1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" 2 "http://www.w3.org/TR/html4/strict.dtd"> 3 <html> 4 <head> 5 <title>Release notes for checker-XXX builds</title> 6 <link type="text/css" rel="stylesheet" href="menu.css"> 7 <link type="text/css" rel="stylesheet" href="content.css"> 8 <script type="text/javascript" src="scripts/menu.js"></script> 9 </head> 10 <body> 11 12 <div id="page"> 13 <!--#include virtual="menu.html.incl"--> 14 <div id="content"> 15 16 <h1>Release notes for <tt>checker-XXX</tt> builds</h1> 17 18 <h4 id="checker_267">checker-267</h4> 19 <p><b>built:</b> June 1, 2012</br> 20 <b>download:</b> <a href="http://bit.ly/OIdyI7">checker-267.tar.bz2</a></p> 21 <p><b>highlights:</b></p> 22 23 <p>Adds basic interprocedural analysis support for blocks.</p> 24 25 <h4 id="checker_266">checker-266</h4> 26 <p><b>built:</b> May 23, 2012</br> 27 <b>download:</b> <a href="http://bit.ly/LgtUWx">checker-266.tar.bz2</a></p> 28 <p><b>highlights:</b></p> 29 30 <p>Contains numerous stability fixes over checker-266, especially when analyzing C++11 code.</p> 31 32 <h4 id="checker_265">checker-265</h4> 33 <p><b>built:</b> May 8, 2012</br> 34 <b>download:</b> <a href="http://bit.ly/JceZBE">checker-265.tar.bz2</a></p> 35 <p><b>highlights:</b></p> 36 37 <p>This release contains a fix for a major crasher introduced in checker-264, and various refinements to 38 improve the precision and reduce the false positive rate of the analyzer. It also enables a new unix.MallocSizeof check, which reports 39 inconsistencies between the casted type of the return value of a 'malloc/calloc/realloc' call and the operand 40 of sizeof expressions contained within its argument(s).</p> 41 42 <h4 id="checker_264">checker-264</h4> 43 44 <p><b>built:</b> April 26, 2012</br> 45 <b>download:</b> <a href="http://bit.ly/JATSI8">checker-264.tar.bz2</a></p> 46 <p><b>highlights:</b></p> 47 48 <p>This release contains misc. bug fixes and performance enhancements over checker-263, including 49 a reduction of some kinds of false positives related to the malloc() checker.</p> 50 51 <h4 id="checker_263">checker-263</h4> 52 53 <p><b>built:</b> March 22, 2012</br> 54 <p><b>highlights:</b></p> 55 56 <ul> 57 <li>Fixes several serious bugs with inter-procedural analysis, including a case where retain/releases would be "double-counted".</li> 58 </ul> 59 60 <h4 id="checker_262">checker-262</h4> 61 62 <p><b>built: </b>March 15, 2012</br> 63 <p><b>highlights:</b></p> 64 65 <ul> 66 <li>Enables experimental interprocedural analysis (within a file), which greatly amplifies the analyzer's ability to find issues.</li> 67 <li>Many bug fixes to the malloc/free checker.</li> 68 <li>Support for new Objective-C NSArray/NSDictionary/NSNumber literals syntax, and Objective-C container subscripting.</li> 69 </ul> 70 71 <p>NOTE: This build contains new interprocedural analysis that allows the analyzer to find more complicated bugs that span function boundaries. It may have problems, performance issues, etc. We'd like to <a href="/filing_bugs.html">hear about them</a>. 72 73 <h4 id="checker_261">checker-261</h4> 74 75 <p><b>built: </b>February 22, 2012<br> 76 <p><b>highlights:</b></p> 77 78 <ul> 79 <li>Contains a new experimental malloc/free checker.</li> 80 <li>Better support for projects using ARC.</li> 81 <li>Warns about null pointers passed as arguments to C string functions.</li> 82 <li>Warns about common anti-patterns in 'strncat' size argument, which can lead to buffer overflows.</li> 83 <li>set-xcode-analyzer now supports self-contained Xcode.app (Xcode 4.3 and later).</li> 84 <li>Contains a newer version of the analyzer than Xcode 4.3.</li> 85 <li>Misc. bug fixes and performance work.</li> 86 </ul> 87 88 <h4 id="checker_260">checker-260</h4> 89 90 <p><b>built: </b>January 25, 2012<br> 91 <p><b>highlights:</b></p> 92 93 <p>This is essentially the same as checker-259, but enables the following <i>experimental</i> checkers (please provide feedback):</p> 94 95 <ul> 96 <li>Warns about unsafe uses of CFArrayCreate, CFSetCreate, and CFDictionaryCreate</li> 97 <li>Warns about unsafe uses of getpw, gets, which are sources of buffer overflows</li> 98 <li>Warns about unsafe uses of mktemp and mktemps, which can lead to insecure temporary files</li> 99 <li>Warns about unsafe uses of vfork, which is <a href="https://www.securecoding.cert.org/confluence/display/seccode/POS33-C.+Do+not+use+vfork()">insecure</a> to use</li> 100 <li>Warns about not checking the return values of setuid, setgid, seteuid, setegid, setreuid, setregid (another security issue)</li> 101 </ul> 102 103 <h4 id="checker_259">checker-259</h4> 104 105 <p><b>built: </b>January 25, 2012<br> 106 <p><b>highlights:</b></p> 107 108 <ul> 109 <li>Contains a newer version of the analyzer than the one shipped in Xcode 4.2.</li> 110 <li>Significant performance optimizations to reduce memory usage of the analyzer.</li> 111 <li>Tweaks to scan-build to have it work more easily with Xcode projects using Clang.</li> 112 <li>Numerous bug fixes to better support code using ARC.</li> 113 </ul> 114 115 <h4 id="checker_258">checker-258</h4> 116 117 <p><b>built: </b>October 13, 2011<br> 118 <p><b>highlights:</b></p> 119 120 <ul> 121 <li>Contains a newer version of the analyzer than the one shipped in Xcode 4.2.</li> 122 <li>Adds a new security checker for looking at correct uses of the Mac OS KeyChain API.</li> 123 <li>Supports ARC (please file bugs where you see issues)</li> 124 <li>Major under-the-cover changes. This should result in more precise results in some cases, but this is laying the groundwork for major improvements. Please file bugs where you see regressions or issues.</li> 125 </ul> 126 127 <h4 id="checker_257">checker-257</h4> 128 129 <p><b>built: </b>May 25, 2011<br> 130 <p><b>highlights:</b></p> 131 132 <ul> 133 <li>The analyzer is now far more aggressive with checking conformance with Core Foundation conventions. Any function that returns a CF type must now obey the Core Foundation naming conventions, or use the <a href="/annotations.html#attr_cf_returns_retained">cf_returns_retained</a> or <a href="/annotations.html#attr_cf_returns_not_retained">cf_returns_not_retained</a> annotations.</li> 134 <li>Fixed a serious regression where the analyzer would not analyze Objective-C methods in class extensions.</li> 135 <li>Misc. bug fixes to improve analyzer precision. 136 </li> 137 </ul> 138 139 <h4 id="checker_256">checker-256</h4> 140 141 <p><b>built: </b>April 13, 2011<br> 142 <p><b>highlights:</b></p> 143 144 <ul> 145 <li>Lots of bug fixes and improvements to analyzer precision (fewer false positives, possibly more bugs found). 146 <li>Introductory analysis support for C++ and Objective-C++. 147 </ul> 148 149 <p>This build contains basic support for C++ and Objective-C++ that is ready to be tried out 150 by general users. It is still in its infancy, but establishes a baseline for things to come. The main hope is that it can find some 151 issues and have a reasonable false positive rate.</p> 152 153 <p><b>Please</b> <a href="/filing_bugs.html">file bugs</a> when you see issues of any kind so we can assess 154 where development on C++ analysis support needs to be focused.</p> 155 156 <p>To try out C++ analysis support, it should work out of the box using <tt>scan-build</tt>. If you are using this checker build 157 as a replacement to the analyzer bundled with Xcode, first use the <tt>set-xcode-analyzer</tt> script to <a href="/xcode.html">change Xcode to use 158 your version of the analyzer</a>. You will then need to modify one configuration file in Xcode to enable C++ analysis support. This can 159 be done with the following steps:</p> 160 161 <ol> 162 <li>Find the clang .xcspec file: 163 <pre>$ cd /Developer/Library 164 $ find . | grep xcspec | grep Clang 165 ./Xcode/<b><SNIP></b>/Clang LLVM 1.0.xcplugin/Contents/Resources/Clang LLVM 1.0.xcspec 166 </pre></li> 167 <li>The exact location of the file may vary depending on your installation of Xcode. Edit that file, and look for the string "--analyze": 168 <pre> 169 SourceFileOption = "--analyze"; 170 FileTypes = ( 171 "sourcecode.c.c", 172 "sourcecode.c.objc", 173 ); 174 ... 175 </pre> 176 Change the "FileTypes" entry to: 177 <pre> 178 FileTypes = ( 179 "sourcecode.c.c", 180 "sourcecode.c.objc", 181 "sourcecode.cpp.cpp", 182 "sourcecode.cpp.objcpp", 183 ); 184 </pre></li> 185 <li>Restart Xcode.</li> 186 </ol> 187 188 <h4 id="checker_255">checker-255</h4> 189 190 <p><b>built: </b> February 11, 2011<br> 191 <p><b>highlights:</b></p> 192 193 <ul> 194 <li>Mac OS X builds are now Intel <tt>i386</tt> and <tt>x86_64</tt> only (no <tt>ppc</tt> support)</li> 195 <li>Turns on new <tt>-init</tt> method checker by default</li> 196 <li>Reduces memory usage of analyzer by 10%</li> 197 <li>Misc. fixes to reduce false positives on dead stores and idempotent operations.</li> 198 </ul> 199 200 <h4 id="checker_254">checker-254</h4> 201 202 <p><b>built: </b> January 27, 2011<br> 203 <p><b>highlights:</b></p> 204 205 <ul> 206 <li>Introduces new <tt>-init</tt> method checker to check if a super class's init method is properly called.</li> 207 <li>Objective-C retain/release checker now reasons about calls to property accessor methods (setter/getter).</li> 208 <li>Introduces new attribute <a href="annotations.html#attr_ns_consumes_self">ns_consumes_self</a> to educate the Objective-C retain/release checker about custom "init-like" methods that do not follow the standard Cocoa naming conventions.</li> 209 <li>Introduces new attributes <a href="annotations.html#attr_ns_consumed">ns_consumed</a> and <a href="annotations.html#attr_cf_consumed">cf_consumed</a> to educate the Objective-C retain/release checker about methods/functions that decrement the reference count of a parameter.</li> 210 </ul> 211 212 </div> 213 </div> 214 </body> 215 </html> 216 217
