Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / clang / d64e2ee48a6dca4612dda56b785be571be391047 / . / www / analyzer / available_checks.html
blob: 3a902a3d36f5d9684e6a9e9f02c6d51115145593 [file] [log] [blame]
Ted Kremenek591b9072009-06-08 21:21:24 +0000[diff] [blame]1<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
2 "http://www.w3.org/TR/html4/strict.dtd">
3<html>
4<head>
5 <title>Available Checks</title>
Benjamin Kramer665a8dc2012-01-15 15:26:07 +0000[diff] [blame]6 <link type="text/css" rel="stylesheet" href="menu.css">
7 <link type="text/css" rel="stylesheet" href="content.css">
Ted Kremenekf4aed5f2010-02-12 21:05:44 +0000[diff] [blame]8 <script type="text/javascript" src="scripts/menu.js"></script>
Benjamin Kramer665a8dc2012-01-15 15:26:07 +0000[diff] [blame]9 <style type="text/css">
10 tr:first-child { width:20%; }
11 </style>
Ted Kremenek591b9072009-06-08 21:21:24 +0000[diff] [blame]12</head>
13<body>
14
Ted Kremenek8bebc6e2010-02-09 23:05:59 +0000[diff] [blame]15<div id="page">
Ted Kremenek591b9072009-06-08 21:21:24 +0000[diff] [blame]16<!--#include virtual="menu.html.incl"-->
17
18<div id="content">
19
20<h1>Available Checks</h1>
21
Anna Zaks0e5df1a2011-11-05 05:20:54 +0000[diff] [blame]22<h3>The list of the checks the analyzer performs by default</h3>
23<p>
24<table border="0" cellpadding="3" cellspacing="3" width="100%">
25<!-- <tr>
26<th><h4>Checker Name</h4></th>
27<th><h4>Description</h4></th>
28</tr>-->
29<tr>
Benjamin Kramer665a8dc2012-01-15 15:26:07 +0000[diff] [blame]30<td><b>core.AdjustedReturnValue</b></td><td>Check to see if the return value of a function call is different than the caller expects (e.g., from calls through function pointers).</td>
Anna Zaks0e5df1a2011-11-05 05:20:54 +0000[diff] [blame]31</tr>
32<tr>
Benjamin Kramer665a8dc2012-01-15 15:26:07 +0000[diff] [blame]33<td><b>core.AttributeNonNull</b></td><td>Check for null pointers passed as arguments to a function whose arguments are marked with the 'nonnull' attribute.</td>
Anna Zaks0e5df1a2011-11-05 05:20:54 +0000[diff] [blame]34</tr>
35<tr>
Benjamin Kramer665a8dc2012-01-15 15:26:07 +0000[diff] [blame]36<td><b>core.CallAndMessage</b></td><td>Check for logical errors for function calls and Objective-C message expressions (e.g., uninitialized arguments, null function pointers).</td>
Anna Zaks0e5df1a2011-11-05 05:20:54 +0000[diff] [blame]37</tr>
38<tr>
Benjamin Kramer665a8dc2012-01-15 15:26:07 +0000[diff] [blame]39<td><b>core.DivideZero</b></td><td>Check for division by zero.</td>
Anna Zaks0e5df1a2011-11-05 05:20:54 +0000[diff] [blame]40</tr>
41<tr>
Benjamin Kramer665a8dc2012-01-15 15:26:07 +0000[diff] [blame]42<td><b>core.NullDereference</b></td><td>Check for dereferences of null pointers.</td>
Anna Zaks0e5df1a2011-11-05 05:20:54 +0000[diff] [blame]43</tr>
44<tr>
Benjamin Kramer665a8dc2012-01-15 15:26:07 +0000[diff] [blame]45<td><b>core.StackAddressEscape</b></td><td>Check that addresses to stack memory do not escape the function.</td>
Anna Zaks0e5df1a2011-11-05 05:20:54 +0000[diff] [blame]46</tr>
47<tr>
Benjamin Kramer665a8dc2012-01-15 15:26:07 +0000[diff] [blame]48<td><b>core.UndefinedBinaryOperatorResult</b></td><td>Check for undefined results of binary operators.</td>
Anna Zaks0e5df1a2011-11-05 05:20:54 +0000[diff] [blame]49</tr>
50<tr>
Benjamin Kramer665a8dc2012-01-15 15:26:07 +0000[diff] [blame]51<td><b>core.VLASize</b></td><td>Check for declarations of VLA of undefined or zero size.</td>
Anna Zaks0e5df1a2011-11-05 05:20:54 +0000[diff] [blame]52</tr>
53<tr>
Benjamin Kramer665a8dc2012-01-15 15:26:07 +0000[diff] [blame]54<td><b>core.builtin.BuiltinFunctions</b></td><td>Evaluate compiler builtin functions (e.g., alloca()).</td>
Anna Zaks0e5df1a2011-11-05 05:20:54 +0000[diff] [blame]55</tr>
56<tr>
Benjamin Kramer665a8dc2012-01-15 15:26:07 +0000[diff] [blame]57<td><b>core.builtin.NoReturnFunctions</b></td><td>Evaluate "panic" functions that are known to not return to the caller.</td>
Anna Zaks0e5df1a2011-11-05 05:20:54 +0000[diff] [blame]58</tr>
59<tr>
Benjamin Kramer665a8dc2012-01-15 15:26:07 +0000[diff] [blame]60<td><b>core.uninitialized.ArraySubscript</b></td><td>Check for uninitialized values used as array subscripts.</td>
Anna Zaks0e5df1a2011-11-05 05:20:54 +0000[diff] [blame]61</tr>
62<tr>
Benjamin Kramer665a8dc2012-01-15 15:26:07 +0000[diff] [blame]63<td><b>core.uninitialized.Assign</b></td><td>Check for assigning uninitialized values.</td>
Anna Zaks0e5df1a2011-11-05 05:20:54 +0000[diff] [blame]64</tr>
65<tr>
Benjamin Kramer665a8dc2012-01-15 15:26:07 +0000[diff] [blame]66<td><b>core.uninitialized.Branch</b></td><td>Check for uninitialized values used as branch conditions.</td>
Anna Zaks0e5df1a2011-11-05 05:20:54 +0000[diff] [blame]67</tr>
68<tr>
Benjamin Kramer665a8dc2012-01-15 15:26:07 +0000[diff] [blame]69<td><b>core.uninitialized.CapturedBlockVariable</b></td><td>Check for blocks that capture uninitialized values.</td>
Anna Zaks0e5df1a2011-11-05 05:20:54 +0000[diff] [blame]70</tr>
71<tr>
Benjamin Kramer665a8dc2012-01-15 15:26:07 +0000[diff] [blame]72<td><b>core.uninitialized.UndefReturn</b></td><td>Check for uninitialized values being returned to the caller.</td>
Anna Zaks0e5df1a2011-11-05 05:20:54 +0000[diff] [blame]73</tr>
74<tr>
Benjamin Kramer665a8dc2012-01-15 15:26:07 +0000[diff] [blame]75<td><b>deadcode.DeadStores</b></td><td>Check for values stored to variables that are never read afterwards.</td>
Anna Zaks0e5df1a2011-11-05 05:20:54 +0000[diff] [blame]76</tr>
Anna Zaks30a09082012-05-09 17:57:16 +0000[diff] [blame]77<!--
Anna Zaks0e5df1a2011-11-05 05:20:54 +0000[diff] [blame]78<tr>
Benjamin Kramer665a8dc2012-01-15 15:26:07 +0000[diff] [blame]79<td><b>deadcode.IdempotentOperations</b></td><td>Warn about idempotent operations.</td>
Anna Zaks0e5df1a2011-11-05 05:20:54 +0000[diff] [blame]80</tr>
Anna Zaks30a09082012-05-09 17:57:16 +0000[diff] [blame]81-->
Anna Zaks0e5df1a2011-11-05 05:20:54 +0000[diff] [blame]82<tr>
Benjamin Kramer665a8dc2012-01-15 15:26:07 +0000[diff] [blame]83<td><b>osx.API</b></td><td>Check for proper uses of various Mac OS X APIs.</td>
Anna Zaks0e5df1a2011-11-05 05:20:54 +0000[diff] [blame]84</tr>
85<tr>
Benjamin Kramer665a8dc2012-01-15 15:26:07 +0000[diff] [blame]86<td><b>osx.AtomicCAS</b></td><td>Evaluate calls to OSAtomic functions.</td>
Anna Zaks0e5df1a2011-11-05 05:20:54 +0000[diff] [blame]87</tr>
88<tr>
Benjamin Kramer665a8dc2012-01-15 15:26:07 +0000[diff] [blame]89<td><b>osx.SecKeychainAPI</b></td><td>Check for proper uses of Secure Keychain APIs.</td>
Anna Zaks0e5df1a2011-11-05 05:20:54 +0000[diff] [blame]90</tr>
91<tr>
Benjamin Kramer665a8dc2012-01-15 15:26:07 +0000[diff] [blame]92<td><b>osx.cocoa.AtSync</b></td><td>Check for null pointers used as mutexes for @synchronized.</td>
Anna Zaks0e5df1a2011-11-05 05:20:54 +0000[diff] [blame]93</tr>
94<tr>
Benjamin Kramer665a8dc2012-01-15 15:26:07 +0000[diff] [blame]95<td><b>osx.cocoa.ClassRelease</b></td><td>Check for sending 'retain', 'release', or 'autorelease' directly to a Class.</td>
Anna Zaks0e5df1a2011-11-05 05:20:54 +0000[diff] [blame]96</tr>
97<tr>
Benjamin Kramer665a8dc2012-01-15 15:26:07 +0000[diff] [blame]98<td><b>osx.cocoa.IncompatibleMethodTypes</b></td><td>Warn about Objective-C method signatures with type incompatibilities.</td>
Anna Zaks0e5df1a2011-11-05 05:20:54 +0000[diff] [blame]99</tr>
100<tr>
Benjamin Kramer665a8dc2012-01-15 15:26:07 +0000[diff] [blame]101<td><b>osx.cocoa.NSAutoreleasePool</b></td><td>Warn for suboptimal uses of NSAutoreleasePool in Objective-C GC mode.</td>
Anna Zaks0e5df1a2011-11-05 05:20:54 +0000[diff] [blame]102</tr>
103<tr>
Benjamin Kramer665a8dc2012-01-15 15:26:07 +0000[diff] [blame]104<td><b>osx.cocoa.NSError</b></td><td>Check usage of NSError** parameters.</td>
Anna Zaks0e5df1a2011-11-05 05:20:54 +0000[diff] [blame]105</tr>
106<tr>
Benjamin Kramer665a8dc2012-01-15 15:26:07 +0000[diff] [blame]107<td><b>osx.cocoa.NilArg</b></td><td>Check for prohibited nil arguments to ObjC method calls.</td>
Anna Zaks0e5df1a2011-11-05 05:20:54 +0000[diff] [blame]108</tr>
109<tr>
Benjamin Kramer665a8dc2012-01-15 15:26:07 +0000[diff] [blame]110<td><b>osx.cocoa.RetainCount</b></td><td>Check for leaks and improper reference count management.</td>
Anna Zaks0e5df1a2011-11-05 05:20:54 +0000[diff] [blame]111</tr>
112<tr>
Anna Zaks30a09082012-05-09 17:57:16 +0000[diff] [blame]113<td><b>osx.cocoa.SelfInit</b></td><td>Check that 'self' is properly initialized inside an initializer method.</td>
114</tr>
115<tr>
Benjamin Kramer665a8dc2012-01-15 15:26:07 +0000[diff] [blame]116<td><b>osx.cocoa.UnusedIvars</b></td><td>Warn about private ivars that are never used.</td>
Anna Zaks0e5df1a2011-11-05 05:20:54 +0000[diff] [blame]117</tr>
118<tr>
Benjamin Kramer665a8dc2012-01-15 15:26:07 +0000[diff] [blame]119<td><b>osx.cocoa.VariadicMethodTypes</b></td><td>Check for passing non-Objective-C types to variadic methods that expect only Objective-C types.</td>
Anna Zaks0e5df1a2011-11-05 05:20:54 +0000[diff] [blame]120</tr>
121<tr>
Benjamin Kramer665a8dc2012-01-15 15:26:07 +0000[diff] [blame]122<td><b>osx.coreFoundation.CFError</b></td><td>Check usage of CFErrorRef* parameters.</td>
Anna Zaks0e5df1a2011-11-05 05:20:54 +0000[diff] [blame]123</tr>
124<tr>
Benjamin Kramer665a8dc2012-01-15 15:26:07 +0000[diff] [blame]125<td><b>osx.coreFoundation.CFNumber</b></td><td>Check for proper uses of CFNumberCreate.</td>
Anna Zaks0e5df1a2011-11-05 05:20:54 +0000[diff] [blame]126</tr>
127<tr>
Benjamin Kramer665a8dc2012-01-15 15:26:07 +0000[diff] [blame]128<td><b>osx.coreFoundation.CFRetainRelease</b></td><td>Check for null arguments to CFRetain/CFRelease.</td>
Anna Zaks0e5df1a2011-11-05 05:20:54 +0000[diff] [blame]129</tr>
Anna Zaks30a09082012-05-09 17:57:16 +0000[diff] [blame]130<td><b>osx.coreFoundation.containers.OutOfBounds</b></td><td>Checks for index out-of-bounds when using 'CFArray' API.</td>
131</tr>
132<tr>
133<td><b>osx.coreFoundation.containers.PointerSizedValues</b></td><td>Warns if 'CFArray', 'CFDictionary', 'CFSet' are created with non-pointer-size values.</td>
134</tr>
135<tr>
136<td><b>security.FloatLoopCounter</b></td><td>Warn on using a floating point value as a loop counter (CERT: FLP30-C, FLP30-CPP).</td>
137</tr>
138<tr>
139<td><b>security.insecureAPI.UncheckedReturn</b></td><td>Warn on uses of functions whose return values must be always checked.</td>
140</tr>
141<tr>
142<td><b>security.insecureAPI.getpw</b></td><td>Warn on uses of the 'getpw' function.</td>
143</tr>
144<tr>
145<td><b>security.insecureAPI.gets</b></td><td>Warn on uses of the 'gets' function.</td>
146</tr>
147<tr>
148<td><b>security.insecureAPI.mkstemp</b></td><td>Warn when 'mkstemp' is passed fewer than 6 X's in the format string.</td>
149</tr>
150<tr>
151<td><b>security.insecureAPI.mktemp</b></td><td>Warn on uses of the 'mktemp' function.</td>
152</tr>
153<tr>
154<td><b>security.insecureAPI.rand</b></td><td>Warn on uses of the 'rand', 'random', and related functions.</td>
155</tr>
156<tr>
157<td><b>security.insecureAPI.strcpy</b></td><td>Warn on uses of the 'strcpy' and 'strcat' functions.</td>
158</tr>
159<tr>
160<td><b>security.insecureAPI.vfork</b></td><td>Warn on uses of the 'vfork' function.</td>
161</tr>
Anna Zaks0e5df1a2011-11-05 05:20:54 +0000[diff] [blame]162<tr>
Benjamin Kramer665a8dc2012-01-15 15:26:07 +0000[diff] [blame]163<td><b>unix.API</b></td><td>Check calls to various UNIX/Posix functions.</td>
Anna Zaks0e5df1a2011-11-05 05:20:54 +0000[diff] [blame]164</tr>
Anna Zaks30a09082012-05-09 17:57:16 +0000[diff] [blame]165<tr>
166<td><b>unix.Malloc</b></td><td>Check for memory leaks, double free, and use-after-free problems.</td>
167</tr>
168<tr>
169<td><b>unix.MallocSizeof</b></td><td>Check for dubious malloc arguments involving sizeof.</td>
170</tr>
171<tr>
172<td><b>unix.cstring.BadSizeArg</b></td><td>Check the size argument passed into C string functions for common erroneous patterns.</td>
173</tr>
174<tr>
175<td><b>unix.cstring.NullArg</b></td><td>Check for null pointers being passed as arguments to C string functions.</td>
Anna Zaks0e5df1a2011-11-05 05:20:54 +0000[diff] [blame]176</table>
177
178<p>In addition to these the analyzer contains numerous experimental (beta) checkers.</p>
179
180<h3>Writeups with examples of some of the bugs that the analyzer finds</h3>
Ted Kremenek591b9072009-06-08 21:21:24 +0000[diff] [blame]181
182<ul>
183<li><a href="http://www.mobileorchard.com/bug-finding-with-clang-5-resources-to-get-you-started/">Bug Finding With Clang: 5 Resources To Get You Started</a></li>
184<li><a href="http://fruitstandsoftware.com/blog/index.php/2008/08/finding-memory-leaks-with-the-llvmclang-static-analyzer/#comment-2">Finding Memory Leaks With The LLVM/Clang Static Analyzer</a></li>
185<li><a href="http://www.therareair.com/howto-static-analyze-your-objective-c-code-using-the-clang-static-analyzer-tool-gallery/">HOWTO: Static Analyze Your Objective-C Code Using the Clang Static Analyzer Tool Gallery</a></li>
186<li><a href="http://www.rogueamoeba.com/utm/2008/07/14/the-clang-static-analyzer/">Under the Microscope - The Clang Static Analyzer</a></li>
187<li><a href="http://www.mikeash.com/?page=pyblog/friday-qa-2009-03-06-using-the-clang-static-analyzer.html">Mike Ash - Using the Clang Static Analyzer</a></li>
188</ul>
189
190
191</div>
Ted Kremenek8bebc6e2010-02-09 23:05:59 +0000[diff] [blame]192</div>
Ted Kremenek591b9072009-06-08 21:21:24 +0000[diff] [blame]193</body>
194</html>
195