diff options
Diffstat (limited to 'clang/docs/analyzer')
| -rw-r--r-- | clang/docs/analyzer/checkers.rst | 50 |
1 files changed, 44 insertions, 6 deletions
diff --git a/clang/docs/analyzer/checkers.rst b/clang/docs/analyzer/checkers.rst index d942578..fd0b304 100644 --- a/clang/docs/analyzer/checkers.rst +++ b/clang/docs/analyzer/checkers.rst @@ -205,6 +205,50 @@ pointers with a specified address space. If the option is set to false, then reports from the specific x86 address spaces 256, 257 and 258 are still suppressed, but null dereferences from other address spaces are reported. +.. _core-NullPointerArithm: + +core.NullPointerArithm (C, C++) +""""""""""""""""""""""""""""""" +Check for undefined arithmetic operations with null pointers. + +The checker can detect the following cases: + + - ``p + x`` and ``x + p`` where ``p`` is a null pointer and ``x`` is a nonzero + integer value. + - ``p - x`` where ``p`` is a null pointer and ``x`` is a nonzero integer + value. + - ``p1 - p2`` where one of ``p1`` and ``p2`` is null and the other a + non-null pointer. + +Result of these operations is undefined according to the standard. +In the above listed cases, the checker will warn even if the expression +described to be "nonzero" or "non-null" has unknown value, because it is likely +that it can have non-zero value during the program execution. + +.. code-block:: c + + void test1(int *p, int offset) { + if (p) + return; + + int *p1 = p + offset; // warn: 'p' is null, 'offset' is unknown but likely non-zero + } + + void test2(int *p, int offset) { + if (p) { } // this indicates that it is possible for 'p' to be null + if (offset == 0) + return; + + int *p1 = p - offset; // warn: 'p' is null, 'offset' is known to be non-zero + } + + void test3(char *p1, char *p2) { + if (p1) + return; + + int a = p1 - p2; // warn: 'p1' is null, 'p2' can be likely non-null + } + .. _core-StackAddressEscape: core.StackAddressEscape (C) @@ -3421,12 +3465,6 @@ Check for an out-of-bound pointer being returned to callers. return x; // warn: undefined or garbage returned } - -alpha.security.cert -^^^^^^^^^^^^^^^^^^^ - -SEI CERT checkers which tries to find errors based on their `C coding rules <https://wiki.sei.cmu.edu/confluence/display/c/2+Rules>`_. - alpha.unix ^^^^^^^^^^ |