Commit Graph

128 Commits

Author SHA1 Message Date
Daniel Marjamäki 6eec6c4bd5 Update copyright year 2020-05-10 11:11:34 +02:00
Paul Fultz II 3b20684aca
Fix issue 9360: False positive: arrayIndexOutOfBounds when function is called with different array sizes (#2541) 2020-02-17 10:31:08 +01:00
Paul Fultz II ce1fc56e96 Fix issue 6890: ValueFlow: min/max value for variable, after condition (#2460)
* Set bounds when combining values

* Adust bounds when they are negated

* Try to infer conditional values

* Switch false and true

* Fix checking of conditions

* Fix compare

* Fix remaining tests

* Fix overflows
2019-12-26 15:47:53 +01:00
Paul Fultz II 694d147097 Refactor ProgramMemory and PathAnalysis (#2311)
* Traverse conditions for container size

* Move program memory to seperate file

* Revert "Traverse conditions for container size"

This reverts commit 914783769f.

* Move pathanalysis to seperate files
2019-10-30 17:57:46 +01:00
Rikard Falkeborn 5c061c1c12 Set correct type and size of string and char literals (#2275)
* Set correct type and size of string and char literals

Use that string and char literal tokens store the prefix. This makes
it possible to distinghuish between different type of string literals
(i.e., utf8 encoded strings, utf16, wide strings, etc) which have
different type.

When the tokens holding the string and character values have the correct
type, it is possible to improve Token::getStrSize() to give the correct
result for all string types. Previously, it would return the number of
characters in the string, i.e., it would give the wrong size unless
the type of the string was char*.

Since strings now can have different size (in number of bytes) and
length (in number of elements), add a new helper function that returns
the number of characters. Checkers have been updated to use the correct
functions.

Having the size makes it possible to find more problems with prefixed
strings, and to reduce false positives, for example in the buffer
overflow checker.

Also, improve the stringLiteralWrite error message to also print the
prefix of the string (if there is one).

* Add comment and update string length
2019-10-20 07:11:57 +02:00
Daniel Marjamäki 049f6475ee astyle formatting
[ci skip]
2019-09-20 15:07:27 +02:00
Paul Fultz II ad8abdb0c3 Add impossible values to ValueFlow (#2186)
* Add impossible category

* Replace values

* Try to adjust known values

* Add ! for impossible values

* Add impossible with possible values

* Remove contradictions

* Add values when the branch is not dead

* Only copy possible values

* Dont bail on while loops

* Load std lib in valueflow

* Check for function calls

* Fix stl errors

* Fix incorrect impossible check

* Fix heap-after-use error

* Remove impossible values when they are lowered

* Show the bound and remove overlaps

* Infer conditions

* Dont push pointer values through dynamic_cast

* Add test for dynamic_cast issue

* Add shifttoomanybits test

* Add test for div by zero

* Add a test for issue 9315

* Dont make impossible value inconclusive

* Fix FP with shift operator

* Improve handleKnownValuesInLoop for impossible values

* Fix cppcheck warning

* Fix impossible values for ctu

* Bailout for streams

* Check equality conditions

* Fix overflows

* Add regression test for 9332

* Remove duplicate conditions

* Skip impossible values for invalid value

* Check for null

* Rename bound to range

* Formatting
2019-09-20 15:06:37 +02:00
Paul Fultz II ba037837c9 Track lifetime across multiple returns
This will now warn when doing something like this:

```cpp
template <class T, class K, class V>
const V& get_default(const T& t, const K& k, const V& v) {
    auto it = t.find(k);
    if (it == t.end()) return v;
    return it->second;
}
const int& bar(const std::unordered_map<int, int>& m, int k) {
    auto x = 0;
    return get_default(m, k, x);
}
```

The lifetime warning is considered inconclusive in this case.

I also updated valueflow to no tinject inconclusive values unless `--inconclusive` flag is passed. This creates some false negatives because library functions are not configured to not modify their input parameters, and there are some checks that do not check if the value is inconclusive or not.
2019-09-11 19:25:09 +02:00
Paul Fultz II e657cf4073 Fix issue 9320: False positive knownConditionTrueFalse related to truncation (#2144) 2019-09-05 15:15:58 +02:00
Paul Fultz II cb509f1a8b Fix issue 4845: alias to vector element invalid after vector is changed (#2113)
* Try harder to track ref lifetimes

* Dont add lifetimes for references

* Use correct token

* Check for front and back as well

* Improve handling of addresses

* Formatting

* Fix FP
2019-09-02 06:58:09 +02:00
Paul Fultz II ee7fe3aaa1 Fix FP: Unitialized variable when using a pointer
This fixes the FP in cases like this:

```cpp
void f() {
    bool b;
    bool * x = &b;
    if (x != nullptr)
        x = 1;
}
```

It tracks the indirection of the uninit value in valueflow.
2019-08-17 07:36:41 +02:00
Paul Fultz II 3aef0c9bd3 Fix issue 8715: regression uninitvar not detected (#2092) 2019-08-16 07:48:54 +02:00
Daniel Marjamäki 45d1ca6f7c Safe checks: Clarify a warning message 2019-07-25 17:19:51 +02:00
Paul Fultz II a08a9c1349 Switch to use lifetime analysis for iterators and pointers to invalid containers
This will diagnose more issues such as:

```cpp
void f(std::vector<int> &v) {
    auto v0 = v.begin();
    v.push_back(123);
    std::cout << *v0 << std::endl;
}
```
2019-07-18 10:56:44 +02:00
Daniel Marjamäki b4a05a3dd0 Refactoring: Use enum class 2019-07-16 11:12:35 +02:00
Daniel Marjamäki 32eda27391 Refactoring: Use enum class 2019-07-16 10:51:26 +02:00
Daniel Marjamäki 38182bf37b Replace 'unsigned' with 'nonneg' in valueflow 2019-07-15 13:47:17 +02:00
Daniel Marjamäki 9f548efbd3 Refactoring: enum class 2019-07-10 15:27:07 +02:00
Daniel Marjamäki 95d65c8c34 Refactoring; enum class 2019-07-10 14:05:16 +02:00
Scott Furry e459762bcd Suppress Code semantic and syntax warnings (#1936)
Sources were built with Clang but with increased verbosity of error detection.

A number of syntax and semantic warnings were encountered. Commit adds
changes to correct these warnings.

Some changes involve removing extra, and unncessary, semi-colons at EOL
(e.g. at end of switch clause).

Project astyle settings are not currently setup to detect if a file is to
have an extra carriage return after the last line of data. Two files were
altered to ensure an extra carriage return.

An advisory to enhance code was encountered in triage code. Clang advisory
on a for-loop interation value suggested that:
`use reference type 'const QString &' to prevent copying`
2019-06-30 21:43:25 +02:00
Ken-Patrick 66ebc187f6 Cleanup some const_cast of Token* (#1886)
* Add non const version of some methods of Token

The aim is to reduce the (ab)use of const_cast.

* Cleanup some more const_cast in valueflow

* Remove useless const_cast

* Remove some const_cast from templatesimplifier

* Remove some const_cast from valueflow
2019-06-16 10:09:38 +02:00
Paul Fultz II f75c15af56 Fix issue 6821: New check: access heap/stack data using address of variable
This fixes errors with:

```cpp
int f() {
    int i;
    return (&i)[1];
}
```

It uses the lifetime analysis to detect the issues.
2019-05-31 12:24:31 +02:00
Paul Fultz II 8c03be3212 Fix issue 9077: False positive: Returning pointer to local variable (#1821)
* Avoid implicit conversion for lifetimes

* Fix issue 9077

* Add more tests

* Rename function

* Fix implicit conversion with containers

* Format

* Fix crash
2019-05-05 11:40:59 +02:00
Daniel Marjamäki 92f4113b59 Array index: Checking array index out of bounds for dynamic buffers 2019-03-17 13:09:15 +01:00
Paul Fultz II 507c7a4388 Improvement to lifetime tracking of addressof and derefencing
This will now warn for cases like this:

```cpp
auto& f() {
    std::vector<int> x;
    return x[0];
}
```

It also improves the handling of address of operator, so it can now warn across some function calls, like this:

```cpp
int& f(int& a) {
    return a;
}
int* hello() {
    int x = 0;
    return &f(x);
}
```
2019-02-22 06:38:56 +01:00
Daniel Marjamäki bd7790fd8c Update copyright year 2019-02-09 07:24:06 +01:00
Paul Fultz II c176775afb Avoid infinite recursion in getLifetimeVariable (#1634)
* Fix direct recursion

* Limit depth of getLifetimeVariable
2019-01-31 10:34:41 +01:00
Daniel Marjamäki 18e6a09739 astyle formatting
[ci skip]
2019-01-29 09:48:18 +01:00
Paul Fultz II 165a22ed0f Lifetime: Support analysis with functions that do not return a reference (#1632)
* Initial support for function return

* Add test case

* Add support for reference parameters

* Format
2019-01-29 09:47:52 +01:00
Paul Fultz II 3975913637 Extend lifetime checking for references
This will use the lifetime checker for dangling references. It will find these cases for indirectly assigned reference:

```cpp
int &foo()
{
    int s = 0;
    int& x = s;
    return x;
}
```

This will also fix issue 510 as well:

```cpp
int &f( int k )
{
    static int &r = k;
    return r;
}
```
2019-01-23 07:29:16 +01:00
Daniel Marjamäki 141ce7cd63 ValueFlow: Use FwdAnalysisAllPaths in ValueFlow to track complex expressions 2018-12-31 17:05:46 +01:00
Daniel Marjamäki d5a478d5c5 astyle formatting
[ci skip]
2018-11-10 21:30:01 +01:00
Paul Fultz II 1ffcc6b730 Add initial lifetime checker (#1448)
* Inital valueflow lifetime checker

* Forward values

* Add initial tests

* Fix deplicate messages

* Fix traversing nested lambdas

* Turn test case into a todo

* Skip if returning a container

* Fix FP when using references

* Add missing header

* Fix FP from broken scopes

* Fix FP with static variable

* Add test for more FPs

* Parse lambda functions

* Check for capture by value

* Add tests for using a container and lambda together

* Fix cppcheck errors

* Add test for nextAfterAstRightmostLeaf

* Add valueflow tests

* Update error message

* Check for correct lambda token

* Improve error path reporting

* Fix hang when parsing arrays that look almlost like lambdas
2018-11-10 16:40:40 +01:00
Daniel Marjamäki 7833ade128 Updated copyright year 2018-10-13 18:20:31 +02:00
Daniel Marjamäki 81f54f7094 Fixed #8681 (ValueFlow: Container size) 2018-08-10 11:29:16 +02:00
Daniel Marjamäki c4caee6b18 Updated copyright year 2018-01-14 15:37:52 +01:00
Daniel Marjamäki ba8222de1c ValueFlow: Put 'inconclusive' state in the ValueKind. A value can't be both known and inconclusive. 2017-09-20 22:41:36 +02:00
Ayaz Salikhov b8cd7dbb5c Use nullptr instead of 0 or NULL (#936) 2017-08-09 20:00:26 +02:00
Ayaz Salikhov 28aa939d69 iwyu - include what you use 2017-05-27 04:33:47 +02:00
Daniel Marjamäki f7cda81c0c Refactoring: ValueFlow::Value::errorSeverity() will have the logic if value is 'error' or 'warning' 2017-05-23 11:43:56 +02:00
Daniel Marjamäki f92b16706c ValueFlow: Add ErrorPath info after for loop 2017-05-19 16:32:58 +02:00
Daniel Marjamäki cd53d10970 ErrorPath: More information about assignments 2017-05-16 23:12:35 +02:00
Daniel Marjamäki c617851567 ErrorLogger: Added ErrorPath where each item has token and info 2017-05-16 22:38:13 +02:00
Daniel Marjamäki 8d75d1b920 Partial fix for #8028 (ValueFlow: Origin/callstack of value) 2017-05-15 20:05:11 +02:00
Daniel Marjamäki 8a738eefab fixed #7998 (uninitialized variable is not found when used with switch/case) 2017-04-23 18:05:14 +02:00
Frank Zingsheim cb5a5e6a25 Improve Fix #6180 (Access of moved variable still allowed until function is called) 2016-12-17 16:42:46 +01:00
Frank Zingsheim 9a871d33f7 Improve Fix #6180 ("reset" and "clear" clears the move status) 2016-12-17 16:39:30 +01:00
Frank Zingsheim c8ff96fe8f Fixed #6180 (Usage of variable after std::move or std::forward) 2016-11-20 15:14:49 +01:00
Daniel Marjamäki e1e9eacccc ValueFlow: Added float type 2016-11-13 22:59:56 +01:00
Daniel Marjamäki 4732667488 ValueFlow: allow more value types 2016-11-13 22:33:39 +01:00
Frank Zingsheim a91c54df72 Remove unused enums ValueFlow::Value::ValueKind::Max and ValueFlow::Value::ValueKind::Min 2016-10-30 09:44:52 +01:00
Daniel Marjamäki 1f98af654a ValueFlow: better handling of ? when condition result is known 2016-08-15 14:19:35 +02:00
Robert Reif eca805ba3b ValueFlow: Fixed constant folding of sizeof(enum) and sizeof(enumerator) (#7564) 2016-07-08 20:39:34 +02:00
Daniel Marjamäki b94eaeca6a ValueFlow: For convenience, return constant folded value 2016-05-08 11:17:10 +02:00
Daniel Marjamäki b26dd1ccab ValueFlow: Handle enums 2016-05-07 20:18:07 +02:00
Lauri Nurmi 996c9244d8 Update copyright year to 2007-2016. 2016-01-01 15:34:45 +02:00
Daniel Marjamäki 0f9d90d2be Changed Copyrights. Removed my name. 2015-11-18 20:04:50 +01:00
PKEuS 2e510c8733 Added missing include to valueflow.h 2015-10-07 14:42:10 +02:00
PKEuS b634a76fcb Added CPPCHECKLIB to two clases and reverted 30a942af0b 2015-10-07 13:38:34 +02:00
Daniel Marjamäki 6790d91fbb Improve error messages for conditional values. make valueFlowSwitchVariable values conditional that depend on the case. Partial fix for #6884. 2015-07-29 19:54:57 +02:00
Daniel Marjamäki afd9f071c0 simplified the code for ValueFlow Known/Possible values 2015-07-25 19:36:29 +02:00
Daniel Marjamäki 88491267d6 ValueFlow: Added Value::valueKind that says if value is known or possible 2015-07-16 17:33:16 +02:00
Jakub Melka b7d92a4fc7 Fixed warnings of CppCheck's own code (caused by new check #695) 2015-03-08 18:18:09 +01:00
PKEuS e02caea025 Fixed C&P-mistake in comment 2015-02-21 12:39:02 +01:00
PKEuS 451a277b18 Refactorization: Support function default values in ValueFlow, removed now obsolete CheckNullPointer::nullPointerDefaultArgument().
-> Use valueFlowForward() to parse values passed to functions
-> valueFlowForward(): Set value in first occurrence of a variable in a condition
2015-02-01 15:15:00 +01:00
PKEuS a4cc4c3e3f Refactorization: Use SymbolDatabase scope information in ValueFlow 2015-02-01 12:10:20 +01:00
Daniel Marjamäki ff11ba9847 Updated copyright year to 2015 2015-01-03 12:14:58 +01:00
Daniel Marjamäki 79fc549de0 ValueFlow: start adding valueflow handling of strings and pointer aliases 2014-08-03 20:11:22 +02:00
PKEuS 09e03fa6ef Fixed some complaints of PVS Studio 2014-05-19 14:37:54 +02:00
PKEuS 92839ab4d2 Refactorizations:
- Rearranged members of Value to reduce structures size
- Removed redundant ctor of Value
- Fixed VS warning in tokenize.cpp
2014-04-12 12:04:55 +02:00
Daniel Marjamäki fd3a8a2a18 Update copyright 2014-02-15 07:45:39 +01:00
Daniel Marjamäki c5971b7137 value flow: fix fp when conditional value is assigned 2014-01-25 20:14:49 +01:00
Daniel Marjamäki bb3cc67aaa value flow: improved calculations that depends on variable 2014-01-20 21:45:30 +01:00
Daniel Marjamäki 77f3f6c21a valueflow: added setTokenValue that perform calculations using set value 2014-01-18 19:30:44 +01:00
Daniel Marjamäki 8b6f001f94 value flow: inconclusive handling of unknown functions 2014-01-12 19:48:20 +01:00
Daniel Marjamäki 740f72fdbd value flow: simple handling of for loops 2014-01-07 19:20:56 +01:00
Daniel Marjamäki afaf1473a8 Value flow: refactorings, write debug warning if iterating too far 2014-01-05 20:06:46 +01:00
Daniel Marjamäki d8270c710a Add new experimental value flow analysis 2014-01-04 20:57:02 +01:00