search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
etc/services - sync with NetBSD-8
[minix.git] / external / bsd / llvm / dist / clang / www / analyzer / available_checks.html
blob7707fc0150d5eae60e9fd74ecfc3c5bd8680d461
1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
2 "http://www.w3.org/TR/html4/strict.dtd">
3 <html>
4 <head>
5 <title>Available Checkers</title>
6 <link type="text/css" rel="stylesheet" href="menu.css">
7 <link type="text/css" rel="stylesheet" href="content.css">
8 <script type="text/javascript" src="scripts/menu.js"></script>
9 <script type="text/javascript" src="scripts/expandcollapse.js"></script>
10 <style type="text/css">
11 tr:first-child { width:20%; }
12 </style>
13 </head>
14 <body onload="initExpandCollapse()">
15
16 <div id="page">
17 <!--#include virtual="menu.html.incl"-->
18
19 <div id="content">
20 <h1>Available Checkers</h1>
21 The analyzer performs checks that are categorized into families or "checkers". The
22 default set of checkers covers a variety of checks targeted at finding security
23 and API usage bugs, dead code, and other logic errors. See the
24 <a href = "#default_checkers">Default Checkers</a> list below. In addition to
25 these, the analyzer contains a number of <a href = "alpha_checks.html">
26 Experimental (Alpha) Checkers</a>.
27
28 <h3>Writeups with examples of some of the bugs that the analyzer finds</h3>
29 <ul>
30 <li><a href="http://www.mobileorchard.com/bug-finding-with-clang-5-resources-to-get-you-started/">Bug Finding With Clang: 5 Resources To Get You Started</a></li>
31 <li><a href="http://fruitstandsoftware.com/blog/index.php/2008/08/finding-memory-leaks-with-the-llvmclang-static-analyzer/#comment-2">Finding Memory Leaks With The LLVM/Clang Static Analyzer</a></li>
32 <li><a href="http://www.rogueamoeba.com/utm/2008/07/14/the-clang-static-analyzer/">Under the Microscope - The Clang Static Analyzer</a></li>
33 <li><a href="http://www.mikeash.com/?page=pyblog/friday-qa-2009-03-06-using-the-clang-static-analyzer.html">Mike Ash - Using the Clang Static Analyzer</a></li>
34 </ul>
35
36 <h2 id="default_checkers">Default Checkers</h2>
37 <ul>
38 <li><a href="#core_checkers">Core Checkers</a> model core language features and perform general-purpose checks such as division by zero, null pointer dereference, usage of uninitialized values, etc.</li>
39 <li><a href="#cplusplus_checkers">C++ Checkers</a> perform C++-specific checks</li>
40 <li><a href="#deadcode_checkers">Dead Code Checkers</a> check for unused code</li>
41 <li><a href="#osx_checkers">OS X Checkers</a> perform Objective-C-specific checks and check the use of Apple's SDKs (OS X and iOS)</li>
42 <li><a href="#security_checkers">Security Checkers</a> check for insecure API usage and perform checks based on the CERT Secure Coding Standards</li>
43 <li><a href="#unix_checkers">Unix Checkers</a> check the use of Unix and POSIX APIs</li>
44 </ul>
45
46 <!------------------------------------ core ----------------------------------->
47 <h3 id="core_checkers">Core Checkers</h3>
48 <table class="checkers">
49 <colgroup><col class="namedescr"><col class="example"></colgroup>
50 <thead><tr><td>Name, Description</td><td>Example</td></tr></thead>
51
52 <tbody>
53 <tr><td><div class="namedescr expandable"><span class="name">
54 core.CallAndMessage</span><span class="lang">
55 (C, C++, ObjC)</span><div class="descr">
56 Check for logical errors for function calls and Objective-C message expressions
57 (e.g., uninitialized arguments, null function pointers).</div></div></td>
58 <td><div class="exampleContainer expandable">
59 <div class="example"><pre>
60 // C
61 struct S {
62 int x;
63 };
64
65 void f(struct S s);
66
67 void test() {
68 struct S s;
69 f(s); // warn: passed-by-value arg contain uninitialized data
70 }
71 </pre></div>
72 <div class="example"><pre>
73 // C
74 void test() {
75 void (*foo)(void);
76 foo(); // warn: function pointer is uninitialized
77 }
78 </pre></div>
79 <div class="example"><pre>
80 // C
81 void test() {
82 void (*foo)(void);
83 foo = 0;
84 foo(); // warn: function pointer is null
85 }
86 </pre></div>
87 <div class="example"><pre>
88 // C++
89 class C {
90 public:
91 void f();
92 };
93
94 void test() {
95 C *pc;
96 pc-&gt;f(); // warn: object pointer is uninitialized
97 }
98 </pre></div>
99 <div class="example"><pre>
100 // C++
101 class C {
102 public:
103 void f();
104 };
105
106 void test() {
107 C *pc = 0;
108 pc-&gt;f(); // warn: object pointer is null
109 }
110 </pre></div>
111 <div class="example"><pre>
112 // Objective-C
113 @interface MyClass : NSObject
114 @property (readwrite,assign) id x;
115 - (long double)longDoubleM;
116 @end
117
118 void test() {
119 MyClass *obj1;
120 long double ld1 = [obj1 longDoubleM];
121 // warn: receiver is uninitialized
122 }
123 </pre></div>
124 <div class="example"><pre>
125 // Objective-C
126 @interface MyClass : NSObject
127 @property (readwrite,assign) id x;
128 - (long double)longDoubleM;
129 @end
130
131 void test() {
132 MyClass *obj1;
133 id i = obj1.x; // warn: uninitialized object pointer
134 }
135 </pre></div>
136 <div class="example"><pre>
137 // Objective-C
138 @interface Subscriptable : NSObject
139 - (id)objectAtIndexedSubscript:(unsigned int)index;
140 @end
141
142 @interface MyClass : Subscriptable
143 @property (readwrite,assign) id x;
144 - (long double)longDoubleM;
145 @end
146
147 void test() {
148 MyClass *obj1;
149 id i = obj1[0]; // warn: uninitialized object pointer
150 }
151 </pre></div></div></td></tr>
152
153
154 <tr><td><div class="namedescr expandable"><span class="name">
155 core.DivideZero</span><span class="lang">
156 (C, C++, ObjC)</span><div class="descr">
157 Check for division by zero.</div></div></td>
158 <td><div class="exampleContainer expandable">
159 <div class="example"><pre>
160 void test(int z) {
161 if (z == 0)
162 int x = 1 / z; // warn
163 }
164 </pre></div>
165 <div class="example"><pre>
166 void test() {
167 int x = 1;
168 int y = x % 0; // warn
169 }
170 </pre></div></div></td></tr>
171
172
173 <tr><td><div class="namedescr expandable"><span class="name">
174 core.NonNullParamChecker</span><span class="lang">
175 (C, C++, ObjC)</span><div class="descr">
176 Check for null pointers passed as arguments to a function whose arguments are
177 marked with the <code>nonnull</code> attribute.</div></div></td>
178 <td><div class="exampleContainer expandable">
179 <div class="example"><pre>
180 int f(int *p) __attribute__((nonnull));
181
182 void test(int *p) {
183 if (!p)
184 f(p); // warn
185 }
186 </pre></div></div></td></tr>
187
188
189 <tr><td><div class="namedescr expandable"><span class="name">
190 core.NullDereference</span><span class="lang">
191 (C, C++, ObjC)</span><div class="descr">
192 Check for dereferences of null pointers.</div></div></td>
193 <td><div class="exampleContainer expandable">
194 <div class="example"><pre>
195 // C
196 void test(int *p) {
197 if (p)
198 return;
199
200 int x = p[0]; // warn
201 }
202 </pre></div>
203 <div class="example"><pre>
204 // C
205 void test(int *p) {
206 if (!p)
207 *p = 0; // warn
208 }
209 </pre></div>
210 <div class="example"><pre>
211 // C++
212 class C {
213 public:
214 int x;
215 };
216
217 void test() {
218 C *pc = 0;
219 int k = pc->x; // warn
220 }
221 </pre></div>
222 <div class="example"><pre>
223 // Objective-C
224 @interface MyClass {
225 @public
226 int x;
227 }
228 @end
229
230 void test() {
231 MyClass *obj = 0;
232 obj-&gt;x = 1; // warn
233 }
234 </pre></div></div></td></tr>
235
236
237 <tr><td><div class="namedescr expandable"><span class="name">
238 core.StackAddressEscape</span><span class="lang">
239 (C)</span><div class="descr">
240 Check that addresses of stack memory do not escape the function.</div></div></td>
241 <td><div class="exampleContainer expandable">
242 <div class="example"><pre>
243 char const *p;
244
245 void test() {
246 char const str[] = "string";
247 p = str; // warn
248 }
249 </pre></div>
250 <div class="example"><pre>
251 void* test() {
252 return __builtin_alloca(12); // warn
253 }
254 </pre></div>
255 <div class="example"><pre>
256 void test() {
257 static int *x;
258 int y;
259 x = &amp;y; // warn
260 }
261 </pre></div></div></td></tr>
262
263
264 <tr><td><div class="namedescr expandable"><span class="name">
265 core.UndefinedBinaryOperatorResult</span><span class="lang">
266 (C)</span><div class="descr">
267 Check for undefined results of binary operators.</div></div></td>
268 <td><div class="exampleContainer expandable">
269 <div class="example"><pre>
270 void test() {
271 int x;
272 int y = x + 1; // warn: left operand is garbage
273 }
274 </pre></div></div></td></tr>
275
276
277 <tr><td><div class="namedescr expandable"><span class="name">
278 core.VLASize</span><span class="lang">
279 (C)</span><div class="descr">
280 Check for declarations of VLA of undefined or zero size.</div></div></td>
281 <td><div class="exampleContainer expandable">
282 <div class="example"><pre>
283 void test() {
284 int x;
285 int vla1[x]; // warn: garbage as size
286 }
287 </pre></div>
288 <div class="example"><pre>
289 void test() {
290 int x = 0;
291 int vla2[x]; // warn: zero size
292 }
293 </pre></div></div></td></tr>
294
295
296 <tr><td><div class="namedescr expandable"><span class="name">
297 core.uninitialized.ArraySubscript</span><span class="lang">
298 (C)</span><div class="descr">
299 Check for uninitialized values used as array subscripts.</div></div></td>
300 <td><div class="exampleContainer expandable">
301 <div class="example"><pre>
302 void test() {
303 int i, a[10];
304 int x = a[i]; // warn: array subscript is undefined
305 }
306 </pre></div></div></td></tr>
307
308
309 <tr><td><div class="namedescr expandable"><span class="name">
310 core.uninitialized.Assign</span><span class="lang">
311 (C)</span><div class="descr">
312 Check for assigning uninitialized values.</div></div></td>
313 <td><div class="exampleContainer expandable">
314 <div class="example"><pre>
315 void test() {
316 int x;
317 x |= 1; // warn: left expression is unitialized
318 }
319 </pre></div></div></td></tr>
320
321
322 <tr><td><div class="namedescr expandable"><span class="name">
323 core.uninitialized.Branch</span><span class="lang">
324 (C)</span><div class="descr">
325 Check for uninitialized values used as branch conditions.</div></div></td>
326 <td><div class="exampleContainer expandable">
327 <div class="example"><pre>
328 void test() {
329 int x;
330 if (x) // warn
331 return;
332 }
333 </pre></div></div></td></tr>
334
335
336 <tr><td><div class="namedescr expandable"><span class="name">
337 core.uninitialized.CapturedBlockVariable</span><span class="lang">
338 (C)</span><div class="descr">
339 Check for blocks that capture uninitialized values.</div></div></td>
340 <td><div class="exampleContainer expandable">
341 <div class="example"><pre>
342 void test() {
343 int x;
344 ^{ int y = x; }(); // warn
345 }
346 </pre></div></div></td></tr>
347
348
349 <tr><td><div class="namedescr expandable"><span class="name">
350 core.uninitialized.UndefReturn</span><span class="lang">
351 (C)</span><div class="descr">
352 Check for uninitialized values being returned to the caller.</div></div></td>
353 <td><div class="exampleContainer expandable">
354 <div class="example"><pre>
355 int test() {
356 int x;
357 return x; // warn
358 }
359 </pre></div></div></td></tr>
360
361 </tbody></table>
362
363 <!------------------------------------ C++ ------------------------------------>
364 <h3 id="cplusplus_checkers">C++ Checkers</h3>
365 <table class="checkers">
366 <colgroup><col class="namedescr"><col class="example"></colgroup>
367 <thead><tr><td>Name, Description</td><td>Example</td></tr></thead>
368
369 <tbody>
370 <tr><td><div class="namedescr expandable"><span class="name">
371 cplusplus.NewDelete</span><span class="lang">
372 (C++)</span><div class="descr">
373 Check for double-free, use-after-free and offset problems involving C++ <code>
374 delete</code>.</div></div></td>
375 <td><div class="exampleContainer expandable">
376 <div class="example"><pre>
377 void f(int *p);
378
379 void testUseMiddleArgAfterDelete(int *p) {
380 delete p;
381 f(p); // warn: use after free
382 }
383 </pre></div>
384 <div class="example"><pre>
385 class SomeClass {
386 public:
387 void f();
388 };
389
390 void test() {
391 SomeClass *c = new SomeClass;
392 delete c;
393 c-&gt;f(); // warn: use after free
394 }
395 </pre></div>
396 <div class="example"><pre>
397 void test() {
398 int *p = (int *)__builtin_alloca(sizeof(int));
399 delete p; // warn: deleting memory allocated by alloca
400 }
401 </pre></div>
402 <div class="example"><pre>
403 void test() {
404 int *p = new int;
405 delete p;
406 delete p; // warn: attempt to free released
407 }
408 </pre></div>
409 <div class="example"><pre>
410 void test() {
411 int i;
412 delete &amp;i; // warn: delete address of local
413 }
414 </pre></div>
415 <div class="example"><pre>
416 void test() {
417 int *p = new int[1];
418 delete[] (++p);
419 // warn: argument to 'delete[]' is offset by 4 bytes
420 // from the start of memory allocated by 'new[]'
421 }
422 </pre></div></div></td></tr>
423
424 </tbody></table>
425
426 <!--------------------------------- dead code --------------------------------->
427 <h3 id="deadcode_checkers">Dead Code Checkers</h3>
428 <table class="checkers">
429 <colgroup><col class="namedescr"><col class="example"></colgroup>
430 <thead><tr><td>Name, Description</td><td>Example</td></tr></thead>
431
432 <tbody>
433 <tr><td><div class="namedescr expandable"><span class="name">
434 deadcode.DeadStores</span><span class="lang">
435 (C)</span><div class="descr">
436 Check for values stored to variables that are never read afterwards.</div></div></td>
437 <td><div class="exampleContainer expandable">
438 <div class="example"><pre>
439 void test() {
440 int x;
441 x = 1; // warn
442 }
443 </pre></div></div></td></tr>
444
445 </tbody></table>
446
447 <!---------------------------------- OS X ------------------------------------>
448 <h3 id="osx_checkers">OS X Checkers</h3>
449 <table class="checkers">
450 <colgroup><col class="namedescr"><col class="example"></colgroup>
451 <thead><tr><td>Name, Description</td><td>Example</td></tr></thead>
452
453 <tbody>
454 <tr><td><div class="namedescr expandable"><span class="name">
455 osx.API</span><span class="lang">
456 (C)</span><div class="descr">
457 Check for proper uses of various Apple APIs:<div class=functions>
458 dispatch_once</div></div></div></td>
459 <td><div class="exampleContainer expandable">
460 <div class="example"><pre>
461 void test() {
462 dispatch_once_t pred = 0;
463 dispatch_once(&amp;pred, ^(){}); // warn: dispatch_once uses local
464 }
465 </pre></div></div></td></tr>
466
467
468 <tr><td><div class="namedescr expandable"><span class="name">
469 osx.SecKeychainAPI</span><span class="lang">
470 (C)</span><div class="descr">
471 Check for improper uses of the Security framework's Keychain APIs:<div class=functions>
472 SecKeychainItemCopyContent<br>
473 SecKeychainFindGenericPassword<br>
474 SecKeychainFindInternetPassword<br>
475 SecKeychainItemFreeContent<br>
476 SecKeychainItemCopyAttributesAndData<br>
477 SecKeychainItemFreeAttributesAndData</div></div></div></td>
478 <td><div class="exampleContainer expandable">
479 <div class="example"><pre>
480 void test() {
481 unsigned int *ptr = 0;
482 UInt32 length;
483
484 SecKeychainItemFreeContent(ptr, &amp;length);
485 // warn: trying to free data which has not been allocated
486 }
487 </pre></div>
488 <div class="example"><pre>
489 void test() {
490 unsigned int *ptr = 0;
491 UInt32 *length = 0;
492 void *outData;
493
494 OSStatus st =
495 SecKeychainItemCopyContent(2, ptr, ptr, length, outData);
496 // warn: data is not released
497 }
498 </pre></div>
499 <div class="example"><pre>
500 void test() {
501 unsigned int *ptr = 0;
502 UInt32 *length = 0;
503 void *outData;
504
505 OSStatus st =
506 SecKeychainItemCopyContent(2, ptr, ptr, length, &amp;outData);
507
508 SecKeychainItemFreeContent(ptr, outData);
509 // warn: only call free if a non-NULL buffer was returned
510 }
511 </pre></div>
512 <div class="example"><pre>
513 void test() {
514 unsigned int *ptr = 0;
515 UInt32 *length = 0;
516 void *outData;
517
518 OSStatus st =
519 SecKeychainItemCopyContent(2, ptr, ptr, length, &amp;outData);
520
521 st = SecKeychainItemCopyContent(2, ptr, ptr, length, &amp;outData);
522 // warn: release data before another call to the allocator
523
524 if (st == noErr)
525 SecKeychainItemFreeContent(ptr, outData);
526 }
527 </pre></div>
528 <div class="example"><pre>
529 void test() {
530 SecKeychainItemRef itemRef = 0;
531 SecKeychainAttributeInfo *info = 0;
532 SecItemClass *itemClass = 0;
533 SecKeychainAttributeList *attrList = 0;
534 UInt32 *length = 0;
535 void *outData = 0;
536
537 OSStatus st =
538 SecKeychainItemCopyAttributesAndData(itemRef, info,
539 itemClass, &amp;attrList,
540 length, &amp;outData);
541
542 SecKeychainItemFreeContent(attrList, outData);
543 // warn: deallocator doesn't match the allocator
544 }
545 </pre></div></div></td></tr>
546
547
548 <tr><td><div class="namedescr expandable"><span class="name">
549 osx.cocoa.AtSync</span><span class="lang">
550 (ObjC)</span><div class="descr">
551 Check for nil pointers used as mutexes for <code>@synchronized</code>.</div></div></td>
552 <td><div class="exampleContainer expandable">
553 <div class="example"><pre>
554 void test(id x) {
555 if (!x)
556 @synchronized(x) {} // warn: nil value used as mutex
557 }
558 </pre></div>
559 <div class="example"><pre>
560 void test() {
561 id y;
562 @synchronized(y) {} // warn: uninitialized value used as mutex
563 }
564 </pre></div></div></td></tr>
565
566
567 <tr><td><div class="namedescr expandable"><span class="name">
568 osx.cocoa.ClassRelease</span><span class="lang">
569 (ObjC)</span><div class="descr">
570 Check for sending <code>retain</code>, <code>release</code>, or <code>
571 autorelease</code> directly to a class.</div></div></td>
572 <td><div class="exampleContainer expandable">
573 <div class="example"><pre>
574 @interface MyClass : NSObject
575 @end
576
577 void test(void) {
578 [MyClass release]; // warn
579 }
580 </pre></div></div></td></tr>
581
582
583 <tr><td><div class="namedescr expandable"><span class="name">
584 osx.cocoa.IncompatibleMethodTypes</span><span class="lang">
585 (ObjC)</span><div class="descr">
586 Check for an incompatible type signature when overriding an Objective-C method.</div></div></td>
587 <td><div class="exampleContainer expandable">
588 <div class="example"><pre>
589 @interface MyClass1 : NSObject
590 - (int)foo;
591 @end
592
593 @implementation MyClass1
594 - (int)foo { return 1; }
595 @end
596
597 @interface MyClass2 : MyClass1
598 - (float)foo;
599 @end
600
601 @implementation MyClass2
602 - (float)foo { return 1.0; } // warn
603 @end
604 </pre></div></div></td></tr>
605
606
607 <tr><td><div class="namedescr expandable"><span class="name">
608 alpha.osx.cocoa.MissingSuperCall</span><span class="lang">
609 (ObjC)</span><div class="descr">
610 Warn about Objective-C methods that lack a necessary call to super. (Note: The
611 compiler now has a warning for methods annotated with <code>objc_requires_super</code>
612 attribute. The checker exists to check methods in the Cocoa frameworks
613 that haven't yet adopted this attribute.)</div></div></td>
614 <td><div class="example"><pre>
615 @interface Test : UIViewController
616 @end
617 @implementation test
618 - (void)viewDidLoad {} // warn
619 @end
620 </pre></div></td></tr>
621
622
623 <tr><td><div class="namedescr expandable"><span class="name">
624 osx.cocoa.NSAutoreleasePool</span><span class="lang">
625 (ObjC)</span><div class="descr">
626 Warn for suboptimal uses of NSAutoreleasePool in Objective-C
627 GC mode (<code>-fobjc-gc</code> compiler option).</div></div></td>
628 <td><div class="exampleContainer expandable">
629 <div class="example"><pre>
630 void test() {
631 NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init];
632 [pool release]; // warn
633 }
634 </pre></div></div></td></tr>
635
636
637 <tr><td><div class="namedescr expandable"><span class="name">
638 osx.cocoa.NSError</span><span class="lang">
639 (ObjC)</span><div class="descr">
640 Check usage of <code>NSError**</code> parameters.</div></div></td>
641 <td><div class="exampleContainer expandable">
642 <div class="example"><pre>
643 @interface A : NSObject
644 - (void)foo:(NSError **)error;
645 @end
646
647 @implementation A
648 - (void)foo:(NSError **)error {
649 // warn: method accepting NSError** should have a non-void
650 // return value
651 }
652 @end
653 </pre></div>
654 <div class="example"><pre>
655 @interface A : NSObject
656 - (BOOL)foo:(NSError **)error;
657 @end
658
659 @implementation A
660 - (BOOL)foo:(NSError **)error {
661 *error = 0; // warn: potential null dereference
662 return 0;
663 }
664 @end
665 </pre></div></div></td></tr>
666
667
668 <tr><td><div class="namedescr expandable"><span class="name">
669 osx.cocoa.NilArg</span><span class="lang">
670 (ObjC)</span><div class="descr">
671 Check for prohibited nil arguments in specific Objective-C method calls:<div class=functions>
672 - caseInsensitiveCompare:<br>
673 - compare:<br>
674 - compare:options:<br>
675 - compare:options:range:<br>
676 - compare:options:range:locale:<br>
677 - componentsSeparatedByCharactersInSet:<br>
678 - initWithFormat:</div></div></div></td>
679 <td><div class="exampleContainer expandable">
680 <div class="example"><pre>
681 NSComparisonResult test(NSString *s) {
682 NSString *aString = nil;
683 return [s caseInsensitiveCompare:aString];
684 // warn: argument to 'NSString' method
685 // 'caseInsensitiveCompare:' cannot be nil
686 }
687 </pre></div></div></td></tr>
688
689
690 <tr><td><div class="namedescr expandable"><span class="name">
691 osx.cocoa.RetainCount</span><span class="lang">
692 (ObjC)</span><div class="descr">
693 Check for leaks and violations of the Cocoa Memory Management rules.</div></div></td>
694 <td><div class="exampleContainer expandable">
695 <div class="example"><pre>
696 void test() {
697 NSString *s = [[NSString alloc] init]; // warn
698 }
699 </pre></div>
700 <div class="example"><pre>
701 CFStringRef test(char *bytes) {
702 return CFStringCreateWithCStringNoCopy(
703 0, bytes, NSNEXTSTEPStringEncoding, 0); // warn
704 }
705 </pre></div></div></td></tr>
706
707
708 <tr><td><div class="namedescr expandable"><span class="name">
709 osx.cocoa.SelfInit</span><span class="lang">
710 (ObjC)</span><div class="descr">
711 Check that <code>self</code> is properly initialized inside an initializer
712 method.</div></div></td>
713 <td><div class="exampleContainer expandable">
714 <div class="example"><pre>
715 @interface MyObj : NSObject {
716 id x;
717 }
718 - (id)init;
719 @end
720
721 @implementation MyObj
722 - (id)init {
723 [super init];
724 x = 0; // warn: instance variable used while 'self' is not
725 // initialized
726 return 0;
727 }
728 @end
729 </pre></div>
730 <div class="example"><pre>
731 @interface MyObj : NSObject
732 - (id)init;
733 @end
734
735 @implementation MyObj
736 - (id)init {
737 [super init];
738 return self; // warn: returning uninitialized 'self'
739 }
740 @end
741 </pre></div></div></td></tr>
742
743
744 <tr><td><div class="namedescr expandable"><span class="name">
745 osx.cocoa.UnusedIvars</span><span class="lang">
746 (ObjC)</span><div class="descr">
747 Warn about private ivars that are never used.</div></div></td>
748 <td><div class="exampleContainer expandable">
749 <div class="example"><pre>
750 @interface MyObj : NSObject {
751 @private
752 id x; // warn
753 }
754 @end
755
756 @implementation MyObj
757 @end
758 </pre></div></div></td></tr>
759
760
761 <tr><td><div class="namedescr expandable"><span class="name">
762 osx.cocoa.VariadicMethodTypes</span><span class="lang">
763 (ObjC)</span><div class="descr">
764 Check for passing non-Objective-C types to variadic collection initialization
765 methods that expect only Objective-C types.</div></div></td>
766 <td><div class="exampleContainer expandable">
767 <div class="example"><pre>
768 void test() {
769 [NSSet setWithObjects:@"Foo", "Bar", nil];
770 // warn: argument should be an ObjC pointer type, not 'char *'
771 }
772 </pre></div></div></td></tr>
773
774
775 <tr><td><div class="namedescr expandable"><span class="name">
776 osx.coreFoundation.CFError</span><span class="lang">
777 (C)</span><div class="descr">
778 Check usage of <code>CFErrorRef*</code> parameters.</div></div></td>
779 <td><div class="exampleContainer expandable">
780 <div class="example"><pre>
781 void test(CFErrorRef *error) {
782 // warn: function accepting CFErrorRef* should have a
783 // non-void return
784 }
785 </pre></div>
786 <div class="example"><pre>
787 int foo(CFErrorRef *error) {
788 *error = 0; // warn: potential null dereference
789 return 0;
790 }
791 </pre></div></div></td></tr>
792
793
794 <tr><td><div class="namedescr expandable"><span class="name">
795 osx.coreFoundation.CFNumber</span><span class="lang">
796 (C)</span><div class="descr">
797 Check for improper uses of <code>CFNumberCreate</code>.</div></div></td>
798 <td><div class="exampleContainer expandable">
799 <div class="example"><pre>
800 CFNumberRef test(unsigned char x) {
801 return CFNumberCreate(0, kCFNumberSInt16Type, &amp;x);
802 // warn: 8 bit integer is used to initialize a 16 bit integer
803 }
804 </pre></div></div></td></tr>
805
806
807 <tr><td><div class="namedescr expandable"><span class="name">
808 osx.coreFoundation.CFRetainRelease</span><span class="lang">
809 (C)</span><div class="descr">
810 Check for null arguments to <code>CFRetain</code>, <code>CFRelease</code>,
811 <code>CFMakeCollectable</code>.</div></div></td>
812 <td><div class="exampleContainer expandable">
813 <div class="example"><pre>
814 void test(CFTypeRef p) {
815 if (!p)
816 CFRetain(p); // warn
817 }
818 </pre></div>
819 <div class="example"><pre>
820 void test(int x, CFTypeRef p) {
821 if (p)
822 return;
823
824 CFRelease(p); // warn
825 }
826 </pre></div></div></td></tr>
827
828
829 <tr><td><div class="namedescr expandable"><span class="name">
830 osx.coreFoundation.containers.OutOfBounds</span><span class="lang">
831 (C)</span><div class="descr">
832 Checks for index out-of-bounds when using <code>CFArray</code> API.</div></div></td>
833 <td><div class="exampleContainer expandable">
834 <div class="example"><pre>
835 void test() {
836 CFArrayRef A = CFArrayCreate(0, 0, 0, &amp;kCFTypeArrayCallBacks);
837 CFArrayGetValueAtIndex(A, 0); // warn
838 }
839 </pre></div></div></td></tr>
840
841
842 <tr><td><div class="namedescr expandable"><span class="name">
843 osx.coreFoundation.containers.PointerSizedValues</span><span class="lang">
844 (C)</span><div class="descr">
845 Warns if <code>CFArray</code>, <code>CFDictionary</code>, <code>CFSet</code> are
846 created with non-pointer-size values.</div></div></td>
847 <td><div class="exampleContainer expandable">
848 <div class="example"><pre>
849 void test() {
850 int x[] = { 1 };
851 CFArrayRef A = CFArrayCreate(0, (const void **)x, 1,
852 &amp;kCFTypeArrayCallBacks); // warn
853 }
854 </pre></div></div></td></tr>
855
856 </tbody></table>
857
858 <!------------------------------- security ------------------------------------>
859 <h3 id="security_checkers">Security Checkers</h3>
860 <table class="checkers">
861 <colgroup><col class="namedescr"><col class="example"></colgroup>
862 <thead><tr><td>Name, Description</td><td>Example</td></tr></thead>
863
864 <tbody>
865 <tr><td><div class="namedescr expandable"><span class="name">
866 security.FloatLoopCounter</span><span class="lang">
867 (C)</span><div class="descr">
868 Warn on using a floating point value as a loop counter (CERT: FLP30-C,
869 FLP30-CPP).</div></div></td>
870 <td><div class="exampleContainer expandable">
871 <div class="example"><pre>
872 void test() {
873 for (float x = 0.1f; x <= 1.0f; x += 0.1f) {} // warn
874 }
875 </pre></div></div></td></tr>
876
877
878 <tr><td><div class="namedescr expandable"><span class="name">
879 security.insecureAPI.UncheckedReturn</span><span class="lang">
880 (C)</span><div class="descr">
881 Warn on uses of functions whose return values must be always checked:<div class=functions>
882 setuid<br>
883 setgid<br>
884 seteuid<br>
885 setegid<br>
886 setreuid<br>
887 setregid</div></div></div></td>
888 <td><div class="exampleContainer expandable">
889 <div class="example"><pre>
890 void test() {
891 setuid(1); // warn
892 }
893 </pre></div></div></td></tr>
894
895
896 <tr><td><div class="namedescr expandable"><span class="name">
897 security.insecureAPI.getpw</span><span class="lang">
898 (C)</span><div class="descr">
899 Warn on uses of the <code>getpw</code> function.</div></div></td>
900 <td><div class="exampleContainer expandable">
901 <div class="example"><pre>
902 void test() {
903 char buff[1024];
904 getpw(2, buff); // warn
905 }
906 </pre></div></div></td></tr>
907
908
909 <tr><td><div class="namedescr expandable"><span class="name">
910 security.insecureAPI.gets</span><span class="lang">
911 (C)</span><div class="descr">
912 Warn on uses of the <code>gets</code> function.</div></div></td>
913 <td><div class="exampleContainer expandable">
914 <div class="example"><pre>
915 void test() {
916 char buff[1024];
917 gets(buff); // warn
918 }
919 </pre></div></div></td></tr>
920
921
922 <tr><td><div class="namedescr expandable"><span class="name">
923 security.insecureAPI.mkstemp</span><span class="lang">
924 (C)</span><div class="descr">
925 Warn when <code>mktemp</code>, <code>mkstemp</code>, <code>mkstemps</code> or
926 <code>mkdtemp</code> is passed fewer than 6
927 X's in the format string.</div></div></td>
928 <td><div class="exampleContainer expandable">
929 <div class="example"><pre>
930 void test() {
931 mkstemp("XX"); // warn
932 }
933 </pre></div></div></td></tr>
934
935
936 <tr><td><div class="namedescr expandable"><span class="name">
937 security.insecureAPI.mktemp</span><span class="lang">
938 (C)</span><div class="descr">
939 Warn on uses of the <code>mktemp</code> function.</div></div></td>
940 <td><div class="exampleContainer expandable">
941 <div class="example"><pre>
942 void test() {
943 char *x = mktemp("/tmp/zxcv"); // warn: insecure, use mkstemp
944 }
945 </pre></div></div></td></tr>
946
947
948 <tr><td><div class="namedescr expandable"><span class="name">
949 security.insecureAPI.rand</span><span class="lang">
950 (C)</span><div class="descr">
951 Warn on uses of inferior random number generating functions (only if <code>arc4random</code>
952 function is available):<div class=functions>
953 drand48<br>
954 erand48<br>
955 jrand48<br>
956 lcong48<br>
957 lrand48<br>
958 mrand48<br>
959 nrand48<br>
960 random<br>
961 rand_r</div></div></div></td>
962 <td><div class="exampleContainer expandable">
963 <div class="example"><pre>
964 void test() {
965 random(); // warn
966 }
967 </pre></div></div></td></tr>
968
969
970 <tr><td><div class="namedescr expandable"><span class="name">
971 security.insecureAPI.strcpy</span><span class="lang">
972 (C)</span><div class="descr">
973 Warn on uses of the <code>strcpy</code> and <code>strcat</code> functions.</div></div></td>
974 <td><div class="exampleContainer expandable">
975 <div class="example"><pre>
976 void test() {
977 char x[4];
978 char *y = "abcd";
979
980 strcpy(x, y); // warn
981 }
982 </pre></div></div></td></tr>
983
984
985 <tr><td><div class="namedescr expandable"><span class="name">
986 security.insecureAPI.vfork</span><span class="lang">
987 (C)</span><div class="descr">
988 Warn on uses of the <code>vfork</code> function.</div></div></td>
989 <td><div class="exampleContainer expandable">
990 <div class="example"><pre>
991 void test() {
992 vfork(); // warn
993 }
994 </pre></div></div></td></tr>
995
996 </tbody></table>
997
998 <!--------------------------------- unix -------------------------------------->
999 <h3 id="unix_checkers">Unix Checkers</h3>
1000 <table class="checkers">
1001 <colgroup><col class="namedescr"><col class="example"></colgroup>
1002 <thead><tr><td>Name, Description</td><td>Example</td></tr></thead>
1003
1004 <tbody>
1005 <tr><td><div class="namedescr expandable"><span class="name">
1006 unix.API</span><span class="lang">
1007 (C)</span><div class="descr">
1008 Check calls to various UNIX/POSIX functions:<div class=functions>
1009 open<br>
1010 pthread_once<br>
1011 calloc<br>
1012 malloc<br>
1013 realloc<br>
1014 alloca<br>
1015 <td><div class="exampleContainer expandable">
1016 <div class="example"><pre>
1017 // Currently the check is performed for apple targets only.
1018 void test(const char *path) {
1019 int fd = open(path, O_CREAT);
1020 // warn: call to 'open' requires a third argument when the
1021 // 'O_CREAT' flag is set
1022 }
1023 </pre></div>
1024 <div class="example"><pre>
1025 void f();
1026
1027 void test() {
1028 pthread_once_t pred = {0x30B1BCBA, {0}};
1029 pthread_once(&amp;pred, f);
1030 // warn: call to 'pthread_once' uses the local variable
1031 }
1032 </pre></div>
1033 <div class="example"><pre>
1034 void test() {
1035 void *p = malloc(0); // warn: allocation size of 0 bytes
1036 }
1037 </pre></div>
1038 <div class="example"><pre>
1039 void test() {
1040 void *p = calloc(0, 42); // warn: allocation size of 0 bytes
1041 }
1042 </pre></div>
1043 <div class="example"><pre>
1044 void test() {
1045 void *p = malloc(1);
1046 p = realloc(p, 0); // warn: allocation size of 0 bytes
1047 }
1048 </pre></div>
1049 <div class="example"><pre>
1050 void test() {
1051 void *p = alloca(0); // warn: allocation size of 0 bytes
1052 }
1053 </pre></div>
1054 <div class="example"><pre>
1055 void test() {
1056 void *p = valloc(0); // warn: allocation size of 0 bytes
1057 }
1058 </pre></div></div></td></tr>
1059
1060
1061 <tr><td><div class="namedescr expandable"><span class="name">
1062 unix.Malloc</span><span class="lang">
1063 (C)</span><div class="descr">
1064 Check for memory leaks, double free, and use-after-free and offset problems
1065 involving <code>malloc</code>.</div></div></td>
1066 <td><div class="exampleContainer expandable">
1067 <div class="example"><pre>
1068 void test() {
1069 int *p = malloc(1);
1070 free(p);
1071 free(p); // warn: attempt to free released memory
1072 }
1073 </pre></div>
1074 <div class="example"><pre>
1075 void test() {
1076 int *p = malloc(sizeof(int));
1077 free(p);
1078 *p = 1; // warn: use after free
1079 }
1080 </pre></div>
1081 <div class="example"><pre>
1082 void test() {
1083 int *p = malloc(1);
1084 if (p)
1085 return; // warn: memory is never released
1086 }
1087 </pre></div>
1088 <div class="example"><pre>
1089 void test() {
1090 int a[] = { 1 };
1091 free(a); // warn: argument is not allocated by malloc
1092 }
1093 </pre></div>
1094 <div class="example"><pre>
1095 void test() {
1096 int *p = malloc(sizeof(char));
1097 p = p - 1;
1098 free(p); // warn: argument to free() is offset by -4 bytes
1099 }
1100 </pre></div></div></td></tr>
1101
1102
1103 <tr><td><div class="namedescr expandable"><span class="name">
1104 unix.MallocSizeof</span><span class="lang">
1105 (C)</span><div class="descr">
1106 Check for dubious <code>malloc</code>, <code>calloc</code> or
1107 <code>realloc</code> arguments involving <code>sizeof</code>.</div></div></td>
1108 <td><div class="exampleContainer expandable">
1109 <div class="example"><pre>
1110 void test() {
1111 long *p = malloc(sizeof(short));
1112 // warn: result is converted to 'long *', which is
1113 // incompatible with operand type 'short'
1114 free(p);
1115 }
1116 </pre></div></div></td></tr>
1117
1118
1119 <tr><td><div class="namedescr expandable"><span class="name">
1120 unix.MismatchedDeallocator</span><span class="lang">
1121 (C, C++, ObjC)</span><div class="descr">
1122 Check for mismatched deallocators (e.g. passing a pointer allocating
1123 with <code>new</code> to <code>free()</code>).</div></div></td>
1124 <td><div class="exampleContainer expandable">
1125 <div class="example"><pre>
1126 // C, C++
1127 void test() {
1128 int *p = (int *)malloc(sizeof(int));
1129 delete p; // warn
1130 }
1131 </pre></div>
1132 <div class="example"><pre>
1133 // C, C++
1134 void __attribute((ownership_returns(malloc))) *user_malloc(size_t);
1135
1136 void test() {
1137 int *p = (int *)user_malloc(sizeof(int));
1138 delete p; // warn
1139 }
1140 </pre></div>
1141 <div class="example"><pre>
1142 // C, C++
1143 void test() {
1144 int *p = new int;
1145 free(p); // warn
1146 }
1147 </pre></div>
1148 <div class="example"><pre>
1149 // C, C++
1150 void test() {
1151 int *p = new int[1];
1152 realloc(p, sizeof(long)); // warn
1153 }
1154 </pre></div>
1155 <div class="example"><pre>
1156 // C, C++
1157 template &lt;typename T&gt;
1158 struct SimpleSmartPointer {
1159 T *ptr;
1160
1161 explicit SimpleSmartPointer(T *p = 0) : ptr(p) {}
1162 ~SimpleSmartPointer() {
1163 delete ptr; // warn
1164 }
1165 };
1166
1167 void test() {
1168 SimpleSmartPointer&lt;int&gt; a((int *)malloc(4));
1169 }
1170 </pre></div>
1171 <div class="example"><pre>
1172 // C++
1173 void test() {
1174 int *p = (int *)operator new(0);
1175 delete[] p; // warn
1176 }
1177 </pre></div>
1178 <div class="example"><pre>
1179 // Objective-C, C++
1180 void test(NSUInteger dataLength) {
1181 int *p = new int;
1182 NSData *d = [NSData dataWithBytesNoCopy:p
1183 length:sizeof(int) freeWhenDone:1];
1184 // warn +dataWithBytesNoCopy:length:freeWhenDone: cannot take
1185 // ownership of memory allocated by 'new'
1186 }
1187 </pre></div></div></td></tr>
1188
1189
1190 <tr><td><div class="namedescr expandable"><span class="name">
1191 unix.cstring.BadSizeArg</span><span class="lang">
1192 (C)</span><div class="descr">
1193 Check the size argument passed to <code>strncat</code> for common erroneous
1194 patterns. Use <code>-Wno-strncat-size</code> compiler option to mute other
1195 <code>strncat</code>-related compiler warnings.
1196 </div></div></td>
1197 <td><div class="exampleContainer expandable">
1198 <div class="example"><pre>
1199 void test() {
1200 char dest[3];
1201 strncat(dest, "***", sizeof(dest));
1202 // warn: potential buffer overflow
1203 }
1204 </pre></div></div></td></tr>
1205
1206
1207 <tr><td><div class="namedescr expandable"><span class="name">
1208 unix.cstring.NullArg</span><span class="lang">
1209 (C)</span><div class="descr">
1210 Check for null pointers being passed as arguments to C string functions:<div class=functions>
1211 strlen<br>
1212 strnlen<br>
1213 strcpy<br>
1214 strncpy<br>
1215 strcat<br>
1216 strncat<br>
1217 strcmp<br>
1218 strncmp<br>
1219 strcasecmp<br>
1220 strncasecmp</div></div></div></td>
1221 <td><div class="example"><pre>
1222 int test() {
1223 return strlen(0); // warn
1224 }
1225 </pre></div></td></tr>
1226
1227 </tbody></table>
1228
1229 </div> <!-- page -->
1230 </div> <!-- content -->
1231 </body>
1232 </html>
MINIX 3 (repo.or.cz mirror)