<li>The scan-build tool now supports a <tt>--force-analyze-debug-code flag</tt> that forces projects to analyze in debug mode. This flag leaves in assertions and so typically results in fewer false positives.</li>
<li>Includes about 9 months of change to Clang itself (improved C++11/14 support, etc.)</li>
<li>More precise modeling of Objective-C properties, which enables the analyzer to find more bugs.</li>
<li>Includes a new "missing call to <tt>super</tt>" warning, which looks for common pattern in iOS/OSX APIs that require chaining a call to a super class's implementation of a method.</li>
<li>Accepts <tt>-arch arm64</tt> (which may be passed by Xcode 5.0), but for the time being analyzes code in such cases as <tt>-arch armv7s</tt>.</li>
<li>Many sundry fixes, improvements to C++ support, etc.</li>
<li>Xcode: Includes a new arrow layout algorithm for issue presentation within Xcode. The goal is for interprocedural bug reports to look cleaner and less busy (and easier to read). Feedback appreciated.</li>
<li>Xcode: Bugs that occur within header code (e.g., C++) are now reported within the callers in the main source file. For example, if you misuse a C++ function declared in a header the primary diagnostic will be in the caller (in the main source file). The full expanded path, however, will show the bug in the header code as well. These kind of cross-file issues are currently only support by Xcode, not the HTML output.</li>
<li>This build is built with LLVM's Link-Time Optimization (LTO), which should make it slightly faster.</li>
<li>LTO also reduces the download size (about 19% smaller than checker-274).</li>
<li>Faster analysis for <tt>scan-build xcodebuild</tt> when using Xcode 4.6 and higher:
<ul>
<li><tt>scan-build</tt> now uses Xcode's built-in interposition mechanism for the static analyzer to provide faster builds while doing static analysis (PCH files are now built).</li>
<li>This change also allows <tt>scan-build</tt> to have better support for iOS project analysis without having to specifying weird SDK settings to <tt>scan-build</tt>.</li>
</ul></li>
<li>Better diagnostics for implicitly-defined member functions in C++.</li>
<li>New warning for <tt>malloc</tt>/<tt>free</tt> checker when passing <tt>malloc</tt>'ed pointer with non-zero offset to <tt>free()</tt>.
<li>Adds initial interprocedural analysis support for C++ and Objective-C. This will greatly improve analysis coverage and find deeper bugs in Objective-C and C++ code.</li>
<li>Contains a static analyzer newer than Xcode 4.4.</li>
</ul>
<p>NOTE: this checker build includes a <i>huge</i> number of changes. It has the potential to find many more bugs, but may report new kinds of false positives. We'd like to know about
these, and any other problems you encounter. When you encounter an issue, please <ahref="/filing_bugs.html">file a bug report</a>.</p>
<li>Enables experimental interprocedural analysis (within a file), which greatly amplifies the analyzer's ability to find issues.</li>
<li>Many bug fixes to the malloc/free checker.</li>
<li>Support for new Objective-C NSArray/NSDictionary/NSNumber literals syntax, and Objective-C container subscripting.</li>
</ul>
<p>NOTE: This build contains new interprocedural analysis that allows the analyzer to find more complicated bugs that span function boundaries. It may have problems, performance issues, etc. We'd like to <ahref="/filing_bugs.html">hear about them</a>.
<p>This is essentially the same as checker-259, but enables the following <i>experimental</i> checkers (please provide feedback):</p>
<ul>
<li>Warns about unsafe uses of CFArrayCreate, CFSetCreate, and CFDictionaryCreate</li>
<li>Warns about unsafe uses of getpw, gets, which are sources of buffer overflows</li>
<li>Warns about unsafe uses of mktemp and mktemps, which can lead to insecure temporary files</li>
<li>Warns about unsafe uses of vfork, which is <ahref="https://www.securecoding.cert.org/confluence/display/seccode/POS33-C.+Do+not+use+vfork()">insecure</a> to use</li>
<li>Warns about not checking the return values of setuid, setgid, seteuid, setegid, setreuid, setregid (another security issue)</li>
<li>Contains a newer version of the analyzer than the one shipped in Xcode 4.2.</li>
<li>Adds a new security checker for looking at correct uses of the Mac OS KeyChain API.</li>
<li>Supports ARC (please file bugs where you see issues)</li>
<li>Major under-the-cover changes. This should result in more precise results in some cases, but this is laying the groundwork for major improvements. Please file bugs where you see regressions or issues.</li>
<li>The analyzer is now far more aggressive with checking conformance with Core Foundation conventions. Any function that returns a CF type must now obey the Core Foundation naming conventions, or use the <ahref="/annotations.html#attr_cf_returns_retained">cf_returns_retained</a> or <ahref="/annotations.html#attr_cf_returns_not_retained">cf_returns_not_retained</a> annotations.</li>
<li>Fixed a serious regression where the analyzer would not analyze Objective-C methods in class extensions.</li>
<li>Misc. bug fixes to improve analyzer precision.
<li>Introduces new <tt>-init</tt> method checker to check if a super class's init method is properly called.</li>
<li>Objective-C retain/release checker now reasons about calls to property accessor methods (setter/getter).</li>
<li>Introduces new attribute <ahref="annotations.html#attr_ns_consumes_self">ns_consumes_self</a> to educate the Objective-C retain/release checker about custom "init-like" methods that do not follow the standard Cocoa naming conventions.</li>
<li>Introduces new attributes <ahref="annotations.html#attr_ns_consumed">ns_consumed</a> and <ahref="annotations.html#attr_cf_consumed">cf_consumed</a> to educate the Objective-C retain/release checker about methods/functions that decrement the reference count of a parameter.</li>