2010-10-31 12:31:11 +01:00
/*
* Cppcheck - A tool for static C / C + + code analysis
2015-01-03 12:14:58 +01:00
* Copyright ( C ) 2007 - 2015 Daniel Marjamäki and Cppcheck team .
2010-10-31 12:31:11 +01:00
*
* This program is free software : you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation , either version 3 of the License , or
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
* along with this program . If not , see < http : //www.gnu.org/licenses/>.
*/
//---------------------------------------------------------------------------
# include "checkuninitvar.h"
# include "mathlib.h"
# include "executionpath.h"
# include "checknullpointer.h" // CheckNullPointer::parseFunctionCall
2011-12-13 21:57:27 +01:00
# include "symboldatabase.h"
2010-10-31 12:31:11 +01:00
# include <algorithm>
2012-12-24 19:11:13 +01:00
# include <map>
2013-01-24 19:41:15 +01:00
# include <cassert>
2014-04-21 12:01:02 +02:00
# include <stack>
2010-10-31 12:31:11 +01:00
//---------------------------------------------------------------------------
// Register this check class (by creating a static instance of it)
2011-10-13 20:53:06 +02:00
namespace {
2011-11-30 18:57:52 +01:00
CheckUninitVar instance ;
2010-10-31 12:31:11 +01:00
}
//---------------------------------------------------------------------------
2012-07-17 07:03:40 +02:00
// Skip [ .. ]
static const Token * skipBrackets ( const Token * tok )
{
while ( tok & & tok - > str ( ) = = " [ " )
tok = tok - > link ( ) - > next ( ) ;
return tok ;
}
2010-10-31 12:31:11 +01:00
/// @addtogroup Checks
/// @{
/**
* @ brief % Check that uninitialized variables aren ' t used ( using ExecutionPath )
* */
2011-10-13 20:53:06 +02:00
class UninitVar : public ExecutionPath {
2010-10-31 12:31:11 +01:00
public :
/** Startup constructor */
2013-07-15 08:44:00 +02:00
explicit UninitVar ( Check * c , const SymbolDatabase * db , const Library * lib , bool isc )
2014-11-20 14:20:09 +01:00
: ExecutionPath ( c , 0 ) , symbolDatabase ( db ) , library ( lib ) , isC ( isc ) , var ( 0 ) , alloc ( false ) , strncpy_ ( false ) , memset_nonzero ( false ) {
2010-10-31 12:31:11 +01:00
}
private :
/** Create a copy of this check */
2014-11-20 14:20:09 +01:00
ExecutionPath * copy ( ) {
2010-10-31 12:31:11 +01:00
return new UninitVar ( * this ) ;
}
/** internal constructor for creating extra checks */
2013-07-15 08:44:00 +02:00
UninitVar ( Check * c , const Variable * v , const SymbolDatabase * db , const Library * lib , bool isc )
2014-11-20 14:20:09 +01:00
: ExecutionPath ( c , v - > declarationId ( ) ) , symbolDatabase ( db ) , library ( lib ) , isC ( isc ) , var ( v ) , alloc ( false ) , strncpy_ ( false ) , memset_nonzero ( false ) {
2010-10-31 12:31:11 +01:00
}
/** is other execution path equal? */
2014-11-20 14:20:09 +01:00
bool is_equal ( const ExecutionPath * e ) const {
2010-10-31 12:31:11 +01:00
const UninitVar * c = static_cast < const UninitVar * > ( e ) ;
2012-05-25 13:40:18 +02:00
return ( var = = c - > var & & alloc = = c - > alloc & & strncpy_ = = c - > strncpy_ & & memset_nonzero = = c - > memset_nonzero ) ;
2010-10-31 12:31:11 +01:00
}
2012-05-25 13:40:18 +02:00
/** pointer to symbol database */
const SymbolDatabase * symbolDatabase ;
2010-10-31 12:31:11 +01:00
2013-07-15 08:44:00 +02:00
/** pointer to library */
const Library * library ;
2012-06-22 19:57:07 +02:00
const bool isC ;
2012-05-25 13:40:18 +02:00
/** variable for this check */
const Variable * var ;
2010-10-31 12:31:11 +01:00
/** is this variable allocated? */
bool alloc ;
/** is this variable initialized with strncpy (not always zero-terminated) */
bool strncpy_ ;
2011-09-05 19:42:48 +02:00
/** is this variable initialized but not zero-terminated (memset) */
bool memset_nonzero ;
2010-10-31 12:31:11 +01:00
/** allocating pointer. For example : p = malloc(10); */
2014-11-20 14:20:09 +01:00
static void alloc_pointer ( std : : list < ExecutionPath * > & checks , unsigned int varid ) {
2011-01-01 18:24:27 +01:00
// loop through the checks and perform a allocation if the
// variable id matches
2010-10-31 12:31:11 +01:00
std : : list < ExecutionPath * > : : const_iterator it ;
2011-10-13 20:53:06 +02:00
for ( it = checks . begin ( ) ; it ! = checks . end ( ) ; + + it ) {
2010-10-31 12:31:11 +01:00
UninitVar * c = dynamic_cast < UninitVar * > ( * it ) ;
2012-05-14 18:34:39 +02:00
if ( c & & c - > varId = = varid ) {
2012-05-25 13:40:18 +02:00
if ( c - > var - > isPointer ( ) & & ! c - > var - > isArray ( ) )
2012-05-14 18:34:39 +02:00
c - > alloc = true ;
else
bailOutVar ( checks , varid ) ;
break ;
}
2010-10-31 12:31:11 +01:00
}
}
/** Initializing a pointer value. For example: *p = 0; */
2014-11-20 14:20:09 +01:00
static void init_pointer ( std : : list < ExecutionPath * > & checks , const Token * tok ) {
2010-10-31 12:31:11 +01:00
const unsigned int varid ( tok - > varId ( ) ) ;
if ( ! varid )
return ;
2011-01-01 18:24:27 +01:00
// loop through the checks and perform a initialization if the
// variable id matches
2010-10-31 12:31:11 +01:00
std : : list < ExecutionPath * > : : iterator it = checks . begin ( ) ;
2011-10-13 20:53:06 +02:00
while ( it ! = checks . end ( ) ) {
2010-10-31 12:31:11 +01:00
UninitVar * c = dynamic_cast < UninitVar * > ( * it ) ;
2011-10-13 20:53:06 +02:00
if ( c & & c - > varId = = varid ) {
2012-05-25 13:40:18 +02:00
if ( c - > alloc | | c - > var - > isArray ( ) ) {
2010-10-31 12:31:11 +01:00
delete c ;
checks . erase ( it + + ) ;
continue ;
2011-10-13 20:53:06 +02:00
} else {
2010-10-31 12:31:11 +01:00
use_pointer ( checks , tok ) ;
}
}
+ + it ;
}
}
/** Deallocate a pointer. For example: free(p); */
2014-11-20 14:20:09 +01:00
static void dealloc_pointer ( std : : list < ExecutionPath * > & checks , const Token * tok ) {
2010-10-31 12:31:11 +01:00
const unsigned int varid ( tok - > varId ( ) ) ;
if ( ! varid )
return ;
2011-01-01 18:24:27 +01:00
// loop through the checks and perform a deallocation if the
// variable id matches
2010-10-31 12:31:11 +01:00
std : : list < ExecutionPath * > : : const_iterator it ;
2011-10-13 20:53:06 +02:00
for ( it = checks . begin ( ) ; it ! = checks . end ( ) ; + + it ) {
2010-10-31 12:31:11 +01:00
UninitVar * c = dynamic_cast < UninitVar * > ( * it ) ;
2011-10-13 20:53:06 +02:00
if ( c & & c - > varId = = varid ) {
2011-01-01 18:24:27 +01:00
// unallocated pointer variable => error
2012-05-25 13:40:18 +02:00
if ( c - > var - > isPointer ( ) & & ! c - > var - > isArray ( ) & & ! c - > alloc ) {
2010-10-31 12:31:11 +01:00
CheckUninitVar * checkUninitVar = dynamic_cast < CheckUninitVar * > ( c - > owner ) ;
2011-10-13 20:53:06 +02:00
if ( checkUninitVar ) {
2012-05-25 13:40:18 +02:00
checkUninitVar - > uninitvarError ( tok , c - > var - > name ( ) ) ;
2010-10-31 12:31:11 +01:00
break ;
}
}
c - > alloc = false ;
}
}
}
/**
* Pointer assignment : p = x ;
* if p is a pointer and x is an array / pointer then bail out
* \ param checks all available checks
* \ param tok1 the " p " token
* \ param tok2 the " x " token
*/
2014-11-20 14:20:09 +01:00
static void pointer_assignment ( std : : list < ExecutionPath * > & checks , const Token * tok1 , const Token * tok2 ) {
2011-01-01 18:24:27 +01:00
// Variable id for "left hand side" variable
2010-10-31 12:31:11 +01:00
const unsigned int varid1 ( tok1 - > varId ( ) ) ;
if ( varid1 = = 0 )
return ;
2011-01-01 18:24:27 +01:00
// Variable id for "right hand side" variable
2010-10-31 12:31:11 +01:00
const unsigned int varid2 ( tok2 - > varId ( ) ) ;
if ( varid2 = = 0 )
return ;
std : : list < ExecutionPath * > : : const_iterator it ;
// bail out if first variable is a pointer
2011-10-13 20:53:06 +02:00
for ( it = checks . begin ( ) ; it ! = checks . end ( ) ; + + it ) {
2010-10-31 12:31:11 +01:00
UninitVar * c = dynamic_cast < UninitVar * > ( * it ) ;
2012-05-25 13:40:18 +02:00
if ( c & & c - > varId = = varid1 & & c - > var - > isPointer ( ) & & ! c - > var - > isArray ( ) ) {
2010-10-31 12:31:11 +01:00
bailOutVar ( checks , varid1 ) ;
break ;
}
}
// bail out if second variable is a array/pointer
2011-10-13 20:53:06 +02:00
for ( it = checks . begin ( ) ; it ! = checks . end ( ) ; + + it ) {
2010-10-31 12:31:11 +01:00
UninitVar * c = dynamic_cast < UninitVar * > ( * it ) ;
2012-05-25 13:40:18 +02:00
if ( c & & c - > varId = = varid2 & & ( c - > var - > isPointer ( ) | | c - > var - > isArray ( ) ) ) {
2010-10-31 12:31:11 +01:00
bailOutVar ( checks , varid2 ) ;
break ;
}
}
}
/** Initialize an array with strncpy. */
2014-11-20 14:20:09 +01:00
static void init_strncpy ( std : : list < ExecutionPath * > & checks , const Token * tok ) {
2010-10-31 12:31:11 +01:00
const unsigned int varid ( tok - > varId ( ) ) ;
if ( ! varid )
return ;
std : : list < ExecutionPath * > : : const_iterator it ;
2011-10-13 20:53:06 +02:00
for ( it = checks . begin ( ) ; it ! = checks . end ( ) ; + + it ) {
2010-10-31 12:31:11 +01:00
UninitVar * c = dynamic_cast < UninitVar * > ( * it ) ;
2011-10-13 20:53:06 +02:00
if ( c & & c - > varId = = varid ) {
2010-10-31 12:31:11 +01:00
c - > strncpy_ = true ;
}
}
}
2011-09-05 19:42:48 +02:00
/** Initialize an array with memset (not zero). */
2014-11-20 14:20:09 +01:00
static void init_memset_nonzero ( std : : list < ExecutionPath * > & checks , const Token * tok ) {
2011-09-05 19:42:48 +02:00
const unsigned int varid ( tok - > varId ( ) ) ;
if ( ! varid )
return ;
std : : list < ExecutionPath * > : : const_iterator it ;
2011-10-13 20:53:06 +02:00
for ( it = checks . begin ( ) ; it ! = checks . end ( ) ; + + it ) {
2011-09-05 19:42:48 +02:00
UninitVar * c = dynamic_cast < UninitVar * > ( * it ) ;
2011-10-13 20:53:06 +02:00
if ( c & & c - > varId = = varid ) {
2011-09-05 19:42:48 +02:00
c - > memset_nonzero = true ;
}
}
}
2010-10-31 12:31:11 +01:00
/**
* use - called from the use * functions below .
* @ param checks all available checks
* @ param tok variable token
* @ param mode specific behaviour
* @ return if error is found , true is returned
*/
2014-11-20 14:20:09 +01:00
static bool use ( std : : list < ExecutionPath * > & checks , const Token * tok , const int mode ) {
2010-10-31 12:31:11 +01:00
const unsigned int varid ( tok - > varId ( ) ) ;
if ( varid = = 0 )
return false ;
std : : list < ExecutionPath * > : : const_iterator it ;
2011-10-13 20:53:06 +02:00
for ( it = checks . begin ( ) ; it ! = checks . end ( ) ; + + it ) {
2010-10-31 12:31:11 +01:00
UninitVar * c = dynamic_cast < UninitVar * > ( * it ) ;
2011-10-13 20:53:06 +02:00
if ( c & & c - > varId = = varid ) {
2010-10-31 12:31:11 +01:00
// mode 0 : the variable is used "directly"
// example: .. = var;
// it is ok to read the address of an uninitialized array.
// it is ok to read the address of an allocated pointer
2012-05-25 13:40:18 +02:00
if ( mode = = 0 & & ( c - > var - > isArray ( ) | | ( c - > var - > isPointer ( ) & & c - > alloc ) ) )
2010-10-31 12:31:11 +01:00
continue ;
2011-10-29 19:11:42 +02:00
// mode 2 : reading array data with mem.. function. It's ok if the
2012-11-03 21:21:19 +01:00
// array is not null-terminated
2011-10-29 19:11:42 +02:00
if ( mode = = 2 & & c - > strncpy_ )
continue ;
// mode 3 : bad usage of pointer. if it's not a pointer then the usage is ok.
2010-10-31 12:31:11 +01:00
// example: ptr->foo();
2012-05-25 13:40:18 +02:00
if ( mode = = 3 & & ( ! c - > var - > isPointer ( ) | | c - > var - > isArray ( ) ) )
2010-10-31 12:31:11 +01:00
continue ;
2011-10-29 19:11:42 +02:00
// mode 4 : using dead pointer is invalid.
2012-05-25 13:40:18 +02:00
if ( mode = = 4 & & ( ! c - > var - > isPointer ( ) | | c - > var - > isArray ( ) | | c - > alloc ) )
2010-10-31 12:31:11 +01:00
continue ;
2011-10-29 19:11:42 +02:00
// mode 5 : reading uninitialized array or pointer is invalid.
2012-05-25 13:40:18 +02:00
if ( mode = = 5 & & ( ! c - > var - > isArray ( ) & & ! c - > var - > isPointer ( ) ) )
2010-10-31 12:31:11 +01:00
continue ;
CheckUninitVar * checkUninitVar = dynamic_cast < CheckUninitVar * > ( c - > owner ) ;
2011-10-13 20:53:06 +02:00
if ( checkUninitVar ) {
2013-02-10 13:36:40 +01:00
if ( c - > strncpy_ | | c - > memset_nonzero ) {
2013-02-10 23:53:01 +01:00
if ( ! Token : : Match ( c - > var - > typeStartToken ( ) , " char|wchar_t " ) ) {
2013-02-10 13:36:40 +01:00
continue ;
}
2014-05-23 22:31:01 +02:00
if ( Token : : Match ( tok - > next ( ) , " [ " ) ) { // Check if it's not being accessed like: 'str[1]'
2013-08-29 13:12:05 +02:00
continue ;
}
2012-05-25 13:40:18 +02:00
checkUninitVar - > uninitstringError ( tok , c - > var - > name ( ) , c - > strncpy_ ) ;
2013-02-10 23:53:01 +01:00
} else if ( c - > var - > isPointer ( ) & & ! c - > var - > isArray ( ) & & c - > alloc )
2012-05-25 13:40:18 +02:00
checkUninitVar - > uninitdataError ( tok , c - > var - > name ( ) ) ;
2010-10-31 12:31:11 +01:00
else
2012-05-25 13:40:18 +02:00
checkUninitVar - > uninitvarError ( tok , c - > var - > name ( ) ) ;
2010-10-31 12:31:11 +01:00
return true ;
}
}
}
// No error found
return false ;
}
/**
* Reading variable . Use this function in situations when it is
* invalid to read the data of the variable but not the address .
* @ param checks all available checks
* @ param tok variable token
* @ return if error is found , true is returned
*/
2014-11-20 14:20:09 +01:00
static bool use ( std : : list < ExecutionPath * > & checks , const Token * tok ) {
2010-10-31 12:31:11 +01:00
return use ( checks , tok , 0 ) ;
}
/**
* Reading array elements . If the variable is not an array then the usage is ok .
* @ param checks all available checks
* @ param tok variable token
*/
2014-11-20 14:20:09 +01:00
static void use_array ( std : : list < ExecutionPath * > & checks , const Token * tok ) {
2010-10-31 12:31:11 +01:00
use ( checks , tok , 1 ) ;
}
2011-10-29 19:11:42 +02:00
/**
2012-11-03 21:21:19 +01:00
* Reading array elements with a " mem.. " function . It ' s ok if the array is not null - terminated .
2011-10-29 19:11:42 +02:00
* @ param checks all available checks
* @ param tok variable token
*/
2014-11-20 14:20:09 +01:00
static void use_array_mem ( std : : list < ExecutionPath * > & checks , const Token * tok ) {
2011-10-29 19:11:42 +02:00
use ( checks , tok , 2 ) ;
}
2010-10-31 12:31:11 +01:00
/**
* Bad pointer usage . If the variable is not a pointer then the usage is ok .
* @ param checks all available checks
* @ param tok variable token
* @ return if error is found , true is returned
*/
2014-11-20 14:20:09 +01:00
static bool use_pointer ( std : : list < ExecutionPath * > & checks , const Token * tok ) {
2011-10-29 19:11:42 +02:00
return use ( checks , tok , 3 ) ;
2010-10-31 12:31:11 +01:00
}
/**
* Using variable . . if it ' s a dead pointer the usage is invalid .
* @ param checks all available checks
* @ param tok variable token
* @ return if error is found , true is returned
*/
2014-11-20 14:20:09 +01:00
static bool use_dead_pointer ( std : : list < ExecutionPath * > & checks , const Token * tok ) {
2011-10-29 19:11:42 +02:00
return use ( checks , tok , 4 ) ;
2010-10-31 12:31:11 +01:00
}
/**
* Using variable . . reading from uninitialized array or pointer data is invalid .
* Example : = x [ 0 ] ;
* @ param checks all available checks
* @ param tok variable token
* @ return if error is found , true is returned
*/
2014-11-20 14:20:09 +01:00
static bool use_array_or_pointer_data ( std : : list < ExecutionPath * > & checks , const Token * tok ) {
2011-10-29 19:11:42 +02:00
return use ( checks , tok , 5 ) ;
2010-10-31 12:31:11 +01:00
}
2010-11-05 19:24:14 +01:00
/**
* Parse right hand side expression in statement
* @ param tok2 start token of rhs
* @ param checks the execution paths
*/
2014-11-20 14:20:09 +01:00
static void parserhs ( const Token * tok2 , std : : list < ExecutionPath * > & checks ) {
2010-11-05 19:24:14 +01:00
// check variable usages in rhs/index
2014-02-15 08:46:28 +01:00
while ( nullptr ! = ( tok2 = tok2 - > next ( ) ) ) {
2012-06-23 12:19:03 +02:00
if ( Token : : Match ( tok2 , " [;)=] " ) )
2010-11-05 19:24:14 +01:00
break ;
if ( Token : : Match ( tok2 , " %var% ( " ) )
break ;
2014-03-14 16:26:37 +01:00
if ( Token : : Match ( tok2 , " %var% < " ) & & Token : : simpleMatch ( tok2 - > linkAt ( 1 ) , " > ( " ) )
2013-10-26 18:39:40 +02:00
break ;
2010-11-05 19:24:14 +01:00
if ( tok2 - > varId ( ) & &
! Token : : Match ( tok2 - > previous ( ) , " &|:: " ) & &
2011-05-05 21:26:18 +02:00
! Token : : simpleMatch ( tok2 - > tokAt ( - 2 ) , " & ( " ) & &
2015-01-06 18:03:40 +01:00
! Token : : Match ( tok2 - > tokAt ( 1 ) , " )| = " ) ) {
2010-11-05 19:24:14 +01:00
// Multiple assignments..
2011-10-13 20:53:06 +02:00
if ( Token : : Match ( tok2 - > next ( ) , " .|[ " ) ) {
2010-11-05 19:24:14 +01:00
const Token * tok3 = tok2 ;
2011-10-13 20:53:06 +02:00
while ( tok3 ) {
2010-11-30 18:40:36 +01:00
if ( Token : : Match ( tok3 - > next ( ) , " . %var% " ) )
tok3 = tok3 - > tokAt ( 2 ) ;
else if ( tok3 - > strAt ( 1 ) = = " [ " )
tok3 = tok3 - > next ( ) - > link ( ) ;
else
break ;
}
2010-12-01 18:05:57 +01:00
if ( tok3 & & tok3 - > strAt ( 1 ) = = " = " )
2010-11-05 19:24:14 +01:00
continue ;
}
bool foundError ;
if ( tok2 - > previous ( ) - > str ( ) = = " * " | | tok2 - > next ( ) - > str ( ) = = " [ " )
foundError = use_array_or_pointer_data ( checks , tok2 ) ;
else
foundError = use ( checks , tok2 ) ;
// prevent duplicate error messages
2011-10-13 20:53:06 +02:00
if ( foundError ) {
2010-11-05 19:24:14 +01:00
bailOutVar ( checks , tok2 - > varId ( ) ) ;
}
}
}
}
2010-10-31 12:31:11 +01:00
/** parse tokens. @sa ExecutionPath::parse */
2014-11-20 14:20:09 +01:00
const Token * parse ( const Token & tok , std : : list < ExecutionPath * > & checks ) const {
2010-10-31 12:31:11 +01:00
// Variable declaration..
2012-05-25 13:40:18 +02:00
if ( tok . varId ( ) & & Token : : Match ( & tok , " %var% [[;] " ) ) {
2013-02-02 16:27:12 +01:00
const Variable * var2 = tok . variable ( ) ;
2013-11-25 06:38:23 +01:00
if ( var2 & & var2 - > nameToken ( ) = = & tok & & ! var2 - > isStatic ( ) & & ! var2 - > isExtern ( ) & & ! var2 - > isConst ( ) & & ! Token : : simpleMatch ( tok . linkAt ( 1 ) , " ] [ " ) ) {
2012-05-25 16:28:32 +02:00
if ( tok . linkAt ( 1 ) ) { // array
2012-06-08 16:17:55 +02:00
const Token * endtok = tok . next ( ) ;
while ( endtok - > link ( ) )
endtok = endtok - > link ( ) - > next ( ) ;
if ( endtok - > str ( ) ! = " ; " )
2012-05-25 16:28:32 +02:00
return & tok ;
}
2012-05-25 13:40:18 +02:00
const Scope * parent = var2 - > scope ( ) - > nestedIn ;
while ( parent ) {
for ( std : : list < Variable > : : const_iterator j = parent - > varlist . begin ( ) ; j ! = parent - > varlist . end ( ) ; + + j ) {
if ( j - > name ( ) = = var2 - > name ( ) ) {
2013-07-20 12:31:04 +02:00
ExecutionPath : : bailOutVar ( checks , j - > declarationId ( ) ) ; // If there is a variable with the same name in other scopes, this might cause false positives, if there are unexpanded macros
2012-05-25 13:40:18 +02:00
break ;
}
}
parent = parent - > nestedIn ;
}
2010-10-31 12:31:11 +01:00
2012-05-25 13:40:18 +02:00
if ( var2 - > isPointer ( ) )
2013-07-15 08:44:00 +02:00
checks . push_back ( new UninitVar ( owner , var2 , symbolDatabase , library , isC ) ) ;
2012-05-25 13:40:18 +02:00
else if ( var2 - > typeEndToken ( ) - > str ( ) ! = " > " ) {
2014-08-19 11:55:00 +02:00
bool stdtype = var2 - > typeStartToken ( ) - > isStandardType ( ) ; // TODO: change to isC to handle unknown types better
2012-06-22 19:57:07 +02:00
if ( stdtype & & ( ! var2 - > isArray ( ) | | var2 - > nameToken ( ) - > linkAt ( 1 ) - > strAt ( 1 ) = = " ; " ) )
2013-07-15 08:44:00 +02:00
checks . push_back ( new UninitVar ( owner , var2 , symbolDatabase , library , isC ) ) ;
2010-10-31 12:31:11 +01:00
}
2012-05-25 13:40:18 +02:00
return & tok ;
2010-10-31 12:31:11 +01:00
}
}
2011-10-13 20:53:06 +02:00
if ( tok . str ( ) = = " return " ) {
2011-09-20 21:00:05 +02:00
// is there assignment or ternary operator in the return statement?
2011-07-24 22:41:40 +02:00
bool assignment = false ;
2011-10-13 20:53:06 +02:00
for ( const Token * tok2 = tok . next ( ) ; tok2 & & tok2 - > str ( ) ! = " ; " ; tok2 = tok2 - > next ( ) ) {
2012-06-23 16:06:20 +02:00
if ( tok2 - > str ( ) = = " = " | | ( ! isC & & tok2 - > str ( ) = = " >> " ) | | Token : : Match ( tok2 , " (|, & " ) ) {
2011-07-24 22:41:40 +02:00
assignment = true ;
break ;
}
2012-06-23 16:06:20 +02:00
if ( Token : : Match ( tok2 , " [(,] &| %var% [,)] " ) ) {
tok2 = tok2 - > next ( ) ;
if ( ! tok2 - > isName ( ) )
tok2 = tok2 - > next ( ) ;
ExecutionPath : : bailOutVar ( checks , tok2 - > varId ( ) ) ;
}
2011-07-24 22:41:40 +02:00
}
2011-07-24 22:26:11 +02:00
2011-10-13 20:53:06 +02:00
if ( ! assignment ) {
for ( const Token * tok2 = tok . next ( ) ; tok2 & & tok2 - > str ( ) ! = " ; " ; tok2 = tok2 - > next ( ) ) {
2011-07-24 22:41:40 +02:00
if ( tok2 - > isName ( ) & & tok2 - > strAt ( 1 ) = = " ( " )
tok2 = tok2 - > next ( ) - > link ( ) ;
else if ( tok2 - > varId ( ) )
use ( checks , tok2 ) ;
}
2011-07-24 22:26:11 +02:00
}
}
2011-10-13 20:53:06 +02:00
if ( tok . varId ( ) ) {
2010-11-12 17:38:25 +01:00
// array variable passed as function parameter..
2011-10-13 20:53:06 +02:00
if ( Token : : Match ( tok . previous ( ) , " [(,] %var% [+-,)] " ) ) {
2013-10-26 18:46:06 +02:00
// #4896 : This checking was removed because of FP,
// the new uninitvar checking is used instead to catch
// these errors.
2013-10-26 18:39:40 +02:00
ExecutionPath : : bailOutVar ( checks , tok . varId ( ) ) ;
2010-11-12 17:38:25 +01:00
return & tok ;
}
2010-10-31 12:31:11 +01:00
// Used..
2013-03-01 11:43:59 +01:00
if ( Token : : Match ( tok . previous ( ) , " [[(,+-*/|=] %var% ]|)|,|;|%op% " ) & & ! tok . next ( ) - > isAssignmentOp ( ) ) {
2012-03-16 17:28:05 +01:00
// Taking address of array..
std : : list < ExecutionPath * > : : const_iterator it ;
for ( it = checks . begin ( ) ; it ! = checks . end ( ) ; + + it ) {
UninitVar * c = dynamic_cast < UninitVar * > ( * it ) ;
if ( c & & c - > varId = = tok . varId ( ) ) {
2013-11-23 10:24:29 +01:00
if ( c - > var - > isArray ( ) | | c - > alloc )
2012-03-16 17:28:05 +01:00
bailOutVar ( checks , tok . varId ( ) ) ;
break ;
}
}
2011-09-03 18:53:14 +02:00
// initialize reference variable
if ( Token : : Match ( tok . tokAt ( - 3 ) , " & %var% = " ) )
bailOutVar ( checks , tok . varId ( ) ) ;
else
use ( checks , & tok ) ;
2010-10-31 12:31:11 +01:00
return & tok ;
}
2012-04-25 09:56:07 +02:00
if ( ( tok . previous ( ) & & tok . previous ( ) - > type ( ) = = Token : : eIncDecOp ) | | ( tok . next ( ) & & tok . next ( ) - > type ( ) = = Token : : eIncDecOp ) ) {
2010-10-31 12:31:11 +01:00
use ( checks , & tok ) ;
return & tok ;
}
2011-10-13 20:53:06 +02:00
if ( Token : : Match ( tok . previous ( ) , " [;{}] %var% [=[.] " ) ) {
if ( tok . next ( ) - > str ( ) = = " . " ) {
2013-12-23 16:50:27 +01:00
if ( Token : : Match ( & tok , " %var% . %var% ( " ) ) {
const Function * function = tok . tokAt ( 2 ) - > function ( ) ;
2015-01-08 05:45:31 +01:00
if ( function & & function - > isStatic ( ) )
2013-12-23 16:50:27 +01:00
return & tok ;
}
2011-10-13 20:53:06 +02:00
if ( use_dead_pointer ( checks , & tok ) ) {
2010-10-31 12:31:11 +01:00
return & tok ;
}
2011-10-13 20:53:06 +02:00
} else {
2010-11-05 19:24:14 +01:00
const Token * tok2 = tok . next ( ) ;
2012-04-24 19:50:54 +02:00
if ( tok2 - > str ( ) = = " [ " ) {
const Token * tok3 = tok2 - > link ( ) ;
while ( Token : : simpleMatch ( tok3 , " ] [ " ) )
tok3 = tok3 - > next ( ) - > link ( ) ;
// Possible initialization
if ( Token : : simpleMatch ( tok3 , " ] >> " ) )
2011-04-26 20:26:09 +02:00
return & tok ;
2012-04-24 19:50:54 +02:00
if ( Token : : simpleMatch ( tok3 , " ] = " ) ) {
if ( use_dead_pointer ( checks , & tok ) ) {
return & tok ;
}
parserhs ( tok2 , checks ) ;
tok2 = tok3 - > next ( ) ;
}
2010-10-31 12:31:11 +01:00
}
2012-04-24 19:50:54 +02:00
2010-11-05 19:24:14 +01:00
parserhs ( tok2 , checks ) ;
2010-10-31 12:31:11 +01:00
}
// pointer aliasing?
2011-10-13 20:53:06 +02:00
if ( Token : : Match ( tok . tokAt ( 2 ) , " %var% ; " ) ) {
2010-10-31 12:31:11 +01:00
pointer_assignment ( checks , & tok , tok . tokAt ( 2 ) ) ;
}
}
2013-03-01 12:42:04 +01:00
if ( tok . strAt ( 1 ) = = " ( " ) {
2010-10-31 12:31:11 +01:00
use_pointer ( checks , & tok ) ;
}
2011-10-13 20:53:06 +02:00
if ( Token : : Match ( tok . tokAt ( - 2 ) , " [;{}] * " ) ) {
2013-03-01 12:42:04 +01:00
if ( tok . strAt ( 1 ) = = " = " ) {
2010-11-05 17:04:41 +01:00
// is the pointer used in the rhs?
bool used = false ;
2011-10-13 20:53:06 +02:00
for ( const Token * tok2 = tok . tokAt ( 2 ) ; tok2 ; tok2 = tok2 - > next ( ) ) {
2010-11-05 17:04:41 +01:00
if ( Token : : Match ( tok2 , " [,;=(] " ) )
break ;
2011-10-13 20:53:06 +02:00
else if ( Token : : Match ( tok2 , " * %varid% " , tok . varId ( ) ) ) {
2010-11-05 17:04:41 +01:00
used = true ;
break ;
}
}
if ( used )
use_pointer ( checks , & tok ) ;
else
init_pointer ( checks , & tok ) ;
2011-10-13 20:53:06 +02:00
} else {
2010-10-31 12:31:11 +01:00
use_pointer ( checks , & tok ) ;
2010-11-05 17:04:41 +01:00
}
2010-10-31 12:31:11 +01:00
return & tok ;
}
2013-07-15 08:44:00 +02:00
if ( Token : : Match ( tok . next ( ) , " = malloc|kmalloc " ) | | Token : : simpleMatch ( tok . next ( ) , " = new char [ " ) | |
( Token : : Match ( tok . next ( ) , " = %var% ( " ) & & library - > returnuninitdata . find ( tok . strAt ( 2 ) ) ! = library - > returnuninitdata . end ( ) ) ) {
2010-10-31 12:31:11 +01:00
alloc_pointer ( checks , tok . varId ( ) ) ;
2011-11-13 13:10:59 +01:00
if ( tok . strAt ( 3 ) = = " ( " )
2010-10-31 12:31:11 +01:00
return tok . tokAt ( 3 ) ;
}
2012-12-18 19:02:30 +01:00
else if ( ( ! isC & & ( Token : : Match ( tok . previous ( ) , " <<|>> " ) | | Token : : Match ( tok . previous ( ) , " [ ; { } ] % var % < < " ))) ||
2013-03-01 12:42:04 +01:00
tok . strAt ( 1 ) = = " = " ) {
2011-09-04 12:53:53 +02:00
// TODO: Don't bail out for "<<" and ">>" if these are
// just computations
2010-10-31 12:31:11 +01:00
ExecutionPath : : bailOutVar ( checks , tok . varId ( ) ) ;
return & tok ;
}
2013-03-01 12:42:04 +01:00
if ( tok . strAt ( 1 ) = = " [ " & & tok . next ( ) - > link ( ) ) {
2010-10-31 12:31:11 +01:00
const Token * tok2 = tok . next ( ) - > link ( ) ;
2013-03-01 12:42:04 +01:00
if ( tok2 - > strAt ( 1 ) = = " = " ) {
2010-10-31 12:31:11 +01:00
ExecutionPath : : bailOutVar ( checks , tok . varId ( ) ) ;
return & tok ;
}
}
2013-03-01 12:42:04 +01:00
if ( tok . strAt ( - 1 ) = = " delete " | |
2011-10-13 20:53:06 +02:00
Token : : simpleMatch ( tok . tokAt ( - 3 ) , " delete [ ] " ) ) {
2010-10-31 12:31:11 +01:00
dealloc_pointer ( checks , & tok ) ;
return & tok ;
}
}
2014-11-15 10:43:49 +01:00
if ( Token : : Match ( & tok , " %var% ( " ) ) {
2010-12-30 21:30:46 +01:00
// sizeof/typeof doesn't dereference. A function name that is all uppercase
// might be an unexpanded macro that uses sizeof/typeof
2011-01-05 20:44:04 +01:00
if ( Token : : Match ( & tok , " sizeof|typeof ( " ) )
2010-10-31 12:31:11 +01:00
return tok . next ( ) - > link ( ) ;
// deallocate pointer
2011-09-28 20:46:09 +02:00
if ( Token : : Match ( & tok , " free|kfree|fclose ( %var% ) " ) | |
2011-10-13 20:53:06 +02:00
Token : : Match ( & tok , " realloc ( %var% " ) ) {
2010-10-31 12:31:11 +01:00
dealloc_pointer ( checks , tok . tokAt ( 2 ) ) ;
2013-12-13 07:15:59 +01:00
if ( tok . str ( ) = = " realloc " )
ExecutionPath : : bailOutVar ( checks , tok . tokAt ( 2 ) - > varId ( ) ) ;
2010-10-31 12:31:11 +01:00
return tok . tokAt ( 3 ) ;
}
// parse usage..
{
2012-05-26 15:49:40 +02:00
std : : list < const Token * > var1 ;
2013-07-15 18:55:40 +02:00
CheckNullPointer : : parseFunctionCall ( tok , var1 , library , 1 ) ;
2012-05-26 15:49:40 +02:00
for ( std : : list < const Token * > : : const_iterator it = var1 . begin ( ) ; it ! = var1 . end ( ) ; + + it ) {
2011-12-23 08:44:28 +01:00
// does iterator point at first function parameter?
const bool firstPar ( * it = = tok . tokAt ( 2 ) ) ;
2011-10-29 19:11:42 +02:00
// is function memset/memcpy/etc?
if ( tok . str ( ) . compare ( 0 , 3 , " mem " ) = = 0 )
use_array_mem ( checks , * it ) ;
2011-12-23 08:44:28 +01:00
// second parameter for strncpy/strncat/etc
else if ( ! firstPar & & tok . str ( ) . compare ( 0 , 4 , " strn " ) = = 0 )
use_array_mem ( checks , * it ) ;
2011-10-29 19:11:42 +02:00
else
use_array ( checks , * it ) ;
2011-02-26 20:08:37 +01:00
use_dead_pointer ( checks , * it ) ;
}
2010-10-31 12:31:11 +01:00
// Using uninitialized pointer is bad if using null pointer is bad
std : : list < const Token * > var2 ;
2013-07-15 18:55:40 +02:00
CheckNullPointer : : parseFunctionCall ( tok , var2 , library , 0 ) ;
2011-10-13 20:53:06 +02:00
for ( std : : list < const Token * > : : const_iterator it = var2 . begin ( ) ; it ! = var2 . end ( ) ; + + it ) {
2012-05-26 15:49:40 +02:00
if ( std : : find ( var1 . begin ( ) , var1 . end ( ) , * it ) = = var1 . end ( ) )
2010-10-31 12:31:11 +01:00
use_dead_pointer ( checks , * it ) ;
}
}
2012-11-03 21:21:19 +01:00
// strncpy doesn't null-terminate first parameter
2011-10-13 20:53:06 +02:00
if ( Token : : Match ( & tok , " strncpy ( %var% , " ) ) {
if ( Token : : Match ( tok . tokAt ( 4 ) , " %str% , " ) ) {
if ( Token : : Match ( tok . tokAt ( 6 ) , " %num% ) " ) ) {
2010-12-31 09:51:27 +01:00
const std : : size_t len = Token : : getStrLength ( tok . tokAt ( 4 ) ) ;
2010-11-20 10:05:33 +01:00
const MathLib : : bigint sz = MathLib : : toLongNumber ( tok . strAt ( 6 ) ) ;
2011-10-13 20:53:06 +02:00
if ( sz > = 0 & & len > = static_cast < unsigned long > ( sz ) ) {
2010-10-31 12:31:11 +01:00
init_strncpy ( checks , tok . tokAt ( 2 ) ) ;
return tok . next ( ) - > link ( ) ;
}
}
2011-10-13 20:53:06 +02:00
} else {
2010-10-31 12:31:11 +01:00
init_strncpy ( checks , tok . tokAt ( 2 ) ) ;
return tok . next ( ) - > link ( ) ;
}
}
2011-09-05 19:42:48 +02:00
// memset (not zero terminated)..
2011-10-13 20:53:06 +02:00
if ( Token : : Match ( & tok , " memset ( %var% , !!0 , %num% ) " ) ) {
2011-09-05 19:42:48 +02:00
init_memset_nonzero ( checks , tok . tokAt ( 2 ) ) ;
return tok . next ( ) - > link ( ) ;
}
2011-12-13 21:42:38 +01:00
if ( Token : : Match ( & tok , " asm ( %str% ) " ) ) {
2010-10-31 12:31:11 +01:00
ExecutionPath : : bailOut ( checks ) ;
return & tok ;
}
// is the variable passed as a parameter to some function?
unsigned int parlevel = 0 ;
std : : set < unsigned int > bailouts ;
2011-10-13 20:53:06 +02:00
for ( const Token * tok2 = tok . next ( ) ; tok2 ; tok2 = tok2 - > next ( ) ) {
2010-10-31 12:31:11 +01:00
if ( tok2 - > str ( ) = = " ( " )
+ + parlevel ;
2011-10-13 20:53:06 +02:00
else if ( tok2 - > str ( ) = = " ) " ) {
2010-10-31 12:31:11 +01:00
if ( parlevel < = 1 )
break ;
- - parlevel ;
}
2011-10-13 20:53:06 +02:00
else if ( Token : : Match ( tok2 , " sizeof|typeof ( " ) ) {
2010-10-31 12:31:11 +01:00
tok2 = tok2 - > next ( ) - > link ( ) ;
if ( ! tok2 )
break ;
}
2010-12-30 21:30:46 +01:00
// ticket #2367 : unexpanded macro that uses sizeof|typeof?
2012-06-21 19:00:53 +02:00
else if ( Token : : Match ( tok2 , " %type% ( " ) & & tok2 - > isUpperCaseName ( ) ) {
2010-12-30 21:30:46 +01:00
tok2 = tok2 - > next ( ) - > link ( ) ;
if ( ! tok2 )
break ;
}
2011-10-13 20:53:06 +02:00
else if ( tok2 - > varId ( ) ) {
if ( Token : : Match ( tok2 - > tokAt ( - 2 ) , " [(,] * " ) | | Token : : Match ( tok2 - > next ( ) , " . %var% " ) ) {
2011-01-05 20:44:04 +01:00
// find function call..
const Token * functionCall = tok2 ;
2014-02-15 08:46:28 +01:00
while ( nullptr ! = ( functionCall = functionCall ? functionCall - > previous ( ) : 0 ) ) {
2011-01-05 20:44:04 +01:00
if ( functionCall - > str ( ) = = " ( " )
break ;
if ( functionCall - > str ( ) = = " ) " )
functionCall = functionCall - > link ( ) ;
}
functionCall = functionCall ? functionCall - > previous ( ) : 0 ;
2011-10-13 20:53:06 +02:00
if ( functionCall ) {
2012-06-21 19:00:53 +02:00
if ( functionCall - > isName ( ) & & ! functionCall - > isUpperCaseName ( ) & & use_dead_pointer ( checks , tok2 ) )
2011-01-05 20:44:04 +01:00
ExecutionPath : : bailOutVar ( checks , tok2 - > varId ( ) ) ;
}
2010-10-31 12:31:11 +01:00
}
// it is possible that the variable is initialized here
2010-11-13 15:10:17 +01:00
if ( Token : : Match ( tok2 - > previous ( ) , " [(,] %var% [,)] " ) )
2010-10-31 12:31:11 +01:00
bailouts . insert ( tok2 - > varId ( ) ) ;
// array initialization..
2011-10-13 20:53:06 +02:00
if ( Token : : Match ( tok2 - > previous ( ) , " [,(] %var% [+-] " ) ) {
2010-10-31 12:31:11 +01:00
// if var is array, bailout
2011-10-13 20:53:06 +02:00
for ( std : : list < ExecutionPath * > : : const_iterator it = checks . begin ( ) ; it ! = checks . end ( ) ; + + it ) {
if ( ( * it ) - > varId = = tok2 - > varId ( ) ) {
2010-10-31 12:31:11 +01:00
const UninitVar * c = dynamic_cast < const UninitVar * > ( * it ) ;
2012-05-25 13:40:18 +02:00
if ( c & & ( c - > var - > isArray ( ) | | ( c - > var - > isPointer ( ) & & c - > alloc ) ) )
2010-10-31 12:31:11 +01:00
bailouts . insert ( tok2 - > varId ( ) ) ;
break ;
}
}
}
}
}
for ( std : : set < unsigned int > : : const_iterator it = bailouts . begin ( ) ; it ! = bailouts . end ( ) ; + + it )
ExecutionPath : : bailOutVar ( checks , * it ) ;
}
// function call via function pointer
2011-10-30 17:41:05 +01:00
if ( Token : : Match ( & tok , " ( * %var% ) ( " ) | |
2011-10-30 17:22:30 +01:00
( Token : : Match ( & tok , " ( *| %var% .|:: " ) & & Token : : Match ( tok . link ( ) - > tokAt ( - 2 ) , " .|:: %var% ) ( " ) ) ) {
2010-10-31 12:31:11 +01:00
// is the variable passed as a parameter to some function?
2012-04-21 23:05:37 +02:00
const Token * tok2 = tok . link ( ) - > next ( ) ;
2012-05-07 15:34:47 +02:00
for ( const Token * const end2 = tok2 - > link ( ) ; tok2 ! = end2 ; tok2 = tok2 - > next ( ) ) {
2012-04-21 23:05:37 +02:00
if ( tok2 - > varId ( ) ) {
2010-10-31 12:31:11 +01:00
// it is possible that the variable is initialized here
ExecutionPath : : bailOutVar ( checks , tok2 - > varId ( ) ) ;
}
}
}
2011-10-13 20:53:06 +02:00
if ( tok . str ( ) = = " return " ) {
2010-10-31 12:31:11 +01:00
// Todo: if (!array && ..
2011-10-13 20:53:06 +02:00
if ( Token : : Match ( tok . next ( ) , " %var% ; " ) ) {
2010-10-31 12:31:11 +01:00
use ( checks , tok . next ( ) ) ;
2011-10-13 20:53:06 +02:00
} else if ( Token : : Match ( tok . next ( ) , " %var% [ " ) ) {
2010-10-31 12:31:11 +01:00
use_array_or_pointer_data ( checks , tok . next ( ) ) ;
}
}
2011-10-13 20:53:06 +02:00
if ( tok . varId ( ) ) {
2013-03-01 12:42:04 +01:00
if ( tok . strAt ( - 1 ) = = " = " ) {
2011-10-13 20:53:06 +02:00
if ( Token : : Match ( tok . tokAt ( - 3 ) , " & %var% = " ) ) {
2010-10-31 12:31:11 +01:00
bailOutVar ( checks , tok . varId ( ) ) ;
return & tok ;
}
2011-10-13 20:53:06 +02:00
if ( ! Token : : Match ( tok . tokAt ( - 3 ) , " . %var% = " ) ) {
if ( ! Token : : Match ( tok . tokAt ( - 3 ) , " [;{}] %var% = " ) ) {
2010-10-31 12:31:11 +01:00
use ( checks , & tok ) ;
return & tok ;
}
const unsigned int varid2 = tok . tokAt ( - 2 ) - > varId ( ) ;
2011-10-13 20:53:06 +02:00
if ( varid2 ) {
2010-10-31 12:31:11 +01:00
{
use ( checks , & tok ) ;
return & tok ;
}
}
}
}
2013-03-01 12:42:04 +01:00
if ( tok . strAt ( 1 ) = = " . " ) {
2010-11-27 17:34:54 +01:00
bailOutVar ( checks , tok . varId ( ) ) ;
2010-10-31 12:31:11 +01:00
return & tok ;
}
2013-03-01 12:42:04 +01:00
if ( tok . strAt ( 1 ) = = " [ " ) {
2010-10-31 12:31:11 +01:00
ExecutionPath : : bailOutVar ( checks , tok . varId ( ) ) ;
return & tok ;
}
2011-10-13 20:53:06 +02:00
if ( Token : : Match ( tok . tokAt ( - 2 ) , " [,(=] * " ) ) {
2010-10-31 12:31:11 +01:00
use_pointer ( checks , & tok ) ;
return & tok ;
}
2013-03-01 12:42:04 +01:00
if ( tok . strAt ( - 1 ) = = " & " ) {
2010-10-31 12:31:11 +01:00
ExecutionPath : : bailOutVar ( checks , tok . varId ( ) ) ;
}
}
// Parse "for"
2011-10-13 20:53:06 +02:00
if ( Token : : Match ( & tok , " [;{}] for ( " ) ) {
2010-10-31 12:31:11 +01:00
// initialized variables
std : : set < unsigned int > varid1 ;
varid1 . insert ( 0 ) ;
// Parse token
const Token * tok2 ;
// parse setup
2011-10-13 20:53:06 +02:00
for ( tok2 = tok . tokAt ( 3 ) ; tok2 ! = tok . link ( ) ; tok2 = tok2 - > next ( ) ) {
2010-10-31 12:31:11 +01:00
if ( tok2 - > str ( ) = = " ; " )
break ;
if ( tok2 - > varId ( ) )
varid1 . insert ( tok2 - > varId ( ) ) ;
}
2010-11-24 18:08:21 +01:00
if ( tok2 = = tok . link ( ) )
return & tok ;
2010-10-31 12:31:11 +01:00
// parse condition
2011-10-13 20:53:06 +02:00
if ( Token : : Match ( tok2 , " ; %var% <|<=|>=|> %num% ; " ) ) {
2010-10-31 12:31:11 +01:00
// If the variable hasn't been initialized then call "use"
if ( varid1 . find ( tok2 - > next ( ) - > varId ( ) ) = = varid1 . end ( ) )
use ( checks , tok2 - > next ( ) ) ;
}
// goto stepcode
tok2 = tok2 - > next ( ) ;
while ( tok2 & & tok2 - > str ( ) ! = " ; " )
tok2 = tok2 - > next ( ) ;
// parse the stepcode
if ( Token : : Match ( tok2 , " ; ++|-- %var% ) { " ) | |
2011-10-13 20:53:06 +02:00
Token : : Match ( tok2 , " ; %var% ++|-- ) { " ) ) {
2010-10-31 12:31:11 +01:00
// get id of variable..
unsigned int varid = tok2 - > next ( ) - > varId ( ) ;
if ( ! varid )
varid = tok2 - > tokAt ( 2 ) - > varId ( ) ;
// Check that the variable hasn't been initialized and
// that it isn't initialized in the body..
2011-10-13 20:53:06 +02:00
if ( varid1 . find ( varid ) = = varid1 . end ( ) ) {
2012-01-15 12:31:49 +01:00
for ( const Token * tok3 = tok2 - > tokAt ( 5 ) ; tok3 & & tok3 ! = tok2 - > linkAt ( 4 ) ; tok3 = tok3 - > next ( ) ) {
2011-10-13 20:53:06 +02:00
if ( tok3 - > varId ( ) = = varid ) {
2010-10-31 12:31:11 +01:00
varid = 0 ; // variable is used.. maybe it's initialized. clear the variable id.
break ;
}
}
// If the variable isn't initialized in the body call "use"
2011-10-13 20:53:06 +02:00
if ( varid ! = 0 ) {
2010-10-31 12:31:11 +01:00
// goto variable
tok2 = tok2 - > next ( ) ;
if ( ! tok2 - > varId ( ) )
tok2 = tok2 - > next ( ) ;
// call "use"
use ( checks , tok2 ) ;
}
}
}
}
return & tok ;
}
2014-11-20 14:20:09 +01:00
bool parseCondition ( const Token & tok , std : : list < ExecutionPath * > & checks ) {
2010-10-31 12:31:11 +01:00
if ( tok . varId ( ) & & Token : : Match ( & tok , " %var% <|<=|==|!=|) " ) )
use ( checks , & tok ) ;
2012-07-17 07:03:40 +02:00
else if ( Token : : Match ( & tok , " !| %var% [ " ) & & ! Token : : simpleMatch ( skipBrackets ( tok . next ( ) ) , " = " ) )
2010-10-31 12:31:11 +01:00
use_array_or_pointer_data ( checks , tok . str ( ) = = " ! " ? tok . next ( ) : & tok ) ;
2011-10-13 20:53:06 +02:00
else if ( Token : : Match ( & tok , " !| %var% ( " ) ) {
2011-10-29 19:11:42 +02:00
const Token * const ftok = ( tok . str ( ) = = " ! " ) ? tok . next ( ) : & tok ;
2012-05-26 15:49:40 +02:00
std : : list < const Token * > var1 ;
2013-07-15 18:55:40 +02:00
CheckNullPointer : : parseFunctionCall ( * ftok , var1 , library , 1 ) ;
2012-05-26 15:49:40 +02:00
for ( std : : list < const Token * > : : const_iterator it = var1 . begin ( ) ; it ! = var1 . end ( ) ; + + it ) {
2011-10-29 19:11:42 +02:00
// is function memset/memcpy/etc?
if ( ftok - > str ( ) . compare ( 0 , 3 , " mem " ) = = 0 )
use_array_mem ( checks , * it ) ;
else
use_array ( checks , * it ) ;
}
2010-10-31 12:31:11 +01:00
}
2011-10-13 20:53:06 +02:00
else if ( Token : : Match ( & tok , " ! %var% ) " )) {
2010-10-31 12:31:11 +01:00
use ( checks , & tok ) ;
return false ;
}
return ExecutionPath : : parseCondition ( tok , checks ) ;
}
2014-11-20 14:20:09 +01:00
void parseLoopBody ( const Token * tok , std : : list < ExecutionPath * > & checks ) const {
2011-10-13 20:53:06 +02:00
while ( tok ) {
2010-10-31 12:31:11 +01:00
if ( tok - > str ( ) = = " { " | | tok - > str ( ) = = " } " | | tok - > str ( ) = = " for " )
return ;
2011-10-13 20:53:06 +02:00
if ( Token : : simpleMatch ( tok , " if ( " ) ) {
2010-12-23 09:15:45 +01:00
// bail out all variables that are used in the condition
2012-05-07 15:34:47 +02:00
const Token * const end2 = tok - > linkAt ( 1 ) ;
for ( const Token * tok2 = tok - > tokAt ( 2 ) ; tok2 ! = end2 ; tok2 = tok2 - > next ( ) ) {
2012-04-21 23:05:37 +02:00
if ( tok2 - > varId ( ) )
2010-12-23 09:15:45 +01:00
ExecutionPath : : bailOutVar ( checks , tok2 - > varId ( ) ) ;
}
}
2010-10-31 12:31:11 +01:00
const Token * next = parse ( * tok , checks ) ;
2010-11-13 08:03:59 +01:00
tok = next - > next ( ) ;
2010-10-31 12:31:11 +01:00
}
}
public :
2014-11-20 14:20:09 +01:00
static void analyseFunctions ( const Token * const tokens , std : : set < std : : string > & func ) {
2011-10-13 20:53:06 +02:00
for ( const Token * tok = tokens ; tok ; tok = tok - > next ( ) ) {
if ( tok - > str ( ) = = " { " ) {
2010-10-31 12:31:11 +01:00
tok = tok - > link ( ) ;
continue ;
}
2011-10-13 20:53:06 +02:00
if ( tok - > str ( ) ! = " :: " & & Token : : Match ( tok - > next ( ) , " %var% ( %type% " ) ) {
2011-11-20 14:22:39 +01:00
if ( ! Token : : Match ( tok - > linkAt ( 2 ) , " ) [{;] " ) )
2010-10-31 12:31:11 +01:00
continue ;
const Token * tok2 = tok - > tokAt ( 3 ) ;
2011-10-13 20:53:06 +02:00
while ( tok2 & & tok2 - > str ( ) ! = " ) " ) {
2010-10-31 12:31:11 +01:00
if ( tok2 - > str ( ) = = " , " )
tok2 = tok2 - > next ( ) ;
2011-10-13 20:53:06 +02:00
if ( Token : : Match ( tok2 , " %type% %var% ,|) " ) & & tok2 - > isStandardType ( ) ) {
2010-10-31 12:31:11 +01:00
tok2 = tok2 - > tokAt ( 2 ) ;
continue ;
}
2011-10-13 20:53:06 +02:00
if ( tok2 - > isStandardType ( ) & & Token : : Match ( tok2 , " %type% & %var% ,|) " ) ) {
2010-10-31 12:31:11 +01:00
const unsigned int varid ( tok2 - > tokAt ( 2 ) - > varId ( ) ) ;
// flags for read/write
bool r = false , w = false ;
// check how the variable is used in the function
unsigned int indentlevel = 0 ;
2011-10-13 20:53:06 +02:00
for ( const Token * tok3 = tok2 ; tok3 ; tok3 = tok3 - > next ( ) ) {
2010-10-31 12:31:11 +01:00
if ( tok3 - > str ( ) = = " { " )
+ + indentlevel ;
2011-10-13 20:53:06 +02:00
else if ( tok3 - > str ( ) = = " } " ) {
2010-10-31 12:31:11 +01:00
if ( indentlevel < = 1 )
break ;
- - indentlevel ;
2011-10-13 20:53:06 +02:00
} else if ( indentlevel = = 0 & & tok3 - > str ( ) = = " ; " )
2010-10-31 12:31:11 +01:00
break ;
2011-10-13 20:53:06 +02:00
else if ( indentlevel > = 1 & & tok3 - > varId ( ) = = varid ) {
2012-04-25 09:56:07 +02:00
if ( tok3 - > previous ( ) - > type ( ) = = Token : : eIncDecOp | |
tok3 - > next ( ) - > type ( ) = = Token : : eIncDecOp ) {
2010-10-31 12:31:11 +01:00
r = true ;
}
2011-10-13 20:53:06 +02:00
else {
2010-10-31 12:31:11 +01:00
w = true ;
break ;
}
}
}
if ( ! r | | w )
break ;
tok2 = tok2 - > tokAt ( 3 ) ;
continue ;
}
2011-10-13 20:53:06 +02:00
if ( Token : : Match ( tok2 , " const %type% &|*| const| %var% ,|) " ) & & tok2 - > next ( ) - > isStandardType ( ) ) {
2010-10-31 12:31:11 +01:00
tok2 = tok2 - > tokAt ( 3 ) ;
while ( tok2 - > isName ( ) )
tok2 = tok2 - > next ( ) ;
continue ;
}
2011-10-13 20:53:06 +02:00
if ( Token : : Match ( tok2 , " const %type% %var% [ ] ,|) " ) & & tok2 - > next ( ) - > isStandardType ( ) ) {
2010-11-12 17:14:37 +01:00
tok2 = tok2 - > tokAt ( 5 ) ;
continue ;
}
2011-07-27 10:34:12 +02:00
/// @todo enable this code. if pointer is written in function then dead pointer is invalid but valid pointer is ok.
/*
2011-07-04 21:04:32 +02:00
if ( Token : : Match ( tok2 , " const| struct| %type% * %var% ,|) " ) )
{
while ( tok2 - > isName ( ) )
tok2 = tok2 - > next ( ) ;
tok2 = tok2 - > tokAt ( 2 ) ;
continue ;
}
2011-07-27 10:34:12 +02:00
*/
2011-07-04 21:04:32 +02:00
2010-10-31 12:31:11 +01:00
break ;
}
// found simple function..
2011-07-28 08:12:21 +02:00
if ( tok2 & & tok2 - > link ( ) = = tok - > tokAt ( 2 ) )
2010-10-31 12:31:11 +01:00
func . insert ( tok - > next ( ) - > str ( ) ) ;
}
}
}
} ;
/// @}
2014-12-02 06:41:18 +01:00
Check : : FileInfo * CheckUninitVar : : getFileInfo ( const Tokenizer * tokenizer , const Settings * settings ) const
2014-11-15 10:43:49 +01:00
{
2014-12-02 06:41:18 +01:00
( void ) settings ;
2014-11-15 10:43:49 +01:00
MyFileInfo * mfi = new MyFileInfo ;
analyseFunctions ( tokenizer , mfi - > uvarFunctions ) ;
// TODO: add suspicious function calls
return mfi ;
}
void CheckUninitVar : : analyseWholeProgram ( const std : : list < Check : : FileInfo * > & fileInfo , ErrorLogger & errorLogger )
2010-10-31 12:31:11 +01:00
{
2014-11-15 10:43:49 +01:00
( void ) fileInfo ;
( void ) errorLogger ;
2010-10-31 12:31:11 +01:00
}
2014-11-15 10:43:49 +01:00
void CheckUninitVar : : analyseFunctions ( const Tokenizer * tokenizer , std : : set < std : : string > & f ) const
2010-10-31 12:31:11 +01:00
{
2014-11-15 10:43:49 +01:00
UninitVar : : analyseFunctions ( tokenizer - > tokens ( ) , f ) ;
2010-10-31 12:31:11 +01:00
}
void CheckUninitVar : : executionPaths ( )
{
// check if variable is accessed uninitialized..
2014-11-15 10:43:49 +01:00
UninitVar c ( this , _tokenizer - > getSymbolDatabase ( ) , & _settings - > library , _tokenizer - > isC ( ) ) ;
checkExecutionPaths ( _tokenizer - > getSymbolDatabase ( ) , & c ) ;
2010-10-31 12:31:11 +01:00
}
2011-12-13 21:57:27 +01:00
void CheckUninitVar : : check ( )
{
const SymbolDatabase * symbolDatabase = _tokenizer - > getSymbolDatabase ( ) ;
2013-01-26 07:28:11 +01:00
std : : list < Scope > : : const_iterator scope ;
2011-12-13 21:57:27 +01:00
2013-01-26 07:28:11 +01:00
// check every executable scope
for ( scope = symbolDatabase - > scopeList . begin ( ) ; scope ! = symbolDatabase - > scopeList . end ( ) ; + + scope ) {
if ( scope - > isExecutable ( ) ) {
checkScope ( & * scope ) ;
2011-12-13 21:57:27 +01:00
}
}
}
2012-05-25 13:40:18 +02:00
void CheckUninitVar : : checkScope ( const Scope * scope )
2011-12-13 21:57:27 +01:00
{
2012-05-25 13:40:18 +02:00
for ( std : : list < Variable > : : const_iterator i = scope - > varlist . begin ( ) ; i ! = scope - > varlist . end ( ) ; + + i ) {
2013-03-05 13:33:38 +01:00
if ( ( _tokenizer - > isCPP ( ) & & i - > type ( ) & & ! i - > isPointer ( ) & & i - > type ( ) - > needInitialization ! = Type : : True ) | |
2013-02-15 18:13:47 +01:00
i - > isStatic ( ) | | i - > isExtern ( ) | | i - > isConst ( ) | | i - > isArray ( ) | | i - > isReference ( ) )
2012-05-25 13:40:18 +02:00
continue ;
2015-01-21 12:20:03 +01:00
2013-12-24 07:39:15 +01:00
// don't warn for try/catch exception variable
2015-01-21 12:20:03 +01:00
if ( i - > isThrow ( ) )
continue ;
2014-08-05 16:11:42 +02:00
if ( i - > nameToken ( ) - > strAt ( 1 ) = = " ( " | | i - > nameToken ( ) - > strAt ( 1 ) = = " { " )
2012-05-25 13:40:18 +02:00
continue ;
2015-01-21 12:20:03 +01:00
if ( Token : : Match ( i - > nameToken ( ) , " %var% = " ) ) { // Variable is initialized, but Rhs might be not
checkRhs ( i - > nameToken ( ) , * i , false , " " ) ;
continue ;
}
2012-06-22 16:39:39 +02:00
bool stdtype = _tokenizer - > isC ( ) ;
2012-05-25 13:40:18 +02:00
const Token * tok = i - > typeStartToken ( ) ;
2012-09-09 18:56:26 +02:00
for ( ; tok & & tok - > str ( ) ! = " ; " & & tok - > str ( ) ! = " < " ; tok = tok - > next ( ) ) {
2012-05-25 13:40:18 +02:00
if ( tok - > isStandardType ( ) )
stdtype = true ;
2012-06-19 20:04:10 +02:00
}
2015-01-21 12:20:03 +01:00
2012-06-22 16:26:43 +02:00
while ( tok & & tok - > str ( ) ! = " ; " )
tok = tok - > next ( ) ;
2013-12-12 12:36:49 +01:00
if ( ! tok )
continue ;
2015-01-21 12:20:03 +01:00
2013-12-04 20:32:20 +01:00
if ( stdtype | | i - > isPointer ( ) ) {
bool alloc = false ;
2014-02-15 08:46:28 +01:00
checkScopeForVariable ( scope , tok , * i , nullptr , nullptr , & alloc , " " ) ;
2013-12-04 20:32:20 +01:00
}
2015-01-21 12:20:03 +01:00
if ( i - > type ( ) )
2013-12-09 15:58:42 +01:00
checkStruct ( scope , tok , * i ) ;
}
2013-09-30 06:35:31 +02:00
2013-12-09 15:58:42 +01:00
if ( scope - > function ) {
for ( unsigned int i = 0 ; i < scope - > function - > argCount ( ) ; i + + ) {
const Variable * arg = scope - > function - > getArgumentVar ( i ) ;
2013-12-12 08:44:00 +01:00
if ( arg & & arg - > declarationId ( ) & & Token : : Match ( arg - > typeStartToken ( ) , " struct| %type% * %var% [,)] " ) ) {
2013-12-09 15:58:42 +01:00
// Treat the pointer as initialized until it is assigned by malloc
for ( const Token * tok = scope - > classStart ; tok ! = scope - > classEnd ; tok = tok - > next ( ) ) {
if ( Token : : Match ( tok , " [;{}] %varid% = %var% ( " , arg - > declarationId ( ) ) & &
_settings - > library . returnuninitdata . count ( tok - > strAt ( 3 ) ) = = 1U ) {
if ( arg - > typeStartToken ( ) - > str ( ) = = " struct " )
checkStruct ( scope , tok , * arg ) ;
else if ( arg - > typeStartToken ( ) - > isStandardType ( ) ) {
bool alloc = false ;
2014-02-15 08:46:28 +01:00
checkScopeForVariable ( scope , tok - > next ( ) , * arg , nullptr , nullptr , & alloc , " " ) ;
2013-12-09 15:58:42 +01:00
}
}
}
}
}
}
}
2013-09-30 06:35:31 +02:00
2013-12-09 15:58:42 +01:00
void CheckUninitVar : : checkStruct ( const Scope * scope , const Token * tok , const Variable & structvar )
{
const Token * typeToken = structvar . typeStartToken ( ) ;
if ( typeToken - > str ( ) = = " struct " )
typeToken = typeToken - > next ( ) ;
const std : : string structname ( typeToken - > str ( ) ) ;
const SymbolDatabase * symbolDatabase = _tokenizer - > getSymbolDatabase ( ) ;
for ( std : : size_t j = 0U ; j < symbolDatabase - > classAndStructScopes . size ( ) ; + + j ) {
const Scope * scope2 = symbolDatabase - > classAndStructScopes [ j ] ;
if ( scope2 - > className = = structname & & scope2 - > numConstructors = = 0U ) {
for ( std : : list < Variable > : : const_iterator it = scope2 - > varlist . begin ( ) ; it ! = scope2 - > varlist . end ( ) ; + + it ) {
const Variable & var = * it ;
2015-01-21 13:10:38 +01:00
if ( var . hasDefault ( ) | | var . isArray ( ) | | ( ! _tokenizer - > isC ( ) & & var . isClass ( ) & & ( ! var . type ( ) | | var . type ( ) - > needInitialization ! = Type : : True ) ) )
continue ;
// is the variable declared in a inner union?
bool innerunion = false ;
for ( std : : list < Scope > : : const_iterator it2 = symbolDatabase - > scopeList . begin ( ) ; it2 ! = symbolDatabase - > scopeList . end ( ) ; + + it2 ) {
const Scope & innerScope = * it2 ;
if ( innerScope . type = = Scope : : eUnion & & innerScope . nestedIn = = scope2 ) {
if ( var . typeStartToken ( ) - > linenr ( ) > = innerScope . classStart - > linenr ( ) & &
var . typeStartToken ( ) - > linenr ( ) < = innerScope . classEnd - > linenr ( ) ) {
innerunion = true ;
break ;
2013-09-30 06:35:31 +02:00
}
2013-12-09 15:58:42 +01:00
}
2013-01-16 20:28:29 +01:00
}
2015-01-21 13:10:38 +01:00
if ( ! innerunion ) {
bool alloc = false ;
const Token * tok2 = tok ;
if ( tok - > str ( ) = = " } " )
tok2 = tok2 - > next ( ) ;
checkScopeForVariable ( scope , tok2 , structvar , nullptr , nullptr , & alloc , var . name ( ) ) ;
}
2013-01-16 20:28:29 +01:00
}
}
2012-05-25 13:40:18 +02:00
}
}
2013-01-25 18:20:57 +01:00
static void conditionAlwaysTrueOrFalse ( const Token * tok , const std : : map < unsigned int , int > & variableValue , bool * alwaysTrue , bool * alwaysFalse )
{
2013-02-14 12:34:18 +01:00
assert ( Token : : simpleMatch ( tok , " if ( " ) ) ;
2013-01-25 18:20:57 +01:00
const Token * vartok = tok - > tokAt ( 2 ) ;
const bool NOT ( vartok - > str ( ) = = " ! " ) ;
if ( NOT )
vartok = vartok - > next ( ) ;
while ( Token : : Match ( vartok , " %var% . %var% " ) )
vartok = vartok - > tokAt ( 2 ) ;
std : : map < unsigned int , int > : : const_iterator it = variableValue . find ( vartok - > varId ( ) ) ;
if ( it = = variableValue . end ( ) )
return ;
// always true
if ( Token : : Match ( vartok , " %var% %oror%|) " ) ) {
if ( NOT )
* alwaysTrue = bool ( it - > second = = 0 ) ;
else
* alwaysTrue = bool ( it - > second ! = 0 ) ;
} else if ( Token : : Match ( vartok , " %var% == %num% %or%|) " )) {
* alwaysTrue = bool ( it - > second = = MathLib : : toLongNumber ( vartok - > strAt ( 2 ) ) ) ;
} else if ( Token : : Match ( vartok , " %var% != %num% %or%|) " )) {
* alwaysTrue = bool ( it - > second ! = MathLib : : toLongNumber ( vartok - > strAt ( 2 ) ) ) ;
}
// always false
if ( Token : : Match ( vartok , " %var% &&|) " ) ) {
if ( NOT )
* alwaysFalse = bool ( it - > second ! = 0 ) ;
2013-02-11 17:05:59 +01:00
else
* alwaysFalse = bool ( it - > second = = 0 ) ;
2013-01-25 18:20:57 +01:00
} else if ( Token : : Match ( vartok , " %var% == %num% &&|) " )) {
* alwaysFalse = bool ( it - > second ! = MathLib : : toLongNumber ( vartok - > strAt ( 2 ) ) ) ;
} else if ( Token : : Match ( vartok , " %var% != %num% &&|) " )) {
* alwaysFalse = bool ( it - > second = = MathLib : : toLongNumber ( vartok - > strAt ( 2 ) ) ) ;
}
}
2013-12-04 20:32:20 +01:00
bool CheckUninitVar : : checkScopeForVariable ( const Scope * scope , const Token * tok , const Variable & var , bool * const possibleInit , bool * const noreturn , bool * const alloc , const std : : string & membervar )
2012-05-25 13:40:18 +02:00
{
2011-12-26 12:36:35 +01:00
const bool suppressErrors ( possibleInit & & * possibleInit ) ;
if ( possibleInit )
* possibleInit = false ;
2011-12-13 21:57:27 +01:00
unsigned int number_of_if = 0 ;
2013-12-04 20:32:20 +01:00
if ( var . declarationId ( ) = = 0U )
return true ;
2012-12-24 19:11:13 +01:00
// variable values
std : : map < unsigned int , int > variableValue ;
static const int NOT_ZERO = ( 1 < < 30 ) ; // special variable value
2012-02-06 07:32:29 +01:00
2011-12-13 21:57:27 +01:00
for ( ; tok ; tok = tok - > next ( ) ) {
// End of scope..
if ( tok - > str ( ) = = " } " ) {
2011-12-26 12:36:35 +01:00
if ( number_of_if & & possibleInit )
* possibleInit = true ;
2011-12-16 19:56:13 +01:00
2011-12-13 21:57:27 +01:00
// might be a noreturn function..
2013-01-28 18:08:20 +01:00
if ( _tokenizer - > IsScopeNoReturn ( tok ) ) {
if ( noreturn )
* noreturn = true ;
2011-12-27 18:00:12 +01:00
return true ;
2013-01-28 18:08:20 +01:00
}
2011-12-13 21:57:27 +01:00
break ;
}
2011-12-26 17:52:32 +01:00
// Unconditional inner scope..
if ( tok - > str ( ) = = " { " & & Token : : Match ( tok - > previous ( ) , " [;{}] " ) ) {
2014-02-15 08:46:28 +01:00
if ( checkScopeForVariable ( scope , tok - > next ( ) , var , possibleInit , nullptr , alloc , membervar ) )
2011-12-26 17:52:32 +01:00
return true ;
tok = tok - > link ( ) ;
continue ;
}
2012-02-06 07:32:29 +01:00
// assignment with nonzero constant..
2012-02-06 19:26:28 +01:00
if ( Token : : Match ( tok - > previous ( ) , " [;{}] %var% = - %var% ; " ) & & tok - > varId ( ) > 0 )
2012-12-24 19:11:13 +01:00
variableValue [ tok - > varId ( ) ] = NOT_ZERO ;
2012-02-06 07:32:29 +01:00
2011-12-13 21:57:27 +01:00
// Inner scope..
2011-12-28 16:49:05 +01:00
if ( Token : : simpleMatch ( tok , " if ( " ) ) {
2012-12-24 19:11:13 +01:00
bool alwaysTrue = false ;
2013-01-25 18:20:57 +01:00
bool alwaysFalse = false ;
2012-12-24 19:11:13 +01:00
2013-01-25 18:20:57 +01:00
conditionAlwaysTrueOrFalse ( tok , variableValue , & alwaysTrue , & alwaysFalse ) ;
2012-12-24 19:11:13 +01:00
2011-12-26 18:32:42 +01:00
// initialization / usage in condition..
2013-12-04 20:32:20 +01:00
if ( ! alwaysTrue & & checkIfForWhileHead ( tok - > next ( ) , var , suppressErrors , bool ( number_of_if = = 0 ) , alloc & & * alloc , membervar ) )
2011-12-26 18:32:42 +01:00
return true ;
2011-12-14 17:17:24 +01:00
2012-02-06 07:32:29 +01:00
// checking if a not-zero variable is zero => bail out
2012-12-24 19:11:13 +01:00
unsigned int condVarId = 0 , condVarValue = 0 ;
if ( Token : : Match ( tok , " if ( %var% ) " ) ) {
std : : map < unsigned int , int > : : const_iterator it = variableValue . find ( tok - > tokAt ( 2 ) - > varId ( ) ) ;
if ( it ! = variableValue . end ( ) & & it - > second = = NOT_ZERO )
return true ; // this scope is not fully analysed => return true
else {
condVarId = tok - > tokAt ( 2 ) - > varId ( ) ;
condVarValue = NOT_ZERO ;
}
}
2012-02-06 07:32:29 +01:00
2011-12-13 21:57:27 +01:00
// goto the {
tok = tok - > next ( ) - > link ( ) - > next ( ) ;
2012-01-13 23:30:43 +01:00
if ( ! tok )
break ;
if ( tok - > str ( ) = = " { " ) {
bool possibleInitIf ( number_of_if > 0 | | suppressErrors ) ;
2012-11-29 18:41:48 +01:00
bool noreturnIf = false ;
2013-12-04 20:32:20 +01:00
const bool initif = ! alwaysFalse & & checkScopeForVariable ( scope , tok - > next ( ) , var , & possibleInitIf , & noreturnIf , alloc , membervar ) ;
2011-12-13 21:57:27 +01:00
2012-12-27 18:45:00 +01:00
// bail out for such code:
// if (a) x=0; // conditional initialization
// if (b) return; // cppcheck doesn't know if b can be false when a is false.
// x++; // it's possible x is always initialized
2012-12-28 11:42:50 +01:00
if ( ! alwaysTrue & & noreturnIf & & number_of_if > 0 ) {
if ( _settings - > debugwarnings ) {
std : : string condition ;
for ( const Token * tok2 = tok - > linkAt ( - 1 ) ; tok2 ! = tok ; tok2 = tok2 - > next ( ) ) {
condition + = tok2 - > str ( ) ;
if ( tok2 - > isName ( ) & & tok2 - > next ( ) - > isName ( ) )
condition + = ' ' ;
}
2014-08-26 11:29:26 +02:00
reportError ( tok , Severity : : debug , " debug " , " bailout uninitialized variable checking for ' " + var . name ( ) + " '. can't determine if this condition can be false when previous condition is false: " + condition ) ;
2012-12-28 11:42:50 +01:00
}
2012-12-27 18:45:00 +01:00
return true ;
2012-12-28 11:42:50 +01:00
}
2012-12-27 18:45:00 +01:00
2013-04-08 19:34:39 +02:00
if ( alwaysTrue & & noreturnIf )
return true ;
2012-12-24 19:11:13 +01:00
std : : map < unsigned int , int > varValueIf ;
2013-05-06 18:45:00 +02:00
if ( ! alwaysFalse & & ! initif & & ! noreturnIf ) {
2012-12-23 16:27:04 +01:00
for ( const Token * tok2 = tok ; tok2 & & tok2 ! = tok - > link ( ) ; tok2 = tok2 - > next ( ) ) {
2013-01-25 18:20:57 +01:00
if ( Token : : Match ( tok2 , " [;{}.] %var% = - %var% ; " ) )
2012-12-24 19:11:13 +01:00
varValueIf [ tok2 - > next ( ) - > varId ( ) ] = NOT_ZERO ;
2013-01-25 18:20:57 +01:00
if ( Token : : Match ( tok2 , " [;{}.] %var% = %num% ; " ) )
2012-12-24 19:11:13 +01:00
varValueIf [ tok2 - > next ( ) - > varId ( ) ] = ( int ) MathLib : : toLongNumber ( tok2 - > strAt ( 3 ) ) ;
2012-12-23 16:27:04 +01:00
}
}
2012-12-24 19:11:13 +01:00
if ( initif & & condVarId > 0U )
variableValue [ condVarId ] = condVarValue ^ NOT_ZERO ;
2012-01-13 23:30:43 +01:00
// goto the }
tok = tok - > link ( ) ;
2011-12-13 21:57:27 +01:00
2012-01-13 23:30:43 +01:00
if ( ! Token : : simpleMatch ( tok , " } else { " ) ) {
if ( initif | | possibleInitIf ) {
+ + number_of_if ;
if ( number_of_if > = 2 )
return true ;
}
} else {
// goto the {
tok = tok - > tokAt ( 2 ) ;
2011-12-13 21:57:27 +01:00
2012-01-13 23:30:43 +01:00
bool possibleInitElse ( number_of_if > 0 | | suppressErrors ) ;
2012-11-29 18:41:48 +01:00
bool noreturnElse = false ;
2014-02-15 08:46:28 +01:00
const bool initelse = ! alwaysTrue & & checkScopeForVariable ( scope , tok - > next ( ) , var , & possibleInitElse , nullptr , alloc , membervar ) ;
2011-12-13 21:57:27 +01:00
2012-12-24 19:11:13 +01:00
std : : map < unsigned int , int > varValueElse ;
2013-05-06 18:45:00 +02:00
if ( ! alwaysTrue & & ! initelse & & ! noreturnElse ) {
2012-12-23 16:27:04 +01:00
for ( const Token * tok2 = tok ; tok2 & & tok2 ! = tok - > link ( ) ; tok2 = tok2 - > next ( ) ) {
2013-01-25 18:20:57 +01:00
if ( Token : : Match ( tok2 , " [;{}.] %var% = - %var% ; " ) )
2012-12-24 19:11:13 +01:00
varValueElse [ tok2 - > next ( ) - > varId ( ) ] = NOT_ZERO ;
2013-01-25 18:20:57 +01:00
if ( Token : : Match ( tok2 , " [;{}.] %var% = %num% ; " ) )
2012-12-24 19:11:13 +01:00
varValueElse [ tok2 - > next ( ) - > varId ( ) ] = ( int ) MathLib : : toLongNumber ( tok2 - > strAt ( 3 ) ) ;
2012-12-23 16:27:04 +01:00
}
}
2013-01-28 18:08:20 +01:00
if ( initelse & & condVarId > 0U & & ! noreturnIf & & ! noreturnElse )
2012-12-24 19:11:13 +01:00
variableValue [ condVarId ] = condVarValue ;
2012-01-13 23:30:43 +01:00
// goto the }
tok = tok - > link ( ) ;
2011-12-13 21:57:27 +01:00
2013-05-06 18:45:00 +02:00
if ( ( alwaysFalse | | initif | | noreturnIf ) & &
( alwaysTrue | | initelse | | noreturnElse ) )
2012-11-29 18:41:48 +01:00
return true ;
2013-01-28 18:08:20 +01:00
if ( ( initif | | initelse | | possibleInitElse ) & & ! noreturnIf & & ! noreturnElse ) {
2012-01-13 23:30:43 +01:00
+ + number_of_if ;
2012-12-24 19:11:13 +01:00
variableValue . insert ( varValueIf . begin ( ) , varValueIf . end ( ) ) ;
variableValue . insert ( varValueElse . begin ( ) , varValueElse . end ( ) ) ;
2012-12-23 16:27:04 +01:00
}
2012-01-13 23:30:43 +01:00
}
2011-12-13 21:57:27 +01:00
}
}
2011-12-17 07:56:46 +01:00
// = { .. }
if ( Token : : simpleMatch ( tok , " = { " ) ) {
// end token
const Token * end = tok - > next ( ) - > link ( ) ;
// If address of variable is taken in the block then bail out
2013-07-20 12:31:04 +02:00
if ( Token : : findmatch ( tok - > tokAt ( 2 ) , " & %varid% " , end , var . declarationId ( ) ) )
2011-12-17 07:56:46 +01:00
return true ;
// Skip block
tok = end ;
continue ;
}
2011-12-16 18:04:10 +01:00
2011-12-17 09:51:45 +01:00
// skip sizeof / offsetof
2011-12-27 17:03:48 +01:00
if ( Token : : Match ( tok , " sizeof|typeof|offsetof|decltype ( " ) )
2011-12-17 09:51:45 +01:00
tok = tok - > next ( ) - > link ( ) ;
2012-11-30 06:30:04 +01:00
// for/while..
2013-06-25 18:40:41 +02:00
if ( Token : : Match ( tok , " for|while ( " ) | | Token : : simpleMatch ( tok , " do { " ) ) {
const bool forwhile = Token : : Match ( tok , " for|while ( " ) ;
2011-12-27 08:18:05 +01:00
// is variable initialized in for-head (don't report errors yet)?
2013-12-04 20:32:20 +01:00
if ( forwhile & & checkIfForWhileHead ( tok - > next ( ) , var , true , false , alloc & & * alloc , membervar ) )
2011-12-27 08:18:05 +01:00
return true ;
2011-12-26 18:32:42 +01:00
// goto the {
2013-06-25 18:40:41 +02:00
const Token * tok2 = forwhile ? tok - > next ( ) - > link ( ) - > next ( ) : tok - > next ( ) ;
2011-12-26 18:32:42 +01:00
2012-01-13 23:30:43 +01:00
if ( tok2 & & tok2 - > str ( ) = = " { " ) {
2014-03-18 21:41:47 +01:00
bool init = checkLoopBody ( tok2 , var , alloc & & * alloc , membervar , ( number_of_if > 0 ) | | suppressErrors ) ;
2011-12-26 18:32:42 +01:00
2012-01-13 23:30:43 +01:00
// variable is initialized in the loop..
2013-05-29 16:16:12 +02:00
if ( init )
2012-01-13 23:30:43 +01:00
return true ;
2011-12-26 18:32:42 +01:00
2012-01-13 23:30:43 +01:00
// is variable used in for-head?
2013-12-13 13:27:01 +01:00
bool initcond = false ;
2012-01-13 23:30:43 +01:00
if ( ! suppressErrors ) {
2013-06-25 18:40:41 +02:00
const Token * startCond = forwhile ? tok - > next ( ) : tok - > next ( ) - > link ( ) - > tokAt ( 2 ) ;
2013-12-13 13:27:01 +01:00
initcond = checkIfForWhileHead ( startCond , var , false , bool ( number_of_if = = 0 ) , alloc & & * alloc , membervar ) ;
2012-01-13 23:30:43 +01:00
}
2012-11-29 18:41:48 +01:00
// goto "}"
tok = tok2 - > link ( ) ;
2013-06-25 18:40:41 +02:00
// do-while => goto ")"
2013-07-28 12:41:38 +02:00
if ( ! forwhile ) {
// Assert that the tokens are '} while ('
2013-11-06 17:53:09 +01:00
if ( ! Token : : simpleMatch ( tok , " } while ( " ) ) {
2013-11-10 15:49:53 +01:00
if ( _settings - > debugwarnings )
2013-11-06 17:53:09 +01:00
reportError ( tok , Severity : : debug , " " , " assertion failed '} while (' " ) ;
break ;
}
2013-07-28 12:41:38 +02:00
// Goto ')'
2013-06-25 18:40:41 +02:00
tok = tok - > linkAt ( 2 ) ;
2013-07-28 12:41:38 +02:00
if ( ! tok )
// bailout : invalid code / bad tokenizer
break ;
2013-12-13 13:27:01 +01:00
if ( initcond )
// variable is initialized in while-condition
return true ;
2013-07-28 12:41:38 +02:00
}
2011-12-27 08:18:05 +01:00
}
2011-12-26 18:32:42 +01:00
}
2011-12-15 18:30:59 +01:00
// TODO: handle loops, try, etc
2011-12-26 18:32:42 +01:00
if ( Token : : simpleMatch ( tok , " ) { " ) | | Token : : Match ( tok , " %var% { " ) ) {
2011-12-15 20:29:57 +01:00
return true ;
}
2015-01-06 07:44:04 +01:00
// bailout if there is ({
if ( Token : : simpleMatch ( tok , " ( { " ) ) {
return true ;
}
2015-01-21 16:49:34 +01:00
// bailout if there is assembler code or setjmp
if ( Token : : Match ( tok , " asm|setjmp ( " ) ) {
2011-12-15 20:29:57 +01:00
return true ;
2011-12-14 18:54:03 +01:00
}
2015-01-21 22:02:25 +01:00
// bailout on ternary operator. TODO: This can be solved much better. For example, if the variable is not accessed in the branches of the ternary operator, we could just continue.
2015-01-21 22:26:44 +01:00
if ( tok - > str ( ) = = " ? " ) {
2015-01-21 22:02:25 +01:00
return true ;
}
2012-11-29 18:41:48 +01:00
if ( Token : : Match ( tok , " return|break|continue|throw|goto " ) ) {
if ( noreturn )
* noreturn = true ;
2012-12-25 10:37:21 +01:00
while ( tok & & tok - > str ( ) ! = " ; " ) {
// variable is seen..
2013-07-20 12:31:04 +02:00
if ( tok - > varId ( ) = = var . declarationId ( ) ) {
2013-01-20 17:54:32 +01:00
if ( ! membervar . empty ( ) ) {
2013-03-01 11:43:59 +01:00
if ( Token : : Match ( tok , " %var% . %var% ;|%cop% " ) & & tok - > strAt ( 2 ) = = membervar )
2013-01-20 17:54:32 +01:00
uninitStructMemberError ( tok , tok - > str ( ) + " . " + membervar ) ;
else
return true ;
}
2012-12-25 10:37:21 +01:00
// Use variable
2015-01-21 13:52:03 +01:00
else if ( ! suppressErrors & & isVariableUsage ( tok , var . isPointer ( ) , alloc & & * alloc ) ) {
2013-12-04 20:32:20 +01:00
if ( alloc & & * alloc )
uninitdataError ( tok , tok - > str ( ) ) ;
else
uninitvarError ( tok , tok - > str ( ) ) ;
2014-12-18 06:37:15 +01:00
}
else
2012-12-25 10:37:21 +01:00
// assume that variable is assigned
return true ;
}
2012-12-25 13:31:54 +01:00
else if ( Token : : Match ( tok , " sizeof|typeof|offsetof|decltype ( " ) )
tok = tok - > linkAt ( 1 ) ;
2013-07-10 16:44:35 +02:00
else if ( tok - > str ( ) = = " ? " )
// TODO: False negatives when "?:" is used.
// Fix the tokenizer and then remove this bailout.
// The tokenizer should replace "return x?y:z;" with "if(x)return y;return z;"
return true ;
2012-12-25 10:37:21 +01:00
tok = tok - > next ( ) ;
}
2014-02-15 08:46:28 +01:00
return bool ( noreturn = = nullptr ) ;
2012-12-25 10:37:21 +01:00
}
2011-12-13 21:57:27 +01:00
// variable is seen..
2013-07-20 12:31:04 +02:00
if ( tok - > varId ( ) = = var . declarationId ( ) ) {
2013-12-04 20:32:20 +01:00
// calling function that returns uninit data through pointer..
if ( var . isPointer ( ) & &
Token : : Match ( tok - > next ( ) , " = %var% ( " ) & &
Token : : simpleMatch ( tok - > linkAt ( 3 ) , " ) ; " ) & &
_settings - > library . returnuninitdata . count ( tok - > strAt ( 2 ) ) > 0U ) {
if ( alloc )
* alloc = true ;
continue ;
}
2013-01-19 12:48:56 +01:00
if ( ! membervar . empty ( ) ) {
2013-06-27 16:53:15 +02:00
if ( isMemberVariableAssignment ( tok , membervar ) ) {
2013-12-04 20:32:20 +01:00
checkRhs ( tok , var , alloc & & * alloc , membervar ) ;
2013-01-17 17:21:21 +01:00
return true ;
2013-06-27 16:53:15 +02:00
}
2013-01-24 19:41:15 +01:00
2013-12-04 20:32:20 +01:00
if ( isMemberVariableUsage ( tok , var . isPointer ( ) , alloc & & * alloc , membervar ) )
2013-01-19 12:48:56 +01:00
uninitStructMemberError ( tok , tok - > str ( ) + " . " + membervar ) ;
2013-01-24 19:41:15 +01:00
2013-04-10 20:04:32 +02:00
else if ( Token : : Match ( tok - > previous ( ) , " [(,] %var% [,)] " ) )
return true ;
2013-01-16 20:28:29 +01:00
} else {
// Use variable
2015-01-21 13:52:03 +01:00
if ( ! suppressErrors & & isVariableUsage ( tok , var . isPointer ( ) , alloc & & * alloc ) ) {
2013-12-04 20:32:20 +01:00
if ( alloc & & * alloc )
uninitdataError ( tok , tok - > str ( ) ) ;
else
uninitvarError ( tok , tok - > str ( ) ) ;
}
2011-12-14 06:00:17 +01:00
2013-06-27 16:53:15 +02:00
else {
2013-06-29 09:33:51 +02:00
if ( tok - > strAt ( 1 ) = = " = " )
2013-12-04 20:32:20 +01:00
checkRhs ( tok , var , alloc & & * alloc , " " ) ;
2013-06-27 16:53:15 +02:00
2013-01-16 20:28:29 +01:00
// assume that variable is assigned
return true ;
2013-06-27 16:53:15 +02:00
}
2013-01-16 20:28:29 +01:00
}
2011-12-13 21:57:27 +01:00
}
}
2012-12-25 10:37:21 +01:00
return false ;
2011-12-13 21:57:27 +01:00
}
2013-12-04 20:32:20 +01:00
bool CheckUninitVar : : checkIfForWhileHead ( const Token * startparentheses , const Variable & var , bool suppressErrors , bool isuninit , bool alloc , const std : : string & membervar )
2011-12-26 18:32:42 +01:00
{
2013-01-16 15:37:07 +01:00
const Token * const endpar = startparentheses - > link ( ) ;
2014-11-01 14:03:02 +01:00
if ( Token : : Match ( startparentheses , " ( ! %var% %oror% " ) & & startparentheses - > tokAt ( 2 ) - > getValue ( 0 ) )
suppressErrors = true ;
2013-01-16 15:37:07 +01:00
for ( const Token * tok = startparentheses - > next ( ) ; tok & & tok ! = endpar ; tok = tok - > next ( ) ) {
2013-07-20 12:31:04 +02:00
if ( tok - > varId ( ) = = var . declarationId ( ) ) {
2013-01-19 12:48:56 +01:00
if ( Token : : Match ( tok , " %var% . %var% " ) ) {
2013-02-05 17:01:46 +01:00
if ( tok - > strAt ( 2 ) = = membervar ) {
2013-02-23 15:57:58 +01:00
if ( isMemberVariableAssignment ( tok , membervar ) )
2013-02-05 17:01:46 +01:00
return true ;
2013-02-23 15:57:58 +01:00
2013-12-04 20:32:20 +01:00
if ( ! suppressErrors & & isMemberVariableUsage ( tok , var . isPointer ( ) , alloc , membervar ) )
2013-02-05 17:01:46 +01:00
uninitStructMemberError ( tok , tok - > str ( ) + " . " + membervar ) ;
}
2013-01-19 12:48:56 +01:00
continue ;
}
2015-01-21 13:52:03 +01:00
if ( isVariableUsage ( tok , var . isPointer ( ) , alloc ) ) {
2011-12-27 08:18:05 +01:00
if ( ! suppressErrors )
uninitvarError ( tok , tok - > str ( ) ) ;
else
continue ;
}
2011-12-26 18:32:42 +01:00
return true ;
}
if ( Token : : Match ( tok , " sizeof|decltype|offsetof ( " ) )
tok = tok - > next ( ) - > link ( ) ;
2013-12-04 20:32:20 +01:00
if ( ( ! isuninit | | ! membervar . empty ( ) ) & & tok - > str ( ) = = " && " )
2011-12-26 18:32:42 +01:00
suppressErrors = true ;
}
return false ;
}
2013-12-04 20:32:20 +01:00
bool CheckUninitVar : : checkLoopBody ( const Token * tok , const Variable & var , const bool alloc , const std : : string & membervar , const bool suppressErrors )
2013-01-24 19:41:15 +01:00
{
2014-02-15 08:46:28 +01:00
const Token * usetok = nullptr ;
2013-01-24 19:41:15 +01:00
assert ( tok - > str ( ) = = " { " ) ;
for ( const Token * const end = tok - > link ( ) ; tok ! = end ; tok = tok - > next ( ) ) {
2013-07-20 12:31:04 +02:00
if ( tok - > varId ( ) = = var . declarationId ( ) ) {
2013-01-24 19:41:15 +01:00
if ( ! membervar . empty ( ) ) {
2013-06-25 18:40:41 +02:00
if ( isMemberVariableAssignment ( tok , membervar ) ) {
bool assign = true ;
bool rhs = false ;
for ( const Token * tok2 = tok - > next ( ) ; tok2 ; tok2 = tok2 - > next ( ) ) {
if ( tok2 - > str ( ) = = " = " )
rhs = true ;
if ( tok2 - > str ( ) = = " ; " )
break ;
2013-12-04 20:32:20 +01:00
if ( rhs & & tok2 - > varId ( ) = = var . declarationId ( ) & & isMemberVariableUsage ( tok2 , var . isPointer ( ) , alloc , membervar ) ) {
2013-06-25 18:40:41 +02:00
assign = false ;
break ;
}
}
if ( assign )
return true ;
}
2013-01-24 19:41:15 +01:00
2013-12-04 20:32:20 +01:00
if ( Token : : Match ( tok , " %var% = " ) )
return true ;
if ( isMemberVariableUsage ( tok , var . isPointer ( ) , alloc , membervar ) )
2013-01-24 19:41:15 +01:00
usetok = tok ;
2013-04-10 20:46:44 +02:00
else if ( Token : : Match ( tok - > previous ( ) , " [(,] %var% [,)] " ) )
return true ;
2013-01-24 19:41:15 +01:00
} else {
2015-01-21 13:52:03 +01:00
if ( isVariableUsage ( tok , var . isPointer ( ) , alloc ) )
2013-01-24 19:41:15 +01:00
usetok = tok ;
2014-04-21 12:01:02 +02:00
else if ( tok - > strAt ( 1 ) = = " = " ) {
// Is var used in rhs?
bool rhs = false ;
std : : stack < const Token * > tokens ;
tokens . push ( tok - > next ( ) - > astOperand2 ( ) ) ;
while ( ! tokens . empty ( ) ) {
const Token * t = tokens . top ( ) ;
tokens . pop ( ) ;
if ( ! t )
continue ;
if ( t - > varId ( ) = = var . declarationId ( ) ) {
// var is used in rhs
rhs = true ;
break ;
2013-06-25 18:40:41 +02:00
}
2014-04-21 12:01:02 +02:00
if ( Token : : simpleMatch ( t - > previous ( ) , " sizeof ( " ) )
continue ;
tokens . push ( t - > astOperand1 ( ) ) ;
tokens . push ( t - > astOperand2 ( ) ) ;
2013-06-25 18:40:41 +02:00
}
2014-04-21 12:01:02 +02:00
if ( ! rhs )
2013-06-25 18:40:41 +02:00
return true ;
2014-04-21 12:01:02 +02:00
} else {
return true ;
2013-06-25 18:40:41 +02:00
}
2013-01-24 19:41:15 +01:00
}
}
2013-02-12 15:59:23 +01:00
2013-03-22 08:10:46 +01:00
if ( Token : : Match ( tok , " sizeof|typeof ( " ) )
tok = tok - > next ( ) - > link ( ) ;
2013-02-12 15:59:23 +01:00
if ( Token : : Match ( tok , " asm ( %str% ) ; " ) )
return true ;
2013-01-24 19:41:15 +01:00
}
2013-02-11 18:31:14 +01:00
if ( ! suppressErrors & & usetok ) {
2013-01-24 19:41:15 +01:00
if ( membervar . empty ( ) )
uninitvarError ( usetok , usetok - > str ( ) ) ;
else
uninitStructMemberError ( usetok , usetok - > str ( ) + " . " + membervar ) ;
return true ;
}
return false ;
}
2013-12-04 20:32:20 +01:00
void CheckUninitVar : : checkRhs ( const Token * tok , const Variable & var , bool alloc , const std : : string & membervar )
2013-06-29 09:33:51 +02:00
{
bool rhs = false ;
unsigned int indent = 0 ;
2014-02-15 08:46:28 +01:00
while ( nullptr ! = ( tok = tok - > next ( ) ) ) {
2013-06-29 09:33:51 +02:00
if ( tok - > str ( ) = = " = " )
rhs = true ;
2013-07-20 12:31:04 +02:00
else if ( rhs & & tok - > varId ( ) = = var . declarationId ( ) ) {
2015-01-21 13:52:03 +01:00
if ( membervar . empty ( ) & & isVariableUsage ( tok , var . isPointer ( ) , alloc ) )
2013-06-29 09:33:51 +02:00
uninitvarError ( tok , tok - > str ( ) ) ;
2013-12-04 20:32:20 +01:00
else if ( ! membervar . empty ( ) & & isMemberVariableUsage ( tok , var . isPointer ( ) , alloc , membervar ) )
2013-06-29 09:33:51 +02:00
uninitStructMemberError ( tok , tok - > str ( ) + " . " + membervar ) ;
} else if ( tok - > str ( ) = = " ; " || (indent==0 && tok->str() == " , " ))
break ;
else if ( tok - > str ( ) = = " ( " )
+ + indent ;
else if ( tok - > str ( ) = = " ) " ) {
if ( indent = = 0 )
break ;
- - indent ;
2013-07-06 08:52:47 +02:00
} else if ( Token : : simpleMatch ( tok , " sizeof ( " ) )
2013-07-07 10:26:20 +02:00
tok = tok - > next ( ) - > link ( ) ;
2013-06-29 09:33:51 +02:00
}
}
2015-01-21 13:52:03 +01:00
bool CheckUninitVar : : isVariableUsage ( const Token * vartok , bool pointer , bool alloc ) const
2011-12-14 18:28:30 +01:00
{
2015-01-21 16:17:58 +01:00
if ( ! alloc & & vartok - > previous ( ) - > str ( ) = = " return " & & vartok - > strAt ( 1 ) ! = " = " )
2011-12-14 18:28:30 +01:00
return true ;
2014-12-20 18:47:40 +01:00
// Passing variable to typeof/__alignof__
2013-10-12 18:46:14 +02:00
if ( Token : : Match ( vartok - > tokAt ( - 3 ) , " typeof|__alignof__ ( * %var% " ) )
return false ;
2014-09-14 10:29:12 +02:00
// Accessing Rvalue member using "." or "->"
2014-09-12 08:19:00 +02:00
if ( vartok - > strAt ( 1 ) = = " . " & & vartok - > strAt ( - 1 ) ! = " & " ) {
2014-09-15 15:58:21 +02:00
// Is struct member passed to function?
if ( ! pointer & & Token : : Match ( vartok - > previous ( ) , " [,(] %var% . %var% " ) ) {
// TODO: there are FN currently:
// - should only return false if struct member is (or might be) array.
// - should only return false if function argument is (or might be) non-const pointer or reference
const Token * tok2 = vartok - > next ( ) ;
while ( Token : : Match ( tok2 , " . %var% " ) )
tok2 = tok2 - > tokAt ( 2 ) ;
if ( Token : : Match ( tok2 , " [,)] " ) )
return false ;
2015-01-21 16:17:58 +01:00
} else if ( pointer & & Token : : Match ( vartok , " %var% . %var% ( " ) ) {
return true ;
2014-09-15 15:58:21 +02:00
}
2015-01-21 16:17:58 +01:00
2014-09-12 08:19:00 +02:00
bool assignment = false ;
const Token * parent = vartok - > astParent ( ) ;
while ( parent ) {
if ( parent - > str ( ) = = " = " ) {
assignment = true ;
break ;
}
2015-01-21 22:26:44 +01:00
if ( alloc & & parent - > str ( ) = = " ( " ) {
if ( _settings - > library . functionpure . find ( parent - > strAt ( - 1 ) ) = = _settings - > library . functionpure . end ( ) ) {
assignment = true ;
break ;
}
}
2014-09-12 08:19:00 +02:00
parent = parent - > astParent ( ) ;
}
2014-09-14 10:29:12 +02:00
if ( ! assignment )
2014-09-12 08:19:00 +02:00
return true ;
}
2012-12-20 19:45:30 +01:00
// Passing variable to function..
if ( Token : : Match ( vartok - > previous ( ) , " [(,] %var% [,)] " ) | | Token : : Match ( vartok - > tokAt ( - 2 ) , " [(,] & %var% [,)] " ) ) {
2013-01-16 15:37:07 +01:00
// locate start parentheses in function call..
2013-09-21 18:48:48 +02:00
unsigned int argumentNumber = 0 ;
2012-12-20 19:45:30 +01:00
const Token * start = vartok ;
while ( start & & ! Token : : Match ( start , " [;{}(] " ) ) {
if ( start - > str ( ) = = " ) " )
start = start - > link ( ) ;
else if ( start - > str ( ) = = " , " )
+ + argumentNumber ;
start = start - > previous ( ) ;
}
// is this a function call?
if ( start & & Token : : Match ( start - > previous ( ) , " %var% ( " ) ) {
// check how function handle uninitialized data arguments..
2013-01-31 06:41:18 +01:00
const Function * func = start - > previous ( ) - > function ( ) ;
2012-12-20 19:45:30 +01:00
if ( func ) {
const Variable * arg = func - > getArgumentVar ( argumentNumber ) ;
if ( arg ) {
2014-09-11 15:14:06 +02:00
const bool address ( vartok - > previous ( ) - > str ( ) = = " & " ) ;
2012-12-20 19:45:30 +01:00
const Token * argStart = arg - > typeStartToken ( ) ;
2015-01-21 22:02:25 +01:00
if ( ! address & & Token : : Match ( argStart , " struct| %type% [,)] " ) )
2012-12-20 19:45:30 +01:00
return true ;
2015-01-21 22:02:25 +01:00
if ( ! address & & Token : : Match ( argStart , " struct| %type% %var% [,)] " ) )
2012-12-21 17:04:15 +01:00
return true ;
2013-12-11 05:54:42 +01:00
if ( pointer & & ! address & & ! alloc & & Token : : Match ( argStart , " struct| %type% * %var% [,)] " ) )
2012-12-21 17:04:15 +01:00
return true ;
2015-01-21 22:02:25 +01:00
while ( argStart - > previous ( ) & & argStart - > previous ( ) - > isName ( ) )
argStart = argStart - > previous ( ) ;
if ( Token : : Match ( argStart , " const %type% & %var% [,)] " ) )
return true ;
2013-12-11 05:54:42 +01:00
if ( ( pointer | | address ) & & ! alloc & & Token : : Match ( argStart , " const struct| %type% * %var% [,)] " ) )
2012-12-20 19:45:30 +01:00
return true ;
2013-11-16 12:02:21 +01:00
if ( ( pointer | | address ) & & Token : : Match ( argStart , " const %type% %var% [ " ) & & Token : : Match ( argStart - > linkAt ( 3 ) , " ] [,)] " ) )
return true ;
2012-12-20 19:45:30 +01:00
}
2013-01-26 08:16:53 +01:00
} else if ( Token : : Match ( start - > previous ( ) , " if|while|for " ) ) {
// control-flow statement reading the variable "by value"
2013-12-12 11:44:07 +01:00
return ! alloc ;
2015-01-21 22:02:25 +01:00
} else {
bool isnullbad = _settings - > library . isnullargbad ( start - > previous ( ) , argumentNumber + 1 ) ;
bool isuninitbad = _settings - > library . isuninitargbad ( start - > previous ( ) , argumentNumber + 1 ) ;
if ( alloc )
return isnullbad & & isuninitbad ;
return isuninitbad ;
2012-12-20 19:45:30 +01:00
}
}
}
2013-11-17 12:42:53 +01:00
if ( Token : : Match ( vartok - > previous ( ) , " ++|--|%cop% " ) ) {
2015-01-21 16:17:58 +01:00
if ( _tokenizer - > isCPP ( ) & & Token : : Match ( vartok - > previous ( ) , " >>|<< " ) ) {
if ( Token : : Match ( vartok - > previous ( ) - > astOperand1 ( ) , " >>|<< " ) )
return false ; // Looks like stream operator
const Variable * var = vartok - > tokAt ( - 2 ) - > variable ( ) ;
return ( var & & var - > typeStartToken ( ) - > isStandardType ( ) ) ;
2011-12-15 16:55:55 +01:00
}
2012-07-03 18:52:23 +02:00
// is there something like: ; "*((&var ..expr.. =" => the variable is assigned
2015-01-04 09:23:24 +01:00
if ( vartok - > previous ( ) - > str ( ) = = " & " & & ! vartok - > previous ( ) - > astOperand2 ( ) )
return false ;
2012-07-03 18:52:23 +02:00
2015-01-04 11:13:20 +01:00
// bailout to avoid fp for 'int x = 2 + x();' where 'x()' is a unseen preprocessor macro (seen in linux)
if ( ! pointer & & vartok - > next ( ) & & vartok - > next ( ) - > str ( ) = = " ( " )
return false ;
2012-01-02 11:25:13 +01:00
if ( vartok - > previous ( ) - > str ( ) ! = " & " | | ! Token : : Match ( vartok - > tokAt ( - 2 ) , " [(,=?:] " ) ) {
2013-12-12 15:33:31 +01:00
if ( alloc & & vartok - > previous ( ) - > str ( ) = = " * " ) {
const Token * parent = vartok - > previous ( ) - > astParent ( ) ;
if ( parent & & parent - > str ( ) = = " = " & & parent - > astOperand1 ( ) = = vartok - > previous ( ) )
return false ;
return true ;
}
return ! alloc ;
2011-12-14 18:28:30 +01:00
}
}
2013-12-25 14:00:27 +01:00
if ( ! alloc & & Token : : Match ( vartok - > previous ( ) , " = %var% ;|%cop% " ) )
2013-11-16 18:07:33 +01:00
return true ;
2013-11-17 12:42:53 +01:00
if ( Token : : Match ( vartok - > previous ( ) , " ? %var% " ) ) {
// this is only variable usage if variable is either:
// * unconditionally uninitialized
// * used in both rhs and lhs of ':' operator
bool rhs = false ;
for ( const Token * tok2 = vartok ; tok2 ; tok2 = tok2 - > next ( ) ) {
if ( tok2 - > str ( ) = = " ( " )
tok2 = tok2 - > link ( ) ;
else if ( tok2 - > str ( ) = = " : " )
rhs = true ;
2014-01-25 10:12:50 +01:00
else if ( Token : : Match ( tok2 , " [) ] ; , { } = ] " ))
2013-11-17 12:42:53 +01:00
break ;
else if ( rhs & & tok2 - > varId ( ) = = vartok - > varId ( ) )
return true ;
}
}
2011-12-26 14:01:46 +01:00
bool unknown = false ;
2013-12-23 16:50:27 +01:00
if ( pointer & & CheckNullPointer : : isPointerDeRef ( vartok , unknown ) ) {
2013-12-12 11:44:07 +01:00
// pointer is allocated - dereferencing it is ok.
2013-12-04 20:32:20 +01:00
if ( alloc )
return false ;
2011-12-27 10:18:49 +01:00
// function parameter?
bool functionParameter = false ;
if ( Token : : Match ( vartok - > tokAt ( - 2 ) , " %var% ( " ) | | vartok - > previous ( ) - > str ( ) = = " , " )
functionParameter = true ;
// if this is not a function parameter report this dereference as variable usage
if ( ! functionParameter )
return true ;
}
2011-12-26 14:01:46 +01:00
2015-01-21 13:52:03 +01:00
if ( _tokenizer - > isCPP ( ) & & Token : : Match ( vartok - > next ( ) , " <<|>> " ) ) {
2012-12-18 19:02:30 +01:00
// Is this calculation done in rhs?
const Token * tok = vartok ;
while ( tok & & Token : : Match ( tok , " %var%|.|:: " ) )
tok = tok - > previous ( ) ;
if ( Token : : Match ( tok , " [;{}] " ) )
return false ;
2012-06-13 19:09:51 +02:00
// Is variable a known POD type then this is a variable usage,
// otherwise we assume it's not.
2013-02-02 15:21:54 +01:00
const Variable * var = vartok - > variable ( ) ;
2012-12-18 19:02:30 +01:00
return ( var & & var - > typeStartToken ( ) - > isStandardType ( ) ) ;
2012-06-13 19:09:51 +02:00
}
2013-12-24 12:48:17 +01:00
if ( ! alloc & & vartok - > next ( ) & & vartok - > next ( ) - > isOp ( ) & & ! vartok - > next ( ) - > isAssignmentOp ( ) )
2011-12-16 20:34:44 +01:00
return true ;
2011-12-16 18:12:47 +01:00
if ( vartok - > strAt ( 1 ) = = " ] " )
2011-12-14 19:56:58 +01:00
return true ;
2011-12-14 18:28:30 +01:00
return false ;
}
2013-07-30 12:52:27 +02:00
bool CheckUninitVar : : isMemberVariableAssignment ( const Token * tok , const std : : string & membervar )
2013-01-24 19:41:15 +01:00
{
if ( Token : : Match ( tok , " %var% . %var% " ) & & tok - > strAt ( 2 ) = = membervar ) {
if ( Token : : Match ( tok - > tokAt ( 3 ) , " [=.[] " ) )
return true ;
else if ( Token : : Match ( tok - > tokAt ( - 2 ) , " [(,=] & " ) )
return true ;
2013-03-01 11:43:59 +01:00
else if ( ( tok - > previous ( ) & & tok - > previous ( ) - > isConstOp ( ) ) | | Token : : Match ( tok - > previous ( ) , " [|= " ) )
2013-01-24 19:41:15 +01:00
; // member variable usage
2013-05-02 20:34:15 +02:00
else if ( tok - > tokAt ( 3 ) - > isConstOp ( ) )
; // member variable usage
2013-01-24 19:41:15 +01:00
else
return true ;
} else if ( tok - > strAt ( 1 ) = = " = " )
return true ;
2014-03-20 06:48:17 +01:00
else if ( tok - > strAt ( - 1 ) = = " & " ) {
if ( Token : : Match ( tok - > tokAt ( - 2 ) , " [(,] & %var% " ) ) {
// locate start parentheses in function call..
unsigned int argumentNumber = 0 ;
const Token * ftok = tok ;
while ( ftok & & ! Token : : Match ( ftok , " [;{}(] " ) ) {
if ( ftok - > str ( ) = = " ) " )
ftok = ftok - > link ( ) ;
else if ( ftok - > str ( ) = = " , " )
+ + argumentNumber ;
ftok = ftok - > previous ( ) ;
}
// is this a function call?
ftok = ftok ? ftok - > previous ( ) : NULL ;
if ( Token : : Match ( ftok , " %var% ( " ) ) {
// check how function handle uninitialized data arguments..
const Function * function = ftok - > function ( ) ;
const Variable * arg = function ? function - > getArgumentVar ( argumentNumber ) : NULL ;
const Token * argStart = arg ? arg - > typeStartToken ( ) : NULL ;
while ( argStart & & argStart - > previous ( ) & & argStart - > previous ( ) - > isName ( ) )
argStart = argStart - > previous ( ) ;
if ( Token : : Match ( argStart , " const struct| %type% * const| %var% [,)] " ) )
return false ;
}
2014-05-10 20:20:55 +02:00
2014-09-09 11:11:41 +02:00
else if ( ftok & & Token : : simpleMatch ( ftok - > previous ( ) , " = * ( " ) )
2014-05-10 20:20:55 +02:00
return false ;
2014-03-20 06:48:17 +01:00
}
2013-01-24 19:41:15 +01:00
return true ;
2014-03-20 06:48:17 +01:00
}
2013-01-24 19:41:15 +01:00
return false ;
}
2013-12-04 20:32:20 +01:00
bool CheckUninitVar : : isMemberVariableUsage ( const Token * tok , bool isPointer , bool alloc , const std : : string & membervar ) const
2013-01-24 19:41:15 +01:00
{
if ( isMemberVariableAssignment ( tok , membervar ) )
return false ;
if ( Token : : Match ( tok , " %var% . %var% " ) & & tok - > strAt ( 2 ) = = membervar )
return true ;
2015-01-21 13:52:03 +01:00
else if ( ! isPointer & & Token : : Match ( tok - > previous ( ) , " [(,] %var% [,)] " ) & & isVariableUsage ( tok , isPointer , alloc ) )
2013-01-24 19:41:15 +01:00
return true ;
2014-05-10 19:56:44 +02:00
else if ( ! isPointer & & Token : : Match ( tok - > previous ( ) , " = %var% ; " ))
return true ;
2014-05-10 20:20:55 +02:00
// = *(&var);
else if ( ! isPointer & &
Token : : simpleMatch ( tok - > astParent ( ) , " & " ) & &
Token : : simpleMatch ( tok - > astParent ( ) - > astParent ( ) , " * " ) & &
Token : : Match ( tok - > astParent ( ) - > astParent ( ) - > astParent ( ) , " = * (| & " ) & &
tok - > astParent ( ) - > astParent ( ) - > astParent ( ) - > astOperand2 ( ) = = tok - > astParent ( ) - > astParent ( ) )
return true ;
2014-03-20 08:01:48 +01:00
else if ( _settings - > experimental & &
! isPointer & &
Token : : Match ( tok - > tokAt ( - 2 ) , " [(,] & %var% [,)] " ) & &
2015-01-21 13:52:03 +01:00
isVariableUsage ( tok , isPointer , alloc ) )
2014-03-20 08:01:48 +01:00
return true ;
2014-03-20 07:19:35 +01:00
2013-01-24 19:41:15 +01:00
return false ;
}
2011-12-13 21:57:27 +01:00
2011-09-05 19:42:48 +02:00
void CheckUninitVar : : uninitstringError ( const Token * tok , const std : : string & varname , bool strncpy_ )
2010-10-31 12:31:11 +01:00
{
2012-11-03 21:21:19 +01:00
reportError ( tok , Severity : : error , " uninitstring " , " Dangerous usage of ' " + varname + " ' " + ( strncpy_ ? " (strncpy doesn't always null-terminate it). " : " (not null-terminated). " ) ) ;
2010-10-31 12:31:11 +01:00
}
void CheckUninitVar : : uninitdataError ( const Token * tok , const std : : string & varname )
{
2012-11-01 18:40:20 +01:00
reportError ( tok , Severity : : error , " uninitdata " , " Memory is allocated but not initialized: " + varname ) ;
2010-10-31 12:31:11 +01:00
}
void CheckUninitVar : : uninitvarError ( const Token * tok , const std : : string & varname )
{
reportError ( tok , Severity : : error , " uninitvar " , " Uninitialized variable: " + varname ) ;
}
2013-01-17 21:04:22 +01:00
void CheckUninitVar : : uninitStructMemberError ( const Token * tok , const std : : string & membername )
{
reportError ( tok ,
2013-01-17 23:18:37 +01:00
Severity : : error ,
2013-01-17 21:04:22 +01:00
" uninitStructMember " ,
2013-01-17 23:18:37 +01:00
" Uninitialized struct member: " + membername ) ;
2013-01-17 21:04:22 +01:00
}
2014-08-05 06:24:23 +02:00
void CheckUninitVar : : deadPointer ( )
{
const SymbolDatabase * symbolDatabase = _tokenizer - > getSymbolDatabase ( ) ;
std : : list < Scope > : : const_iterator scope ;
// check every executable scope
for ( scope = symbolDatabase - > scopeList . begin ( ) ; scope ! = symbolDatabase - > scopeList . end ( ) ; + + scope ) {
if ( ! scope - > isExecutable ( ) )
continue ;
// Dead pointers..
for ( const Token * tok = scope - > classStart ; tok ! = scope - > classEnd ; tok = tok - > next ( ) ) {
if ( tok - > variable ( ) & &
tok - > variable ( ) - > isPointer ( ) & &
2015-01-21 13:52:03 +01:00
isVariableUsage ( tok , true , false ) ) {
2014-08-05 06:24:23 +02:00
const Token * alias = tok - > getValueTokenDeadPointer ( ) ;
if ( alias ) {
deadPointerError ( tok , alias ) ;
}
}
}
}
}
void CheckUninitVar : : deadPointerError ( const Token * pointer , const Token * alias )
{
const std : : string strpointer ( pointer ? pointer - > str ( ) : std : : string ( " pointer " ) ) ;
const std : : string stralias ( alias ? alias - > expressionString ( ) : std : : string ( " &x " ) ) ;
reportError ( pointer ,
Severity : : error ,
" deadpointer " ,
" Dead pointer usage. Pointer ' " + strpointer + " ' is dead if it has been assigned ' " + stralias + " ' at line " + MathLib : : toString ( alias ? alias - > linenr ( ) : 0U ) + " . " ) ;
}