This fixes issues (at least false positives) in code using them.
For instance:
```
unsigned compute(unsigned long long a) {
unsigned num = 0;
while (a > 0xFFFFFFFF) {
a >>= 32;
num += 32;
}
if (a > 0xFFFF) {
a >>= 16;
num += 16;
}
if (a > 0xFF) {
num += 8;
}
return num;
}
```
would give false positive:
```
cppcheck --enable=style sl3.cpp
Checking sl3.cpp ...
sl3.cpp:11:11: style: Condition 'a>0xFF' is always false [knownConditionTrueFalse]
if (a > 0xFF) {
^
sl3.cpp:3:14: note: Assuming that condition 'a>0xFFFFFFFF' is not redundant
while (a > 0xFFFFFFFF) {
^
sl3.cpp:11:11: note: Condition 'a>0xFF' is always false
if (a > 0xFF) {
^
```
In some cases, the condition of the ternary operator is assigned a known
value after the two possible results, and in such cases, we would not
take the opportunity to assign a value to the ternary operator (and to
the other parents in the ast).
This patch adds this capability.
- Remove errorPath of a value on assignment (this fixes enormous memory consumption for code with many subsequent assignments)
- De-virtualized a simple get function that was virtual for no reason
- Cloned function isAliasOf() for single values to avoid instantiating unnecessary std::list objects (
- Replaced a couple of trivial Token::Match/simpleMatch expressions by direct comparison
- Treat enumerators as literal values
Comparing before and after (Ir per call) when scanning the Cppcheck source:
SingleValueFlowForwardAnalyzer.isAlias()
1246 -> 1101
MultiValueFlowForwardAnalyzer.isAlias()
4202 -> 1617
Ensure bifurcate() does not recurse endlessly where a variable is
initialized recursively, or a variable is initialized as x(0) or x{0}
followed by a recursive assignment (for example int x(0); x = x / 1;).
The first case is solved by bailing out if there initialization is done
using x(0) or x{0}, the second by adding a missing depth argument to a
recursive call.
* Set bounds when combining values
* Adust bounds when they are negated
* Try to infer conditional values
* Switch false and true
* Fix checking of conditions
* Fix compare
* Fix remaining tests
* Fix overflows
* Add indirect to library cfg files
* Check indirect for non null arguments
* Reenable subfunction analysis
* Use indirect 1 when using not-null
* Parse correct string name
* Update documentation
* Make attribute optional
* Fix issue 9404: False positive: Either the condition 'if(x)' is redundant or there is possible null pointer dereference: a->x
* Use simpleMatch
* Add a test case for the FP
* Check if expression is changed
* Check for no return scope
* Use simpleMatch
* Traverse conditions for container size
* Move program memory to seperate file
* Revert "Traverse conditions for container size"
This reverts commit 914783769f.
* Move pathanalysis to seperate files
* Set correct type and size of string and char literals
Use that string and char literal tokens store the prefix. This makes
it possible to distinghuish between different type of string literals
(i.e., utf8 encoded strings, utf16, wide strings, etc) which have
different type.
When the tokens holding the string and character values have the correct
type, it is possible to improve Token::getStrSize() to give the correct
result for all string types. Previously, it would return the number of
characters in the string, i.e., it would give the wrong size unless
the type of the string was char*.
Since strings now can have different size (in number of bytes) and
length (in number of elements), add a new helper function that returns
the number of characters. Checkers have been updated to use the correct
functions.
Having the size makes it possible to find more problems with prefixed
strings, and to reduce false positives, for example in the buffer
overflow checker.
Also, improve the stringLiteralWrite error message to also print the
prefix of the string (if there is one).
* Add comment and update string length
* Fix crashes in valueflow
http://cppcheck1.osuosl.org:8000/crash.html
For instance in http://cppcheck1.osuosl.org:8000/styx
```
==19651==ERROR: AddressSanitizer: SEGV on unknown address 0x00000000001c (pc 0x556f21abc3df bp 0x7ffc140d2720 sp 0x7ffc140d2710 T0)
==19651==The signal is caused by a READ memory access.
==19651==Hint: address points to the zero page.
#0 0x556f21abc3de in Variable::isGlobal() const ../lib/symboldatabase.h:342
#1 0x556f221f801a in valueFlowForwardVariable ../lib/valueflow.cpp:2471
#2 0x556f22208130 in valueFlowForward ../lib/valueflow.cpp:3204
#3 0x556f221e9e14 in valueFlowReverse ../lib/valueflow.cpp:1892
#4 0x556f221f1a43 in valueFlowBeforeCondition ../lib/valueflow.cpp:2200
#5 0x556f2223dbb5 in ValueFlow::setValues(TokenList*, SymbolDatabase*, ErrorLogger*, Settings const*) ../lib/valueflow.cpp:6521
#6 0x556f220e5991 in Tokenizer::simplifyTokens1(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) ../lib/tokenize.cpp:2342
#7 0x556f21d8d066 in CppCheck::checkFile(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::istream&) ../lib/cppcheck.cpp:508
#8 0x556f21d84cd3 in CppCheck::check(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) ../lib/cppcheck.cpp:192
#9 0x556f21a28796 in CppCheckExecutor::check_internal(CppCheck&, int, char const* const*) ../cli/cppcheckexecutor.cpp:884
#10 0x556f21a24be8 in CppCheckExecutor::check(int, char const* const*) ../cli/cppcheckexecutor.cpp:198
#11 0x556f22313063 in main ../cli/main.cpp:95
```
* Add test case for crash in valueflow
* Use lifetimes to check for returning reference to temporaries
* Check for dangling temporaries
* Check for unknown types for returining by reference
* Remove old returnTemporary check
* Format
* Check for deref op
* Ternary operator return an lvalue reference
* Warn when returning temporaries from member functions
* Improve handling of pointer to function
* Extend lifetimes of const references
* Add valueFlowForwardExpression function to forward values of an expression
* Use token for expression
* Fix name in bailout message
* Handle expressions
* Add more tests for more expressions
* Add more tests
* Solve the expression if possible
* Formatting