[PATCH] D53069: [analyzer][www] Update avaible_checks.html
whisperity added a comment. Let's register the ID... Superseded by https://reviews.llvm.org/D54429. https://reviews.llvm.org/D53069 ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[PATCH] D53069: [analyzer][www] Update avaible_checks.html
Szelethus abandoned this revision. Szelethus added a comment. Herald added subscribers: gamesh411, baloghadamsoftware. In https://reviews.llvm.org/D53069#1274554, @george.karpenkov wrote: > If we want to be serious about this page, it really has to be auto-generated > (like clang-tidy one), but I understand that this is a larger undertaking. Since sphinx is on the way, hopefully, let's just look for a long term solution. https://reviews.llvm.org/D53069 ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[PATCH] D53069: [analyzer][www] Update avaible_checks.html
Szelethus updated this revision to Diff 171624.
Szelethus added a comment.
Excuse my informality, but `llvm.Conventions` fell flat on its face in my eyes
(details: https://reviews.llvm.org/D53856), so I'm no longer insisting on
including it on this page.
https://reviews.llvm.org/D53069
Files:
www/analyzer/available_checks.html
Index: www/analyzer/available_checks.html
===
--- www/analyzer/available_checks.html
+++ www/analyzer/available_checks.html
@@ -43,6 +43,7 @@
OS X Checkers perform Objective-C-specific checks and check the use of Apple's SDKs (OS X and iOS)
Security Checkers check for insecure API usage and perform checks based on the CERT Secure Coding Standards
Unix Checkers check the use of Unix and POSIX APIs
+Variable Argument Checkers
@@ -369,6 +370,25 @@
Name, DescriptionExample
+
+
+
+cplusplus.InnerPointer
+(C++)
+Check for inner pointers of C++ containers used after re/deallocation.
+
+
+
+void log(const char *str);
+
+void test(int value) {
+ const char *msg = std::to_string(value).c_str();
+ // msg points to the buffer of a temporary that is now destroyed
+ log(msg); // warn: inner pointer of container used after re/deallocation
+}
+
+
+
cplusplus.NewDelete
(C++)
@@ -435,6 +455,7 @@
} // warn
+
@@ -458,6 +479,7 @@
+
Nullability Checkers
@@ -535,6 +557,21 @@
}
+
+
+nullability.NullableReturnedFromNonnull
+(ObjC)
+Warns when a nullable pointer is returned from a function that has _Nonnull return type.
+
+
+typedef struct Dummy { int val; } Dummy;
+
+Dummy *_Nonnull test(Dummy *_Nullable a) {
+ Dummy *p = a;
+ return p; // warn
+}
+
+
@@ -610,6 +647,95 @@
[alarmStateLabel setText:alarmText];
+
+
+optin.performance.GCDAntipattern
+(ObjC)
+This checker finds a common performance anti-pattern in a code that uses Grand
+Central dispatch. The anti-pattern involves emulating a synchronous call from an
+asynchronous API using semaphores, as in the snippet below, where the
+requestCurrentTaskName function makes an XPC call and then uses the
+semaphore to block until the XPC call returns (example 1.).
+Usage of such a pattern in production code running on the main thread is
+discouraged, as the main queue gets blocked waiting for the background queue,
+which could be running at a lower priority, and unnecessary threads are spawned
+in the process.
+In order to avoid the anti-pattern, the available alternatives are:
+
+ Use the synchronous version of the API, if available (as seen on example
+ 2.)
+ Alternatively, the API can be used in the asynchronous way.
+
+
+
+
+// Example 1.
++ (NSString *)requestCurrentTaskName {
+__block NSString *taskName = nil;
+dispatch_semaphore_t sema = dispatch_semaphore_create(0);
+NSXPCConnection *connection = [[NSXPCConnection alloc] initWithServiceName:@"MyConnection"];
+id remoteObjectProxy = connection.remoteObjectProxy;
+[remoteObjectProxy requestCurrentTaskName:^(NSString *task) {
+taskName = task;
+dispatch_semaphore_signal(sema);
+}];
+dispatch_semaphore_wait(sema, DISPATCH_TIME_FOREVER);
+return taskName;
+}
+
+
+// Example 2.
++ (NSString *)requestCurrentTaskName {
+__block NSString *taskName = nil;
+NSXPCConnection *connection = [[NSXPCConnection alloc] initWithServiceName:@"MyConnection"];
+id remoteObjectProxy = [connection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *error) {
+ NSLog(@"Error = %@", error);
+
+}];
+[remoteObjectProxy requestCurrentTaskName:^(NSString *task) {
+taskName = task;
+}];
+return taskName;
+}
+
+
+
+
+optin.performance.Padding
+(C)
+Check for excessively padded structs.
+
+
+
+class PaddedA { // warn: excessive padding
+ char c1;
+ int i;
+ char c2;
+};
+
+
+
+
+optin.portability.UnixAPI
+(C)
+Finds implementation-defined behavior in UNIX/Posix functions.
+
+calloc
+malloc
+realloc
+reallocf
+alloca, __builtin_alloca
+__builtin_alloca_with_align
+valloc
+
+
+
+void *f(int n) {
+ return malloc(n * 0 * sizeof(int)); // warn: Call to 'malloc' has an
+ // allocation size of 0 bytes
+}
+
+
@@ -649,6 +775,9 @@
+
+
+
osx.SecKeychainAPI
(C)
@@ -732,7 +861,8 @@
osx.cocoa.AtSync
(ObjC)
-Check for nil pointers used as mutexes for @synchronized.
+Check for nil pointers used as mutexes for @synchronized.
+
void test(id x) {
@@ -748,6 +878,38 @@
+
+osx.cocoa.AutoreleaseWrite
+(ObjC)
+Under ARC, function parameters which are pointers to pointers (e.g.
+NSError **) are __autoreleasing. Writing to such
+parameters inside autoreleasing pools might crash whenever the parameter
+outlives the pool. Detecting such crashes may be difficult, as usage of
+autorelease pool is usually hidden inside the called functions implementation.
+
+
+
+BOOL writeToErrorWithIterator(NSError *__autoreleasing* error, NSArray *a) { [a
[PATCH] D53069: [analyzer][www] Update avaible_checks.html
Szelethus marked 2 inline comments as done. Szelethus added inline comments. Comment at: www/analyzer/available_checks.html:1119 + + + george.karpenkov wrote: > Top of the checker file has a somewhat reasonable description: > > // A checker for detecting leaks resulting from allocating temporary > // autoreleased objects before starting the main run loop. > // > // Checks for two antipatterns: > // 1. ObjCMessageExpr followed by [[NSRunLoop mainRunLoop] run] in the same > // autorelease pool. > // 2. ObjCMessageExpr followed by [[NSRunLoop mainRunLoop] run] in no > // autorelease pool. > // > // Any temporary objects autoreleased in code called in those expressions > // will not be deallocated until the program exits, and are effectively leaks. > Should be come up with an example for this one too then? https://reviews.llvm.org/D53069 ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[PATCH] D53069: [analyzer][www] Update avaible_checks.html
george.karpenkov requested changes to this revision. george.karpenkov added a comment. This revision now requires changes to proceed. Good to go provided you will add an example. If we want to be serious about this page, it really has to be auto-generated (like clang-tidy one), but I understand that this is a larger undertaking. Comment at: www/analyzer/available_checks.html:496 + + + Szelethus wrote: > george.karpenkov wrote: > > If we don't have a description, let's just drop it. > I added a description, I'd strongly prefer keeping this in. Also would need a short example. Usually one can be found in tests. https://reviews.llvm.org/D53069 ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[PATCH] D53069: [analyzer][www] Update avaible_checks.html
Szelethus marked 14 inline comments as done. Szelethus added inline comments. Comment at: www/analyzer/available_checks.html:459 + george.karpenkov wrote: > Spurious newline Actually, in this section of the code, entries are separated with 2 newlines. But it's not super consistent. Comment at: www/analyzer/available_checks.html:496 + + + george.karpenkov wrote: > If we don't have a description, let's just drop it. I added a description, I'd strongly prefer keeping this in. https://reviews.llvm.org/D53069 ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[PATCH] D53069: [analyzer][www] Update avaible_checks.html
Szelethus updated this revision to Diff 170920.
Szelethus edited the summary of this revision.
https://reviews.llvm.org/D53069
Files:
www/analyzer/available_checks.html
Index: www/analyzer/available_checks.html
===
--- www/analyzer/available_checks.html
+++ www/analyzer/available_checks.html
@@ -38,11 +38,13 @@
Core Checkers model core language features and perform general-purpose checks such as division by zero, null pointer dereference, usage of uninitialized values, etc.
C++ Checkers perform C++-specific checks
Dead Code Checkers check for unused code
+LLVM Checkers for LLVM developers
Nullability Checkers
Optin Checkers
OS X Checkers perform Objective-C-specific checks and check the use of Apple's SDKs (OS X and iOS)
Security Checkers check for insecure API usage and perform checks based on the CERT Secure Coding Standards
Unix Checkers check the use of Unix and POSIX APIs
+Variable Argument Checkers
@@ -369,6 +371,25 @@
Name, DescriptionExample
+
+
+
+cplusplus.InnerPointer
+(C++)
+Check for inner pointers of C++ containers used after re/deallocation.
+
+
+
+void log(const char *str);
+
+void test(int value) {
+ const char *msg = std::to_string(value).c_str();
+ // msg points to the buffer of a temporary that is now destroyed
+ log(msg); // warn: inner pointer of container used after re/deallocation
+}
+
+
+
cplusplus.NewDelete
(C++)
@@ -435,6 +456,7 @@
} // warn
+
@@ -458,6 +480,31 @@
+
+LLVM Checkers
+
+
+Name, DescriptionExample
+
+
+
+llvm.Conventions
+(C)
+Check code for LLVM codebase conventions:
+
+ A StringRef should not be bound to a temporary std::string
+ whose lifetime is shorter than the StringRef's.
+ Clang AST nodes should not have fields that can allocate memory.
+
+
+
+
+
+
+
+
+
+
Nullability Checkers
@@ -535,6 +582,21 @@
}
+
+
+nullability.NullableReturnedFromNonnull
+(ObjC)
+Warns when a nullable pointer is returned from a function that has _Nonnull return type.
+
+
+typedef struct Dummy { int val; } Dummy;
+
+Dummy *_Nonnull test(Dummy *_Nullable a) {
+ Dummy *p = a;
+ return p; // warn
+}
+
+
@@ -610,6 +672,95 @@
[alarmStateLabel setText:alarmText];
+
+
+optin.performance.GCDAntipattern
+(ObjC)
+This checker finds a common performance anti-pattern in a code that uses Grand
+Central dispatch. The anti-pattern involves emulating a synchronous call from an
+asynchronous API using semaphores, as in the snippet below, where the
+requestCurrentTaskName function makes an XPC call and then uses the
+semaphore to block until the XPC call returns (example 1.).
+Usage of such a pattern in production code running on the main thread is
+discouraged, as the main queue gets blocked waiting for the background queue,
+which could be running at a lower priority, and unnecessary threads are spawned
+in the process.
+In order to avoid the anti-pattern, the available alternatives are:
+
+ Use the synchronous version of the API, if available (as seen on example
+ 2.)
+ Alternatively, the API can be used in the asynchronous way.
+
+
+
+
+// Example 1.
++ (NSString *)requestCurrentTaskName {
+__block NSString *taskName = nil;
+dispatch_semaphore_t sema = dispatch_semaphore_create(0);
+NSXPCConnection *connection = [[NSXPCConnection alloc] initWithServiceName:@"MyConnection"];
+id remoteObjectProxy = connection.remoteObjectProxy;
+[remoteObjectProxy requestCurrentTaskName:^(NSString *task) {
+taskName = task;
+dispatch_semaphore_signal(sema);
+}];
+dispatch_semaphore_wait(sema, DISPATCH_TIME_FOREVER);
+return taskName;
+}
+
+
+// Example 2.
++ (NSString *)requestCurrentTaskName {
+__block NSString *taskName = nil;
+NSXPCConnection *connection = [[NSXPCConnection alloc] initWithServiceName:@"MyConnection"];
+id remoteObjectProxy = [connection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *error) {
+ NSLog(@"Error = %@", error);
+
+}];
+[remoteObjectProxy requestCurrentTaskName:^(NSString *task) {
+taskName = task;
+}];
+return taskName;
+}
+
+
+
+
+optin.performance.Padding
+(C)
+Check for excessively padded structs.
+
+
+
+class PaddedA { // warn: excessive padding
+ char c1;
+ int i;
+ char c2;
+};
+
+
+
+
+optin.portability.UnixAPI
+(C)
+Finds implementation-defined behavior in UNIX/Posix functions.
+
+calloc
+malloc
+realloc
+reallocf
+alloca, __builtin_alloca
+__builtin_alloca_with_align
+valloc
+
+
+
+void *f(int n) {
+ return malloc(n * 0 * sizeof(int)); // warn: Call to 'malloc' has an
+ // allocation size of 0 bytes
+}
+
+
@@ -649,6 +800,9 @@
+
+
+
osx.SecKeychainAPI
(C)
@@ -732,7 +886,8 @@
osx.cocoa.AtSync
(ObjC)
-Check for nil pointers used as mutexes for @synchronized.
+Check for nil pointers used as mutexes for @synchronized.
+
void test(id x) {
@@ -749,6 +904,38 @@
[PATCH] D53069: [analyzer][www] Update avaible_checks.html
george.karpenkov requested changes to this revision.
george.karpenkov added inline comments.
This revision now requires changes to proceed.
Comment at: www/analyzer/available_checks.html:459
+
Spurious newline
Comment at: www/analyzer/available_checks.html:496
+
+
+
If we don't have a description, let's just drop it.
Comment at: www/analyzer/available_checks.html:677
+
+void use_semaphor_antipattern() {
+ dispatch_semaphore_t sema = dispatch_semaphore_create(0);
I have a longer description:
This checker finds a common performance anti-pattern in a code that uses Grand
Central dispatch.
The anti-pattern involves emulating a synchronous call from an asynchronous API
using semaphores,
as in the snippet below, where the `requestCurrentTaskName` function makes an
XPC call and then uses the semaphore to
block until the XPC call returns:
```
+ (NSString *)requestCurrentTaskName {
__block NSString *taskName = nil;
dispatch_semaphore_t sema = dispatch_semaphore_create(0);
NSXPCConnection *connection = [[NSXPCConnection alloc]
initWithServiceName:@"MyConnection"];
id remoteObjectProxy = connection.remoteObjectProxy;
[remoteObjectProxy requestCurrentTaskName:^(NSString *task) {
taskName = task;
dispatch_semaphore_signal(sema);
}];
dispatch_semaphore_wait(sema, DISPATCH_TIME_FOREVER);
return taskName;
}
```
Usage of such a pattern in production code running on the main thread is
discouraged, as the main queue gets blocked waiting for the background queue,
which could be running at a lower priority, and unnecessary threads are spawned
in the process.
In order to avoid the anti-pattern, the available alternatives are:
- Use the synchronous version of the API, if available.
In the example above, the synchronous XPC proxy object can be used:
```
+ (NSString *)requestCurrentTaskName {
__block NSString *taskName = nil;
NSXPCConnection *connection = [[NSXPCConnection alloc]
initWithServiceName:@"MyConnection"];
id remoteObjectProxy = [connection
synchronousRemoteObjectProxyWithErrorHandler:^(NSError *error) {
NSLog(@"Error = %@", error);
}];
[remoteObjectProxy requestCurrentTaskName:^(NSString *task) {
taskName = task;
}];
return taskName;
}
```
- Alternatively, the API can be used in the asynchronous way.
Comment at: www/analyzer/available_checks.html:768
+Check for proper uses of Objective-C properties
+
+
If we don't have proper description, let's drop.
Comment at: www/analyzer/available_checks.html:877
+(ObjC)
+Warn about potentially crashing writes to autoreleasing objects from different
+autoreleasing pools in Objective-C.
I have a longer description:
Under ARC, function parameters which are pointers to pointers (e.g. NSError**)
are `__autoreleasing`.
Writing to such parameters inside autoreleasing pools might crash whenever the
parameter outlives the pool. Detecting such crashes may be difficult, as usage
of autorelease pool is usually hidden inside the called functions
implementation. Examples include:
```
BOOL writeToErrorWithIterator(NSError *__autoreleasing* error, NSArray *a) { [a
enumerateObjectsUsingBlock:^{
*error = [NSError errorWithDomain:1];
}];
}
```
and
```
BOOL writeToErrorInBlockFromCFunc(NSError *__autoreleasing* error) {
dispatch_semaphore_t sem = dispatch_semaphore_create(0l);
dispatch_async(queue, ^{
if (error) {
*error = [NSError errorWithDomain:1];
}
dispatch_semaphore_signal(sem);
});
dispatch_semaphore_wait(sem, 100);
return 0;
}
```
Comment at: www/analyzer/available_checks.html:1071
+(ObjC)
+Model the APIs that are guaranteed to return a non-nil value.
+
Probably should be dropped.
Comment at: www/analyzer/available_checks.html:1119
+
+
+
Top of the checker file has a somewhat reasonable description:
// A checker for detecting leaks resulting from allocating temporary
// autoreleased objects before starting the main run loop.
//
// Checks for two antipatterns:
// 1. ObjCMessageExpr followed by [[NSRunLoop mainRunLoop] run] in the same
// autorelease pool.
// 2. ObjCMessageExpr followed by [[NSRunLoop mainRunLoop] run] in no
// autorelease pool.
//
// Any temporary objects autoreleased in code called in those expressions
// will not be deallocated until the program exits, and are effectively leaks.
https://reviews.llvm.org/D53069
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[PATCH] D53069: [analyzer][www] Update avaible_checks.html
NoQ accepted this revision. NoQ added a comment. I guess maybe let's skip stuff without examples and leave Objective-C descriptions waiting on us? Comment at: www/analyzer/available_checks.html:483 + +LLVM Checkers Wow, i never noticed this one. It seems to contain a syntactic (local) check for the `StringRef` problem. https://reviews.llvm.org/D53069 ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[PATCH] D53069: [analyzer][www] Update avaible_checks.html
george.karpenkov added a comment. Herald added a subscriber: dkrupp. @Szelethus Also you have without a doubt noticed that a "Download" section on the index page could be improved :P https://reviews.llvm.org/D53069 ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[PATCH] D53069: [analyzer][www] Update avaible_checks.html
Szelethus updated this revision to Diff 169342.
Szelethus edited the summary of this revision.
Szelethus added a comment.
- Removed osx.cocoa.Loops, will be placed in implicit_checks.html
I still didn't add more description to objc checkers for the reasons stated
above.
https://reviews.llvm.org/D53069
Files:
www/analyzer/available_checks.html
Index: www/analyzer/available_checks.html
===
--- www/analyzer/available_checks.html
+++ www/analyzer/available_checks.html
@@ -38,11 +38,13 @@
Core Checkers model core language features and perform general-purpose checks such as division by zero, null pointer dereference, usage of uninitialized values, etc.
C++ Checkers perform C++-specific checks
Dead Code Checkers check for unused code
+LLVM Checkers for LLVM developers
Nullability Checkers
Optin Checkers
OS X Checkers perform Objective-C-specific checks and check the use of Apple's SDKs (OS X and iOS)
Security Checkers check for insecure API usage and perform checks based on the CERT Secure Coding Standards
Unix Checkers check the use of Unix and POSIX APIs
+Variable Argument Checkers
@@ -369,6 +371,25 @@
Name, DescriptionExample
+
+
+
+cplusplus.InnerPointer
+(C++)
+Check for inner pointers of C++ containers used after re/deallocation.
+
+
+
+void log(const char *str);
+
+void test(int value) {
+ const char *msg = std::to_string(value).c_str();
+ // msg points to the buffer of a temporary that is now destroyed
+ log(msg); // warn: inner pointer of container used after re/deallocation
+}
+
+
+
cplusplus.NewDelete
(C++)
@@ -435,6 +456,7 @@
} // warn
+
@@ -458,6 +480,25 @@
+
+LLVM Checkers
+
+
+Name, DescriptionExample
+
+
+
+llvm.Conventions
+(C)
+Check code for LLVM codebase conventions.
+
+
+
+
+
+
+
+
Nullability Checkers
@@ -535,6 +576,21 @@
}
+
+
+nullability.NullableReturnedFromNonnull
+(ObjC)
+Warns when a nullable pointer is returned from a function that has _Nonnull return type.
+
+
+typedef struct Dummy { int val; } Dummy;
+
+Dummy *_Nonnull test(Dummy *_Nullable a) {
+ Dummy *p = a;
+ return p; // warn
+}
+
+
@@ -610,6 +666,62 @@
[alarmStateLabel setText:alarmText];
+
+
+optin.performance.GCDAntipattern
+(ObjC)
+Check for performance anti-patterns when using Grand Central Dispatch.
+
+
+
+void use_semaphor_antipattern() {
+ dispatch_semaphore_t sema = dispatch_semaphore_create(0);
+
+ func(^{
+ dispatch_semaphore_signal(sema);
+ });
+ dispatch_semaphore_wait(sema, 100); // warn: waiting on a callback using a
+ // semaphore
+}
+
+
+
+
+optin.performance.Padding
+(C)
+Check for excessively padded structs.
+
+
+
+class PaddedA { // warn: excessive padding
+ char c1;
+ int i;
+ char c2;
+};
+
+
+
+
+optin.portability.UnixAPI
+(C)
+Finds implementation-defined behavior in UNIX/Posix functions.
+
+calloc
+malloc
+realloc
+reallocf
+alloca, __builtin_alloca
+__builtin_alloca_with_align
+valloc
+
+
+
+void *f(int n) {
+ return malloc(n * 0 * sizeof(int)); // warn: Call to 'malloc' has an
+ // allocation size of 0 bytes
+}
+
+
@@ -649,6 +761,16 @@
+
+osx.ObjCProperty
+(ObjC)
+Check for proper uses of Objective-C properties
+
+
+
+
+
+
osx.SecKeychainAPI
(C)
@@ -732,7 +854,8 @@
osx.cocoa.AtSync
(ObjC)
-Check for nil pointers used as mutexes for @synchronized.
+Check for nil pointers used as mutexes for @synchronized.
+
void test(id x) {
@@ -748,6 +871,17 @@
+
+osx.cocoa.AutoreleaseWrite
+(ObjC)
+Warn about potentially crashing writes to autoreleasing objects from different
+autoreleasing pools in Objective-C.
+
+
+
+
+
+
osx.cocoa.ClassRelease
(ObjC)
@@ -931,6 +1065,17 @@
+
+osx.cocoa.NonNilReturnValue
+(ObjC)
+Model the APIs that are guaranteed to return a non-nil value.
+
+
+
+
+
+
+
osx.cocoa.ObjCGenerics
(ObjC)
@@ -964,6 +1109,17 @@
+
+osx.cocoa.RunLoopAutoreleaseLeak
+(ObjC)
+Check for leaked memory in autorelease pools that will never be drained.
+
+
+
+
+
+
+
osx.cocoa.SelfInit
(ObjC)
@@ -1571,6 +1727,74 @@
+
+
+Variable Argument Checkers
+
+
+Name, DescriptionExample
+
+
+
+valist.CopyToSelf
+(C)
+Calls to the va_copy macro should not copy onto itself.
+
+
+#include stdarg.h
+
+void test(int x, ...) {
+ va_list args;
+ va_start(args, x);
+ va_copy(args, args); // warn
+ va_end(args);
+}
+
+
+
+valist.Uninitialized
+(C)
+Calls to the va_arg, va_copy, or
+va_end macro must happen after calling va_start and
+before calling va_end.
+
+
+#include stdarg.h
+
+void test(int x, ...) {
+ va_list args;
+ int y = va_arg(args, int); // warn
+}
+
+
+#include stdarg.h
+
+void test(int x, ...) {
+ va_list args;
+ va_start(args, x);
+ va_end(args);
+ int z = va_arg(args, int); // warn
+}
+
+
+
+valist.Unterminated
+(C)
+Every va_start must be matched by a va_end. A va_list
+can only be ended once.
+
+
+#include
[PATCH] D53069: [analyzer][www] Update avaible_checks.html
Szelethus added a comment. Well, the reason why I didn't add tests for these, is that I know so little of ObjC, I am not even sure when a test case begins and ends. I could go ahead and google something about the language, but for a site that advertises to find bugs, maybe someone with more expertise should do the explanation. Can someone fill those couple bits in? I tried, but fell flat on my face. Comment at: www/analyzer/available_checks.html:770 +(ObjC) +Check for proper uses of Objective-C properties + george.karpenkov wrote: > `proper uses` is not particularly descriptive? Well, I copied it from the actual checker description :/ I genuinely have no idea how properties work in ObjC, so I can't really update it on my own. https://reviews.llvm.org/D53069 ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[PATCH] D53069: [analyzer][www] Update avaible_checks.html
george.karpenkov requested changes to this revision. george.karpenkov added a comment. This revision now requires changes to proceed. Herald added a subscriber: donat.nagy. Great idea, thanks! Should be good to go once examples are added, and implicit checks are removed. Comment at: www/analyzer/available_checks.html:770 +(ObjC) +Check for proper uses of Objective-C properties + `proper uses` is not particularly descriptive? Comment at: www/analyzer/available_checks.html:884 + + + Yep, not very useful without an example. I'm pretty sure the code and tests have one. Comment at: www/analyzer/available_checks.html:988 + + Yeah, doesn't seem useful to the user. https://reviews.llvm.org/D53069 ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[PATCH] D53069: [analyzer][www] Update avaible_checks.html
rnkovacs added inline comments.
Comment at: www/analyzer/available_checks.html:376-393
+
+cplusplus.InnerPointer
+(C++)
+Check for inner pointers of C++ containers used after re/deallocation.
+
+
+
Szelethus wrote:
> @rnkovacs Is this a good description of your checker?
Hmm, how about:
```
void log(const char *str);
void test(int value) {
const char *msg = std::to_string(value).c_str();
// msg points to the buffer of a temporary that is now destroyed
log(msg); // warn: inner pointer of container used after re/deallocation
}
```
Most of the issues it found in real code looked like this.
Thanks a lot!
https://reviews.llvm.org/D53069
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[PATCH] D53069: [analyzer][www] Update avaible_checks.html
Szelethus added a comment. Thats a great idea. About implicit checks, they are so well hidden, I didn't even find them until I wanted to update the website (although, this is at least in part my fault, but why would anyone carefully read through a website that hasn't been touched for years?). I think with a big enough warning that it shouldn't be touched by normal users, it should be on this page. https://reviews.llvm.org/D53069 ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[PATCH] D53069: [analyzer][www] Update avaible_checks.html
xazax.hun added a comment. I am not sure what to do about implcit checks. Those are probably should never be turned on or off by the user, but they should be on or off by default based on the set of checks the user enabled and the platform she is using. Thus, I am perfectly ok with the implicit_checks.html only being accessible from the checker development manual. Maybe we should extend the checker list with a notice that the user should never disable the core checks. https://reviews.llvm.org/D53069 ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[PATCH] D53069: [analyzer][www] Update avaible_checks.html
Szelethus added inline comments. Comment at: www/analyzer/available_checks.html:376-393 + +cplusplus.InnerPointer +(C++) +Check for inner pointers of C++ containers used after re/deallocation. + + + @rnkovacs Is this a good description of your checker? https://reviews.llvm.org/D53069 ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[PATCH] D53069: [analyzer][www] Update avaible_checks.html
Szelethus updated this revision to Diff 168966.
Szelethus edited the summary of this revision.
Szelethus added a reviewer: rnkovacs.
https://reviews.llvm.org/D53069
Files:
www/analyzer/available_checks.html
Index: www/analyzer/available_checks.html
===
--- www/analyzer/available_checks.html
+++ www/analyzer/available_checks.html
@@ -38,11 +38,13 @@
Core Checkers model core language features and perform general-purpose checks such as division by zero, null pointer dereference, usage of uninitialized values, etc.
C++ Checkers perform C++-specific checks
Dead Code Checkers check for unused code
+LLVM Checkers for LLVM developers
Nullability Checkers
Optin Checkers
OS X Checkers perform Objective-C-specific checks and check the use of Apple's SDKs (OS X and iOS)
Security Checkers check for insecure API usage and perform checks based on the CERT Secure Coding Standards
Unix Checkers check the use of Unix and POSIX APIs
+Variable Argument Checkers
@@ -369,6 +371,28 @@
Name, DescriptionExample
+
+
+
+cplusplus.InnerPointer
+(C++)
+Check for inner pointers of C++ containers used after re/deallocation.
+
+
+
+void consume (const char *) {}
+
+void deref_after_scope_char() {
+ const char *c;
+ {
+std::string s;
+c = s.c_str();
+ }
+ consume(c); // warn: Use of memory after it is freed
+}
+
+
+
cplusplus.NewDelete
(C++)
@@ -435,6 +459,7 @@
} // warn
+
@@ -458,6 +483,25 @@
+
+LLVM Checkers
+
+
+Name, DescriptionExample
+
+
+
+llvm.Conventions
+(C)
+Check code for LLVM codebase conventions.
+
+
+
+
+
+
+
+
Nullability Checkers
@@ -535,6 +579,21 @@
}
+
+
+nullability.NullableReturnedFromNonnull
+(ObjC)
+Warns when a nullable pointer is returned from a function that has _Nonnull return type.
+
+
+typedef struct Dummy { int val; } Dummy;
+
+Dummy *_Nonnull test(Dummy *_Nullable a) {
+ Dummy *p = a;
+ return p; // warn
+}
+
+
@@ -610,6 +669,62 @@
[alarmStateLabel setText:alarmText];
+
+
+optin.performance.GCDAntipattern
+(ObjC)
+Check for performance anti-patterns when using Grand Central Dispatch.
+
+
+
+void use_semaphor_antipattern() {
+ dispatch_semaphore_t sema = dispatch_semaphore_create(0);
+
+ func(^{
+ dispatch_semaphore_signal(sema);
+ });
+ dispatch_semaphore_wait(sema, 100); // warn: waiting on a callback using a
+ // semaphore
+}
+
+
+
+
+optin.performance.Padding
+(C)
+Check for excessively padded structs.
+
+
+
+class PaddedA { // warn: excessive padding
+ char c1;
+ int i;
+ char c2;
+};
+
+
+
+
+optin.portability.UnixAPI
+(C)
+Finds implementation-defined behavior in UNIX/Posix functions.
+
+calloc
+malloc
+realloc
+reallocf
+alloca, __builtin_alloca
+__builtin_alloca_with_align
+valloc
+
+
+
+void *f(int n) {
+ return malloc(n * 0 * sizeof(int)); // warn: Call to 'malloc' has an
+ // allocation size of 0 bytes
+}
+
+
@@ -649,6 +764,16 @@
+
+osx.ObjCProperty
+(ObjC)
+Check for proper uses of Objective-C properties
+
+
+
+
+
+
osx.SecKeychainAPI
(C)
@@ -732,7 +857,8 @@
osx.cocoa.AtSync
(ObjC)
-Check for nil pointers used as mutexes for @synchronized.
+Check for nil pointers used as mutexes for @synchronized.
+
void test(id x) {
@@ -748,6 +874,17 @@
+
+osx.cocoa.AutoreleaseWrite
+(ObjC)
+Warn about potentially crashing writes to autoreleasing objects from different
+autoreleasing pools in Objective-C.
+
+
+
+
+
+
osx.cocoa.ClassRelease
(ObjC)
@@ -848,6 +985,17 @@
+
+
+osx.cocoa.Loops
+(ObjC)
+Improved modeling of loops using Cocoa collection types.
+
+
+
+
+
+
alpha.osx.cocoa.MissingSuperCall
(ObjC)
@@ -931,6 +1079,17 @@
+
+osx.cocoa.NonNilReturnValue
+(ObjC)
+Model the APIs that are guaranteed to return a non-nil value.
+
+
+
+
+
+
+
osx.cocoa.ObjCGenerics
(ObjC)
@@ -964,6 +1123,17 @@
+
+osx.cocoa.RunLoopAutoreleaseLeak
+(ObjC)
+Check for leaked memory in autorelease pools that will never be drained.
+
+
+
+
+
+
+
osx.cocoa.SelfInit
(ObjC)
@@ -1571,6 +1741,74 @@
+
+
+Variable Argument Checkers
+
+
+Name, DescriptionExample
+
+
+
+valist.CopyToSelf
+(C)
+Calls to the va_copy macro should not copy onto itself.
+
+
+#include stdarg.h
+
+void test(int x, ...) {
+ va_list args;
+ va_start(args, x);
+ va_copy(args, args); // warn
+ va_end(args);
+}
+
+
+
+valist.Uninitialized
+(C)
+Calls to the va_arg, va_copy, or
+va_end macro must happen after calling va_start and
+before calling va_end.
+
+
+#include stdarg.h
+
+void test(int x, ...) {
+ va_list args;
+ int y = va_arg(args, int); // warn
+}
+
+
+#include stdarg.h
+
+void test(int x, ...) {
+ va_list args;
+ va_start(args, x);
+ va_end(args);
+ int z = va_arg(args, int); // warn
+}
+
+
+
+valist.Unterminated
+(C)
+Every va_start must be matched by a va_end. A va_list
+can only be ended once.
+
+
+#include stdarg.h
+
+void test(int x, ...) {
[PATCH] D53069: [analyzer][www] Update avaible_checks.html
Szelethus created this revision.
Szelethus added reviewers: NoQ, george.karpenkov, MTC, xazax.hun.
Herald added subscribers: cfe-commits, mikhail.ramalho, a.sidorin,
JDevlieghere, rnkovacs, szepet, whisperity.
Title says it all. I never ever used ObjC, so I couldn't really add examples on
many occasions.
Five checkers are still in existence that aren't on the website just yet:
- apiModeling.StdCLibraryFunctions
- apiModeling.TrustNonnull
- apiModeling.google.GTest
- core.DynamicTypePropagation
- core.NonnilStringConstants
I suspect these are implicit checks, and should be placed in
implicit_checks.html, but I'll make sure that that page isn't as well hidden as
it is now.
Repository:
rC Clang
https://reviews.llvm.org/D53069
Files:
www/analyzer/available_checks.html
Index: www/analyzer/available_checks.html
===
--- www/analyzer/available_checks.html
+++ www/analyzer/available_checks.html
@@ -38,11 +38,13 @@
Core Checkers model core language features and perform general-purpose checks such as division by zero, null pointer dereference, usage of uninitialized values, etc.
C++ Checkers perform C++-specific checks
Dead Code Checkers check for unused code
+LLVM Checkers for LLVM developers
Nullability Checkers
Optin Checkers
OS X Checkers perform Objective-C-specific checks and check the use of Apple's SDKs (OS X and iOS)
Security Checkers check for insecure API usage and perform checks based on the CERT Secure Coding Standards
Unix Checkers check the use of Unix and POSIX APIs
+Variable Argument Checkers
@@ -369,6 +371,28 @@
Name, DescriptionExample
+
+
+
+cplusplus.InnerPointer
+(C++)
+Check for inner pointers of C++ containers used after re/deallocation.
+
+
+
+void consume (const char *) {}
+
+void deref_after_scope_char() {
+ const char *c;
+ {
+std::string s;
+c = s.c_str();
+ }
+ consume(c); // warn: Use of memory after it is freed
+}
+
+
+
cplusplus.NewDelete
(C++)
@@ -435,6 +459,27 @@
} // warn
+
+
+cplusplus.InnerPointer
+(C++)
+Check for inner pointers of C++ containers used after re/deallocation.
+
+
+
+void consume (const char *) {}
+
+void deref_after_scope_char() {
+ const char *c;
+ {
+std::string s;
+c = s.c_str();
+ }
+ consume(c); // warn: Use of memory after it is freed
+}
+
+
+
@@ -458,6 +503,25 @@
+
+LLVM Checkers
+
+
+Name, DescriptionExample
+
+
+
+llvm.Conventions
+(C)
+Check code for LLVM codebase conventions.
+
+
+
+
+
+
+
+
Nullability Checkers
@@ -535,6 +599,21 @@
}
+
+
+nullability.NullableReturnedFromNonnull
+(ObjC)
+Warns when a nullable pointer is returned from a function that has _Nonnull return type.
+
+
+typedef struct Dummy { int val; } Dummy;
+
+Dummy *_Nonnull test(Dummy *_Nullable a) {
+ Dummy *p = a;
+ return p; // warn
+}
+
+
@@ -610,6 +689,62 @@
[alarmStateLabel setText:alarmText];
+
+
+optin.performance.GCDAntipattern
+(ObjC)
+Check for performance anti-patterns when using Grand Central Dispatch.
+
+
+
+void use_semaphor_antipattern() {
+ dispatch_semaphore_t sema = dispatch_semaphore_create(0);
+
+ func(^{
+ dispatch_semaphore_signal(sema);
+ });
+ dispatch_semaphore_wait(sema, 100); // warn: waiting on a callback using a
+ // semaphore
+}
+
+
+
+
+optin.performance.Padding
+(C)
+Check for excessively padded structs.
+
+
+
+class PaddedA { // warn: excessive padding
+ char c1;
+ int i;
+ char c2;
+};
+
+
+
+
+optin.portability.UnixAPI
+(C)
+Finds implementation-defined behavior in UNIX/Posix functions.
+
+calloc
+malloc
+realloc
+reallocf
+alloca, __builtin_alloca
+__builtin_alloca_with_align
+valloc
+
+
+
+void *f(int n) {
+ return malloc(n * 0 * sizeof(int)); // warn: Call to 'malloc' has an
+ // allocation size of 0 bytes
+}
+
+
@@ -649,6 +784,16 @@
+
+osx.ObjCProperty
+(ObjC)
+Check for proper uses of Objective-C properties
+
+
+
+
+
+
osx.SecKeychainAPI
(C)
@@ -732,7 +877,8 @@
osx.cocoa.AtSync
(ObjC)
-Check for nil pointers used as mutexes for @synchronized.
+Check for nil pointers used as mutexes for @synchronized.
+
void test(id x) {
@@ -748,6 +894,17 @@
+
+osx.cocoa.AutoreleaseWrite
+(ObjC)
+Warn about potentially crashing writes to autoreleasing objects from different
+autoreleasing pools in Objective-C.
+
+
+
+
+
+
osx.cocoa.ClassRelease
(ObjC)
@@ -848,6 +1005,17 @@
+
+
+osx.cocoa.Loops
+(ObjC)
+Improved modeling of loops using Cocoa collection types.
+
+
+
+
+
+
alpha.osx.cocoa.MissingSuperCall
(ObjC)
@@ -931,6 +1099,17 @@
+
+osx.cocoa.NonNilReturnValue
+(ObjC)
+Model the APIs that are guaranteed to return a non-nil value.
+
+
+
+
+
+
+
osx.cocoa.ObjCGenerics
(ObjC)
@@ -964,6 +1143,17 @@
+
+osx.cocoa.RunLoopAutoreleaseLeak
+(ObjC)
+Check for leaked memory in autorelease pools that will never be drained.
+
+
+
+
+
+
+
