[PATCH] D155445: [analyzer][docs] Add CSA release notes

Mon Jul 17 12:01:35 PDT 2023

steakhal updated this revision to Diff 541175.
steakhal marked 4 inline comments as done.
steakhal added a comment.

Currentl look: F28285701: image.png <https://reviews.llvm.org/F28285701>

let me know if you like it.
Feel free to propose changes.

I'm not sure about the relative ordering. We should consider some semantic ordering. Such as perceived impact on the regular user?

IMO the `taint tracking` and the `ArrayBoundCheckerV2` improvements were quite impactful, as both of those were up on the table for a really long time now.
Also, for a similar reason, I think `Objective-C` improvements definitely deserve the spotlight.

---

@balazske @donat.nagy WDYT about the `StreamChecker` and the `StdCLibraryFunctions` entries? I didn't follow those patches, thus I cannot write the notes for it either.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D155445/new/

https://reviews.llvm.org/D155445

Files:
  clang/docs/ReleaseNotes.rst


Index: clang/docs/ReleaseNotes.rst
===================================================================

--- clang/docs/ReleaseNotes.rst
+++ clang/docs/ReleaseNotes.rst
@@ -903,6 +903,89 @@
   non-complete destructors when using the Microsoft ABI.
   (`#60465 <https://github.com/llvm/llvm-project/issues/60465>`_)
 
+- Removed the deprecated
+  ``consider-single-element-arrays-as-flexible-array-members`` analyzer option.
+  Any use of this flag will result in an error.
+  Use `-fstrict-flex-arrays=<n> <https://clang.llvm.org/docs/ClangCommandLineReference.html#cmdoption-clang-fstrict-flex-arrays>`_
+  (`7cd1f3ad22e4 <https://github.com/llvm/llvm-project/commit/7cd1f3ad22e4>`_)
+
+- Better modeling of lifetime-extended memory regions. As a result, the
+  ``MoveChecker`` raises more true-positive reports.
+  (`feafbb9fda57 <https://github.com/llvm/llvm-project/commit/feafbb9fda57>`_)
+
+- Fixed some bugs (including crashes) around the handling of constant global
+  arrays and their initializer expressions.
+  (`ffcf214b5d27 <https://github.com/llvm/llvm-project/commit/ffcf214b5d27>`_,
+  `558b46fde2db <https://github.com/llvm/llvm-project/commit/558b46fde2db>`_)
+
+- The ``CStringChecker`` will invalidate less if the copy operation is
+  inferable to be bounded. For example, if the argument of ``strcpy`` is known
+  to be of certain length and that is in-bounds.
+
+   .. code-block:: c++
+
+    struct {
+      void *ptr;
+      char arr[4];
+    } x;
+    x.ptr = malloc(1);
+    // extent of 'arr' is 4, and writing "hi\n" (4 characters),
+    // thus no buffer overflow can happen
+    strcpy(x.arr, "hi\n");
+    free(x.ptr); // no longer reports memory leak here
+
+  Similarly, functions like ``strsep`` now won't invalidate the source buffer,
+  because it can never overflow.
+  Note that, ``std::copy`` is still not modeled, and as such, it will still
+  invalidate the enclosing object on call.
+  (`1bd2d335b649 <https://github.com/llvm/llvm-project/commit/1bd2d335b649>`_)
+  (`#55019 <https://github.com/llvm/llvm-project/issues/55019>`_)
+
+- Implement ``BufferOverlap`` check for ``sprint``/``snprintf``
+  The ``CStringChecker`` checks for buffer overlaps for ``sprintf`` and
+  ``snprintf``.
+  (`ce97312d109b <https://github.com/llvm/llvm-project/commit/ce97312d109b>`_)
+
+- Objective-C support was improved around checking ``_Nonnull`` and
+  ``_Nullable`` including block pointers and literal objects.
+  (`b22a5d46179b <https://github.com/llvm/llvm-project/commit/b22a5d46179b>`_,
+  `77a599ae5828 <https://github.com/llvm/llvm-project/commit/77a599ae5828>`_,
+  `fa6b7dd520fc <https://github.com/llvm/llvm-project/commit/fa6b7dd520fc>`_,
+  `993060e1d31d <https://github.com/llvm/llvm-project/commit/993060e1d31d>`_)
+
+- Let the ``StreamChecker`` detect ``NULL`` streams instead of by
+  ``StdCLibraryFunctions``.
+  ``StreamChecker`` improved on the ``fseek`` modeling for the ``SEEK_SET``,
+  ``SEEK_END``, ``SEEK_CUR`` arguments.
+  (`2eefd19613b8 <https://github.com/llvm/llvm-project/commit/2eefd19613b8>`_,
+  `2c60f9c8a4fd <https://github.com/llvm/llvm-project/commit/2c60f9c8a4fd>`_)
+
+- ``StdCLibraryFunctionArgs`` was merged into the ``StdCLibraryFunctions``.
+  The diagnostics of the ``StdCLibraryFunctions`` was improved.
+  (`4f0436dd1532 <https://github.com/llvm/llvm-project/commit/4f0436dd1532>`_,
+  `6012cadc400f <https://github.com/llvm/llvm-project/commit/6012cadc400f>`_,
+  `258c9bebbdfa <https://github.com/llvm/llvm-project/commit/258c9bebbdfa>`_,
+  `ce1fb03db817 <https://github.com/llvm/llvm-project/commit/ce1fb03db817>`_,
+  `ddc5d40dd285 <https://github.com/llvm/llvm-project/commit/ddc5d40dd285>`_)
+
+- ``QTimer::singleShot`` now doesn't raise false-positives for memory leaks by
+  the ``MallocChecker``.
+  (`3b6a368d763e <https://github.com/llvm/llvm-project/commit/3b6a368d763e>`_)
+  (`#39713 <https://github.com/llvm/llvm-project/issues/39713>`_)
+
+- Fixed the infamous unsigned index false-positives in the
+  ``ArrayBoundCheckerV2`` checker.
+  (`8c22cbea87be <https://github.com/llvm/llvm-project/commit/8c22cbea87be>`_,
+  `de2547329b41 <https://github.com/llvm/llvm-project/commit/de2547329b41>`_)
+  (`#44493 <https://github.com/llvm/llvm-project/issues/44493>`_)
+
+- Now, taint propagations are tracked further back until the real taint source.
+  This improves all taint-related diagnostics.
+  (`343bdb10940c <https://github.com/llvm/llvm-project/commit/343bdb10940c>`_)
+
+- Fixed a null-pointer dereference crash inside the ``MoveChecker``.
+  (`d172b65ef001 <https://github.com/llvm/llvm-project/commit/d172b65ef001>`_)
+
 .. _release-notes-sanitizers:
 
 Sanitizers


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D155445.541175.patch
Type: text/x-patch
Size: 4663 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20230717/2fea9737/attachment.bin>
