Author: Balazs Benics Date: 2023-07-24T08:26:54+02:00 New Revision: 862b93a8095cd350d8b398f03dca92b93002f984
URL: https://github.com/llvm/llvm-project/commit/862b93a8095cd350d8b398f03dca92b93002f984 DIFF: https://github.com/llvm/llvm-project/commit/862b93a8095cd350d8b398f03dca92b93002f984.diff LOG: [analyzer][docs] Add CSA release notes We'll soon branch off, and start releasing clang-17. Here is a patch, adjusting the release notes for what we achieved since the last release. I used this command to inspect the interesting commits: ``` git log --oneline llvmorg-16.0.0..llvm/main \ clang/{lib/StaticAnalyzer,include/clang/StaticAnalyzer} | \ grep -v NFC | grep -v -i revert ``` This filters in CSA directories and filters out NFC and revert commits. Given that in the release-notes, we usually don't put links to commits, I'll remove them from this patch as well. I just put them there to make it easier to review for you. I tried to group the changes into meaningful chunks, and dropped some of the uninteresting commits. I've also dropped the commits that were backported to clang-16. Check out how it looks, and propose changes like usual. --- FYI the `ninja docs-clang-html` produces the html docs, including the `ReleaseNotes`. And the produced artifact will be at `build/tools/clang/docs/html/ReleaseNotes.html`. Differential Revision: https://reviews.llvm.org/D155445 Added: Modified: clang/docs/ReleaseNotes.rst Removed: ################################################################################ diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst index 84f0eae81589ce..db9149fae797c4 100644 --- a/clang/docs/ReleaseNotes.rst +++ b/clang/docs/ReleaseNotes.rst @@ -1002,10 +1002,73 @@ libclang Static Analyzer --------------- + - Fix incorrect alignment attribute on the this parameter of certain non-complete destructors when using the Microsoft ABI. (`#60465 <https://github.com/llvm/llvm-project/issues/60465>`_) +- Removed the deprecated + ``consider-single-element-arrays-as-flexible-array-members`` analyzer option. + Any use of this flag will result in an error. + Use `-fstrict-flex-arrays=<n> + <https://clang.llvm.org/docs/ClangCommandLineReference.html#cmdoption-clang-fstrict-flex-arrays>`_ + +- Better modeling of lifetime-extended memory regions. As a result, the + ``MoveChecker`` raises more true-positive reports. + +- Fixed some bugs (including crashes) around the handling of constant global + arrays and their initializer expressions. + +- The ``CStringChecker`` will invalidate less if the copy operation is + inferable to be bounded. For example, if the arguments of ``strcpy`` are + known to be of certain lengths and that are in-bounds. + + .. code-block:: c++ + + struct { + void *ptr; + char arr[4]; + } x; + x.ptr = malloc(1); + // extent of 'arr' is 4, and writing "hi\n" (4 characters), + // thus no buffer overflow can happen + strcpy(x.arr, "hi\n"); + free(x.ptr); // no longer reports memory leak here + + Similarly, functions like ``strsep`` now won't invalidate the object + containing the destination buffer, because it can never overflow. + Note that, ``std::copy`` is still not modeled, and as such, it will still + invalidate the enclosing object on call. + (`#55019 <https://github.com/llvm/llvm-project/issues/55019>`_) + +- Implement ``BufferOverlap`` check for ``sprint``/``snprintf`` + The ``CStringChecker`` checks for buffer overlaps for ``sprintf`` and + ``snprintf``. + +- Objective-C support was improved around checking ``_Nonnull`` and + ``_Nullable`` including block pointers and literal objects. + +- Let the ``StreamChecker`` detect ``NULL`` streams instead of by + ``StdCLibraryFunctions``. + ``StreamChecker`` improved on the ``fseek`` modeling for the ``SEEK_SET``, + ``SEEK_END``, ``SEEK_CUR`` arguments. + +- ``StdCLibraryFunctionArgs`` was merged into the ``StdCLibraryFunctions``. + The diagnostics of the ``StdCLibraryFunctions`` was improved. + +- ``QTimer::singleShot`` now doesn't raise false-positives for memory leaks by + the ``MallocChecker``. + (`#39713 <https://github.com/llvm/llvm-project/issues/39713>`_) + +- Fixed the infamous unsigned index false-positives in the + ``ArrayBoundCheckerV2`` checker. + (`#44493 <https://github.com/llvm/llvm-project/issues/44493>`_) + +- Now, taint propagations are tracked further back until the real taint source. + This improves all taint-related diagnostics. + +- Fixed a null-pointer dereference crash inside the ``MoveChecker``. + .. _release-notes-sanitizers: Sanitizers _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
