================ @@ -809,25 +809,130 @@ Code Completion Static Analyzer --------------- -- The Clang Static Analyzer now handles parenthesized initialization. - (#GH148875) -- ``__datasizeof`` (C++) and ``_Countof`` (C) no longer cause a failed assertion - when given an operand of VLA type. (#GH151711) -New features -^^^^^^^^^^^^ +New checkers or options +^^^^^^^^^^^^^^^^^^^^^^^ + +- Introduced the ``alpha.core.StoreToImmutable`` checker to catch writes to + immutable memory. See the `documentation + <https://clang.llvm.org/docs/analyzer/checkers.html#alpha-core-storetoimmutable-c-c>`__. + (#GH150417) +- Introduced the ``core.NullPointerArithm`` checker to catch arithmetic on + null pointers. See the `documentation + <https://clang.llvm.org/docs/analyzer/checkers.html#core-nullpointerarithm-c-c>`__. + (#GH157129) +- The ``core.CallAndMessage`` checker gained a new checker option called + ``ArgPointeeInitializednessComplete``, enabling suppression of diagnostics + of this checker in case at least some parts of the object was initialized. + By default it's disabled. (#GH164600) Crash and bug fixes ^^^^^^^^^^^^^^^^^^^ + - Fixed a crash in the static analyzer that when the expression in an - ``[[assume(expr)]]`` attribute was enclosed in parentheses. (#GH151529) + ``[[assume(expr)]]`` attribute was enclosed in parentheses. (#GH151529) +- Fixed an assertion failure of ``[[assume(expr)]]`` when the expression + couldn't be folded into a constant by the engine. (#GH151854) +- ``__datasizeof`` (C++) and ``_Countof`` (C) no longer cause a failed assertion + when given an operand of VLA type. (#GH151711) +- Sometimes the ``unix.Malloc`` checker asserted when constructing a report under + rare circumstances. (#GH149754) +- The ``core.StackAddressEscape`` checker was crashing if a lambda or + Objective-C block expression captured itself. (#GH169208) +- Fixed an assertion in the ``alpha.unix.cstring`` checker package when + non-default address-spaces were used in ``memcpy``. (#GH153498) +- The engine sometimes crashed when modeling a parenthesis initializer-list + expression. (#GH147686) +- `crosscheck-with-z3 <https://clang.llvm.org/docs/analyzer/user-docs/Options.html#crosscheck-with-z3>`__ + config option sometimes crashed. (#GH168034) +- The ``alpha.core.StdVariant`` checker sometimes crashed when floating-point + values were involved. (#GH167341) +- Hardened the engine for supporting platforms where different address-space + pointers might have different sizes. (#GH151370) +- The ``core.builtin.BuiltinFunctions`` checker crashed when passing + ``_BitInt(N)`` or ``__int128_t`` to ``__builtin_add_overflow`` or similar + checked arithmetic builtin functions. (#GH173795) Improvements ^^^^^^^^^^^^ +- The `expand-macros <https://clang.llvm.org/docs/analyzer/user-docs/Options.html#expand-macros>`__ + analyzer config option now formats the macro expansions using LLVM-style + clang-format. (#GH154743) +- ``[[clang::suppress]]`` now can suppress diagnostics within primary templates. + (#GH168954) +- Improved the false-positive suppression for ``std::unique_ptr`` and + ``std::shared_ptr`` in the ``unix.Malloc`` checker. (#GH60896) +- Improved the false-positive suppression for ``unix.Malloc`` on protobuf code. + (#GH162124) +- Supporting parenthesized initialization. (#GH148875) +- Fixed a false-positive of ``cplusplus.PlacementNew`` by assuming that + placement-new doesn't allocate. (#GH149240) +- The ``unix.Malloc`` checker can now detect use-after-free even if the + address does not directly refer to the beginning of the object. + (For example, taking the address of a field.) (#GH152446) +- Improved the modeling of cstring lengths in the ``alpha.unix.cstring`` + checkers. (#GH159795) +- The ``strxfrm`` is modeled in the ``alpha.unix.cstring`` checkers. (#GH156507) +- Handling of placement-new expressions were improved in the + ``alpha.core.PointerArithm`` checker. (#GH155855) +- The ``security.arraybound`` checker now mentions the element count in + underflow reports. (#GH158639) +- The engine had a ``PrivateMethodCache`` that was not cleaned up - potentially + causing spuriously failing Objective-C unittest failures because that uses the + same process address-space but different clang instances inside - filling up + the static cache and cause spurious hits, thus crashes. It only affects + unittests. (#GH161327) +- The internal ``-analyze-function`` option now also accepts Unified Symbol + Resolution (USR) names. See the `documentation + <https://clang.llvm.org/docs/analyzer/developer-docs/DebugChecks.html>`__. + (#GH161666) +- The ``dump-entry-point-stats-to-csv`` analyzer config now includes the + Translation Unit path and the analysis entry point USR for each entry. + The CSV output got many more improvements. See the `documentation + <https://clang.llvm.org/docs/analyzer/developer-docs/Statistics.html>`__. + (#GH162839) +- The engine became smarter in folding binary operations. (#GH161537) +- The `model-path <https://clang.llvm.org/docs/analyzer/user-docs/Options.html#model-path>`__ + analyzer config option now honors virtual file system + overlays (``-ivfsoverlay``). Similarly, the ``optin.taint.TaintPropagation`` + checker-specific ``Config`` also accepts a virtual file path for the taint + configuration file. See the `documentation + <https://clang.llvm.org/docs/analyzer/user-docs/TaintAnalysisConfiguration.html>`__. + (#GH164323, #GH159164) +- The dynamic memory modeling got more accurate by keeping extent information + for longer. (#GH163562) +- The ``unix.BlockInCriticalSection`` checker started honoring ``defer_lock_t``. + (#GH166573) +- Improved loop unrolling for compile-time upper-bounded loops. See the + documentation of `unroll-loops + <https://clang.llvm.org/docs/analyzer/user-docs/Options.html#unroll-loops>`__. + (#GH169400) +- Improved the ``cplusplus.Move`` checker by relaxing how it handles opaque + function calls, making it more accurate. (#GH169626) + Moved checkers ^^^^^^^^^^^^^^ +- The ``valist.*`` checker package was moved to ``security.VAList.*``. + Also improved the diagnostic messages and other smaller improvements. + (#GH156682, #GH157846) ---------------- NagyDonat wrote:
```suggestion - The functionality of the checkers in the package ``valist.*`` was consolidated as a single new checker called ``security.VAList``. Diagnostic messages were also improved. (#GH156682, #GH157846) ``` `security.VAList` is not a package name, my change combines the four old checkers into a single new checker called `security.VAList`. (I still think that it is reasonable to mention this here, under "Moved checkers", because there is no new functionality, the new checker is identical to the sum of the old one -- but there is no 1:1 mapping.) I suggest removing the "other smaller improvements" part because (1) saying "improved ... other smaller improvements" is awkward and (2) I, as the author of these commits, don't know what it refers to -- so it's probably not relevant. Also, as I see that "Diagnostic changes" is a separate section, perhaps #GH157846 (the commit with the diagnostic improvements) could be moved there with a description like "Improved diagnostics of the checker which is now named `security.VAList`." https://github.com/llvm/llvm-project/pull/174450 _______________________________________________ cfe-commits mailing list [email protected] https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
