Commit Graph

11164 Commits

Author SHA1 Message Date
Daniel Marjamäki 398cfc1f5a ExprEngine: Create array value in struct 2019-09-27 18:58:49 +02:00
Daniel Marjamäki 2b4fe66908 Try to make Travis happy 2019-09-27 16:13:43 +02:00
Daniel Marjamäki f7a8075001 ExprEngine: Disable integerOverflow check 2019-09-27 15:07:56 +02:00
Daniel Marjamäki 7ea8b69235 ExprEngine: Robustness 2019-09-27 14:36:33 +02:00
Daniel Marjamäki 69016e38bc ExprEngine: Add a temporary overflow check 2019-09-27 14:20:17 +02:00
Daniel Marjamäki 8ccbdfe725 ExprEngine: Better output 2019-09-27 13:30:09 +02:00
Daniel Marjamäki 71aa9a531a ExprEngine: Create symbolic expression for string arguments 2019-09-27 13:12:16 +02:00
Daniel Marjamäki 7f64faae99 Virtual Destructors: Base class must have virtual destructor no matter if derived class has a destructor or not. There is UB according to paragraph 3 in [expr.delete]. 2019-09-27 09:55:56 +02:00
Rikard Falkeborn 0111b4afdc Silence unused variable warning (#2223) 2019-09-27 08:19:45 +02:00
Daniel Marjamäki 350363616c Fix Cppcheck naming convention 2019-09-27 08:17:46 +02:00
Daniel Marjamäki dffae8f7d9 Try to make Travis happy 2019-09-26 21:43:29 +02:00
Daniel Marjamäki 371babc322 ExprEngine: Improved handling of structs 2019-09-26 21:35:29 +02:00
Daniel Marjamäki f47aaed21e ExprEngine: Improve output 2019-09-26 21:00:36 +02:00
Daniel Marjamäki f1b42fe05c ExprEngine: Extend output 2019-09-26 20:49:03 +02:00
Daniel Marjamäki 2e1cbbeb14 ExprEngine: Fix output for StructValue 2019-09-26 19:39:30 +02:00
IOBYTE d0968a1377 Warn about unknown macro causing template syntax error (#2222) 2019-09-26 16:01:01 +02:00
Daniel Marjamäki cd816f42eb ExprEngine: fix code for float comparisons 2019-09-26 12:13:14 +02:00
Daniel Marjamäki b55c587ab2 astyle formatting
[ci skip]
2019-09-26 10:32:49 +02:00
Paul Fultz II 597d0fa35b Support expression in valueFlowAfterCondition (#2219)
* Add valueFlowForwardExpression function to forward values of an expression

* Use token for expression

* Fix name in bailout message

* Handle expressions

* Add more tests for more expressions

* Add more tests

* Solve the expression if possible

* Formatting
2019-09-26 10:32:25 +02:00
IOBYTE 4475c4c7e2 template simplifier: fix syntax error (#2218) 2019-09-26 10:31:19 +02:00
Daniel Marjamäki d7d22f51b7 ExprEngine: Minor output cleanup 2019-09-26 10:07:31 +02:00
Daniel Marjamäki c5302d20a3 ExprEngine: ConditionalValues, output symbolic expressions 2019-09-26 10:03:58 +02:00
Rikard Falkeborn 4dbf006dc7 Fix severity of c++14 shifts with too many bits (#2213)
For c++14, shifting a variable with a value larger than or equal to the
number of bits in the variable is undefined. Left-shifting with a value
equal to the number of bits of the variable is implementation defined.

See also trac ticket #9306.
2019-09-25 20:16:04 +02:00
Daniel Marjamäki 9e76630a4b ExprEngine: Restructure handling of arrays to handle dynamic buffers better 2019-09-25 18:33:21 +02:00
Oliver Stöneberg eac040a00b Various clang-tidy fixes (#2192)
* use range loops

* removed redundant string initializations

* use nullptr

* use proper boolean false

* removed unnecessary continue from end of loop

* removed unnecessary c_str() usage

* use emplace_back()

* removed redundant void arguments
2019-09-25 15:25:19 +02:00
Tyson Nottingham ca5f2562fc Fix false negatives in checkIncrementBoolean (#2210)
Detect incrementing boolean expressions involving pointer dereferences,
array element accesses, etc.
2019-09-25 13:07:39 +02:00
IOBYTE 12f93b63a8 template simplifier: fix simplification of "< %num% %comp% %num% >" (#2214)
* template simplifier: fix simplification of "< %num% %comp% %num% >"

* fix test to not fail on 32 bit platforms
2019-09-25 12:06:29 +02:00
Daniel Marjamäki 0011fb5a36 ExprEngine: Temporary hardcoding for calloc 2019-09-24 22:22:16 +02:00
Daniel Marjamäki 7cf8327b31 ExprEngine: Sign extension in truncateValue 2019-09-24 20:31:12 +02:00
Daniel Marjamäki 0471e74489 ExprEngine: Handle char literals 2019-09-24 20:11:07 +02:00
Daniel Marjamäki 1769af4a6c ExprEngine: Passing variable address to function 2019-09-24 19:53:33 +02:00
Daniel Marjamäki ba035074f0 ExprEngine: Extended value truncation 2019-09-24 13:28:14 +02:00
Paul Fultz II 0df4876059 Fix issue 9367: FP knownConditionTrueFalse (#2209) 2019-09-24 08:15:03 +02:00
Daniel Marjamäki c1ff3419a6 ExprEngine: Value truncation 2019-09-23 20:28:12 +02:00
Paul Fultz II 1616282f6b Use fixed number of iterations for valueflow loop (#2205) 2019-09-23 19:35:39 +02:00
Daniel Marjamäki 9025b47f82 ExprEngine: some handling of NULL pointer 2019-09-23 18:10:06 +02:00
Paul Fultz II a903aa7070 Fix issue 9351: false negative: (style) Condition '...' is always true (#2201) 2019-09-23 08:49:04 +02:00
Rikard Falkeborn bb5ac32872 Fix #7031 (improve error message for memory related warnings) (#2204)
Printout both the locations on double free errors, mismatching
alloc/dealloc and dealloc return error.
2019-09-22 21:50:02 +02:00
Daniel Marjamäki 28d13e7567 ExprEngine: Implement basic float handling 2019-09-22 21:14:36 +02:00
Rikard Falkeborn df800e35d4 Fix memleak FP with return with parenthesis (#2202)
* Fix memleak FP with return  with parenthesis

Fix FPs pointed out by daca@home on the following form:

    void* f(void) {
        void* x = malloc(1);
        return(x);
    }

Fix it by only skipping tokens if there is an actual match with a
variable. This allows to remove the special casing of "return;".

* Add testcase with cast
2019-09-22 19:18:31 +02:00
Daniel Marjamäki 6e17853ea9 ExprEngine: Guess function call return value 2019-09-22 16:40:48 +02:00
Daniel Marjamäki 5c07cfd2e8 ExprEngine: Better handling of pointer aliasing 2019-09-22 15:58:55 +02:00
Daniel Marjamäki ec4b7c1f4b ExprEngine: Better handling of pointers 2019-09-22 10:56:57 +02:00
Daniel Marjamäki 7d6fd915be ExprEngine: Better handling of compound assignments 2019-09-21 21:15:51 +02:00
Paul Fultz II c1961cec1c Fix issue 9362: FP: (style) Condition '(v&1)==0' is always false (#2200) 2019-09-21 19:53:54 +02:00
Daniel Marjamäki da91c139d5 ExprEngine: Passing array to function, array data might be overwritten 2019-09-21 19:34:06 +02:00
Rikard Falkeborn 46ac0d79c1 Checkmemleakautovar: fix crash and FP (#2196)
This fixes crashes found by daca where valueType() is NULL. Also,
somewhat related, it removes warnings when casting to a type that is
unknown to cppcheck, for example, there is no longer a warning for the
following code:

	void* f() {
		void *x = malloc(1);
		return (mytype)x;
	}
2019-09-21 14:59:54 +02:00
Daniel Marjamäki b2cab003ff ExprEngine: Fix output for arrays 2019-09-21 14:17:16 +02:00
Daniel Marjamäki 3d0d3ec4c5 ExprEngine: handling array initialization with string literal 2019-09-21 11:36:34 +02:00
Tyson Nottingham d6a70d27c7 Fix false negatives in checkAssignBoolToFloat and minor related improvements (#2198)
* Fix false negatives in checkAssignBoolToFloat

Detect assignments to expressions involving pointer dereferences, array
element accesses, etc.

* Pass assignment token to assignBoolToFloatError

Pass assignment token rather than boolean token to make error reporting
consistent between checkAssignBoolToFloat and checkAssignBoolToPointer,
as well as with other assignment checks in the code base.

* Make checkAssignBoolToPointer check consistent with checkAssignBoolToFloat
2019-09-21 08:24:54 +02:00
Paul Fultz II 40f1635c35 Fix issue 9361: false positive: (style) Condition 'isdigit(c)!=0' is always true (#2199) 2019-09-21 08:19:54 +02:00
Oliver Stöneberg 65d1e90aa3 deleted methods should be public (#2193) 2019-09-20 21:58:09 +02:00
Oliver Stöneberg b5c598cca4 added missing OVERRIDE usage and removed redundant virtual (#2190) 2019-09-20 21:57:16 +02:00
Oliver Stöneberg 9028b4a81d do not access static methods through instance (#2189) 2019-09-20 21:54:30 +02:00
Ken-Patrick Lehrmann 49b7ef84d9 Fix crashes in checkleakautovar (#2195)
Crashes found by daca@home
http://cppcheck1.osuosl.org:8000/crash.html

For instance
```
2019-09-20 16:27
ftp://ftp.se.debian.org/debian/pool/main/n/nedit/nedit_5.7.orig.tar.gz
cppcheck-options: -j1 --library=posix --library=gnu --library=motif -D__GNUC__ --check-library --inconclusive --enable=style,information --platform=unix64 --template=daca2 -rp=temp temp
platform: Linux-4.19.0-6-amd64-x86_64-with-debian-10.1
python: 2.7.16
client-version: 1.1.37
cppcheck: head 1.89
head-info: 38dec6a9a (2019-09-20 16:46:57 +0200)
count: Crash! 934
elapsed-time: -11.0 9.0
head results:
Checking temp/nedit-5.7/source/shell.c: __GNUC__=1...

Program received signal SIGSEGV, Segmentation fault.
0x000055555564b862 in CheckLeakAutoVar::ret (this=0x7fffffffb8c0, tok=0x5555582ea9e0, varInfo=...) at lib/token.h:340
340	        return mImpl->mValueType;
 #0  0x000055555564b862 in CheckLeakAutoVar::ret (this=0x7fffffffb8c0, tok=0x5555582ea9e0, varInfo=...) at lib/token.h:340
 #1  0x0000555555651764 in CheckLeakAutoVar::check (this=0x7fffffffb8c0) at build/checkleakautovar.cpp:714
 #2  0x0000555555652b37 in CheckLeakAutoVar::runChecks (this=<optimized out>, tokenizer=0x7fffffffc3a0, settings=<optimized out>, errorLogger=<optimized out>) at lib/checkleakautovar.h:108
 #3  0x00005555556bc833 in CppCheck::checkNormalTokens (this=0x7fffffffce50, tokenizer=...) at build/cppcheck.cpp:732
 #4  0x00005555556bf694 in CppCheck::checkFile (this=0x7fffffffce50, filename=..., cfgname=..., fileStream=...) at build/cppcheck.cpp:542
 #5  0x00005555556c1cb8 in CppCheck::check (this=this@entry=0x7fffffffce50, path="temp/nedit-5.7/source/shell.c") at /usr/include/c++/8/bits/basic_string.h:936
 #6  0x00005555557fd63f in CppCheckExecutor::check_internal (this=0x7fffffffdbd0, cppcheck=..., argv=<optimized out>) at cli/cppcheckexecutor.cpp:884
 #7  0x00005555557fda92 in CppCheckExecutor::check (this=this@entry=0x7fffffffdbd0, argc=argc@entry=14, argv=argv@entry=0x7fffffffdf58) at cli/cppcheckexecutor.cpp:198
 #8  0x00005555555e6358 in main (argc=14, argv=0x7fffffffdf58) at cli/main.cpp:95

DONE
```
2019-09-20 21:29:17 +02:00
Daniel Marjamäki 6c59957109 ExprEngine: Better handling of conditions 2019-09-20 21:27:51 +02:00
Rikard Falkeborn 007b5d3e8d Fix #9343 (memleak FP when return with cast) (#2162)
This was most likely introduced when the checks were changed to run on
the full tokenlist instead of the simplified one.

Take care to warn about cases where casts destroy the pointer, such as

	uint8_t f() {
		void* x = malloc(1);
		return (uint8_t)x;
	}
2019-09-20 15:09:27 +02:00
Daniel Marjamäki 049f6475ee astyle formatting
[ci skip]
2019-09-20 15:07:27 +02:00
Paul Fultz II ad8abdb0c3 Add impossible values to ValueFlow (#2186)
* Add impossible category

* Replace values

* Try to adjust known values

* Add ! for impossible values

* Add impossible with possible values

* Remove contradictions

* Add values when the branch is not dead

* Only copy possible values

* Dont bail on while loops

* Load std lib in valueflow

* Check for function calls

* Fix stl errors

* Fix incorrect impossible check

* Fix heap-after-use error

* Remove impossible values when they are lowered

* Show the bound and remove overlaps

* Infer conditions

* Dont push pointer values through dynamic_cast

* Add test for dynamic_cast issue

* Add shifttoomanybits test

* Add test for div by zero

* Add a test for issue 9315

* Dont make impossible value inconclusive

* Fix FP with shift operator

* Improve handleKnownValuesInLoop for impossible values

* Fix cppcheck warning

* Fix impossible values for ctu

* Bailout for streams

* Check equality conditions

* Fix overflows

* Add regression test for 9332

* Remove duplicate conditions

* Skip impossible values for invalid value

* Check for null

* Rename bound to range

* Formatting
2019-09-20 15:06:37 +02:00
IOBYTE 8c5cf8c029 Fixed #9046 syntaxError (#2180)
* Fixed #9046 syntaxError

* fix another syntax error

* fix some more syntax errors
2019-09-20 12:35:01 +02:00
Daniel Marjamäki 8fba2af267 Try to make Travis happy 2019-09-20 07:04:58 +02:00
Daniel Marjamäki 6c38b69e11 Rename dataIndex to mDataIndex according to our naming conventions 2019-09-20 06:12:35 +02:00
Oliver Stöneberg de9f489b08 use range loops / constness (#2181)
* use range loops / constness

* platform.cpp: avoid shadowed variable
2019-09-19 20:29:33 +02:00
Daniel Marjamäki 5f0f8afc27 ExprEngine: Print some 'debug' output 2019-09-19 20:18:55 +02:00
Sebastian bf55e835aa
Windows testrunner: Add testexprengine.cpp (#2184)
Add export of executeAllFunctions() in exprengine.h
2019-09-19 19:40:00 +02:00
Daniel Marjamäki 745c91106e Removed unused Data::dump 2019-09-19 09:16:18 +02:00
orbitcowboy b37b0c0f78 Running astyle [ci skip] 2019-09-19 08:03:29 +02:00
amai2012 d97c826319 Compile fix for VisualStudio 2019-09-18 22:07:42 +02:00
amai2012 5355df8b6e Add exprengine.cpp to VisualStudio solution 2019-09-18 21:56:31 +02:00
amai2012 5a6084fbec Map #warning to #pragma message for VisualStudio 2019-09-18 21:50:23 +02:00
Daniel Marjamäki b66d701599 Fix Cppcheck warnings 2019-09-17 22:28:36 +02:00
Daniel Marjamäki 2d651b09fc ExprEngine: Add new experimental path-sensitive data flow analysis. Initially used for 'verification' but could possibly later be used as a complement in the normal analysis. The code is work-in-progress and hacky! 2019-09-17 21:00:59 +02:00
Daniel Marjamäki 033640310b One more fix for #9354 (Unknown macro is not reported and then Cppcheck is silent about issues) 2019-09-15 21:07:20 +02:00
Daniel Marjamäki 742c437953 Fixed #9354 (Unknown macro is not reported and then Cppcheck is silent about issues) 2019-09-13 13:05:48 +02:00
Paul Fultz II 068b0b246c Fix issue 9352: FP constParameter and constVariable for auto& in combination with ternary ?: operator (#2173) 2019-09-13 08:33:30 +02:00
Daniel Marjamäki fc25fe83bd ctu: fixed error locations 2019-09-12 19:20:13 +02:00
Daniel Marjamäki 4e076e1854 Fix travis build 2019-09-12 19:06:57 +02:00
Daniel Marjamäki da363c7d6f Fixed #9349 (FP ctuuninitvar for pointer dereferenced inside sizeof) 2019-09-12 13:29:52 +02:00
Daniel Marjamäki b8e3d3b982 CTU: Add 'column' 2019-09-12 10:46:33 +02:00
Daniel Marjamäki 8855978f8a Import project: Ignoring paths better 2019-09-12 09:32:24 +02:00
IOBYTE 4e222afa2c template simplifier: ignore alias template definitions with syntax errors (#2169)
Is not allowed to define a type in an alias template definition.

This code:

template<int N>
using A1 = struct B1 { static auto constexpr value = N; };
A1<0> a1;

produces this output:

2: } ;
3: struct B1 { static const auto value = 0 a1 ;

test.cpp:2:57: error: Analysis failed. If the code is valid then please
report this failure. [cppcheckError]
using A1 = struct B1 { static auto constexpr value = N; };
                                                        ^

because it tries to instantiate the invalid alias template definition
and generates garbage code.
2019-09-11 19:31:15 +02:00
Paul Fultz II ba037837c9 Track lifetime across multiple returns
This will now warn when doing something like this:

```cpp
template <class T, class K, class V>
const V& get_default(const T& t, const K& k, const V& v) {
    auto it = t.find(k);
    if (it == t.end()) return v;
    return it->second;
}
const int& bar(const std::unordered_map<int, int>& m, int k) {
    auto x = 0;
    return get_default(m, k, x);
}
```

The lifetime warning is considered inconclusive in this case.

I also updated valueflow to no tinject inconclusive values unless `--inconclusive` flag is passed. This creates some false negatives because library functions are not configured to not modify their input parameters, and there are some checks that do not check if the value is inconclusive or not.
2019-09-11 19:25:09 +02:00
warmsocks a56bc006b7 Fixed a typo in lib/checkother.cpp. Corrected spelling errors found by codespell. (#2170) 2019-09-11 19:21:38 +02:00
Daniel Marjamäki bee30b0ca2 astyle formatting
[ci skip]
2019-09-10 19:42:17 +02:00
Paul Fultz II dc0b3527ad Fix issue 9311: False positive duplicateCondition "same if condition" with pointer inside array of struct (#2166)
* Check for typeOf through an array

* Handle array constructors

* Format

* Fix compile error on gcc 4.8
2019-09-10 19:41:35 +02:00
Paul Fultz II 2595b82634 Fix issue 9348: FP uninitvar for pointer passed to memcpy (#2167) 2019-09-10 19:40:08 +02:00
Paul Fultz II ddb1f1b5ce Try to fix issue 9341: daca crash: isContainerSizeChangedByFunction (#2168) 2019-09-10 19:39:44 +02:00
IOBYTE 639c29eb5c Fix #9338 (Regression: Syntax error on valid C++) (#2156)
* Fix #9338 (Regression: Syntax error on valid C++)

* fix cppcheck warning
2019-09-09 21:46:21 +02:00
Paul Fultz II 9753e18ebd Fix issue 9340: AST broken: endless recursion from '{' (#2161) 2019-09-09 21:35:49 +02:00
IOBYTE 59fdbd8435 Fix #9337 (Syntax error on valid C++) (#2152) 2019-09-07 09:09:04 +02:00
Paul Fultz II 27ebff7ae4 Add deeper analysis of when a function changes a containers size (#2149)
* Add deeper analysis of when a function changes a containers size

* Fix issues

* Track addressOf
2019-09-06 21:18:45 +02:00
Paul Fultz II 70cad280ea Fix issue 9319: FP knownConditionTrueFalse related to aggregate initialization of struct (#2147) 2019-09-05 19:36:45 +02:00
Paul Fultz II 9e140831eb Fix issue 9329: FP knownConditionTrueFalse - vector modified by function calls (#2145) 2019-09-05 16:42:26 +02:00
Paul Fultz II e657cf4073 Fix issue 9320: False positive knownConditionTrueFalse related to truncation (#2144) 2019-09-05 15:15:58 +02:00
Daniel Marjamäki a9fda3f488 Clarify redundantVarAssignment warnings 2019-09-04 10:55:41 +02:00
IOBYTE e5220bdf0c make ellipsis ... a single token (#2143)
* make ellipsis ... a single token

Using cppcheck -E to preprocess code with ellipsis produces output that
can't be compiled because ... is split into 3 tokens.

* try to fix addon
2019-09-04 08:07:30 +02:00
Paul Fultz II 1afd56e964 Fix issue 8785: ValueFlow: Track pointer alias
This fixes the issue by making `ProgramMemory` keep track of values based on the conditions.

It also removes the `deadpointer` check since it duplicates the `invalidLifetime` check.
2019-09-03 17:16:15 +02:00
Paul Fultz II 55a78f482b Fix issue 9293: false negative: uninitvar 2019-09-03 06:46:34 +02:00
Paul Fultz II dc201d110d Fix issue 9274: false negative: (error) Buffer is accessed out of bounds (std::string, std::wstring) 2019-09-03 06:43:54 +02:00
Daniel Marjamäki af449779f0 astyle formatting
[ci skip]
2019-09-03 06:43:08 +02:00