r344878 - [analyzer][www] Update alpha_checks.html
Kristof Umann via cfe-commits
cfe-commits at lists.llvm.org
Sun Oct 21 15:10:15 PDT 2018
Author: szelethus
Date: Sun Oct 21 15:10:15 2018
New Revision: 344878
URL: http://llvm.org/viewvc/llvm-project?rev=344878&view=rev
Log:
[analyzer][www] Update alpha_checks.html
I added some missing doc. I have not developed any of these checkers, it might worth really inspecting whether I wrote something terribly incorrect.
Differential Revision: https://reviews.llvm.org/D52969
Modified:
cfe/trunk/www/analyzer/alpha_checks.html
cfe/trunk/www/analyzer/available_checks.html
Modified: cfe/trunk/www/analyzer/alpha_checks.html
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/www/analyzer/alpha_checks.html?rev=344878&r1=344877&r2=344878&view=diff
==============================================================================
--- cfe/trunk/www/analyzer/alpha_checks.html (original)
+++ cfe/trunk/www/analyzer/alpha_checks.html Sun Oct 21 15:10:15 2018
@@ -107,6 +107,7 @@ void test(void) {
}
</pre></div></div></td></tr>
+
<tr><td><div class="namedescr expandable"><span class="name">
alpha.core.CastSize</span><span class="lang">
(C)</span><div class="descr">
@@ -276,6 +277,33 @@ int test(struct s *p) {
<tr><td><div class="namedescr expandable"><span class="name">
+alpha.core.StackAddressAsyncEscape</span><span class="lang">
+(C)</span><div class="descr">
+Check that addresses to stack memory do not escape the function that involves
+<code>dispatch_after</code> or <code>dispatch_async</code>. This checker is
+a part of core.StackAddressEscape, but is
+<a href=https://reviews.llvm.org/D41042>temporarily disabled</a> until some
+false positives are fixed.</div></div></td>
+<td><div class="exampleContainer expandable">
+<div class="example"><pre>
+dispatch_block_t test_block_inside_block_async_leak() {
+ int x = 123;
+ void (^inner)(void) = ^void(void) {
+ int y = x;
+ ++y;
+ };
+ void (^outer)(void) = ^void(void) {
+ int z = x;
+ ++z;
+ inner();
+ };
+ return outer; // warn: address of stack-allocated block is captured by a
+ // returned block
+}
+</pre></div></div></td></tr>
+
+
+<tr><td><div class="namedescr expandable"><span class="name">
alpha.core.TestAfterDivZero</span><span class="lang">
(C, C++, ObjC)</span><div class="descr">
Check for division by variable that is later compared against 0.
@@ -289,6 +317,7 @@ void test(int x) {
}
</pre></div></div></td></tr>
+
</tbody></table>
<!-- =========================== cplusplus alpha =========================== -->
@@ -296,72 +325,142 @@ void test(int x) {
<table class="checkers">
<colgroup><col class="namedescr"><col class="example"></colgroup>
<thead><tr><td>Name, Description</td><td>Example</td></tr></thead>
-
<tbody>
+
+
<tr><td><div class="namedescr expandable"><span class="name">
-alpha.cplusplus.VirtualCall</span><span class="lang">
+alpha.cplusplus.DeleteWithNonVirtualDtor</span><span class="lang">
(C++)</span><div class="descr">
-Check virtual member function calls during construction or
-destruction.</div></div></td>
+Reports destructions of polymorphic objects with a non-virtual destructor in
+their base class
+</div></div></td>
<td><div class="exampleContainer expandable">
<div class="example"><pre>
-class A {
-public:
- A() {
- f(); // warn
- }
- virtual void f();
-};
-</pre></div><div class="separator"></div>
+NonVirtual *create() {
+ NonVirtual *x = new NVDerived(); // note: conversion from derived to base
+ // happened here
+ return x;
+}
+
+void sink(NonVirtual *x) {
+ delete x; // warn: destruction of a polymorphic object with no virtual
+ // destructor
+}
+</pre></div></div></td></tr>
+
+
+<tr><td><div class="namedescr expandable"><span class="name">
+alpha.cplusplus.InvalidatedIterator</span><span class="lang">
+(C++)</span><div class="descr">
+Check for use of invalidated iterators.
+</div></div></td>
+<td><div class="exampleContainer expandable">
<div class="example"><pre>
-class A {
-public:
- ~A() {
- this->f(); // warn
- }
- virtual void f();
+void bad_copy_assign_operator_list1(std::list<int> &L1,
+ const std::list<int> &L2) {
+ auto i0 = L1.cbegin();
+ L1 = L2;
+ *i0; // warn: invalidated iterator accessed
+}
+</pre></div></div></td></tr>
+
+
+<tr><td><div class="namedescr expandable"><span class="name">
+alpha.cplusplus.IteratorRange</span><span class="lang">
+(C++)</span><div class="descr">
+Check for iterators used outside their valid ranges.
+</div></div></td>
+<td><div class="exampleContainer expandable">
+<div class="example"><pre>
+void simple_bad_end(const std::vector<int> &v) {
+ auto i = v.end();
+ *i; // warn: iterator accessed outside of its range
+}
+</pre></div></div></td></tr>
+
+
+<tr><td><div class="namedescr expandable"><span class="name">
+alpha.cplusplus.MismatchedIterator</span><span class="lang">
+(C++)</span><div class="descr">
+Check for use of iterators of different containers where iterators of the same
+container are expected.
+</div></div></td>
+<td><div class="exampleContainer expandable">
+<div class="example"><pre>
+void bad_insert3(std::vector<int> &v1, std::vector<int> &v2) {
+ v2.insert(v1.cbegin(), v2.cbegin(), v2.cend()); // warn: container accessed
+ // using foreign
+ // iterator argument
+ v1.insert(v1.cbegin(), v1.cbegin(), v2.cend()); // warn: iterators of
+ // different containers
+ // used where the same
+ // container is
+ // expected
+ v1.insert(v1.cbegin(), v2.cbegin(), v1.cend()); // warn: iterators of
+ // different containers
+ // used where the same
+ // container is
+ // expected
+}
+</pre></div></div></td></tr>
+
+
+<tr><td><div class="namedescr expandable"><span class="name">
+alpha.cplusplus.MisusedMovedObject</span><span class="lang">
+(C++)</span><div class="descr">
+Method calls on a moved-from object and copying a moved-from object will be
+reported.
+</div></div></td>
+<td><div class="exampleContainer expandable">
+<div class="example"><pre>
+struct A {
+ void foo() {}
};
+
+void f() {
+ A a;
+ A b = std::move(a); // note: 'a' became 'moved-from' here
+ a.foo(); // warn: method call on a 'moved-from' object 'a'
+}
</pre></div></div></td></tr>
-<tbody>
+
<tr><td><div class="namedescr expandable"><span class="name">
alpha.cplusplus.UninitializedObject</span><span class="lang">
(C++)</span><div class="descr">
-This checker reports uninitialized fields in objects created
-after a constructor call. It doesn't only find direct uninitialized
-fields, but rather makes a deep inspection of the object,
-analyzing all of it's fields subfields. <br>
-The checker regards inherited fields as direct fields, so one
-will recieve warnings for uninitialized inherited data members
-as well. <br>
+This checker reports uninitialized fields in objects created after a constructor
+call. It doesn't only find direct uninitialized fields, but rather makes a deep
+inspection of the object, analyzing all of it's fields subfields. <br>
+The checker regards inherited fields as direct fields, so one will recieve
+warnings for uninitialized inherited data members as well. <br>
<br>
It has several options:
<ul>
<li>
- "<code>Pedantic</code>" (boolean). If its not set or is set to false, the checker
- won't emit warnings for objects that don't have at least one initialized
- field. This may be set with <br>
+ "<code>Pedantic</code>" (boolean). If its not set or is set to false, the
+ checker won't emit warnings for objects that don't have at least one
+ initialized field. This may be set with <br>
<code>-analyzer-config alpha.cplusplus.UninitializedObject:Pedantic=true</code>.
</li>
<li>
- "<code>NotesAsWarnings</code>" (boolean). If set to true, the checker will emit a
- warning for each uninitalized field, as opposed to emitting one warning
- per constructor call, and listing the uninitialized fields that belongs
- to it in notes. Defaults to false. <br>
+ "<code>NotesAsWarnings</code>" (boolean). If set to true, the checker will
+ emit a warning for each uninitalized field, as opposed to emitting one
+ warning per constructor call, and listing the uninitialized fields that
+ belongs to it in notes. Defaults to false. <br>
<code>-analyzer-config alpha.cplusplus.UninitializedObject:NotesAsWarnings=true</code>.
</li>
<li>
- "<code>CheckPointeeInitialization</code>" (boolean). If set to false, the checker will
- not analyze the pointee of pointer/reference fields, and will only check
- whether the object itself is initialized. Defaults to false. <br>
+ "<code>CheckPointeeInitialization</code>" (boolean). If set to false, the
+ checker will not analyze the pointee of pointer/reference fields, and will
+ only check whether the object itself is initialized. Defaults to false. <br>
<code>-analyzer-config alpha.cplusplus.UninitializedObject:CheckPointeeInitialization=true</code>.
</li>
<li>
- "<code>IgnoreRecordsWithField</code>" (string). If supplied, the checker will not
- analyze structures that have a field with a name or type name that
- matches the given pattern. Defaults to <code>""</code>.
+ "<code>IgnoreRecordsWithField</code>" (string). If supplied, the checker
+ will not analyze structures that have a field with a name or type name that
+ matches the given pattern. Defaults to <code>""</code>.
- <code>-analyzer-config alpha.cplusplus.UninitializedObject:IgnoreRecordsWithField="[Tt]ag|[Kk]ind"</code>.
+ <code>-analyzer-config alpha.cplusplus.UninitializedObject:IgnoreRecordsWithField="[Tt]ag|[Kk]ind"</code>.
</li>
</ul></div></div></td>
<td><div class="exampleContainer expandable">
@@ -437,82 +536,12 @@ void f() {
A a(&b, &c); // warning: 3 uninitialized fields
// after the constructor call
}
-<div class="example"><pre>
-
-
-</pre></div></div></td></tr>
-
-</tbody></table>
-
-
-
-<!-- =============================== va_list =============================== -->
-<h3 id="valist_alpha_checkers">Variable Argument Alpha Checkers</h3>
-<table class="checkers">
-<colgroup><col class="namedescr"><col class="example"></colgroup>
-<thead><tr><td>Name, Description</td><td>Example</td></tr></thead>
-
-<tbody>
-<tr><td><div class="namedescr expandable"><span class="name">
-alpha.valist.CopyToSelf</span><span class="lang">
-(C)</span><div class="descr">
-Calls to the <code>va_copy</code> macro should not copy onto itself.</div></div></td>
-<td><div class="exampleContainer expandable">
-<div class="example"><pre>
-#include <stdarg.h>
-
-void test(int x, ...) {
- va_list args;
- va_start(args, x);
- va_copy(args, args); // warn
- va_end(args);
-}
-</pre></div></div></td></tr>
-
-<tr><td><div class="namedescr expandable"><span class="name">
-alpha.valist.Uninitialized</span><span class="lang">
-(C)</span><div class="descr">
-Calls to the <code>va_arg</code>, <code>va_copy</code>, or
-<code>va_end</code> macro must happen after calling <code>va_start</code> and
-before calling <code>va_end</code>.</div></div></td>
-<td><div class="exampleContainer expandable">
-<div class="example"><pre>
-#include <stdarg.h>
-
-void test(int x, ...) {
- va_list args;
- int y = va_arg(args, int); // warn
-}
-</pre></div>
-<div class="example"><pre>
-#include <stdarg.h>
-
-void test(int x, ...) {
- va_list args;
- va_start(args, x);
- va_end(args);
- int z = va_arg(args, int); // warn
-}
</pre></div></div></td></tr>
-<tr><td><div class="namedescr expandable"><span class="name">
-alpha.valist.Unterminated</span><span class="lang">
-(C)</span><div class="descr">
-Every <code>va_start</code> must be matched by a <code>va_end</code>. A va_list
-can only be ended once.</div></div></td>
-<td><div class="exampleContainer expandable">
-<div class="example"><pre>
-#include <stdarg.h>
-
-void test(int x, ...) {
- va_list args;
- va_start(args, x);
- int y = x + va_arg(args, int);
-} // warn: missing va_end
-</pre></div></div></td></tr>
</tbody></table>
+
<!-- =========================== dead code alpha =========================== -->
<h3 id="deadcode_alpha_checkers">Dead Code Alpha Checkers</h3>
<table class="checkers">
@@ -784,6 +813,23 @@ void test(int n) {
<tr><td><div class="namedescr expandable"><span class="name">
+alpha.security.MmapWriteExec</span><span class="lang">
+(C)</span><div class="descr">
+Warn on <code>mmap()<code> calls that are both writable and executable.
+</div></div></td>
+<td><div class="exampleContainer expandable">
+<div class="example"><pre>
+void test(int n) {
+ void *c = mmap(NULL, 32, PROT_READ | PROT_WRITE | PROT_EXEC,
+ MAP_PRIVATE | MAP_ANON, -1, 0);
+ // warn: Both PROT_WRITE and PROT_EXEC flags are set. This can lead to
+ // exploitable memory regions, which could be overwritten with malicious
+ // code
+}
+</pre></div></div></td></tr>
+
+
+<tr><td><div class="namedescr expandable"><span class="name">
alpha.security.ReturnPtrRange</span><span class="lang">
(C)</span><div class="descr">
Check for an out-of-bound pointer being returned to callers.</div></div></td>
@@ -842,8 +888,42 @@ void test() {
<table class="checkers">
<colgroup><col class="namedescr"><col class="example"></colgroup>
<thead><tr><td>Name, Description</td><td>Example</td></tr></thead>
-
<tbody>
+
+
+<tr><td><div class="namedescr expandable"><span class="name">
+alpha.unix.BlockInCriticalSection</span><span class="lang">
+(C)</span><div class="descr">
+Check for calls to blocking functions inside a critical section. Applies to:
+<div class=functions>
+lock<br>
+unlock<br>
+sleep<br>
+getc<br>
+fgets<br>
+read<br>
+revc<br>
+pthread_mutex_lock<br>
+pthread_mutex_unlock<br>
+mtx_lock<br>
+mtx_timedlock<br>
+mtx_trylock<br>
+mtx_unlock<br>
+lock_guard<br>
+unique_lock</div>
+</div></div></td>
+<td><div class="exampleContainer expandable">
+<div class="example"><pre>
+void test() {
+ std::mutex m;
+ m.lock();
+ sleep(3); // warn: a blocking function sleep is called inside a critical
+ // section
+ m.unlock();
+}
+</pre></div></div></td></tr>
+
+
<tr><td><div class="namedescr expandable"><span class="name">
alpha.unix.Chroot</span><span class="lang">
(C)</span><div class="descr">
@@ -858,6 +938,7 @@ void test() {
}
</pre></div></div></td></tr>
+
<tr><td><div class="namedescr expandable"><span class="name">
alpha.unix.PthreadLock</span><span class="lang">
(C)</span><div class="descr">
Modified: cfe/trunk/www/analyzer/available_checks.html
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/www/analyzer/available_checks.html?rev=344878&r1=344877&r2=344878&view=diff
==============================================================================
--- cfe/trunk/www/analyzer/available_checks.html (original)
+++ cfe/trunk/www/analyzer/available_checks.html Sun Oct 21 15:10:15 2018
@@ -543,8 +543,35 @@ void test() {
<colgroup><col class="namedescr"><col class="example"></colgroup>
<thead><tr><td>Name, Description</td><td>Example</td></tr></thead>
+
<tbody>
<tr><td><div class="namedescr expandable"><span class="name">
+optin.cplusplus.VirtualCall</span><span class="lang">
+(C++)</span><div class="descr">
+Check virtual member function calls during construction or
+destruction.</div></div></td>
+<td><div class="exampleContainer expandable">
+<div class="example"><pre>
+class A {
+public:
+ A() {
+ f(); // warn
+ }
+ virtual void f();
+};
+</pre></div><div class="separator"></div>
+<div class="example"><pre>
+class A {
+public:
+ ~A() {
+ this->f(); // warn
+ }
+ virtual void f();
+};
+</pre></div></div></td></tr>
+
+
+<tr><td><div class="namedescr expandable"><span class="name">
optin.mpi.MPI-Checker</span><span class="lang">
(C)</span><div class="descr">
Checks MPI code</div></div></td>
More information about the cfe-commits
mailing list