|
|
@@ -5,7 +5,46 @@
|
|
|
# This script is used for running a bunch of clang scan-build checkers
|
|
|
# on Tor.
|
|
|
|
|
|
-CHECKERS=""
|
|
|
+# These don't seem to cause false positives in our code, so let's turn
|
|
|
+# them on.
|
|
|
+CHECKERS="\
|
|
|
+ -enable-checker alpha.core.CallAndMessageUnInitRefArg \
|
|
|
+ -enable-checker alpha.core.CastToStruct \
|
|
|
+ -enable-checker alpha.core.Conversion \
|
|
|
+ -enable-checker alpha.core.FixedAddr \
|
|
|
+ -enable-checker alpha.core.IdenticalExpr \
|
|
|
+ -enable-checker alpha.core.PointerArithm \
|
|
|
+ -enable-checker alpha.core.SizeofPtr \
|
|
|
+ -enable-checker alpha.core.TestAfterDivZero \
|
|
|
+ -enable-checker alpha.security.MallocOverflow \
|
|
|
+ -enable-checker alpha.security.ReturnPtrRange \
|
|
|
+ -enable-checker alpha.unix.BlockInCriticalSection \
|
|
|
+ -enable-checker alpha.unix.Chroot \
|
|
|
+ -enable-checker alpha.unix.PthreadLock \
|
|
|
+ -enable-checker alpha.unix.PthreadLock \
|
|
|
+ -enable-checker alpha.unix.SimpleStream \
|
|
|
+ -enable-checker alpha.unix.Stream \
|
|
|
+ -enable-checker alpha.unix.cstring.BufferOverlap \
|
|
|
+ -enable-checker alpha.unix.cstring.NotNullTerminated \
|
|
|
+ -enable-checker alpha.valist.CopyToSelf \
|
|
|
+ -enable-checker alpha.valist.Uninitialized \
|
|
|
+ -enable-checker alpha.valist.Unterminated \
|
|
|
+ -enable-checker security.FloatLoopCounter \
|
|
|
+ -enable-checker security.insecureAPI.strcpy \
|
|
|
+"
|
|
|
+
|
|
|
+# These have high false-positive rates.
|
|
|
+EXTRA_CHECKERS="\
|
|
|
+ -enable-checker alpha.security.ArrayBoundV2 \
|
|
|
+ -enable-checker alpha.unix.cstring.OutOfBounds \
|
|
|
+ -enable-checker alpha.core.CastSize \
|
|
|
+"
|
|
|
+
|
|
|
+# These don't seem to generate anything useful
|
|
|
+NOISY_CHECKERS="\
|
|
|
+ -enable-checker alpha.clone.CloneChecker \
|
|
|
+ -enable-checker alpha.deadcode.UnreachableCode \
|
|
|
+"
|
|
|
|
|
|
scan-build \
|
|
|
$CHECKERS \
|
|
|
@@ -18,27 +57,10 @@ scan-build \
|
|
|
make -j5 -k
|
|
|
|
|
|
CHECKERS="\
|
|
|
- -disable-checker deadcode.DeadStores \
|
|
|
- -enable-checker alpha.core.CastSize \
|
|
|
- -enable-checker alpha.core.CastToStruct \
|
|
|
- -enable-checker alpha.core.IdenticalExpr \
|
|
|
- -enable-checker alpha.core.SizeofPtr \
|
|
|
- -enable-checker alpha.security.ArrayBoundV2 \
|
|
|
- -enable-checker alpha.security.MallocOverflow \
|
|
|
- -enable-checker alpha.security.ReturnPtrRange \
|
|
|
- -enable-checker alpha.unix.SimpleStream
|
|
|
- -enable-checker alpha.unix.cstring.BufferOverlap \
|
|
|
- -enable-checker alpha.unix.cstring.NotNullTerminated \
|
|
|
- -enable-checker alpha.unix.cstring.OutOfBounds \
|
|
|
- -enable-checker alpha.core.FixedAddr \
|
|
|
- -enable-checker security.insecureAPI.strcpy \
|
|
|
- -enable-checker alpha.unix.PthreadLock \
|
|
|
- -enable-checker alpha.core.PointerArithm \
|
|
|
- -enable-checker alpha.core.TestAfterDivZero \
|
|
|
"
|
|
|
|
|
|
# This one gives a false positive on every strcmp.
|
|
|
# -enable-checker alpha.core.PointerSub
|
|
|
|
|
|
# Needs work
|
|
|
-# alpha.unix.MallocWithAnnotations ??
|
|
|
+# -enable-checker alpha.unix.MallocWithAnnotations
|
Nick Mathewson