Alpha Checkers
-Experimental checkers in addition to the -Default Checkers. These are checkers with known issues or limitations that -keep them from being on by default. They are likely to have false positives. -Bug reports are welcome but will likely not be investigated for some time. -Patches welcome! --
-
- Clone Alpha Checkers -
- Core Alpha Checkers -
- C++ Alpha Checkers -
- LLVM Checkers -
- Variable Argument Alpha Checkers -
- Dead Code Alpha Checkers -
- OS X Alpha Checkers -
- Security Alpha Checkers -
- Unix Alpha Checkers -
- Non-determinism Alpha Checkers -
Clone Alpha Checkers
-| Name, Description | Example |
-alpha.clone.CloneChecker
-(C, C++, ObjC)
-Reports similar pieces of code. |
-
-
-void log();
-
-int max(int a, int b) { // warn
- log();
- if (a > b)
- return a;
- return b;
-}
-
-int maxClone(int x, int y) { // similar code here
- log();
- if (x > y)
- return x;
- return y;
-}
- |
Core Alpha Checkers
-| Name, Description | Example |
-alpha.core.BoolAssignment
-(ObjC)
-Warn about assigning non-{0,1} values to boolean variables. |
-
-
-void test() {
- BOOL b = -1; // warn
-}
- |
-alpha.core.CastSize
-(C)
-Check when casting a malloc'ed type T, whether the size is a multiple of the
-size of T (Works only with unix.Malloc
-or alpha.unix.MallocWithAnnotations
-checks enabled). |
-
-
-void test() {
- int *x = (int *)malloc(11); // warn
-}
- |
-alpha.core.CastToStruct
-(C, C++)
-Check for cast from non-struct pointer to struct pointer. |
-
-
-// C
-struct s {};
-
-void test(int *p) {
- struct s *ps = (struct s *) p; // warn
-}
-
-// C++
-class c {};
-
-void test(int *p) {
- c *pc = (c *) p; // warn
-}
- |
-alpha.core.Conversion
-(C, C++, ObjC)
-Loss of sign or precision in implicit conversions |
-
-
-void test(unsigned U, signed S) {
- if (S > 10) {
- if (U < S) {
- }
- }
- if (S < -10) {
- if (U < S) { // warn (loss of sign)
- }
- }
-}
-
-void test() {
- long long A = 1LL << 60;
- short X = A; // warn (loss of precision)
-}
- |
-alpha.core.DynamicTypeChecker
-(ObjC)
-Check for cases where the dynamic and the static type of an
-object are unrelated. |
-
- -id date = [NSDate date]; - -// Warning: Object has a dynamic type 'NSDate *' which is -// incompatible with static type 'NSNumber *'" -NSNumber *number = date; -[number doubleValue]; - |
-alpha.core.FixedAddr
-(C)
-Check for assignment of a fixed address to a pointer. |
-
-
-void test() {
- int *p;
- p = (int *) 0x10000; // warn
-}
- |
-alpha.core.IdenticalExpr
-(C, C++)
-Warn about suspicious uses of identical expressions. |
-
-
-// C
-void test() {
- int a = 5;
- int b = a | 4 | a; // warn: identical expr on both sides
-}
-
-// C++
-bool f(void);
-
-void test(bool b) {
- int i = 10;
- if (f()) { // warn: true and false branches are identical
- do {
- i--;
- } while (f());
- } else {
- do {
- i--;
- } while (f());
- }
-}
- |
-alpha.core.PointerArithm
-(C)
-Check for pointer arithmetic on locations other than array
-elements. |
-
-
-void test() {
- int x;
- int *p;
- p = &x + 1; // warn
-}
- |
-alpha.core.PointerSub
-(C)
-Check for pointer subtractions on two pointers pointing to different memory
-chunks. |
-
-
-void test() {
- int x, y;
- int d = &y - &x; // warn
-}
- |
-alpha.core.StackAddressAsyncEscape
-(C)
-Check that addresses to stack memory do not escape the function that involves
- dispatch_after or dispatch_async. This checker is
-a part of core.StackAddressEscape, but is
-temporarily disabled until some
-false positives are fixed. |
-
-
-dispatch_block_t test_block_inside_block_async_leak() {
- int x = 123;
- void (^inner)(void) = ^void(void) {
- int y = x;
- ++y;
- };
- void (^outer)(void) = ^void(void) {
- int z = x;
- ++z;
- inner();
- };
- return outer; // warn: address of stack-allocated block is captured by a
- // returned block
-}
- |
-alpha.core.TestAfterDivZero
-(C, C++, ObjC)
-Check for division by variable that is later compared against 0.
-Either the comparison is useless or there is division by zero.
- |
-
-
-void test(int x) {
- var = 77 / x;
- if (x == 0) { } // warn
-}
- |
C++ Alpha Checkers
-| Name, Description | Example |
-alpha.cplusplus.DeleteWithNonVirtualDtor
-(C++)
-Reports destructions of polymorphic objects with a non-virtual destructor in
-their base class
- |
-
-
-NonVirtual *create() {
- NonVirtual *x = new NVDerived(); // note: Casting from 'NVDerived' to
- // 'NonVirtual' here
- return x;
-}
-
-void sink(NonVirtual *x) {
- delete x; // warn: destruction of a polymorphic object with no virtual
- // destructor
-}
- |
-alpha.cplusplus.InvalidatedIterator
-(C++)
-Check for use of invalidated iterators.
- |
-
- -void bad_copy_assign_operator_list1(std::list |
-alpha.cplusplus.IteratorRange
-(C++)
-Check for iterators used outside their valid ranges.
- |
-
- -void simple_bad_end(const std::vector |
-alpha.cplusplus.MismatchedIterator
-(C++)
-Check for use of iterators of different containers where iterators of the same
-container are expected.
- |
-
- -void bad_insert3(std::vector |
-alpha.cplusplus.Move
-(C++)
-Method calls on a moved-from object and copying a moved-from object will be
-reported.
- |
-
-
-struct A {
- void foo() {}
-};
-
-void f() {
- A a;
- A b = std::move(a); // note: 'a' became 'moved-from' here
- a.foo(); // warn: method call on a 'moved-from' object 'a'
-}
- |
Dead Code Alpha Checkers
-| Name, Description | Example |
-alpha.deadcode.UnreachableCode
-(C, C++, ObjC)
-Check unreachable code. |
-
-
-// C
-int test() {
- int x = 1;
- while(x);
- return x; // warn
-}
-
-// C++
-void test() {
- int a = 2;
-
- while (a > 1)
- a--;
-
- if (a > 1)
- a++; // warn
-}
-
-// Objective-C
-void test(id x) {
- return;
- [x retain]; // warn
-}
- |
LLVM Checkers
-OS X Alpha Checkers
-| Name, Description | Example |
-alpha.osx.cocoa.DirectIvarAssignment
-(ObjC)
-Check that Objective C properties follow the following rule: the property
-should be set with the setter, not though a direct assignment. |
-
-
-@interface MyClass : NSObject {}
-@property (readonly) id A;
-- (void) foo;
-@end
-
-@implementation MyClass
-- (void) foo {
- _A = 0; // warn
-}
-@end
- |
-alpha.osx.cocoa.DirectIvarAssignmentForAnnotatedFunctions
-(ObjC)
-Check for direct assignments to instance variables in the methods annotated
-with objc_no_direct_instance_variable_assignment. |
-
-
-@interface MyClass : NSObject {}
-@property (readonly) id A;
-- (void) fAnnotated __attribute__((
- annotate("objc_no_direct_instance_variable_assignment")));
-- (void) fNotAnnotated;
-@end
-
-@implementation MyClass
-- (void) fAnnotated {
- _A = 0; // warn
-}
-- (void) fNotAnnotated {
- _A = 0; // no warn
-}
-@end
- |
-alpha.osx.cocoa.InstanceVariableInvalidation
-(ObjC)
-Check that the invalidatable instance variables are invalidated in the methods
-annotated with objc_instance_variable_invalidator. |
-
-
-@protocol Invalidation <NSObject>
-- (void) invalidate
- __attribute__((annotate("objc_instance_variable_invalidator")));
-@end
-
-@interface InvalidationImpObj : NSObject <Invalidation>
-@end
-
-@interface SubclassInvalidationImpObj : InvalidationImpObj {
- InvalidationImpObj *var;
-}
-- (void)invalidate;
-@end
-
-@implementation SubclassInvalidationImpObj
-- (void) invalidate {}
-@end
-// warn: var needs to be invalidated or set to nil
- |
-alpha.osx.cocoa.MissingInvalidationMethod
-(ObjC)
-Check that the invalidation methods are present in classes that contain
-invalidatable instance variables. |
-
-
-@protocol Invalidation <NSObject>
-- (void)invalidate
- __attribute__((annotate("objc_instance_variable_invalidator")));
-@end
-
-@interface NeedInvalidation : NSObject <Invalidation>
-@end
-
-@interface MissingInvalidationMethodDecl : NSObject {
- NeedInvalidation *Var; // warn
-}
-@end
-
-@implementation MissingInvalidationMethodDecl
-@end
- |
-alpha.osx.cocoa.localizability.PluralMisuseChecker
-(ObjC)
-Warns against using one vs. many plural pattern in code
-when generating localized strings.
- |
-
-
-NSString *reminderText =
- NSLocalizedString(@"None", @"Indicates no reminders");
-if (reminderCount == 1) {
- // Warning: Plural cases are not supported across all languages.
- // Use a .stringsdict file instead
- reminderText =
- NSLocalizedString(@"1 Reminder", @"Indicates single reminder");
-} else if (reminderCount >= 2) {
- // Warning: Plural cases are not supported across all languages.
- // Use a .stringsdict file instead
- reminderText =
- [NSString stringWithFormat:
- NSLocalizedString(@"%@ Reminders", @"Indicates multiple reminders"),
- reminderCount];
-}
- |
Security Alpha Checkers
-| Name, Description | Example |
-alpha.security.ArrayBound
-(C)
-Warn about buffer overflows (older checker). |
-
-
-void test() {
- char *s = "";
- char c = s[1]; // warn
-}
-
-struct seven_words {
- int c[7];
-};
-
-void test() {
- struct seven_words a, *p;
- p = &a;
- p[0] = a;
- p[1] = a;
- p[2] = a; // warn
-}
-
-// note: requires unix.Malloc or
-// alpha.unix.MallocWithAnnotations checks enabled.
-void test() {
- int *p = malloc(12);
- p[3] = 4; // warn
-}
-
-void test() {
- char a[2];
- int *b = (int*)a;
- b[1] = 3; // warn
-}
- |
-alpha.security.ArrayBoundV2
-(C)
-Warn about buffer overflows (newer checker). |
-
-
-void test() {
- char *s = "";
- char c = s[1]; // warn
-}
-
-void test() {
- int buf[100];
- int *p = buf;
- p = p + 99;
- p[1] = 1; // warn
-}
-
-// note: compiler has internal check for this.
-// Use -Wno-array-bounds to suppress compiler warning.
-void test() {
- int buf[100][100];
- buf[0][-1] = 1; // warn
-}
-
-// note: requires alpha.security.taint check turned on.
-void test() {
- char s[] = "abc";
- int x = getchar();
- char c = s[x]; // warn: index is tainted
-}
- |
-alpha.security.MallocOverflow
-(C)
-Check for overflows in the arguments to malloc(). |
-
-
-void test(int n) {
- void *p = malloc(n * sizeof(int)); // warn
-}
- |
-alpha.security.MmapWriteExec
-(C)
-Warn on mmap() |
-
-
-void test(int n) {
- void *c = mmap(NULL, 32, PROT_READ | PROT_WRITE | PROT_EXEC,
- MAP_PRIVATE | MAP_ANON, -1, 0);
- // warn: Both PROT_WRITE and PROT_EXEC flags are set. This can lead to
- // exploitable memory regions, which could be overwritten with malicious
- // code
-}
- |
-alpha.security.ReturnPtrRange
-(C)
-Check for an out-of-bound pointer being returned to callers. |
-
-
-static int A[10];
-
-int *test() {
- int *p = A + 10;
- return p; // warn
-}
-
-int test(void) {
- int x;
- return x; // warn: undefined or garbage returned
-}
- |
-alpha.security.taint.TaintPropagation
-(C)
-Generate taint information used by other checkers. |
-
-
-void test() {
- char x = getchar(); // 'x' marked as tainted
- system(&x); // warn: untrusted data is passed to a system call
-}
-
-// note: compiler internally checks if the second param to
-// sprintf is a string literal or not.
-// Use -Wno-format-security to suppress compiler warning.
-void test() {
- char s[10], buf[10];
- fscanf(stdin, "%s", s); // 's' marked as tainted
-
- sprintf(buf, s); // warn: untrusted data as a format string
-}
-
-void test() {
- size_t ts;
- scanf("%zd", &ts); // 'ts' marked as tainted
- int *p = (int *)malloc(ts * sizeof(int));
- // warn: untrusted data as buffer size
-}
- |
Unix Alpha Checkers
-| Name, Description | Example |
-alpha.unix.Chroot
-(C)
-Check improper use of chroot. |
-
-
-void f();
-
-void test() {
- chroot("/usr/local");
- f(); // warn: no call of chdir("/") immediately after chroot
-}
- |
-alpha.unix.PthreadLock
-(C)
-Simple lock -> unlock checker; applies to:
-pthread_mutex_lock -pthread_rwlock_rdlock -pthread_rwlock_wrlock -lck_mtx_lock -lck_rw_lock_exclusive -lck_rw_lock_shared -pthread_mutex_trylock -pthread_rwlock_tryrdlock -pthread_rwlock_tryrwlock -lck_mtx_try_lock -lck_rw_try_lock_exclusive -lck_rw_try_lock_shared -pthread_mutex_unlock -pthread_rwlock_unlock -lck_mtx_unlock -lck_rw_done |
-
-
-pthread_mutex_t mtx;
-
-void test() {
- pthread_mutex_lock(&mtx);
- pthread_mutex_lock(&mtx);
- // warn: this lock has already been acquired
-}
-
-lck_mtx_t lck1, lck2;
-
-void test() {
- lck_mtx_lock(&lck1);
- lck_mtx_lock(&lck2);
- lck_mtx_unlock(&lck1);
- // warn: this was not the most recently acquired lock
-}
-
-lck_mtx_t lck1, lck2;
-
-void test() {
- if (lck_mtx_try_lock(&lck1) == 0)
- return;
-
- lck_mtx_lock(&lck2);
- lck_mtx_unlock(&lck1);
- // warn: this was not the most recently acquired lock
-}
- |
-alpha.unix.SimpleStream
-(C)
-Check for misuses of stream APIs:
-fopen (demo checker, the subject of the demo
-(Slides
-,Video)
-by Anna Zaks and Jordan Rose presented at the
-2012 LLVM Developers' Meeting).-fclose |
-
-
-void test() {
- FILE *F = fopen("myfile.txt", "w");
-} // warn: opened file is never closed
-
-void test() {
- FILE *F = fopen("myfile.txt", "w");
-
- if (F)
- fclose(F);
-
- fclose(F); // warn: closing a previously closed file stream
-}
- |
-alpha.unix.cstring.BufferOverlap
-(C)
-Checks for overlap in two buffer arguments; applies to:
-memcpy -mempcpy |
-
-
-void test() {
- int a[4] = {0};
- memcpy(a + 2, a + 1, 8); // warn
-}
- |
-alpha.unix.cstring.NotNullTerminated
-(C)
-Check for arguments which are not null-terminated strings; applies
-to:
-strlen -strnlen -strcpy -strncpy -strcat -strncat |
-
-
-void test() {
- int y = strlen((char *)&test); // warn
-}
- |
-alpha.unix.cstring.OutOfBounds
-(C)
-Check for out-of-bounds access in string functions; applies
-to:
-strncopy -strncat |
-
-
-void test(char *y) {
- char x[4];
- if (strlen(y) == 4)
- strncpy(x, y, 5); // warn
-}
- |
Non-determinism Alpha Checkers
-| Name, Description | Example |
-alpha.nondeterminism.PointerIteration
-(C++)
-Check for non-determinism caused by iterating unordered containers of pointers. |
-
-
-// C++
-void test() {
- int a = 1, b = 2;
- std::unordered_set |
-alpha.nondeterminism.PointerSorting
-(C++)
-Check for non-determinism caused by sorting of pointers. |
-
-
-// C++
-void test() {
- int a = 1, b = 2;
- std::vector |
The clangd documentation has moved to clang.llvm.org
+This page is deprecated and will be removed in release 21.0
+The new site +