[analyzer] Turn on by default the Malloc Checker and a couple of CString
checks: - unix.Malloc - Checks for memory leaks, double free, use-after-free. - unix.cstring.NullArg - Checks for null pointers passed as arguments to CString functions + evaluates CString functions. - unix.cstring.BadSizeArg - Checks for common anti-patterns in strncat size argument. llvm-svn: 150988
This commit is contained in:
parent
43c3f28c23
commit
0cdce4df76
|
@ -33,7 +33,8 @@ def Taint : Package<"taint">, InPackage<SecurityExperimental>, Hidden;
|
|||
|
||||
def Unix : Package<"unix">;
|
||||
def UnixExperimental : Package<"unix">, InPackage<Experimental>, Hidden;
|
||||
def CString : Package<"cstring">, InPackage<UnixExperimental>, Hidden;
|
||||
def CString : Package<"cstring">, InPackage<Unix>, Hidden;
|
||||
def CStringExperimental : Package<"cstring">, InPackage<UnixExperimental>, Hidden;
|
||||
|
||||
def OSX : Package<"osx">;
|
||||
def OSXExperimental : Package<"osx">, InPackage<Experimental>, Hidden;
|
||||
|
@ -278,6 +279,10 @@ def UnixAPIChecker : Checker<"API">,
|
|||
HelpText<"Check calls to various UNIX/Posix functions">,
|
||||
DescFile<"UnixAPIChecker.cpp">;
|
||||
|
||||
def MallocPessimistic : Checker<"Malloc">,
|
||||
HelpText<"Check for memory leaks, double free, and use-after-free problems.">,
|
||||
DescFile<"MallocChecker.cpp">;
|
||||
|
||||
} // end "unix"
|
||||
|
||||
let ParentPackage = UnixExperimental in {
|
||||
|
@ -290,10 +295,6 @@ def MallocOptimistic : Checker<"MallocWithAnnotations">,
|
|||
HelpText<"Check for memory leaks, double free, and use-after-free problems. Assumes that all user-defined functions which might free a pointer are annotated.">,
|
||||
DescFile<"MallocChecker.cpp">;
|
||||
|
||||
def MallocPessimistic : Checker<"Malloc">,
|
||||
HelpText<"Check for memory leaks, double free, and use-after-free problems.">,
|
||||
DescFile<"MallocChecker.cpp">;
|
||||
|
||||
def MallocSizeofChecker : Checker<"MallocSizeof">,
|
||||
HelpText<"Check for dubious malloc arguments involving sizeof">,
|
||||
DescFile<"MallocSizeofChecker.cpp">;
|
||||
|
@ -314,6 +315,13 @@ def CStringNullArg : Checker<"NullArg">,
|
|||
HelpText<"Check for null pointers being passed as arguments to C string functions">,
|
||||
DescFile<"CStringChecker.cpp">;
|
||||
|
||||
def CStringSyntaxChecker : Checker<"BadSizeArg">,
|
||||
HelpText<"Check the size argument passed into C string functions for common erroneous patterns">,
|
||||
DescFile<"CStringSyntaxChecker.cpp">;
|
||||
}
|
||||
|
||||
let ParentPackage = CStringExperimental in {
|
||||
|
||||
def CStringOutOfBounds : Checker<"OutOfBounds">,
|
||||
HelpText<"Check for out-of-bounds access in string functions">,
|
||||
DescFile<"CStringChecker.cpp">;
|
||||
|
@ -325,10 +333,6 @@ def CStringBufferOverlap : Checker<"BufferOverlap">,
|
|||
def CStringNotNullTerm : Checker<"NotNullTerminated">,
|
||||
HelpText<"Check for arguments which are not null-terminating strings">,
|
||||
DescFile<"CStringChecker.cpp">;
|
||||
|
||||
def CStringSyntaxChecker : Checker<"BadSizeArg">,
|
||||
HelpText<"Check the size argument passed into C string functions for common erroneous patterns">,
|
||||
DescFile<"CStringSyntaxChecker.cpp">;
|
||||
}
|
||||
|
||||
//===----------------------------------------------------------------------===//
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
// RUN: %clang_cc1 -analyze -analyzer-checker=core,experimental.deadcode.UnreachableCode,experimental.unix.Malloc -verify -analyzer-constraints=basic %s
|
||||
// RUN: %clang_cc1 -analyze -analyzer-checker=core,experimental.deadcode.UnreachableCode,experimental.unix.Malloc -verify -analyzer-constraints=range %s
|
||||
// RUN: %clang_cc1 -analyze -analyzer-checker=core,experimental.deadcode.UnreachableCode,unix.Malloc -verify -analyzer-constraints=basic %s
|
||||
// RUN: %clang_cc1 -analyze -analyzer-checker=core,experimental.deadcode.UnreachableCode,unix.Malloc -verify -analyzer-constraints=range %s
|
||||
|
||||
// These are used to trigger warnings.
|
||||
typedef typeof(sizeof(int)) size_t;
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
// RUN: %clang_cc1 -analyze -analyzer-checker=core,experimental.unix.cstring -analyzer-store=region -Wno-null-dereference -verify %s
|
||||
// RUN: %clang_cc1 -analyze -DUSE_BUILTINS -analyzer-checker=core,experimental.unix.cstring -analyzer-store=region -Wno-null-dereference -verify %s
|
||||
// RUN: %clang_cc1 -analyze -DVARIANT -analyzer-checker=core,experimental.unix.cstring -analyzer-store=region -Wno-null-dereference -verify %s
|
||||
// RUN: %clang_cc1 -analyze -DUSE_BUILTINS -DVARIANT -analyzer-checker=core,experimental.unix.cstring.NullArg,experimental.unix.cstring.OutOfBounds,experimental.unix.cstring.BufferOverlap,experimental.unix.cstring.NotNullTerminated -analyzer-store=region -Wno-null-dereference -verify %s
|
||||
// RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.cstring,experimental.unix.cstring -analyzer-store=region -Wno-null-dereference -verify %s
|
||||
// RUN: %clang_cc1 -analyze -DUSE_BUILTINS -analyzer-checker=core,unix.cstring,experimental.unix.cstring -analyzer-store=region -Wno-null-dereference -verify %s
|
||||
// RUN: %clang_cc1 -analyze -DVARIANT -analyzer-checker=core,unix.cstring,experimental.unix.cstring -analyzer-store=region -Wno-null-dereference -verify %s
|
||||
// RUN: %clang_cc1 -analyze -DUSE_BUILTINS -DVARIANT -analyzer-checker=core,unix.cstring.NullArg,experimental.unix.cstring.OutOfBounds,experimental.unix.cstring.BufferOverlap,experimental.unix.cstring.NotNullTerminated -analyzer-store=region -Wno-null-dereference -verify %s
|
||||
|
||||
//===----------------------------------------------------------------------===
|
||||
// Declarations
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
// RUN: %clang_cc1 -analyze -analyzer-checker=experimental.unix.cstring.BadSizeArg -analyzer-store=region -verify %s
|
||||
// RUN: %clang_cc1 -analyze -analyzer-checker=unix.cstring.BadSizeArg -analyzer-store=region -verify %s
|
||||
|
||||
// Ensure we don't crash on C++ declarations with special names.
|
||||
struct X {
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
// RUN: %clang_cc1 -analyze -analyzer-checker=experimental.unix.cstring.BadSizeArg -analyzer-store=region -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument -Wno-sizeof-pointer-memaccess -verify %s
|
||||
// RUN: %clang_cc1 -analyze -analyzer-checker=unix.cstring.BadSizeArg -analyzer-store=region -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument -Wno-sizeof-pointer-memaccess -verify %s
|
||||
|
||||
typedef __SIZE_TYPE__ size_t;
|
||||
char *strncat(char *, const char *, size_t);
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
// RUN: %clang_cc1 -analyze -analyzer-store=region -analyzer-checker=core,experimental.unix.Malloc -fblocks -verify %s
|
||||
// RUN: %clang_cc1 -analyze -analyzer-store=region -analyzer-checker=core,unix.Malloc -fblocks -verify %s
|
||||
// RUN: %clang_cc1 -analyze -analyzer-store=region -analyzer-checker=core,experimental.unix.MallocWithAnnotations -fblocks -verify %s
|
||||
void free(void *);
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
// RUN: %clang_cc1 -analyze -analyzer-checker=experimental.unix.Malloc -analyzer-output=plist -o - %s | FileCheck %s
|
||||
// RUN: %clang_cc1 -analyze -analyzer-checker=unix.Malloc -analyzer-output=plist -o - %s | FileCheck %s
|
||||
|
||||
typedef __typeof(sizeof(int)) size_t;
|
||||
void *malloc(size_t);
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
// RUN: %clang_cc1 -analyze -analyzer-checker=core,experimental.deadcode.UnreachableCode,experimental.core.CastSize,experimental.unix.Malloc -analyzer-store=region -verify %s
|
||||
// RUN: %clang_cc1 -analyze -analyzer-checker=core,experimental.deadcode.UnreachableCode,experimental.core.CastSize,unix.Malloc -analyzer-store=region -verify %s
|
||||
#include "system-header-simulator.h"
|
||||
|
||||
typedef __typeof(sizeof(int)) size_t;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
// RUN: %clang_cc1 -analyze -analyzer-checker=core,experimental.unix.Malloc -analyzer-store=region -verify %s
|
||||
// RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.Malloc -analyzer-store=region -verify %s
|
||||
|
||||
typedef unsigned int UInt32;
|
||||
typedef signed long CFIndex;
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
// RUN: %clang_cc1 -analyze -analyzer-checker=core,experimental.unix.cstring,experimental.deadcode.UnreachableCode -analyzer-store=region -Wno-null-dereference -verify %s
|
||||
// RUN: %clang_cc1 -analyze -DUSE_BUILTINS -analyzer-checker=core,experimental.unix.cstring,experimental.deadcode.UnreachableCode -analyzer-store=region -Wno-null-dereference -verify %s
|
||||
// RUN: %clang_cc1 -analyze -DVARIANT -analyzer-checker=core,experimental.unix.cstring,experimental.deadcode.UnreachableCode -analyzer-store=region -Wno-null-dereference -verify %s
|
||||
// RUN: %clang_cc1 -analyze -DUSE_BUILTINS -DVARIANT -analyzer-checker=experimental.security.taint,core,experimental.unix.cstring,experimental.deadcode.UnreachableCode -analyzer-store=region -Wno-null-dereference -verify %s
|
||||
// RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.cstring,experimental.unix.cstring,experimental.deadcode.UnreachableCode -analyzer-store=region -Wno-null-dereference -verify %s
|
||||
// RUN: %clang_cc1 -analyze -DUSE_BUILTINS -analyzer-checker=core,unix.cstring,experimental.unix.cstring,experimental.deadcode.UnreachableCode -analyzer-store=region -Wno-null-dereference -verify %s
|
||||
// RUN: %clang_cc1 -analyze -DVARIANT -analyzer-checker=core,unix.cstring,experimental.unix.cstring,experimental.deadcode.UnreachableCode -analyzer-store=region -Wno-null-dereference -verify %s
|
||||
// RUN: %clang_cc1 -analyze -DUSE_BUILTINS -DVARIANT -analyzer-checker=experimental.security.taint,core,unix.cstring,experimental.unix.cstring,experimental.deadcode.UnreachableCode -analyzer-store=region -Wno-null-dereference -verify %s
|
||||
|
||||
//===----------------------------------------------------------------------===
|
||||
// Declarations
|
||||
|
|
Loading…
Reference in New Issue