[llvm-branch-commits] [clang] [analyzer][docs] CSA release notes	for clang-21 (PR #154600)
    Balazs Benics via llvm-branch-commits 
    llvm-branch-commits at lists.llvm.org
       
    Tue Aug 26 02:58:29 PDT 2025
    
    
  
https://github.com/steakhal updated https://github.com/llvm/llvm-project/pull/154600
>From 282a84dbcc57738398da024f021bcc057099edb3 Mon Sep 17 00:00:00 2001
From: Balazs Benics <benicsbalazs at gmail.com>
Date: Wed, 20 Aug 2025 21:40:26 +0200
Subject: [PATCH 1/6] [analyzer][docs] CSA release notes for clang-21
The commits were gathered using:
```sh
git log --reverse --oneline llvmorg-20-init..llvm/main \
  clang/{lib/StaticAnalyzer,include/clang/StaticAnalyzer} | grep -v NFC | \
  grep -v OpenACC | grep -v -i revert | grep -v -i "webkit"
```
FYI, I also ignored Webkit changes because I assue it's fairly specific
for them, and they likely already know what they ship xD.
I used the `LLVM_ENABLE_SPHINX=ON` and `LLVM_ENABLE_DOXYGEN=ON` cmake
options to enable the `docs-clang-html` build target, which generates
the html into `build/tools/clang/docs/html/ReleaseNotes.html` of which I
attach the screenshots to let you judge if it looks all good or not.
---
 clang/docs/ReleaseNotes.rst | 90 ++++++++++++++++++++++++++++++++++---
 1 file changed, 85 insertions(+), 5 deletions(-)
diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index f4f7dd8342d92..a8fd4b174cf7c 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -1198,8 +1198,6 @@ Code Completion
 
 Static Analyzer
 ---------------
-- Fixed a crash when C++20 parenthesized initializer lists are used. This issue
-  was causing a crash in clang-tidy. (#GH136041)
 
 New features
 ^^^^^^^^^^^^
@@ -1223,20 +1221,99 @@ New features
 - Implemented `P2719R5 Type-aware allocation and deallocation functions <https://wg21.link/P2719>`_
   as an extension in all C++ language modes.
 
+- Added support for the ``[[clang::assume(cond)]]`` attribute, treating it as
+  ``__builtin_assume(cond)`` for better static analysis. (#GH129234)
+
+- Introduced per-entry-point statistics to provide more detailed analysis metrics.
+  Documentation: :doc:`analyzer/developer-docs/Statistics` (#GH131175)
+
+- Added time-trace scopes for high-level analyzer steps to improve performance
+  debugging. Documentation: :doc:`analyzer/developer-docs/PerformanceInvestigation`
+  (#GH125508, #GH125884)
+
+- Enhanced the ``check::BlockEntrance`` checker callback to provide more granular
+  control over block-level analysis.
+  `Documentation (check::BlockEntrance)
+  <https://clang.llvm.org/doxygen/CheckerDocumentation_8cpp_source.html>`_
+  (#GH140924)
+
+- Added a new experimental checker ``alpha.core.FixedAddressDereference`` to detect
+  dereferences of fixed addresses, which can be useful for finding hard-coded memory
+  accesses. (#GH127191)
 
 Crash and bug fixes
 ^^^^^^^^^^^^^^^^^^^
 
+- Fixed a crash when C++20 parenthesized initializer lists are used.
+  This affected a crash of the well-known lambda overloaded pattern.
+  (#GH136041, #GH135665)
+
+- Dropped an unjustified assertion, that was triggered in ``BugReporterVisitors.cpp``
+  for variable initialization detection. (#GH125044)
+
 - Fixed a crash in ``UnixAPIMisuseChecker`` and ``MallocChecker`` when analyzing
   code with non-standard ``getline`` or ``getdelim`` function signatures. (#GH144884)
 
+- Fixed crashes involving ``__builtin_bit_cast``. (#GH139188)
+
+- ``__datasizeof`` (C++) and ``_Countof`` (C) no longer cause a failed assertion
+  when given an operand of VLA type. (#GH151711)
+
+- Fixed a crash in ``CastSizeChecker``. (#GH134387)
+
+- Some ``cplusplus.PlacementNew`` false positives were fixed. (#GH150161)
+
 Improvements
 ^^^^^^^^^^^^
 
+- Added option to assume at least one iteration in loops to reduce false positives.
+  (#GH125494)
+
 - The checker option ``optin.cplusplus.VirtualCall:PureOnly`` was removed,
-  because it had been deprecated since 2019 and it is completely useless (it
-  was kept only for compatibility with pre-2019 versions, setting it to true is
-  equivalent to completely disabling the checker).
+  because it had been deprecated since 2019. (#GH131823)
+
+- Enhanced the ``StackAddrEscapeChecker`` to detect more cases of stack address
+  escapes, including return values for child stack frames. (#GH126620, #GH126986)
+
+- Improved the ``BlockInCriticalSectionChecker`` to recognize ``O_NONBLOCK``
+  streams and suppress reports in those cases. (#GH127049)
+
+- Better support for lambda-converted function pointers in analysis. (#GH144906)
+
+- Improved modeling of ``getcwd`` function in ``StdCLibraryFunctions`` checker.
+  (#GH141076)
+
+- Enhanced the ``EnumCastOutOfRange`` checker to ignore ``[[clang::flag_enum]]``
+  enums. (#GH141232)
+
+- Improved handling of structured bindings captured by lambdas. (#GH132579, #GH91835)
+
+- Fixed unnamed bitfield handling in ``UninitializedObjectChecker``. (#GH132427, #GH132001)
+
+- Enhanced iterator checker modeling for ``insert`` operations. (#GH132596)
+
+- Improved ``format`` attribute handling in ``GenericTaintChecker``. (#GH132765)
+
+- Added support for ``consteval`` in ``ConditionBRVisitor::VisitTerminator``.
+  (#GH146859, #GH139130)
+
+- Enhanced handling of C standard streams in internal memory space. (#GH147766)
+
+- Enhanced store management with region-store-binding-limit to improve performance.
+  See `region-store-max-binding-fanout
+  <https://clang.llvm.org/docs/analyzer/user-docs/Options.html#region-store-max-binding-fanout>`_
+  config option. Overriding these options are discouraged, unless you know what you do.
+  (#GH127602)
+
+- Updated undefined assignment checker (``core.uninitialized.Assign``) diagnostics
+  to avoid using the term ``garbage``. (#GH126596)
+
+- Fixed false memory leak reports involving placement new. (#GH144341)
+
+- Avoided unnecessary super region invalidation in ``CStringChecker``.
+  (#GH146212, #GH143807)
+
+- Enhanced handling of tainted division-by-zero error paths. (#GH144491)
 
 Moved checkers
 ^^^^^^^^^^^^^^
@@ -1246,6 +1323,9 @@ Moved checkers
   checker ``alpha.security.ArrayBound`` (which was searching for the same kind
   of bugs with an different, simpler and less accurate algorithm) is removed.
 
+- Moved checker ``alpha.core.FixedAddressDereference`` out of the ``alpha`` package
+  to ``core.FixedAddressDereference ``. (#GH132404)
+
 .. _release-notes-sanitizers:
 
 Sanitizers
>From 767fe4d8e88ddf6cd718b1320221fa85c7fb8ab8 Mon Sep 17 00:00:00 2001
From: Balazs Benics <benicsbalazs at gmail.com>
Date: Thu, 21 Aug 2025 13:59:35 +0200
Subject: [PATCH 2/6] Drop trailing space from link
---
 clang/docs/ReleaseNotes.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index a8fd4b174cf7c..3814478aa9f29 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -1324,7 +1324,7 @@ Moved checkers
   of bugs with an different, simpler and less accurate algorithm) is removed.
 
 - Moved checker ``alpha.core.FixedAddressDereference`` out of the ``alpha`` package
-  to ``core.FixedAddressDereference ``. (#GH132404)
+  to ``core.FixedAddressDereference``. (#GH132404)
 
 .. _release-notes-sanitizers:
 
>From fff9d58a1edde25edfcae07abec17da708a3d2a7 Mon Sep 17 00:00:00 2001
From: Balazs Benics <benicsbalazs at gmail.com>
Date: Fri, 22 Aug 2025 10:37:46 +0200
Subject: [PATCH 3/6] Drop irrelevant parts
---
 clang/docs/ReleaseNotes.rst | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index 3814478aa9f29..0ee0b7161bbb0 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -1320,8 +1320,7 @@ Moved checkers
 
 - After lots of improvements, the checker ``alpha.security.ArrayBoundV2`` is
   renamed to ``security.ArrayBound``. As this checker is stable now, the old
-  checker ``alpha.security.ArrayBound`` (which was searching for the same kind
-  of bugs with an different, simpler and less accurate algorithm) is removed.
+  checker ``alpha.security.ArrayBound`` is removed.
 
 - Moved checker ``alpha.core.FixedAddressDereference`` out of the ``alpha`` package
   to ``core.FixedAddressDereference``. (#GH132404)
>From a1a1d109b94ec7c9cc0a1a5272d973f4c407fa37 Mon Sep 17 00:00:00 2001
From: Balazs Benics <benicsbalazs at gmail.com>
Date: Fri, 22 Aug 2025 10:38:07 +0200
Subject: [PATCH 4/6] Combine sections about FixedAddressDereference
---
 clang/docs/ReleaseNotes.rst | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index 0ee0b7161bbb0..eb9594dda2282 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -1237,9 +1237,9 @@ New features
   <https://clang.llvm.org/doxygen/CheckerDocumentation_8cpp_source.html>`_
   (#GH140924)
 
-- Added a new experimental checker ``alpha.core.FixedAddressDereference`` to detect
+- Added a new experimental checker ``core.FixedAddressDereference`` to detect
   dereferences of fixed addresses, which can be useful for finding hard-coded memory
-  accesses. (#GH127191)
+  accesses. (#GH127191, #GH132404)
 
 Crash and bug fixes
 ^^^^^^^^^^^^^^^^^^^
@@ -1322,9 +1322,6 @@ Moved checkers
   renamed to ``security.ArrayBound``. As this checker is stable now, the old
   checker ``alpha.security.ArrayBound`` is removed.
 
-- Moved checker ``alpha.core.FixedAddressDereference`` out of the ``alpha`` package
-  to ``core.FixedAddressDereference``. (#GH132404)
-
 .. _release-notes-sanitizers:
 
 Sanitizers
>From ddfae06aa620f32911c22f732212b1d8aefe77de Mon Sep 17 00:00:00 2001
From: Balazs Benics <benicsbalazs at gmail.com>
Date: Mon, 25 Aug 2025 13:23:40 +0200
Subject: [PATCH 5/6] Accept reviewer suggestions
---
 clang/docs/ReleaseNotes.rst | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index 42b4a9e89b6d7..ac8de1b86ce9a 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -1254,8 +1254,8 @@ New features
   <https://clang.llvm.org/doxygen/CheckerDocumentation_8cpp_source.html>`_
   (#GH140924)
 
-- Added a new experimental checker ``core.FixedAddressDereference`` to detect
-  dereferences of fixed addresses, which can be useful for finding hard-coded memory
+- Added a new checker ``core.FixedAddressDereference`` to detect dereferences
+  of fixed addresses, which can be useful for finding hard-coded memory
   accesses. (#GH127191, #GH132404)
 
 Crash and bug fixes
@@ -1314,7 +1314,8 @@ Improvements
 - Added support for ``consteval`` in ``ConditionBRVisitor::VisitTerminator``.
   (#GH146859, #GH139130)
 
-- Enhanced handling of C standard streams in internal memory space. (#GH147766)
+- C standard streams are no longer invalidated by all C library function calls.
+  (#GH147766)
 
 - Enhanced store management with region-store-binding-limit to improve performance.
   See `region-store-max-binding-fanout
>From 206846668cbf4c82da055c2207628dce3f64de43 Mon Sep 17 00:00:00 2001
From: Balazs Benics <benicsbalazs at gmail.com>
Date: Tue, 26 Aug 2025 11:54:08 +0200
Subject: [PATCH 6/6] Use checker names; use past tense
---
 clang/docs/ReleaseNotes.rst | 25 +++++++++++++------------
 1 file changed, 13 insertions(+), 12 deletions(-)
diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index 4c0256bcb6598..9400be296e7c2 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -1268,7 +1268,7 @@ Crash and bug fixes
 - Dropped an unjustified assertion, that was triggered in ``BugReporterVisitors.cpp``
   for variable initialization detection. (#GH125044)
 
-- Fixed a crash in ``UnixAPIMisuseChecker`` and ``MallocChecker`` when analyzing
+- Fixed a crash in ``unix.API`` and ``unix.Malloc`` when analyzing
   code with non-standard ``getline`` or ``getdelim`` function signatures. (#GH144884)
 
 - Fixed crashes involving ``__builtin_bit_cast``. (#GH139188)
@@ -1276,7 +1276,7 @@ Crash and bug fixes
 - ``__datasizeof`` (C++) and ``_Countof`` (C) no longer cause a failed assertion
   when given an operand of VLA type. (#GH151711)
 
-- Fixed a crash in ``CastSizeChecker``. (#GH134387)
+- Fixed a crash in ``alpha.core.CastSize``. (#GH134387)
 
 - Some ``cplusplus.PlacementNew`` false positives were fixed. (#GH150161)
 
@@ -1289,27 +1289,27 @@ Improvements
 - The checker option ``optin.cplusplus.VirtualCall:PureOnly`` was removed,
   because it had been deprecated since 2019. (#GH131823)
 
-- Enhanced the ``StackAddrEscapeChecker`` to detect more cases of stack address
+- Enhanced the ``core.StackAddressEscape`` to detect more cases of stack address
   escapes, including return values for child stack frames. (#GH126620, #GH126986)
 
-- Improved the ``BlockInCriticalSectionChecker`` to recognize ``O_NONBLOCK``
+- Improved the ``unix.BlockInCriticalSection`` to recognize ``O_NONBLOCK``
   streams and suppress reports in those cases. (#GH127049)
 
 - Better support for lambda-converted function pointers in analysis. (#GH144906)
 
-- Improved modeling of ``getcwd`` function in ``StdCLibraryFunctions`` checker.
+- Improved modeling of ``getcwd`` function in ``unix.StdCLibraryFunctions`` checker.
   (#GH141076)
 
-- Enhanced the ``EnumCastOutOfRange`` checker to ignore ``[[clang::flag_enum]]``
+- Enhanced the ``optin.core.EnumCastOutOfRange`` checker to ignore ``[[clang::flag_enum]]``
   enums. (#GH141232)
 
 - Improved handling of structured bindings captured by lambdas. (#GH132579, #GH91835)
 
-- Fixed unnamed bitfield handling in ``UninitializedObjectChecker``. (#GH132427, #GH132001)
+- Fixed unnamed bitfield handling in ``optin.cplusplus.UninitializedObject``. (#GH132427, #GH132001)
 
 - Enhanced iterator checker modeling for ``insert`` operations. (#GH132596)
 
-- Improved ``format`` attribute handling in ``GenericTaintChecker``. (#GH132765)
+- Improved ``format`` attribute handling in ``optin.taint.GenericTaint``. (#GH132765)
 
 - Added support for ``consteval`` in ``ConditionBRVisitor::VisitTerminator``.
   (#GH146859, #GH139130)
@@ -1328,17 +1328,18 @@ Improvements
 
 - Fixed false memory leak reports involving placement new. (#GH144341)
 
-- Avoided unnecessary super region invalidation in ``CStringChecker``.
+- Avoided unnecessary super region invalidation in ``unix.cstring.*`` checkers.
   (#GH146212, #GH143807)
 
-- Enhanced handling of tainted division-by-zero error paths. (#GH144491)
+- Enhanced handling of tainted division-by-zero error paths in the
+  ``optin.taint.TaintedDiv`` checker. (#GH144491)
 
 Moved checkers
 ^^^^^^^^^^^^^^
 
-- After lots of improvements, the checker ``alpha.security.ArrayBoundV2`` is
+- After lots of improvements, the checker ``alpha.security.ArrayBoundV2`` was
   renamed to ``security.ArrayBound``. As this checker is stable now, the old
-  checker ``alpha.security.ArrayBound`` is removed.
+  checker ``alpha.security.ArrayBound`` was removed.
 
 .. _release-notes-sanitizers:
 
    
    
More information about the llvm-branch-commits
mailing list