[clang] 862b93a - [analyzer][docs] Add CSA release notes
Balazs Benics via cfe-commits
cfe-commits at lists.llvm.org
Sun Jul 23 23:27:19 PDT 2023
Author: Balazs Benics
Date: 2023-07-24T08:26:54+02:00
New Revision: 862b93a8095cd350d8b398f03dca92b93002f984
URL: https://github.com/llvm/llvm-project/commit/862b93a8095cd350d8b398f03dca92b93002f984
DIFF: https://github.com/llvm/llvm-project/commit/862b93a8095cd350d8b398f03dca92b93002f984.diff
LOG: [analyzer][docs] Add CSA release notes
We'll soon branch off, and start releasing clang-17.
Here is a patch, adjusting the release notes for what we achieved since
the last release.
I used this command to inspect the interesting commits:
```
git log --oneline llvmorg-16.0.0..llvm/main \
clang/{lib/StaticAnalyzer,include/clang/StaticAnalyzer} | \
grep -v NFC | grep -v -i revert
```
This filters in CSA directories and filters out NFC and revert commits.
Given that in the release-notes, we usually don't put links to commits,
I'll remove them from this patch as well. I just put them there to make
it easier to review for you.
I tried to group the changes into meaningful chunks, and dropped some of
the uninteresting commits.
I've also dropped the commits that were backported to clang-16.
Check out how it looks, and propose changes like usual.
---
FYI the `ninja docs-clang-html` produces the html docs, including the `ReleaseNotes`.
And the produced artifact will be at `build/tools/clang/docs/html/ReleaseNotes.html`.
Differential Revision: https://reviews.llvm.org/D155445
Added:
Modified:
clang/docs/ReleaseNotes.rst
Removed:
################################################################################
diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index 84f0eae81589ce..db9149fae797c4 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -1002,10 +1002,73 @@ libclang
Static Analyzer
---------------
+
- Fix incorrect alignment attribute on the this parameter of certain
non-complete destructors when using the Microsoft ABI.
(`#60465 <https://github.com/llvm/llvm-project/issues/60465>`_)
+- Removed the deprecated
+ ``consider-single-element-arrays-as-flexible-array-members`` analyzer option.
+ Any use of this flag will result in an error.
+ Use `-fstrict-flex-arrays=<n>
+ <https://clang.llvm.org/docs/ClangCommandLineReference.html#cmdoption-clang-fstrict-flex-arrays>`_
+
+- Better modeling of lifetime-extended memory regions. As a result, the
+ ``MoveChecker`` raises more true-positive reports.
+
+- Fixed some bugs (including crashes) around the handling of constant global
+ arrays and their initializer expressions.
+
+- The ``CStringChecker`` will invalidate less if the copy operation is
+ inferable to be bounded. For example, if the arguments of ``strcpy`` are
+ known to be of certain lengths and that are in-bounds.
+
+ .. code-block:: c++
+
+ struct {
+ void *ptr;
+ char arr[4];
+ } x;
+ x.ptr = malloc(1);
+ // extent of 'arr' is 4, and writing "hi\n" (4 characters),
+ // thus no buffer overflow can happen
+ strcpy(x.arr, "hi\n");
+ free(x.ptr); // no longer reports memory leak here
+
+ Similarly, functions like ``strsep`` now won't invalidate the object
+ containing the destination buffer, because it can never overflow.
+ Note that, ``std::copy`` is still not modeled, and as such, it will still
+ invalidate the enclosing object on call.
+ (`#55019 <https://github.com/llvm/llvm-project/issues/55019>`_)
+
+- Implement ``BufferOverlap`` check for ``sprint``/``snprintf``
+ The ``CStringChecker`` checks for buffer overlaps for ``sprintf`` and
+ ``snprintf``.
+
+- Objective-C support was improved around checking ``_Nonnull`` and
+ ``_Nullable`` including block pointers and literal objects.
+
+- Let the ``StreamChecker`` detect ``NULL`` streams instead of by
+ ``StdCLibraryFunctions``.
+ ``StreamChecker`` improved on the ``fseek`` modeling for the ``SEEK_SET``,
+ ``SEEK_END``, ``SEEK_CUR`` arguments.
+
+- ``StdCLibraryFunctionArgs`` was merged into the ``StdCLibraryFunctions``.
+ The diagnostics of the ``StdCLibraryFunctions`` was improved.
+
+- ``QTimer::singleShot`` now doesn't raise false-positives for memory leaks by
+ the ``MallocChecker``.
+ (`#39713 <https://github.com/llvm/llvm-project/issues/39713>`_)
+
+- Fixed the infamous unsigned index false-positives in the
+ ``ArrayBoundCheckerV2`` checker.
+ (`#44493 <https://github.com/llvm/llvm-project/issues/44493>`_)
+
+- Now, taint propagations are tracked further back until the real taint source.
+ This improves all taint-related diagnostics.
+
+- Fixed a null-pointer dereference crash inside the ``MoveChecker``.
+
.. _release-notes-sanitizers:
Sanitizers
More information about the cfe-commits
mailing list