Verification; Updated manual
This commit is contained in:
parent
c6dfec5d5f
commit
9b48802a7f
|
@ -712,21 +712,19 @@ An example usage:
|
||||||
|
|
||||||
Cppcheck will tell you if it can't determine that your code is safe.
|
Cppcheck will tell you if it can't determine that your code is safe.
|
||||||
|
|
||||||
The goal is that this will detect all bugs you find with dynamic analysis and fuzzing. And then more bugs.
|
All bugs you find with dynamic analysis and fuzzing will be revealed. And then more bugs.
|
||||||
|
|
||||||
However the analysis will be noisy. Because of the noise, it will probably not be practical to use this in continuous integration.
|
This analysis is noisy. Because of the noise, it will probably not be practical to use this for instance in continuous integration. Some possible use cases where more noise could be tolerated;
|
||||||
|
* you are writing new code and want to ensure it is safe.
|
||||||
Some possible use cases;
|
|
||||||
* you are writing new code and want to ensure that there is no bug.
|
|
||||||
* you are reviewing code and want to get hints about possible UB.
|
* you are reviewing code and want to get hints about possible UB.
|
||||||
* you need extra help troubleshooting a crash or weird bug.
|
* you need extra help troubleshooting a weird bug.
|
||||||
* you tagged a release candidate and want to run extra analysis on that.
|
* you tagged a release candidate and want to check if the code is safe.
|
||||||
|
|
||||||
## Philosopphy
|
## Philosopphy
|
||||||
|
|
||||||
It is very important that we do warn about unsafe code. We want that users feel confident about the code we say is "safe".
|
It is very important that we do warn about all unsafe code. We want that users can feel fully confident about the code we say is "safe".
|
||||||
|
|
||||||
However, a sloppy analysis that will report too much noise will not be useful. We need to have heuristics to avoid false positives.
|
However, a sloppy analysis that will report too much noise will not be useful. We need to have strong heuristics to avoid false positives.
|
||||||
|
|
||||||
At the moment there is no whole program analysis but that will be added later to avoid definite false positives.
|
At the moment there is no whole program analysis but that will be added later to avoid definite false positives.
|
||||||
|
|
||||||
|
@ -785,4 +783,26 @@ Example code with Cppcheck annotation:
|
||||||
return 10000 / x;
|
return 10000 / x;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
## Function calls
|
||||||
|
|
||||||
|
For a reliable verification it will be very important that `--check-library` is used, you need to ensure that critical library functions are configured.
|
||||||
|
|
||||||
|
### Uninitialized variables
|
||||||
|
|
||||||
|
When `const` is used for pointer arguments that will be seen as a annotation.
|
||||||
|
|
||||||
|
This function:
|
||||||
|
|
||||||
|
void foo(char *p);
|
||||||
|
|
||||||
|
Cppcheck will assume that `p` points at uninitialized memory. When `foo` is checked it will be ensured that it initializes the memory.
|
||||||
|
|
||||||
|
This function:
|
||||||
|
|
||||||
|
void foo(const char *p);
|
||||||
|
|
||||||
|
Cppcheck will assume that `p` points at initialized memory. If you call `foo` and pass a pointer to uninitialized memory we will warn.
|
||||||
|
|
||||||
|
TODO: Further annotations to specify how a function initializes memory will be required.
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue