Last active
June 20, 2017 14:09
-
-
Save steipete/28849365e603dc2015c7107d85142e7b to your computer and use it in GitHub Desktop.
clang -cc1 -analyzer-checker-help, see https://gist.github.com/steipete/86c4db2cda22aa7427bb453907885c1f (Update for Xcode 9b1)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| clang --version | |
| Apple LLVM version 9.0.0 (clang-900.0.22.8) | |
| Target: x86_64-apple-darwin16.7.0 | |
| Thread model: posix | |
| InstalledDir: /Applications/Xcode-beta.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin | |
| clang -cc1 -analyzer-checker-help | |
| OVERVIEW: Clang Static Analyzer Checkers List | |
| USAGE: -analyzer-checker <CHECKER or PACKAGE,...> | |
| CHECKERS: | |
| alpha.clone.CloneChecker Reports similar pieces of code. | |
| alpha.core.BoolAssignment Warn about assigning non-{0,1} values to Boolean variables | |
| alpha.core.CallAndMessageUnInitRefArg | |
| Check for logical errors for function calls and Objective-C message expressions (e.g., uninitialized arguments, null function pointers, and pointer to undefined variables) | |
| alpha.core.CastSize Check when casting a malloc'ed type T, whether the size is a multiple of the size of T | |
| alpha.core.CastToStruct Check for cast from non-struct pointer to struct pointer | |
| alpha.core.Conversion Loss of sign/precision in implicit conversions | |
| alpha.core.DynamicTypeChecker Check for cases where the dynamic and the static type of an object are unrelated. | |
| alpha.core.FixedAddr Check for assignment of a fixed address to a pointer | |
| alpha.core.IdenticalExpr Warn about unintended use of identical expressions in operators | |
| alpha.core.PointerArithm Check for pointer arithmetic on locations other than array elements | |
| alpha.core.PointerSub Check for pointer subtractions on two pointers pointing to different memory chunks | |
| alpha.core.SizeofPtr Warn about unintended use of sizeof() on pointer expressions | |
| alpha.core.TestAfterDivZero Check for division by variable that is later compared against 0. Either the comparison is useless or there is division by zero. | |
| alpha.cplusplus.IteratorPastEnd | |
| Check iterators used past end | |
| alpha.cplusplus.MisusedMovedObject | |
| Method calls on a moved-from object and copying a moved-from object will be reported | |
| alpha.deadcode.UnreachableCode Check unreachable code | |
| alpha.osx.cocoa.DirectIvarAssignment | |
| Check for direct assignments to instance variables | |
| alpha.osx.cocoa.DirectIvarAssignmentForAnnotatedFunctions | |
| Check for direct assignments to instance variables in the methods annotated with objc_no_direct_instance_variable_assignment | |
| alpha.osx.cocoa.InstanceVariableInvalidation | |
| Check that the invalidatable instance variables are invalidated in the methods annotated with objc_instance_variable_invalidator | |
| alpha.osx.cocoa.MissingInvalidationMethod | |
| Check that the invalidation methods are present in classes that contain invalidatable instance variables | |
| alpha.osx.cocoa.localizability.PluralMisuseChecker | |
| Warns against using one vs. many plural pattern in code when generating localized strings. | |
| alpha.security.ArrayBound Warn about buffer overflows (older checker) | |
| alpha.security.ArrayBoundV2 Warn about buffer overflows (newer checker) | |
| alpha.security.MallocOverflow Check for overflows in the arguments to malloc() | |
| alpha.security.ReturnPtrRange Check for an out-of-bound pointer being returned to callers | |
| alpha.security.taint.TaintPropagation | |
| Generate taint information used by other checkers | |
| alpha.unix.BlockInCriticalSection | |
| Check for calls to blocking functions inside a critical section | |
| alpha.unix.Chroot Check improper use of chroot | |
| alpha.unix.PthreadLock Simple lock -> unlock checker | |
| alpha.unix.SimpleStream Check for misuses of stream APIs | |
| alpha.unix.Stream Check stream handling functions | |
| alpha.unix.cstring.BufferOverlap | |
| Checks for overlap in two buffer arguments | |
| alpha.unix.cstring.NotNullTerminated | |
| Check for arguments which are not null-terminating strings | |
| alpha.unix.cstring.OutOfBounds Check for out-of-bounds access in string functions | |
| apiModeling.google.GTest Model gtest assertion APIs | |
| core.CallAndMessage Check for logical errors for function calls and Objective-C message expressions (e.g., uninitialized arguments, null function pointers) | |
| core.DivideZero Check for division by zero | |
| core.DynamicTypePropagation Generate dynamic type information | |
| core.NonNullParamChecker Check for null pointers passed as arguments to a function whose arguments are references or marked with the 'nonnull' attribute | |
| core.NullDereference Check for dereferences of null pointers | |
| core.StackAddressEscape Check that addresses to stack memory do not escape the function | |
| core.UndefinedBinaryOperatorResult | |
| Check for undefined results of binary operators | |
| core.VLASize Check for declarations of VLA of undefined or zero size | |
| core.builtin.BuiltinFunctions Evaluate compiler builtin functions (e.g., alloca()) | |
| core.builtin.NoReturnFunctions Evaluate "panic" functions that are known to not return to the caller | |
| core.uninitialized.ArraySubscript | |
| Check for uninitialized values used as array subscripts | |
| core.uninitialized.Assign Check for assigning uninitialized values | |
| core.uninitialized.Branch Check for uninitialized values used as branch conditions | |
| core.uninitialized.CapturedBlockVariable | |
| Check for blocks that capture uninitialized values | |
| core.uninitialized.UndefReturn Check for uninitialized values being returned to the caller | |
| cplusplus.NewDelete Check for double-free and use-after-free problems. Traces memory managed by new/delete. | |
| cplusplus.NewDeleteLeaks Check for memory leaks. Traces memory managed by new/delete. | |
| cplusplus.SelfAssignment Checks C++ copy and move assignment operators for self assignment | |
| deadcode.DeadStores Check for values stored to variables that are never read afterwards | |
| debug.AnalysisOrder Print callbacks that are called during analysis in order | |
| debug.ConfigDumper Dump config table | |
| debug.DumpBugHash Dump the bug hash for all statements. | |
| debug.DumpCFG Display Control-Flow Graphs | |
| debug.DumpCallGraph Display Call Graph | |
| debug.DumpCalls Print calls as they are traversed by the engine | |
| debug.DumpDominators Print the dominance tree for a given CFG | |
| debug.DumpLiveVars Print results of live variable analysis | |
| debug.DumpTraversal Print branch conditions as they are traversed by the engine | |
| debug.ExprInspection Check the analyzer's understanding of expressions | |
| debug.Stats Emit warnings with analyzer statistics | |
| debug.TaintTest Mark tainted symbols as such. | |
| debug.ViewCFG View Control-Flow Graphs using GraphViz | |
| debug.ViewCallGraph View Call Graph using GraphViz | |
| debug.ViewExplodedGraph View Exploded Graphs using GraphViz | |
| llvm.Conventions Check code for LLVM codebase conventions | |
| nullability.NullPassedToNonnull | |
| Warns when a null pointer is passed to a pointer which has a _Nonnull type. | |
| nullability.NullReturnedFromNonnull | |
| Warns when a null pointer is returned from a function that has _Nonnull return type. | |
| nullability.NullableDereferenced | |
| Warns when a nullable pointer is dereferenced. | |
| nullability.NullablePassedToNonnull | |
| Warns when a nullable pointer is passed to a pointer which has a _Nonnull type. | |
| nullability.NullableReturnedFromNonnull | |
| Warns when a nullable pointer is returned from a function that has _Nonnull return type. | |
| optin.cplusplus.VirtualCall Check virtual function calls during construction or destruction | |
| optin.mpi.MPI-Checker Checks MPI code | |
| optin.osx.cocoa.localizability.EmptyLocalizationContextChecker | |
| Check that NSLocalizedString macros include a comment for context | |
| optin.osx.cocoa.localizability.NonLocalizedStringChecker | |
| Warns about uses of non-localized NSStrings passed to UI methods expecting localized NSStrings | |
| optin.performance.Padding Check for excessively padded structs. | |
| osx.API Check for proper uses of various Apple APIs | |
| osx.NumberObjectConversion Check for erroneous conversions of objects representing numbers into numbers | |
| osx.ObjCProperty Check for proper uses of Objective-C properties | |
| osx.SecKeychainAPI Check for proper uses of Secure Keychain APIs | |
| osx.cocoa.AtSync Check for nil pointers used as mutexes for @synchronized | |
| osx.cocoa.ClassRelease Check for sending 'retain', 'release', or 'autorelease' directly to a Class | |
| osx.cocoa.Dealloc Warn about Objective-C classes that lack a correct implementation of -dealloc | |
| osx.cocoa.IncompatibleMethodTypes | |
| Warn about Objective-C method signatures with type incompatibilities | |
| osx.cocoa.Loops Improved modeling of loops using Cocoa collection types | |
| osx.cocoa.MissingSuperCall Warn about Objective-C methods that lack a necessary call to super | |
| osx.cocoa.NSAutoreleasePool Warn for suboptimal uses of NSAutoreleasePool in Objective-C GC mode | |
| osx.cocoa.NSError Check usage of NSError** parameters | |
| osx.cocoa.NilArg Check for prohibited nil arguments to ObjC method calls | |
| osx.cocoa.NonNilReturnValue Model the APIs that are guaranteed to return a non-nil value | |
| osx.cocoa.ObjCGenerics Check for type errors when using Objective-C generics | |
| osx.cocoa.RetainCount Check for leaks and improper reference count management | |
| osx.cocoa.SelfInit Check that 'self' is properly initialized inside an initializer method | |
| osx.cocoa.SuperDealloc Warn about improper use of '[super dealloc]' in Objective-C | |
| osx.cocoa.UnusedIvars Warn about private ivars that are never used | |
| osx.cocoa.VariadicMethodTypes Check for passing non-Objective-C types to variadic collection initialization methods that expect only Objective-C types | |
| osx.coreFoundation.CFError Check usage of CFErrorRef* parameters | |
| osx.coreFoundation.CFNumber Check for proper uses of CFNumber APIs | |
| osx.coreFoundation.CFRetainRelease | |
| Check for null arguments to CFRetain/CFRelease/CFMakeCollectable | |
| osx.coreFoundation.containers.OutOfBounds | |
| Checks for index out-of-bounds when using 'CFArray' API | |
| osx.coreFoundation.containers.PointerSizedValues | |
| Warns if 'CFArray', 'CFDictionary', 'CFSet' are created with non-pointer-size values | |
| security.FloatLoopCounter Warn on using a floating point value as a loop counter (CERT: FLP30-C, FLP30-CPP) | |
| security.insecureAPI.UncheckedReturn | |
| Warn on uses of functions whose return values must be always checked | |
| security.insecureAPI.getpw Warn on uses of the 'getpw' function | |
| security.insecureAPI.gets Warn on uses of the 'gets' function | |
| security.insecureAPI.mkstemp Warn when 'mkstemp' is passed fewer than 6 X's in the format string | |
| security.insecureAPI.mktemp Warn on uses of the 'mktemp' function | |
| security.insecureAPI.rand Warn on uses of the 'rand', 'random', and related functions | |
| security.insecureAPI.strcpy Warn on uses of the 'strcpy' and 'strcat' functions | |
| security.insecureAPI.vfork Warn on uses of the 'vfork' function | |
| unix.API Check calls to various UNIX/Posix functions | |
| unix.Malloc Check for memory leaks, double free, and use-after-free problems. Traces memory managed by malloc()/free(). | |
| unix.MallocSizeof Check for dubious malloc arguments involving sizeof | |
| unix.MismatchedDeallocator Check for mismatched deallocators. | |
| unix.StdCLibraryFunctions Improve modeling of the C standard library functions | |
| unix.Vfork Check for proper usage of vfork | |
| unix.cstring.BadSizeArg Check the size argument passed into C string functions for common erroneous patterns | |
| unix.cstring.NullArg Check for null pointers being passed as arguments to C string functions | |
| valist.CopyToSelf Check for va_lists which are copied onto itself. | |
| valist.Uninitialized Check for usages of uninitialized (or already released) va_lists. | |
| valist.Unterminated Check for va_lists which are not released by a va_end call. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment