diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst index ee211c16a48ac..d3f352c6aabe7 100644 --- a/clang/docs/ReleaseNotes.rst +++ b/clang/docs/ReleaseNotes.rst @@ -1052,18 +1052,113 @@ libclang Static Analyzer --------------- +New features +^^^^^^^^^^^^ + +- Implemented the ``[[clang::suppress]]`` attribute for suppressing diagnostics + of static analysis tools, such as the Clang Static Analyzer. + `Documentation `__. + +- Added support for the ``cleanup`` attribute. + `Documentation `__. + +- Support "Deducing this" (P0847R7). (Worked out of the box) + (`af4751738db8 `__) + - Added a new checker ``core.BitwiseShift`` which reports situations where bitwise shift operators produce undefined behavior (because some operand is negative or too large). + `Documentation `__. -- Move checker ``alpha.unix.Errno`` out of the ``alpha`` package - to ``unix.Errno``. +- Added a new experimental checker ``alpha.core.StdVariant`` to detect variant + accesses via wrong alternatives. + (`#66481 `_) -- Move checker ``alpha.unix.StdCLibraryFunctions`` out of the ``alpha`` package - to ``unix.StdCLibraryFunctions``. +- Added a new experimental checker ``alpha.cplusplus.ArrayDelete`` to detect + destructions of arrays of polymorphic objects that are destructed as their + base class (`CERT EXP51-CPP `_). + `Documentation `__. + (`0e246bb67573 `_) + +- Added a new checker configuration option ``InvalidatingGetEnv=[true,false]`` to + ``security.cert.env.InvalidPtr``. It's not set by default. + If set, ``getenv`` calls won't invalidate previously returned pointers. + `Documentation `__. + (`#67663 `_) + +Crash and bug fixes +^^^^^^^^^^^^^^^^^^^ + +- Fixed a crash caused by ``builtin_bit_cast``. + (`#69922 `_) + +- Fixed a ``core.StackAddressEscape`` crash on temporary object fields. + (`#66221 `_) + +- A few crashes have been found and fixed using randomized testing related + to the use of ``_BitInt()`` in tidy checks and in clang analysis. + (`#67212 `_, + `#66782 `_, + `#65889 `_, + `#65888 `_, + `#65887 `_) + +- Fixed note links of the HTML output. + (`#64054 `_) + +- Allow widening rage-based for loops. + (`#70190 `_) + +- Fixed uninitialized base class with initializer list when ctor is not + declared in the base class. + (`#70464 `_, + `#59493 `_, + `#54533 `_) - Fix false positive in mutation check when using pointer to member function. - (`#66204: `_). + (`#66204 `_) + +Improvements +^^^^^^^^^^^^ + +- Improved the ``unix.StdCLibraryFunctions`` checker by modeling more + functions like ``send``, ``recv``, ``readlink`` and ``errno`` behavior. + (`52ac71f92d38 `_, + `#71373 `_, + `#71392 `_) + +- Fixed a false negative for when accessing a nonnull property (ObjC). + (`1dceba3a3684 `_) + +- ``security.insecureAPI.DeprecatedOrUnsafeBufferHandling`` now considers + ``fprintf`` calls unsafe. + `Documentation `__. + +- Improved the diagnostics of the ``optin.core.EnumCastOutOfRange`` checker. + It will display the name and the declaration of the enumeration along with + the concrete value being cast to the enum. + (`#74503 `_) + +- Improved the ``alpha.security.ArrayBoundV2`` checker for detecting buffer + accesses prior the buffer; and also reworked the diagnostic messages. + (`3e014038b373 `_, + `#70056 `_, + `#72107 `_) + +- Improved the ``alpha.unix.cstring.OutOfBounds`` checking both ends of the + buffers in more cases. + (`c3a87ddad62a `_, + `0954dc3fb921 `_) + +- Improved the ``alpha.unix.Stream`` checker by modeling more functions like, + ``fflush``, ``fputs``, ``fgetc``, ``fputc``, ``fopen``, ``fopen``, ``fgets``. + (`#74296 `_, + `#73335 `_, + `#72627 `_, + `#71518 `_, + `#72016 `_, + `#70540 `_, + `#73638 `_) - The ``alpha.security.taint.TaintPropagation`` checker no longer propagates taint on ``strlen`` and ``strnlen`` calls, unless these are marked @@ -1072,16 +1167,32 @@ Static Analyzer Read the PR for the details. (`#66086 `_) -- A few crashes have been found and fixed using randomized testing related - to the use of ``_BitInt()`` in tidy checks and in clang analysis. See - `#67212 `_, - `#66782 `_, - `#65889 `_, - `#65888 `_, and - `#65887 `_ +- Other taint-related improvements. + (`#66358 `_, + `#66074 `_, + `#66358 `_) + +- Checkers can query constraint bounds to improve diagnostic messages. + (`#74141 `_) + +Moved checkers +^^^^^^^^^^^^^^ + +- Move checker ``alpha.unix.Errno`` out of the ``alpha`` package + to ``unix.Errno``. + `Documentation `__. + +- Move checker ``alpha.unix.StdCLibraryFunctions`` out of the ``alpha`` package + to ``unix.StdCLibraryFunctions``. + `Documentation `__. + +- Move checker ``alpha.security.cert.env.InvalidPtr`` out of the ``alpha`` + package to ``security.cert.env.InvalidPtr``. + `Documentation `__. - Move checker ``alpha.cplusplus.EnumCastOutOfRange`` out of the ``alpha`` package to ``optin.core.EnumCastOutOfRange``. + `Documentation `__. .. _release-notes-sanitizers: diff --git a/clang/docs/analyzer/checkers.rst b/clang/docs/analyzer/checkers.rst index 81d40395067c9..64a4752695f11 100644 --- a/clang/docs/analyzer/checkers.rst +++ b/clang/docs/analyzer/checkers.rst @@ -1025,7 +1025,7 @@ security.insecureAPI.vfork (C) security.insecureAPI.DeprecatedOrUnsafeBufferHandling (C) """"""""""""""""""""""""""""""""""""""""""""""""""""""""" - Warn on occurrences of unsafe or deprecated buffer handling functions, which now have a secure variant: ``sprintf, vsprintf, scanf, wscanf, fscanf, fwscanf, vscanf, vwscanf, vfscanf, vfwscanf, sscanf, swscanf, vsscanf, vswscanf, swprintf, snprintf, vswprintf, vsnprintf, memcpy, memmove, strncpy, strncat, memset`` + Warn on occurrences of unsafe or deprecated buffer handling functions, which now have a secure variant: ``sprintf, fprintf, vsprintf, scanf, wscanf, fscanf, fwscanf, vscanf, vwscanf, vfscanf, vfwscanf, sscanf, swscanf, vsscanf, vswscanf, swprintf, snprintf, vswprintf, vsnprintf, memcpy, memmove, strncpy, strncat, memset`` .. code-block:: c