From 5d1a1b7dc8ce27851899a2145172f4360ea4c043 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= Date: Tue, 3 Feb 2015 17:50:58 +0100 Subject: [PATCH] manual: updated configuration documentation --- man/manual.docbook | 176 +++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 162 insertions(+), 14 deletions(-) diff --git a/man/manual.docbook b/man/manual.docbook index 46947dbac..116bcff47 100644 --- a/man/manual.docbook +++ b/man/manual.docbook @@ -609,8 +609,10 @@ Checking test.c...
Using your own custom .cfg file - You can create and use your own .cfg files for your - projects. + You can create and use your own .cfg files for your projects. Use + --check-library and + --enable=information to get hints about what you + should configure. The command line cppcheck will try to load custom .cfg files from the working path - execute cppcheck from the path where the .cfg files @@ -625,37 +627,89 @@ Checking test.c...
Memory/resource leaks - Here is an example program: + Cppcheck has configurable checking for leaks. - void test() +
+ alloc and dealloc + + Here is an example program: + + void test() { HPEN pen = CreatePen(PS_SOLID, 1, RGB(255,0,0)); } - The code example above has a resource leak - - CreatePen() is a windows function that creates a pen. - However Cppcheck doesn't assume that return values from functions must - be freed. There is no error message: + The code example above has a resource leak - + CreatePen() is a windows function that creates a + pen. However Cppcheck doesn't assume that return values from functions + must be freed. There is no error message: - # cppcheck pen1.c + # cppcheck pen1.c Checking pen1.c... - If you provide a windows configuration file then - Cppcheck detects the bug: + If you provide a windows configuration file then + Cppcheck detects the bug: - # cppcheck --library=windows.cfg pen1.c + # cppcheck --library=windows.cfg pen1.c Checking pen1.c... [pen1.c:3]: (error) Resource leak: pen - Here is a minimal windows.cfg file: + Here is a minimal windows.cfg file: - <?xml version="1.0"?> + <?xml version="1.0"?> <def> <resource> <alloc>CreatePen</alloc> <dealloc>DeleteObject</dealloc> </resource> </def> +
+ +
+ leak-ignore and use + + Often the allocated pointer is passed to functions. + Example: + + void test() +{ + char *p = malloc(100); + dostuff(p); +} + + If Cppcheck doesn't know what dostuff does, + without configuration it will assume that dostuff + takes care of the memory so there is no memory leak. + + To specify that dostuff doesn't take care of + the memory in any way, use leak-ignore: + + <?xml version="1.0"?> +<def> + <function name="dostuff"> + <leak-ignore/> + <arg nr="1"/> + <arg nr="2"/> + </function> +</def> + + If instead dostuff takes care of the memory + then this can be configured with: + + <?xml version="1.0"?> +<def> + <memory> + <alloc>malloc</alloc> + <dealloc>free</dealloc> + <use>dostuff</use> + </memory> +</def> + + The <use> + configuration has no logical purpose. You will get the same warnings + without it. Use it to silence --check-library + information messages. +
@@ -760,6 +814,7 @@ Checking formatstring.c... <?xml version="1.0"?> <def> <function name="do_something"> + <formatstr type="printf"/> <arg nr="1"> <formatstr/> </arg> @@ -769,6 +824,18 @@ Checking formatstring.c... cppcheck --library=test.cfg formatstring.c Checking formatstring.c... [formatstring.c:3]: (error) do_something format string requires 2 parameters but only 1 is given. + + The type attribute can be either: + + + + printf - format string follows the printf rules + + + + scanf - format string follows the scanf rules + +
@@ -811,6 +878,87 @@ Checking range.c... 0,2:32 => the value 0 and all values between 2 and 32 are valid
+
+ Function Argument: minsize + + Some function arguments take a buffer. With minsize you can + configure the min size of the buffer (in bytes, not elements). + Imagine: + + void test() +{ + char str[5]; + do_something(str,"12345"); +} + + No error is reported for that: + + # cppcheck minsize.c +Checking minsize.c... + + A configuration file can for instance be created that says that + the size of the buffer in argument 1 must be larger than the strlen of + argument 2.For instance: + + <?xml version="1.0"?> +<def> + <function name="do_something"> + <arg nr="1"> + <minsize type="strlen" arg="2"/> + </arg> + <arg nr="2"/> + </function> +</def>Now Cppcheck will report this error: + + cppcheck --library=1.cfg minsize.c +Checking minsize.c... +[minsize.c:4]: (error) Buffer is accessed out of bounds: str + + + There are different types of minsizes: + + + + strlen + + + buffer size must be larger than other arguments string + length. Example: see strcpy configuration in std.cfg + + + + + argvalue + + + buffer size must be larger than value in other argument. + Example: see memset configuration in std.cfg + + + + + sizeof + + + buffer size must be larger than other argument buffer size. + Example: see strncpy configuration in std.cfg + + + + + mul + + + buffer size must be larger than multiplication result when + multiplying values given in two other arguments. Typically one + argument defines the element size and another element defines the + number of elements. Example: see fread configuration in + std.cfg + + + +
+
noreturn