><span class="name">
1033 alpha.unix.cstring.BufferOverlap</span><span class="lang">
1034 (C)</span><div class="descr">
1035 Checks for overlap in two buffer arguments; applies to:<div class=functions>
1036 memcpy<br>
1037 mempcpy</div></div></div></a></td>
1038 <td><div class="exampleContainer expandable">
1039 <div class="example"><pre>
1040 void test() {
1041 int a[4] = {0};
1042 memcpy(a + 2, a + 1, 8); // warn
1044 </pre></div></div></td></tr>
1047 <tr><td><a id="alpha.unix.cstring.NotNullTerminated"><div class="namedescr expandable"><span class="name">
1048 alpha.unix.cstring.NotNullTerminated</span><span class="lang">
1049 (C)</span><div class="descr">
1050 Check for arguments which are not null-terminated strings; applies
1051 to:<div class=functions>
1052 strlen<br>
1053 strnlen<br>
1054 strcpy<br>
1055 strncpy<br>
1056 strcat<br>
1057 strncat</div></div></div></td>
1058 <td><div class="exampleContainer expandable">
1059 <div class="example"><pre>
1060 void test() {
1061 int y = strlen((char *)&test); // warn
1063 </pre></div></div></a></td></tr>
1066 <tr><td><a id="alpha.unix.cstring.OutOfBounds"><div class="namedescr expandable"><span class="name">
1067 alpha.unix.cstring.OutOfBounds</span><span class="lang">
1068 (C)</span><div class="descr">
1069 Check for out-of-bounds access in string functions; applies
1070 to:<div class=functions>
1071 strncopy<br>
1072 strncat</div></div></div></a></td>
1073 <td><div class="exampleContainer expandable">
1074 <div class="example"><pre>
1075 void test(char *y) {
1076 char x[4];
1077 if (strlen(y) == 4)
1078 strncpy(x, y, 5); // warn
1080 </pre></div></div></td></tr>
1082 </tbody></table>
1084 <!-- =========================== nondeterminism alpha =========================== -->
1085 <h3 id="nondeterminism_alpha_checkers">Non-determinism Alpha Checkers</h3>
1086 <table class="checkers">
1087 <colgroup><col class="namedescr"><col class="example"></colgroup>
1088 <thead><tr><td>Name, Description</td><td>Example</td></tr></thead>
1090 <tbody>
1091 <tr><td><a id="alpha.nondeterminism.PointerIteration"><div class="namedescr expandable"><span class="name">
1092 alpha.nondeterminism.PointerIteration</span><span class="lang">
1093 (C++)</span><div class="descr">
1094 Check for non-determinism caused by iterating unordered containers of pointers.</div></div></a></td>
1095 <td><div class="exampleContainer expandable">
1096 <div class="example"><pre>
1097 // C++
1098 void test() {
1099 int a = 1, b = 2;
1100 std::unordered_set<int *> UnorderedPtrSet = {&a, &b};
1102 for (auto i : UnorderedPtrSet) // warn
1103 f(i);
1105 </pre></div></div></td></tr>
1106 <tr><td><a id="alpha.nondeterminism.PointerSorting"><div class="namedescr expandable"><span class="name">
1107 alpha.nondeterminism.PointerSorting</span><span class="lang">
1108 (C++)</span><div class="descr">
1109 Check for non-determinism caused by sorting of pointers.</div></div></a></td>
1110 <td><div class="exampleContainer expandable">
1111 <div class="example"><pre>
1112 // C++
1113 void test() {
1114 int a = 1, b = 2;
1115 std::vector<int *> V = {&a, &b};
1116 std::sort(V.begin(), V.end()); // warn
1118 </pre></div></div></td></tr>
1119 </tbody></table>
1121 </div> <!-- page -->
1122 </div> <!-- content -->
1123 </body>
1124 </html>