1<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" 2 "http://www.w3.org/TR/html4/strict.dtd"> 3<html> 4<head> 5 <title>Available Checkers</title> 6 <link type="text/css" rel="stylesheet" href="menu.css"> 7 <link type="text/css" rel="stylesheet" href="content.css"> 8 <script type="text/javascript" src="scripts/menu.js"></script> 9 <script type="text/javascript" src="scripts/expandcollapse.js"></script> 10 <style type="text/css"> 11 tr:first-child { width:20%; } 12 </style> 13</head> 14<body onload="initExpandCollapse()"> 15 16<div id="page"> 17<!--#include virtual="menu.html.incl"--> 18 19<div id="content"> 20<h1>Available Checkers</h1> 21The analyzer performs checks that are categorized into families or "checkers". The 22default set of checkers covers a variety of checks targeted at finding security 23and API usage bugs, dead code, and other logic errors. See the 24<a href = "#default_checkers">Default Checkers</a> list below. In addition to 25these, the analyzer contains a number of <a href = "alpha_checks.html"> 26Experimental (Alpha) Checkers</a>. 27 28<h3>Writeups with examples of some of the bugs that the analyzer finds</h3> 29<ul> 30<li><a href="http://www.mobileorchard.com/bug-finding-with-clang-5-resources-to-get-you-started/">Bug Finding With Clang: 5 Resources To Get You Started</a></li> 31<li><a href="https://fruitstandsoftware.mrrooni.com/blog/blog/2008/08/04/finding-memory-leaks-with-the-llvmclang-static-analyzer/">Finding Memory Leaks With The LLVM/Clang Static Analyzer</a></li> 32<li><a href="https://weblog.rogueamoeba.com/2008/07/14/the-clang-static-analyzer/">Under the Microscope - The Clang Static Analyzer</a></li> 33<li><a href="https://www.mikeash.com/pyblog/friday-qa-2009-03-06-using-the-clang-static-analyzer.html">Mike Ash - Using the Clang Static Analyzer</a></li> 34</ul> 35 36<h2 id="default_checkers">Default Checkers</h2> 37<ul> 38<li><a href="#core_checkers">Core Checkers</a> model core language features and perform general-purpose checks such as division by zero, null pointer dereference, usage of uninitialized values, etc.</li> 39<li><a href="#cplusplus_checkers">C++ Checkers</a> perform C++-specific checks</li> 40<li><a href="#deadcode_checkers">Dead Code Checkers</a> check for unused code</li> 41<li><a href="#nullability_checkers">Nullability Checkers</a> </li> 42<li><a href="#optin_checkers">Optin Checkers</a> </li> 43<li><a href="#osx_checkers">OS X Checkers</a> perform Objective-C-specific checks and check the use of Apple's SDKs (OS X and iOS)</li> 44<li><a href="#security_checkers">Security Checkers</a> check for insecure API usage and perform checks based on the CERT Secure Coding Standards</li> 45<li><a href="#unix_checkers">Unix Checkers</a> check the use of Unix and POSIX APIs</li> 46</ul> 47 48<!-- =========================== core =========================== --> 49<h3 id="core_checkers">Core Checkers</h3> 50<table class="checkers"> 51<colgroup><col class="namedescr"><col class="example"></colgroup> 52<thead><tr><td>Name, Description</td><td>Example</td></tr></thead> 53 54<tbody> 55<tr><td><a id="core.CallAndMessage"><div class="namedescr expandable"><span class="name"> 56core.CallAndMessage</span><span class="lang"> 57(C, C++, ObjC)</span><div class="descr"> 58Check for logical errors for function calls and Objective-C message expressions 59(e.g., uninitialized arguments, null function pointers).</div></div></a></td> 60<td><div class="exampleContainer expandable"> 61<div class="example"><pre> 62// C 63struct S { 64 int x; 65}; 66 67void f(struct S s); 68 69void test() { 70 struct S s; 71 f(s); // warn: passed-by-value arg contain uninitialized data 72} 73</pre></div> 74<div class="example"><pre> 75// C 76void test() { 77 void (*foo)(void); 78 foo(); // warn: function pointer is uninitialized 79} 80</pre></div> 81<div class="example"><pre> 82// C 83void test() { 84 void (*foo)(void); 85 foo = 0; 86 foo(); // warn: function pointer is null 87} 88</pre></div> 89<div class="example"><pre> 90// C++ 91class C { 92public: 93 void f(); 94}; 95 96void test() { 97 C *pc; 98 pc->f(); // warn: object pointer is uninitialized 99} 100</pre></div> 101<div class="example"><pre> 102// C++ 103class C { 104public: 105 void f(); 106}; 107 108void test() { 109 C *pc = 0; 110 pc->f(); // warn: object pointer is null 111} 112</pre></div> 113<div class="example"><pre> 114// Objective-C 115@interface MyClass : NSObject 116@property (readwrite,assign) id x; 117- (long double)longDoubleM; 118@end 119 120void test() { 121 MyClass *obj1; 122 long double ld1 = [obj1 longDoubleM]; 123 // warn: receiver is uninitialized 124} 125</pre></div> 126<div class="example"><pre> 127// Objective-C 128@interface MyClass : NSObject 129@property (readwrite,assign) id x; 130- (long double)longDoubleM; 131@end 132 133void test() { 134 MyClass *obj1; 135 id i = obj1.x; // warn: uninitialized object pointer 136} 137</pre></div> 138<div class="example"><pre> 139// Objective-C 140@interface Subscriptable : NSObject 141- (id)objectAtIndexedSubscript:(unsigned int)index; 142@end 143 144@interface MyClass : Subscriptable 145@property (readwrite,assign) id x; 146- (long double)longDoubleM; 147@end 148 149void test() { 150 MyClass *obj1; 151 id i = obj1[0]; // warn: uninitialized object pointer 152} 153</pre></div></div></td></tr> 154 155 156<tr><td><a id="core.DivideZero"><div class="namedescr expandable"><span class="name"> 157core.DivideZero</span><span class="lang"> 158(C, C++, ObjC)</span><div class="descr"> 159Check for division by zero.</div></div></a>co</td> 160<td><div class="exampleContainer expandable"> 161<div class="example"><pre> 162void test(int z) { 163 if (z == 0) 164 int x = 1 / z; // warn 165} 166</pre></div> 167<div class="example"><pre> 168void test() { 169 int x = 1; 170 int y = x % 0; // warn 171} 172</pre></div></div></td></tr> 173 174 175<tr><td><a id="core.NonNullParamChecker"><div class="namedescr expandable"><span class="name"> 176core.NonNullParamChecker</span><span class="lang"> 177(C, C++, ObjC)</span><div class="descr"> 178Check for null pointers passed as arguments to a function whose arguments are 179marked with the <code>nonnull</code> attribute.</div></div></a></td> 180<td><div class="exampleContainer expandable"> 181<div class="example"><pre> 182int f(int *p) __attribute__((nonnull)); 183 184void test(int *p) { 185 if (!p) 186 f(p); // warn 187} 188</pre></div></div></td></tr> 189 190 191<tr><td><a id="core.NullDereference"><div class="namedescr expandable"><span class="name"> 192core.NullDereference</span><span class="lang"> 193(C, C++, ObjC)</span><div class="descr"> 194Check for dereferences of null pointers.</div></div></a></td> 195<td><div class="exampleContainer expandable"> 196<div class="example"><pre> 197// C 198void test(int *p) { 199 if (p) 200 return; 201 202 int x = p[0]; // warn 203} 204</pre></div> 205<div class="example"><pre> 206// C 207void test(int *p) { 208 if (!p) 209 *p = 0; // warn 210} 211</pre></div> 212<div class="example"><pre> 213// C++ 214class C { 215public: 216 int x; 217}; 218 219void test() { 220 C *pc = 0; 221 int k = pc->x; // warn 222} 223</pre></div> 224<div class="example"><pre> 225// Objective-C 226@interface MyClass { 227@public 228 int x; 229} 230@end 231 232void test() { 233 MyClass *obj = 0; 234 obj->x = 1; // warn 235} 236</pre></div></div></td></tr> 237 238 239<tr><td><a id="core.StackAddressEscape"><div class="namedescr expandable"><span class="name"> 240core.StackAddressEscape</span><span class="lang"> 241(C)</span><div class="descr"> 242Check that addresses of stack memory do not escape the function.</div></div></a></td> 243<td><div class="exampleContainer expandable"> 244<div class="example"><pre> 245char const *p; 246 247void test() { 248 char const str[] = "string"; 249 p = str; // warn 250} 251</pre></div> 252<div class="example"><pre> 253void* test() { 254 return __builtin_alloca(12); // warn 255} 256</pre></div> 257<div class="example"><pre> 258void test() { 259 static int *x; 260 int y; 261 x = &y; // warn 262} 263</pre></div></div></td></tr> 264 265 266<tr><td><a id="core.UndefinedBinaryOperatorResult"><div class="namedescr expandable"><span class="name"> 267core.UndefinedBinaryOperatorResult</span><span class="lang"> 268(C)</span><div class="descr"> 269Check for undefined results of binary operators.</div></div></a></td> 270<td><div class="exampleContainer expandable"> 271<div class="example"><pre> 272void test() { 273 int x; 274 int y = x + 1; // warn: left operand is garbage 275} 276</pre></div></div></td></tr> 277 278 279<tr><td><a id="core.VLASize"><div class="namedescr expandable"><span class="name"> 280core.VLASize</span><span class="lang"> 281(C)</span><div class="descr"> 282Check for declarations of VLA of undefined or zero size.</div></div></a></td> 283<td><div class="exampleContainer expandable"> 284<div class="example"><pre> 285void test() { 286 int x; 287 int vla1[x]; // warn: garbage as size 288} 289</pre></div> 290<div class="example"><pre> 291void test() { 292 int x = 0; 293 int vla2[x]; // warn: zero size 294} 295</pre></div></div></td></tr> 296 297 298<tr><td><a id="core.uninitialized.ArraySubscript"><div class="namedescr expandable"><span class="name"> 299core.uninitialized.ArraySubscript</span><span class="lang"> 300(C)</span><div class="descr"> 301Check for uninitialized values used as array subscripts.</div></div></a></td> 302<td><div class="exampleContainer expandable"> 303<div class="example"><pre> 304void test() { 305 int i, a[10]; 306 int x = a[i]; // warn: array subscript is undefined 307} 308</pre></div></div></td></tr> 309 310 311<tr><td><a id="core.uninitialized.Assign"><div class="namedescr expandable"><span class="name"> 312core.uninitialized.Assign</span><span class="lang"> 313(C)</span><div class="descr"> 314Check for assigning uninitialized values.</div></div></a></td> 315<td><div class="exampleContainer expandable"> 316<div class="example"><pre> 317void test() { 318 int x; 319 x |= 1; // warn: left expression is uninitialized 320} 321</pre></div></div></td></tr> 322 323 324<tr><td><a id="core.uninitialized.Branch"><div class="namedescr expandable"><span class="name"> 325core.uninitialized.Branch</span><span class="lang"> 326(C)</span><div class="descr"> 327Check for uninitialized values used as branch conditions.</div></div></a></td> 328<td><div class="exampleContainer expandable"> 329<div class="example"><pre> 330void test() { 331 int x; 332 if (x) // warn 333 return; 334} 335</pre></div></div></td></tr> 336 337 338<tr><td><a id="core.uninitialized.CapturedBlockVariable"><div class="namedescr expandable"><span class="name"> 339core.uninitialized.CapturedBlockVariable</span><span class="lang"> 340(C)</span><div class="descr"> 341Check for blocks that capture uninitialized values.</div></div></a></td> 342<td><div class="exampleContainer expandable"> 343<div class="example"><pre> 344void test() { 345 int x; 346 ^{ int y = x; }(); // warn 347} 348</pre></div></div></td></tr> 349 350 351<tr><td><a id="core.uninitialized.UndefReturn"><div class="namedescr expandable"><span class="name"> 352core.uninitialized.UndefReturn</span><span class="lang"> 353(C)</span><div class="descr"> 354Check for uninitialized values being returned to the caller.</div></div></a></td> 355<td><div class="exampleContainer expandable"> 356<div class="example"><pre> 357int test() { 358 int x; 359 return x; // warn 360} 361</pre></div></div></td></tr> 362 363</tbody></table> 364 365<!-- =========================== C++ =========================== --> 366<h3 id="cplusplus_checkers">C++ Checkers</h3> 367<table class="checkers"> 368<colgroup><col class="namedescr"><col class="example"></colgroup> 369<thead><tr><td>Name, Description</td><td>Example</td></tr></thead> 370 371<tbody> 372<tr><td><a id="cplusplus.NewDelete"><div class="namedescr expandable"><span class="name"> 373cplusplus.NewDelete</span><span class="lang"> 374(C++)</span><div class="descr"> 375Check for double-free, use-after-free and offset problems involving C++ <code> 376delete</code>.</div></div></a></td> 377<td><div class="exampleContainer expandable"> 378<div class="example"><pre> 379void f(int *p); 380 381void testUseMiddleArgAfterDelete(int *p) { 382 delete p; 383 f(p); // warn: use after free 384} 385</pre></div> 386<div class="example"><pre> 387class SomeClass { 388public: 389 void f(); 390}; 391 392void test() { 393 SomeClass *c = new SomeClass; 394 delete c; 395 c->f(); // warn: use after free 396} 397</pre></div> 398<div class="example"><pre> 399void test() { 400 int *p = (int *)__builtin_alloca(sizeof(int)); 401 delete p; // warn: deleting memory allocated by alloca 402} 403</pre></div> 404<div class="example"><pre> 405void test() { 406 int *p = new int; 407 delete p; 408 delete p; // warn: attempt to free released 409} 410</pre></div> 411<div class="example"><pre> 412void test() { 413 int i; 414 delete &i; // warn: delete address of local 415} 416</pre></div> 417<div class="example"><pre> 418void test() { 419 int *p = new int[1]; 420 delete[] (++p); 421 // warn: argument to 'delete[]' is offset by 4 bytes 422 // from the start of memory allocated by 'new[]' 423} 424</pre></div></div></td></tr> 425 426<tr><td><a id="cplusplus.NewDeleteLeaks"><div class="namedescr expandable"><span class="name"> 427cplusplus.NewDeleteLeaks</span><span class="lang"> 428(C++)</span><div class="descr"> 429Check for memory leaks. Traces memory managed by <code>new</code>/<code> 430delete</code>.</div></div></a></td> 431<td><div class="exampleContainer expandable"> 432<div class="example"><pre> 433void test() { 434 int *p = new int; 435} // warn 436</pre></div></div></td></tr> 437 438</tbody></table> 439 440<!-- =========================== dead code =========================== --> 441<h3 id="deadcode_checkers">Dead Code Checkers</h3> 442<table class="checkers"> 443<colgroup><col class="namedescr"><col class="example"></colgroup> 444<thead><tr><td>Name, Description</td><td>Example</td></tr></thead> 445 446<tbody> 447<tr><td><a id="deadcode.DeadStores"><div class="namedescr expandable"><span class="name"> 448deadcode.DeadStores</span><span class="lang"> 449(C)</span><div class="descr"> 450Check for values stored to variables that are never read afterwards.</div></div></a></td> 451<td><div class="exampleContainer expandable"> 452<div class="example"><pre> 453void test() { 454 int x; 455 x = 1; // warn 456} 457</pre></div></div></td></tr> 458 459</tbody></table> 460 461<!-- =========================== nullability =========================== --> 462<h3 id="nullability_checkers">Nullability Checkers</h3> 463<table class="checkers"> 464<colgroup><col class="namedescr"><col class="example"></colgroup> 465<thead><tr><td>Name, Description</td><td>Example</td></tr></thead> 466 467<tbody> 468<tr><td><a id="nullability.NullPassedToNonnull"><div class="namedescr expandable"><span class="name"> 469nullability.NullPassedToNonnull</span><span class="lang"> 470(ObjC)</span><div class="descr"> 471Warns when a null pointer is passed to a pointer which has a 472_Nonnull type.</div></div></a></td> 473<td><div class="exampleContainer expandable"> 474<div class="example"><pre> 475if (name != nil) 476 return; 477// Warning: nil passed to a callee that requires a non-null 1st parameter 478NSString *greeting = [@"Hello " stringByAppendingString:name]; 479</pre></div></div></td></tr> 480 481 482<tr><td><a id="nullability.NullReturnedFromNonnull"><div class="namedescr expandable"><span class="name"> 483nullability.NullReturnedFromNonnull</span><span class="lang"> 484(ObjC)</span><div class="descr"> 485Warns when a null pointer is returned from a function that has 486_Nonnull return type.</div></div></a></td> 487<td><div class="exampleContainer expandable"> 488<div class="example"><pre> 489- (nonnull id)firstChild { 490 id result = nil; 491 if ([_children count] > 0) 492 result = _children[0]; 493 494 // Warning: nil returned from a method that is expected 495 // to return a non-null value 496 return result; 497} 498</pre></div></div></td></tr> 499 500 501<tr><td><a id="nullability.NullableDereferenced"><div class="namedescr expandable"><span class="name"> 502nullability.NullableDereferenced</span><span class="lang"> 503(ObjC)</span><div class="descr"> 504Warns when a nullable pointer is dereferenced.</div></div></a></td> 505<td><div class="exampleContainer expandable"> 506<div class="example"><pre> 507struct LinkedList { 508 int data; 509 struct LinkedList *next; 510}; 511 512struct LinkedList * _Nullable getNext(struct LinkedList *l); 513 514void updateNextData(struct LinkedList *list, int newData) { 515 struct LinkedList *next = getNext(list); 516 // Warning: Nullable pointer is dereferenced 517 next->data = 7; 518} 519</pre></div></div></td></tr> 520 521 522<tr><td><a id="nullability.NullablePassedToNonnull"><div class="namedescr expandable"><span class="name"> 523nullability.NullablePassedToNonnull</span><span class="lang"> 524(ObjC)</span><div class="descr"> 525Warns when a nullable pointer is passed to a pointer which has a _Nonnull type.</div></div></a></td> 526<td><div class="exampleContainer expandable"> 527<div class="example"><pre> 528typedef struct Dummy { int val; } Dummy; 529Dummy *_Nullable returnsNullable(); 530void takesNonnull(Dummy *_Nonnull); 531 532void test() { 533 Dummy *p = returnsNullable(); 534 takesNonnull(p); // warn 535} 536</pre></div></div></td></tr> 537 538</tbody></table> 539 540<!-- =========================== optin =========================== --> 541<h3 id="optin_checkers">Optin Checkers</h3> 542<table class="checkers"> 543<colgroup><col class="namedescr"><col class="example"></colgroup> 544<thead><tr><td>Name, Description</td><td>Example</td></tr></thead> 545 546<tr><td><a id="cplusplus.UninitializedObject"><div class="namedescr expandable"><span class="name"> 547cplusplus.UninitializedObject</span><span class="lang"> 548(C++)</span><div class="descr"> 549This checker reports uninitialized fields in objects created after a constructor 550call. It doesn't only find direct uninitialized fields, but rather makes a deep 551inspection of the object, analyzing all of it's fields subfields. <br> 552The checker regards inherited fields as direct fields, so one will recieve 553warnings for uninitialized inherited data members as well. <br> 554<br> 555It has several options: 556<ul> 557 <li> 558 "<code>Pedantic</code>" (boolean). If its not set or is set to false, the 559 checker won't emit warnings for objects that don't have at least one 560 initialized field. This may be set with <br> 561 <code>-analyzer-config cplusplus.UninitializedObject:Pedantic=true</code>. 562 </li> 563 <li> 564 "<code>NotesAsWarnings</code>" (boolean). If set to true, the checker will 565 emit a warning for each uninitalized field, as opposed to emitting one 566 warning per constructor call, and listing the uninitialized fields that 567 belongs to it in notes. Defaults to false. <br> 568 <code>-analyzer-config cplusplus.UninitializedObject:NotesAsWarnings=true</code>. 569 </li> 570 <li> 571 "<code>CheckPointeeInitialization</code>" (boolean). If set to false, the 572 checker will not analyze the pointee of pointer/reference fields, and will 573 only check whether the object itself is initialized. Defaults to false. <br> 574 <code>-analyzer-config cplusplus.UninitializedObject:CheckPointeeInitialization=true</code>. 575 </li> 576 <li> 577 "<code>IgnoreRecordsWithField</code>" (string). If supplied, the checker 578 will not analyze structures that have a field with a name or type name that 579 matches the given pattern. Defaults to <code>""</code>. 580 581 <code>-analyzer-config cplusplus.UninitializedObject:IgnoreRecordsWithField="[Tt]ag|[Kk]ind"</code>. 582 </li> 583</ul></div></div></a></td> 584<td><div class="exampleContainer expandable"> 585<div class="example"><pre> 586// With Pedantic and CheckPointeeInitialization set to true 587 588struct A { 589 struct B { 590 int x; // note: uninitialized field 'this->b.x' 591 // note: uninitialized field 'this->bptr->x' 592 int y; // note: uninitialized field 'this->b.y' 593 // note: uninitialized field 'this->bptr->y' 594 }; 595 int *iptr; // note: uninitialized pointer 'this->iptr' 596 B b; 597 B *bptr; 598 char *cptr; // note: uninitialized pointee 'this->cptr' 599 600 A (B *bptr, char *cptr) : bptr(bptr), cptr(cptr) {} 601}; 602 603void f() { 604 A::B b; 605 char c; 606 A a(&b, &c); // warning: 6 uninitialized fields 607 // after the constructor call 608} 609</pre></div><div class="separator"></div> 610<div class="example"><pre> 611// With Pedantic set to false and 612// CheckPointeeInitialization set to true 613// (every field is uninitialized) 614 615struct A { 616 struct B { 617 int x; 618 int y; 619 }; 620 int *iptr; 621 B b; 622 B *bptr; 623 char *cptr; 624 625 A (B *bptr, char *cptr) : bptr(bptr), cptr(cptr) {} 626}; 627 628void f() { 629 A::B b; 630 char c; 631 A a(&b, &c); // no warning 632} 633</pre></div><div class="separator"></div> 634<div class="example"><pre> 635// With Pedantic and CheckPointeeInitialization set to false 636// (pointees are regarded as initialized) 637 638struct A { 639 struct B { 640 int x; // note: uninitialized field 'this->b.x' 641 int y; // note: uninitialized field 'this->b.y' 642 }; 643 int *iptr; // note: uninitialized pointer 'this->iptr' 644 B b; 645 B *bptr; 646 char *cptr; 647 648 A (B *bptr, char *cptr) : bptr(bptr), cptr(cptr) {} 649}; 650 651void f() { 652 A::B b; 653 char c; 654 A a(&b, &c); // warning: 3 uninitialized fields 655 // after the constructor call 656} 657</pre></div></div></td></tr> 658 659 660<tbody> 661<tr><td><a id="optin.cplusplus.VirtualCall"><div class="namedescr expandable"><span class="name"> 662optin.cplusplus.VirtualCall</span><span class="lang"> 663(C++)</span><div class="descr"> 664Check virtual member function calls during construction or 665destruction.</div></div></a></td> 666<td><div class="exampleContainer expandable"> 667<div class="example"><pre> 668class A { 669public: 670 A() { 671 f(); // warn 672 } 673 virtual void f(); 674}; 675</pre></div><div class="separator"></div> 676<div class="example"><pre> 677class A { 678public: 679 ~A() { 680 this->f(); // warn 681 } 682 virtual void f(); 683}; 684</pre></div></div></td></tr> 685 686 687<tr><td><a id="optin.mpi.MPI-Checker"><div class="namedescr expandable"><span class="name"> 688optin.mpi.MPI-Checker</span><span class="lang"> 689(C)</span><div class="descr"> 690Checks MPI code</div></div></a></td> 691<td><div class="exampleContainer expandable"> 692<div class="example"><pre> 693void test() { 694 double buf = 0; 695 MPI_Request sendReq1; 696 MPI_Ireduce(MPI_IN_PLACE, &buf, 1, MPI_DOUBLE, MPI_SUM, 697 0, MPI_COMM_WORLD, &sendReq1); 698} // warn: request 'sendReq1' has no matching wait. 699</pre></div><div class="separator"></div> 700<div class="example"><pre> 701void test() { 702 double buf = 0; 703 MPI_Request sendReq; 704 MPI_Isend(&buf, 1, MPI_DOUBLE, 0, 0, MPI_COMM_WORLD, &sendReq); 705 MPI_Irecv(&buf, 1, MPI_DOUBLE, 0, 0, MPI_COMM_WORLD, &sendReq); // warn 706 MPI_Isend(&buf, 1, MPI_DOUBLE, 0, 0, MPI_COMM_WORLD, &sendReq); // warn 707 MPI_Wait(&sendReq, MPI_STATUS_IGNORE); 708} 709</pre></div><div class="separator"></div> 710<div class="example"><pre> 711void missingNonBlocking() { 712 int rank = 0; 713 MPI_Comm_rank(MPI_COMM_WORLD, &rank); 714 MPI_Request sendReq1[10][10][10]; 715 MPI_Wait(&sendReq1[1][7][9], MPI_STATUS_IGNORE); // warn 716} 717</pre></div></div></td></tr> 718 719 720<tr><td><a id="optin.osx.cocoa.localizability.EmptyLocalizationContextChecker"><div class="namedescr expandable"><span class="name"> 721optin.osx.cocoa.localizability.EmptyLocalizationContextChecker</span><span class="lang"> 722(ObjC)</span><div class="descr"> 723Check that NSLocalizedString macros include a comment for context.</div></div></a></td> 724<td><div class="exampleContainer expandable"> 725<div class="example"><pre> 726- (void)test { 727 NSString *string = NSLocalizedString(@"LocalizedString", nil); // warn 728 NSString *string2 = NSLocalizedString(@"LocalizedString", @" "); // warn 729 NSString *string3 = NSLocalizedStringWithDefaultValue( 730 @"LocalizedString", nil, [[NSBundle alloc] init], nil,@""); // warn 731} 732</pre></div></div></td></tr> 733 734 735<tr><td><a id="optin.osx.cocoa.localizability.NonLocalizedStringChecker"><div class="namedescr expandable"><span class="name"> 736optin.osx.cocoa.localizability.NonLocalizedStringChecker</span><span class="lang"> 737(ObjC)</span><div class="descr"> 738Warns about uses of non-localized NSStrings passed to UI methods 739expecting localized NSStrings</div></div></a></td> 740<td><div class="exampleContainer expandable"> 741<div class="example"><pre> 742NSString *alarmText = 743 NSLocalizedString(@"Enabled", @"Indicates alarm is turned on"); 744if (!isEnabled) { 745 alarmText = @"Disabled"; 746} 747UILabel *alarmStateLabel = [[UILabel alloc] init]; 748 749// Warning: User-facing text should use localized string macro 750[alarmStateLabel setText:alarmText]; 751</pre></div></div></td></tr> 752 753</tbody></table> 754 755<!-- =========================== OS X =========================== --> 756<h3 id="osx_checkers">OS X Checkers</h3> 757<table class="checkers"> 758<colgroup><col class="namedescr"><col class="example"></colgroup> 759<thead><tr><td>Name, Description</td><td>Example</td></tr></thead> 760 761<tbody> 762<tr><td><a id="osx.API"><div class="namedescr expandable"><span class="name"> 763osx.API</span><span class="lang"> 764(C)</span><div class="descr"> 765Check for proper uses of various Apple APIs:<div class=functions> 766dispatch_once</div></div></div></a></td> 767<td><div class="exampleContainer expandable"> 768<div class="example"><pre> 769void test() { 770 dispatch_once_t pred = 0; 771 dispatch_once(&pred, ^(){}); // warn: dispatch_once uses local 772} 773</pre></div></div></td></tr> 774 775 776<tr><td><a id="osx.NumberObjectConversion"><div class="namedescr expandable"><span class="name"> 777osx.NumberObjectConversion</span><span class="lang"> 778(C, C++, ObjC)</span><div class="descr"> 779Check for erroneous conversions of objects representing numbers 780into numbers</div></div></a></td> 781<td><div class="exampleContainer expandable"> 782<div class="example"><pre> 783NSNumber *photoCount = [albumDescriptor objectForKey:@"PhotoCount"]; 784// Warning: Comparing a pointer value of type 'NSNumber *' 785// to a scalar integer value 786if (photoCount > 0) { 787 [self displayPhotos]; 788} 789</pre></div></div></td></tr> 790 791 792<tr><td><a id="osx.SecKeychainAPI"><div class="namedescr expandable"><span class="name"> 793osx.SecKeychainAPI</span><span class="lang"> 794(C)</span><div class="descr"> 795Check for improper uses of the Security framework's Keychain APIs:<div class=functions> 796SecKeychainItemCopyContent<br> 797SecKeychainFindGenericPassword<br> 798SecKeychainFindInternetPassword<br> 799SecKeychainItemFreeContent<br> 800SecKeychainItemCopyAttributesAndData<br> 801SecKeychainItemFreeAttributesAndData</div></div></div></a></td> 802<td><div class="exampleContainer expandable"> 803<div class="example"><pre> 804void test() { 805 unsigned int *ptr = 0; 806 UInt32 length; 807 808 SecKeychainItemFreeContent(ptr, &length); 809 // warn: trying to free data which has not been allocated 810} 811</pre></div> 812<div class="example"><pre> 813void test() { 814 unsigned int *ptr = 0; 815 UInt32 *length = 0; 816 void *outData; 817 818 OSStatus st = 819 SecKeychainItemCopyContent(2, ptr, ptr, length, outData); 820 // warn: data is not released 821} 822</pre></div> 823<div class="example"><pre> 824void test() { 825 unsigned int *ptr = 0; 826 UInt32 *length = 0; 827 void *outData; 828 829 OSStatus st = 830 SecKeychainItemCopyContent(2, ptr, ptr, length, &outData); 831 832 SecKeychainItemFreeContent(ptr, outData); 833 // warn: only call free if a non-NULL buffer was returned 834} 835</pre></div> 836<div class="example"><pre> 837void test() { 838 unsigned int *ptr = 0; 839 UInt32 *length = 0; 840 void *outData; 841 842 OSStatus st = 843 SecKeychainItemCopyContent(2, ptr, ptr, length, &outData); 844 845 st = SecKeychainItemCopyContent(2, ptr, ptr, length, &outData); 846 // warn: release data before another call to the allocator 847 848 if (st == noErr) 849 SecKeychainItemFreeContent(ptr, outData); 850} 851</pre></div> 852<div class="example"><pre> 853void test() { 854 SecKeychainItemRef itemRef = 0; 855 SecKeychainAttributeInfo *info = 0; 856 SecItemClass *itemClass = 0; 857 SecKeychainAttributeList *attrList = 0; 858 UInt32 *length = 0; 859 void *outData = 0; 860 861 OSStatus st = 862 SecKeychainItemCopyAttributesAndData(itemRef, info, 863 itemClass, &attrList, 864 length, &outData); 865 866 SecKeychainItemFreeContent(attrList, outData); 867 // warn: deallocator doesn't match the allocator 868} 869</pre></div></div></td></tr> 870 871 872<tr><td><a id="osx.cocoa.AtSync"><div class="namedescr expandable"><span class="name"> 873osx.cocoa.AtSync</span><span class="lang"> 874(ObjC)</span><div class="descr"> 875Check for nil pointers used as mutexes for <code>@synchronized</code>.</div></div></a></td> 876<td><div class="exampleContainer expandable"> 877<div class="example"><pre> 878void test(id x) { 879 if (!x) 880 @synchronized(x) {} // warn: nil value used as mutex 881} 882</pre></div> 883<div class="example"><pre> 884void test() { 885 id y; 886 @synchronized(y) {} // warn: uninitialized value used as mutex 887} 888</pre></div></div></td></tr> 889 890 891<tr><td><a id="osx.cocoa.ClassRelease"><div class="namedescr expandable"><span class="name"> 892osx.cocoa.ClassRelease</span><span class="lang"> 893(ObjC)</span><div class="descr"> 894Check for sending <code>retain</code>, <code>release</code>, or <code> 895autorelease</code> directly to a class.</div></div></a></td> 896<td><div class="exampleContainer expandable"> 897<div class="example"><pre> 898@interface MyClass : NSObject 899@end 900 901void test(void) { 902 [MyClass release]; // warn 903} 904</pre></div></div></td></tr> 905 906 907<tr><td><a id="osx.cocoa.Dealloc"><div class="namedescr expandable"><span class="name"> 908osx.cocoa.Dealloc</span><span class="lang"> 909(ObjC)</span><div class="descr"> 910Warn about Objective-C classes that lack a correct implementation 911of <code>-dealloc</code>. 912</div></div></a></td> 913<td><div class="exampleContainer expandable"> 914<div class="example"><pre> 915@interface MyObject : NSObject { 916 id _myproperty; 917} 918@end 919 920@implementation MyObject // warn: lacks 'dealloc' 921@end 922</pre></div><div class="separator"></div> 923<div class="example"><pre> 924@interface MyObject : NSObject {} 925@property(assign) id myproperty; 926@end 927 928@implementation MyObject // warn: does not send 'dealloc' to super 929- (void)dealloc { 930 self.myproperty = 0; 931} 932@end 933</pre></div><div class="separator"></div> 934<div class="example"><pre> 935@interface MyObject : NSObject { 936 id _myproperty; 937} 938@property(retain) id myproperty; 939@end 940 941@implementation MyObject 942@synthesize myproperty = _myproperty; 943 // warn: var was retained but wasn't released 944- (void)dealloc { 945 [super dealloc]; 946} 947@end 948</pre></div><div class="separator"></div> 949<div class="example"><pre> 950@interface MyObject : NSObject { 951 id _myproperty; 952} 953@property(assign) id myproperty; 954@end 955 956@implementation MyObject 957@synthesize myproperty = _myproperty; 958 // warn: var wasn't retained but was released 959- (void)dealloc { 960 [_myproperty release]; 961 [super dealloc]; 962} 963@end 964</pre></div></div></td></tr> 965 966 967<tr><td><a id="osx.cocoa.IncompatibleMethodTypes"><div class="namedescr expandable"><span class="name"> 968osx.cocoa.IncompatibleMethodTypes</span><span class="lang"> 969(ObjC)</span><div class="descr"> 970Check for an incompatible type signature when overriding an Objective-C method.</div></div></a></td> 971<td><div class="exampleContainer expandable"> 972<div class="example"><pre> 973@interface MyClass1 : NSObject 974- (int)foo; 975@end 976 977@implementation MyClass1 978- (int)foo { return 1; } 979@end 980 981@interface MyClass2 : MyClass1 982- (float)foo; 983@end 984 985@implementation MyClass2 986- (float)foo { return 1.0; } // warn 987@end 988</pre></div></div></td></tr> 989 990 991<tr><td><a id="osx.cocoa.MissingSuperCall"><div class="namedescr expandable"><span class="name"> 992osx.cocoa.MissingSuperCall</span><span class="lang"> 993(ObjC)</span><div class="descr"> 994Warn about Objective-C methods that lack a necessary call to super. (Note: The 995compiler now has a warning for methods annotated with <code>objc_requires_super</code> 996attribute. The checker exists to check methods in the Cocoa frameworks 997that haven't yet adopted this attribute.)</div></div></a></td> 998<td><div class="example"><pre> 999@interface Test : UIViewController 1000@end 1001@implementation test 1002- (void)viewDidLoad {} // warn 1003@end 1004</pre></div></td></tr> 1005 1006 1007<tr><td><a id="osx.cocoa.NSAutoreleasePool"><div class="namedescr expandable"><span class="name"> 1008osx.cocoa.NSAutoreleasePool</span><span class="lang"> 1009(ObjC)</span><div class="descr"> 1010Warn for suboptimal uses of NSAutoreleasePool in Objective-C 1011GC mode (<code>-fobjc-gc</code> compiler option).</div></div></a></td> 1012<td><div class="exampleContainer expandable"> 1013<div class="example"><pre> 1014void test() { 1015 NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init]; 1016 [pool release]; // warn 1017} 1018</pre></div></div></td></tr> 1019 1020 1021<tr><td><a id="osx.cocoa.NSError"><div class="namedescr expandable"><span class="name"> 1022osx.cocoa.NSError</span><span class="lang"> 1023(ObjC)</span><div class="descr"> 1024Check usage of <code>NSError**</code> parameters.</div></div></a></td> 1025<td><div class="exampleContainer expandable"> 1026<div class="example"><pre> 1027@interface A : NSObject 1028- (void)foo:(NSError **)error; 1029@end 1030 1031@implementation A 1032- (void)foo:(NSError **)error { 1033 // warn: method accepting NSError** should have a non-void 1034 // return value 1035} 1036@end 1037</pre></div> 1038<div class="example"><pre> 1039@interface A : NSObject 1040- (BOOL)foo:(NSError **)error; 1041@end 1042 1043@implementation A 1044- (BOOL)foo:(NSError **)error { 1045 *error = 0; // warn: potential null dereference 1046 return 0; 1047} 1048@end 1049</pre></div></div></td></tr> 1050 1051 1052<tr><td><a id="osx.cocoa.NilArg"><div class="namedescr expandable"><span class="name"> 1053osx.cocoa.NilArg</span><span class="lang"> 1054(ObjC)</span><div class="descr"> 1055Check for prohibited nil arguments in specific Objective-C method calls:<div class=functions> 1056- caseInsensitiveCompare:<br> 1057- compare:<br> 1058- compare:options:<br> 1059- compare:options:range:<br> 1060- compare:options:range:locale:<br> 1061- componentsSeparatedByCharactersInSet:<br> 1062- initWithFormat:</div></div></div></a></td> 1063<td><div class="exampleContainer expandable"> 1064<div class="example"><pre> 1065NSComparisonResult test(NSString *s) { 1066 NSString *aString = nil; 1067 return [s caseInsensitiveCompare:aString]; 1068 // warn: argument to 'NSString' method 1069 // 'caseInsensitiveCompare:' cannot be nil 1070} 1071</pre></div></div></td></tr> 1072 1073 1074<tr><td><a id="osx.cocoa.ObjCGenerics"><div class="namedescr expandable"><span class="name"> 1075osx.cocoa.ObjCGenerics</span><span class="lang"> 1076(ObjC)</span><div class="descr"> 1077Check for type errors when using Objective-C generics</div></div></a></td> 1078<td><div class="exampleContainer expandable"> 1079<div class="example"><pre> 1080NSMutableArray<NSString *> *names = [NSMutableArray array]; 1081NSMutableArray *birthDates = names; 1082 1083// Warning: Conversion from value of type 'NSDate *' 1084// to incompatible type 'NSString *' 1085[birthDates addObject: [NSDate date]]; 1086</pre></div></div></td></tr> 1087 1088 1089<tr><td><a id="osx.cocoa.RetainCount"><div class="namedescr expandable"><span class="name"> 1090osx.cocoa.RetainCount</span><span class="lang"> 1091(ObjC)</span><div class="descr"> 1092Check for leaks and violations of the Cocoa Memory Management rules.</div></div></a></td> 1093<td><div class="exampleContainer expandable"> 1094<div class="example"><pre> 1095void test() { 1096 NSString *s = [[NSString alloc] init]; // warn 1097} 1098</pre></div> 1099<div class="example"><pre> 1100CFStringRef test(char *bytes) { 1101 return CFStringCreateWithCStringNoCopy( 1102 0, bytes, NSNEXTSTEPStringEncoding, 0); // warn 1103} 1104</pre></div></div></td></tr> 1105 1106 1107<tr><td><a id="osx.cocoa.SelfInit"><div class="namedescr expandable"><span class="name"> 1108osx.cocoa.SelfInit</span><span class="lang"> 1109(ObjC)</span><div class="descr"> 1110Check that <code>self</code> is properly initialized inside an initializer 1111method.</div></div></a></td> 1112<td><div class="exampleContainer expandable"> 1113<div class="example"><pre> 1114@interface MyObj : NSObject { 1115 id x; 1116} 1117- (id)init; 1118@end 1119 1120@implementation MyObj 1121- (id)init { 1122 [super init]; 1123 x = 0; // warn: instance variable used while 'self' is not 1124 // initialized 1125 return 0; 1126} 1127@end 1128</pre></div> 1129<div class="example"><pre> 1130@interface MyObj : NSObject 1131- (id)init; 1132@end 1133 1134@implementation MyObj 1135- (id)init { 1136 [super init]; 1137 return self; // warn: returning uninitialized 'self' 1138} 1139@end 1140</pre></div></div></td></tr> 1141 1142 1143<tr><td><a id="osx.cocoa.SuperDealloc"><div class="namedescr expandable"><span class="name"> 1144osx.cocoa.SuperDealloc</span><span class="lang"> 1145(ObjC)</span><div class="descr"> 1146Warn about improper use of '[super dealloc]' in Objective-C</div></div></a></td> 1147<td><div class="exampleContainer expandable"> 1148<div class="example"><pre> 1149@interface SuperDeallocThenReleaseIvarClass : NSObject { 1150 NSObject *_ivar; 1151} 1152@end 1153 1154@implementation SuperDeallocThenReleaseIvarClass 1155- (void)dealloc { 1156 [super dealloc]; 1157 [_ivar release]; // warn 1158} 1159@end 1160</pre></div></div></td></tr> 1161 1162 1163<tr><td><a id="osx.cocoa.UnusedIvars"><div class="namedescr expandable"><span class="name"> 1164osx.cocoa.UnusedIvars</span><span class="lang"> 1165(ObjC)</span><div class="descr"> 1166Warn about private ivars that are never used.</div></div></a></td> 1167<td><div class="exampleContainer expandable"> 1168<div class="example"><pre> 1169@interface MyObj : NSObject { 1170@private 1171 id x; // warn 1172} 1173@end 1174 1175@implementation MyObj 1176@end 1177</pre></div></div></td></tr> 1178 1179 1180<tr><td><a id="osx.cocoa.VariadicMethodTypes"><div class="namedescr expandable"><span class="name"> 1181osx.cocoa.VariadicMethodTypes</span><span class="lang"> 1182(ObjC)</span><div class="descr"> 1183Check for passing non-Objective-C types to variadic collection initialization 1184methods that expect only Objective-C types.</div></div></a></td> 1185<td><div class="exampleContainer expandable"> 1186<div class="example"><pre> 1187void test() { 1188 [NSSet setWithObjects:@"Foo", "Bar", nil]; 1189 // warn: argument should be an ObjC pointer type, not 'char *' 1190} 1191</pre></div></div></td></tr> 1192 1193 1194<tr><td><a id="osx.coreFoundation.CFError"><div class="namedescr expandable"><span class="name"> 1195osx.coreFoundation.CFError</span><span class="lang"> 1196(C)</span><div class="descr"> 1197Check usage of <code>CFErrorRef*</code> parameters.</div></div></a></td> 1198<td><div class="exampleContainer expandable"> 1199<div class="example"><pre> 1200void test(CFErrorRef *error) { 1201 // warn: function accepting CFErrorRef* should have a 1202 // non-void return 1203} 1204</pre></div> 1205<div class="example"><pre> 1206int foo(CFErrorRef *error) { 1207 *error = 0; // warn: potential null dereference 1208 return 0; 1209} 1210</pre></div></div></td></tr> 1211 1212 1213<tr><td><a id="osx.coreFoundation.CFNumber"><div class="namedescr expandable"><span class="name"> 1214osx.coreFoundation.CFNumber</span><span class="lang"> 1215(C)</span><div class="descr"> 1216Check for improper uses of <code>CFNumberCreate</code>.</div></div></a></td> 1217<td><div class="exampleContainer expandable"> 1218<div class="example"><pre> 1219CFNumberRef test(unsigned char x) { 1220 return CFNumberCreate(0, kCFNumberSInt16Type, &x); 1221 // warn: 8 bit integer is used to initialize a 16 bit integer 1222} 1223</pre></div></div></td></tr> 1224 1225 1226<tr><td><a id="osx.coreFoundation.CFRetainRelease"><div class="namedescr expandable"><span class="name"> 1227osx.coreFoundation.CFRetainRelease</span><span class="lang"> 1228(C)</span><div class="descr"> 1229Check for null arguments to <code>CFRetain</code>, <code>CFRelease</code>, 1230<code>CFMakeCollectable</code>.</div></div></a></td> 1231<td><div class="exampleContainer expandable"> 1232<div class="example"><pre> 1233void test(CFTypeRef p) { 1234 if (!p) 1235 CFRetain(p); // warn 1236} 1237</pre></div> 1238<div class="example"><pre> 1239void test(int x, CFTypeRef p) { 1240 if (p) 1241 return; 1242 1243 CFRelease(p); // warn 1244} 1245</pre></div></div></td></tr> 1246 1247 1248<tr><td><a id="osx.coreFoundation.containers.OutOfBounds"><div class="namedescr expandable"><span class="name"> 1249osx.coreFoundation.containers.OutOfBounds</span><span class="lang"> 1250(C)</span><div class="descr"> 1251Checks for index out-of-bounds when using <code>CFArray</code> API.</div></div></a></td> 1252<td><div class="exampleContainer expandable"> 1253<div class="example"><pre> 1254void test() { 1255 CFArrayRef A = CFArrayCreate(0, 0, 0, &kCFTypeArrayCallBacks); 1256 CFArrayGetValueAtIndex(A, 0); // warn 1257} 1258</pre></div></div></td></tr> 1259 1260 1261<tr><td><a id="osx.coreFoundation.containers.PointerSizedValues"><div class="namedescr expandable"><span class="name"> 1262osx.coreFoundation.containers.PointerSizedValues</span><span class="lang"> 1263(C)</span><div class="descr"> 1264Warns if <code>CFArray</code>, <code>CFDictionary</code>, <code>CFSet</code> are 1265created with non-pointer-size values.</div></div></a></td> 1266<td><div class="exampleContainer expandable"> 1267<div class="example"><pre> 1268void test() { 1269 int x[] = { 1 }; 1270 CFArrayRef A = CFArrayCreate(0, (const void **)x, 1, 1271 &kCFTypeArrayCallBacks); // warn 1272} 1273</pre></div></div></td></tr> 1274 1275</tbody></table> 1276 1277<!-- =========================== security =========================== --> 1278<h3 id="security_checkers">Security Checkers</h3> 1279<table class="checkers"> 1280<colgroup><col class="namedescr"><col class="example"></colgroup> 1281<thead><tr><td>Name, Description</td><td>Example</td></tr></thead> 1282 1283<tbody> 1284<tr><td><a id="security.FloatLoopCounter"><div class="namedescr expandable"><span class="name"> 1285security.FloatLoopCounter</span><span class="lang"> 1286(C)</span><div class="descr"> 1287Warn on using a floating point value as a loop counter (CERT: FLP30-C, 1288FLP30-CPP).</div></div></a></td> 1289<td><div class="exampleContainer expandable"> 1290<div class="example"><pre> 1291void test() { 1292 for (float x = 0.1f; x <= 1.0f; x += 0.1f) {} // warn 1293} 1294</pre></div></div></td></tr> 1295 1296 1297<tr><td><a id="security.insecureAPI.UncheckedReturn"><div class="namedescr expandable"><span class="name"> 1298security.insecureAPI.UncheckedReturn</span><span class="lang"> 1299(C)</span><div class="descr"> 1300Warn on uses of functions whose return values must be always checked:<div class=functions> 1301setuid<br> 1302setgid<br> 1303seteuid<br> 1304setegid<br> 1305setreuid<br> 1306setregid</div></div></div></a></td> 1307<td><div class="exampleContainer expandable"> 1308<div class="example"><pre> 1309void test() { 1310 setuid(1); // warn 1311} 1312</pre></div></div></td></tr> 1313 1314 1315<tr><td><a id="security.insecureAPI.bcmp"><div class="namedescr expandable"><span class="name"> 1316security.insecureAPI.bcmp</span><span class="lang"> 1317(C)</span><div class="descr"> 1318Warn on uses of the <code>bcmp</code> function.</div></div></a></td> 1319<td><div class="exampleContainer expandable"> 1320<div class="example"><pre> 1321void test() { 1322 bcmp(ptr0, ptr1, n); // warn 1323} 1324</pre></div></div></td></tr> 1325 1326<tr><td><a id="security.insecureAPI.bcopy"><div class="namedescr expandable"><span class="name"> 1327security.insecureAPI.bcopy</span><span class="lang"> 1328(C)</span><div class="descr"> 1329Warn on uses of the <code>bcopy</code> function.</div></div></a></td> 1330<td><div class="exampleContainer expandable"> 1331<div class="example"><pre> 1332void test() { 1333 bcopy(src, dst, n); // warn 1334} 1335</pre></div></div></td></tr> 1336 1337<tr><td><a id="security.insecureAPI.bzero"><div class="namedescr expandable"><span class="name"> 1338security.insecureAPI.bzero</span><span class="lang"> 1339(C)</span><div class="descr"> 1340Warn on uses of the <code>bzero</code> function.</div></div></a></td> 1341<td><div class="exampleContainer expandable"> 1342<div class="example"><pre> 1343void test() { 1344 bzero(ptr, n); // warn 1345} 1346</pre></div></div></td></tr> 1347 1348 1349<tr><td><a id="security.insecureAPI.getpw"><div class="namedescr expandable"><span class="name"> 1350security.insecureAPI.getpw</span><span class="lang"> 1351(C)</span><div class="descr"> 1352Warn on uses of the <code>getpw</code> function.</div></div></a></td> 1353<td><div class="exampleContainer expandable"> 1354<div class="example"><pre> 1355void test() { 1356 char buff[1024]; 1357 getpw(2, buff); // warn 1358} 1359</pre></div></div></td></tr> 1360 1361 1362<tr><td><a id="security.insecureAPI.gets"><div class="namedescr expandable"><span class="name"> 1363security.insecureAPI.gets</span><span class="lang"> 1364(C)</span><div class="descr"> 1365Warn on uses of the <code>gets</code> function.</div></div></a></td> 1366<td><div class="exampleContainer expandable"> 1367<div class="example"><pre> 1368void test() { 1369 char buff[1024]; 1370 gets(buff); // warn 1371} 1372</pre></div></div></td></tr> 1373 1374 1375<tr><td><a id="security.insecureAPI.mkstemp"><div class="namedescr expandable"><span class="name"> 1376security.insecureAPI.mkstemp</span><span class="lang"> 1377(C)</span><div class="descr"> 1378Warn when <code>mktemp</code>, <code>mkstemp</code>, <code>mkstemps</code> or 1379<code>mkdtemp</code> is passed fewer than 6 1380X's in the format string.</div></div></a></td> 1381<td><div class="exampleContainer expandable"> 1382<div class="example"><pre> 1383void test() { 1384 mkstemp("XX"); // warn 1385} 1386</pre></div></div></td></tr> 1387 1388 1389<tr><td><a id="security.insecureAPI.mktemp"><div class="namedescr expandable"><span class="name"> 1390security.insecureAPI.mktemp</span><span class="lang"> 1391(C)</span><div class="descr"> 1392Warn on uses of the <code>mktemp</code> function.</div></div></a></td> 1393<td><div class="exampleContainer expandable"> 1394<div class="example"><pre> 1395void test() { 1396 char *x = mktemp("/tmp/zxcv"); // warn: insecure, use mkstemp 1397} 1398</pre></div></div></td></tr> 1399 1400 1401<tr><td><a id="security.insecureAPI.rand"><div class="namedescr expandable"><span class="name"> 1402security.insecureAPI.rand</span><span class="lang"> 1403(C)</span><div class="descr"> 1404Warn on uses of inferior random number generating functions (only if <code>arc4random</code> 1405function is available):<div class=functions> 1406drand48<br> 1407erand48<br> 1408jrand48<br> 1409lcong48<br> 1410lrand48<br> 1411mrand48<br> 1412nrand48<br> 1413random<br> 1414rand_r</div></div></div></a></td> 1415<td><div class="exampleContainer expandable"> 1416<div class="example"><pre> 1417void test() { 1418 random(); // warn 1419} 1420</pre></div></div></td></tr> 1421 1422 1423<tr><td><a id="security.insecureAPI.strcpy"><div class="namedescr expandable"><span class="name"> 1424security.insecureAPI.strcpy</span><span class="lang"> 1425(C)</span><div class="descr"> 1426Warn on uses of the <code>strcpy</code> and <code>strcat</code> functions.</div></div></a></td> 1427<td><div class="exampleContainer expandable"> 1428<div class="example"><pre> 1429void test() { 1430 char x[4]; 1431 char *y = "abcd"; 1432 1433 strcpy(x, y); // warn 1434} 1435</pre></div></div></td></tr> 1436 1437 1438<tr><td><a id="security.insecureAPI.vfork"><div class="namedescr expandable"><span class="name"> 1439security.insecureAPI.vfork</span><span class="lang"> 1440(C)</span><div class="descr"> 1441Warn on uses of the <code>vfork</code> function.</div></div></a></td> 1442<td><div class="exampleContainer expandable"> 1443<div class="example"><pre> 1444void test() { 1445 vfork(); // warn 1446} 1447</pre></div></div></td></tr> 1448 1449 1450<tr><td><a id="security.insecureAPI.decodeValueOfObjCType"><div class="namedescr expandable"><span class="name"> 1451security.insecureAPI.decodeValueOfObjCType</span><span class="lang"> 1452(ObjC)</span><div class="descr"> 1453Warn on uses of the <code>-[NSCoder decodeValueOfObjCType:at:]</code> method. 1454The safe alternative is <code>-[NSCoder decodeValueOfObjCType:at:size:]</code>.</div></div></a></td> 1455<td><div class="exampleContainer expandable"> 1456<div class="example"><pre> 1457void test(NSCoder *decoder) { 1458 // This would be a vulnerability on 64-bit platforms 1459 // but not on 32-bit platforms. 1460 NSUInteger x; 1461 [decoder decodeValueOfObjCType:"I" at:&x]; // warn 1462} 1463</pre></div></div></td></tr> 1464 1465</tbody></table> 1466 1467<!-- =========================== unix =========================== --> 1468<h3 id="unix_checkers">Unix Checkers</h3> 1469<table class="checkers"> 1470<colgroup><col class="namedescr"><col class="example"></colgroup> 1471<thead><tr><td>Name, Description</td><td>Example</td></tr></thead> 1472 1473<tbody> 1474<tr><td><a id="unix.API"><div class="namedescr expandable"><span class="name"> 1475unix.API</span><span class="lang"> 1476(C)</span><div class="descr"> 1477Check calls to various UNIX/POSIX functions:<div class=functions> 1478open<br> 1479pthread_once<br> 1480calloc<br> 1481malloc<br> 1482realloc<br> 1483alloca<br></a></td> 1484<td><div class="exampleContainer expandable"> 1485<div class="example"><pre> 1486// Currently the check is performed for apple targets only. 1487void test(const char *path) { 1488 int fd = open(path, O_CREAT); 1489 // warn: call to 'open' requires a third argument when the 1490 // 'O_CREAT' flag is set 1491} 1492</pre></div> 1493<div class="example"><pre> 1494void f(); 1495 1496void test() { 1497 pthread_once_t pred = {0x30B1BCBA, {0}}; 1498 pthread_once(&pred, f); 1499 // warn: call to 'pthread_once' uses the local variable 1500} 1501</pre></div> 1502<div class="example"><pre> 1503void test() { 1504 void *p = malloc(0); // warn: allocation size of 0 bytes 1505} 1506</pre></div> 1507<div class="example"><pre> 1508void test() { 1509 void *p = calloc(0, 42); // warn: allocation size of 0 bytes 1510} 1511</pre></div> 1512<div class="example"><pre> 1513void test() { 1514 void *p = malloc(1); 1515 p = realloc(p, 0); // warn: allocation size of 0 bytes 1516} 1517</pre></div> 1518<div class="example"><pre> 1519void test() { 1520 void *p = alloca(0); // warn: allocation size of 0 bytes 1521} 1522</pre></div> 1523<div class="example"><pre> 1524void test() { 1525 void *p = valloc(0); // warn: allocation size of 0 bytes 1526} 1527</pre></div></div></td></tr> 1528 1529 1530<tr><td><a id="unix.Malloc"><div class="namedescr expandable"><span class="name"> 1531unix.Malloc</span><span class="lang"> 1532(C)</span><div class="descr"> 1533Check for memory leaks, double free, and use-after-free and offset problems 1534involving <code>malloc</code>.</div></div></a></td> 1535<td><div class="exampleContainer expandable"> 1536<div class="example"><pre> 1537void test() { 1538 int *p = malloc(1); 1539 free(p); 1540 free(p); // warn: attempt to free released memory 1541} 1542</pre></div> 1543<div class="example"><pre> 1544void test() { 1545 int *p = malloc(sizeof(int)); 1546 free(p); 1547 *p = 1; // warn: use after free 1548} 1549</pre></div> 1550<div class="example"><pre> 1551void test() { 1552 int *p = malloc(1); 1553 if (p) 1554 return; // warn: memory is never released 1555} 1556</pre></div> 1557<div class="example"><pre> 1558void test() { 1559 int a[] = { 1 }; 1560 free(a); // warn: argument is not allocated by malloc 1561} 1562</pre></div> 1563<div class="example"><pre> 1564void test() { 1565 int *p = malloc(sizeof(char)); 1566 p = p - 1; 1567 free(p); // warn: argument to free() is offset by -4 bytes 1568} 1569</pre></div></div></td></tr> 1570 1571 1572<tr><td><a id="unix.MallocSizeof"><div class="namedescr expandable"><span class="name"> 1573unix.MallocSizeof</span><span class="lang"> 1574(C)</span><div class="descr"> 1575Check for dubious <code>malloc</code>, <code>calloc</code> or 1576<code>realloc</code> arguments involving <code>sizeof</code>.</div></div></a></td> 1577<td><div class="exampleContainer expandable"> 1578<div class="example"><pre> 1579void test() { 1580 long *p = malloc(sizeof(short)); 1581 // warn: result is converted to 'long *', which is 1582 // incompatible with operand type 'short' 1583 free(p); 1584} 1585</pre></div></div></td></tr> 1586 1587 1588<tr><td><a id="unix.MismatchedDeallocator"><div class="namedescr expandable"><span class="name"> 1589unix.MismatchedDeallocator</span><span class="lang"> 1590(C, C++, ObjC)</span><div class="descr"> 1591Check for mismatched deallocators (e.g. passing a pointer allocating 1592with <code>new</code> to <code>free()</code>).</div></div></a></td> 1593<td><div class="exampleContainer expandable"> 1594<div class="example"><pre> 1595// C, C++ 1596void test() { 1597 int *p = (int *)malloc(sizeof(int)); 1598 delete p; // warn 1599} 1600</pre></div> 1601<div class="example"><pre> 1602// C, C++ 1603void __attribute((ownership_returns(malloc))) *user_malloc(size_t); 1604 1605void test() { 1606 int *p = (int *)user_malloc(sizeof(int)); 1607 delete p; // warn 1608} 1609</pre></div> 1610<div class="example"><pre> 1611// C, C++ 1612void test() { 1613 int *p = new int; 1614 free(p); // warn 1615} 1616</pre></div> 1617<div class="example"><pre> 1618// C, C++ 1619void test() { 1620 int *p = new int[1]; 1621 realloc(p, sizeof(long)); // warn 1622} 1623</pre></div> 1624<div class="example"><pre> 1625// C, C++ 1626template <typename T> 1627struct SimpleSmartPointer { 1628 T *ptr; 1629 1630 explicit SimpleSmartPointer(T *p = 0) : ptr(p) {} 1631 ~SimpleSmartPointer() { 1632 delete ptr; // warn 1633 } 1634}; 1635 1636void test() { 1637 SimpleSmartPointer<int> a((int *)malloc(4)); 1638} 1639</pre></div> 1640<div class="example"><pre> 1641// C++ 1642void test() { 1643 int *p = (int *)operator new(0); 1644 delete[] p; // warn 1645} 1646</pre></div> 1647<div class="example"><pre> 1648// Objective-C, C++ 1649void test(NSUInteger dataLength) { 1650 int *p = new int; 1651 NSData *d = [NSData dataWithBytesNoCopy:p 1652 length:sizeof(int) freeWhenDone:1]; 1653 // warn +dataWithBytesNoCopy:length:freeWhenDone: cannot take 1654 // ownership of memory allocated by 'new' 1655} 1656</pre></div></div></td></tr> 1657 1658 1659<tr><td><a id="unix.Vfork"><div class="namedescr expandable"><span class="name"> 1660unix.Vfork</span><span class="lang"> 1661(C)</span><div class="descr"> 1662Check for proper usage of vfork</div></div></a></td> 1663<td><div class="exampleContainer expandable"> 1664<div class="example"><pre> 1665int test(int x) { 1666 pid_t pid = vfork(); // warn 1667 if (pid != 0) 1668 return 0; 1669 1670 switch (x) { 1671 case 0: 1672 pid = 1; 1673 execl("", "", 0); 1674 _exit(1); 1675 break; 1676 case 1: 1677 x = 0; // warn: this assignment is prohibited 1678 break; 1679 case 2: 1680 foo(); // warn: this function call is prohibited 1681 break; 1682 default: 1683 return 0; // warn: return is prohibited 1684 } 1685 1686 while(1); 1687} 1688</pre></div></div></td></tr> 1689 1690 1691<tr><td><a id="unix.cstring.BadSizeArg"><div class="namedescr expandable"><span class="name"> 1692unix.cstring.BadSizeArg</span><span class="lang"> 1693(C)</span><div class="descr"> 1694Check the size argument passed to <code>strncat</code> for common erroneous 1695patterns. Use <code>-Wno-strncat-size</code> compiler option to mute other 1696<code>strncat</code>-related compiler warnings. 1697</div></div></a></td> 1698<td><div class="exampleContainer expandable"> 1699<div class="example"><pre> 1700void test() { 1701 char dest[3]; 1702 strncat(dest, "***", sizeof(dest)); 1703 // warn: potential buffer overflow 1704} 1705</pre></div></div></td></tr> 1706 1707 1708<tr><td><a id="unix.cstring.NullArg"><div class="namedescr expandable"><span class="name"> 1709unix.cstring.NullArg</span><span class="lang"> 1710(C)</span><div class="descr"> 1711Check for null pointers being passed as arguments to C string functions:<div class=functions> 1712strlen<br> 1713strnlen<br> 1714strcpy<br> 1715strncpy<br> 1716strcat<br> 1717strncat<br> 1718strcmp<br> 1719strncmp<br> 1720strcasecmp<br> 1721strncasecmp</div></div></div></a></td> 1722<td><div class="example"><pre> 1723int test() { 1724 return strlen(0); // warn 1725} 1726</pre></div></td></tr> 1727 1728</tbody></table> 1729 1730</div> <!-- page --> 1731</div> <!-- content --> 1732</body> 1733</html> 1734