manual: cleaned up chapter about bug hunting
This commit is contained in:
parent
bda73600e0
commit
c60652630f
|
@ -863,85 +863,4 @@ Cppcheck output:
|
||||||
foo(x);
|
foo(x);
|
||||||
^
|
^
|
||||||
|
|
||||||
## Philosopphy
|
|
||||||
|
|
||||||
It is very important that we do warn about all unsafe code. We want that users can feel fully confident about the code we say is "safe".
|
|
||||||
|
|
||||||
However, a sloppy analysis that will report too much noise will not be useful. We need to have strong heuristics to avoid false positives.
|
|
||||||
|
|
||||||
At the moment there is no whole program analysis but that will be added later to avoid definite false positives.
|
|
||||||
|
|
||||||
The focus will be to detect "hidden" bugs. Good candidates are undefined behavior that does not cause a crash immediately but will just cause strange behavior.
|
|
||||||
* Buffer overflows
|
|
||||||
* Uninitialized variables
|
|
||||||
* Usage of dead pointers
|
|
||||||
|
|
||||||
## Compiling
|
|
||||||
|
|
||||||
make USE_Z3=yes
|
|
||||||
|
|
||||||
## Verification for work-in-progress
|
|
||||||
|
|
||||||
It is possible to instantly verify your code changes directly in your editor.
|
|
||||||
|
|
||||||
You can for instance configure a save action like this:
|
|
||||||
|
|
||||||
cd repo ; git diff > temp.diff ; cppcheck --verify-diff=temp.diff
|
|
||||||
|
|
||||||
Ensure that the warnings are sent to your editor and displayed.
|
|
||||||
|
|
||||||
From now on, only use 'git commit' when you think all the verification warnings you get looks safe.
|
|
||||||
|
|
||||||
With this method, Cppcheck will verify all functions that you are modifying.
|
|
||||||
|
|
||||||
## Verification during review
|
|
||||||
|
|
||||||
... well I am hoping it will be possible to integrate cppcheck verification in github, gerrit, etc.
|
|
||||||
|
|
||||||
## Annotations
|
|
||||||
|
|
||||||
To silence Cppcheck verification warnings it is possible to use annotations.
|
|
||||||
|
|
||||||
Example code:
|
|
||||||
|
|
||||||
void foo(int x) {
|
|
||||||
return 10000 / x;
|
|
||||||
}
|
|
||||||
|
|
||||||
Cppcheck verification will say that there is division and it can't determine that it's not division by zero.
|
|
||||||
|
|
||||||
Example code with SAL annotation:
|
|
||||||
|
|
||||||
void foo(int _In_range_(1,1000) x) {
|
|
||||||
return 10000 / x;
|
|
||||||
}
|
|
||||||
|
|
||||||
Example code with Cppcheck annotation:
|
|
||||||
|
|
||||||
void foo(int __cppcheck_low__(1) x) {
|
|
||||||
return 10000 / x;
|
|
||||||
}
|
|
||||||
|
|
||||||
## Function calls
|
|
||||||
|
|
||||||
For a reliable verification it will be very important that `--check-library` is used, you need to ensure that critical library functions are configured.
|
|
||||||
|
|
||||||
### Uninitialized variables
|
|
||||||
|
|
||||||
When `const` is used for pointer arguments that will be seen as a annotation.
|
|
||||||
|
|
||||||
This function:
|
|
||||||
|
|
||||||
void foo(char *p);
|
|
||||||
|
|
||||||
Cppcheck will assume that `p` points at uninitialized memory. When `foo` is checked it will be ensured that it initializes the memory.
|
|
||||||
|
|
||||||
This function:
|
|
||||||
|
|
||||||
void foo(const char *p);
|
|
||||||
|
|
||||||
Cppcheck will assume that `p` points at initialized memory. If you call `foo` and pass a pointer to uninitialized memory we will warn.
|
|
||||||
|
|
||||||
TODO: Further annotations to specify how a function initializes memory will be required.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue