* Traverse conditions for container size
* Move program memory to seperate file
* Revert "Traverse conditions for container size"
This reverts commit 914783769f.
* Move pathanalysis to seperate files
The Windows Data Type SSIZE_T is declared in BaseTsd.h
However, it is written in capital letters
- Fixes e.g. the following false positive:
(portability) %zd in format string (no. 1) requires 'ssize_t' but the
argument type is 'SSIZE_T {aka signed long long}'.
[invalidPrintfArgType_sint]
* Set correct type and size of string and char literals
Use that string and char literal tokens store the prefix. This makes
it possible to distinghuish between different type of string literals
(i.e., utf8 encoded strings, utf16, wide strings, etc) which have
different type.
When the tokens holding the string and character values have the correct
type, it is possible to improve Token::getStrSize() to give the correct
result for all string types. Previously, it would return the number of
characters in the string, i.e., it would give the wrong size unless
the type of the string was char*.
Since strings now can have different size (in number of bytes) and
length (in number of elements), add a new helper function that returns
the number of characters. Checkers have been updated to use the correct
functions.
Having the size makes it possible to find more problems with prefixed
strings, and to reduce false positives, for example in the buffer
overflow checker.
Also, improve the stringLiteralWrite error message to also print the
prefix of the string (if there is one).
* Add comment and update string length
* Fix crashes in valueflow
http://cppcheck1.osuosl.org:8000/crash.html
For instance in http://cppcheck1.osuosl.org:8000/styx
```
==19651==ERROR: AddressSanitizer: SEGV on unknown address 0x00000000001c (pc 0x556f21abc3df bp 0x7ffc140d2720 sp 0x7ffc140d2710 T0)
==19651==The signal is caused by a READ memory access.
==19651==Hint: address points to the zero page.
#0 0x556f21abc3de in Variable::isGlobal() const ../lib/symboldatabase.h:342
#1 0x556f221f801a in valueFlowForwardVariable ../lib/valueflow.cpp:2471
#2 0x556f22208130 in valueFlowForward ../lib/valueflow.cpp:3204
#3 0x556f221e9e14 in valueFlowReverse ../lib/valueflow.cpp:1892
#4 0x556f221f1a43 in valueFlowBeforeCondition ../lib/valueflow.cpp:2200
#5 0x556f2223dbb5 in ValueFlow::setValues(TokenList*, SymbolDatabase*, ErrorLogger*, Settings const*) ../lib/valueflow.cpp:6521
#6 0x556f220e5991 in Tokenizer::simplifyTokens1(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) ../lib/tokenize.cpp:2342
#7 0x556f21d8d066 in CppCheck::checkFile(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::istream&) ../lib/cppcheck.cpp:508
#8 0x556f21d84cd3 in CppCheck::check(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) ../lib/cppcheck.cpp:192
#9 0x556f21a28796 in CppCheckExecutor::check_internal(CppCheck&, int, char const* const*) ../cli/cppcheckexecutor.cpp:884
#10 0x556f21a24be8 in CppCheckExecutor::check(int, char const* const*) ../cli/cppcheckexecutor.cpp:198
#11 0x556f22313063 in main ../cli/main.cpp:95
```
* Add test case for crash in valueflow
Keeping the prefix in the token allows cppcheck to print the correct
string and char literals in debug and error messages.
To achieve this, move some of the helper functions from token.cpp to
utils.h so that checks that look at string and char literals can reuse
them. This is a large part of this commit.
Note that the only user visible change is that when string and char
literals are printed in error messages, the prefix is now included.
For example:
int f() {
return test.substr( 0 , 4 ) == U"Hello" ? 0 : 1 ;
};
now prints U"Hello" instead of "Hello" in the error message.
`__typeof__` is just an alternative keyword for `typeof`, see
https://gcc.gnu.org/onlinedocs/gcc/Typeof.html
Since `typeof` is handled in several checkers it makes sense to define
`__typeof__` as `typeof`.
Tokenizer::simplifyTypedef(): Use `typeof` instead of `__typeof__` to
be consistent with the rest of the code.
* Better handle const/noexcept methods/conversion operator
const or noexcept in a method / (conversion) operator definition were
badly parsed, ending in a bad ast.
This patch tries to make it better, at least making the ast less bad,
so as to avoid errors in later checks.
* Fix parsing of some operator
It is still very broken, but at least, it does not fail.
Here is the previous error:
```
TestSimplifyTypedef::simplifyTypedef129
terminate called after throwing an instance of 'InternalError'
Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1 0x00007ffff612a801 in __GI_abort () at abort.c:79
#2 0x00007ffff6b1d957 in ?? () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#3 0x00007ffff6b23ab6 in ?? () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#4 0x00007ffff6b23af1 in std::terminate() () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#5 0x00007ffff6b23d24 in __cxa_throw () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#6 0x0000555556366bf8 in Tokenizer::cppcheckError (this=0x7fffffffc2d0, tok=0x607000006760) at ../lib/tokenize.cpp:8721
#7 0x000055555636a4bb in Tokenizer::validate (this=0x7fffffffc2d0) at ../lib/tokenize.cpp:9154
#8 0x000055555633e3aa in Tokenizer::simplifyTokenList1 (this=0x7fffffffc2d0, FileName=0x603000002d50 "test.cpp") at ../lib/tokenize.cpp:4477
#9 0x00005555563223ca in Tokenizer::simplifyTokens1 (this=0x7fffffffc2d0, configuration="") at ../lib/tokenize.cpp:2286
#10 0x00005555563235c8 in Tokenizer::tokenize (this=0x7fffffffc2d0, code=..., FileName=0x555556fda9a0 "test.cpp", configuration="") at ../lib/tokenize.cpp:2345
#11 0x00005555569410ea in TestSimplifyTypedef::tok[abi:cxx11](char const*, bool, cppcheck::Platform::PlatformType, bool) (this=0x555557728580 <(anonymous namespace)::instance_TestSimplifyTypedef>,
code=0x7fffffffcb70 "class c {\n typedef char foo[4];\n foo _a;\n constexpr operator foo &() const noexcept { return _a; }\n};", simplify=false, type=cppcheck::Platform::Native, debugwarnings=true) at ../test/testsimplifytypedef.cpp:192
#12 0x000055555697239e in TestSimplifyTypedef::simplifyTypedef129 (this=0x555557728580 <(anonymous namespace)::instance_TestSimplifyTypedef>) at ../test/testsimplifytypedef.cpp:2599
#13 0x000055555694092c in TestSimplifyTypedef::run (this=0x555557728580 <(anonymous namespace)::instance_TestSimplifyTypedef>) at ../test/testsimplifytypedef.cpp:167
#14 0x00005555569cab84 in TestFixture::run (this=0x555557728580 <(anonymous namespace)::instance_TestSimplifyTypedef>, str="simplifyTypedef129") at ../test/testsuite.cpp:306
#15 0x00005555569cb445 in TestFixture::runTests (args=...) at ../test/testsuite.cpp:329
#16 0x000055555687bdfb in main (argc=2, argv=0x7fffffffd988) at ../test/testrunner.cpp:44
```
* Replace some ASSERT_EQUALS with TODO_ASSERT_EQUALS when the actual result is still wrong
* Remove invalid code from simplifyTypedef129
* Properly skip parentheses
* Fix#9389 ("debug: Executable scope 'x' with unknown function." with "using namespace")
* use static rather than anonymous namespace for new functions
Previously, cppcheck discarded the `extern "C"` specifier. This patch modifies cppcheck to parse each as a Scope in the symbol database, then uses that scope to avoid false positives when making recommendations about changing a function argument to be a reference (since variable references is a C++ feature, unavailable in C, and thus unavailable in `extern "C"`).
* Use lifetimes to check for returning reference to temporaries
* Check for dangling temporaries
* Check for unknown types for returining by reference
* Remove old returnTemporary check
* Format
* Check for deref op
* Ternary operator return an lvalue reference
* Warn when returning temporaries from member functions
* Improve handling of pointer to function
* Extend lifetimes of const references
* Fix false negatives in checkBitwiseOnBoolean
Use AST-based tests in favor of token-based tests for greater coverage.
* Travis: add suppressions for bitwiseOnBool
I fixed the AST enough to pass testrunner but I don't believe it is
correct.
This code:
void Foo4(int&&b);
has this AST:
( 'void'
|-Foo4
`-&& 'bool'
|-int
`-b 'signed int'
but I don't believe && should have `bool`.
* Add valueFlowForwardExpression function to forward values of an expression
* Use token for expression
* Fix name in bailout message
* Handle expressions
* Add more tests for more expressions
* Add more tests
* Solve the expression if possible
* Formatting
For c++14, shifting a variable with a value larger than or equal to the
number of bits in the variable is undefined. Left-shifting with a value
equal to the number of bits of the variable is implementation defined.
See also trac ticket #9306.
* use range loops
* removed redundant string initializations
* use nullptr
* use proper boolean false
* removed unnecessary continue from end of loop
* removed unnecessary c_str() usage
* use emplace_back()
* removed redundant void arguments
* Fix memleak FP with return with parenthesis
Fix FPs pointed out by daca@home on the following form:
void* f(void) {
void* x = malloc(1);
return(x);
}
Fix it by only skipping tokens if there is an actual match with a
variable. This allows to remove the special casing of "return;".
* Add testcase with cast
This fixes crashes found by daca where valueType() is NULL. Also,
somewhat related, it removes warnings when casting to a type that is
unknown to cppcheck, for example, there is no longer a warning for the
following code:
void* f() {
void *x = malloc(1);
return (mytype)x;
}
* Fix false negatives in checkAssignBoolToFloat
Detect assignments to expressions involving pointer dereferences, array
element accesses, etc.
* Pass assignment token to assignBoolToFloatError
Pass assignment token rather than boolean token to make error reporting
consistent between checkAssignBoolToFloat and checkAssignBoolToPointer,
as well as with other assignment checks in the code base.
* Make checkAssignBoolToPointer check consistent with checkAssignBoolToFloat
This was most likely introduced when the checks were changed to run on
the full tokenlist instead of the simplified one.
Take care to warn about cases where casts destroy the pointer, such as
uint8_t f() {
void* x = malloc(1);
return (uint8_t)x;
}
* Add impossible category
* Replace values
* Try to adjust known values
* Add ! for impossible values
* Add impossible with possible values
* Remove contradictions
* Add values when the branch is not dead
* Only copy possible values
* Dont bail on while loops
* Load std lib in valueflow
* Check for function calls
* Fix stl errors
* Fix incorrect impossible check
* Fix heap-after-use error
* Remove impossible values when they are lowered
* Show the bound and remove overlaps
* Infer conditions
* Dont push pointer values through dynamic_cast
* Add test for dynamic_cast issue
* Add shifttoomanybits test
* Add test for div by zero
* Add a test for issue 9315
* Dont make impossible value inconclusive
* Fix FP with shift operator
* Improve handleKnownValuesInLoop for impossible values
* Fix cppcheck warning
* Fix impossible values for ctu
* Bailout for streams
* Check equality conditions
* Fix overflows
* Add regression test for 9332
* Remove duplicate conditions
* Skip impossible values for invalid value
* Check for null
* Rename bound to range
* Formatting