1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" 2 "http://www.w3.org/TR/html4/strict.dtd"> 3 <html> 4 <head> 5 <title>Alpha Checks</title> 6 <link type="text/css" rel="stylesheet" href="menu.css"> 7 <link type="text/css" rel="stylesheet" href="content.css"> 8 <script type="text/javascript" src="scripts/menu.js"></script> 9 <script type="text/javascript" src="scripts/expandcollapse.js"></script> 10 <style type="text/css"> 11 tr:first-child { width:20%; } 12 </style> 13 </head> 14 <body onload="initExpandCollapse()"> 15 16 <div id="page"> 17 <!--#include virtual="menu.html.incl"--> 18 19 <div id="content"> 20 <h1>Alpha Checkers</h1> 21 Experimental checkers in addition to the <a href = "available_checks.html"> 22 Default Checkers</a>. These are checkers with known issues or limitations that 23 keep them from being on by default. They are likely to have false positives. 24 Bug reports are welcome but will likely not be investigated for some time. 25 Patches welcome! 26 <ul> 27 <li><a href="#core_alpha_checkers">Core Alpha Checkers</a></li> 28 <li><a href="#cplusplus_alpha_checkers">C++ Alpha Checkers</a></li> 29 <li><a href="#deadcode_alpha_checkers">Dead Code Alpha Checkers</a></li> 30 <li><a href="#osx_alpha_checkers">OS X Alpha Checkers</a></li> 31 <li><a href="#security_alpha_checkers">Security Alpha Checkers</a></li> 32 <li><a href="#unix_alpha_checkers">Unix Alpha Checkers</a></li> 33 </ul> 34 35 <!------------------------------ core alpha -----------------------------------> 36 <h3 id="core_alpha_checkers">Core Alpha Checkers</h3> 37 <table class="checkers"> 38 <colgroup><col class="namedescr"><col class="example"></colgroup> 39 <thead><tr><td>Name, Description</td><td>Example</td></tr></thead> 40 41 <tbody> 42 <tr><td><div class="namedescr expandable"><span class="name"> 43 alpha.core.BoolAssignment</span><span class="lang"> 44 (ObjC)</span><div class="descr"> 45 Warn about assigning non-{0,1} values to boolean variables.</div></div></td> 46 <td><div class="exampleContainer expandable"> 47 <div class="example"><pre> 48 void test() { 49 BOOL b = -1; // warn 50 } 51 </pre></div></div></td></tr> 52 53 54 <tr><td><div class="namedescr expandable"><span class="name"> 55 alpha.core.CastSize</span><span class="lang"> 56 (C)</span><div class="descr"> 57 Check when casting a malloc'ed type T, whether the size is a multiple of the 58 size of T (Works only with <span class="name">unix.Malloc</span> 59 or <span class="name">alpha.unix.MallocWithAnnotations</span> 60 checks enabled).</div></div></td> 61 <td><div class="exampleContainer expandable"> 62 <div class="example"><pre> 63 void test() { 64 int *x = (int *)malloc(11); // warn 65 } 66 </pre></div></div></td></tr> 67 68 69 <tr><td><div class="namedescr expandable"><span class="name"> 70 alpha.core.CastToStruct</span><span class="lang"> 71 (C, C++)</span><div class="descr"> 72 Check for cast from non-struct pointer to struct pointer.</div></div></td> 73 <td><div class="exampleContainer expandable"> 74 <div class="example"><pre> 75 // C 76 struct s {}; 77 78 void test(int *p) { 79 struct s *ps = (struct s *) p; // warn 80 } 81 </pre></div><div class="separator"></div> 82 <div class="example"><pre> 83 // C++ 84 class c {}; 85 86 void test(int *p) { 87 c *pc = (c *) p; // warn 88 } 89 </pre></div></div></td></tr> 90 91 92 <tr><td><div class="namedescr expandable"><span class="name"> 93 alpha.core.FixedAddr</span><span class="lang"> 94 (C)</span><div class="descr"> 95 Check for assignment of a fixed address to a pointer.</div></div></td> 96 <td><div class="exampleContainer expandable"> 97 <div class="example"><pre> 98 void test() { 99 int *p; 100 p = (int *) 0x10000; // warn 101 } 102 </pre></div></div></td></tr> 103 104 105 <tr><td><div class="namedescr expandable"><span class="name"> 106 alpha.core.IdenticalExpr</span><span class="lang"> 107 (C, C++)</span><div class="descr"> 108 Warn about suspicious uses of identical expressions.</div></div></td> 109 <td><div class="exampleContainer expandable"> 110 <div class="example"><pre> 111 // C 112 void test() { 113 int a = 5; 114 int b = a | 4 | a; // warn: identical expr on both sides 115 } 116 </pre></div><div class="separator"></div> 117 <div class="example"><pre> 118 // C++ 119 bool f(void); 120 121 void test(bool b) { 122 int i = 10; 123 if (f()) { // warn: true and false branches are identical 124 do { 125 i--; 126 } while (f()); 127 } else { 128 do { 129 i--; 130 } while (f()); 131 } 132 } 133 </pre></div></div></td></tr> 134 135 136 <tr><td><div class="namedescr expandable"><span class="name"> 137 alpha.core.PointerArithm</span><span class="lang"> 138 (C)</span><div class="descr"> 139 Check for pointer arithmetic on locations other than array 140 elements.</div></div></td> 141 <td><div class="exampleContainer expandable"> 142 <div class="example"><pre> 143 void test() { 144 int x; 145 int *p; 146 p = &x + 1; // warn 147 } 148 </pre></div></div></td></tr> 149 150 151 <tr><td><div class="namedescr expandable"><span class="name"> 152 alpha.core.PointerSub</span><span class="lang"> 153 (C)</span><div class="descr"> 154 Check for pointer subtractions on two pointers pointing to different memory 155 chunks.</div></div></td> 156 <td><div class="exampleContainer expandable"> 157 <div class="example"><pre> 158 void test() { 159 int x, y; 160 int d = &y - &x; // warn 161 } 162 </pre></div></div></td></tr> 163 164 165 <tr><td><div class="namedescr expandable"><span class="name"> 166 alpha.core.SizeofPtr</span><span class="lang"> 167 (C)</span><div class="descr"> 168 Warn about unintended use of <code>sizeof()</code> on pointer 169 expressions.</div></div></td> 170 <td><div class="exampleContainer expandable"> 171 <div class="example"><pre> 172 struct s {}; 173 174 int test(struct s *p) { 175 return sizeof(p); 176 // warn: sizeof(ptr) can produce an unexpected result 177 } 178 </pre></div></div></td></tr> 179 180 </tbody></table> 181 182 <!--------------------------- cplusplus alpha ---------------------------------> 183 <h3 id="cplusplus_alpha_checkers">C++ Alpha Checkers</h3> 184 <table class="checkers"> 185 <colgroup><col class="namedescr"><col class="example"></colgroup> 186 <thead><tr><td>Name, Description</td><td>Example</td></tr></thead> 187 188 <tbody> 189 <tr><td><div class="namedescr expandable"><span class="name"> 190 alpha.cplusplus.NewDeleteLeaks</span><span class="lang"> 191 (C++)</span><div class="descr"> 192 Check for memory leaks. Traces memory managed by <code>new</code>/<code> 193 delete</code>.</div></div></td> 194 <td><div class="exampleContainer expandable"> 195 <div class="example"><pre> 196 void test() { 197 int *p = new int; 198 } // warn 199 </pre></div></div></td></tr> 200 201 202 <tr><td><div class="namedescr expandable"><span class="name"> 203 alpha.cplusplus.VirtualCall</span><span class="lang"> 204 (C++)</span><div class="descr"> 205 Check virtual member function calls during construction or 206 destruction.</div></div></td> 207 <td><div class="exampleContainer expandable"> 208 <div class="example"><pre> 209 class A { 210 public: 211 A() { 212 f(); // warn 213 } 214 virtual void f(); 215 }; 216 </pre></div><div class="separator"></div> 217 <div class="example"><pre> 218 class A { 219 public: 220 ~A() { 221 this->f(); // warn 222 } 223 virtual void f(); 224 }; 225 </pre></div></div></td></tr> 226 227 </tbody></table> 228 229 <!--------------------------- dead code alpha ---------------------------------> 230 <h3 id="deadcode_alpha_checkers">Dead Code Alpha Checkers</h3> 231 <table class="checkers"> 232 <colgroup><col class="namedescr"><col class="example"></colgroup> 233 <thead><tr><td>Name, Description</td><td>Example</td></tr></thead> 234 235 <tbody> 236 <tr><td><div class="namedescr expandable"><span class="name"> 237 alpha.deadcode.UnreachableCode</span><span class="lang"> 238 (C, C++, ObjC)</span><div class="descr"> 239 Check unreachable code.</div></div></td> 240 <td><div class="exampleContainer expandable"> 241 <div class="example"><pre> 242 // C 243 int test() { 244 int x = 1; 245 while(x); 246 return x; // warn 247 } 248 </pre></div><div class="separator"></div> 249 <div class="example"><pre> 250 // C++ 251 void test() { 252 int a = 2; 253 254 while (a > 1) 255 a--; 256 257 if (a > 1) 258 a++; // warn 259 } 260 </pre></div><div class="separator"></div> 261 <div class="example"><pre> 262 // Objective-C 263 void test(id x) { 264 return; 265 [x retain]; // warn 266 } 267 </pre></div></div></td></tr> 268 </tbody></table> 269 270 <!---------------------------- OS X alpha --------------------------------------> 271 <h3 id="osx_alpha_checkers">OS X Alpha Checkers</h3> 272 <table class="checkers"> 273 <colgroup><col class="namedescr"><col class="example"></colgroup> 274 <thead><tr><td>Name, Description</td><td>Example</td></tr></thead> 275 276 <tbody> 277 <tr><td><div class="namedescr expandable"><span class="name"> 278 alpha.osx.cocoa.Dealloc</span><span class="lang"> 279 (ObjC)</span><div class="descr"> 280 Warn about Objective-C classes that lack a correct implementation 281 of <code>-dealloc</code>. 282 </div></div></td> 283 <td><div class="exampleContainer expandable"> 284 <div class="example"><pre> 285 @interface MyObject : NSObject { 286 id _myproperty; 287 } 288 @end 289 290 @implementation MyObject // warn: lacks 'dealloc' 291 @end 292 </pre></div><div class="separator"></div> 293 <div class="example"><pre> 294 @interface MyObject : NSObject {} 295 @property(assign) id myproperty; 296 @end 297 298 @implementation MyObject // warn: does not send 'dealloc' to super 299 - (void)dealloc { 300 self.myproperty = 0; 301 } 302 @end 303 </pre></div><div class="separator"></div> 304 <div class="example"><pre> 305 @interface MyObject : NSObject { 306 id _myproperty; 307 } 308 @property(retain) id myproperty; 309 @end 310 311 @implementation MyObject 312 @synthesize myproperty = _myproperty; 313 // warn: var was retained but wasn't released 314 - (void)dealloc { 315 [super dealloc]; 316 } 317 @end 318 </pre></div><div class="separator"></div> 319 <div class="example"><pre> 320 @interface MyObject : NSObject { 321 id _myproperty; 322 } 323 @property(assign) id myproperty; 324 @end 325 326 @implementation MyObject 327 @synthesize myproperty = _myproperty; 328 // warn: var wasn't retained but was released 329 - (void)dealloc { 330 [_myproperty release]; 331 [super dealloc]; 332 } 333 @end 334 </pre></div></div></td></tr> 335 336 337 <tr><td><div class="namedescr expandable"><span class="name"> 338 alpha.osx.cocoa.DirectIvarAssignment</span><span class="lang"> 339 (ObjC)</span><div class="descr"> 340 Check that Objective C properties follow the following rule: the property 341 should be set with the setter, not though a direct assignment.</div></div></td> 342 <td><div class="exampleContainer expandable"> 343 <div class="example"><pre> 344 @interface MyClass : NSObject {} 345 @property (readonly) id A; 346 - (void) foo; 347 @end 348 349 @implementation MyClass 350 - (void) foo { 351 _A = 0; // warn 352 } 353 @end 354 </pre></div></div></td></tr> 355 356 357 <tr><td><div class="namedescr expandable"><span class="name"> 358 alpha.osx.cocoa.DirectIvarAssignmentForAnnotatedFunctions</span><span class="lang"> 359 (ObjC)</span><div class="descr"> 360 Check for direct assignments to instance variables in the methods annotated 361 with <code>objc_no_direct_instance_variable_assignment</code>.</div></div></td> 362 <td><div class="exampleContainer expandable"> 363 <div class="example"><pre> 364 @interface MyClass : NSObject {} 365 @property (readonly) id A; 366 - (void) fAnnotated __attribute__(( 367 annotate("objc_no_direct_instance_variable_assignment"))); 368 - (void) fNotAnnotated; 369 @end 370 371 @implementation MyClass 372 - (void) fAnnotated { 373 _A = 0; // warn 374 } 375 - (void) fNotAnnotated { 376 _A = 0; // no warn 377 } 378 @end 379 </pre></div></div></td></tr> 380 381 382 <tr><td><div class="namedescr expandable"><span class="name"> 383 alpha.osx.cocoa.InstanceVariableInvalidation</span><span class="lang"> 384 (ObjC)</span><div class="descr"> 385 Check that the invalidatable instance variables are invalidated in the methods 386 annotated with <code>objc_instance_variable_invalidator</code>.</div></div></td> 387 <td><div class="exampleContainer expandable"> 388 <div class="example"><pre> 389 @protocol Invalidation <NSObject> 390 - (void) invalidate 391 __attribute__((annotate("objc_instance_variable_invalidator"))); 392 @end 393 394 @interface InvalidationImpObj : NSObject <Invalidation> 395 @end 396 397 @interface SubclassInvalidationImpObj : InvalidationImpObj { 398 InvalidationImpObj *var; 399 } 400 - (void)invalidate; 401 @end 402 403 @implementation SubclassInvalidationImpObj 404 - (void) invalidate {} 405 @end 406 // warn: var needs to be invalidated or set to nil 407 </pre></div></div></td></tr> 408 409 410 <tr><td><div class="namedescr expandable"><span class="name"> 411 alpha.osx.cocoa.MissingInvalidationMethod</span><span class="lang"> 412 (ObjC)</span><div class="descr"> 413 Check that the invalidation methods are present in classes that contain 414 invalidatable instance variables.</div></div></td> 415 <td><div class="exampleContainer expandable"> 416 <div class="example"><pre> 417 @protocol Invalidation <NSObject> 418 - (void)invalidate 419 __attribute__((annotate("objc_instance_variable_invalidator"))); 420 @end 421 422 @interface NeedInvalidation : NSObject <Invalidation> 423 @end 424 425 @interface MissingInvalidationMethodDecl : NSObject { 426 NeedInvalidation *Var; // warn 427 } 428 @end 429 430 @implementation MissingInvalidationMethodDecl 431 @end 432 </pre></div></div></td></tr> 433 434 </tbody></table> 435 436 <!------------------------- security alpha ------------------------------------> 437 <h3 id="security_alpha_checkers">Security Alpha Checkers</h3> 438 <table class="checkers"> 439 <colgroup><col class="namedescr"><col class="example"></colgroup> 440 <thead><tr><td>Name, Description</td><td>Example</td></tr></thead> 441 442 <tbody> 443 <tr><td><div class="namedescr expandable"><span class="name"> 444 alpha.security.ArrayBound</span><span class="lang"> 445 (C)</span><div class="descr"> 446 Warn about buffer overflows (older checker).</div></div></td> 447 <td><div class="exampleContainer expandable"> 448 <div class="example"><pre> 449 void test() { 450 char *s = ""; 451 char c = s[1]; // warn 452 } 453 </pre></div><div class="separator"></div> 454 <div class="example"><pre> 455 struct seven_words { 456 int c[7]; 457 }; 458 459 void test() { 460 struct seven_words a, *p; 461 p = &a; 462 p[0] = a; 463 p[1] = a; 464 p[2] = a; // warn 465 } 466 </pre></div><div class="separator"></div> 467 <div class="example"><pre> 468 // note: requires unix.Malloc or 469 // alpha.unix.MallocWithAnnotations checks enabled. 470 void test() { 471 int *p = malloc(12); 472 p[3] = 4; // warn 473 } 474 </pre></div><div class="separator"></div> 475 <div class="example"><pre> 476 void test() { 477 char a[2]; 478 int *b = (int*)a; 479 b[1] = 3; // warn 480 } 481 </pre></div></div></td></tr> 482 483 484 <tr><td><div class="namedescr expandable"><span class="name"> 485 alpha.security.ArrayBoundV2</span><span class="lang"> 486 (C)</span><div class="descr"> 487 Warn about buffer overflows (newer checker).</div></div></td> 488 <td><div class="exampleContainer expandable"> 489 <div class="example"><pre> 490 void test() { 491 char *s = ""; 492 char c = s[1]; // warn 493 } 494 </pre></div><div class="separator"></div> 495 <div class="example"><pre> 496 void test() { 497 int buf[100]; 498 int *p = buf; 499 p = p + 99; 500 p[1] = 1; // warn 501 } 502 </pre></div><div class="separator"></div> 503 <div class="example"><pre> 504 // note: compiler has internal check for this. 505 // Use -Wno-array-bounds to suppress compiler warning. 506 void test() { 507 int buf[100][100]; 508 buf[0][-1] = 1; // warn 509 } 510 </pre></div><div class="separator"></div> 511 <div class="example"><pre> 512 // note: requires alpha.security.taint check turned on. 513 void test() { 514 char s[] = "abc"; 515 int x = getchar(); 516 char c = s[x]; // warn: index is tainted 517 } 518 </pre></div></div></td></tr> 519 520 521 <tr><td><div class="namedescr expandable"><span class="name"> 522 alpha.security.MallocOverflow</span><span class="lang"> 523 (C)</span><div class="descr"> 524 Check for overflows in the arguments to <code>malloc()</code>.</div></div></td> 525 <td><div class="exampleContainer expandable"> 526 <div class="example"><pre> 527 void test(int n) { 528 void *p = malloc(n * sizeof(int)); // warn 529 } 530 </pre></div></div></td></tr> 531 532 533 <tr><td><div class="namedescr expandable"><span class="name"> 534 alpha.security.ReturnPtrRange</span><span class="lang"> 535 (C)</span><div class="descr"> 536 Check for an out-of-bound pointer being returned to callers.</div></div></td> 537 <td><div class="exampleContainer expandable"> 538 <div class="example"><pre> 539 static int A[10]; 540 541 int *test() { 542 int *p = A + 10; 543 return p; // warn 544 } 545 </pre></div><div class="separator"></div> 546 <div class="example"><pre> 547 int test(void) { 548 int x; 549 return x; // warn: undefined or garbage returned 550 } 551 </pre></div></div></td></tr> 552 553 554 <tr><td><div class="namedescr expandable"><span class="name"> 555 alpha.security.taint.TaintPropagation</span><span class="lang"> 556 (C)</span><div class="descr"> 557 Generate taint information used by other checkers.</div></div></td> 558 <td><div class="exampleContainer expandable"> 559 <div class="example"><pre> 560 void test() { 561 char x = getchar(); // 'x' marked as tainted 562 system(&x); // warn: untrusted data is passed to a system call 563 } 564 </pre></div><div class="separator"></div> 565 <div class="example"><pre> 566 // note: compiler internally checks if the second param to 567 // sprintf is a string literal or not. 568 // Use -Wno-format-security to suppress compiler warning. 569 void test() { 570 char s[10], buf[10]; 571 fscanf(stdin, "%s", s); // 's' marked as tainted 572 573 sprintf(buf, s); // warn: untrusted data as a format string 574 } 575 </pre></div><div class="separator"></div> 576 <div class="example"><pre> 577 void test() { 578 size_t ts; 579 scanf("%zd", &ts); // 'ts' marked as tainted 580 int *p = (int *)malloc(ts * sizeof(int)); 581 // warn: untrusted data as bufer size 582 } 583 </pre></div></div></td></tr> 584 585 </tbody></table> 586 587 <!--------------------------- unix alpha --------------------------------------> 588 <h3 id="unix_alpha_checkers">Unix Alpha Checkers</h3> 589 <table class="checkers"> 590 <colgroup><col class="namedescr"><col class="example"></colgroup> 591 <thead><tr><td>Name, Description</td><td>Example</td></tr></thead> 592 593 <tbody> 594 <tr><td><div class="namedescr expandable"><span class="name"> 595 alpha.unix.Chroot</span><span class="lang"> 596 (C)</span><div class="descr"> 597 Check improper use of <code>chroot</code>.</div></div></td> 598 <td><div class="exampleContainer expandable"> 599 <div class="example"><pre> 600 void f(); 601 602 void test() { 603 chroot("/usr/local"); 604 f(); // warn: no call of chdir("/") immediately after chroot 605 } 606 </pre></div></div></td></tr> 607 608 609 <tr><td><div class="namedescr expandable"><span class="name"> 610 alpha.unix.MallocWithAnnotations</span><span class="lang"> 611 (C)</span><div class="descr"> 612 Check for memory leaks, double free, and use-after-free problems. Assumes that 613 all user-defined functions which might free a pointer are 614 annotated.</div></div></td> 615 <td><div class="exampleContainer expandable"> 616 <div class="example"><pre> 617 void __attribute((ownership_returns(malloc))) *my_malloc(size_t); 618 619 void test() { 620 int *p = my_malloc(1); 621 } // warn: potential leak 622 </pre></div><div class="separator"></div> 623 <div class="example"><pre> 624 void __attribute((ownership_returns(malloc))) *my_malloc(size_t); 625 void __attribute((ownership_takes(malloc, 1))) my_free(void *); 626 627 void test() { 628 int *p = my_malloc(1); 629 my_free(p); 630 my_free(p); // warn: attempt to free released 631 } 632 </pre></div><div class="separator"></div> 633 <div class="example"><pre> 634 void __attribute((ownership_returns(malloc))) *my_malloc(size_t); 635 void __attribute((ownership_holds(malloc, 1))) my_hold(void *); 636 637 void test() { 638 int *p = my_malloc(1); 639 my_hold(p); 640 free(p); // warn: attempt to free non-owned memory 641 } 642 </pre></div><div class="separator"></div> 643 <div class="example"><pre> 644 void __attribute((ownership_takes(malloc, 1))) my_free(void *); 645 646 void test() { 647 int *p = malloc(1); 648 my_free(p); 649 *p = 1; // warn: use after free 650 } 651 </pre></div></div></td></tr> 652 653 654 <tr><td><div class="namedescr expandable"><span class="name"> 655 alpha.unix.PthreadLock</span><span class="lang"> 656 (C)</span><div class="descr"> 657 Simple lock -> unlock checker; applies to:<div class=functions> 658 pthread_mutex_lock<br> 659 pthread_rwlock_rdlock<br> 660 pthread_rwlock_wrlock<br> 661 lck_mtx_lock<br> 662 lck_rw_lock_exclusive<br> 663 lck_rw_lock_shared<br> 664 pthread_mutex_trylock<br> 665 pthread_rwlock_tryrdlock<br> 666 pthread_rwlock_tryrwlock<br> 667 lck_mtx_try_lock<br> 668 lck_rw_try_lock_exclusive<br> 669 lck_rw_try_lock_shared<br> 670 pthread_mutex_unlock<br> 671 pthread_rwlock_unlock<br> 672 lck_mtx_unlock<br> 673 lck_rw_done</div></div></div></td> 674 <td><div class="exampleContainer expandable"> 675 <div class="example"><pre> 676 pthread_mutex_t mtx; 677 678 void test() { 679 pthread_mutex_lock(&mtx); 680 pthread_mutex_lock(&mtx); 681 // warn: this lock has already been acquired 682 } 683 </pre></div><div class="separator"></div> 684 <div class="example"><pre> 685 lck_mtx_t lck1, lck2; 686 687 void test() { 688 lck_mtx_lock(&lck1); 689 lck_mtx_lock(&lck2); 690 lck_mtx_unlock(&lck1); 691 // warn: this was not the most recently acquired lock 692 } 693 </pre></div><div class="separator"></div> 694 <div class="example"><pre> 695 lck_mtx_t lck1, lck2; 696 697 void test() { 698 if (lck_mtx_try_lock(&lck1) == 0) 699 return; 700 701 lck_mtx_lock(&lck2); 702 lck_mtx_unlock(&lck1); 703 // warn: this was not the most recently acquired lock 704 } 705 </pre></div></div></td></tr> 706 707 708 <tr><td><div class="namedescr expandable"><span class="name"> 709 alpha.unix.SimpleStream</span><span class="lang"> 710 (C)</span><div class="descr"> 711 Check for misuses of stream APIs:<div class=functions> 712 fopen<br> 713 fclose</div>(demo checker, the subject of the demo 714 (<a href="http://llvm.org/devmtg/2012-11/Zaks-Rose-Checker24Hours.pdf">Slides</a> 715 ,<a href="http://llvm.org/devmtg/2012-11/videos/Zaks-Rose-Checker24Hours.mp4">Video</a>) 716 by Anna Zaks and Jordan Rose presented at the <a href="http://llvm.org/devmtg/2012-11/"> 717 2012 LLVM Developers' Meeting).</a></div></div></td> 718 <td><div class="exampleContainer expandable"> 719 <div class="example"><pre> 720 void test() { 721 FILE *F = fopen("myfile.txt", "w"); 722 } // warn: opened file is never closed 723 </pre></div><div class="separator"></div> 724 <div class="example"><pre> 725 void test() { 726 FILE *F = fopen("myfile.txt", "w"); 727 728 if (F) 729 fclose(F); 730 731 fclose(F); // warn: closing a previously closed file stream 732 } 733 </pre></div></div></td></tr> 734 735 736 <tr><td><div class="namedescr expandable"><span class="name"> 737 alpha.unix.Stream</span><span class="lang"> 738 (C)</span><div class="descr"> 739 Check stream handling functions:<div class=functions>fopen<br> 740 tmpfile<br> 741 fclose<br> 742 fread<br> 743 fwrite<br> 744 fseek<br> 745 ftell<br> 746 rewind<br> 747 fgetpos<br> 748 fsetpos<br> 749 clearerr<br> 750 feof<br> 751 ferror<br> 752 fileno</div></div></div></td> 753 <td><div class="exampleContainer expandable"> 754 <div class="example"><pre> 755 void test() { 756 FILE *p = fopen("foo", "r"); 757 } // warn: opened file is never closed 758 </pre></div><div class="separator"></div> 759 <div class="example"><pre> 760 void test() { 761 FILE *p = fopen("foo", "r"); 762 fseek(p, 1, SEEK_SET); // warn: stream pointer might be NULL 763 fclose(p); 764 } 765 </pre></div><div class="separator"></div> 766 <div class="example"><pre> 767 void test() { 768 FILE *p = fopen("foo", "r"); 769 770 if (p) 771 fseek(p, 1, 3); 772 // warn: third arg should be SEEK_SET, SEEK_END, or SEEK_CUR 773 774 fclose(p); 775 } 776 </pre></div><div class="separator"></div> 777 <div class="example"><pre> 778 void test() { 779 FILE *p = fopen("foo", "r"); 780 fclose(p); 781 fclose(p); // warn: already closed 782 } 783 </pre></div><div class="separator"></div> 784 <div class="example"><pre> 785 void test() { 786 FILE *p = tmpfile(); 787 ftell(p); // warn: stream pointer might be NULL 788 fclose(p); 789 } 790 </pre></div></div></td></tr> 791 792 793 <tr><td><div class="namedescr expandable"><span class="name"> 794 alpha.unix.cstring.BufferOverlap</span><span class="lang"> 795 (C)</span><div class="descr"> 796 Checks for overlap in two buffer arguments; applies to:<div class=functions> 797 memcpy<br> 798 mempcpy</div></div></div></td> 799 <td><div class="exampleContainer expandable"> 800 <div class="example"><pre> 801 void test() { 802 int a[4] = {0}; 803 memcpy(a + 2, a + 1, 8); // warn 804 } 805 </pre></div></div></td></tr> 806 807 808 <tr><td><div class="namedescr expandable"><span class="name"> 809 alpha.unix.cstring.NotNullTerminated</span><span class="lang"> 810 (C)</span><div class="descr"> 811 Check for arguments which are not null-terminated strings; applies 812 to:<div class=functions> 813 strlen<br> 814 strnlen<br> 815 strcpy<br> 816 strncpy<br> 817 strcat<br> 818 strncat</div></div></div></td> 819 <td><div class="exampleContainer expandable"> 820 <div class="example"><pre> 821 void test() { 822 int y = strlen((char *)&test); // warn 823 } 824 </pre></div></div></td></tr> 825 826 827 <tr><td><div class="namedescr expandable"><span class="name"> 828 alpha.unix.cstring.OutOfBounds</span><span class="lang"> 829 (C)</span><div class="descr"> 830 Check for out-of-bounds access in string functions; applies 831 to:<div class=functions> 832 strncopy<br> 833 strncat</div></div></div></td> 834 <td><div class="exampleContainer expandable"> 835 <div class="example"><pre> 836 void test(char *y) { 837 char x[4]; 838 if (strlen(y) == 4) 839 strncpy(x, y, 5); // warn 840 } 841 </pre></div></div></td></tr> 842 843 </tbody></table> 844 845 </div> <!-- page --> 846 </div> <!-- content --> 847 </body> 848 </html> 849
