<li>Enables experimental interprocedural analysis (within a file), which greatly amplifies the analyzer's ability to find issues.</li>
<li>Many bug fixes to the malloc/free checker.</li>
<li>Support for new Objective-C NSArray/NSDictionary/NSNumber literals syntax, and Objective-C container subscripting.</li>
</ul>
<p>NOTE: This build contains new interprocedural analysis that allows the analyzer to find more complicated bugs that span function boundaries. It may have problems, performance issues, etc. We'd like to <ahref="/filing_bugs.html">hear about them</a>.
<p>This is essentially the same as checker-259, but enables the following <i>experimental</i> checkers (please provide feedback):</p>
<ul>
<li>Warns about unsafe uses of CFArrayCreate, CFSetCreate, and CFDictionaryCreate</li>
<li>Warns about unsafe uses of getpw, gets, which are sources of buffer overflows</li>
<li>Warns about unsafe uses of mktemp and mktemps, which can lead to insecure temporary files</li>
<li>Warns about unsafe uses of vfork, which is <ahref="https://www.securecoding.cert.org/confluence/display/seccode/POS33-C.+Do+not+use+vfork()">insecure</a> to use</li>
<li>Warns about not checking the return values of setuid, setgid, seteuid, setegid, setreuid, setregid (another security issue)</li>
<li>Contains a newer version of the analyzer than the one shipped in Xcode 4.2.</li>
<li>Adds a new security checker for looking at correct uses of the Mac OS KeyChain API.</li>
<li>Supports ARC (please file bugs where you see issues)</li>
<li>Major under-the-cover changes. This should result in more precise results in some cases, but this is laying the groundwork for major improvements. Please file bugs where you see regressions or issues.</li>
<li>The analyzer is now far more aggressive with checking conformance with Core Foundation conventions. Any function that returns a CF type must now obey the Core Foundation naming conventions, or use the <ahref="/annotations.html#attr_cf_returns_retained">cf_returns_retained</a> or <ahref="/annotations.html#attr_cf_returns_not_retained">cf_returns_not_retained</a> annotations.</li>
<li>Fixed a serious regression where the analyzer would not analyze Objective-C methods in class extensions.</li>
<li>Misc. bug fixes to improve analyzer precision.
<li>Introduces new <tt>-init</tt> method checker to check if a super class's init method is properly called.</li>
<li>Objective-C retain/release checker now reasons about calls to property accessor methods (setter/getter).</li>
<li>Introduces new attribute <ahref="annotations.html#attr_ns_consumes_self">ns_consumes_self</a> to educate the Objective-C retain/release checker about custom "init-like" methods that do not follow the standard Cocoa naming conventions.</li>
<li>Introduces new attributes <ahref="annotations.html#attr_ns_consumed">ns_consumed</a> and <ahref="annotations.html#attr_cf_consumed">cf_consumed</a> to educate the Objective-C retain/release checker about methods/functions that decrement the reference count of a parameter.</li>