Commit Graph

595 Commits

Author SHA1 Message Date
Paul Fultz II c92dab1329
Fix 10406: FP danglingLifetime with pointer-to-pointer (#3401) 2021-08-14 21:37:17 +02:00
Paul Fultz II b9ac48c90a
Fix 10409: FP 'Condition 's.size()<3' is always false' (#3396) 2021-08-14 06:48:38 +02:00
Paul Fultz II 0f897acecd
Fix FP in solveExpr when using symbolic values (#3391) 2021-08-09 20:41:10 +02:00
Paul Fultz II 7f358b2bed
Format with uncrustify (#3388) 2021-08-07 20:51:18 +02:00
Paul Fultz II 735f716603
Fix 10394 and 10395: FP knownConditionTrueFalse: loop variable (#3381) 2021-08-04 21:07:55 +02:00
Paul Fultz II 8b8ae55490
Fix 10129: false negative: knownConditionTrueFalse (#3382)
* Add symbolic matching

* Check for truncated values

* Dont propagate uninit values

* Update errorpath test

* Add test case for 10129

* Add test case for FP

* Remove symbolic values that are the same as the token

* Fix test messages

* Fix cppcheck issue

* Format
2021-08-04 21:07:31 +02:00
Paul Fultz II 61ceff39f5
Fix 10390: FP: knownConditionTrueFalse (#3374) 2021-08-02 10:49:39 +02:00
Daniel Marjamäki 1ec7397c21 astyle formatting
[ci skip]
2021-08-01 14:05:30 +02:00
Paul Fultz II 6767b57d4c
Fix FP for symbolic values when the expression is not const (#3370) 2021-07-31 14:19:37 +02:00
Paul Fultz II 3a7ba3cd29
Add symbolic values to ValueFlow (#3367) 2021-07-30 21:29:35 +02:00
Paul Fultz II c34691ff56
Fix 10354: FP knownConditionTrueFalse after bitwise and/xor (#3360) 2021-07-26 22:22:50 +02:00
Paul Fultz II 8e416a7255
Fix issue 10379: FP knownConditionTrueFalse with mod operator (#3354) 2021-07-25 18:13:14 +02:00
Paul Fultz II 00eb71fd49
Remove constexpr -> const simplification (#3346) 2021-07-22 07:22:26 +02:00
orbitcowboy 1be5bb8bbc Running astyle [ci skip] 2021-07-18 10:01:22 +02:00
Paul Fultz II 0b079937e0
Fix 10364: Performance regression (#3340) 2021-07-18 07:48:21 +02:00
Paul Fultz II 59a1c1a9d8
Refactor: Remove variable analyzer (#3339) 2021-07-18 07:46:31 +02:00
Paul Fultz II 9fc5b9472d
Fix 10353: FP knownConditionTrueFalse with conditional assignment (#3333) 2021-07-10 07:35:16 +02:00
Daniel Marjamäki 56924643be Fixed #10347 (ValueFlow: No known value set for sizeof(a[0])) 2021-07-08 18:18:44 +02:00
Paul Fultz II 3b9c399f72
Fix 10338: Hang/Crash in valueflow (#3328) 2021-07-07 08:20:32 +02:00
Paul Fultz II dd178c3ad9
Fix 10314: Possible nullPointerRedundantCheck false positive (#3298) 2021-06-19 13:59:48 +02:00
Paul Fultz II f3a33ea330
Fix 10294: ValueFlow: Wrong <Uninit> value below loop (#3291) 2021-06-09 09:20:43 +02:00
Paul Fultz II 548ec10824
Fix issue 10306: FP knownConditionTrueFalse with modulo result converted to bool (#3282) 2021-06-03 07:26:36 +02:00
Paul Fultz II ab50a75d8a
Fix 10289: ValueFlow; Wrong known value 'size_t - uint16_t > 0' (#3273) 2021-05-24 08:28:21 +02:00
Paul Fultz II 47a4144b47
Fix 10288: ValueFlow; False positives because of wrong known value when there is sign cast (#3268) 2021-05-23 10:20:29 +02:00
Paul Fultz II a772d652d8
Fix issue 9932: FP: containerOutOfBounds (#3217)
* Fix issue 9932: FP: containerOutOfBounds
2021-04-18 10:43:38 +02:00
Paul Fultz II 255f273c46
Fix issue 10088: ValueFlow: Array size, wrong known value (#3204) 2021-04-09 07:43:54 +02:00
Paul Fultz II f605f71e49
Fix issue 10225: false positive: knownConditionTrueFalse (#3196) 2021-04-05 10:20:14 +02:00
Daniel Marjamäki 44f914eaee astyle formatting
ci skip
2021-04-04 18:20:32 +02:00
Oliver Stöneberg 6397e29f84
cleaned up includes based on include-what-you-use (#3141) 2021-04-03 21:30:50 +02:00
Paul Fultz II 182ae75290
Fix issue 10216: FP containerOutOfBounds with std::array initialized with = {} (#3190) 2021-03-31 22:07:54 +02:00
Paul Fultz II 5077663684
Fix issue 9979: false positive: containerOutOfBounds with conditional resize (#3136) 2021-03-30 14:02:28 +02:00
Paul Fultz II 9de976b243
Fix issue 10194: hang with followAllReferences() (#3189)
* Decrease depth faster when there is multiple returns
2021-03-30 11:22:56 +02:00
Daniel Marjamäki 42437277dc Update Copyright year 2021-03-21 20:58:32 +01:00
shaneasd 02ac2b08a0
Fix some warnings (#3096) 2021-02-23 08:19:05 +01:00
PKEuS cf1937294a Refactorization: Removed unnecessary \n and spaces in strings
Merged from LCppC.
2021-02-20 12:58:42 +01:00
Paul Fultz II 51f93400d1
Fix issue 10166: FP uninitvar with break from infinite loop (#3124) 2021-02-11 08:07:12 +01:00
Daniel Marjamäki fbf63b932e astyle formatting
[ci skip]
2021-02-10 11:42:00 +01:00
Paul Fultz II 8569a970b4
Fix issue 10147: False positive: Out of bounds access in expression 'v[0]' because 'v' is empty. (#3123) 2021-02-10 08:11:06 +01:00
Paul Fultz II 0e871c178f
Fix issue 10141: Errors with ref assignment (duplicateValueTenary and knownEmptyContainer) (#3093) 2021-02-09 15:27:46 +01:00
Paul Fultz II cf8a5d9a22
Fix issue 10111: FP knownConditionTrueFalse (#3110) 2021-02-03 10:21:47 +01:00
Paul Fultz II 913dbeb8d8
Fix FP when inserting a range into a container (#3108) 2021-02-02 14:57:48 +01:00
Paul Fultz II e17d22eb87
Fix issue 10134: False positive: value is not known. Early return. (#3086) 2021-01-28 12:37:56 +01:00
Ken-Patrick Lehrmann 00707455be
10110: Fix FP knownConditionTrueFalse (#3053) 2021-01-25 17:23:47 +01:00
Paul Fultz II d80f2fb46f
Reapply f1cc3ad and fix performance regression (#3076) 2021-01-23 08:47:39 +01:00
Daniel Marjamäki 0fa89ff2ba Revert 14365ffc7 and f1cc3ada8, there was a performance regression 2021-01-22 10:51:46 +01:00
Paul Fultz II f1cc3ada86
Refactor valueFlowTerminatingCondition to handle inner conditions and complex conditions (#3060) 2021-01-21 20:18:53 +01:00
Paul Fultz II 25ada657da
Fix issue 9030: ValueFlow: Possible value after conditional assignment in for loop (#3059) 2021-01-18 10:12:07 +01:00
Paul Fultz II 65395aeaa1
Add regression test for 7013: valueFlowAfterCondition: false positive below overspecified code (#3055) 2021-01-17 16:29:11 +01:00
Paul Fultz II b571e9fe0b
Fix issue 10106: FP: nullPointerRedundantCheck (#3044) 2021-01-13 12:36:26 +01:00
Paul Fultz II b469da1069
Fix issue 8253: False negative: Comparison is always true (early return) (#3043) 2021-01-13 12:35:43 +01:00
Paul Fultz II 678ee00fe9
Infer variables from conditions in valueFlowSubfunction (#3037) 2021-01-11 08:00:13 +01:00
Paul Fultz II a3617fe573
Fix issue 10102: False positive: knownConditionTrueFalse in for loop (#3038) 2021-01-11 07:56:16 +01:00
Paul Fultz II bc3f5554a4
Fix issue 8871: improve check: mismatching container size conditions (#2988) 2021-01-10 13:30:00 +01:00
Paul Fultz II c267d85640
Add generic valueflowBeforeCondition (#3001) 2021-01-08 22:55:04 +01:00
Rikard Falkeborn d19454b935
Refactoring: Convert ValueType to enum class (#3005) 2021-01-02 09:30:00 +01:00
Paul Fultz II bd22070df5
Fix issue 10027: Segmentation fault in ValueFlowAnalyzer::analyze (#2987) 2020-12-26 21:26:39 +01:00
Paul Fultz II a770342593
Fix crash in getInitListSize (#2960) 2020-12-19 12:23:19 +01:00
Daniel Marjamäki 1744cbaf66 astyle formatting
[ci skip]
2020-12-19 08:56:46 +01:00
Paul Fultz II 626dcd0eba
Fix issue 10037: False positive when passing variables to functions by address (#2957) 2020-12-19 08:29:37 +01:00
Paul Fultz II b044f9ba96
Fix issue 9996: false negative: containerOutOfBounds with std::vector::front() and c++11 braced initializer (#2958) 2020-12-18 07:14:11 +01:00
Daniel Marjamäki 75f2ab20e8 Bug hunting; void* => might point at uninitialized data 2020-12-17 07:32:53 +01:00
Paul Fultz II c9d2e55ea9
Fix issue 10035: FP: knownConditionTrueFalse when bool updated in for loop (#2953) 2020-12-16 17:25:21 +01:00
Rikard Falkeborn 324e267559
getSizeOf: Handle long double (#2888) 2020-11-11 22:51:17 +01:00
Daniel Marjamäki 4330a43acb Fixed #9933 (FP: uninitvar when reading to struct) 2020-11-11 22:47:23 +01:00
Paul Fultz II bd7e915c20
Add generic reverse valueflow (#2878) 2020-11-10 16:00:55 +01:00
Paul Fultz II 64638d82bb
Fix issue 9945: FP: containerOutOfBounds (#2845) 2020-10-22 07:41:52 +02:00
Paul Fultz II 047c3ed6ba
Fix issue 9935: FP: knownConditionTrueFalse value flow doesn't account for virtual functions (#2839) 2020-10-09 17:21:27 +02:00
Paul 828a5e2326 Fix issue 9930: valueFlowLifetime hang 2020-10-03 11:01:53 +02:00
Paul Fultz II 857722f859
Fix issue 9711: FP knownConditionTrueFalse for variable modified via pointer (#2813) 2020-09-20 14:27:09 +02:00
Paul Fultz II a42976d656
Fix issue 9898: false positive: knownConditionTrueFalse (#2806) 2020-09-14 18:43:11 +02:00
Paul Fultz II bb7164171c
Fix issue 9894: ValueFlow: wrong known value below while with assignment (#2804)
* Fix issue 9894: ValueFlow: wrong known value below while with assignment
2020-09-14 08:03:25 +02:00
Paul be900873cc FIx issue 9895: ValueFlow: Wrong known value below function call with reference parameter 2020-09-11 16:03:57 -05:00
Daniel Marjamäki 600538a325
Merge pull request #2793 from Ken-Patrick/mixedoperators
Fix false positives with condition with || and &&
2020-09-11 10:11:31 +02:00
Paul 4d1b3e06c7 Fix FPs 2020-09-10 17:06:49 -05:00
Ken-Patrick Lehrmann a114bf0293 Fix false positives with condition with || and &&
The value of something in the middle of a condition with mixed || and &&
gives no information on which branch will be taken.
For instance with:
```
int f(int a, int b, bool x) {\n"
  if (a == 1 && (!(b == 2 && x))) {
  } else {
    if (x) {
    }
  }

  return 0;
}
```
We can enter the if part whether x is true or false, and similarly,
enter the else part whether x is true or false. Same thing with the
value of b.

This fixes the following false positive with above code:
```
:4:13: style: Condition 'x' is always true [knownConditionTrueFalse]
        if (x) {
            ^
:2:33: note: Assuming that condition 'x' is not redundant
    if (a == 6 && (!(b == 21 && x))) {
                                ^

```
2020-09-10 23:27:39 +02:00
Daniel Marjamäki 18e99176e5
Fix issue 9883: endless recursion in getLifetimeTokens (#2786) 2020-09-08 20:14:54 +02:00
Paul Fultz II 5099ca3c8b
Fix issue 9882: segfault in ForwardTraversal (#2785) 2020-09-08 20:14:10 +02:00
Paul d5489fd1f0 Fix issue 9883: endless recursion in getLifetimeTokens 2020-09-08 11:33:29 -05:00
Paul Fultz II ec89c57a90
Fix issue 9849: false positive: containerOutOfBounds (#2753) 2020-08-25 07:12:41 +02:00
Daniel Marjamäki 2bb73840fc astyle formatting 2020-08-23 17:17:33 +02:00
Paul Fultz II ac846b96d1
New check: Iterating a known empty container (#2740) 2020-08-22 09:16:26 +02:00
Paul 71c228a01a Check for containers that modify the size using square bracket 2020-08-10 22:07:22 -05:00
Paul fec2914700 Add tests for container changes 2020-08-09 22:52:03 -05:00
Paul 26693df788 Use forward analyzer for container forward 2020-08-08 00:10:03 -05:00
Ken-Patrick LEHRMANN a923115710 Add missing operators <<= and >>=
This fixes issues (at least false positives) in code using them.
For instance:

```
unsigned compute(unsigned long long a) {
    unsigned num = 0;
    while (a > 0xFFFFFFFF) {
      a >>= 32;
      num += 32;
    }
    if (a > 0xFFFF) {
      a >>= 16;
      num += 16;
    }
    if (a > 0xFF) {
      num += 8;
    }
    return num;
}
```

would give false positive:
```
cppcheck --enable=style  sl3.cpp
Checking sl3.cpp ...
sl3.cpp:11:11: style: Condition 'a>0xFF' is always false [knownConditionTrueFalse]
    if (a > 0xFF) {
          ^
sl3.cpp:3:14: note: Assuming that condition 'a>0xFFFFFFFF' is not redundant
    while (a > 0xFFFFFFFF) {
             ^
sl3.cpp:11:11: note: Condition 'a>0xFF' is always false
    if (a > 0xFF) {
          ^
```
2020-07-23 14:36:34 +02:00
Ken-Patrick Lehrmann 5a3789a23f 9769: Improve value flow for ternary operator
In some cases, the condition of the ternary operator is assigned a known
value after the two possible results, and in such cases, we would not
take the opportunity to assign a value to the ternary operator (and to
the other parents in the ast).
This patch adds this capability.
2020-06-20 10:29:28 +02:00
Daniel Marjamäki 2b0e4926bc valueFlowAfterAssign: variable initialization 2020-06-14 21:14:05 +02:00
Paul Fultz II 0c659a1499
Fix incorrect logic for condition (#2675) 2020-06-09 08:16:53 +02:00
Daniel Marjamäki 6d796b434e Fixed #9731 (ValueFlow: does not handle many assignments well) 2020-06-08 21:17:12 +02:00
Paul Fultz II eed2e829a7
Revert "Cleanup: Removed Tokenizer::simplifyTokenList2. As a side-effect, rules for "simple" token list are now executed on normal token list." (#2666)
This reverts commit 187cde183d.
2020-05-30 11:23:22 +02:00
PKEuS 187cde183d Cleanup: Removed Tokenizer::simplifyTokenList2. As a side-effect, rules for "simple" token list are now executed on normal token list. 2020-05-29 21:21:07 +02:00
Daniel Marjamäki d64631219b Fixed #9741 (Wrong value for sizeof) 2020-05-28 21:24:48 +02:00
Oliver Stöneberg 4f68d85633
optimized non-matchcompiled Token::simpleMatch() a bit (#2640) 2020-05-26 20:13:56 +02:00
Paul Fultz II 526abd4b52
Fix issue 9738: ValueFlow: handle std::tie better (#2657) 2020-05-22 22:57:20 +02:00
Paul Fultz II 8301fa8244
Fix issue 8144: valueFlowBeforeCondition: struct (#2645) 2020-05-21 08:47:48 +02:00
orbitcowboy 9861a5291e Formatted the code, there are no functional changes [ci skip] 2020-05-20 23:45:00 +02:00
PKEuS fb1afe2345 Fixed test suite: Do no longer apply simplifyTokenList2 to token lists, except for those tests that test those simplifications, because checks are no longer run on that simplified token list
Changed failing unit test to TODO tests, as they indicate patterns we do no longer understand properly.
2020-05-20 18:54:16 +02:00
PKEuS c9d8f607df Optimization: Reduced peak memory usage (30% in my test case) by immediately deleting simplecpp::TokenList while creating the cppcheck TokenList. 2020-05-19 12:08:17 +02:00
PKEuS 793ed68029 Refactorization: Moved code from header to source
- from utils.h to new utils.cpp
- from token.h to token.cpp
- from valueflow.h to valueflow.cpp
- from errorlogger.h to errorlogger.cpp
2020-05-19 08:35:12 +02:00
Daniel Marjamäki 08ddd84780 Update copyright year 2020-05-10 11:16:32 +02:00