cppcheck/lib/checkother.cpp

4164 lines
135 KiB
C++
Raw Normal View History

/*
* Cppcheck - A tool for static C/C++ code analysis
* Copyright (C) 2007-2010 Daniel Marjamäki and Cppcheck team.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
//---------------------------------------------------------------------------
#include "checkother.h"
#include "mathlib.h"
2009-12-14 20:30:31 +01:00
#include "executionpath.h"
2009-03-20 18:16:21 +01:00
2009-02-04 19:49:19 +01:00
#include <algorithm>
#include <list>
#include <map>
#include <sstream>
#include <cstring>
#include <cctype>
#include <memory>
#include <cmath> // fabs()
//---------------------------------------------------------------------------
2009-03-20 18:16:21 +01:00
// Register this check class (by creating a static instance of it)
namespace
{
2009-03-20 18:16:21 +01:00
CheckOther instance;
}
2009-03-20 18:16:21 +01:00
//---------------------------------------------------------------------------
void CheckOther::warningOldStylePointerCast()
{
2010-04-25 14:56:04 +02:00
if (!_settings->_checkCodingStyle ||
(_tokenizer->tokens() && _tokenizer->fileLine(_tokenizer->tokens()).find(".cpp") == std::string::npos))
return;
for (const Token *tok = _tokenizer->tokens(); tok; tok = tok->next())
{
// Old style pointer casting..
if (!Token::Match(tok, "( const| %type% * ) %var%") &&
!Token::Match(tok, "( const| %type% * ) (| new"))
continue;
int addToIndex = 0;
if (tok->tokAt(1)->str() == "const")
addToIndex = 1;
if (tok->tokAt(4 + addToIndex)->str() == "const")
continue;
// Is "type" a class?
const std::string pattern("class " + tok->tokAt(1 + addToIndex)->str());
if (!Token::findmatch(_tokenizer->tokens(), pattern.c_str()))
continue;
2009-03-21 17:58:13 +01:00
cstyleCastError(tok);
}
}
//---------------------------------------------------------------------------
// "if (strlen(s))" can be rewritten as "if (*s != '\0')"
//---------------------------------------------------------------------------
void CheckOther::checkEmptyStringTest()
{
if (!_settings->_checkCodingStyle)
return;
for (const Token *tok = _tokenizer->tokens(); tok; tok = tok->next())
{
// Non-empty string tests
if (Token::Match(tok, "if ( strlen ( %any% ) )"))
{
emptyStringTestError(tok, tok->strAt(4), false);
}
else if (Token::Match(tok, "strlen ( %any% ) !=|> 0"))
{
emptyStringTestError(tok, tok->strAt(2), false);
}
else if (Token::Match(tok, "0 < strlen ( %any% )"))
{
emptyStringTestError(tok, tok->strAt(4), false);
}
// Empty string tests
else if (Token::Match(tok, "! strlen ( %any% )"))
{
emptyStringTestError(tok, tok->strAt(3), true);
}
else if (Token::Match(tok, "strlen ( %any% ) == 0"))
{
emptyStringTestError(tok, tok->strAt(2), true);
}
}
}
//---------------------------------------------------------------------------
// fflush(stdin) <- fflush only applies to output streams in ANSI C
//---------------------------------------------------------------------------
void CheckOther::checkFflushOnInputStream()
{
const Token *tok = _tokenizer->tokens();
2010-05-18 19:19:15 +02:00
while (tok && ((tok = Token::findmatch(tok, "fflush ( stdin )")) != NULL))
{
fflushOnInputStreamError(tok, tok->strAt(2));
tok = tok->tokAt(4);
}
}
//---------------------------------------------------------------------------
// switch (x)
// {
// case 2:
// y = a; // <- this assignment is redundant
// case 3:
// y = b; // <- case 2 falls through and sets y twice
// }
//---------------------------------------------------------------------------
void CheckOther::checkRedundantAssignmentInSwitch()
{
const char switchPattern[] = "switch ( %any% ) { case";
const char breakPattern[] = "break|continue|return|exit|goto";
const char functionPattern[] = "%var% (";
// Find the beginning of a switch. E.g.:
// switch (var) { ...
const Token *tok = Token::findmatch(_tokenizer->tokens(), switchPattern);
while (tok)
{
// Check the contents of the switch statement
std::map<unsigned int, const Token*> varsAssigned;
int indentLevel = 0;
for (const Token *tok2 = tok->tokAt(5); tok2; tok2 = tok2->next())
{
if (tok2->str() == "{")
{
// Inside a conditional or loop. Don't mark variable accesses as being redundant. E.g.:
// case 3: b = 1;
// case 4: if (a) { b = 2; } // Doesn't make the b=1 redundant because it's conditional
if (Token::Match(tok2->previous(), ")|else {") && tok2->link())
{
const Token* endOfConditional = tok2->link();
for (const Token* tok3 = tok2; tok3 != endOfConditional; tok3 = tok3->next())
{
if (tok3->varId() != 0)
varsAssigned.erase(tok3->varId());
else if (Token::Match(tok3, functionPattern) || Token::Match(tok3, breakPattern))
varsAssigned.clear();
}
tok2 = endOfConditional;
}
else
++ indentLevel;
}
else if (tok2->str() == "}")
{
-- indentLevel;
// End of the switch block
if (indentLevel < 0)
break;
}
// Variable assignment. Report an error if it's assigned to twice before a break. E.g.:
// case 3: b = 1; // <== redundant
// case 4: b = 2;
if (Token::Match(tok2->previous(), ";|{|}|: %var% = %any% ;") && tok2->varId() != 0)
{
std::map<unsigned int, const Token*>::iterator i = varsAssigned.find(tok2->varId());
if (i == varsAssigned.end())
varsAssigned[tok2->varId()] = tok2;
else
redundantAssignmentInSwitchError(i->second, i->second->str());
}
// Not a simple assignment so there may be good reason if this variable is assigned to twice. E.g.:
// case 3: b = 1;
// case 4: b++;
else if (tok2->varId() != 0)
varsAssigned.erase(tok2->varId());
// Reset our record of assignments if there is a break or function call. E.g.:
// case 3: b = 1; break;
if (Token::Match(tok2, functionPattern) || Token::Match(tok2, breakPattern))
varsAssigned.clear();
}
tok = Token::findmatch(tok->next(), switchPattern);
}
}
//---------------------------------------------------------------------------
// int x = 1;
// x = x; // <- redundant assignment to self
//
// int y = y; // <- redundant initialization to self
//---------------------------------------------------------------------------
void CheckOther::checkSelfAssignment()
{
if (!_settings->_checkCodingStyle)
return;
const char selfAssignmentPattern[] = "%var% = %var% ;|=|)";
const Token *tok = Token::findmatch(_tokenizer->tokens(), selfAssignmentPattern);
while (tok)
{
if (tok->varId() && tok->varId() == tok->tokAt(2)->varId())
{
selfAssignmentError(tok, tok->str());
}
tok = Token::findmatch(tok->next(), selfAssignmentPattern);
}
}
//---------------------------------------------------------------------------
// strtol(str, 0, radix) <- radix must be 0 or 2-36
//---------------------------------------------------------------------------
void CheckOther::invalidFunctionUsage()
{
// strtol and strtoul..
for (const Token *tok = _tokenizer->tokens(); tok; tok = tok->next())
{
if ((tok->str() != "strtol") && (tok->str() != "strtoul"))
continue;
// Locate the third parameter of the function call..
int parlevel = 0;
int param = 1;
for (const Token *tok2 = tok->next(); tok2; tok2 = tok2->next())
{
if (tok2->str() == "(")
++parlevel;
else if (tok2->str() == ")")
--parlevel;
else if (parlevel == 1 && tok2->str() == ",")
{
++param;
if (param == 3)
{
if (Token::Match(tok2, ", %num% )"))
{
int radix = MathLib::toLongNumber(tok2->next()->str());
if (!(radix == 0 || (radix >= 2 && radix <= 36)))
{
2009-03-21 17:58:13 +01:00
dangerousUsageStrtolError(tok2);
}
}
break;
}
}
}
}
// sprintf|snprintf overlapping data
for (const Token *tok = _tokenizer->tokens(); tok; tok = tok->next())
{
// Get variable id of target buffer..
unsigned int varid = 0;
if (Token::Match(tok, "sprintf|snprintf ( %var% ,"))
varid = tok->tokAt(2)->varId();
else if (Token::Match(tok, "sprintf|snprintf ( %var% . %var% ,"))
varid = tok->tokAt(4)->varId();
if (varid == 0)
continue;
// goto ","
const Token *tok2 = tok->tokAt(3);
while (tok2 && tok2->str() != ",")
tok2 = tok2->next();
// is any source buffer overlapping the target buffer?
int parlevel = 0;
while ((tok2 = tok2->next()) != NULL)
{
if (tok2->str() == "(")
++parlevel;
else if (tok2->str() == ")")
{
--parlevel;
if (parlevel < 0)
break;
}
else if (parlevel == 0 && Token::Match(tok2, ", %varid% [,)]", varid))
{
2009-03-21 17:58:13 +01:00
sprintfOverlappingDataError(tok2->next(), tok2->next()->str());
break;
}
}
}
}
//---------------------------------------------------------------------------
void CheckOther::invalidScanf()
{
if (!_settings->_checkCodingStyle)
return;
for (const Token *tok = _tokenizer->tokens(); tok; tok = tok->next())
{
const Token *formatToken = 0;
if (Token::Match(tok, "scanf|vscanf ( %str% ,"))
formatToken = tok->tokAt(2);
else if (Token::Match(tok, "fscanf|vfscanf ( %var% , %str% ,"))
formatToken = tok->tokAt(4);
else
continue;
bool format = false;
// scan the string backwards, so we dont need to keep states
const std::string &formatstr(formatToken->str());
for (unsigned int i = 1; i < formatstr.length(); i++)
{
if (formatstr[i] == '%')
format = !format;
else if (!format)
continue;
else if (std::isdigit(formatstr[i]))
{
format = false;
}
else if (std::isalpha(formatstr[i]))
{
invalidScanfError(tok);
format = false;
}
}
}
}
void CheckOther::invalidScanfError(const Token *tok)
{
reportError(tok, Severity::style,
"invalidscanf", "scanf without field width limits can crash with huge input data\n"
"To fix this error message add a field width specifier:\n"
" %s => %20s\n"
" %i => %3i\n"
"\n"
"Sample program that can crash:\n"
"\n"
"#include <stdio.h>\n"
"int main()\n"
"{\n"
" int a;\n"
" scanf(\"%i\", &a);\n"
" return 0;\n"
"}\n"
"\n"
"To make it crash:\n"
"perl -e 'print \"5\"x2100000' | ./a.out");
}
//---------------------------------------------------------------------------
// Check for unsigned divisions
//---------------------------------------------------------------------------
void CheckOther::checkUnsignedDivision()
{
if (!_settings->_checkCodingStyle)
return;
// Check for "ivar / uvar" and "uvar / ivar"
std::map<unsigned int, char> varsign;
for (const Token *tok = _tokenizer->tokens(); tok; tok = tok->next())
{
if (Token::Match(tok, "[{};(,] %type% %var% [;=,)]"))
{
if (tok->tokAt(1)->isUnsigned())
varsign[tok->tokAt(2)->varId()] = 'u';
else
varsign[tok->tokAt(2)->varId()] = 's';
}
else if (!Token::Match(tok, "[).]") && Token::Match(tok->next(), "%var% / %num%"))
{
if (tok->strAt(3)[0] == '-')
{
char sign1 = varsign[tok->tokAt(1)->varId()];
if (sign1 == 'u')
{
2009-03-21 17:58:13 +01:00
udivError(tok->next());
}
}
}
else if (Token::Match(tok, "[([=*/+-,] %num% / %var%"))
{
if (tok->strAt(1)[0] == '-')
{
char sign2 = varsign[tok->tokAt(3)->varId()];
if (sign2 == 'u')
{
2009-03-21 17:58:13 +01:00
udivError(tok->next());
}
}
}
}
}
//---------------------------------------------------------------------------
//---------------------------------------------------------------------------
// Usage of function variables
//---------------------------------------------------------------------------
static bool isOp(const Token *tok)
{
return bool(tok &&
(tok->str() == "&&" ||
tok->str() == "||" ||
tok->str() == "==" ||
tok->str() == "!=" ||
tok->str() == "<" ||
tok->str() == "<=" ||
tok->str() == ">" ||
tok->str() == ">=" ||
tok->str() == "<<" ||
Token::Match(tok, "[+-*/%&!~|^,[])?:]")));
}
/**
* @brief This class is used to capture the control flow within a function.
*/
class Scope
{
public:
Scope() : _token(NULL), _parent(NULL) { }
Scope(const Token *token, Scope *parent_) : _token(token), _parent(parent_) { }
~Scope();
Scope *parent()
{
return _parent;
}
Scope *addChild(const Token *token);
void remove(Scope *scope);
private:
const Token *_token;
Scope *_parent;
std::list<Scope *> _children;
};
Scope::~Scope()
{
while (!_children.empty())
{
delete *_children.begin();
_children.pop_front();
}
}
Scope *Scope::addChild(const Token *token)
{
Scope *temp = new Scope(token, this);
_children.push_back(temp);
return temp;
}
void Scope::remove(Scope *scope)
{
std::list<Scope *>::iterator it;
for (it = _children.begin(); it != _children.end(); ++it)
{
if (*it == scope)
{
delete *it;
_children.erase(it);
break;
}
}
}
/**
* @brief This class is used create a list of variables within a function.
*/
class Variables
{
public:
enum VariableType { standard, array, pointer, reference, pointerArray, referenceArray, pointerPointer };
/** Store information about variable usage */
class VariableUsage
{
public:
VariableUsage(const Token *name = 0,
VariableType type = standard,
Scope *scope = NULL,
bool read = false,
bool write = false,
bool modified = false) :
_name(name),
_type(type),
_scope(scope),
_read(read),
_write(write),
_modified(modified)
{
}
/** variable is used.. set both read+write */
void use()
{
_read = true;
_write = true;
}
/** is variable unused? */
bool unused() const
{
return (_read == false && _write == false);
}
const Token *_name;
VariableType _type;
Scope *_scope;
bool _read;
bool _write;
bool _modified; // read/modify/write
std::set<unsigned int> _aliases;
std::set<Scope *> _assignments;
};
typedef std::map<unsigned int, VariableUsage> VariableMap;
void clear()
{
_varUsage.clear();
}
VariableMap &varUsage()
{
return _varUsage;
}
void addVar(const Token *name, VariableType type, Scope *scope, bool write_);
void read(unsigned int varid);
void readAliases(unsigned int varid);
void readAll(unsigned int varid);
void write(unsigned int varid);
void writeAliases(unsigned int varid);
void writeAll(unsigned int varid);
void use(unsigned int varid);
void modified(unsigned int varid);
VariableUsage *find(unsigned int varid);
void alias(unsigned int varid1, unsigned int varid2, bool replace);
void erase(unsigned int varid)
{
_varUsage.erase(varid);
}
void eraseAliases(unsigned int varid);
void eraseAll(unsigned int varid);
void clearAliases(unsigned int varid);
private:
VariableMap _varUsage;
};
/**
* Alias the 2 given variables. Either replace the existing aliases if
* they exist or merge them. You would replace an existing alias when this
* assignment is in the same scope as the previous assignment. You might
* merge the aliases when this assignment is in a different scope from the
* previous assignment depending on the relationship of the 2 scopes.
*/
void Variables::alias(unsigned int varid1, unsigned int varid2, bool replace)
{
VariableUsage *var1 = find(varid1);
VariableUsage *var2 = find(varid2);
// alias to self
if (varid1 == varid2)
{
if (var1)
var1->use();
return;
}
std::set<unsigned int>::iterator i;
if (replace)
{
// remove var1 from all aliases
for (i = var1->_aliases.begin(); i != var1->_aliases.end(); ++i)
{
VariableUsage *temp = find(*i);
if (temp)
temp->_aliases.erase(var1->_name->varId());
}
// remove all aliases from var1
var1->_aliases.clear();
}
// var1 gets all var2s aliases
for (i = var2->_aliases.begin(); i != var2->_aliases.end(); ++i)
{
if (*i != varid1)
var1->_aliases.insert(*i);
}
// var2 is an alias of var1
var2->_aliases.insert(varid1);
var1->_aliases.insert(varid2);
if (var2->_type == Variables::pointer)
var2->_read = true;
}
void Variables::clearAliases(unsigned int varid)
{
VariableUsage *usage = find(varid);
if (usage)
{
// remove usage from all aliases
std::set<unsigned int>::iterator i;
for (i = usage->_aliases.begin(); i != usage->_aliases.end(); ++i)
{
VariableUsage *temp = find(*i);
if (temp)
temp->_aliases.erase(usage->_name->varId());
}
// remove all aliases from usage
usage->_aliases.clear();
}
}
void Variables::eraseAliases(unsigned int varid)
{
VariableUsage *usage = find(varid);
if (usage)
{
std::set<unsigned int>::iterator aliases;
for (aliases = usage->_aliases.begin(); aliases != usage->_aliases.end(); ++aliases)
erase(*aliases);
}
}
void Variables::eraseAll(unsigned int varid)
{
eraseAliases(varid);
erase(varid);
}
void Variables::addVar(const Token *name,
VariableType type,
Scope *scope,
bool write_)
{
if (name->varId() > 0)
_varUsage.insert(std::make_pair(name->varId(), VariableUsage(name, type, scope, false, write_, false)));
}
void Variables::read(unsigned int varid)
{
VariableUsage *usage = find(varid);
if (usage)
usage->_read = true;
}
void Variables::readAliases(unsigned int varid)
{
VariableUsage *usage = find(varid);
if (usage)
{
std::set<unsigned int>::iterator aliases;
for (aliases = usage->_aliases.begin(); aliases != usage->_aliases.end(); ++aliases)
{
VariableUsage *aliased = find(*aliases);
if (aliased)
aliased->_read = true;
}
}
}
void Variables::readAll(unsigned int varid)
{
VariableUsage *usage = find(varid);
if (usage)
{
usage->_read = true;
std::set<unsigned int>::iterator aliases;
for (aliases = usage->_aliases.begin(); aliases != usage->_aliases.end(); ++aliases)
{
VariableUsage *aliased = find(*aliases);
if (aliased)
aliased->_read = true;
}
}
}
void Variables::write(unsigned int varid)
{
VariableUsage *usage = find(varid);
if (usage)
usage->_write = true;
}
void Variables::writeAliases(unsigned int varid)
{
VariableUsage *usage = find(varid);
if (usage)
{
std::set<unsigned int>::iterator aliases;
for (aliases = usage->_aliases.begin(); aliases != usage->_aliases.end(); ++aliases)
{
VariableUsage *aliased = find(*aliases);
if (aliased)
aliased->_write = true;
}
}
}
void Variables::writeAll(unsigned int varid)
{
VariableUsage *usage = find(varid);
if (usage)
{
usage->_write = true;
std::set<unsigned int>::iterator aliases;
for (aliases = usage->_aliases.begin(); aliases != usage->_aliases.end(); ++aliases)
{
VariableUsage *aliased = find(*aliases);
if (aliased)
aliased->_write = true;
}
}
}
void Variables::use(unsigned int varid)
{
VariableUsage *usage = find(varid);
if (usage)
{
usage->use();
std::set<unsigned int>::iterator aliases;
for (aliases = usage->_aliases.begin(); aliases != usage->_aliases.end(); ++aliases)
{
VariableUsage *aliased = find(*aliases);
if (aliased)
aliased->use();
}
}
}
void Variables::modified(unsigned int varid)
{
VariableUsage *usage = find(varid);
if (usage)
{
usage->_modified = true;
std::set<unsigned int>::iterator aliases;
for (aliases = usage->_aliases.begin(); aliases != usage->_aliases.end(); ++aliases)
{
VariableUsage *aliased = find(*aliases);
if (aliased)
aliased->_modified = true;
}
}
}
Variables::VariableUsage *Variables::find(unsigned int varid)
{
if (varid)
{
VariableMap::iterator i = _varUsage.find(varid);
if (i != _varUsage.end())
return &i->second;
}
return 0;
}
static int doAssignment(Variables &variables, const Token *tok, bool dereference, Scope *scope)
{
int next = 0;
// check for aliased variable
unsigned int varid1 = tok->varId();
Variables::VariableUsage *var1 = variables.find(varid1);
if (var1)
{
Variables::VariableUsage *var2 = 0;
int start = 1;
// search for '='
while (tok->tokAt(start)->str() != "=")
start++;
start++;
if (Token::Match(tok->tokAt(start), "&| %var%") ||
Token::Match(tok->tokAt(start), "( const| struct|union| %type% *| ) &| %var%") ||
Token::Match(tok->tokAt(start), "( const| struct|union| %type% *| ) ( &| %var%") ||
Token::Match(tok->tokAt(start), "%any% < const| struct|union| %type% *| > ( &| %var%"))
{
unsigned char offset = 0;
unsigned int varid2;
bool addressOf = false;
if (Token::Match(tok->tokAt(start), "%var% ."))
variables.use(tok->tokAt(start)->varId()); // use = read + write
// check for C style cast
if (tok->tokAt(start)->str() == "(")
{
if (tok->tokAt(start + 1)->str() == "const")
offset++;
if (Token::Match(tok->tokAt(start + 1 + offset), "struct|union"))
offset++;
if (tok->tokAt(start + 2 + offset)->str() == "*")
offset++;
if (tok->tokAt(start + 3 + offset)->str() == "&")
{
addressOf = true;
next = start + 4 + offset;
}
else if (tok->tokAt(start + 3 + offset)->str() == "(")
{
if (tok->tokAt(start + 4 + offset)->str() == "&")
{
addressOf = true;
next = start + 5 + offset;
}
else
next = start + 4 + offset;
}
else
next = start + 3 + offset;
}
// check for C++ style cast
else if (tok->tokAt(start)->str().find("cast") != std::string::npos &&
tok->tokAt(start + 1)->str() == "<")
{
if (tok->tokAt(start + 2)->str() == "const")
offset++;
if (Token::Match(tok->tokAt(start + 2 + offset), "struct|union"))
offset++;
if (tok->tokAt(start + 3 + offset)->str() == "*")
offset++;
if (tok->tokAt(start + 5 + offset)->str() == "&")
{
addressOf = true;
next = start + 6 + offset;
}
else
next = start + 5 + offset;
}
// check for var ? ...
else if (Token::Match(tok->tokAt(start), "%var% ?"))
{
next = start;
}
// no cast
else
{
if (tok->tokAt(start)->str() == "&")
{
addressOf = true;
next = start + 1;
}
else if (tok->tokAt(start)->str() == "new")
return 0;
else
next = start;
}
// check if variable is local
varid2 = tok->tokAt(next)->varId();
var2 = variables.find(varid2);
if (var2) // local variable (alias or read it)
{
if (var1->_type == Variables::pointer)
{
if (dereference)
variables.read(varid2);
else
{
if (addressOf ||
var2->_type == Variables::array ||
var2->_type == Variables::pointer)
{
bool replace = true;
// check if variable declared in same scope
if (scope == var1->_scope)
replace = true;
// not in same scope as decelaration
else
{
std::set<Scope *>::iterator assignment;
// check for an assignment in this scope
assignment = var1->_assignments.find(scope);
// no other assignment in this scope
if (assignment == var1->_assignments.end())
{
// nothing to replace
if (var1->_assignments.empty())
replace = false;
// this variable has previous assignments
else
{
/**
* @todo determine if existing aliases should be replaced or merged
*/
replace = false;
}
}
// assignment in this scope
else
{
// replace when only one other assingnment
if (var1->_assignments.size() == 1)
replace = true;
// otherwise, merge them
else
replace = false;
}
}
variables.alias(varid1, varid2, replace);
}
else if (tok->tokAt(next + 1)->str() == "?")
{
if (var2->_type == Variables::reference)
variables.readAliases(varid2);
else
variables.read(varid2);
}
}
}
else if (var1->_type == Variables::reference)
{
variables.alias(varid1, varid2, true);
}
else
{
if (var2->_type == Variables::pointer && tok->tokAt(next + 1)->str() == "[")
variables.readAliases(varid2);
variables.read(varid2);
}
}
else // not a local variable (or an unsupported local variable)
{
if (var1->_type == Variables::pointer && !dereference)
{
// check if variable decelaration is in this scope
if (var1->_scope == scope)
variables.clearAliases(varid1);
else
{
std::set<Scope *>::iterator assignment;
// check for an assignment in this scope
assignment = var1->_assignments.find(scope);
// no other assignment in this scope
if (assignment == var1->_assignments.end())
{
/**
* @todo determine if existing aliases should be discarded
*/
}
// this assignment replaces the last assignment in this scope
else
{
// aliased variables in a larger scope are not supported
// remove all aliases
variables.clearAliases(varid1);
}
}
}
}
}
var1->_assignments.insert(scope);
}
// check for alias to struct member
// char c[10]; a.b = c;
else if (Token::Match(tok->tokAt(-2), "%var% ."))
{
if (Token::Match(tok->tokAt(2), "%var%"))
{
unsigned int varid2 = tok->tokAt(2)->varId();
Variables::VariableUsage *var2 = variables.find(varid2);
// struct member aliased to local variable
if (var2 && (var2->_type == Variables::array ||
var2->_type == Variables::pointer))
{
// erase aliased variable and all variables that alias it
// to prevent false positives
variables.eraseAll(varid2);
}
}
}
return next;
}
static bool nextIsStandardType(const Token *tok)
{
tok = tok->next();
if (tok->str() == "static")
tok = tok->next();
return tok->isStandardType();
}
static bool nextIsStandardTypeOrVoid(const Token *tok)
{
tok = tok->next();
if (tok->str() == "static")
tok = tok->next();
if (tok->str() == "const")
tok = tok->next();
return tok->isStandardType() || tok->str() == "void";
}
void CheckOther::functionVariableUsage()
{
if (!_settings->_checkCodingStyle)
return;
// Parse all executing scopes..
for (const Token *token = Token::findmatch(_tokenizer->tokens(), ") const| {"); token;)
{
2010-02-21 08:02:44 +01:00
// goto "{"
while (token->str() != "{")
2010-02-21 08:02:44 +01:00
token = token->next();
// First token for the current scope..
const Token *const tok1 = token;
2010-02-21 08:02:44 +01:00
// Find next scope that will be checked next time..
token = Token::findmatch(token->link(), ") const| {");
// varId, usage {read, write, modified}
Variables variables;
// scopes
Scope scopes;
Scope *scope = &scopes;
unsigned int indentlevel = 0;
for (const Token *tok = tok1; tok; tok = tok->next())
{
if (tok->str() == "{")
{
// replace the head node when found
if (indentlevel == 0)
scopes = Scope(tok, NULL);
// add the new scope
else
scope = scope->addChild(tok);
++indentlevel;
}
else if (tok->str() == "}")
{
2010-02-21 08:02:44 +01:00
--indentlevel;
scope = scope->parent();
if (indentlevel == 0)
break;
}
else if (Token::Match(tok, "struct|union|class {") ||
Token::Match(tok, "struct|union|class %type% {|:"))
{
while (tok->str() != "{")
tok = tok->next();
2010-02-21 08:02:44 +01:00
tok = tok->link();
if (! tok)
break;
}
if (Token::Match(tok, "[;{}] asm ( ) ;"))
{
variables.clear();
break;
}
// standard type declaration with possible initialization
// int i; int j = 0; static int k;
if (Token::Match(tok, "[;{}] static| %type% %var% ;|=") &&
nextIsStandardType(tok))
{
tok = tok->next();
if (tok->str() == "static")
tok = tok->next();
variables.addVar(tok->next(), Variables::standard, scope,
tok->tokAt(2)->str() == "=" ||
tok->previous()->str() == "static");
tok = tok->next();
}
// standard type declaration and initialization using constructor
// int i(0); static int j(0);
else if (Token::Match(tok, "[;{}] static| %type% %var% ( %any% ) ;") &&
nextIsStandardType(tok))
{
tok = tok->next();
if (tok->str() == "static")
tok = tok->next();
variables.addVar(tok->next(), Variables::standard, scope, true);
// check if a local variable is used to initialize this variable
if (tok->tokAt(3)->varId() > 0)
variables.readAll(tok->tokAt(3)->varId());
tok = tok->tokAt(4);
}
// standard type declaration of array of with possible initialization
// int i[10]; int j[2] = { 0, 1 }; static int k[2] = { 2, 3 };
else if (Token::Match(tok, "[;{}] static| %type% %var% [ %any% ] ;|=") &&
nextIsStandardType(tok))
{
tok = tok->next();
if (tok->str() == "static")
tok = tok->next();
variables.addVar(tok->tokAt(1), Variables::array, scope,
tok->tokAt(5)->str() == "=" || tok->str() == "static");
// check for reading array size from local variable
if (tok->tokAt(3)->varId() != 0)
variables.read(tok->tokAt(3)->varId());
// look at initializers
if (Token::Match(tok->tokAt(5), "= {"))
{
tok = tok->tokAt(7);
while (tok->str() != "}")
{
if (Token::Match(tok, "%var%"))
variables.read(tok->varId());
tok = tok->next();
}
}
else
tok = tok->tokAt(4);
}
// pointer or reference declaration with possible initialization
// int * i; int * j = 0; static int * k = 0;
else if (Token::Match(tok, "[;{}] static| const| %type% *|& %var% ;|="))
{
bool isStatic = false;
tok = tok->next();
if (tok->str() == "static")
{
tok = tok->next();
isStatic = true;
}
if (tok->str() == "const")
tok = tok->next();
if (tok->str() != "return" && tok->str() != "throw")
{
Variables::VariableType type;
if (tok->next()->str() == "*")
type = Variables::pointer;
else
type = Variables::reference;
bool written = tok->tokAt(3)->str() == "=";
variables.addVar(tok->tokAt(2), type, scope, written || isStatic);
int offset = 0;
// check for assignment
if (written)
offset = doAssignment(variables, tok->tokAt(2), false, scope);
tok = tok->tokAt(2 + offset);
}
}
// pointer to pointer declaration with possible initialization
// int ** i; int ** j = 0; static int ** k = 0;
else if (Token::Match(tok, "[;{}] static| const| %type% * * %var% ;|="))
{
bool isStatic = false;
tok = tok->next();
if (tok->str() == "static")
{
tok = tok->next();
isStatic = true;
}
if (tok->str() == "const")
tok = tok->next();
if (tok->str() != "return")
{
bool written = tok->tokAt(4)->str() == "=";
variables.addVar(tok->tokAt(3), Variables::pointerPointer, scope, written || isStatic);
int offset = 0;
// check for assignment
if (written)
offset = doAssignment(variables, tok->tokAt(3), false, scope);
tok = tok->tokAt(3 + offset);
}
}
// pointer or reference of struct or union declaration with possible initialization
// struct s * i; struct s * j = 0; static struct s * k = 0;
else if (Token::Match(tok, "[;{}] static| const| struct|union %type% *|& %var% ;|="))
{
Variables::VariableType type;
bool isStatic = false;
2010-06-20 19:03:59 +02:00
tok = tok->next();
if (tok->str() == "static")
{
tok = tok->next();
isStatic = true;
}
2010-06-20 19:03:59 +02:00
if (tok->str() == "const")
tok = tok->next();
2010-06-20 19:03:59 +02:00
if (tok->strAt(2) == "*")
type = Variables::pointer;
else
type = Variables::reference;
2010-06-20 19:03:59 +02:00
const bool written = tok->strAt(4) == "=";
variables.addVar(tok->tokAt(3), type, scope, written || isStatic);
int offset = 0;
// check for assignment
if (written)
offset = doAssignment(variables, tok->tokAt(3), false, scope);
2010-06-20 19:03:59 +02:00
tok = tok->tokAt(3 + offset);
}
// pointer or reference declaration with initialization using constructor
// int * i(j); int * k(i); static int * l(i);
else if (Token::Match(tok, "[;{}] static| const| %type% &|* %var% ( %any% ) ;") &&
nextIsStandardTypeOrVoid(tok))
{
Variables::VariableType type;
tok = tok->next();
if (tok->str() == "static")
tok = tok->next();
if (tok->str() == "const")
tok = tok->next();
if (tok->next()->str() == "*")
type = Variables::pointer;
else
type = Variables::reference;
unsigned int varid = 0;
// check for aliased variable
if (Token::Match(tok->tokAt(4), "%var%"))
varid = tok->tokAt(4)->varId();
variables.addVar(tok->tokAt(2), type, scope, true);
// check if a local variable is used to initialize this variable
if (varid > 0)
{
Variables::VariableUsage *var = variables.find(varid);
if (type == Variables::pointer)
{
variables.use(tok->tokAt(4)->varId());
if (var && (var->_type == Variables::array ||
var->_type == Variables::pointer))
var->_aliases.insert(tok->varId());
}
else
{
variables.readAll(tok->tokAt(4)->varId());
if (var)
var->_aliases.insert(tok->varId());
}
}
tok = tok->tokAt(5);
}
// array of pointer or reference declaration with possible initialization
// int * p[10]; int * q[10] = { 0 }; static int * * r[10] = { 0 };
else if (Token::Match(tok, "[;{}] static| const| %type% *|& %var% [ %any% ] ;|="))
{
bool isStatic = false;
tok = tok->next();
if (tok->str() == "static")
{
tok = tok->next();
isStatic = true;
}
if (tok->str() == "const")
tok = tok->next();
if (tok->str() != "return")
{
variables.addVar(tok->tokAt(2),
tok->next()->str() == "*" ? Variables::pointerArray : Variables::referenceArray, scope,
tok->tokAt(6)->str() == "=" || isStatic);
// check for reading array size from local variable
if (tok->tokAt(4)->varId() != 0)
variables.read(tok->tokAt(4)->varId());
tok = tok->tokAt(5);
}
}
// array of pointer or reference of struct or union declaration with possible initialization
// struct S * p[10]; struct T * q[10] = { 0 }; static struct S * r[10] = { 0 };
else if (Token::Match(tok, "[;{}] static| const| struct|union %type% *|& %var% [ %any% ] ;|="))
{
bool isStatic = false;
tok = tok->next();
if (tok->str() == "static")
{
tok = tok->next();
isStatic = true;
}
if (tok->str() == "const")
tok = tok->next();
variables.addVar(tok->tokAt(3),
tok->tokAt(2)->str() == "*" ? Variables::pointerArray : Variables::referenceArray, scope,
tok->tokAt(7)->str() == "=" || isStatic);
// check for reading array size from local variable
if (tok->tokAt(5)->varId() != 0)
variables.read(tok->tokAt(5)->varId());
tok = tok->tokAt(6);
}
else if (Token::Match(tok, "delete|return|throw %var%"))
variables.readAll(tok->next()->varId());
// assignment
else if (Token::Match(tok, "*| (| ++|--| %var% ++|--| )| ="))
{
bool dereference = false;
bool pre = false;
bool post = false;
if (tok->str() == "*")
{
dereference = true;
tok = tok->next();
}
if (tok->str() == "(")
tok = tok->next();
if (Token::Match(tok, "++|--"))
{
pre = true;
tok = tok->next();
}
if (Token::Match(tok->next(), "++|--"))
post = true;
unsigned int varid1 = tok->varId();
const Token *start = tok;
tok = tok->tokAt(doAssignment(variables, tok, dereference, scope));
if (pre || post)
variables.use(varid1);
if (dereference)
{
variables.writeAliases(varid1);
variables.read(varid1);
}
else
{
Variables::VariableUsage *var = variables.find(varid1);
if (var && var->_type == Variables::reference)
{
variables.writeAliases(varid1);
variables.read(varid1);
}
else
variables.write(varid1);
Variables::VariableUsage *var2 = variables.find(tok->varId());
if (var2 && var2->_type == Variables::reference)
{
variables.writeAliases(tok->varId());
variables.read(tok->varId());
}
}
const Token *equal = tok->next();
if (Token::Match(tok->next(), "[ %any% ]"))
equal = tok->tokAt(4);
// checked for chained assignments
if (tok != start && equal->str() == "=")
{
Variables::VariableUsage *var = variables.find(tok->varId());
if (var && var->_type != Variables::reference)
var->_read = true;
tok = tok->previous();
}
}
// assignment
else if (Token::Match(tok, "%var% [") && Token::Match(tok->next()->link(), "] ="))
{
unsigned int varid = tok->varId();
const Variables::VariableUsage *var = variables.find(varid);
if (var)
{
if (var->_type == Variables::pointer || var->_type == Variables::reference)
{
variables.read(varid);
variables.writeAliases(varid);
}
else
variables.writeAll(varid);
}
}
else if (Token::Match(tok, ">>|& %var%"))
variables.use(tok->next()->varId()); // use = read + write
// function parameter
else if (Token::Match(tok, "[(,] %var% ["))
variables.use(tok->next()->varId()); // use = read + write
else if (Token::Match(tok, "[(,] %var% [,)]") && tok->previous()->str() != "*")
variables.use(tok->next()->varId()); // use = read + write
else if (Token::Match(tok, "[(,] (") &&
Token::Match(tok->next()->link(), ") %var% [,)]"))
variables.use(tok->next()->link()->next()->varId()); // use = read + write
2010-02-21 08:02:44 +01:00
// function
else if (Token::Match(tok, " %var% ("))
variables.read(tok->varId());
else if (Token::Match(tok, " %var% ."))
variables.use(tok->varId()); // use = read + write
else if ((Token::Match(tok, "[(=&!]") || isOp(tok)) &&
(Token::Match(tok->next(), "%var%") && !Token::Match(tok->next(), "true|false|new")))
variables.readAll(tok->next()->varId());
else if (Token::Match(tok, "-=|+=|*=|/=|&=|^= %var%") || Token::Match(tok, "|= %var%"))
variables.modified(tok->next()->varId());
else if (Token::Match(tok, "%var%") && (tok->next()->str() == ")" || isOp(tok->next())))
variables.readAll(tok->varId());
else if (Token::Match(tok, "; %var% ;"))
variables.readAll(tok->next()->varId());
else if (Token::Match(tok, "++|-- %var%"))
variables.modified(tok->next()->varId());
else if (Token::Match(tok, "%var% ++|--"))
variables.modified(tok->varId());
}
// Check usage of all variables in the current scope..
Variables::VariableMap::const_iterator it;
for (it = variables.varUsage().begin(); it != variables.varUsage().end(); ++it)
{
const Variables::VariableUsage &usage = it->second;
const std::string &varname = usage._name->str();
// variable has been marked as unused so ignore it
if (usage._name->isUnused())
continue;
// skip things that are only partially implemented to prevent false positives
if (usage._type == Variables::pointerPointer ||
usage._type == Variables::pointerArray ||
usage._type == Variables::referenceArray)
continue;
// variable has not been written, read, or modified
if (usage.unused() && !usage._modified)
unusedVariableError(usage._name, varname);
// variable has not been written but has been modified
else if (usage._modified & !usage._write)
unassignedVariableError(usage._name, varname);
// variable has been written but not read
else if (!usage._read && !usage._modified)
unreadVariableError(usage._name, varname);
// variable has been read but not written
else if (!usage._write)
unassignedVariableError(usage._name, varname);
}
}
}
void CheckOther::unusedVariableError(const Token *tok, const std::string &varname)
{
reportError(tok, Severity::style, "unusedVariable", "Unused variable: " + varname);
}
void CheckOther::unreadVariableError(const Token *tok, const std::string &varname)
{
reportError(tok, Severity::style, "unreadVariable", "Variable '" + varname + "' is assigned a value that is never used");
}
void CheckOther::unassignedVariableError(const Token *tok, const std::string &varname)
{
reportError(tok, Severity::style, "unassignedVariable", "Variable '" + varname + "' is not assigned a value");
}
//---------------------------------------------------------------------------
//---------------------------------------------------------------------------
// Check scope of variables..
//---------------------------------------------------------------------------
void CheckOther::checkVariableScope()
{
if (!_settings->_checkCodingStyle)
return;
// Walk through all tokens..
bool func = false;
int indentlevel = 0;
for (const Token *tok = _tokenizer->tokens(); tok; tok = tok->next())
{
// Skip class and struct declarations..
if ((tok->str() == "class") || (tok->str() == "struct"))
{
for (const Token *tok2 = tok; tok2; tok2 = tok2->next())
{
if (tok2->str() == "{")
{
tok = tok2->link();
break;
}
if (Token::Match(tok2, "[,);]"))
{
break;
}
}
if (! tok)
break;
}
else if (tok->str() == "{")
{
++indentlevel;
}
else if (tok->str() == "}")
{
--indentlevel;
if (indentlevel == 0)
func = false;
}
if (indentlevel == 0 && Token::simpleMatch(tok, ") {"))
{
func = true;
}
if (indentlevel > 0 && func && Token::Match(tok, "[{};]"))
{
// First token of statement..
const Token *tok1 = tok->next();
if (! tok1)
continue;
if ((tok1->str() == "return") ||
(tok1->str() == "throw") ||
(tok1->str() == "delete") ||
(tok1->str() == "goto") ||
(tok1->str() == "else"))
continue;
// Variable declaration?
if (Token::Match(tok1, "%type% %var% ; %var% = %num% ;"))
{
// Tokenizer modify "int i = 0;" to "int i; i = 0;",
// so to handle this situation we just skip
// initialization (see ticket #272).
const unsigned int firstVarId = tok1->next()->varId();
const unsigned int secondVarId = tok1->tokAt(3)->varId();
if (firstVarId > 0 && firstVarId == secondVarId)
{
lookupVar(tok1->tokAt(6), tok1->strAt(1));
}
}
else if (tok1->isStandardType() && Token::Match(tok1, "%type% %var% [;=]"))
{
lookupVar(tok1, tok1->strAt(1));
}
}
}
}
//---------------------------------------------------------------------------
void CheckOther::lookupVar(const Token *tok1, const std::string &varname)
{
const Token *tok = tok1;
// Skip the variable declaration..
while (tok && tok->str() != ";")
tok = tok->next();
// Check if the variable is used in this indentlevel..
bool used1 = false; // used in one sub-scope -> reducable
bool used2 = false; // used in more sub-scopes -> not reducable
int indentlevel = 0;
int parlevel = 0;
bool for_or_while = false; // is sub-scope a "for/while/etc". anything that is not "if"
while (tok)
{
if (tok->str() == "{")
{
++indentlevel;
}
else if (tok->str() == "}")
{
if (indentlevel == 0)
break;
--indentlevel;
if (indentlevel == 0)
{
if (for_or_while && used2)
return;
used2 |= used1;
used1 = false;
}
}
else if (tok->str() == "(")
{
++parlevel;
}
else if (tok->str() == ")")
{
--parlevel;
}
// Bail out if references are used
else if (Token::simpleMatch(tok, (std::string("& ") + varname).c_str()))
{
return;
}
else if (tok->str() == varname)
{
if (indentlevel == 0)
return;
used1 = true;
if (for_or_while && !Token::simpleMatch(tok->next(), "="))
used2 = true;
if (used1 && used2)
return;
}
else if (indentlevel == 0)
{
// %unknown% ( %any% ) {
// If %unknown% is anything except if, we assume
// that it is a for or while loop or a macro hiding either one
if (Token::simpleMatch(tok->next(), "(") &&
Token::simpleMatch(tok->next()->link(), ") {"))
{
if (tok->str() != "if")
for_or_while = true;
}
if (Token::simpleMatch(tok, "do {"))
for_or_while = true;
// possible unexpanded macro hiding for/while..
if (Token::Match(tok->previous(), "[;{}] %type% {"))
{
bool upper = true;
for (unsigned int i = 0; i < tok->str().length(); ++i)
{
if (!std::isupper(tok->str()[i]))
upper = false;
}
for_or_while |= upper;
}
if (parlevel == 0 && (tok->str() == ";"))
for_or_while = false;
}
tok = tok->next();
}
// Warning if this variable:
// * not used in this indentlevel
// * used in lower indentlevel
if (used1 || used2)
variableScopeError(tok1, varname);
}
//---------------------------------------------------------------------------
//---------------------------------------------------------------------------
// Check for constant function parameters
//---------------------------------------------------------------------------
void CheckOther::checkConstantFunctionParameter()
{
if (!_settings->_checkCodingStyle)
return;
for (const Token *tok = _tokenizer->tokens(); tok; tok = tok->next())
{
if (Token::Match(tok, "[,(] const std :: %type% %var% [,)]"))
{
2009-03-21 17:58:13 +01:00
passedByValueError(tok, tok->strAt(5));
}
else if (Token::Match(tok, "[,(] const std :: %type% < %type% > %var% [,)]"))
{
passedByValueError(tok, tok->strAt(8));
}
else if (Token::Match(tok, "[,(] const std :: %type% < std :: %type% > %var% [,)]"))
{
passedByValueError(tok, tok->strAt(10));
}
else if (Token::Match(tok, "[,(] const std :: %type% < std :: %type% , std :: %type% > %var% [,)]"))
{
passedByValueError(tok, tok->strAt(14));
}
else if (Token::Match(tok, "[,(] const std :: %type% < %type% , std :: %type% > %var% [,)]"))
{
passedByValueError(tok, tok->strAt(12));
}
else if (Token::Match(tok, "[,(] const std :: %type% < std :: %type% , %type% > %var% [,)]"))
{
passedByValueError(tok, tok->strAt(12));
}
else if (Token::Match(tok, "[,(] const std :: %type% < %type% , %type% > %var% [,)]"))
{
passedByValueError(tok, tok->strAt(10));
}
else if (Token::Match(tok, "[,(] const %type% %var% [,)]"))
{
// Check if type is a struct or class.
const std::string pattern(std::string("class|struct ") + tok->strAt(2));
if (Token::findmatch(_tokenizer->tokens(), pattern.c_str()))
{
2009-03-21 17:58:13 +01:00
passedByValueError(tok, tok->strAt(3));
}
}
}
}
//---------------------------------------------------------------------------
//---------------------------------------------------------------------------
// Check that all struct members are used
//---------------------------------------------------------------------------
void CheckOther::checkStructMemberUsage()
{
if (!_settings->_checkCodingStyle)
return;
std::string structname;
for (const Token *tok = _tokenizer->tokens(); tok; tok = tok->next())
{
if (tok->fileIndex() != 0)
continue;
if (Token::Match(tok, "struct|union %type% {"))
{
structname.clear();
if (Token::simpleMatch(tok->previous(), "extern"))
continue;
if ((!tok->previous() || Token::simpleMatch(tok->previous(), ";")) && Token::Match(tok->tokAt(2)->link(), ("} ; " + tok->strAt(1) + " %var% ;").c_str()))
continue;
structname = tok->strAt(1);
// Bail out if struct/union contain any functions
for (const Token *tok2 = tok->tokAt(2); tok2; tok2 = tok2->next())
{
if (tok2->str() == "(")
{
structname.clear();
break;
}
if (tok2->str() == "}")
break;
}
// bail out if struct is inherited
if (!structname.empty() && Token::findmatch(tok, (",|private|protected|public " + structname).c_str()))
structname.clear();
// Bail out if some data is casted to struct..
const std::string s("( struct| " + tok->next()->str() + " * ) & %var% [");
if (Token::findmatch(tok, s.c_str()))
structname.clear();
// Try to prevent false positives when struct members are not used directly.
if (Token::findmatch(tok, (structname + " *").c_str()))
structname.clear();
else if (Token::findmatch(tok, (structname + " %type% *").c_str()))
structname = "";
}
if (tok->str() == "}")
structname.clear();
if (!structname.empty() && Token::Match(tok, "[{;]"))
{
// Declaring struct variable..
std::string varname;
if (Token::Match(tok->next(), "%type% %var% [;[]"))
varname = tok->strAt(2);
else if (Token::Match(tok->next(), "%type% %type% %var% [;[]"))
varname = tok->strAt(3);
else if (Token::Match(tok->next(), "%type% * %var% [;[]"))
varname = tok->strAt(3);
else if (Token::Match(tok->next(), "%type% %type% * %var% [;[]"))
varname = tok->strAt(4);
else
continue;
// Check if the struct variable is used anywhere in the file
const std::string usagePattern(". " + varname);
bool used = false;
for (const Token *tok2 = _tokenizer->tokens(); tok2; tok2 = tok2->next())
{
if (Token::simpleMatch(tok2, usagePattern.c_str()))
{
used = true;
break;
}
}
if (! used)
{
2009-03-21 17:58:13 +01:00
unusedStructMemberError(tok->next(), structname, varname);
}
}
}
}
//---------------------------------------------------------------------------
// Check usage of char variables..
//---------------------------------------------------------------------------
void CheckOther::checkCharVariable()
{
if (!_settings->_checkCodingStyle)
return;
for (const Token *tok = _tokenizer->tokens(); tok; tok = tok->next())
{
// Declaring the variable..
if (Token::Match(tok, "[{};(,] char %var% [;=,)]"))
{
// Check for unsigned char
if (tok->tokAt(1)->isUnsigned())
continue;
// Set tok to point to the variable name
tok = tok->tokAt(2);
if (tok->str() == "char")
2009-02-04 18:12:53 +01:00
tok = tok->next();
// Check usage of char variable..
int indentlevel = 0;
for (const Token *tok2 = tok->next(); tok2; tok2 = tok2->next())
{
if (tok2->str() == "{")
++indentlevel;
else if (tok2->str() == "}")
{
--indentlevel;
if (indentlevel <= 0)
break;
}
else if (tok2->str() == "return")
continue;
std::string temp = "%var% [ " + tok->str() + " ]";
if ((tok2->str() != ".") && Token::Match(tok2->next(), temp.c_str()))
{
2009-03-21 17:58:13 +01:00
charArrayIndexError(tok2->next());
break;
}
if (Token::Match(tok2, "[;{}] %var% = %any% [&|] %any% ;"))
{
// is the char variable used in the calculation?
if (tok2->tokAt(3)->varId() != tok->varId() && tok2->tokAt(5)->varId() != tok->varId())
continue;
// it's ok with a bitwise and where the other operand is 0xff or less..
if (std::string(tok2->strAt(4)) == "&")
{
if (tok2->tokAt(3)->isNumber() && MathLib::isGreater("0x100", tok2->strAt(3)))
continue;
if (tok2->tokAt(5)->isNumber() && MathLib::isGreater("0x100", tok2->strAt(5)))
continue;
}
// is the result stored in a short|int|long?
if (!Token::findmatch(_tokenizer->tokens(), "short|int|long %varid%", tok2->next()->varId()))
continue;
// This is an error..
2009-03-21 17:58:13 +01:00
charBitOpError(tok2);
break;
}
}
}
}
}
//---------------------------------------------------------------------------
//---------------------------------------------------------------------------
// Incomplete statement..
//---------------------------------------------------------------------------
void CheckOther::checkIncompleteStatement()
{
if (!_settings->_checkCodingStyle)
return;
int parlevel = 0;
for (const Token *tok = _tokenizer->tokens(); tok; tok = tok->next())
{
if (tok->str() == "(")
++parlevel;
else if (tok->str() == ")")
--parlevel;
if (parlevel != 0)
continue;
if (Token::simpleMatch(tok, "= {"))
{
/* We are in an assignment, so it's not a statement.
* Skip until ";" */
while (tok->str() != ";")
{
int level = 0;
do
{
if (tok->str() == "(" || tok->str() == "{")
++level;
else if (tok->str() == ")" || tok->str() == "}")
--level;
tok = tok->next();
if (tok == NULL)
return;
}
while (level > 0);
}
continue;
}
if (Token::Match(tok, "[;{}] %str%") && !Token::Match(tok->tokAt(2), "[,}]"))
{
2009-03-21 17:58:13 +01:00
constStatementError(tok->next(), "string");
}
if (Token::Match(tok, "[;{}] %num%") && !Token::Match(tok->tokAt(2), "[,}]"))
{
2009-03-21 17:58:13 +01:00
constStatementError(tok->next(), "numeric");
}
}
}
//---------------------------------------------------------------------------
//---------------------------------------------------------------------------
// str plus char
//---------------------------------------------------------------------------
void CheckOther::strPlusChar()
{
bool charVars[10000] = {0};
for (const Token *tok = _tokenizer->tokens(); tok; tok = tok->next())
{
// Declaring char variable..
if (Token::Match(tok, "char|int|short %var% [;=]"))
{
unsigned int varid = tok->next()->varId();
if (varid > 0 && varid < 10000)
charVars[varid] = true;
}
//
else if (Token::Match(tok, "[=(] %str% + %any%"))
{
// char constant..
const std::string s = tok->strAt(3);
if (s[0] == '\'')
2009-03-21 17:58:13 +01:00
strPlusChar(tok->next());
// char variable..
unsigned int varid = tok->tokAt(3)->varId();
if (varid > 0 && varid < 10000 && charVars[varid])
strPlusChar(tok->next());
}
}
}
2009-02-04 19:49:19 +01:00
void CheckOther::nullPointerAfterLoop()
{
// Locate insufficient null-pointer handling after loop
for (const Token *tok = _tokenizer->tokens(); tok; tok = tok->next())
{
if (! Token::Match(tok, "while ( %var% )"))
continue;
const unsigned int varid(tok->tokAt(2)->varId());
if (varid == 0)
continue;
const std::string varname(tok->strAt(2));
// Locate the end of the while loop..
const Token *tok2 = tok->tokAt(4);
if (tok2->str() == "{")
tok2 = tok2->link();
else
{
while (tok2 && tok2->str() != ";")
tok2 = tok2->next();
}
// Goto next token
if (tok2)
tok2 = tok2->next();
// Check if the variable is dereferenced..
while (tok2)
{
if (tok2->str() == "{" || tok2->str() == "}" || tok2->str() == "break")
break;
if (tok2->varId() == varid)
{
if (tok2->next()->str() == "." || Token::Match(tok2->next(), "= %varid% .", varid))
{
// Is this variable a pointer?
const Token *tok3 = Token::findmatch(_tokenizer->tokens(), "%type% * %varid% [;)=]", varid);
if (!tok3)
break;
if (!tok3->previous() ||
Token::Match(tok3->previous(), "[({};]") ||
tok3->previous()->isName())
{
nullPointerError(tok2, varname);
}
}
break;
}
tok2 = tok2->next();
}
}
}
void CheckOther::nullPointerLinkedList()
{
// looping through items in a linked list in a inner loop..
for (const Token *tok1 = _tokenizer->tokens(); tok1; tok1 = tok1->next())
{
// search for a "for" token..
if (!Token::simpleMatch(tok1, "for ("))
continue;
if (!Token::simpleMatch(tok1->next()->link(), ") {"))
continue;
// is there any dereferencing occuring in the for statement..
unsigned int parlevel2 = 1;
for (const Token *tok2 = tok1->tokAt(2); tok2; tok2 = tok2->next())
{
// Parantheses..
if (tok2->str() == "(")
++parlevel2;
else if (tok2->str() == ")")
{
if (parlevel2 <= 1)
break;
--parlevel2;
}
// Dereferencing a variable inside the "for" parantheses..
else if (Token::Match(tok2, "%var% . %var%"))
{
const unsigned int varid(tok2->varId());
if (varid == 0)
continue;
if (Token::Match(tok2->tokAt(-2), "%varid% ?", varid))
2009-08-01 11:30:37 +02:00
continue;
const std::string varname(tok2->str());
// Check usage of dereferenced variable in the loop..
unsigned int indentlevel3 = 0;
for (const Token *tok3 = tok1->next()->link(); tok3; tok3 = tok3->next())
{
if (tok3->str() == "{")
++indentlevel3;
else if (tok3->str() == "}")
{
if (indentlevel3 <= 1)
break;
--indentlevel3;
}
else if (Token::Match(tok3, "while ( %varid% &&|)", varid))
{
// Make sure there is a "break" to prevent segmentation faults..
unsigned int indentlevel4 = indentlevel3;
for (const Token *tok4 = tok3->next()->link(); tok4; tok4 = tok4->next())
{
if (tok4->str() == "{")
++indentlevel4;
else if (tok4->str() == "}")
{
if (indentlevel4 <= 1)
{
// Is this variable a pointer?
const Token *tempTok = Token::findmatch(_tokenizer->tokens(), "%type% * %varid% [;)=]", varid);
if (tempTok)
nullPointerError(tok1, varname, tok3->linenr());
break;
}
--indentlevel4;
}
2010-09-02 21:08:58 +02:00
else if (tok4->str() == "break" || tok4->str() == "return")
break;
}
}
}
}
}
}
}
void CheckOther::nullPointerStructByDeRefAndChec()
{
// don't check vars that has been tested against null already
std::set<unsigned int> skipvar;
skipvar.insert(0);
// Dereferencing a struct pointer and then checking if it's NULL..
for (const Token *tok1 = _tokenizer->tokens(); tok1; tok1 = tok1->next())
{
if (Token::Match(tok1, "if|while ( !| %var% )"))
{
tok1 = tok1->tokAt(2);
if (tok1->str() == "!")
tok1 = tok1->next();
skipvar.insert(tok1->varId());
continue;
}
2010-08-05 08:06:19 +02:00
// dereference in assignment
if (Token::Match(tok1, "[{};] %var% = %var% . %var%"))
{
if (std::string(tok1->strAt(1)) == tok1->strAt(3))
continue;
tok1 = tok1->tokAt(3);
2010-08-05 08:06:19 +02:00
}
2010-08-05 08:06:19 +02:00
// dereference in function call
else if (Token::Match(tok1->tokAt(-2), "%var% ( %var% . %var%") ||
Token::Match(tok1->previous(), ", %var% . %var%"))
{
2010-08-05 08:06:19 +02:00
}
2010-08-05 08:06:19 +02:00
// Goto next token
else
{
continue;
}
2010-08-05 08:06:19 +02:00
// struct dereference was found - investigate if it is later
// checked that it is not NULL
const unsigned int varid1(tok1->varId());
if (skipvar.find(varid1) != skipvar.end())
2010-08-05 08:06:19 +02:00
continue;
const std::string varname(tok1->str());
2010-08-05 08:06:19 +02:00
unsigned int indentlevel2 = 0;
for (const Token *tok2 = tok1->tokAt(3); tok2; tok2 = tok2->next())
{
if (tok2->str() == "{")
++indentlevel2;
2010-08-05 08:06:19 +02:00
else if (tok2->str() == "}")
{
if (indentlevel2 <= 1)
break;
2010-08-05 08:06:19 +02:00
--indentlevel2;
}
2010-08-05 08:06:19 +02:00
// goto destination..
else if (tok2->isName() && Token::simpleMatch(tok2->next(), ":"))
break;
2010-08-05 08:06:19 +02:00
// Reassignment of the struct
else if (tok2->varId() == varid1)
{
if (tok2->next()->str() == "=")
break;
2010-08-05 08:06:19 +02:00
if (Token::Match(tok2->tokAt(-2), "[,(] &"))
break;
}
// Loop..
/** @todo don't bail out if the variable is not used in the loop */
else if (tok2->str() == "do")
break;
// return at base level => stop checking
else if (indentlevel2 == 0 && tok2->str() == "return")
break;
else if (Token::Match(tok2, "if ( !| %varid% )", varid1))
{
// Is this variable a pointer?
const Token *tempTok = Token::findmatch(_tokenizer->tokens(), "%type% * %varid% [;)=]", varid1);
if (tempTok)
nullPointerError(tok1, varname, tok2->linenr());
break;
}
}
}
}
void CheckOther::nullPointerByDeRefAndChec()
{
// Dereferencing a pointer and then checking if it's NULL..
for (const Token *tok = _tokenizer->tokens(); tok; tok = tok->next())
{
if (tok->str() == "if" && Token::Match(tok->previous(), "; if ( ! %var% )"))
{
const unsigned int varid(tok->tokAt(3)->varId());
if (varid == 0)
continue;
const std::string varname(tok->strAt(3));
2010-08-05 08:06:19 +02:00
// Check that variable is a pointer..
const Token *decltok = Token::findmatch(_tokenizer->tokens(), "%varid%", varid);
2010-08-05 08:06:19 +02:00
if (!Token::Match(decltok->tokAt(-3), "[;,(] %type% *"))
continue;
for (const Token *tok1 = tok->previous(); tok1 && tok1 != decltok; tok1 = tok1->previous())
{
if (tok1->varId() == varid)
{
if (Token::Match(tok1->tokAt(-2), "[=;{}] *"))
{
nullPointerError(tok1, varname, tok->linenr());
break;
}
else if (Token::simpleMatch(tok1->previous(), "&"))
{
break;
}
else if (Token::simpleMatch(tok1->next(), "="))
{
break;
}
// dereference in function call
else if (Token::Match(tok1->tokAt(-2), "[(,] *"))
{
nullPointerError(tok1, varname, tok->linenr());
}
}
else if (tok1->str() == "{" ||
tok1->str() == "}")
break;
2010-08-05 08:06:19 +02:00
// label..
else if (Token::Match(tok1, "%type% :"))
break;
}
}
}
}
void CheckOther::nullPointer()
{
nullPointerAfterLoop();
nullPointerLinkedList();
nullPointerStructByDeRefAndChec();
nullPointerByDeRefAndChec();
}
/** Derefencing null constant (simplified token list) */
void CheckOther::nullConstantDereference()
{
// this is kept at 0 for all scopes that are not executing
unsigned int indentlevel = 0;
for (const Token *tok = _tokenizer->tokens(); tok; tok = tok->next())
{
// start of executable scope..
if (indentlevel == 0 && Token::Match(tok, ") const| {"))
indentlevel = 1;
else if (indentlevel >= 1)
{
if (tok->str() == "{")
++indentlevel;
else if (tok->str() == "}")
{
if (indentlevel <= 2)
indentlevel = 0;
else
--indentlevel;
}
if (tok->str() == "(" && Token::simpleMatch(tok->previous(), "sizeof"))
tok = tok->link();
else if (Token::simpleMatch(tok, "exit ( )"))
{
// Goto end of scope
while (tok && tok->str() != "}")
{
if (tok->str() == "{")
tok = tok->link();
tok = tok->next();
}
if (!tok)
break;
}
else if (Token::simpleMatch(tok, "* 0"))
{
if (Token::Match(tok->previous(), "[<>;{}=+-*/(,]") ||
Token::Match(tok->previous(), "return|<<"))
{
nullPointerError(tok);
}
}
}
}
}
/**
* \brief parse a function call and extract information about variable usage
* \param tok first token
* \param var variables that the function read / write.
* \param value 0 => invalid with null pointers as parameter.
* 1-.. => invalid with uninitialized data.
*/
static void parseFunctionCall(const Token &tok, std::list<const Token *> &var, unsigned char value)
{
// standard functions that dereference first parameter..
// both uninitialized data and null pointers are invalid.
static std::set<std::string> functionNames1;
if (functionNames1.empty())
{
functionNames1.insert("memchr");
functionNames1.insert("memcmp");
functionNames1.insert("strcat");
functionNames1.insert("strncat");
functionNames1.insert("strchr");
functionNames1.insert("strrchr");
functionNames1.insert("strcmp");
functionNames1.insert("strncmp");
functionNames1.insert("strdup");
functionNames1.insert("strndup");
functionNames1.insert("strlen");
functionNames1.insert("strstr");
}
// standard functions that dereference second parameter..
// both uninitialized data and null pointers are invalid.
static std::set<std::string> functionNames2;
if (functionNames2.empty())
{
functionNames2.insert("memcmp");
functionNames2.insert("memcpy");
functionNames2.insert("memmove");
functionNames2.insert("strcat");
functionNames2.insert("strncat");
functionNames2.insert("strcmp");
functionNames2.insert("strncmp");
functionNames2.insert("strcpy");
functionNames2.insert("strncpy");
functionNames2.insert("strstr");
}
// 1st parameter..
if (Token::Match(&tok, "%var% ( %var% ,|)") && tok.tokAt(2)->varId() > 0)
{
if (functionNames1.find(tok.str()) != functionNames1.end())
var.push_back(tok.tokAt(2));
else if (value == 0 && Token::Match(&tok, "memchr|memcmp|memcpy|memmove|memset|strcpy|printf|sprintf|snprintf"))
var.push_back(tok.tokAt(2));
else if (Token::simpleMatch(&tok, "fflush"))
var.push_back(tok.tokAt(2));
}
// 2nd parameter..
if (Token::Match(&tok, "%var% ( %any% , %var% ,|)") && tok.tokAt(4)->varId() > 0)
{
if (functionNames2.find(tok.str()) != functionNames2.end())
var.push_back(tok.tokAt(4));
}
}
2009-10-29 21:34:43 +01:00
/// @addtogroup Checks
/// @{
/**
* @brief %Check for null pointer usage (using ExecutionPath)
*/
class CheckNullpointer : public ExecutionPath
{
public:
/** Startup constructor */
2009-12-21 18:17:35 +01:00
CheckNullpointer(Check *c) : ExecutionPath(c, 0), null(false)
{
}
2009-10-29 21:34:43 +01:00
private:
/** Create checking of specific variable: */
2009-12-21 18:17:35 +01:00
CheckNullpointer(Check *c, const unsigned int id, const std::string &name)
2010-04-15 20:08:51 +02:00
: ExecutionPath(c, id),
varname(name),
null(false)
{
}
/** Copy this check */
ExecutionPath *copy()
{
return new CheckNullpointer(*this);
}
2009-10-29 21:34:43 +01:00
/** no implementation => compiler error if used by accident */
2009-12-06 20:34:02 +01:00
void operator=(const CheckNullpointer &);
2010-04-25 11:55:57 +02:00
/** is other execution path equal? */
bool is_equal(const ExecutionPath *e) const
{
const CheckNullpointer *c = static_cast<const CheckNullpointer *>(e);
return (varname == c->varname && null == c->null);
}
/** variable name for this check (empty => dummy check) */
const std::string varname;
/** is this variable null? */
bool null;
2009-10-29 21:34:43 +01:00
/** variable is set to null */
static void setnull(std::list<ExecutionPath *> &checks, const unsigned int varid)
{
std::list<ExecutionPath *>::iterator it;
for (it = checks.begin(); it != checks.end(); ++it)
{
CheckNullpointer *c = dynamic_cast<CheckNullpointer *>(*it);
if (c && c->varId == varid)
c->null = true;
}
}
2009-10-29 21:34:43 +01:00
/**
* Dereferencing variable. Check if it is safe (if the variable is null there's an error)
* @param checks Checks
* @param tok token where dereferencing happens
*/
static void dereference(std::list<ExecutionPath *> &checks, const Token *tok)
{
const unsigned int varid(tok->varId());
std::list<ExecutionPath *>::iterator it;
for (it = checks.begin(); it != checks.end(); ++it)
{
CheckNullpointer *c = dynamic_cast<CheckNullpointer *>(*it);
if (c && c->varId == varid && c->null)
{
2009-12-21 18:17:35 +01:00
CheckOther *checkOther = dynamic_cast<CheckOther *>(c->owner);
if (checkOther)
2009-12-21 18:17:35 +01:00
{
checkOther->nullPointerError(tok, c->varname);
return;
2009-12-21 18:17:35 +01:00
}
}
}
}
/** parse tokens */
const Token *parse(const Token &tok, std::list<ExecutionPath *> &checks) const
{
if (Token::Match(tok.previous(), "[;{}] const| %type% * %var% ;"))
{
const Token * vartok = tok.tokAt(2);
if (tok.str() == "const")
vartok = vartok->next();
if (vartok->varId() != 0)
2009-12-21 18:17:35 +01:00
checks.push_back(new CheckNullpointer(owner, vartok->varId(), vartok->str()));
return vartok->next();
}
// Template pointer variable..
if (Token::Match(tok.previous(), "[;{}] %type% ::|<"))
{
const Token * vartok = &tok;
while (Token::Match(vartok, "%type% ::"))
vartok = vartok->tokAt(2);
if (Token::Match(vartok, "%type% < %type%"))
{
vartok = vartok->tokAt(3);
while (vartok && (vartok->str() == "*" || vartok->isName()))
vartok = vartok->next();
}
if (vartok
&& (vartok->str() == ">" || vartok->isName())
&& Token::Match(vartok->next(), "* %var% ;|="))
{
vartok = vartok->tokAt(2);
checks.push_back(new CheckNullpointer(owner, vartok->varId(), vartok->str()));
if (Token::simpleMatch(vartok->next(), "= 0 ;"))
setnull(checks, vartok->varId());
return vartok->next();
}
}
if (Token::simpleMatch(&tok, "try {"))
{
// Bail out all used variables
unsigned int indentlevel = 0;
for (const Token *tok2 = &tok; tok2; tok2 = tok2->next())
{
if (tok2->str() == "{")
++indentlevel;
else if (tok2->str() == "}")
{
if (indentlevel == 0)
break;
if (indentlevel == 1 && !Token::simpleMatch(tok2,"} catch ("))
return tok2;
--indentlevel;
}
else if (tok2->varId())
bailOutVar(checks,tok2->varId());
}
}
if (Token::Match(&tok, "%var% ("))
{
if (tok.str() == "sizeof")
return tok.next()->link();
// parse usage..
std::list<const Token *> var;
parseFunctionCall(tok, var, 0);
for (std::list<const Token *>::const_iterator it = var.begin(); it != var.end(); ++it)
dereference(checks, *it);
}
if (tok.varId() != 0)
{
if (Token::Match(tok.previous(), "[;{}=] %var% = 0 ;"))
setnull(checks, tok.varId());
else if (Token::Match(tok.tokAt(-2), "[;{}=+-/(,] * %var%"))
dereference(checks, &tok);
else if (Token::Match(tok.tokAt(-2), "return * %var%"))
dereference(checks, &tok);
else if (!Token::simpleMatch(tok.tokAt(-2), "& (") && Token::Match(tok.next(), ". %var%"))
dereference(checks, &tok);
else if (Token::Match(tok.previous(), "[;{}=+-/(,] %var% [ %any% ]"))
dereference(checks, &tok);
else if (Token::Match(tok.previous(), "return %var% [ %any% ]"))
dereference(checks, &tok);
else if (Token::Match(&tok, "%var% ("))
dereference(checks, &tok);
else
bailOutVar(checks, tok.varId());
}
else if (tok.str() == "delete")
{
const Token *ret = tok.next();
if (Token::simpleMatch(ret, "[ ]"))
ret = ret->tokAt(2);
if (Token::Match(ret, "%var% ;"))
return ret->next();
}
return &tok;
}
2009-12-25 19:45:21 +01:00
/** parse condition. @sa ExecutionPath::parseCondition */
2009-12-25 20:50:23 +01:00
bool parseCondition(const Token &tok, std::list<ExecutionPath *> &checks)
2009-12-25 19:45:21 +01:00
{
for (const Token *tok2 = &tok; tok2; tok2 = tok2->next())
{
if (tok2->str() == "(" || tok2->str() == ")")
break;
if (Token::Match(tok2, "[<>=] * %var%"))
dereference(checks, tok2->tokAt(2));
}
if (Token::Match(&tok, "!| %var% ("))
2009-12-25 19:45:21 +01:00
{
std::list<const Token *> var;
parseFunctionCall(tok.str() == "!" ? *tok.next() : tok, var, 0);
for (std::list<const Token *>::const_iterator it = var.begin(); it != var.end(); ++it)
dereference(checks, *it);
2009-12-25 19:45:21 +01:00
}
return ExecutionPath::parseCondition(tok, checks);
}
};
2009-10-29 21:34:43 +01:00
/**
* @brief %Check that uninitialized variables aren't used (using ExecutionPath)
* */
class CheckUninitVar : public ExecutionPath
{
public:
/** Startup constructor */
2009-12-21 18:17:35 +01:00
CheckUninitVar(Check *c)
2010-04-15 20:08:51 +02:00
: ExecutionPath(c, 0), pointer(false), array(false), alloc(false), strncpy_(false)
{
}
private:
/** Create a copy of this check */
ExecutionPath *copy()
{
return new CheckUninitVar(*this);
}
2009-10-29 21:34:43 +01:00
/** no implementation => compiler error if used */
2009-12-06 20:34:02 +01:00
void operator=(const CheckUninitVar &);
/** internal constructor for creating extra checks */
2009-12-21 18:17:35 +01:00
CheckUninitVar(Check *c, unsigned int v, const std::string &name, bool p, bool a)
2010-04-15 20:08:51 +02:00
: ExecutionPath(c, v), varname(name), pointer(p), array(a), alloc(false), strncpy_(false)
2009-12-21 18:17:35 +01:00
{
}
2010-04-25 11:55:57 +02:00
/** is other execution path equal? */
bool is_equal(const ExecutionPath *e) const
{
const CheckUninitVar *c = static_cast<const CheckUninitVar *>(e);
return (varname == c->varname && pointer == c->pointer && array == c->array && alloc == c->alloc && strncpy_ == c->strncpy_);
}
/** variable name for this check */
2009-12-21 18:17:35 +01:00
const std::string varname;
/** is this variable a pointer? */
const bool pointer;
/** is this variable an array? */
const bool array;
/** is this variable allocated? */
2009-12-21 18:17:35 +01:00
bool alloc;
/** is this variable initialized with strncpy (not always zero-terminated) */
bool strncpy_;
2009-12-21 18:17:35 +01:00
/** allocating pointer. For example : p = malloc(10); */
2009-12-21 18:17:35 +01:00
static void alloc_pointer(std::list<ExecutionPath *> &checks, unsigned int varid)
{
std::list<ExecutionPath *>::const_iterator it;
for (it = checks.begin(); it != checks.end(); ++it)
{
CheckUninitVar *c = dynamic_cast<CheckUninitVar *>(*it);
if (c && c->varId == varid)
c->alloc = true;
2009-10-29 21:34:43 +01:00
}
}
2009-10-29 21:34:43 +01:00
/** Initializing a pointer value. For example: *p = 0; */
static void init_pointer(std::list<ExecutionPath *> &checks, const Token *tok)
{
const unsigned int varid(tok->varId());
if (!varid)
return;
std::list<ExecutionPath *>::iterator it = checks.begin();
while (it != checks.end())
{
CheckUninitVar *c = dynamic_cast<CheckUninitVar *>(*it);
if (c && c->varId == varid)
{
if (c->alloc || c->array)
{
delete c;
checks.erase(it++);
continue;
}
else
{
use_pointer(checks, tok);
}
}
++it;
}
}
/** Deallocate a pointer. For example: free(p); */
static void dealloc_pointer(std::list<ExecutionPath *> &checks, const Token *tok)
2009-12-21 18:17:35 +01:00
{
const unsigned int varid(tok->varId());
if (!varid)
return;
2009-12-21 18:17:35 +01:00
std::list<ExecutionPath *>::const_iterator it;
for (it = checks.begin(); it != checks.end(); ++it)
2009-12-21 18:17:35 +01:00
{
CheckUninitVar *c = dynamic_cast<CheckUninitVar *>(*it);
if (c && c->varId == varid)
2009-12-21 18:17:35 +01:00
{
if (c->pointer && !c->alloc)
2009-12-21 18:17:35 +01:00
{
CheckOther *checkOther = dynamic_cast<CheckOther *>(c->owner);
if (checkOther)
2009-12-21 18:17:35 +01:00
{
checkOther->uninitvarError(tok, c->varname);
break;
2009-12-21 18:17:35 +01:00
}
}
c->alloc = false;
2009-12-21 18:17:35 +01:00
}
}
}
/**
* Pointer assignment: p = x;
* if p is a pointer and x is an array/pointer then bail out
* \param checks all available checks
* \param tok1 the "p" token
* \param tok2 the "x" token
*/
static void pointer_assignment(std::list<ExecutionPath *> &checks, const Token *tok1, const Token *tok2)
{
const unsigned int varid1(tok1->varId());
if (varid1 == 0)
return;
const unsigned int varid2(tok2->varId());
if (varid2 == 0)
return;
std::list<ExecutionPath *>::const_iterator it;
// bail out if first variable is a pointer
for (it = checks.begin(); it != checks.end(); ++it)
{
CheckUninitVar *c = dynamic_cast<CheckUninitVar *>(*it);
if (c && c->varId == varid1 && c->pointer)
{
bailOutVar(checks, varid1);
break;
}
}
// bail out if second variable is a array/pointer
for (it = checks.begin(); it != checks.end(); ++it)
{
CheckUninitVar *c = dynamic_cast<CheckUninitVar *>(*it);
if (c && c->varId == varid2 && (c->pointer || c->array))
{
bailOutVar(checks, varid2);
break;
}
}
}
2010-03-17 22:16:18 +01:00
/** Initialize an array with strncpy. */
static void init_strncpy(std::list<ExecutionPath *> &checks, const Token *tok)
{
const unsigned int varid(tok->varId());
if (!varid)
return;
std::list<ExecutionPath *>::const_iterator it;
for (it = checks.begin(); it != checks.end(); ++it)
{
CheckUninitVar *c = dynamic_cast<CheckUninitVar *>(*it);
if (c && c->varId == varid)
{
c->strncpy_ = true;
}
}
}
/**
* use - called from the use* functions below.
* @param checks all available checks
* @param tok variable token
* @param mode specific behaviour
* @return if error is found, true is returned
*/
static bool use(std::list<ExecutionPath *> &checks, const Token *tok, const int mode)
2009-12-21 18:17:35 +01:00
{
const unsigned int varid(tok->varId());
if (varid == 0)
return false;
2009-12-21 18:17:35 +01:00
std::list<ExecutionPath *>::const_iterator it;
for (it = checks.begin(); it != checks.end(); ++it)
2009-12-21 18:17:35 +01:00
{
CheckUninitVar *c = dynamic_cast<CheckUninitVar *>(*it);
if (c && c->varId == varid)
2009-12-21 18:17:35 +01:00
{
// mode 0 : the variable is used "directly"
// example: .. = var;
// it is ok to read the address of an uninitialized array.
// it is ok to read the address of an allocated pointer
if (mode == 0 && (c->array || (c->pointer && c->alloc)))
continue;
// mode 2 : bad usage of pointer. if it's not a pointer then the usage is ok.
// example: ptr->foo();
if (mode == 2 && !c->pointer)
continue;
2009-12-21 18:17:35 +01:00
// mode 3 : using dead pointer is invalid.
if (mode == 3 && (!c->pointer || c->alloc))
continue;
// mode 4 : reading uninitialized array or pointer is invalid.
if (mode == 4 && (!c->array && !c->pointer))
continue;
CheckOther *checkOther = dynamic_cast<CheckOther *>(c->owner);
if (checkOther)
{
if (c->strncpy_)
checkOther->uninitstringError(tok, c->varname);
else if (c->pointer && c->alloc)
checkOther->uninitdataError(tok, c->varname);
else
checkOther->uninitvarError(tok, c->varname);
return true;
2009-12-21 18:17:35 +01:00
}
}
}
// No error found
return false;
2009-12-21 18:17:35 +01:00
}
/**
* Reading variable. Use this function in situations when it is
* invalid to read the data of the variable but not the address.
* @param checks all available checks
* @param tok variable token
* @return if error is found, true is returned
*/
static bool use(std::list<ExecutionPath *> &checks, const Token *tok)
2009-12-21 18:17:35 +01:00
{
return use(checks, tok, 0);
2009-12-21 18:17:35 +01:00
}
/**
* Reading array elements. If the variable is not an array then the usage is ok.
* @param checks all available checks
* @param tok variable token
*/
static void use_array(std::list<ExecutionPath *> &checks, const Token *tok)
2009-12-21 18:17:35 +01:00
{
use(checks, tok, 1);
2009-12-21 18:17:35 +01:00
}
/**
* Bad pointer usage. If the variable is not a pointer then the usage is ok.
* @param checks all available checks
* @param tok variable token
* @return if error is found, true is returned
*/
static bool use_pointer(std::list<ExecutionPath *> &checks, const Token *tok)
2009-12-21 18:17:35 +01:00
{
return use(checks, tok, 2);
2009-12-21 18:17:35 +01:00
}
/**
* Using variable.. if it's a dead pointer the usage is invalid.
* @param checks all available checks
* @param tok variable token
* @return if error is found, true is returned
*/
static bool use_dead_pointer(std::list<ExecutionPath *> &checks, const Token *tok)
{
return use(checks, tok, 3);
}
/**
* Using variable.. reading from uninitialized array or pointer data is invalid.
* Example: = x[0];
* @param checks all available checks
* @param tok variable token
* @return if error is found, true is returned
*/
static bool use_array_or_pointer_data(std::list<ExecutionPath *> &checks, const Token *tok)
{
return use(checks, tok, 4);
}
/** declaring a variable */
void declare(std::list<ExecutionPath *> &checks, const Token *vartok, const Token &tok, const bool p, const bool a) const
{
if (vartok->varId() == 0)
return;
// Suppress warnings if variable in inner scope has same name as variable in outer scope
if (!tok.isStandardType())
{
2010-01-01 19:49:33 +01:00
std::set<unsigned int> dup;
for (std::list<ExecutionPath *>::const_iterator it = checks.begin(); it != checks.end(); ++it)
{
CheckUninitVar *c = dynamic_cast<CheckUninitVar *>(*it);
if (c && c->varname == vartok->str() && c->varId != vartok->varId())
2010-01-01 19:49:33 +01:00
dup.insert(c->varId);
}
if (!dup.empty())
2010-01-01 19:49:33 +01:00
{
for (std::set<unsigned int>::const_iterator it = dup.begin(); it != dup.end(); ++it)
2010-01-01 19:49:33 +01:00
bailOutVar(checks, *it);
return;
2010-01-01 19:49:33 +01:00
}
}
if (a || p || tok.isStandardType())
checks.push_back(new CheckUninitVar(owner, vartok->varId(), vartok->str(), p, a));
}
/** parse tokens. @sa ExecutionPath::parse */
const Token *parse(const Token &tok, std::list<ExecutionPath *> &checks) const
{
2009-12-21 18:17:35 +01:00
// Variable declaration..
if (Token::Match(tok.previous(), "[;{}] %var%") && tok.str() != "return")
2009-10-29 21:34:43 +01:00
{
if (Token::Match(&tok, "enum %type% {"))
return tok.tokAt(2)->link();
const Token * vartok = &tok;
while (Token::Match(vartok, "const|struct"))
vartok = vartok->next();
2009-12-21 18:17:35 +01:00
if (Token::Match(vartok, "%type% *| %var% ;"))
{
vartok = vartok->next();
const bool p(vartok->str() == "*");
if (p)
vartok = vartok->next();
declare(checks, vartok, tok, p, false);
return vartok;
}
// Variable declaration for array..
if (Token::Match(vartok, "%type% %var% [ %num% ] ;"))
{
vartok = vartok->next();
declare(checks, vartok, tok, false, true);
return vartok->next()->link();
}
// Template pointer variable..
if (Token::Match(vartok, "%type% ::|<"))
{
while (Token::Match(vartok, "%type% ::"))
vartok = vartok->tokAt(2);
if (Token::Match(vartok, "%type% < %type%"))
{
vartok = vartok->tokAt(3);
while (vartok && (vartok->str() == "*" || vartok->isName()))
vartok = vartok->next();
if (Token::Match(vartok, "> * %var% ;"))
{
declare(checks, vartok->tokAt(2), tok, true, false);
return vartok->tokAt(2);
}
}
}
2009-12-21 18:17:35 +01:00
}
if (tok.varId())
2009-12-21 18:17:35 +01:00
{
// Used..
if (Token::Match(tok.previous(), "[[(,+-*/] %var% []),+-*/]"))
{
use(checks, &tok);
return &tok;
}
if (Token::Match(tok.previous(), "++|--") || Token::Match(tok.next(), "++|--"))
{
use(checks, &tok);
return &tok;
}
if (Token::Match(tok.previous(), "[;{}] %var% [=[.]"))
{
if (tok.next()->str() == ".")
{
if (use_dead_pointer(checks, &tok))
{
return &tok;
}
}
else
{
// check variable usages in rhs/index
for (const Token *tok2 = tok.tokAt(2); tok2; tok2 = tok2->next())
{
if (Token::Match(tok2, "[;)=?]"))
break;
if (Token::Match(tok2, "%var% ("))
break;
if (tok2->varId() &&
!Token::Match(tok2->previous(), "&|::") &&
!Token::simpleMatch(tok2->next(), "="))
{
// Multiple assignments..
if (Token::simpleMatch(tok2->next(), "["))
{
const Token * tok3 = tok2;
while (Token::simpleMatch(tok3->next(), "["))
tok3 = tok3->next()->link();
if (Token::simpleMatch(tok3, "] ="))
continue;
}
bool foundError;
if (tok2->previous()->str() == "*" || tok2->next()->str() == "[")
foundError = use_array_or_pointer_data(checks, tok2);
else
foundError = use(checks, tok2);
// prevent duplicate error messages
if (foundError)
{
bailOutVar(checks, tok2->varId());
}
}
}
}
// pointer aliasing?
if (Token::Match(tok.tokAt(2), "%var% ;"))
{
pointer_assignment(checks, &tok, tok.tokAt(2));
}
}
if (Token::simpleMatch(tok.next(), "("))
{
use_pointer(checks, &tok);
}
if (Token::Match(tok.tokAt(-2), "[;{}] *"))
{
if (Token::simpleMatch(tok.next(), "="))
init_pointer(checks, &tok);
else
use_pointer(checks, &tok);
return &tok;
}
2009-11-15 20:26:07 +01:00
// += etc
if (Token::Match(tok.previous(), "[;{}]") || Token::Match(tok.tokAt(-2), "[;{}] *"))
{
// goto the equal..
const Token *eq = tok.next();
if (eq && eq->str() == "[" && eq->link() && eq->link()->next())
eq = eq->link()->next();
// is it X=
if (Token::Match(eq, "+=|-=|*=|/=|&=|^=") || eq->str() == "|=")
{
if (tok.previous()->str() == "*")
use_pointer(checks, &tok);
else if (tok.next()->str() == "[")
use_array(checks, &tok);
else
use(checks, &tok);
}
}
if (Token::Match(tok.next(), "= malloc|kmalloc") || Token::simpleMatch(tok.next(), "= new char ["))
{
2009-12-21 18:17:35 +01:00
alloc_pointer(checks, tok.varId());
if (tok.tokAt(3)->str() == "(")
return tok.tokAt(3);
2009-12-21 18:17:35 +01:00
}
else if (Token::simpleMatch(tok.previous(), ">>") || Token::simpleMatch(tok.next(), "="))
2009-12-21 18:17:35 +01:00
{
ExecutionPath::bailOutVar(checks, tok.varId());
return &tok;
}
if (Token::simpleMatch(tok.next(), "["))
{
const Token *tok2 = tok.next()->link();
if (Token::simpleMatch(tok2 ? tok2->next() : 0, "="))
{
ExecutionPath::bailOutVar(checks, tok.varId());
return &tok;
}
}
if (Token::simpleMatch(tok.previous(), "delete") ||
Token::simpleMatch(tok.tokAt(-3), "delete [ ]"))
{
dealloc_pointer(checks, &tok);
return &tok;
}
2009-10-29 21:34:43 +01:00
}
if (Token::Match(&tok, "%var% (") && uvarFunctions.find(tok.str()) == uvarFunctions.end())
{
if (Token::simpleMatch(&tok, "sizeof ("))
return tok.next()->link();
// deallocate pointer
if (Token::Match(&tok, "free|kfree|fclose ( %var% )"))
{
dealloc_pointer(checks, tok.tokAt(2));
return tok.tokAt(3);
}
// parse usage..
{
std::list<const Token *> var;
parseFunctionCall(tok, var, 1);
for (std::list<const Token *>::const_iterator it = var.begin(); it != var.end(); ++it)
use_array(checks, *it);
// Using uninitialized pointer is bad if using null pointer is bad
std::list<const Token *> var2;
parseFunctionCall(tok, var2, 0);
for (std::list<const Token *>::const_iterator it = var2.begin(); it != var2.end(); ++it)
{
if (std::find(var.begin(), var.end(), *it) == var.end())
use_dead_pointer(checks, *it);
}
}
2009-12-21 18:17:35 +01:00
// strncpy doesn't 0-terminate first parameter
if (Token::Match(&tok, "strncpy ( %var% ,"))
{
if (Token::Match(tok.tokAt(4), "%str% ,"))
{
if (Token::Match(tok.tokAt(6), "%num% )"))
{
const unsigned int len = Token::getStrLength(tok.tokAt(4));
const long sz = MathLib::toLongNumber(tok.strAt(6));
if (sz >= 0 && len >= static_cast<unsigned long>(sz))
{
init_strncpy(checks, tok.tokAt(2));
return tok.next()->link();
}
}
}
else
{
init_strncpy(checks, tok.tokAt(2));
return tok.next()->link();
}
}
2009-12-21 18:17:35 +01:00
if (Token::simpleMatch(&tok, "asm ( )"))
{
ExecutionPath::bailOut(checks);
return &tok;
}
// is the variable passed as a parameter to some function?
unsigned int parlevel = 0;
std::set<unsigned int> bailouts;
for (const Token *tok2 = tok.next(); tok2; tok2 = tok2->next())
{
if (tok2->str() == "(")
++parlevel;
else if (tok2->str() == ")")
{
if (parlevel <= 1)
break;
--parlevel;
}
else if (Token::simpleMatch(tok2, "sizeof ("))
{
tok2 = tok2->next()->link();
if (!tok2)
break;
}
else if (tok2->varId())
{
if (Token::Match(tok2->tokAt(-2), "[(,] *") || Token::Match(tok2->next(), ". %var%"))
{
if (use_dead_pointer(checks, tok2))
ExecutionPath::bailOutVar(checks, tok2->varId());
}
// it is possible that the variable is initialized here
if (Token::Match(tok2->previous(), "[(,] %var% [,)]"))
bailouts.insert(tok2->varId());
// array initialization..
if (Token::Match(tok2->previous(), "[,(] %var% +"))
{
// if var is array, bailout
for (std::list<ExecutionPath *>::const_iterator it = checks.begin(); it != checks.end(); ++it)
{
if ((*it)->varId == tok2->varId())
{
const CheckUninitVar *c = dynamic_cast<const CheckUninitVar *>(*it);
if (c && c->array)
bailouts.insert(tok2->varId());
break;
}
}
}
}
}
for (std::set<unsigned int>::const_iterator it = bailouts.begin(); it != bailouts.end(); ++it)
ExecutionPath::bailOutVar(checks, *it);
}
// function call via function pointer
if (Token::Match(&tok, "( * %var% ) ("))
{
// is the variable passed as a parameter to some function?
unsigned int parlevel = 0;
for (const Token *tok2 = tok.link()->next(); tok2; tok2 = tok2->next())
{
if (tok2->str() == "(")
++parlevel;
else if (tok2->str() == ")")
{
if (parlevel <= 1)
break;
--parlevel;
}
else if (tok2->varId())
{
// it is possible that the variable is initialized here
2009-12-21 18:17:35 +01:00
ExecutionPath::bailOutVar(checks, tok2->varId());
}
}
}
if (tok.str() == "return")
{
2009-12-21 18:17:35 +01:00
// Todo: if (!array && ..
if (Token::Match(tok.next(), "%var% ;"))
{
use(checks, tok.next());
}
else if (Token::Match(tok.next(), "%var% ["))
{
use_array_or_pointer_data(checks, tok.next());
}
}
if (tok.varId())
{
if (Token::simpleMatch(tok.previous(), "="))
{
if (Token::Match(tok.tokAt(-3), "& %var% ="))
{
2009-12-21 18:17:35 +01:00
bailOutVar(checks, tok.varId());
return &tok;
}
if (!Token::Match(tok.tokAt(-3), ". %var% ="))
{
if (!Token::Match(tok.tokAt(-3), "[;{}] %var% ="))
{
use(checks, &tok);
return &tok;
}
const unsigned int varid2 = tok.tokAt(-2)->varId();
if (varid2)
{
{
use(checks, &tok);
return &tok;
}
}
}
}
if (Token::simpleMatch(tok.next(), "."))
{
const Token *tok2 = tok.next();
while (Token::Match(tok2, ". %var%"))
tok2 = tok2->tokAt(2);
if (tok2 && tok2->str() != "=")
use_pointer(checks, &tok);
else
bailOutVar(checks, tok.varId());
return &tok;
}
if (Token::simpleMatch(tok.next(), "["))
{
2009-12-21 18:17:35 +01:00
ExecutionPath::bailOutVar(checks, tok.varId());
return &tok;
}
if (Token::Match(tok.tokAt(-2), "[,(=] *"))
{
use_pointer(checks, &tok);
return &tok;
}
if (Token::simpleMatch(tok.previous(), "&"))
{
ExecutionPath::bailOutVar(checks, tok.varId());
}
}
// Parse "for"
if (Token::Match(&tok, "[;{}] for ("))
{
// initialized variables
std::set<unsigned int> varid1;
varid1.insert(0);
// Parse token
const Token *tok2;
// parse setup
for (tok2 = tok.tokAt(3); tok2; tok2 = tok2->next())
{
if (tok2->str() == ";")
break;
if (tok2->varId())
varid1.insert(tok2->varId());
}
// parse condition
if (Token::Match(tok2, "; %var% <|<=|>=|> %num% ;"))
{
// If the variable hasn't been initialized then call "use"
if (varid1.find(tok2->next()->varId()) == varid1.end())
use(checks, tok2->next());
}
// goto stepcode
tok2 = tok2->next();
while (tok2 && tok2->str() != ";")
tok2 = tok2->next();
// parse the stepcode
if (Token::Match(tok2, "; ++|-- %var% ) {") ||
Token::Match(tok2, "; %var% ++|-- ) {"))
{
// get id of variable..
unsigned int varid = tok2->next()->varId();
if (!varid)
varid = tok2->tokAt(2)->varId();
// Check that the variable hasn't been initialized and
// that it isn't initialized in the body..
if (varid1.find(varid) == varid1.end())
{
unsigned int indentlevel = 0;
for (const Token *tok3 = tok2->tokAt(5); tok3; tok3 = tok3->next())
{
if (tok3->str() == "{")
++indentlevel;
else if (tok3->str() == "}")
{
if (indentlevel == 0)
break;
--indentlevel;
}
if (tok3->varId() == varid)
{
varid = 0; // variable is used.. maybe it's initialized. clear the variable id.
break;
}
}
// If the variable isn't initialized in the body call "use"
if (varid != 0)
{
// goto variable
tok2 = tok2->next();
if (!tok2->varId())
tok2 = tok2->next();
// call "use"
use(checks, tok2);
}
}
}
}
return &tok;
}
2009-12-25 19:45:21 +01:00
2009-12-25 20:50:23 +01:00
bool parseCondition(const Token &tok, std::list<ExecutionPath *> &checks)
2009-12-25 19:45:21 +01:00
{
if (tok.varId() && Token::Match(&tok, "%var% <|<=|==|!=|)"))
use(checks, &tok);
2009-12-25 19:45:21 +01:00
else if (Token::Match(&tok, "!| %var% ["))
use_array_or_pointer_data(checks, tok.str() == "!" ? tok.next() : &tok);
else if (Token::Match(&tok, "!| %var% ("))
2009-12-25 19:45:21 +01:00
{
std::list<const Token *> var;
parseFunctionCall(tok.str() == "!" ? *tok.next() : tok, var, 1);
for (std::list<const Token *>::const_iterator it = var.begin(); it != var.end(); ++it)
use_array(checks, *it);
2009-12-25 19:45:21 +01:00
}
else if (Token::Match(&tok, "! %var% )"))
{
use(checks, &tok);
return false;
}
2009-12-25 19:45:21 +01:00
return ExecutionPath::parseCondition(tok, checks);
}
public:
/** Functions that don't handle uninitialized variables well */
static std::set<std::string> uvarFunctions;
static void analyseFunctions(const Token * const tokens, std::set<std::string> &func)
{
for (const Token *tok = tokens; tok; tok = tok->next())
{
if (tok->str() == "{")
{
tok = tok->link();
continue;
}
if (tok->str() != "::" && Token::Match(tok->next(), "%var% ( %type%"))
{
if (!Token::simpleMatch(tok->tokAt(2)->link(), ") {"))
continue;
const Token *tok2 = tok->tokAt(3);
while (tok2 && tok2->str() != ")")
{
if (tok2->str() == ",")
tok2 = tok2->next();
if (Token::Match(tok2, "%type% %var% ,|)") && tok2->isStandardType())
{
tok2 = tok2->tokAt(2);
continue;
}
if (tok2->isStandardType() && Token::Match(tok2, "%type% & %var% ,|)"))
{
const unsigned int varid(tok2->tokAt(2)->varId());
// flags for read/write
bool r = false, w = false;
// check how the variable is used in the function
unsigned int indentlevel = 0;
for (const Token *tok3 = tok2; tok3; tok3 = tok3->next())
{
if (tok3->str() == "{")
++indentlevel;
else if (tok3->str() == "}")
{
if (indentlevel <= 1)
break;
--indentlevel;
}
else if (indentlevel == 0 && tok3->str() == ";")
break;
else if (indentlevel >= 1 && tok3->varId() == varid)
{
if (Token::Match(tok3->previous(), "++|--") ||
Token::Match(tok3->next(), "++|--"))
{
r = true;
}
else
{
w = true;
break;
}
}
}
if (!r || w)
break;
tok2 = tok2->tokAt(3);
continue;
}
if (Token::Match(tok2, "const %type% &|*| const| %var% ,|)") && tok2->next()->isStandardType())
{
tok2 = tok2->tokAt(3);
while (tok2->isName())
tok2 = tok2->next();
continue;
}
break;
}
// found simple function..
if (tok2->link() == tok->tokAt(2))
func.insert(tok->next()->str());
}
}
}
};
/** Functions that don't handle uninitialized variables well */
std::set<std::string> CheckUninitVar::uvarFunctions;
/// @}
void CheckOther::analyse(const Token * const tokens, std::set<std::string> &func) const
{
CheckUninitVar::analyseFunctions(tokens, func);
}
void CheckOther::saveAnalysisData(const std::set<std::string> &data) const
{
CheckUninitVar::uvarFunctions.insert(data.begin(), data.end());
}
2009-10-29 21:34:43 +01:00
void CheckOther::executionPaths()
2009-10-29 21:34:43 +01:00
{
// Check for null pointer errors..
2009-10-29 21:34:43 +01:00
{
CheckNullpointer c(this);
checkExecutionPaths(_tokenizer->tokens(), &c);
}
2009-12-21 18:17:35 +01:00
// check if variable is accessed uninitialized..
{
// no writing if multiple threads are used (TODO: thread safe analysis?)
if (_settings->_jobs == 1)
CheckUninitVar::analyseFunctions(_tokenizer->tokens(), CheckUninitVar::uvarFunctions);
CheckUninitVar c(this);
checkExecutionPaths(_tokenizer->tokens(), &c);
2009-10-29 21:34:43 +01:00
}
}
void CheckOther::checkZeroDivision()
{
for (const Token *tok = _tokenizer->tokens(); tok; tok = tok->next())
{
if (Token::Match(tok, "/ %num%") &&
MathLib::isInt(tok->next()->str()) &&
MathLib::toLongNumber(tok->next()->str()) == 0L)
{
2009-03-29 18:47:05 +02:00
zerodivError(tok);
}
else if (Token::Match(tok, "div|ldiv|lldiv|imaxdiv ( %num% , %num% )") &&
MathLib::isInt(tok->tokAt(4)->str()) &&
MathLib::toLongNumber(tok->tokAt(4)->str()) == 0L)
{
zerodivError(tok);
}
}
}
void CheckOther::checkMathFunctions()
{
for (const Token *tok = _tokenizer->tokens(); tok; tok = tok->next())
{
2010-04-02 07:32:03 +02:00
// case log(-2)
2010-07-07 09:03:40 +02:00
if (tok->varId() == 0 &&
Token::Match(tok, "log|log10 ( %num% )") &&
MathLib::isNegative(tok->tokAt(2)->str()) &&
MathLib::isInt(tok->tokAt(2)->str()) &&
MathLib::toLongNumber(tok->tokAt(2)->str()) <= 0)
{
mathfunctionCallError(tok);
}
2010-04-02 07:32:03 +02:00
// case log(-2.0)
2010-07-07 09:03:40 +02:00
else if (tok->varId() == 0 &&
Token::Match(tok, "log|log10 ( %num% )") &&
2010-04-02 07:32:03 +02:00
MathLib::isNegative(tok->tokAt(2)->str()) &&
MathLib::isFloat(tok->tokAt(2)->str()) &&
MathLib::toDoubleNumber(tok->tokAt(2)->str()) <= 0.)
{
mathfunctionCallError(tok);
}
// case log(0.0)
2010-07-07 09:03:40 +02:00
else if (tok->varId() == 0 &&
Token::Match(tok, "log|log10 ( %num% )") &&
2010-04-02 07:32:03 +02:00
!MathLib::isNegative(tok->tokAt(2)->str()) &&
MathLib::isFloat(tok->tokAt(2)->str()) &&
MathLib::toDoubleNumber(tok->tokAt(2)->str()) <= 0.)
{
mathfunctionCallError(tok);
}
// case log(0)
2010-07-07 09:03:40 +02:00
else if (tok->varId() == 0 &&
Token::Match(tok, "log|log10 ( %num% )") &&
2010-04-02 07:32:03 +02:00
!MathLib::isNegative(tok->tokAt(2)->str()) &&
MathLib::isInt(tok->tokAt(2)->str()) &&
MathLib::toLongNumber(tok->tokAt(2)->str()) <= 0)
{
mathfunctionCallError(tok);
}
2010-04-02 21:17:09 +02:00
// acos( x ), asin( x ) where x is defined for intervall [-1,+1], but not beyound
2010-07-07 09:03:40 +02:00
else if (tok->varId() == 0 &&
Token::Match(tok, "acos|asin ( %num% )") &&
2010-04-03 07:51:40 +02:00
std::fabs(MathLib::toDoubleNumber(tok->tokAt(2)->str())) > 1.0)
{
mathfunctionCallError(tok);
2010-04-05 19:35:56 +02:00
}
2010-04-05 20:20:20 +02:00
// sqrt( x ): if x is negative the result is undefined
2010-07-07 09:03:40 +02:00
else if (tok->varId() == 0 &&
Token::Match(tok, "sqrt ( %num% )") &&
2010-04-05 20:20:20 +02:00
MathLib::isNegative(tok->tokAt(2)->str()))
{
mathfunctionCallError(tok);
}
2010-04-05 19:57:54 +02:00
// atan2 ( x , y): x and y can not be zero, because this is mathematically not defined
2010-07-07 09:03:40 +02:00
else if (tok->varId() == 0 &&
Token::Match(tok, "atan2 ( %num% , %num% )") &&
2010-04-05 19:35:56 +02:00
MathLib::isNullValue(tok->tokAt(2)->str()) &&
2010-04-05 19:57:54 +02:00
MathLib::isNullValue(tok->tokAt(4)->str()))
2010-04-05 19:35:56 +02:00
{
2010-04-05 19:57:54 +02:00
mathfunctionCallError(tok, 2);
2010-04-02 07:32:03 +02:00
}
2010-04-05 19:57:54 +02:00
// fmod ( x , y) If y is zero, then either a range error will occur or the function will return zero (implementation-defined).
2010-07-07 09:03:40 +02:00
else if (tok->varId() == 0 &&
Token::Match(tok, "fmod ( %num% , %num% )") &&
2010-04-05 19:57:54 +02:00
MathLib::isNullValue(tok->tokAt(4)->str()))
2010-04-05 19:45:33 +02:00
{
2010-04-05 19:57:54 +02:00
mathfunctionCallError(tok, 2);
2010-04-05 20:07:53 +02:00
}
2010-04-05 20:12:43 +02:00
// pow ( x , y) If x is zero, and y is negative --> division by zero
2010-07-07 09:03:40 +02:00
else if (tok->varId() == 0 &&
Token::Match(tok, "pow ( %num% , %num% )") &&
2010-04-05 20:12:43 +02:00
MathLib::isNullValue(tok->tokAt(2)->str()) &&
MathLib::isNegative(tok->tokAt(4)->str()))
2010-04-05 20:07:53 +02:00
{
2010-04-05 20:12:43 +02:00
mathfunctionCallError(tok, 2);
2010-04-05 19:45:33 +02:00
}
}
}
bool CheckOther::isIdentifierObjectType(const Token * const tok)
{
const std::string identifier = tok->tokAt(1)->str();
const std::map<std::string, bool>::const_iterator found = isClassResults.find(identifier);
if (found != isClassResults.end())
{
return found->second;
}
const std::string classDef = std::string("class|struct ") + identifier;
const bool result = Token::findmatch(_tokenizer->tokens(), classDef.c_str());
isClassResults.insert(std::make_pair(identifier, result));
return result;
}
void CheckOther::checkMisusedScopedObject()
{
bool withinFunction = false;
unsigned int depth = 0;
std::string className = "";
for (const Token *tok = _tokenizer->tokens(); tok; tok = tok->next())
{
withinFunction |= Token::Match(tok, ") const| {");
if (withinFunction)
{
if (tok->str() == "{")
{
++depth;
}
else if (tok->str() == "}")
{
--depth;
withinFunction &= depth > 0;
if (tok->strAt(1) == ";" && !className.empty())
{
isClassResults[className] = true;
className.clear();
}
}
else if (Token::Match(tok, "class|struct"))
{
className = tok->strAt(1);
isClassResults.insert(std::make_pair(className, false));
}
if (withinFunction
&& Token::Match(tok, "[;{}] %var% (")
&& Token::Match(tok->tokAt(2)->link(), ") ;")
&& isIdentifierObjectType(tok)
)
{
tok = tok->next();
misusedScopeObjectError(tok, tok->str());
tok = tok->next();
}
}
}
}
void CheckOther::postIncrement()
{
if (!_settings->_checkCodingStyle || !_settings->inconclusive)
return;
for (const Token *tok = _tokenizer->tokens(); tok; tok = tok->next())
{
if (Token::simpleMatch(tok, "for ("))
{
2009-07-25 19:36:57 +02:00
const Token *tok2 = tok->next()->link();
if (tok2)
2009-07-25 19:36:57 +02:00
tok2 = tok2->tokAt(-3);
if (Token::Match(tok2, "; %var% ++|-- )"))
{
if (tok2->next()->varId() == 0)
continue;
// Take a look at the variable declaration
const Token *decltok = Token::findmatch(_tokenizer->tokens(), "%varid%", tok2->tokAt(1)->varId());
const std::string classDef = std::string("class ") + std::string(decltok->previous()->strAt(0));
// Is the variable an iterator?
if (decltok && Token::Match(decltok->previous(), "iterator|const_iterator"))
postIncrementError(tok2, tok2->strAt(1), (std::string("++") == tok2->strAt(2)));
// Is the variable a class?
else if (Token::findmatch(_tokenizer->tokens(), classDef.c_str()))
postIncrementError(tok2, tok2->strAt(1), (std::string("++") == tok2->strAt(2)));
}
}
}
}
2009-03-21 17:58:13 +01:00
void CheckOther::cstyleCastError(const Token *tok)
{
reportError(tok, Severity::style, "cstyleCast", "C-style pointer casting");
2009-03-21 17:58:13 +01:00
}
void CheckOther::dangerousUsageStrtolError(const Token *tok)
{
reportError(tok, Severity::error, "dangerousUsageStrtol", "Invalid radix in call to strtol or strtoul. Must be 0 or 2-36");
2009-03-21 17:58:13 +01:00
}
void CheckOther::sprintfOverlappingDataError(const Token *tok, const std::string &varname)
{
reportError(tok, Severity::error, "sprintfOverlappingData", "Undefined behaviour: " + varname + " is used wrong in call to sprintf or snprintf. Quote: If copying takes place between objects that overlap as a result of a call to sprintf() or snprintf(), the results are undefined.");
2009-03-21 17:58:13 +01:00
}
void CheckOther::udivError(const Token *tok)
{
reportError(tok, Severity::error, "udivError", "Unsigned division. The result will be wrong.");
2009-03-21 17:58:13 +01:00
}
void CheckOther::unusedStructMemberError(const Token *tok, const std::string &structname, const std::string &varname)
{
reportError(tok, Severity::style, "unusedStructMember", "struct or union member '" + structname + "::" + varname + "' is never used");
2009-03-21 17:58:13 +01:00
}
void CheckOther::passedByValueError(const Token *tok, const std::string &parname)
{
reportError(tok, Severity::style, "passedByValue", "Function parameter '" + parname + "' is passed by value. It could be passed by reference instead.");
2009-03-21 17:58:13 +01:00
}
void CheckOther::constStatementError(const Token *tok, const std::string &type)
{
reportError(tok, Severity::style, "constStatement", "Redundant code: Found a statement that begins with " + type + " constant");
2009-03-21 17:58:13 +01:00
}
void CheckOther::charArrayIndexError(const Token *tok)
{
reportError(tok, Severity::style, "charArrayIndex", "Warning - using char variable as array index");
2009-03-21 17:58:13 +01:00
}
void CheckOther::charBitOpError(const Token *tok)
{
reportError(tok, Severity::style, "charBitOp", "Warning - using char variable in bit operation");
2009-03-21 17:58:13 +01:00
}
void CheckOther::variableScopeError(const Token *tok, const std::string &varname)
{
reportError(tok,
Severity::style,
"variableScope",
"The scope of the variable " + varname + " can be reduced\n"
"Warning: It can be unsafe to fix this message. Be careful. Especially when there are inner loops.\n"
"Here is an example where cppcheck will write that the scope for 'i' can be reduced:\n"
"void f(int x)\n"
"{\n"
" int i = 0;\n"
" if (x) {\n"
" // it's safe to move 'int i = 0' here\n"
" for (int n = 0; n < 10; ++n) {\n"
" // it is possible but not safe to move 'int i = 0' here\n"
" do_something(&i);\n"
" }\n"
" }\n"
"}\n"
"\n"
"When you see this message it is always safe to reduce the variable scope 1 level.");
2009-03-21 17:58:13 +01:00
}
void CheckOther::conditionAlwaysTrueFalse(const Token *tok, const std::string &truefalse)
{
reportError(tok, Severity::style, "conditionAlwaysTrueFalse", "Condition is always " + truefalse);
2009-03-21 17:58:13 +01:00
}
void CheckOther::strPlusChar(const Token *tok)
{
reportError(tok, Severity::error, "strPlusChar", "Unusual pointer arithmetic");
2009-03-21 17:58:13 +01:00
}
void CheckOther::nullPointerError(const Token *tok)
{
reportError(tok, Severity::error, "nullPointer", "Null pointer dereference");
}
void CheckOther::nullPointerError(const Token *tok, const std::string &varname)
{
reportError(tok, Severity::error, "nullPointer", "Possible null pointer dereference: " + varname);
}
void CheckOther::nullPointerError(const Token *tok, const std::string &varname, const unsigned int line)
{
reportError(tok, Severity::error, "nullPointer", "Possible null pointer dereference: " + varname + " - otherwise it is redundant to check if " + varname + " is null at line " + MathLib::toString<unsigned int>(line));
}
void CheckOther::uninitstringError(const Token *tok, const std::string &varname)
{
reportError(tok, Severity::error, "uninitstring", "Dangerous usage of '" + varname + "' (strncpy doesn't always 0-terminate it)");
}
void CheckOther::uninitdataError(const Token *tok, const std::string &varname)
{
reportError(tok, Severity::error, "uninitdata", "Data is allocated but not initialized: " + varname);
}
2009-10-29 21:34:43 +01:00
void CheckOther::uninitvarError(const Token *tok, const std::string &varname)
{
reportError(tok, Severity::error, "uninitvar", "Uninitialized variable: " + varname);
}
2009-03-29 18:47:05 +02:00
void CheckOther::zerodivError(const Token *tok)
{
reportError(tok, Severity::error, "zerodiv", "Division by zero");
}
2010-04-05 19:35:56 +02:00
void CheckOther::mathfunctionCallError(const Token *tok, const unsigned int numParam)
{
if (tok)
2010-04-05 19:35:56 +02:00
{
2010-04-05 19:57:54 +02:00
if (numParam == 1)
reportError(tok, Severity::error, "wrongmathcall", "Passing value " + tok->tokAt(2)->str() + " to " + tok->str() + "() leads to undefined result");
else if (numParam == 2)
reportError(tok, Severity::error, "wrongmathcall", "Passing value " + tok->tokAt(2)->str() + " and " + tok->tokAt(4)->str() + " to " + tok->str() + "() leads to undefined result");
}
else
reportError(tok, Severity::error, "wrongmathcall", "Passing value " " to " "() leads to undefined result");
}
void CheckOther::postIncrementError(const Token *tok, const std::string &var_name, const bool isIncrement)
{
std::string type = (isIncrement ? "Incrementing" : "Decrementing");
reportError(tok, Severity::style, "postIncrementDecrement", ("Pre-" + type + " variable '" + var_name + "' is preferred to Post-" + type));
}
void CheckOther::emptyStringTestError(const Token *tok, const std::string &var_name, const bool isTestForEmpty)
{
if (isTestForEmpty)
{
reportError(tok, Severity::style,
2010-04-13 19:30:51 +02:00
"emptyStringTest", "Empty string test can be simplified to \"*" + var_name + " == '\\0'\"");
}
else
{
reportError(tok, Severity::style,
2010-04-13 19:30:51 +02:00
"emptyStringTest", "Non-empty string test can be simplified to \"*" + var_name + " != '\\0'\"");
}
}
void CheckOther::fflushOnInputStreamError(const Token *tok, const std::string &varname)
{
reportError(tok, Severity::error,
"fflushOnInputStream", "fflush() called on input stream \"" + varname + "\" may result in undefined behaviour");
}
void CheckOther::sizeofsizeof()
{
if (!_settings->_checkCodingStyle)
return;
for (const Token *tok = _tokenizer->tokens(); tok; tok = tok->next())
{
if (Token::simpleMatch(tok, "sizeof sizeof"))
sizeofsizeofError(tok);
}
}
void CheckOther::sizeofsizeofError(const Token *tok)
{
reportError(tok, Severity::style,
"sizeofsizeof", "Suspicious code 'sizeof sizeof ..', most likely there should only be one sizeof. The current code is equivalent to 'sizeof(size_t)'.");
}
void CheckOther::sizeofCalculation()
{
if (!_settings->_checkCodingStyle)
return;
for (const Token *tok = _tokenizer->tokens(); tok; tok = tok->next())
{
if (Token::simpleMatch(tok, "sizeof ("))
{
unsigned int parlevel = 0;
for (const Token *tok2 = tok->tokAt(2); tok2; tok2 = tok2->next())
{
if (tok2->str() == "(")
++parlevel;
else if (tok2->str() == ")")
{
if (parlevel <= 1)
break;
--parlevel;
}
else if (Token::Match(tok2, "+|/"))
{
sizeofCalculationError(tok2);
break;
}
}
}
}
}
void CheckOther::sizeofCalculationError(const Token *tok)
{
reportError(tok, Severity::style,
"sizeofCalculation", "Found calculation inside sizeof()");
}
void CheckOther::redundantAssignmentInSwitchError(const Token *tok, const std::string &varname)
{
reportError(tok, Severity::style,
"redundantAssignInSwitch", "Redundant assignment of \"" + varname + "\" in switch");
}
void CheckOther::selfAssignmentError(const Token *tok, const std::string &varname)
{
reportError(tok, Severity::style,
"selfAssignment", "Redundant assignment of \"" + varname + "\" to itself");
}
void CheckOther::misusedScopeObjectError(const Token *tok, const std::string& varname)
{
reportError(tok, Severity::error,
"unusedScopedObject", "instance of \"" + varname + "\" object destroyed immediately");
}