replica
/
hanchenye-llvm-project
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[analyzer] Turn on by default the Malloc Checker and a couple of CString 

checks:

- unix.Malloc - Checks for memory leaks, double free, use-after-free.
- unix.cstring.NullArg - Checks for null pointers passed as arguments to
CString functions + evaluates CString functions.
- unix.cstring.BadSizeArg - Checks for common anti-patterns in
strncat size argument.

llvm-svn: 150988
This commit is contained in:
Anna Zaks 2012-02-20 21:10:37 +00:00
parent 43c3f28c23
commit 0cdce4df76
10 changed files with 29 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
clang/lib/StaticAnalyzer/Checkers/Checkers.td
View File

@ -33,7 +33,8 @@ def Taint : Package<"taint">, InPackage<SecurityExperimental>, Hidden;
def Unix : Package<"unix">; def Unix : Package<"unix">;
def UnixExperimental : Package<"unix">, InPackage<Experimental>, Hidden; def UnixExperimental : Package<"unix">, InPackage<Experimental>, Hidden;
def CString : Package<"cstring">, InPackage<UnixExperimental>, Hidden; def CString : Package<"cstring">, InPackage<Unix>, Hidden;
def CStringExperimental : Package<"cstring">, InPackage<UnixExperimental>, Hidden;
def OSX : Package<"osx">; def OSX : Package<"osx">;
def OSXExperimental : Package<"osx">, InPackage<Experimental>, Hidden; def OSXExperimental : Package<"osx">, InPackage<Experimental>, Hidden;
@ -277,6 +278,10 @@ let ParentPackage = Unix in {
def UnixAPIChecker : Checker<"API">, def UnixAPIChecker : Checker<"API">,
HelpText<"Check calls to various UNIX/Posix functions">, HelpText<"Check calls to various UNIX/Posix functions">,
DescFile<"UnixAPIChecker.cpp">; DescFile<"UnixAPIChecker.cpp">;
def MallocPessimistic : Checker<"Malloc">,
HelpText<"Check for memory leaks, double free, and use-after-free problems.">,
DescFile<"MallocChecker.cpp">;
} // end "unix" } // end "unix"
@ -290,10 +295,6 @@ def MallocOptimistic : Checker<"MallocWithAnnotations">,
HelpText<"Check for memory leaks, double free, and use-after-free problems. Assumes that all user-defined functions which might free a pointer are annotated.">, HelpText<"Check for memory leaks, double free, and use-after-free problems. Assumes that all user-defined functions which might free a pointer are annotated.">,
DescFile<"MallocChecker.cpp">; DescFile<"MallocChecker.cpp">;
def MallocPessimistic : Checker<"Malloc">,
HelpText<"Check for memory leaks, double free, and use-after-free problems.">,
DescFile<"MallocChecker.cpp">;
def MallocSizeofChecker : Checker<"MallocSizeof">, def MallocSizeofChecker : Checker<"MallocSizeof">,
HelpText<"Check for dubious malloc arguments involving sizeof">, HelpText<"Check for dubious malloc arguments involving sizeof">,
DescFile<"MallocSizeofChecker.cpp">; DescFile<"MallocSizeofChecker.cpp">;
@ -314,6 +315,13 @@ def CStringNullArg : Checker<"NullArg">,
HelpText<"Check for null pointers being passed as arguments to C string functions">, HelpText<"Check for null pointers being passed as arguments to C string functions">,
DescFile<"CStringChecker.cpp">; DescFile<"CStringChecker.cpp">;
def CStringSyntaxChecker : Checker<"BadSizeArg">,
HelpText<"Check the size argument passed into C string functions for common erroneous patterns">,
DescFile<"CStringSyntaxChecker.cpp">;
}
let ParentPackage = CStringExperimental in {
def CStringOutOfBounds : Checker<"OutOfBounds">, def CStringOutOfBounds : Checker<"OutOfBounds">,
HelpText<"Check for out-of-bounds access in string functions">, HelpText<"Check for out-of-bounds access in string functions">,
DescFile<"CStringChecker.cpp">; DescFile<"CStringChecker.cpp">;
@ -325,10 +333,6 @@ def CStringBufferOverlap : Checker<"BufferOverlap">,
def CStringNotNullTerm : Checker<"NotNullTerminated">, def CStringNotNullTerm : Checker<"NotNullTerminated">,
HelpText<"Check for arguments which are not null-terminating strings">, HelpText<"Check for arguments which are not null-terminating strings">,
DescFile<"CStringChecker.cpp">; DescFile<"CStringChecker.cpp">;
def CStringSyntaxChecker : Checker<"BadSizeArg">,
HelpText<"Check the size argument passed into C string functions for common erroneous patterns">,
DescFile<"CStringSyntaxChecker.cpp">;
} }
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//

4
clang/test/Analysis/additive-folding.c
View File

@ -1,5 +1,5 @@
// RUN: %clang_cc1 -analyze -analyzer-checker=core,experimental.deadcode.UnreachableCode,experimental.unix.Malloc -verify -analyzer-constraints=basic %s // RUN: %clang_cc1 -analyze -analyzer-checker=core,experimental.deadcode.UnreachableCode,unix.Malloc -verify -analyzer-constraints=basic %s
// RUN: %clang_cc1 -analyze -analyzer-checker=core,experimental.deadcode.UnreachableCode,experimental.unix.Malloc -verify -analyzer-constraints=range %s // RUN: %clang_cc1 -analyze -analyzer-checker=core,experimental.deadcode.UnreachableCode,unix.Malloc -verify -analyzer-constraints=range %s
// These are used to trigger warnings. // These are used to trigger warnings.
typedef typeof(sizeof(int)) size_t; typedef typeof(sizeof(int)) size_t;

8
clang/test/Analysis/bstring.c
View File

@ -1,7 +1,7 @@
// RUN: %clang_cc1 -analyze -analyzer-checker=core,experimental.unix.cstring -analyzer-store=region -Wno-null-dereference -verify %s // RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.cstring,experimental.unix.cstring -analyzer-store=region -Wno-null-dereference -verify %s
// RUN: %clang_cc1 -analyze -DUSE_BUILTINS -analyzer-checker=core,experimental.unix.cstring -analyzer-store=region -Wno-null-dereference -verify %s // RUN: %clang_cc1 -analyze -DUSE_BUILTINS -analyzer-checker=core,unix.cstring,experimental.unix.cstring -analyzer-store=region -Wno-null-dereference -verify %s
// RUN: %clang_cc1 -analyze -DVARIANT -analyzer-checker=core,experimental.unix.cstring -analyzer-store=region -Wno-null-dereference -verify %s // RUN: %clang_cc1 -analyze -DVARIANT -analyzer-checker=core,unix.cstring,experimental.unix.cstring -analyzer-store=region -Wno-null-dereference -verify %s
// RUN: %clang_cc1 -analyze -DUSE_BUILTINS -DVARIANT -analyzer-checker=core,experimental.unix.cstring.NullArg,experimental.unix.cstring.OutOfBounds,experimental.unix.cstring.BufferOverlap,experimental.unix.cstring.NotNullTerminated -analyzer-store=region -Wno-null-dereference -verify %s // RUN: %clang_cc1 -analyze -DUSE_BUILTINS -DVARIANT -analyzer-checker=core,unix.cstring.NullArg,experimental.unix.cstring.OutOfBounds,experimental.unix.cstring.BufferOverlap,experimental.unix.cstring.NotNullTerminated -analyzer-store=region -Wno-null-dereference -verify %s
//===----------------------------------------------------------------------=== //===----------------------------------------------------------------------===
// Declarations // Declarations

2
clang/test/Analysis/cstring-syntax-cxx.cpp
View File

@ -1,4 +1,4 @@
// RUN: %clang_cc1 -analyze -analyzer-checker=experimental.unix.cstring.BadSizeArg -analyzer-store=region -verify %s // RUN: %clang_cc1 -analyze -analyzer-checker=unix.cstring.BadSizeArg -analyzer-store=region -verify %s
// Ensure we don't crash on C++ declarations with special names. // Ensure we don't crash on C++ declarations with special names.
struct X { struct X {

2
clang/test/Analysis/cstring-syntax.c
View File

@ -1,4 +1,4 @@
// RUN: %clang_cc1 -analyze -analyzer-checker=experimental.unix.cstring.BadSizeArg -analyzer-store=region -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument -Wno-sizeof-pointer-memaccess -verify %s // RUN: %clang_cc1 -analyze -analyzer-checker=unix.cstring.BadSizeArg -analyzer-store=region -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument -Wno-sizeof-pointer-memaccess -verify %s
typedef __SIZE_TYPE__ size_t; typedef __SIZE_TYPE__ size_t;
char *strncat(char *, const char *, size_t); char *strncat(char *, const char *, size_t);

2
clang/test/Analysis/free.c
View File

@ -1,4 +1,4 @@
// RUN: %clang_cc1 -analyze -analyzer-store=region -analyzer-checker=core,experimental.unix.Malloc -fblocks -verify %s // RUN: %clang_cc1 -analyze -analyzer-store=region -analyzer-checker=core,unix.Malloc -fblocks -verify %s
// RUN: %clang_cc1 -analyze -analyzer-store=region -analyzer-checker=core,experimental.unix.MallocWithAnnotations -fblocks -verify %s // RUN: %clang_cc1 -analyze -analyzer-store=region -analyzer-checker=core,experimental.unix.MallocWithAnnotations -fblocks -verify %s
void free(void *); void free(void *);

2
clang/test/Analysis/malloc-plist.c
View File

@ -1,4 +1,4 @@
// RUN: %clang_cc1 -analyze -analyzer-checker=experimental.unix.Malloc -analyzer-output=plist -o - %s | FileCheck %s // RUN: %clang_cc1 -analyze -analyzer-checker=unix.Malloc -analyzer-output=plist -o - %s | FileCheck %s
typedef __typeof(sizeof(int)) size_t; typedef __typeof(sizeof(int)) size_t;
void *malloc(size_t); void *malloc(size_t);

2
clang/test/Analysis/malloc.c
View File

@ -1,4 +1,4 @@
// RUN: %clang_cc1 -analyze -analyzer-checker=core,experimental.deadcode.UnreachableCode,experimental.core.CastSize,experimental.unix.Malloc -analyzer-store=region -verify %s // RUN: %clang_cc1 -analyze -analyzer-checker=core,experimental.deadcode.UnreachableCode,experimental.core.CastSize,unix.Malloc -analyzer-store=region -verify %s
#include "system-header-simulator.h" #include "system-header-simulator.h"
typedef __typeof(sizeof(int)) size_t; typedef __typeof(sizeof(int)) size_t;

2
clang/test/Analysis/malloc.mm
View File

@ -1,4 +1,4 @@
// RUN: %clang_cc1 -analyze -analyzer-checker=core,experimental.unix.Malloc -analyzer-store=region -verify %s // RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.Malloc -analyzer-store=region -verify %s
typedef unsigned int UInt32; typedef unsigned int UInt32;
typedef signed long CFIndex; typedef signed long CFIndex;

8
clang/test/Analysis/string.c
View File

@ -1,7 +1,7 @@
// RUN: %clang_cc1 -analyze -analyzer-checker=core,experimental.unix.cstring,experimental.deadcode.UnreachableCode -analyzer-store=region -Wno-null-dereference -verify %s // RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.cstring,experimental.unix.cstring,experimental.deadcode.UnreachableCode -analyzer-store=region -Wno-null-dereference -verify %s
// RUN: %clang_cc1 -analyze -DUSE_BUILTINS -analyzer-checker=core,experimental.unix.cstring,experimental.deadcode.UnreachableCode -analyzer-store=region -Wno-null-dereference -verify %s // RUN: %clang_cc1 -analyze -DUSE_BUILTINS -analyzer-checker=core,unix.cstring,experimental.unix.cstring,experimental.deadcode.UnreachableCode -analyzer-store=region -Wno-null-dereference -verify %s
// RUN: %clang_cc1 -analyze -DVARIANT -analyzer-checker=core,experimental.unix.cstring,experimental.deadcode.UnreachableCode -analyzer-store=region -Wno-null-dereference -verify %s // RUN: %clang_cc1 -analyze -DVARIANT -analyzer-checker=core,unix.cstring,experimental.unix.cstring,experimental.deadcode.UnreachableCode -analyzer-store=region -Wno-null-dereference -verify %s
// RUN: %clang_cc1 -analyze -DUSE_BUILTINS -DVARIANT -analyzer-checker=experimental.security.taint,core,experimental.unix.cstring,experimental.deadcode.UnreachableCode -analyzer-store=region -Wno-null-dereference -verify %s // RUN: %clang_cc1 -analyze -DUSE_BUILTINS -DVARIANT -analyzer-checker=experimental.security.taint,core,unix.cstring,experimental.unix.cstring,experimental.deadcode.UnreachableCode -analyzer-store=region -Wno-null-dereference -verify %s
//===----------------------------------------------------------------------=== //===----------------------------------------------------------------------===
// Declarations // Declarations