Commit Graph

142 Commits

Author SHA1 Message Date
Paul Fultz II 7368a54629
Add generic valueflow forward analysis (#2511) 2020-02-13 16:27:06 +01:00
Paul Fultz II d858bfc338
Fix issue 9599: False positive: Using object that points to local variable that may be invalid (#2530)
* Fix issue 9599: False positive: Using object that points to local variable that may be invalid

* Improve tests

* Skip else
2020-02-11 11:45:10 +01:00
Paul Fultz II 8fa7dd0fe0
Fix issue 9595: False positive: Using pointer to temporary doesn't account for const ref extended temporary lifetimes (#2525) 2020-02-10 18:01:11 +01:00
Rikard Falkeborn b1c6f2946a
Fix redundant FP assignment with unsigned zero (#2521)
* Refactor isNullOperand out of FwdAnalysis

* Improve isNullOperand

* Fix redundantAssignment FP with unsigned zero

* isNullValue check number

* Enhance isNullOperand to handle c++ casts

Also handle cast of NULL.
2020-02-09 11:16:08 +01:00
Paul Fultz II dd05839a7e Fix false positives in knownConditionTrueFalse when using expressions with const variables (#2469) 2020-01-03 19:35:28 +01:00
Paul Fultz II c75bbbe253 Fix issue 9404: False positive: Either the condition 'if(x)' is redundant or there is possible null pointer dereference: a->x (#2322)
* Fix issue 9404: False positive: Either the condition 'if(x)' is redundant or there is possible null pointer dereference: a->x

* Use simpleMatch

* Add a test case for the FP

* Check if expression is changed

* Check for no return scope

* Use simpleMatch
2019-11-08 08:11:41 +01:00
Paul Fultz II d1f225b8ee Fix issue 9201: FP: returnDanglingLifetime on pointer to variable of static struct (#2303)
* Fix issue 9201: FP: returnDanglingLifetime on pointer to variable of static struct

* Fix capture of non-local variables in lambdas
2019-11-05 07:10:32 +01:00
Paul Fultz II c38bbb75e4 Fix issue 9448: Check for temporaries from library function calls (#2312) 2019-11-03 22:02:10 +01:00
Daniel Marjamäki 28182084f2 Fix crash when there are too many nested scopes. Bail out after 1000 nested scopes. The crash was in gcc and was seen with daca@home. 2019-11-02 18:23:10 +01:00
Paul Fultz II 694d147097 Refactor ProgramMemory and PathAnalysis (#2311)
* Traverse conditions for container size

* Move program memory to seperate file

* Revert "Traverse conditions for container size"

This reverts commit 914783769f.

* Move pathanalysis to seperate files
2019-10-30 17:57:46 +01:00
Paul Fultz II 4eb4762d95 Extend lifetime checking to temporaries (#2242)
* Use lifetimes to check for returning reference to temporaries

* Check for dangling temporaries

* Check for unknown types for returining by reference

* Remove old returnTemporary check

* Format

* Check for deref op

* Ternary operator return an lvalue reference

* Warn when returning temporaries from member functions

* Improve handling of pointer to function

* Extend lifetimes of const references
2019-10-08 09:28:39 +02:00
Paul Fultz II 166bd2bafc Fix issue 2153: valueFlowAfterCondition: struct member (#2228)
* Fix issue 2153: valueFlowAfterCondition: struct member

* Fix null pointer dereference

* Formatting

* Check for another null pointer

* Initialize variables

* Remove redundant condition

* Format

* Add missing initialization to copy constructor

* Format
2019-09-30 21:04:43 +02:00
Paul Fultz II 597d0fa35b Support expression in valueFlowAfterCondition (#2219)
* Add valueFlowForwardExpression function to forward values of an expression

* Use token for expression

* Fix name in bailout message

* Handle expressions

* Add more tests for more expressions

* Add more tests

* Solve the expression if possible

* Formatting
2019-09-26 10:32:25 +02:00
Paul Fultz II ba037837c9 Track lifetime across multiple returns
This will now warn when doing something like this:

```cpp
template <class T, class K, class V>
const V& get_default(const T& t, const K& k, const V& v) {
    auto it = t.find(k);
    if (it == t.end()) return v;
    return it->second;
}
const int& bar(const std::unordered_map<int, int>& m, int k) {
    auto x = 0;
    return get_default(m, k, x);
}
```

The lifetime warning is considered inconclusive in this case.

I also updated valueflow to no tinject inconclusive values unless `--inconclusive` flag is passed. This creates some false negatives because library functions are not configured to not modify their input parameters, and there are some checks that do not check if the value is inconclusive or not.
2019-09-11 19:25:09 +02:00
Paul Fultz II dc0b3527ad Fix issue 9311: False positive duplicateCondition "same if condition" with pointer inside array of struct (#2166)
* Check for typeOf through an array

* Handle array constructors

* Format

* Fix compile error on gcc 4.8
2019-09-10 19:41:35 +02:00
Paul Fultz II 27ebff7ae4 Add deeper analysis of when a function changes a containers size (#2149)
* Add deeper analysis of when a function changes a containers size

* Fix issues

* Track addressOf
2019-09-06 21:18:45 +02:00
Paul Fultz II 0b9e823fc8 Fix issue 9305: False positive uninitvar - struct initialized via function (#2123) 2019-08-30 18:32:45 +02:00
Paul Fultz II 03fe6795bf Fix issue 9302: FP uninitvar - struct accessed via pointer (#2121) 2019-08-29 08:38:50 +02:00
Paul Fultz II c0a8d628b9 Fix issue 6010: Uninitialized inner struct (#2098)
* Fix issue 6010: Uninitialized inner struct

* Show to root variable that is unitialized

* Warn on pointer dereferences
2019-08-23 06:23:20 +02:00
Paul Fultz II 3aef0c9bd3 Fix issue 8715: regression uninitvar not detected (#2092) 2019-08-16 07:48:54 +02:00
Paul Fultz II ef714225bb Use library to track container lifetimes 2019-08-15 21:14:54 +02:00
Paul Fultz II af214e8212 Fix issue 8825: ValueFlow: uninitialized struct member (#2087)
* Pass uninit value across pointers

* Add more testing
2019-08-15 10:44:55 +02:00
Paul Fultz II bd02ca5ccb Fix issue 9207: Not detected 'always true' and unreachable code 2019-08-08 07:46:47 +02:00
amai2012 f02636e995 Refactoring: Convert enums to enum classes 2019-08-02 21:14:29 +02:00
Paul Fultz II ee28a45db4 Fix issue 9235: new crash in astutils isVariableChanged from endless recursion (#2040) 2019-07-26 07:03:21 +02:00
versat 641b350cf7 astutils.h: Remove conflicting function declaration for isAliased()
This function was made static with commit 6c82685fbf
2019-07-24 13:23:54 +02:00
Paul Fultz II bb52a63c4e Add check for const variables
When a local reference is declared, this will check if that local reference can be declared as `const`.
2019-07-24 09:59:01 +02:00
Paul Fultz II a08a9c1349 Switch to use lifetime analysis for iterators and pointers to invalid containers
This will diagnose more issues such as:

```cpp
void f(std::vector<int> &v) {
    auto v0 = v.begin();
    v.push_back(123);
    std::cout << *v0 << std::endl;
}
```
2019-07-18 10:56:44 +02:00
Daniel Marjamäki 0014fe880e Mark members and arguments with 'nonneg' 2019-07-14 12:22:33 +02:00
Daniel Marjamäki 5d853bcb58 Avoid 'unsigned' in astutils 2019-07-13 16:13:21 +02:00
Paul Fultz II b0d10273ed Fix issue 3695: Handle class pointers
This switches to use lifetime analysis to check for assigning to non-local variables:

```cpp
class test
{
public:

  void f()
  {
    int x;
    this->ptr = &x;
  }

protected:
  int *ptr;
};
```
2019-07-07 10:16:19 +02:00
Ken-Patrick d6f6e68fa2 Fix false positive 9167 (#1904)
Skip returns from local class/struct definition in FwdAnalysis.
2019-07-03 08:17:06 +02:00
Scott Furry 1994b21ae5 Minor Corrections to Doxygen data (#1935)
Increasing the verbosity in Clang, warnings were produced that identified
differences in code and doxygen-formatted comments.

Corrections applied to silence warnings yet still convey intent of original comments.
2019-06-30 09:17:42 +02:00
Daniel Marjamäki 9c3c2d785b Fixed Cppcheck warning 2019-06-29 07:46:25 +02:00
Paul Fultz II 108cdaa485 Fix FP with unreadVariable (#1859) 2019-05-31 08:06:36 +02:00
Paul Fultz II a90caa7e5a Fix issue 9006: False positive: Return value of function std::move() is not used.
This is trying to fix the issue by fixing the ast and symbol database. First, the ast nodes will be created for the init list and the symbol database will not mark it as a scope. I am not sure if this is the correct approach as I dont really understand how the AST part works.

It did change the AST for `try {} catch (...) {}` but that is because it incorrectly treats `try {}` as an initializer list.
2019-04-15 06:37:27 +02:00
Daniel Marjamäki bd7790fd8c Update copyright year 2019-02-09 07:24:06 +01:00
Paul Fultz II d7c20b15e7 Fix FP with const argument when doing a variable and cast (#1649) 2019-02-07 14:59:09 +01:00
Daniel Marjamäki 115be7dfc8 ValueFlow: better FwdAnalysis for complex expressions 2019-01-01 18:23:47 +01:00
Daniel Marjamäki ed514644b8 Renamed FwdAnalysisAllPaths to FwdAnalysis 2018-12-31 18:00:47 +01:00
Daniel Marjamäki 141ce7cd63 ValueFlow: Use FwdAnalysisAllPaths in ValueFlow to track complex expressions 2018-12-31 17:05:46 +01:00
Daniel Marjamäki ddbe5c129c Clarify FwdAnalysis. It is useful for checks that need data flow analysis of ALL paths. 2018-12-25 11:56:06 +01:00
Paul Fultz II 9b973e652c Issue 8830: New check: Function argument evaluates to constant value
Add a check for function arguments that can be constant:

```cpp
extern void bar(int);
void f(int x) {
   bar((x & 0x01) >> 7); // function 'bar' is always called with a '0'-argument
}
```
2018-12-17 06:04:24 +01:00
Daniel Marjamäki 1f27cd56c0 FwdAnalysis; Code cleanup, isNullOperand 2018-12-13 21:01:33 +01:00
Daniel Marjamäki 0b4e08cac9 Use FwdAnalysis in UnusedVar. This is still work-in-progress. Merging to master branch so it can be tested. 2018-12-13 18:52:56 +01:00
Daniel Marjamäki 452318dfa4 Remove FwdAnalysis::reads: It is not finished 2018-12-04 18:46:23 +01:00
Daniel Marjamäki c03c262058 Preparing FwdAnalysis for ValueFlow usage where we want to fetch read locations 2018-12-02 18:29:16 +01:00
Daniel Marjamäki d8fada6702 Refactoring FwdAnalysis 2018-12-02 17:42:18 +01:00
Daniel Marjamäki 6734571f06 Refactoring: Create FwdAnalysis class in astutils 2018-12-02 17:01:52 +01:00
Daniel Marjamäki ecb3c04fba astutils: Add function that visits nodes in AST tree 2018-11-23 06:53:43 +01:00
Paul Fultz II 7ef119cbfc Fix FPs in lifetime checker
This fixes several FPs in the lifetime checker. It also fixes issue [8846](https://trac.cppcheck.net/ticket/8846):

```cpp
int * f(int a[])
{
        return a;
}
```
2018-11-17 09:41:59 +01:00
Paul Fultz II 0e11bb07c8 Extend lifetime analysis to pointer usage (#1477)
* Use lifetime analysis for pointers as well

* Fix issue 1143: Pointer to local array

* Update message when using pointers

* Avoid infinite loop in tracing lifetimes
2018-11-12 10:08:17 +01:00
Paul Fultz II 68d6b96878 Diagnose invalid lifetimes (#1475)
* Add check for invalid lifetimes

* Fix FP with member variables

* Dont forward lifetime values in subfunction

* Update message to use out of scope
2018-11-11 16:43:54 +01:00
rikardfalkeborn 88008fedb1 findLambdaEndToken handle explicit type (#1458)
* findLambdaEndToken: Add tests

* Add handling of explicit return in findLambdaEndToken()

* Use AST in findLambdaEndToken()

* Fix ast when lambda is mutable
2018-10-31 12:36:08 +01:00
Paul Fultz II 2989c44f59 Enable checking duplicate expressions across associative operators (#1445)
* Enable checking duplicate expressions across associative operators

* Remove bitshift operators and check for streamRead
2018-10-21 07:09:20 +02:00
Paul Fultz II 40cb9cb1bc Check conditions in return statements (#1411)
* Identify return conditions in multiconditions

* Improve error messages

* Check return statements are always true or false

* Add more tests for FPs

* Fix FP when returning const like variables

* Fix FP when returning pointers or classes

* Fix FP with member variable access

* Check non-local variables

* Use simplematch

* Check for null
2018-10-18 21:01:47 +02:00
Paul Fultz II 16c62281d0 Use followVar in checking duplicateBranch (#1423)
* Use isSameExpression for duplicate branches

* Add errorPath

* Add another test
2018-10-18 11:56:23 +02:00
Paul Fultz II f65cf220ba Fix false positives in unknownEvaluationOrder when using followVar (#1391)
Fix false positives in unknownEvaluationOrder when using followVar
2018-09-28 08:38:24 +02:00
Paul Fultz II bbf876256c Add error path to more diagnostics that rely on isSameExpression (#1342) 2018-08-17 09:25:07 +02:00
Paul Fultz II f603b529df Fix issue 8413: Condition is always false 'i=expr; if (i != expr) {}' (#1295)
* Follow variables when comparing same expression

* Remove assert include

* Dont follow function arguments

* Improve the checking to check more cases

* Add more tests

* Check if the variable is used inside a loop

* Follow both variables

* Only skip loops when variable is modified in scope

* Fix FP when followed variable is modified

* Dont follow arrays

* Skip pointer indirection

* Make recursive

* Improve checking more variables

* Fix test with sizeof

* Skip following operators

* Fix test when using sizeof

* Dont check every step

* Use early returns

* Update test to use a loop instead of conditional

* Add static

* Check variables are global

* Check local variables in another scope

* Fix issue with const pointers

* Distinguish between pointer indirection and multiply

* Use simple match

* Prevent crash with uniform initialization

* Use unary op and ast to detect pointer indirection

* Expand error message when expression do not match exactly

* Add errorpath to issameexpression

* Revert "Clarify warning message for 'Same expression on both sides of operator'"

This reverts commit 0e491b41a8.

* Check if the tokens are the same

* Report the operator and not the expressions
2018-08-07 09:32:16 +02:00
Paul Fultz II 7ef714b0c6 Fix FP with duplicate assignments by checking if the expression is unique (#1223)
* Fix FP with duplicate assignments by checking if the expression is unique

* Use array of pointers

* Reorder scope condition
2018-05-13 20:20:55 +02:00
Paul Fultz II f191a3e753 Improve checking of opposite expressions (#1199)
* Improve checking of opposite expressions

* Fix some formatting
2018-05-02 06:32:33 +02:00
Daniel Marjamäki 7ee636b934 Refactoring: Reuse isLikelyStreamRead in isVariableChanged 2018-04-18 17:46:10 +02:00
Daniel Marjamäki c84628c28a Fixed #8494 (False positive: serialization class overloads operator) 2018-04-17 14:23:04 +02:00
Daniel Marjamäki 7e4dba6a7e Updated copyright year 2018-03-31 20:59:09 +02:00
Paul 43be20a824 Check more opposite conditions 2018-03-24 07:58:37 +01:00
Daniel Marjamäki c4caee6b18 Updated copyright year 2018-01-14 15:37:52 +01:00
Daniel Marjamäki 8fe4852b98 Refactoring, reuse and improve isVariableChangedByFunction() 2017-11-18 11:02:52 +01:00
Daniel Marjamäki 59034e17f1 Refactoring, reuse code to skip lambda functions 2017-08-29 22:35:55 +02:00
Daniel Marjamäki 32fe0aba41 Fixed #8037 (ValueFlow: global variable might be modified by function call) 2017-07-09 12:50:17 +02:00
Ayaz Salikhov 28aa939d69 iwyu - include what you use 2017-05-27 04:33:47 +02:00
Alexander Mai c1cdcc158f Run astyle. Fix some Doxygen issues 2017-05-06 11:57:02 +02:00
Daniel Marjamäki 3fbcc0cd3b Refactor CheckFunctions::invalidFunctionUsage 2017-04-20 19:57:39 +02:00
PKEuS 2f6350a0d0 Refactorized Library 2016-12-06 14:09:28 +01:00
orbitcowboy 919f8ac323 Fixed typos. There are no real changes. 2016-11-04 15:01:05 +01:00
Frank Zingsheim d4f01583b6 Fixed TODO (check if function parameter is non-const reference etc..) by common function 2016-11-01 14:06:30 +01:00
Dmitry-Me 1f27c4b76b Merge pull request #771 from Dmitry-Me/charUsedAsArrayIndex
Portability warning when 'char' type is used as array index
2016-02-10 20:11:38 +03:00
Dmitry-Me c3399493ef Portability warning when 'char' type is used as array index 2016-02-08 10:08:35 +03:00
PKEuS e71e9bd538 CheckBool: Rely on ValueType, removed a redundant check 2016-02-05 15:48:51 +01:00
Daniel Marjamäki 522de81cc7 Refactoring: Move isReturn() to astutils and rename it to isReturnScope() 2016-01-16 18:52:34 +01:00
Lauri Nurmi 996c9244d8 Update copyright year to 2007-2016. 2016-01-01 15:34:45 +02:00
Daniel Marjamäki 24438c326e Fixed #7233 (Fasle negative 'unknownEvaluationOrder in case of macro) 2015-12-25 18:31:21 +01:00
Daniel Marjamäki 8f27cec991 Revert "minor tweak of comment"
This reverts commit b1d1869f22.
2015-12-14 20:29:29 +01:00
Daniel Marjamäki b1d1869f22 minor tweak of comment 2015-12-14 20:03:40 +01:00
Alexander Mai 9d8dffbd79 #6269 false positives in case of overloaded standard library functions. Detect memset() with proper argument cound, using new function numberOfArguments() 2015-12-06 12:50:05 +01:00
Daniel Marjamäki 0f9d90d2be Changed Copyrights. Removed my name. 2015-11-18 20:04:50 +01:00
Daniel Marjamäki b9b0964dab Fixed #7006 (False positive Mismatching assignment and comparison (variable is changed in loop)) 2015-11-11 13:45:28 +01:00
Alexander Mai b90b751b54 Cure some doxygen warnings 2015-08-30 20:12:02 +02:00
PKEuS 1a266315f1 Removed some unused code 2015-08-15 19:17:25 +02:00
Daniel Marjamäki 3a1a34751f Library: Initial handling of method calls 2015-08-10 09:41:06 +02:00
Daniel Marjamäki e598b07a6d Moved functions to astutils 2015-08-03 09:20:50 +02:00
Alexander Mai 96c3c111fc Refactoring: Move some AST related functions to distinct source file 2015-08-02 21:57:32 +02:00