walkero
/
cppcheck
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Bug hunting; 'hide' the uninitialized variables checking, I need to focus on division by zero and clang import

This commit is contained in:
Daniel Marjamäki 2020-01-15 21:06:00 +01:00
parent 9507fccfc1
commit 76a048a2c1
3 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/exprengine.cpp
View File

@ -1833,7 +1833,7 @@ void ExprEngine::runChecks(ErrorLogger *errorLogger, const Tokenizer *tokenizer,
} }
}; };
#ifdef VERIFY_INTEGEROVERFLOW #ifdef BUG_HUNTING_INTEGEROVERFLOW
std::function<void(const Token *, const ExprEngine::Value &, ExprEngine::DataBase *)> integerOverflow = [&](const Token *tok, const ExprEngine::Value &value, ExprEngine::DataBase *dataBase) { std::function<void(const Token *, const ExprEngine::Value &, ExprEngine::DataBase *)> integerOverflow = [&](const Token *tok, const ExprEngine::Value &value, ExprEngine::DataBase *dataBase) {
if (!tok->isArithmeticalOp() || !tok->valueType() || !tok->valueType()->isIntegral() || tok->valueType()->pointer > 0) if (!tok->isArithmeticalOp() || !tok->valueType() || !tok->valueType()->isIntegral() || tok->valueType()->pointer > 0)
return; return;
@ -1882,6 +1882,7 @@ void ExprEngine::runChecks(ErrorLogger *errorLogger, const Tokenizer *tokenizer,
}; };
#endif #endif
#ifdef BUG_HUNTING_UNINIT
std::function<void(const Token *, const ExprEngine::Value &, ExprEngine::DataBase *)> uninit = [=](const Token *tok, const ExprEngine::Value &value, ExprEngine::DataBase *dataBase) { std::function<void(const Token *, const ExprEngine::Value &, ExprEngine::DataBase *)> uninit = [=](const Token *tok, const ExprEngine::Value &value, ExprEngine::DataBase *dataBase) {
if (!tok->astParent()) if (!tok->astParent())
return; return;
@ -1945,6 +1946,7 @@ void ExprEngine::runChecks(ErrorLogger *errorLogger, const Tokenizer *tokenizer,
ErrorLogger::ErrorMessage errmsg(callstack, &tokenizer->list, Severity::SeverityType::error, "verificationUninit", "Cannot determine that '" + tok->expressionString() + "' is initialized", CWE_USE_OF_UNINITIALIZED_VARIABLE, false); ErrorLogger::ErrorMessage errmsg(callstack, &tokenizer->list, Severity::SeverityType::error, "verificationUninit", "Cannot determine that '" + tok->expressionString() + "' is initialized", CWE_USE_OF_UNINITIALIZED_VARIABLE, false);
errorLogger->reportErr(errmsg); errorLogger->reportErr(errmsg);
}; };
#endif
std::function<void(const Token *, const ExprEngine::Value &, ExprEngine::DataBase *)> checkFunctionCall = [=](const Token *tok, const ExprEngine::Value &value, ExprEngine::DataBase *dataBase) { std::function<void(const Token *, const ExprEngine::Value &, ExprEngine::DataBase *)> checkFunctionCall = [=](const Token *tok, const ExprEngine::Value &value, ExprEngine::DataBase *dataBase) {
if (!Token::Match(tok->astParent(), "[(,]")) if (!Token::Match(tok->astParent(), "[(,]"))
@ -2044,6 +2046,7 @@ void ExprEngine::runChecks(ErrorLogger *errorLogger, const Tokenizer *tokenizer,
} }
} }
#ifdef BUG_HUNTING_UNINIT
// Uninitialized function argument.. // Uninitialized function argument..
if (settings->library.isuninitargbad(parent->astOperand1(), num) && settings->library.isnullargbad(parent->astOperand1(), num) && value.type == ExprEngine::ValueType::ArrayValue) { if (settings->library.isuninitargbad(parent->astOperand1(), num) && settings->library.isnullargbad(parent->astOperand1(), num) && value.type == ExprEngine::ValueType::ArrayValue) {
const ExprEngine::ArrayValue &arrayValue = static_cast<const ExprEngine::ArrayValue &>(value); const ExprEngine::ArrayValue &arrayValue = static_cast<const ExprEngine::ArrayValue &>(value);
@ -2058,15 +2061,18 @@ void ExprEngine::runChecks(ErrorLogger *errorLogger, const Tokenizer *tokenizer,
} }
} }
} }
#endif
}; };
std::vector<ExprEngine::Callback> callbacks; std::vector<ExprEngine::Callback> callbacks;
callbacks.push_back(divByZero); callbacks.push_back(divByZero);
callbacks.push_back(checkFunctionCall); callbacks.push_back(checkFunctionCall);
#ifdef VERIFY_INTEGEROVERFLOW #ifdef BUG_HUNTING_INTEGEROVERFLOW
callbacks.push_back(integerOverflow); callbacks.push_back(integerOverflow);
#endif #endif
#ifdef BUG_HUNTING_UNINIT
callbacks.push_back(uninit); callbacks.push_back(uninit);
#endif
std::ostringstream report; std::ostringstream report;
ExprEngine::executeAllFunctions(tokenizer, settings, callbacks, report); ExprEngine::executeAllFunctions(tokenizer, settings, callbacks, report);

2
test/verify/itc.py
View File

@ -33,7 +33,7 @@ def get_error_lines(filename):
def check(filename): def check(filename):
cmd = [CPPCHECK_PATH, cmd = [CPPCHECK_PATH,
'--verify', '--bug-hunting',
'--platform=unix64', '--platform=unix64',
filename] filename]
print(' '.join(cmd)) print(' '.join(cmd))

6
test/verify/juliet.py
View File

@ -40,7 +40,7 @@ def check(tc:str, warning_id:str):
'-DAF_INET=1', '-DAF_INET=1',
'-DINADDR_ANY=1', '-DINADDR_ANY=1',
'--library=posix', '--library=posix',
'--verify', '--bug-hunting',
'--platform=unix64'] '--platform=unix64']
cmd += glob.glob(f) cmd += glob.glob(f)
p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE) p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
@ -61,8 +61,8 @@ def check(tc:str, warning_id:str):
final_report = '' final_report = ''
#final_report += check('C/testcases/CWE369_Divide_by_Zero/s*/*.c', 'verificationDivByZero') final_report += check('C/testcases/CWE369_Divide_by_Zero/s*/*.c', 'verificationDivByZero')
final_report += check('C/testcases/CWE457_Use_of_Uninitialized_Variable/s*/*.c', 'verificationUninit') #final_report += check('C/testcases/CWE457_Use_of_Uninitialized_Variable/s*/*.c', 'verificationUninit')
print(final_report) print(final_report)