1<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" 2 "http://www.w3.org/TR/html4/strict.dtd"> 3<html> 4<head> 5 <title>Release notes for checker-XXX builds</title> 6 <link type="text/css" rel="stylesheet" href="menu.css"> 7 <link type="text/css" rel="stylesheet" href="content.css"> 8 <script type="text/javascript" src="scripts/menu.js"></script> 9</head> 10<body> 11 12<div id="page"> 13<!--#include virtual="menu.html.incl"--> 14<div id="content"> 15 16<h1>Release notes for <tt>checker-XXX</tt> builds</h1> 17 18<h4 id="checker_263">checker-263</h4> 19 20<p><b>built:</b> March 22, 2012</br> 21 <b>download:</b> <a href="http://bit.ly/GUmtVB">checker-263.tar.bz2</a></p> 22<p><b>highlights:</b></p> 23 24<ul> 25<li>Fixes several serious bugs with inter-procedural analysis, including a case where retain/releases would be "double-counted".</li> 26</ul> 27 28<h4 id="checker_262">checker-262</h4> 29 30<p><b>built: </b>March 15, 2012</br> 31 <b>download:</b> <a href="http://bit.ly/xETQF0">checker-262.tar.bz2</a></p> 32<p><b>highlights:</b></p> 33 34<ul> 35 <li>Enables experimental interprocedural analysis (within a file), which greatly amplifies the analyzer's ability to find issues.</li> 36 <li>Many bug fixes to the malloc/free checker.</li> 37 <li>Support for new Objective-C NSArray/NSDictionary/NSNumber literals syntax, and Objective-C container subscripting.</li> 38</ul> 39 40<p>NOTE: This build contains new interprocedural analysis that allows the analyzer to find more complicated bugs that span function boundaries. It may have problems, performance issues, etc. We'd like to <a href="/filing_bugs.html">hear about them</a>. 41 42<h4 id="checker_261">checker-261</h4> 43 44<p><b>built: </b>February 22, 2012<br> 45<b>download:</b> <a href="http://bit.ly/yN1Awv">checker-261.tar.bz2</a></p> 46<p><b>highlights:</b></p> 47 48<ul> 49 <li>Contains a new experimental malloc/free checker.</li> 50 <li>Better support for projects using ARC.</li> 51 <li>Warns about null pointers passed as arguments to C string functions.</li> 52 <li>Warns about common anti-patterns in 'strncat' size argument, which can lead to buffer overflows.</li> 53 <li>set-xcode-analyzer now supports self-contained Xcode.app (Xcode 4.3 and later).</li> 54 <li>Contains a newer version of the analyzer than Xcode 4.3.</li> 55 <li>Misc. bug fixes and performance work.</li> 56</ul> 57 58<h4 id="checker_260">checker-260</h4> 59 60<p><b>built: </b>January 25, 2012<br> 61<b>download:</b> <a href="http://bit.ly/wpAqVP">checker-260.tar.bz2</a></p> 62<p><b>highlights:</b></p> 63 64<p>This is essentially the same as checker-259, but enables the following <i>experimental</i> checkers (please provide feedback):</p> 65 66<ul> 67 <li>Warns about unsafe uses of CFArrayCreate, CFSetCreate, and CFDictionaryCreate</li> 68 <li>Warns about unsafe uses of getpw, gets, which are sources of buffer overflows</li> 69 <li>Warns about unsafe uses of mktemp and mktemps, which can lead to insecure temporary files</li> 70 <li>Warns about unsafe uses of vfork, which is <a href="https://www.securecoding.cert.org/confluence/display/seccode/POS33-C.+Do+not+use+vfork()">insecure</a> to use</li> 71 <li>Warns about not checking the return values of setuid, setgid, seteuid, setegid, setreuid, setregid (another security issue)</li> 72</ul> 73 74<h4 id="checker_259">checker-259</h4> 75 76<p><b>built: </b>January 25, 2012<br> 77<b>download:</b> <a href="http://bit.ly/zOWf1P">checker-259.tar.bz2</a></p> 78<p><b>highlights:</b></p> 79 80<ul> 81 <li>Contains a newer version of the analyzer than the one shipped in Xcode 4.2.</li> 82 <li>Significant performance optimizations to reduce memory usage of the analyzer.</li> 83 <li>Tweaks to scan-build to have it work more easily with Xcode projects using Clang.</li> 84 <li>Numerous bug fixes to better support code using ARC.</li> 85</ul> 86 87<h4 id="checker_258">checker-258</h4> 88 89<p><b>built: </b>October 13, 2011<br> 90<p><b>highlights:</b></p> 91 92<ul> 93 <li>Contains a newer version of the analyzer than the one shipped in Xcode 4.2.</li> 94 <li>Adds a new security checker for looking at correct uses of the Mac OS KeyChain API.</li> 95 <li>Supports ARC (please file bugs where you see issues)</li> 96 <li>Major under-the-cover changes. This should result in more precise results in some cases, but this is laying the groundwork for major improvements. Please file bugs where you see regressions or issues.</li> 97</ul> 98 99<h4 id="checker_257">checker-257</h4> 100 101<p><b>built: </b>May 25, 2011<br> 102<p><b>highlights:</b></p> 103 104<ul> 105 <li>The analyzer is now far more aggressive with checking conformance with Core Foundation conventions. Any function that returns a CF type must now obey the Core Foundation naming conventions, or use the <a href="/annotations.html#attr_cf_returns_retained">cf_returns_retained</a> or <a href="/annotations.html#attr_cf_returns_not_retained">cf_returns_not_retained</a> annotations.</li> 106 <li>Fixed a serious regression where the analyzer would not analyze Objective-C methods in class extensions.</li> 107 <li>Misc. bug fixes to improve analyzer precision. 108 </li> 109</ul> 110 111<h4 id="checker_256">checker-256</h4> 112 113<p><b>built: </b>April 13, 2011<br> 114<p><b>highlights:</b></p> 115 116<ul> 117 <li>Lots of bug fixes and improvements to analyzer precision (fewer false positives, possibly more bugs found). 118 <li>Introductory analysis support for C++ and Objective-C++. 119</ul> 120 121<p>This build contains basic support for C++ and Objective-C++ that is ready to be tried out 122 by general users. It is still in its infancy, but establishes a baseline for things to come. The main hope is that it can find some 123 issues and have a reasonable false positive rate.</p> 124 125<p><b>Please</b> <a href="/filing_bugs.html">file bugs</a> when you see issues of any kind so we can assess 126 where development on C++ analysis support needs to be focused.</p> 127 128<p>To try out C++ analysis support, it should work out of the box using <tt>scan-build</tt>. If you are using this checker build 129 as a replacement to the analyzer bundled with Xcode, first use the <tt>set-xcode-analyzer</tt> script to <a href="/xcode.html">change Xcode to use 130 your version of the analyzer</a>. You will then need to modify one configuration file in Xcode to enable C++ analysis support. This can 131 be done with the following steps:</p> 132 133<ol> 134 <li>Find the clang .xcspec file: 135<pre>$ cd /Developer/Library 136$ find . | grep xcspec | grep Clang 137./Xcode/<b><SNIP></b>/Clang LLVM 1.0.xcplugin/Contents/Resources/Clang LLVM 1.0.xcspec 138</pre></li> 139 <li>The exact location of the file may vary depending on your installation of Xcode. Edit that file, and look for the string "--analyze": 140<pre> 141 SourceFileOption = "--analyze"; 142 FileTypes = ( 143 "sourcecode.c.c", 144 "sourcecode.c.objc", 145 ); 146 ... 147</pre> 148 Change the "FileTypes" entry to: 149<pre> 150 FileTypes = ( 151 "sourcecode.c.c", 152 "sourcecode.c.objc", 153 "sourcecode.cpp.cpp", 154 "sourcecode.cpp.objcpp", 155 ); 156</pre></li> 157<li>Restart Xcode.</li> 158</ol> 159 160<h4 id="checker_255">checker-255</h4> 161 162<p><b>built: </b> February 11, 2011<br> 163<p><b>highlights:</b></p> 164 165<ul> 166<li>Mac OS X builds are now Intel <tt>i386</tt> and <tt>x86_64</tt> only (no <tt>ppc</tt> support)</li> 167<li>Turns on new <tt>-init</tt> method checker by default</li> 168<li>Reduces memory usage of analyzer by 10%</li> 169<li>Misc. fixes to reduce false positives on dead stores and idempotent operations.</li> 170</ul> 171 172<h4 id="checker_254">checker-254</h4> 173 174<p><b>built: </b> January 27, 2011<br> 175<p><b>highlights:</b></p> 176 177<ul> 178<li>Introduces new <tt>-init</tt> method checker to check if a super class's init method is properly called.</li> 179<li>Objective-C retain/release checker now reasons about calls to property accessor methods (setter/getter).</li> 180<li>Introduces new attribute <a href="annotations.html#attr_ns_consumes_self">ns_consumes_self</a> to educate the Objective-C retain/release checker about custom "init-like" methods that do not follow the standard Cocoa naming conventions.</li> 181<li>Introduces new attributes <a href="annotations.html#attr_ns_consumed">ns_consumed</a> and <a href="annotations.html#attr_cf_consumed">cf_consumed</a> to educate the Objective-C retain/release checker about methods/functions that decrement the reference count of a parameter.</li> 182</ul> 183 184</div> 185</div> 186</body> 187</html> 188 189