Author: szelethus Date: Sun Oct 21 15:10:15 2018 New Revision: 344878 URL: http://llvm.org/viewvc/llvm-project?rev=344878&view=rev Log: [analyzer][www] Update alpha_checks.html
I added some missing doc. I have not developed any of these checkers, it might worth really inspecting whether I wrote something terribly incorrect. Differential Revision: https://reviews.llvm.org/D52969 Modified: cfe/trunk/www/analyzer/alpha_checks.html cfe/trunk/www/analyzer/available_checks.html Modified: cfe/trunk/www/analyzer/alpha_checks.html URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/www/analyzer/alpha_checks.html?rev=344878&r1=344877&r2=344878&view=diff ============================================================================== --- cfe/trunk/www/analyzer/alpha_checks.html (original) +++ cfe/trunk/www/analyzer/alpha_checks.html Sun Oct 21 15:10:15 2018 @@ -107,6 +107,7 @@ void test(void) { } </pre></div></div></td></tr> + <tr><td><div class="namedescr expandable"><span class="name"> alpha.core.CastSize</span><span class="lang"> (C)</span><div class="descr"> @@ -276,6 +277,33 @@ int test(struct s *p) { <tr><td><div class="namedescr expandable"><span class="name"> +alpha.core.StackAddressAsyncEscape</span><span class="lang"> +(C)</span><div class="descr"> +Check that addresses to stack memory do not escape the function that involves +<code>dispatch_after</code> or <code>dispatch_async</code>. This checker is +a part of core.StackAddressEscape, but is +<a href=https://reviews.llvm.org/D41042>temporarily disabled</a> until some +false positives are fixed.</div></div></td> +<td><div class="exampleContainer expandable"> +<div class="example"><pre> +dispatch_block_t test_block_inside_block_async_leak() { + int x = 123; + void (^inner)(void) = ^void(void) { + int y = x; + ++y; + }; + void (^outer)(void) = ^void(void) { + int z = x; + ++z; + inner(); + }; + return outer; // warn: address of stack-allocated block is captured by a + // returned block +} +</pre></div></div></td></tr> + + +<tr><td><div class="namedescr expandable"><span class="name"> alpha.core.TestAfterDivZero</span><span class="lang"> (C, C++, ObjC)</span><div class="descr"> Check for division by variable that is later compared against 0. @@ -289,6 +317,7 @@ void test(int x) { } </pre></div></div></td></tr> + </tbody></table> <!-- =========================== cplusplus alpha =========================== --> @@ -296,72 +325,142 @@ void test(int x) { <table class="checkers"> <colgroup><col class="namedescr"><col class="example"></colgroup> <thead><tr><td>Name, Description</td><td>Example</td></tr></thead> - <tbody> + + <tr><td><div class="namedescr expandable"><span class="name"> -alpha.cplusplus.VirtualCall</span><span class="lang"> +alpha.cplusplus.DeleteWithNonVirtualDtor</span><span class="lang"> (C++)</span><div class="descr"> -Check virtual member function calls during construction or -destruction.</div></div></td> +Reports destructions of polymorphic objects with a non-virtual destructor in +their base class +</div></div></td> <td><div class="exampleContainer expandable"> <div class="example"><pre> -class A { -public: - A() { - f(); // warn - } - virtual void f(); -}; -</pre></div><div class="separator"></div> +NonVirtual *create() { + NonVirtual *x = new NVDerived(); // note: conversion from derived to base + // happened here + return x; +} + +void sink(NonVirtual *x) { + delete x; // warn: destruction of a polymorphic object with no virtual + // destructor +} +</pre></div></div></td></tr> + + +<tr><td><div class="namedescr expandable"><span class="name"> +alpha.cplusplus.InvalidatedIterator</span><span class="lang"> +(C++)</span><div class="descr"> +Check for use of invalidated iterators. +</div></div></td> +<td><div class="exampleContainer expandable"> <div class="example"><pre> -class A { -public: - ~A() { - this->f(); // warn - } - virtual void f(); +void bad_copy_assign_operator_list1(std::list<int> &L1, + const std::list<int> &L2) { + auto i0 = L1.cbegin(); + L1 = L2; + *i0; // warn: invalidated iterator accessed +} +</pre></div></div></td></tr> + + +<tr><td><div class="namedescr expandable"><span class="name"> +alpha.cplusplus.IteratorRange</span><span class="lang"> +(C++)</span><div class="descr"> +Check for iterators used outside their valid ranges. +</div></div></td> +<td><div class="exampleContainer expandable"> +<div class="example"><pre> +void simple_bad_end(const std::vector<int> &v) { + auto i = v.end(); + *i; // warn: iterator accessed outside of its range +} +</pre></div></div></td></tr> + + +<tr><td><div class="namedescr expandable"><span class="name"> +alpha.cplusplus.MismatchedIterator</span><span class="lang"> +(C++)</span><div class="descr"> +Check for use of iterators of different containers where iterators of the same +container are expected. +</div></div></td> +<td><div class="exampleContainer expandable"> +<div class="example"><pre> +void bad_insert3(std::vector<int> &v1, std::vector<int> &v2) { + v2.insert(v1.cbegin(), v2.cbegin(), v2.cend()); // warn: container accessed + // using foreign + // iterator argument + v1.insert(v1.cbegin(), v1.cbegin(), v2.cend()); // warn: iterators of + // different containers + // used where the same + // container is + // expected + v1.insert(v1.cbegin(), v2.cbegin(), v1.cend()); // warn: iterators of + // different containers + // used where the same + // container is + // expected +} +</pre></div></div></td></tr> + + +<tr><td><div class="namedescr expandable"><span class="name"> +alpha.cplusplus.MisusedMovedObject</span><span class="lang"> +(C++)</span><div class="descr"> +Method calls on a moved-from object and copying a moved-from object will be +reported. +</div></div></td> +<td><div class="exampleContainer expandable"> +<div class="example"><pre> +struct A { + void foo() {} }; + +void f() { + A a; + A b = std::move(a); // note: 'a' became 'moved-from' here + a.foo(); // warn: method call on a 'moved-from' object 'a' +} </pre></div></div></td></tr> -<tbody> + <tr><td><div class="namedescr expandable"><span class="name"> alpha.cplusplus.UninitializedObject</span><span class="lang"> (C++)</span><div class="descr"> -This checker reports uninitialized fields in objects created -after a constructor call. It doesn't only find direct uninitialized -fields, but rather makes a deep inspection of the object, -analyzing all of it's fields subfields. <br> -The checker regards inherited fields as direct fields, so one -will recieve warnings for uninitialized inherited data members -as well. <br> +This checker reports uninitialized fields in objects created after a constructor +call. It doesn't only find direct uninitialized fields, but rather makes a deep +inspection of the object, analyzing all of it's fields subfields. <br> +The checker regards inherited fields as direct fields, so one will recieve +warnings for uninitialized inherited data members as well. <br> <br> It has several options: <ul> <li> - "<code>Pedantic</code>" (boolean). If its not set or is set to false, the checker - won't emit warnings for objects that don't have at least one initialized - field. This may be set with <br> + "<code>Pedantic</code>" (boolean). If its not set or is set to false, the + checker won't emit warnings for objects that don't have at least one + initialized field. This may be set with <br> <code>-analyzer-config alpha.cplusplus.UninitializedObject:Pedantic=true</code>. </li> <li> - "<code>NotesAsWarnings</code>" (boolean). If set to true, the checker will emit a - warning for each uninitalized field, as opposed to emitting one warning - per constructor call, and listing the uninitialized fields that belongs - to it in notes. Defaults to false. <br> + "<code>NotesAsWarnings</code>" (boolean). If set to true, the checker will + emit a warning for each uninitalized field, as opposed to emitting one + warning per constructor call, and listing the uninitialized fields that + belongs to it in notes. Defaults to false. <br> <code>-analyzer-config alpha.cplusplus.UninitializedObject:NotesAsWarnings=true</code>. </li> <li> - "<code>CheckPointeeInitialization</code>" (boolean). If set to false, the checker will - not analyze the pointee of pointer/reference fields, and will only check - whether the object itself is initialized. Defaults to false. <br> + "<code>CheckPointeeInitialization</code>" (boolean). If set to false, the + checker will not analyze the pointee of pointer/reference fields, and will + only check whether the object itself is initialized. Defaults to false. <br> <code>-analyzer-config alpha.cplusplus.UninitializedObject:CheckPointeeInitialization=true</code>. </li> <li> - "<code>IgnoreRecordsWithField</code>" (string). If supplied, the checker will not - analyze structures that have a field with a name or type name that - matches the given pattern. Defaults to <code>""</code>. + "<code>IgnoreRecordsWithField</code>" (string). If supplied, the checker + will not analyze structures that have a field with a name or type name that + matches the given pattern. Defaults to <code>""</code>. - <code>-analyzer-config alpha.cplusplus.UninitializedObject:IgnoreRecordsWithField="[Tt]ag|[Kk]ind"</code>. + <code>-analyzer-config alpha.cplusplus.UninitializedObject:IgnoreRecordsWithField="[Tt]ag|[Kk]ind"</code>. </li> </ul></div></div></td> <td><div class="exampleContainer expandable"> @@ -437,82 +536,12 @@ void f() { A a(&b, &c); // warning: 3 uninitialized fields // after the constructor call } -<div class="example"><pre> - - -</pre></div></div></td></tr> - -</tbody></table> - - - -<!-- =============================== va_list =============================== --> -<h3 id="valist_alpha_checkers">Variable Argument Alpha Checkers</h3> -<table class="checkers"> -<colgroup><col class="namedescr"><col class="example"></colgroup> -<thead><tr><td>Name, Description</td><td>Example</td></tr></thead> - -<tbody> -<tr><td><div class="namedescr expandable"><span class="name"> -alpha.valist.CopyToSelf</span><span class="lang"> -(C)</span><div class="descr"> -Calls to the <code>va_copy</code> macro should not copy onto itself.</div></div></td> -<td><div class="exampleContainer expandable"> -<div class="example"><pre> -#include <stdarg.h> - -void test(int x, ...) { - va_list args; - va_start(args, x); - va_copy(args, args); // warn - va_end(args); -} -</pre></div></div></td></tr> - -<tr><td><div class="namedescr expandable"><span class="name"> -alpha.valist.Uninitialized</span><span class="lang"> -(C)</span><div class="descr"> -Calls to the <code>va_arg</code>, <code>va_copy</code>, or -<code>va_end</code> macro must happen after calling <code>va_start</code> and -before calling <code>va_end</code>.</div></div></td> -<td><div class="exampleContainer expandable"> -<div class="example"><pre> -#include <stdarg.h> - -void test(int x, ...) { - va_list args; - int y = va_arg(args, int); // warn -} -</pre></div> -<div class="example"><pre> -#include <stdarg.h> - -void test(int x, ...) { - va_list args; - va_start(args, x); - va_end(args); - int z = va_arg(args, int); // warn -} </pre></div></div></td></tr> -<tr><td><div class="namedescr expandable"><span class="name"> -alpha.valist.Unterminated</span><span class="lang"> -(C)</span><div class="descr"> -Every <code>va_start</code> must be matched by a <code>va_end</code>. A va_list -can only be ended once.</div></div></td> -<td><div class="exampleContainer expandable"> -<div class="example"><pre> -#include <stdarg.h> - -void test(int x, ...) { - va_list args; - va_start(args, x); - int y = x + va_arg(args, int); -} // warn: missing va_end -</pre></div></div></td></tr> </tbody></table> + <!-- =========================== dead code alpha =========================== --> <h3 id="deadcode_alpha_checkers">Dead Code Alpha Checkers</h3> <table class="checkers"> @@ -784,6 +813,23 @@ void test(int n) { <tr><td><div class="namedescr expandable"><span class="name"> +alpha.security.MmapWriteExec</span><span class="lang"> +(C)</span><div class="descr"> +Warn on <code>mmap()<code> calls that are both writable and executable. +</div></div></td> +<td><div class="exampleContainer expandable"> +<div class="example"><pre> +void test(int n) { + void *c = mmap(NULL, 32, PROT_READ | PROT_WRITE | PROT_EXEC, + MAP_PRIVATE | MAP_ANON, -1, 0); + // warn: Both PROT_WRITE and PROT_EXEC flags are set. This can lead to + // exploitable memory regions, which could be overwritten with malicious + // code +} +</pre></div></div></td></tr> + + +<tr><td><div class="namedescr expandable"><span class="name"> alpha.security.ReturnPtrRange</span><span class="lang"> (C)</span><div class="descr"> Check for an out-of-bound pointer being returned to callers.</div></div></td> @@ -842,8 +888,42 @@ void test() { <table class="checkers"> <colgroup><col class="namedescr"><col class="example"></colgroup> <thead><tr><td>Name, Description</td><td>Example</td></tr></thead> - <tbody> + + +<tr><td><div class="namedescr expandable"><span class="name"> +alpha.unix.BlockInCriticalSection</span><span class="lang"> +(C)</span><div class="descr"> +Check for calls to blocking functions inside a critical section. Applies to: +<div class=functions> +lock<br> +unlock<br> +sleep<br> +getc<br> +fgets<br> +read<br> +revc<br> +pthread_mutex_lock<br> +pthread_mutex_unlock<br> +mtx_lock<br> +mtx_timedlock<br> +mtx_trylock<br> +mtx_unlock<br> +lock_guard<br> +unique_lock</div> +</div></div></td> +<td><div class="exampleContainer expandable"> +<div class="example"><pre> +void test() { + std::mutex m; + m.lock(); + sleep(3); // warn: a blocking function sleep is called inside a critical + // section + m.unlock(); +} +</pre></div></div></td></tr> + + <tr><td><div class="namedescr expandable"><span class="name"> alpha.unix.Chroot</span><span class="lang"> (C)</span><div class="descr"> @@ -858,6 +938,7 @@ void test() { } </pre></div></div></td></tr> + <tr><td><div class="namedescr expandable"><span class="name"> alpha.unix.PthreadLock</span><span class="lang"> (C)</span><div class="descr"> Modified: cfe/trunk/www/analyzer/available_checks.html URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/www/analyzer/available_checks.html?rev=344878&r1=344877&r2=344878&view=diff ============================================================================== --- cfe/trunk/www/analyzer/available_checks.html (original) +++ cfe/trunk/www/analyzer/available_checks.html Sun Oct 21 15:10:15 2018 @@ -543,8 +543,35 @@ void test() { <colgroup><col class="namedescr"><col class="example"></colgroup> <thead><tr><td>Name, Description</td><td>Example</td></tr></thead> + <tbody> <tr><td><div class="namedescr expandable"><span class="name"> +optin.cplusplus.VirtualCall</span><span class="lang"> +(C++)</span><div class="descr"> +Check virtual member function calls during construction or +destruction.</div></div></td> +<td><div class="exampleContainer expandable"> +<div class="example"><pre> +class A { +public: + A() { + f(); // warn + } + virtual void f(); +}; +</pre></div><div class="separator"></div> +<div class="example"><pre> +class A { +public: + ~A() { + this->f(); // warn + } + virtual void f(); +}; +</pre></div></div></td></tr> + + +<tr><td><div class="namedescr expandable"><span class="name"> optin.mpi.MPI-Checker</span><span class="lang"> (C)</span><div class="descr"> Checks MPI code</div></div></td> _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits