1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" 2 "http://www.w3.org/TR/html4/strict.dtd"> 3 <html> 4 <head> 5 <title>Available Checkers</title> 6 <link type="text/css" rel="stylesheet" href="menu.css"> 7 <link type="text/css" rel="stylesheet" href="content.css"> 8 <script type="text/javascript" src="scripts/menu.js"></script> 9 <script type="text/javascript" src="scripts/expandcollapse.js"></script> 10 <style type="text/css"> 11 tr:first-child { width:20%; } 12 </style> 13 </head> 14 <body onload="initExpandCollapse()"> 15 16 <div id="page"> 17 <!--#include virtual="menu.html.incl"--> 18 19 <div id="content"> 20 <h1>Available Checkers</h1> 21 The analyzer performs checks that are categorized into families or "checkers". The 22 default set of checkers covers a variety of checks targeted at finding security 23 and API usage bugs, dead code, and other logic errors. See the 24 <a href = "#default_checkers">Default Checkers</a> list below. In addition to 25 these, the analyzer contains a number of <a href = "alpha_checks.html"> 26 Experimental (Alpha) Checkers</a>. 27 28 <h3>Writeups with examples of some of the bugs that the analyzer finds</h3> 29 <ul> 30 <li><a href="http://www.mobileorchard.com/bug-finding-with-clang-5-resources-to-get-you-started/">Bug Finding With Clang: 5 Resources To Get You Started</a></li> 31 <li><a href="http://fruitstandsoftware.com/blog/index.php/2008/08/finding-memory-leaks-with-the-llvmclang-static-analyzer/#comment-2">Finding Memory Leaks With The LLVM/Clang Static Analyzer</a></li> 32 <li><a href="http://www.rogueamoeba.com/utm/2008/07/14/the-clang-static-analyzer/">Under the Microscope - The Clang Static Analyzer</a></li> 33 <li><a href="http://www.mikeash.com/?page=pyblog/friday-qa-2009-03-06-using-the-clang-static-analyzer.html">Mike Ash - Using the Clang Static Analyzer</a></li> 34 </ul> 35 36 <h2 id="default_checkers">Default Checkers</h2> 37 <ul> 38 <li><a href="#core_checkers">Core Checkers</a> model core language features and perform general-purpose checks such as division by zero, null pointer dereference, usage of uninitialized values, etc.</li> 39 <li><a href="#cplusplus_checkers">C++ Checkers</a> perform C++-specific checks</li> 40 <li><a href="#deadcode_checkers">Dead Code Checkers</a> check for unused code</li> 41 <li><a href="#osx_checkers">OS X Checkers</a> perform Objective-C-specific checks and check the use of Apple's SDKs (OS X and iOS)</li> 42 <li><a href="#security_checkers">Security Checkers</a> check for insecure API usage and perform checks based on the CERT Secure Coding Standards</li> 43 <li><a href="#unix_checkers">Unix Checkers</a> check the use of Unix and POSIX APIs</li> 44 </ul> 45 46 <!------------------------------------ core -----------------------------------> 47 <h3 id="core_checkers">Core Checkers</h3> 48 <table class="checkers"> 49 <colgroup><col class="namedescr"><col class="example"></colgroup> 50 <thead><tr><td>Name, Description</td><td>Example</td></tr></thead> 51 52 <tbody> 53 <tr><td><div class="namedescr expandable"><span class="name"> 54 core.CallAndMessage</span><span class="lang"> 55 (C, C++, ObjC)</span><div class="descr"> 56 Check for logical errors for function calls and Objective-C message expressions 57 (e.g., uninitialized arguments, null function pointers).</div></div></td> 58 <td><div class="exampleContainer expandable"> 59 <div class="example"><pre> 60 // C 61 struct S { 62 int x; 63 }; 64 65 void f(struct S s); 66 67 void test() { 68 struct S s; 69 f(s); // warn: passed-by-value arg contain uninitialized data 70 } 71 </pre></div> 72 <div class="example"><pre> 73 // C 74 void test() { 75 void (*foo)(void); 76 foo(); // warn: function pointer is uninitialized 77 } 78 </pre></div> 79 <div class="example"><pre> 80 // C 81 void test() { 82 void (*foo)(void); 83 foo = 0; 84 foo(); // warn: function pointer is null 85 } 86 </pre></div> 87 <div class="example"><pre> 88 // C++ 89 class C { 90 public: 91 void f(); 92 }; 93 94 void test() { 95 C *pc; 96 pc->f(); // warn: object pointer is uninitialized 97 } 98 </pre></div> 99 <div class="example"><pre> 100 // C++ 101 class C { 102 public: 103 void f(); 104 }; 105 106 void test() { 107 C *pc = 0; 108 pc->f(); // warn: object pointer is null 109 } 110 </pre></div> 111 <div class="example"><pre> 112 // Objective-C 113 @interface MyClass : NSObject 114 @property (readwrite,assign) id x; 115 - (long double)longDoubleM; 116 @end 117 118 void test() { 119 MyClass *obj1; 120 long double ld1 = [obj1 longDoubleM]; 121 // warn: receiver is uninitialized 122 } 123 </pre></div> 124 <div class="example"><pre> 125 // Objective-C 126 @interface MyClass : NSObject 127 @property (readwrite,assign) id x; 128 - (long double)longDoubleM; 129 @end 130 131 void test() { 132 MyClass *obj1; 133 id i = obj1.x; // warn: uninitialized object pointer 134 } 135 </pre></div> 136 <div class="example"><pre> 137 // Objective-C 138 @interface Subscriptable : NSObject 139 - (id)objectAtIndexedSubscript:(unsigned int)index; 140 @end 141 142 @interface MyClass : Subscriptable 143 @property (readwrite,assign) id x; 144 - (long double)longDoubleM; 145 @end 146 147 void test() { 148 MyClass *obj1; 149 id i = obj1[0]; // warn: uninitialized object pointer 150 } 151 </pre></div></div></td></tr> 152 153 154 <tr><td><div class="namedescr expandable"><span class="name"> 155 core.DivideZero</span><span class="lang"> 156 (C, C++, ObjC)</span><div class="descr"> 157 Check for division by zero.</div></div></td> 158 <td><div class="exampleContainer expandable"> 159 <div class="example"><pre> 160 void test(int z) { 161 if (z == 0) 162 int x = 1 / z; // warn 163 } 164 </pre></div> 165 <div class="example"><pre> 166 void test() { 167 int x = 1; 168 int y = x % 0; // warn 169 } 170 </pre></div></div></td></tr> 171 172 173 <tr><td><div class="namedescr expandable"><span class="name"> 174 core.NonNullParamChecker</span><span class="lang"> 175 (C, C++, ObjC)</span><div class="descr"> 176 Check for null pointers passed as arguments to a function whose arguments are 177 marked with the <code>nonnull</code> attribute.</div></div></td> 178 <td><div class="exampleContainer expandable"> 179 <div class="example"><pre> 180 int f(int *p) __attribute__((nonnull)); 181 182 void test(int *p) { 183 if (!p) 184 f(p); // warn 185 } 186 </pre></div></div></td></tr> 187 188 189 <tr><td><div class="namedescr expandable"><span class="name"> 190 core.NullDereference</span><span class="lang"> 191 (C, C++, ObjC)</span><div class="descr"> 192 Check for dereferences of null pointers.</div></div></td> 193 <td><div class="exampleContainer expandable"> 194 <div class="example"><pre> 195 // C 196 void test(int *p) { 197 if (p) 198 return; 199 200 int x = p[0]; // warn 201 } 202 </pre></div> 203 <div class="example"><pre> 204 // C 205 void test(int *p) { 206 if (!p) 207 *p = 0; // warn 208 } 209 </pre></div> 210 <div class="example"><pre> 211 // C++ 212 class C { 213 public: 214 int x; 215 }; 216 217 void test() { 218 C *pc = 0; 219 int k = pc->x; // warn 220 } 221 </pre></div> 222 <div class="example"><pre> 223 // Objective-C 224 @interface MyClass { 225 @public 226 int x; 227 } 228 @end 229 230 void test() { 231 MyClass *obj = 0; 232 obj->x = 1; // warn 233 } 234 </pre></div></div></td></tr> 235 236 237 <tr><td><div class="namedescr expandable"><span class="name"> 238 core.StackAddressEscape</span><span class="lang"> 239 (C)</span><div class="descr"> 240 Check that addresses of stack memory do not escape the function.</div></div></td> 241 <td><div class="exampleContainer expandable"> 242 <div class="example"><pre> 243 char const *p; 244 245 void test() { 246 char const str[] = "string"; 247 p = str; // warn 248 } 249 </pre></div> 250 <div class="example"><pre> 251 void* test() { 252 return __builtin_alloca(12); // warn 253 } 254 </pre></div> 255 <div class="example"><pre> 256 void test() { 257 static int *x; 258 int y; 259 x = &y; // warn 260 } 261 </pre></div></div></td></tr> 262 263 264 <tr><td><div class="namedescr expandable"><span class="name"> 265 core.UndefinedBinaryOperatorResult</span><span class="lang"> 266 (C)</span><div class="descr"> 267 Check for undefined results of binary operators.</div></div></td> 268 <td><div class="exampleContainer expandable"> 269 <div class="example"><pre> 270 void test() { 271 int x; 272 int y = x + 1; // warn: left operand is garbage 273 } 274 </pre></div></div></td></tr> 275 276 277 <tr><td><div class="namedescr expandable"><span class="name"> 278 core.VLASize</span><span class="lang"> 279 (C)</span><div class="descr"> 280 Check for declarations of VLA of undefined or zero size.</div></div></td> 281 <td><div class="exampleContainer expandable"> 282 <div class="example"><pre> 283 void test() { 284 int x; 285 int vla1[x]; // warn: garbage as size 286 } 287 </pre></div> 288 <div class="example"><pre> 289 void test() { 290 int x = 0; 291 int vla2[x]; // warn: zero size 292 } 293 </pre></div></div></td></tr> 294 295 296 <tr><td><div class="namedescr expandable"><span class="name"> 297 core.uninitialized.ArraySubscript</span><span class="lang"> 298 (C)</span><div class="descr"> 299 Check for uninitialized values used as array subscripts.</div></div></td> 300 <td><div class="exampleContainer expandable"> 301 <div class="example"><pre> 302 void test() { 303 int i, a[10]; 304 int x = a[i]; // warn: array subscript is undefined 305 } 306 </pre></div></div></td></tr> 307 308 309 <tr><td><div class="namedescr expandable"><span class="name"> 310 core.uninitialized.Assign</span><span class="lang"> 311 (C)</span><div class="descr"> 312 Check for assigning uninitialized values.</div></div></td> 313 <td><div class="exampleContainer expandable"> 314 <div class="example"><pre> 315 void test() { 316 int x; 317 x |= 1; // warn: left expression is unitialized 318 } 319 </pre></div></div></td></tr> 320 321 322 <tr><td><div class="namedescr expandable"><span class="name"> 323 core.uninitialized.Branch</span><span class="lang"> 324 (C)</span><div class="descr"> 325 Check for uninitialized values used as branch conditions.</div></div></td> 326 <td><div class="exampleContainer expandable"> 327 <div class="example"><pre> 328 void test() { 329 int x; 330 if (x) // warn 331 return; 332 } 333 </pre></div></div></td></tr> 334 335 336 <tr><td><div class="namedescr expandable"><span class="name"> 337 core.uninitialized.CapturedBlockVariable</span><span class="lang"> 338 (C)</span><div class="descr"> 339 Check for blocks that capture uninitialized values.</div></div></td> 340 <td><div class="exampleContainer expandable"> 341 <div class="example"><pre> 342 void test() { 343 int x; 344 ^{ int y = x; }(); // warn 345 } 346 </pre></div></div></td></tr> 347 348 349 <tr><td><div class="namedescr expandable"><span class="name"> 350 core.uninitialized.UndefReturn</span><span class="lang"> 351 (C)</span><div class="descr"> 352 Check for uninitialized values being returned to the caller.</div></div></td> 353 <td><div class="exampleContainer expandable"> 354 <div class="example"><pre> 355 int test() { 356 int x; 357 return x; // warn 358 } 359 </pre></div></div></td></tr> 360 361 </tbody></table> 362 363 <!------------------------------------ C++ ------------------------------------> 364 <h3 id="cplusplus_checkers">C++ Checkers</h3> 365 <table class="checkers"> 366 <colgroup><col class="namedescr"><col class="example"></colgroup> 367 <thead><tr><td>Name, Description</td><td>Example</td></tr></thead> 368 369 <tbody> 370 <tr><td><div class="namedescr expandable"><span class="name"> 371 cplusplus.NewDelete</span><span class="lang"> 372 (C++)</span><div class="descr"> 373 Check for double-free, use-after-free and offset problems involving C++ <code> 374 delete</code>.</div></div></td> 375 <td><div class="exampleContainer expandable"> 376 <div class="example"><pre> 377 void f(int *p); 378 379 void testUseMiddleArgAfterDelete(int *p) { 380 delete p; 381 f(p); // warn: use after free 382 } 383 </pre></div> 384 <div class="example"><pre> 385 class SomeClass { 386 public: 387 void f(); 388 }; 389 390 void test() { 391 SomeClass *c = new SomeClass; 392 delete c; 393 c->f(); // warn: use after free 394 } 395 </pre></div> 396 <div class="example"><pre> 397 void test() { 398 int *p = (int *)__builtin_alloca(sizeof(int)); 399 delete p; // warn: deleting memory allocated by alloca 400 } 401 </pre></div> 402 <div class="example"><pre> 403 void test() { 404 int *p = new int; 405 delete p; 406 delete p; // warn: attempt to free released 407 } 408 </pre></div> 409 <div class="example"><pre> 410 void test() { 411 int i; 412 delete &i; // warn: delete address of local 413 } 414 </pre></div> 415 <div class="example"><pre> 416 void test() { 417 int *p = new int[1]; 418 delete[] (++p); 419 // warn: argument to 'delete[]' is offset by 4 bytes 420 // from the start of memory allocated by 'new[]' 421 } 422 </pre></div></div></td></tr> 423 424 </tbody></table> 425 426 <!--------------------------------- dead code ---------------------------------> 427 <h3 id="deadcode_checkers">Dead Code Checkers</h3> 428 <table class="checkers"> 429 <colgroup><col class="namedescr"><col class="example"></colgroup> 430 <thead><tr><td>Name, Description</td><td>Example</td></tr></thead> 431 432 <tbody> 433 <tr><td><div class="namedescr expandable"><span class="name"> 434 deadcode.DeadStores</span><span class="lang"> 435 (C)</span><div class="descr"> 436 Check for values stored to variables that are never read afterwards.</div></div></td> 437 <td><div class="exampleContainer expandable"> 438 <div class="example"><pre> 439 void test() { 440 int x; 441 x = 1; // warn 442 } 443 </pre></div></div></td></tr> 444 445 </tbody></table> 446 447 <!---------------------------------- OS X ------------------------------------> 448 <h3 id="osx_checkers">OS X Checkers</h3> 449 <table class="checkers"> 450 <colgroup><col class="namedescr"><col class="example"></colgroup> 451 <thead><tr><td>Name, Description</td><td>Example</td></tr></thead> 452 453 <tbody> 454 <tr><td><div class="namedescr expandable"><span class="name"> 455 osx.API</span><span class="lang"> 456 (C)</span><div class="descr"> 457 Check for proper uses of various Apple APIs:<div class=functions> 458 dispatch_once</div></div></div></td> 459 <td><div class="exampleContainer expandable"> 460 <div class="example"><pre> 461 void test() { 462 dispatch_once_t pred = 0; 463 dispatch_once(&pred, ^(){}); // warn: dispatch_once uses local 464 } 465 </pre></div></div></td></tr> 466 467 468 <tr><td><div class="namedescr expandable"><span class="name"> 469 osx.SecKeychainAPI</span><span class="lang"> 470 (C)</span><div class="descr"> 471 Check for improper uses of the Security framework's Keychain APIs:<div class=functions> 472 SecKeychainItemCopyContent<br> 473 SecKeychainFindGenericPassword<br> 474 SecKeychainFindInternetPassword<br> 475 SecKeychainItemFreeContent<br> 476 SecKeychainItemCopyAttributesAndData<br> 477 SecKeychainItemFreeAttributesAndData</div></div></div></td> 478 <td><div class="exampleContainer expandable"> 479 <div class="example"><pre> 480 void test() { 481 unsigned int *ptr = 0; 482 UInt32 length; 483 484 SecKeychainItemFreeContent(ptr, &length); 485 // warn: trying to free data which has not been allocated 486 } 487 </pre></div> 488 <div class="example"><pre> 489 void test() { 490 unsigned int *ptr = 0; 491 UInt32 *length = 0; 492 void *outData; 493 494 OSStatus st = 495 SecKeychainItemCopyContent(2, ptr, ptr, length, outData); 496 // warn: data is not released 497 } 498 </pre></div> 499 <div class="example"><pre> 500 void test() { 501 unsigned int *ptr = 0; 502 UInt32 *length = 0; 503 void *outData; 504 505 OSStatus st = 506 SecKeychainItemCopyContent(2, ptr, ptr, length, &outData); 507 508 SecKeychainItemFreeContent(ptr, outData); 509 // warn: only call free if a non-NULL buffer was returned 510 } 511 </pre></div> 512 <div class="example"><pre> 513 void test() { 514 unsigned int *ptr = 0; 515 UInt32 *length = 0; 516 void *outData; 517 518 OSStatus st = 519 SecKeychainItemCopyContent(2, ptr, ptr, length, &outData); 520 521 st = SecKeychainItemCopyContent(2, ptr, ptr, length, &outData); 522 // warn: release data before another call to the allocator 523 524 if (st == noErr) 525 SecKeychainItemFreeContent(ptr, outData); 526 } 527 </pre></div> 528 <div class="example"><pre> 529 void test() { 530 SecKeychainItemRef itemRef = 0; 531 SecKeychainAttributeInfo *info = 0; 532 SecItemClass *itemClass = 0; 533 SecKeychainAttributeList *attrList = 0; 534 UInt32 *length = 0; 535 void *outData = 0; 536 537 OSStatus st = 538 SecKeychainItemCopyAttributesAndData(itemRef, info, 539 itemClass, &attrList, 540 length, &outData); 541 542 SecKeychainItemFreeContent(attrList, outData); 543 // warn: deallocator doesn't match the allocator 544 } 545 </pre></div></div></td></tr> 546 547 548 <tr><td><div class="namedescr expandable"><span class="name"> 549 osx.cocoa.AtSync</span><span class="lang"> 550 (ObjC)</span><div class="descr"> 551 Check for nil pointers used as mutexes for <code>@synchronized</code>.</div></div></td> 552 <td><div class="exampleContainer expandable"> 553 <div class="example"><pre> 554 void test(id x) { 555 if (!x) 556 @synchronized(x) {} // warn: nil value used as mutex 557 } 558 </pre></div> 559 <div class="example"><pre> 560 void test() { 561 id y; 562 @synchronized(y) {} // warn: uninitialized value used as mutex 563 } 564 </pre></div></div></td></tr> 565 566 567 <tr><td><div class="namedescr expandable"><span class="name"> 568 osx.cocoa.ClassRelease</span><span class="lang"> 569 (ObjC)</span><div class="descr"> 570 Check for sending <code>retain</code>, <code>release</code>, or <code> 571 autorelease</code> directly to a class.</div></div></td> 572 <td><div class="exampleContainer expandable"> 573 <div class="example"><pre> 574 @interface MyClass : NSObject 575 @end 576 577 void test(void) { 578 [MyClass release]; // warn 579 } 580 </pre></div></div></td></tr> 581 582 583 <tr><td><div class="namedescr expandable"><span class="name"> 584 osx.cocoa.IncompatibleMethodTypes</span><span class="lang"> 585 (ObjC)</span><div class="descr"> 586 Check for an incompatible type signature when overriding an Objective-C method.</div></div></td> 587 <td><div class="exampleContainer expandable"> 588 <div class="example"><pre> 589 @interface MyClass1 : NSObject 590 - (int)foo; 591 @end 592 593 @implementation MyClass1 594 - (int)foo { return 1; } 595 @end 596 597 @interface MyClass2 : MyClass1 598 - (float)foo; 599 @end 600 601 @implementation MyClass2 602 - (float)foo { return 1.0; } // warn 603 @end 604 </pre></div></div></td></tr> 605 606 607 <tr><td><div class="namedescr expandable"><span class="name"> 608 alpha.osx.cocoa.MissingSuperCall</span><span class="lang"> 609 (ObjC)</span><div class="descr"> 610 Warn about Objective-C methods that lack a necessary call to super. (Note: The 611 compiler now has a warning for methods annotated with <code>objc_requires_super</code> 612 attribute. The checker exists to check methods in the Cocoa frameworks 613 that haven't yet adopted this attribute.)</div></div></td> 614 <td><div class="example"><pre> 615 @interface Test : UIViewController 616 @end 617 @implementation test 618 - (void)viewDidLoad {} // warn 619 @end 620 </pre></div></td></tr> 621 622 623 <tr><td><div class="namedescr expandable"><span class="name"> 624 osx.cocoa.NSAutoreleasePool</span><span class="lang"> 625 (ObjC)</span><div class="descr"> 626 Warn for suboptimal uses of NSAutoreleasePool in Objective-C 627 GC mode (<code>-fobjc-gc</code> compiler option).</div></div></td> 628 <td><div class="exampleContainer expandable"> 629 <div class="example"><pre> 630 void test() { 631 NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init]; 632 [pool release]; // warn 633 } 634 </pre></div></div></td></tr> 635 636 637 <tr><td><div class="namedescr expandable"><span class="name"> 638 osx.cocoa.NSError</span><span class="lang"> 639 (ObjC)</span><div class="descr"> 640 Check usage of <code>NSError**</code> parameters.</div></div></td> 641 <td><div class="exampleContainer expandable"> 642 <div class="example"><pre> 643 @interface A : NSObject 644 - (void)foo:(NSError **)error; 645 @end 646 647 @implementation A 648 - (void)foo:(NSError **)error { 649 // warn: method accepting NSError** should have a non-void 650 // return value 651 } 652 @end 653 </pre></div> 654 <div class="example"><pre> 655 @interface A : NSObject 656 - (BOOL)foo:(NSError **)error; 657 @end 658 659 @implementation A 660 - (BOOL)foo:(NSError **)error { 661 *error = 0; // warn: potential null dereference 662 return 0; 663 } 664 @end 665 </pre></div></div></td></tr> 666 667 668 <tr><td><div class="namedescr expandable"><span class="name"> 669 osx.cocoa.NilArg</span><span class="lang"> 670 (ObjC)</span><div class="descr"> 671 Check for prohibited nil arguments in specific Objective-C method calls:<div class=functions> 672 - caseInsensitiveCompare:<br> 673 - compare:<br> 674 - compare:options:<br> 675 - compare:options:range:<br> 676 - compare:options:range:locale:<br> 677 - componentsSeparatedByCharactersInSet:<br> 678 - initWithFormat:</div></div></div></td> 679 <td><div class="exampleContainer expandable"> 680 <div class="example"><pre> 681 NSComparisonResult test(NSString *s) { 682 NSString *aString = nil; 683 return [s caseInsensitiveCompare:aString]; 684 // warn: argument to 'NSString' method 685 // 'caseInsensitiveCompare:' cannot be nil 686 } 687 </pre></div></div></td></tr> 688 689 690 <tr><td><div class="namedescr expandable"><span class="name"> 691 osx.cocoa.RetainCount</span><span class="lang"> 692 (ObjC)</span><div class="descr"> 693 Check for leaks and violations of the Cocoa Memory Management rules.</div></div></td> 694 <td><div class="exampleContainer expandable"> 695 <div class="example"><pre> 696 void test() { 697 NSString *s = [[NSString alloc] init]; // warn 698 } 699 </pre></div> 700 <div class="example"><pre> 701 CFStringRef test(char *bytes) { 702 return CFStringCreateWithCStringNoCopy( 703 0, bytes, NSNEXTSTEPStringEncoding, 0); // warn 704 } 705 </pre></div></div></td></tr> 706 707 708 <tr><td><div class="namedescr expandable"><span class="name"> 709 osx.cocoa.SelfInit</span><span class="lang"> 710 (ObjC)</span><div class="descr"> 711 Check that <code>self</code> is properly initialized inside an initializer 712 method.</div></div></td> 713 <td><div class="exampleContainer expandable"> 714 <div class="example"><pre> 715 @interface MyObj : NSObject { 716 id x; 717 } 718 - (id)init; 719 @end 720 721 @implementation MyObj 722 - (id)init { 723 [super init]; 724 x = 0; // warn: instance variable used while 'self' is not 725 // initialized 726 return 0; 727 } 728 @end 729 </pre></div> 730 <div class="example"><pre> 731 @interface MyObj : NSObject 732 - (id)init; 733 @end 734 735 @implementation MyObj 736 - (id)init { 737 [super init]; 738 return self; // warn: returning uninitialized 'self' 739 } 740 @end 741 </pre></div></div></td></tr> 742 743 744 <tr><td><div class="namedescr expandable"><span class="name"> 745 osx.cocoa.UnusedIvars</span><span class="lang"> 746 (ObjC)</span><div class="descr"> 747 Warn about private ivars that are never used.</div></div></td> 748 <td><div class="exampleContainer expandable"> 749 <div class="example"><pre> 750 @interface MyObj : NSObject { 751 @private 752 id x; // warn 753 } 754 @end 755 756 @implementation MyObj 757 @end 758 </pre></div></div></td></tr> 759 760 761 <tr><td><div class="namedescr expandable"><span class="name"> 762 osx.cocoa.VariadicMethodTypes</span><span class="lang"> 763 (ObjC)</span><div class="descr"> 764 Check for passing non-Objective-C types to variadic collection initialization 765 methods that expect only Objective-C types.</div></div></td> 766 <td><div class="exampleContainer expandable"> 767 <div class="example"><pre> 768 void test() { 769 [NSSet setWithObjects:@"Foo", "Bar", nil]; 770 // warn: argument should be an ObjC pointer type, not 'char *' 771 } 772 </pre></div></div></td></tr> 773 774 775 <tr><td><div class="namedescr expandable"><span class="name"> 776 osx.coreFoundation.CFError</span><span class="lang"> 777 (C)</span><div class="descr"> 778 Check usage of <code>CFErrorRef*</code> parameters.</div></div></td> 779 <td><div class="exampleContainer expandable"> 780 <div class="example"><pre> 781 void test(CFErrorRef *error) { 782 // warn: function accepting CFErrorRef* should have a 783 // non-void return 784 } 785 </pre></div> 786 <div class="example"><pre> 787 int foo(CFErrorRef *error) { 788 *error = 0; // warn: potential null dereference 789 return 0; 790 } 791 </pre></div></div></td></tr> 792 793 794 <tr><td><div class="namedescr expandable"><span class="name"> 795 osx.coreFoundation.CFNumber</span><span class="lang"> 796 (C)</span><div class="descr"> 797 Check for improper uses of <code>CFNumberCreate</code>.</div></div></td> 798 <td><div class="exampleContainer expandable"> 799 <div class="example"><pre> 800 CFNumberRef test(unsigned char x) { 801 return CFNumberCreate(0, kCFNumberSInt16Type, &x); 802 // warn: 8 bit integer is used to initialize a 16 bit integer 803 } 804 </pre></div></div></td></tr> 805 806 807 <tr><td><div class="namedescr expandable"><span class="name"> 808 osx.coreFoundation.CFRetainRelease</span><span class="lang"> 809 (C)</span><div class="descr"> 810 Check for null arguments to <code>CFRetain</code>, <code>CFRelease</code>, 811 <code>CFMakeCollectable</code>.</div></div></td> 812 <td><div class="exampleContainer expandable"> 813 <div class="example"><pre> 814 void test(CFTypeRef p) { 815 if (!p) 816 CFRetain(p); // warn 817 } 818 </pre></div> 819 <div class="example"><pre> 820 void test(int x, CFTypeRef p) { 821 if (p) 822 return; 823 824 CFRelease(p); // warn 825 } 826 </pre></div></div></td></tr> 827 828 829 <tr><td><div class="namedescr expandable"><span class="name"> 830 osx.coreFoundation.containers.OutOfBounds</span><span class="lang"> 831 (C)</span><div class="descr"> 832 Checks for index out-of-bounds when using <code>CFArray</code> API.</div></div></td> 833 <td><div class="exampleContainer expandable"> 834 <div class="example"><pre> 835 void test() { 836 CFArrayRef A = CFArrayCreate(0, 0, 0, &kCFTypeArrayCallBacks); 837 CFArrayGetValueAtIndex(A, 0); // warn 838 } 839 </pre></div></div></td></tr> 840 841 842 <tr><td><div class="namedescr expandable"><span class="name"> 843 osx.coreFoundation.containers.PointerSizedValues</span><span class="lang"> 844 (C)</span><div class="descr"> 845 Warns if <code>CFArray</code>, <code>CFDictionary</code>, <code>CFSet</code> are 846 created with non-pointer-size values.</div></div></td> 847 <td><div class="exampleContainer expandable"> 848 <div class="example"><pre> 849 void test() { 850 int x[] = { 1 }; 851 CFArrayRef A = CFArrayCreate(0, (const void **)x, 1, 852 &kCFTypeArrayCallBacks); // warn 853 } 854 </pre></div></div></td></tr> 855 856 </tbody></table> 857 858 <!------------------------------- security ------------------------------------> 859 <h3 id="security_checkers">Security Checkers</h3> 860 <table class="checkers"> 861 <colgroup><col class="namedescr"><col class="example"></colgroup> 862 <thead><tr><td>Name, Description</td><td>Example</td></tr></thead> 863 864 <tbody> 865 <tr><td><div class="namedescr expandable"><span class="name"> 866 security.FloatLoopCounter</span><span class="lang"> 867 (C)</span><div class="descr"> 868 Warn on using a floating point value as a loop counter (CERT: FLP30-C, 869 FLP30-CPP).</div></div></td> 870 <td><div class="exampleContainer expandable"> 871 <div class="example"><pre> 872 void test() { 873 for (float x = 0.1f; x <= 1.0f; x += 0.1f) {} // warn 874 } 875 </pre></div></div></td></tr> 876 877 878 <tr><td><div class="namedescr expandable"><span class="name"> 879 security.insecureAPI.UncheckedReturn</span><span class="lang"> 880 (C)</span><div class="descr"> 881 Warn on uses of functions whose return values must be always checked:<div class=functions> 882 setuid<br> 883 setgid<br> 884 seteuid<br> 885 setegid<br> 886 setreuid<br> 887 setregid</div></div></div></td> 888 <td><div class="exampleContainer expandable"> 889 <div class="example"><pre> 890 void test() { 891 setuid(1); // warn 892 } 893 </pre></div></div></td></tr> 894 895 896 <tr><td><div class="namedescr expandable"><span class="name"> 897 security.insecureAPI.getpw</span><span class="lang"> 898 (C)</span><div class="descr"> 899 Warn on uses of the <code>getpw</code> function.</div></div></td> 900 <td><div class="exampleContainer expandable"> 901 <div class="example"><pre> 902 void test() { 903 char buff[1024]; 904 getpw(2, buff); // warn 905 } 906 </pre></div></div></td></tr> 907 908 909 <tr><td><div class="namedescr expandable"><span class="name"> 910 security.insecureAPI.gets</span><span class="lang"> 911 (C)</span><div class="descr"> 912 Warn on uses of the <code>gets</code> function.</div></div></td> 913 <td><div class="exampleContainer expandable"> 914 <div class="example"><pre> 915 void test() { 916 char buff[1024]; 917 gets(buff); // warn 918 } 919 </pre></div></div></td></tr> 920 921 922 <tr><td><div class="namedescr expandable"><span class="name"> 923 security.insecureAPI.mkstemp</span><span class="lang"> 924 (C)</span><div class="descr"> 925 Warn when <code>mktemp</code>, <code>mkstemp</code>, <code>mkstemps</code> or 926 <code>mkdtemp</code> is passed fewer than 6 927 X's in the format string.</div></div></td> 928 <td><div class="exampleContainer expandable"> 929 <div class="example"><pre> 930 void test() { 931 mkstemp("XX"); // warn 932 } 933 </pre></div></div></td></tr> 934 935 936 <tr><td><div class="namedescr expandable"><span class="name"> 937 security.insecureAPI.mktemp</span><span class="lang"> 938 (C)</span><div class="descr"> 939 Warn on uses of the <code>mktemp</code> function.</div></div></td> 940 <td><div class="exampleContainer expandable"> 941 <div class="example"><pre> 942 void test() { 943 char *x = mktemp("/tmp/zxcv"); // warn: insecure, use mkstemp 944 } 945 </pre></div></div></td></tr> 946 947 948 <tr><td><div class="namedescr expandable"><span class="name"> 949 security.insecureAPI.rand</span><span class="lang"> 950 (C)</span><div class="descr"> 951 Warn on uses of inferior random number generating functions (only if <code>arc4random</code> 952 function is available):<div class=functions> 953 drand48<br> 954 erand48<br> 955 jrand48<br> 956 lcong48<br> 957 lrand48<br> 958 mrand48<br> 959 nrand48<br> 960 random<br> 961 rand_r</div></div></div></td> 962 <td><div class="exampleContainer expandable"> 963 <div class="example"><pre> 964 void test() { 965 random(); // warn 966 } 967 </pre></div></div></td></tr> 968 969 970 <tr><td><div class="namedescr expandable"><span class="name"> 971 security.insecureAPI.strcpy</span><span class="lang"> 972 (C)</span><div class="descr"> 973 Warn on uses of the <code>strcpy</code> and <code>strcat</code> functions.</div></div></td> 974 <td><div class="exampleContainer expandable"> 975 <div class="example"><pre> 976 void test() { 977 char x[4]; 978 char *y = "abcd"; 979 980 strcpy(x, y); // warn 981 } 982 </pre></div></div></td></tr> 983 984 985 <tr><td><div class="namedescr expandable"><span class="name"> 986 security.insecureAPI.vfork</span><span class="lang"> 987 (C)</span><div class="descr"> 988 Warn on uses of the <code>vfork</code> function.</div></div></td> 989 <td><div class="exampleContainer expandable"> 990 <div class="example"><pre> 991 void test() { 992 vfork(); // warn 993 } 994 </pre></div></div></td></tr> 995 996 </tbody></table> 997 998 <!--------------------------------- unix --------------------------------------> 999 <h3 id="unix_checkers">Unix Checkers</h3> 1000 <table class="checkers"> 1001 <colgroup><col class="namedescr"><col class="example"></colgroup> 1002 <thead><tr><td>Name, Description</td><td>Example</td></tr></thead> 1003 1004 <tbody> 1005 <tr><td><div class="namedescr expandable"><span class="name"> 1006 unix.API</span><span class="lang"> 1007 (C)</span><div class="descr"> 1008 Check calls to various UNIX/POSIX functions:<div class=functions> 1009 open<br> 1010 pthread_once<br> 1011 calloc<br> 1012 malloc<br> 1013 realloc<br> 1014 alloca<br> 1015 <td><div class="exampleContainer expandable"> 1016 <div class="example"><pre> 1017 // Currently the check is performed for apple targets only. 1018 void test(const char *path) { 1019 int fd = open(path, O_CREAT); 1020 // warn: call to 'open' requires a third argument when the 1021 // 'O_CREAT' flag is set 1022 } 1023 </pre></div> 1024 <div class="example"><pre> 1025 void f(); 1026 1027 void test() { 1028 pthread_once_t pred = {0x30B1BCBA, {0}}; 1029 pthread_once(&pred, f); 1030 // warn: call to 'pthread_once' uses the local variable 1031 } 1032 </pre></div> 1033 <div class="example"><pre> 1034 void test() { 1035 void *p = malloc(0); // warn: allocation size of 0 bytes 1036 } 1037 </pre></div> 1038 <div class="example"><pre> 1039 void test() { 1040 void *p = calloc(0, 42); // warn: allocation size of 0 bytes 1041 } 1042 </pre></div> 1043 <div class="example"><pre> 1044 void test() { 1045 void *p = malloc(1); 1046 p = realloc(p, 0); // warn: allocation size of 0 bytes 1047 } 1048 </pre></div> 1049 <div class="example"><pre> 1050 void test() { 1051 void *p = alloca(0); // warn: allocation size of 0 bytes 1052 } 1053 </pre></div> 1054 <div class="example"><pre> 1055 void test() { 1056 void *p = valloc(0); // warn: allocation size of 0 bytes 1057 } 1058 </pre></div></div></td></tr> 1059 1060 1061 <tr><td><div class="namedescr expandable"><span class="name"> 1062 unix.Malloc</span><span class="lang"> 1063 (C)</span><div class="descr"> 1064 Check for memory leaks, double free, and use-after-free and offset problems 1065 involving <code>malloc</code>.</div></div></td> 1066 <td><div class="exampleContainer expandable"> 1067 <div class="example"><pre> 1068 void test() { 1069 int *p = malloc(1); 1070 free(p); 1071 free(p); // warn: attempt to free released memory 1072 } 1073 </pre></div> 1074 <div class="example"><pre> 1075 void test() { 1076 int *p = malloc(sizeof(int)); 1077 free(p); 1078 *p = 1; // warn: use after free 1079 } 1080 </pre></div> 1081 <div class="example"><pre> 1082 void test() { 1083 int *p = malloc(1); 1084 if (p) 1085 return; // warn: memory is never released 1086 } 1087 </pre></div> 1088 <div class="example"><pre> 1089 void test() { 1090 int a[] = { 1 }; 1091 free(a); // warn: argument is not allocated by malloc 1092 } 1093 </pre></div> 1094 <div class="example"><pre> 1095 void test() { 1096 int *p = malloc(sizeof(char)); 1097 p = p - 1; 1098 free(p); // warn: argument to free() is offset by -4 bytes 1099 } 1100 </pre></div></div></td></tr> 1101 1102 1103 <tr><td><div class="namedescr expandable"><span class="name"> 1104 unix.MallocSizeof</span><span class="lang"> 1105 (C)</span><div class="descr"> 1106 Check for dubious <code>malloc</code>, <code>calloc</code> or 1107 <code>realloc</code> arguments involving <code>sizeof</code>.</div></div></td> 1108 <td><div class="exampleContainer expandable"> 1109 <div class="example"><pre> 1110 void test() { 1111 long *p = malloc(sizeof(short)); 1112 // warn: result is converted to 'long *', which is 1113 // incompatible with operand type 'short' 1114 free(p); 1115 } 1116 </pre></div></div></td></tr> 1117 1118 1119 <tr><td><div class="namedescr expandable"><span class="name"> 1120 unix.MismatchedDeallocator</span><span class="lang"> 1121 (C, C++, ObjC)</span><div class="descr"> 1122 Check for mismatched deallocators (e.g. passing a pointer allocating 1123 with <code>new</code> to <code>free()</code>).</div></div></td> 1124 <td><div class="exampleContainer expandable"> 1125 <div class="example"><pre> 1126 // C, C++ 1127 void test() { 1128 int *p = (int *)malloc(sizeof(int)); 1129 delete p; // warn 1130 } 1131 </pre></div> 1132 <div class="example"><pre> 1133 // C, C++ 1134 void __attribute((ownership_returns(malloc))) *user_malloc(size_t); 1135 1136 void test() { 1137 int *p = (int *)user_malloc(sizeof(int)); 1138 delete p; // warn 1139 } 1140 </pre></div> 1141 <div class="example"><pre> 1142 // C, C++ 1143 void test() { 1144 int *p = new int; 1145 free(p); // warn 1146 } 1147 </pre></div> 1148 <div class="example"><pre> 1149 // C, C++ 1150 void test() { 1151 int *p = new int[1]; 1152 realloc(p, sizeof(long)); // warn 1153 } 1154 </pre></div> 1155 <div class="example"><pre> 1156 // C, C++ 1157 template <typename T> 1158 struct SimpleSmartPointer { 1159 T *ptr; 1160 1161 explicit SimpleSmartPointer(T *p = 0) : ptr(p) {} 1162 ~SimpleSmartPointer() { 1163 delete ptr; // warn 1164 } 1165 }; 1166 1167 void test() { 1168 SimpleSmartPointer<int> a((int *)malloc(4)); 1169 } 1170 </pre></div> 1171 <div class="example"><pre> 1172 // C++ 1173 void test() { 1174 int *p = (int *)operator new(0); 1175 delete[] p; // warn 1176 } 1177 </pre></div> 1178 <div class="example"><pre> 1179 // Objective-C, C++ 1180 void test(NSUInteger dataLength) { 1181 int *p = new int; 1182 NSData *d = [NSData dataWithBytesNoCopy:p 1183 length:sizeof(int) freeWhenDone:1]; 1184 // warn +dataWithBytesNoCopy:length:freeWhenDone: cannot take 1185 // ownership of memory allocated by 'new' 1186 } 1187 </pre></div></div></td></tr> 1188 1189 1190 <tr><td><div class="namedescr expandable"><span class="name"> 1191 unix.cstring.BadSizeArg</span><span class="lang"> 1192 (C)</span><div class="descr"> 1193 Check the size argument passed to <code>strncat</code> for common erroneous 1194 patterns. Use <code>-Wno-strncat-size</code> compiler option to mute other 1195 <code>strncat</code>-related compiler warnings. 1196 </div></div></td> 1197 <td><div class="exampleContainer expandable"> 1198 <div class="example"><pre> 1199 void test() { 1200 char dest[3]; 1201 strncat(dest, "***", sizeof(dest)); 1202 // warn: potential buffer overflow 1203 } 1204 </pre></div></div></td></tr> 1205 1206 1207 <tr><td><div class="namedescr expandable"><span class="name"> 1208 unix.cstring.NullArg</span><span class="lang"> 1209 (C)</span><div class="descr"> 1210 Check for null pointers being passed as arguments to C string functions:<div class=functions> 1211 strlen<br> 1212 strnlen<br> 1213 strcpy<br> 1214 strncpy<br> 1215 strcat<br> 1216 strncat<br> 1217 strcmp<br> 1218 strncmp<br> 1219 strcasecmp<br> 1220 strncasecmp</div></div></div></td> 1221 <td><div class="example"><pre> 1222 int test() { 1223 return strlen(0); // warn 1224 } 1225 </pre></div></td></tr> 1226 1227 </tbody></table> 1228 1229 </div> <!-- page --> 1230 </div> <!-- content --> 1231 </body> 1232 </html> 1233
