Release notes for checker-XXX builds
checker-276
built: February 19, 2014 download: checker-276.tar.bz2
highlights:
- Includes about 9 months of change to Clang itself (improved C++11/14 support, etc.)
- More precise modeling of Objective-C properties, which enables the analyzer to find more bugs.
- Includes a new "missing call to super" warning, which looks for common pattern in iOS/OSX APIs that require chaining a call to a super class's implementation of a method.
- Accepts -arch arm64 (which may be passed by Xcode 5.0), but for the time being analyzes code in such cases as -arch armv7s.
- Many sundry fixes, improvements to C++ support, etc.
checker-275
built: May 23, 2013 download: checker-275.tar.bz2
highlights:
- Xcode: Includes a new arrow layout algorithm for issue presentation within Xcode. The goal is for interprocedural bug reports to look cleaner and less busy (and easier to read). Feedback appreciated.
- Xcode: Bugs that occur within header code (e.g., C++) are now reported within the callers in the main source file. For example, if you misuse a C++ function declared in a header the primary diagnostic will be in the caller (in the main source file). The full expanded path, however, will show the bug in the header code as well. These kind of cross-file issues are currently only support by Xcode, not the HTML output.
- This build is built with LLVM's Link-Time Optimization (LTO), which should make it slightly faster.
- LTO also reduces the download size (about 19% smaller than checker-274).
- Many sundry fixes.
checker-274
built: April 23, 2013 download: checker-274.tar.bz2
highlights:
- Improved use-after-free and mismatched deallocator checking.
- Diagnostic polish.
- Fixes crashes found in checker-273.
checker-273
built: April 8, 2013 download: checker-273.tar.bz2
highlights:
- Additional checks for misuse of Foundation collection APIs.
- New C++ checker for attempting to create a reference to null.
- New use-after-free checker for C++ 'delete'.
- New checker for simple cases of mismatched allocators and deallocators, e.g. "delete malloc(4);"
- Support for basic interprocedural analysis of C++ destructors.
- Additional heuristics for suppressing null pointer false positives.
- Misc. bug fixes and performance enhancements.
checker-272
built: March 1, 2013
highlights:
- Better modeling of C++ constructors:
- Interprocedural analysis support for constructors of types with trivial destructors
- Efficient model of trivial copy and move constructors
- Better diagnostics for loops that execute 0 times
- Fixes a linking issue that prevented the checker from running on OS X v10.6 and earlier
- Fixes for misc. crashes and false positives
checker-271
built: February 8, 2013
highlights:
- Faster analysis for scan-build xcodebuild when using Xcode 4.6 and higher:
- scan-build now uses Xcode's built-in interposition mechanism for the static analyzer to provide faster builds while doing static analysis (PCH files are now built).
- This change also allows scan-build to have better support for iOS project analysis without having to specifying weird SDK settings to scan-build.
- Better diagnostics for implicitly-defined member functions in C++.
- New warning for malloc/free checker when passing malloc'ed pointer with non-zero offset to free().
- Fixes for misc. parser crashes.
- Newer than the static analyzer version in Xcode 4.6
checker-270
built: January 4, 2013
highlights:
- Major performance enhancements to speed up interprocedural analysis.
- Misc. bug fixes.
checker-269
built: September 25, 2012
highlights:
- Significantly improves interprocedural analysis for Objective-C.
- Numerous bug fixes and heuristics to reduce false positives reported over checker-268.
checker-268
built: September 11, 2012
highlights:
- Adds initial interprocedural analysis support for C++ and Objective-C. This will greatly improve analysis coverage and find deeper bugs in Objective-C and C++ code.
- Contains a static analyzer newer than Xcode 4.4.
NOTE: this checker build includes a huge number of changes. It has the potential to find many more bugs, but may report new kinds of false positives. We'd like to know about these, and any other problems you encounter. When you encounter an issue, please file a bug report.
checker-267
built: June 1, 2012
highlights:
Adds basic interprocedural analysis support for blocks.
checker-266
built: May 23, 2012
highlights:
Contains numerous stability fixes over checker-266, especially when analyzing C++11 code.
checker-265
built: May 8, 2012
highlights:
This release contains a fix for a major crasher introduced in checker-264, and various refinements to improve the precision and reduce the false positive rate of the analyzer. It also enables a new unix.MallocSizeof check, which reports inconsistencies between the casted type of the return value of a 'malloc/calloc/realloc' call and the operand of sizeof expressions contained within its argument(s).
checker-264
built: April 26, 2012
highlights:
This release contains misc. bug fixes and performance enhancements over checker-263, including a reduction of some kinds of false positives related to the malloc() checker.
checker-263
built: March 22, 2012
highlights:
- Fixes several serious bugs with inter-procedural analysis, including a case where retain/releases would be "double-counted".
checker-262
built: March 15, 2012
highlights:
- Enables experimental interprocedural analysis (within a file), which greatly amplifies the analyzer's ability to find issues.
- Many bug fixes to the malloc/free checker.
- Support for new Objective-C NSArray/NSDictionary/NSNumber literals syntax, and Objective-C container subscripting.
NOTE: This build contains new interprocedural analysis that allows the analyzer to find more complicated bugs that span function boundaries. It may have problems, performance issues, etc. We'd like to hear about them.
checker-261
built: February 22, 2012
highlights:
- Contains a new experimental malloc/free checker.
- Better support for projects using ARC.
- Warns about null pointers passed as arguments to C string functions.
- Warns about common anti-patterns in 'strncat' size argument, which can lead to buffer overflows.
- set-xcode-analyzer now supports self-contained Xcode.app (Xcode 4.3 and later).
- Contains a newer version of the analyzer than Xcode 4.3.
- Misc. bug fixes and performance work.
checker-260
built: January 25, 2012
highlights:
This is essentially the same as checker-259, but enables the following experimental checkers (please provide feedback):
- Warns about unsafe uses of CFArrayCreate, CFSetCreate, and CFDictionaryCreate
- Warns about unsafe uses of getpw, gets, which are sources of buffer overflows
- Warns about unsafe uses of mktemp and mktemps, which can lead to insecure temporary files
- Warns about unsafe uses of vfork, which is insecure to use
- Warns about not checking the return values of setuid, setgid, seteuid, setegid, setreuid, setregid (another security issue)
checker-259
built: January 25, 2012
highlights:
- Contains a newer version of the analyzer than the one shipped in Xcode 4.2.
- Significant performance optimizations to reduce memory usage of the analyzer.
- Tweaks to scan-build to have it work more easily with Xcode projects using Clang.
- Numerous bug fixes to better support code using ARC.
checker-258
built: October 13, 2011
highlights:
- Contains a newer version of the analyzer than the one shipped in Xcode 4.2.
- Adds a new security checker for looking at correct uses of the Mac OS KeyChain API.
- Supports ARC (please file bugs where you see issues)
- Major under-the-cover changes. This should result in more precise results in some cases, but this is laying the groundwork for major improvements. Please file bugs where you see regressions or issues.
checker-257
built: May 25, 2011
highlights:
- The analyzer is now far more aggressive with checking conformance with Core Foundation conventions. Any function that returns a CF type must now obey the Core Foundation naming conventions, or use the cf_returns_retained or cf_returns_not_retained annotations.
- Fixed a serious regression where the analyzer would not analyze Objective-C methods in class extensions.
- Misc. bug fixes to improve analyzer precision.
checker-256
built: April 13, 2011
highlights:
- Lots of bug fixes and improvements to analyzer precision (fewer false positives, possibly more bugs found).
- Introductory analysis support for C++ and Objective-C++.
This build contains basic support for C++ and Objective-C++ that is ready to be tried out by general users. It is still in its infancy, but establishes a baseline for things to come. The main hope is that it can find some issues and have a reasonable false positive rate.
Please file bugs when you see issues of any kind so we can assess where development on C++ analysis support needs to be focused.
To try out C++ analysis support, it should work out of the box using scan-build. If you are using this checker build as a replacement to the analyzer bundled with Xcode, first use the set-xcode-analyzer script to change Xcode to use your version of the analyzer. You will then need to modify one configuration file in Xcode to enable C++ analysis support. This can be done with the following steps:
- Find the clang .xcspec file:
$ cd /Developer/Library $ find . | grep xcspec | grep Clang ./Xcode/<SNIP>/Clang LLVM 1.0.xcplugin/Contents/Resources/Clang LLVM 1.0.xcspec
- The exact location of the file may vary depending on your installation of Xcode. Edit that file, and look for the string "--analyze":
SourceFileOption = "--analyze"; FileTypes = ( "sourcecode.c.c", "sourcecode.c.objc", ); ...
Change the "FileTypes" entry to:FileTypes = ( "sourcecode.c.c", "sourcecode.c.objc", "sourcecode.cpp.cpp", "sourcecode.cpp.objcpp", );
- Restart Xcode.
checker-255
built: February 11, 2011
highlights:
- Mac OS X builds are now Intel i386 and x86_64 only (no ppc support)
- Turns on new -init method checker by default
- Reduces memory usage of analyzer by 10%
- Misc. fixes to reduce false positives on dead stores and idempotent operations.
checker-254
built: January 27, 2011
highlights:
- Introduces new -init method checker to check if a super class's init method is properly called.
- Objective-C retain/release checker now reasons about calls to property accessor methods (setter/getter).
- Introduces new attribute ns_consumes_self to educate the Objective-C retain/release checker about custom "init-like" methods that do not follow the standard Cocoa naming conventions.
- Introduces new attributes ns_consumed and cf_consumed to educate the Objective-C retain/release checker about methods/functions that decrement the reference count of a parameter.