Commit Graph

11275 Commits

Author SHA1 Message Date
Daniel Marjamäki cf1dd2e6f6 AST: Fix AST when returning list of lambda functions 2019-10-22 18:39:59 +02:00
Daniel Marjamäki 3699227b12 ExprEngine: Throw exception if there is unhandled expression in assignment LHS 2019-10-22 18:39:59 +02:00
Rikard Falkeborn 73a569be97 TestBufferOverRun: Handle string literals (#2287) 2019-10-21 07:11:22 +02:00
Rikard Falkeborn f83eb127ae ValueFlow: sizeof string and char literals (#2285) 2019-10-20 21:02:28 +02:00
Daniel Marjamäki 78c02f0505 ValueFlow: Fixed false positives after escape scope 2019-10-20 20:57:16 +02:00
Daniel Marjamäki 223ceeb97f SymbolDatabase: Do not set constructor flag for function in namespace 2019-10-20 18:12:52 +02:00
Daniel Marjamäki 82d8f3e7f5 SymbolDatabase: Fix crash if std::shared_ptr type is only forwarded, not defined 2019-10-20 17:00:15 +02:00
Daniel Marjamäki e50b9e2bef Fixed #8784 (False positive uninitialized variable) 2019-10-20 15:20:05 +02:00
Daniel Marjamäki 68ea60d207 Try to make Travis happy 2019-10-20 07:44:56 +02:00
Rikard Falkeborn 5c061c1c12 Set correct type and size of string and char literals (#2275)
* Set correct type and size of string and char literals

Use that string and char literal tokens store the prefix. This makes
it possible to distinghuish between different type of string literals
(i.e., utf8 encoded strings, utf16, wide strings, etc) which have
different type.

When the tokens holding the string and character values have the correct
type, it is possible to improve Token::getStrSize() to give the correct
result for all string types. Previously, it would return the number of
characters in the string, i.e., it would give the wrong size unless
the type of the string was char*.

Since strings now can have different size (in number of bytes) and
length (in number of elements), add a new helper function that returns
the number of characters. Checkers have been updated to use the correct
functions.

Having the size makes it possible to find more problems with prefixed
strings, and to reduce false positives, for example in the buffer
overflow checker.

Also, improve the stringLiteralWrite error message to also print the
prefix of the string (if there is one).

* Add comment and update string length
2019-10-20 07:11:57 +02:00
Daniel Marjamäki 00fae7fb42 Fixed #9261 (Inconsistent violation report between using global enum and namespaced enum.) 2019-10-20 07:07:38 +02:00
Daniel Marjamäki 4943771e41 Fix #9262 (False positive on variable assignment when putting enum in namespace) 2019-10-19 21:41:50 +02:00
Daniel Marjamäki 9a2b71494f ValueFlow: Set value for :: 2019-10-19 21:08:59 +02:00
Daniel Marjamäki 574141a492 shadowVariable: Add comment 2019-10-19 18:51:36 +02:00
Daniel Marjamäki 24db81adb5 Fixed #8903 (False positive 'shadows outer variable' when using GCC statement expressions) 2019-10-19 18:50:27 +02:00
IOBYTE 5658dfcaf3 better fix for #9392 that also handles namespaces (#2282) 2019-10-18 18:05:48 +02:00
Daniel Marjamäki e0093c99ce Fixed #9276 (False positive: ValueFlow does not handle return in switch properly.) 2019-10-18 16:16:56 +02:00
Daniel Marjamäki 3a0a0fdefb Fixed #9424 (False positive: known condition after function call) 2019-10-18 08:21:07 +02:00
Daniel Marjamäki 99ef64459b Fixed #9344 (FP redundantAssignment related to increasing index variable for vector) 2019-10-17 18:31:05 +02:00
Daniel Marjamäki 15d7b9c83f Fixed #9347 (FP uninitvar for pointer passed to sscanf) 2019-10-17 17:41:54 +02:00
IOBYTE e4d2e9d2af Fix #9421 (syntaxError on incomplete code (from z3)) (#2274) 2019-10-16 20:56:53 +02:00
Ken-Patrick Lehrmann 24211cf8b9 Fix crashes in valueflow (#2236)
* Fix crashes in valueflow

http://cppcheck1.osuosl.org:8000/crash.html

For instance in http://cppcheck1.osuosl.org:8000/styx
```
==19651==ERROR: AddressSanitizer: SEGV on unknown address 0x00000000001c (pc 0x556f21abc3df bp 0x7ffc140d2720 sp 0x7ffc140d2710 T0)
==19651==The signal is caused by a READ memory access.
==19651==Hint: address points to the zero page.
    #0 0x556f21abc3de in Variable::isGlobal() const ../lib/symboldatabase.h:342
    #1 0x556f221f801a in valueFlowForwardVariable ../lib/valueflow.cpp:2471
    #2 0x556f22208130 in valueFlowForward ../lib/valueflow.cpp:3204
    #3 0x556f221e9e14 in valueFlowReverse ../lib/valueflow.cpp:1892
    #4 0x556f221f1a43 in valueFlowBeforeCondition ../lib/valueflow.cpp:2200
    #5 0x556f2223dbb5 in ValueFlow::setValues(TokenList*, SymbolDatabase*, ErrorLogger*, Settings const*) ../lib/valueflow.cpp:6521
    #6 0x556f220e5991 in Tokenizer::simplifyTokens1(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) ../lib/tokenize.cpp:2342
    #7 0x556f21d8d066 in CppCheck::checkFile(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::istream&) ../lib/cppcheck.cpp:508
    #8 0x556f21d84cd3 in CppCheck::check(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) ../lib/cppcheck.cpp:192
    #9 0x556f21a28796 in CppCheckExecutor::check_internal(CppCheck&, int, char const* const*) ../cli/cppcheckexecutor.cpp:884
    #10 0x556f21a24be8 in CppCheckExecutor::check(int, char const* const*) ../cli/cppcheckexecutor.cpp:198
    #11 0x556f22313063 in main ../cli/main.cpp:95
```

* Add test case for crash in valueflow
2019-10-16 20:54:07 +02:00
Rikard Falkeborn 297360920a Keep prefix in string and char literals (#2272)
Keeping the prefix in the token allows cppcheck to print the correct
string and char literals in debug and error messages.

To achieve this, move some of the helper functions from token.cpp to
utils.h so that checks that look at string and char literals can reuse
them. This is a large part of this commit.

Note that the only user visible change is that when string and char
literals are printed in error messages, the prefix is now included.

For example:

	int f() {
		return test.substr( 0 , 4 ) == U"Hello" ? 0 : 1 ;
	};

now prints U"Hello" instead of "Hello" in the error message.
2019-10-16 11:41:33 +02:00
Daniel Marjamäki 7d6d561c84 SymbolDatabase: Better handling of function call using smart pointer 2019-10-15 19:33:25 +02:00
Daniel Marjamäki 4a4b4963cc SymbolDatabase: Fix function lookup for '::func()' 2019-10-15 12:39:02 +02:00
Daniel Marjamäki d98ac017f7 ExprEngine: Improved handling of struct member assignments in loops 2019-10-14 22:04:12 +02:00
Daniel Marjamäki 62d972061b astyle formatting
[ci skip]
2019-10-14 19:41:51 +02:00
Daniel Marjamäki 8c5c070d6a ExprEngine: Improved handling of struct member assignments in loop 2019-10-14 19:41:32 +02:00
Daniel Marjamäki ee280a94fb ExprEngine: New handling of << and >> 2019-10-14 17:20:35 +02:00
Daniel Marjamäki 4e49b14721 ExprEngine: << and >> are not handled well, throw exception for now. 2019-10-14 11:56:39 +02:00
Daniel Marjamäki c7a56529bb ExprEngine: Clarify verificationIntegerOverflow message 2019-10-14 11:54:43 +02:00
Daniel Marjamäki bf61bcf402 ValueType: Set ValueType for constructor calls 2019-10-14 09:19:16 +02:00
Sebastian 267d23f1b8
gnu.cfg: Define `__typeof__` as `typeof`, fix simplifyTypedef() (#2260)
`__typeof__` is just an alternative keyword for `typeof`, see
https://gcc.gnu.org/onlinedocs/gcc/Typeof.html
Since `typeof` is handled in several checkers it makes sense to define
`__typeof__` as `typeof`.
Tokenizer::simplifyTypedef(): Use `typeof` instead of `__typeof__` to
be consistent with the rest of the code.
2019-10-14 08:20:22 +02:00
Paul Fultz II bf5c90a2be Fix issue 9409: FP returnTempReference (#2266)
* Fix issue 9409: FP returnTempReference

* Format
2019-10-13 19:12:46 +02:00
KenPatrickLehrmann 5a08ac361a Better handle const/noexcept methods (#2211)
* Better handle const/noexcept methods/conversion operator

const or noexcept in a method / (conversion) operator definition were
badly parsed, ending in a bad ast.
This patch tries to make it better, at least making the ast less bad,
so as to avoid errors in later checks.

* Fix parsing of some operator

It is still very broken, but at least, it does not fail.

Here is the previous error:
```
TestSimplifyTypedef::simplifyTypedef129
terminate called after throwing an instance of 'InternalError'

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51	../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
 #0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
 #1  0x00007ffff612a801 in __GI_abort () at abort.c:79
 #2  0x00007ffff6b1d957 in ?? () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
 #3  0x00007ffff6b23ab6 in ?? () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
 #4  0x00007ffff6b23af1 in std::terminate() () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
 #5  0x00007ffff6b23d24 in __cxa_throw () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
 #6  0x0000555556366bf8 in Tokenizer::cppcheckError (this=0x7fffffffc2d0, tok=0x607000006760) at ../lib/tokenize.cpp:8721
 #7  0x000055555636a4bb in Tokenizer::validate (this=0x7fffffffc2d0) at ../lib/tokenize.cpp:9154
 #8  0x000055555633e3aa in Tokenizer::simplifyTokenList1 (this=0x7fffffffc2d0, FileName=0x603000002d50 "test.cpp") at ../lib/tokenize.cpp:4477
 #9  0x00005555563223ca in Tokenizer::simplifyTokens1 (this=0x7fffffffc2d0, configuration="") at ../lib/tokenize.cpp:2286
 #10 0x00005555563235c8 in Tokenizer::tokenize (this=0x7fffffffc2d0, code=..., FileName=0x555556fda9a0 "test.cpp", configuration="") at ../lib/tokenize.cpp:2345
 #11 0x00005555569410ea in TestSimplifyTypedef::tok[abi:cxx11](char const*, bool, cppcheck::Platform::PlatformType, bool) (this=0x555557728580 <(anonymous namespace)::instance_TestSimplifyTypedef>,
     code=0x7fffffffcb70 "class c {\n  typedef char foo[4];\n  foo _a;\n  constexpr operator foo &() const noexcept { return _a; }\n};", simplify=false, type=cppcheck::Platform::Native, debugwarnings=true) at ../test/testsimplifytypedef.cpp:192
 #12 0x000055555697239e in TestSimplifyTypedef::simplifyTypedef129 (this=0x555557728580 <(anonymous namespace)::instance_TestSimplifyTypedef>) at ../test/testsimplifytypedef.cpp:2599
 #13 0x000055555694092c in TestSimplifyTypedef::run (this=0x555557728580 <(anonymous namespace)::instance_TestSimplifyTypedef>) at ../test/testsimplifytypedef.cpp:167
 #14 0x00005555569cab84 in TestFixture::run (this=0x555557728580 <(anonymous namespace)::instance_TestSimplifyTypedef>, str="simplifyTypedef129") at ../test/testsuite.cpp:306
 #15 0x00005555569cb445 in TestFixture::runTests (args=...) at ../test/testsuite.cpp:329
 #16 0x000055555687bdfb in main (argc=2, argv=0x7fffffffd988) at ../test/testrunner.cpp:44
```

* Replace some ASSERT_EQUALS with TODO_ASSERT_EQUALS when the actual result is still wrong

* Remove invalid code from simplifyTypedef129

* Properly skip parentheses
2019-10-12 11:46:00 +02:00
Paul Fultz II 19cf636a4a Move necessary code into valuetype (#2265)
* Fix parsing of smart pointers

* Improve deduction of return type

* Valuetype computation for decayed pointers
2019-10-12 11:40:02 +02:00
IOBYTE f99e83ece0 Fix #9411 (new daca crash related to using namespace) (#2264) 2019-10-12 11:39:14 +02:00
Daniel Marjamäki 530d4d2427 ExprEngine: Throw exception if we do not handle array well yet 2019-10-10 20:29:43 +02:00
IOBYTE fe1f601b91 Fix #9389 ("debug: Executable scope 'x' with unknown function." with … (#2261)
* Fix #9389 ("debug: Executable scope 'x' with unknown function." with "using namespace")

* use static rather than anonymous namespace for new functions
2019-10-10 20:25:09 +02:00
Daniel Marjamäki c2b514dc45 ExprEngine: Throw exception if assignment in loop is not handled 2019-10-10 11:12:36 +02:00
orbitcowboy a9386fa093 Running astyle [ci skip] 2019-10-10 08:17:41 +02:00
Paul Fultz II a5c6ae1e08 Fix issue 9400: FP returnTempReference - triggered by cast (#2259) 2019-10-10 06:52:11 +02:00
Daniel Marjamäki 0c1e979af7 SymbolDatabase: Refactor handling of variable declarations in if condition 2019-10-09 22:27:48 +02:00
Daniel Marjamäki 5b9bc4918e ExprEngine: Better error output when solver fails 2019-10-09 22:16:30 +02:00
Daniel Marjamäki 63bd182e83 ExprEngine: Adapt to z3 handling of bool/int expressions 2019-10-09 20:18:17 +02:00
Daniel Marjamäki 9f4db5018d SymbolDatabase: Added testcase for variable in if-scope 2019-10-09 16:41:07 +02:00
Daniel Marjamäki 3776604f06 SymbolDatabase: Add variable in if condition 'if (auto x = bar())' 2019-10-09 15:55:54 +02:00
Daniel Marjamäki 273a1a7402 ExprEngine: Fix FP for 'int' overflows 2019-10-09 11:24:57 +02:00
Sebastian b7e48a9b27
Fix #9399 (Build Failure on x86: error: unknown type name '__int128_t') (#2254)
https://stackoverflow.com/questions/16088282/is-there-a-128-bit-integer-in-gcc
suggests to test for __SIZEOF_INT128__. This test is added now and
Cppcheck now also compiles for a 32 bit target with the expected
warning that there is no 128-bit integer. "make test" also works.
2019-10-09 10:25:21 +02:00
Daniel Marjamäki ab6354754f ExprEngine: Catch z3::exception and print message 2019-10-09 09:42:18 +02:00
Daniel Marjamäki c04e25e936 Revert "#9391 Detecting uninited member variables with default ctor (#2249)"
This reverts commit 08bc369296.
2019-10-09 08:17:47 +02:00
Daniel Marjamäki b27fe83da4 ExprEngine: Handle << and >> 2019-10-08 21:38:10 +02:00
Daniel Marjamäki 3e50150dbf ExprEngine: Fix the checking for integer overflows 2019-10-08 20:13:25 +02:00
blacktea 08bc369296 #9391 Detecting uninited member variables with default ctor (#2249) 2019-10-08 19:33:07 +02:00
IOBYTE c98732dd8b fix using type aliases in out of class destructors (#2250) 2019-10-08 19:30:41 +02:00
Daniel Marjamäki 1abf70a7cb SymbolDatabase: Add null pointer check for ast operand for '(' token 2019-10-08 17:53:29 +02:00
Steve Mokris 506a952ad2 Parse `extern "C"`, and use it to avoid FP reference warnings (#2234)
Previously, cppcheck discarded the `extern "C"` specifier.  This patch modifies cppcheck to parse each as a Scope in the symbol database, then uses that scope to avoid false positives when making recommendations about changing a function argument to be a reference (since variable references is a C++ feature, unavailable in C, and thus unavailable in `extern "C"`).
2019-10-08 17:48:09 +02:00
Daniel Marjamäki 9f40341ba8 SymbolDatabase: Hardcoded handling for std::make_shared and std::make_unique , todo: library configuration would be better than hard coding 2019-10-08 17:19:24 +02:00
Daniel Marjamäki 79356b1883 SymbolDatabase: Better ValueType handling of 'LibraryType(..)' 2019-10-08 11:25:05 +02:00
Paul Fultz II 4eb4762d95 Extend lifetime checking to temporaries (#2242)
* Use lifetimes to check for returning reference to temporaries

* Check for dangling temporaries

* Check for unknown types for returining by reference

* Remove old returnTemporary check

* Format

* Check for deref op

* Ternary operator return an lvalue reference

* Warn when returning temporaries from member functions

* Improve handling of pointer to function

* Extend lifetimes of const references
2019-10-08 09:28:39 +02:00
Daniel Marjamäki 21774cbdc4 ExprEngine: Handle while/for loops 2019-10-07 17:45:06 +02:00
Daniel Marjamäki d82b1b29ce ExprEngine: Initial handling of switch 2019-10-06 19:58:51 +02:00
Daniel Marjamäki 05aae9569b ExprEngine: Execute false execution path even if there is no else, upon Z3 exception assume that value is in range (safe option) 2019-10-06 18:26:40 +02:00
Daniel Marjamäki 6c0c9ba6d3 ExprEngine: Handle 'break' and 'while (0);' 2019-10-06 17:43:30 +02:00
Daniel Marjamäki dcf8a7213f ExprEngine: ExprData::getConstraintExpr 2019-10-06 14:47:50 +02:00
IOBYTE 78b9fd9bb9 Fix #9383 ("debug: Function::addArguments found argument 'x' with varid 0." with variadic templates) (#2238) 2019-10-06 12:45:42 +02:00
Daniel Marjamäki 3c085fd88a Fixed #9359 (SymbolDatabase: function lookup fails when -funsigned-char is used) 2019-10-06 12:05:58 +02:00
Tyson Nottingham 0950a97df2 Fix false negatives in checkBitwiseOnBoolean (#2220)
* Fix false negatives in checkBitwiseOnBoolean

Use AST-based tests in favor of token-based tests for greater coverage.

* Travis: add suppressions for bitwiseOnBool
2019-10-06 09:57:31 +02:00
Daniel Marjamäki b97436e8f8 Fixed #9382 (Hang: CheckLeakAutoVar pellepl/spiffs/src/spiffs_hydrogen.c) 2019-10-06 09:52:05 +02:00
IOBYTE 8f46bb3ef6 fix #9392 (SymbolDatabase: Weird default constructor outside class) (#2243) 2019-10-06 07:21:12 +02:00
Daniel Marjamäki 7294145797 SymbolDatabase: set value type for std::move() 2019-10-05 19:57:52 +02:00
Daniel Marjamäki 4e525e52ec ExprEngine: Avoid endless recursion for struct members that have struct type 2019-10-05 18:29:41 +02:00
Daniel Marjamäki e686699294 ExprEngine: Fix ExprEngin::IntRange::isIntValueInRange 2019-10-05 16:33:40 +02:00
Daniel Marjamäki 954e98cc03 astyle formatting
[ci skip]
2019-10-05 16:32:43 +02:00
Paul Fultz II cf1c766292 Fix issue 9317: False positive returnDanglingLifetime when using reference to constant inside if statement (#2241) 2019-10-05 16:32:20 +02:00
Paul Fultz II 6b6553e320 Dont warn for arrays that are containers (#2240) 2019-10-05 16:14:30 +02:00
IOBYTE 46f3f58e5f Fix #9388 ("debug: Executable scope 'x' with unknown function." with alias used in initialization list) (#2239) 2019-10-05 09:34:37 +02:00
Daniel Marjamäki fcccd5f42e ExprEngine: Small tweaks 2019-10-04 17:58:18 +02:00
IOBYTE c32a568c1f fix #8965 ("(debug) Executable scope 'x' with unknown function." with rvalue parameter in method) (#2237)
I fixed the AST enough to pass testrunner but I don't believe it is
correct.

This code:

void Foo4(int&&b);

has this AST:

( 'void'
|-Foo4
`-&& 'bool'
  |-int
  `-b 'signed int'

but I don't believe && should have `bool`.
2019-10-04 12:30:11 +02:00
IOBYTE 50d82763fc Fix #9385 ("debug: Executable scope 'func' with unknown function" with parameter in member function) (#2235) 2019-10-03 21:13:03 +02:00
Daniel Marjamäki f80d387374 ExprEngine: Arrays if-then-else 2019-10-03 20:16:06 +02:00
Daniel Marjamäki 555890fdfa ExprEngine: Removed NullPointerDereference checker for now. 2019-10-03 19:24:14 +02:00
IOBYTE 3e17c24dd8 fix syntax error on template operator (#2225) 2019-10-03 12:26:45 +02:00
Paul Fultz II 997803869d Forward values after assignment in valueFlowReverse (#2226)
* Forward values after assignment in valueFlowReverse

* Rename variables

* Format
2019-10-03 09:58:57 +02:00
Daniel Marjamäki b79283306f ExprEngine: Rename Data::conditions => Data::constraints 2019-10-03 08:48:05 +02:00
Daniel Marjamäki d916379f9f ExprEngine: Better handling of if/else 2019-10-02 21:47:00 +02:00
Daniel Marjamäki 7ab22c7176 ExprEngine: Use smt solver Z3 2019-10-02 17:59:04 +02:00
IOBYTE 4ba00d0694 Fix #9381 (alias in namespace not replaced in method declaration) (#2232) 2019-10-02 08:11:04 +02:00
Daniel Marjamäki cf965b72b5 SymbolDatabase: look for functions in anonymous namespaces in the findFunction 2019-10-01 19:09:34 +02:00
Daniel Marjamäki 07b337c580 Removed extra zero division heuristics, they seem redundant as ValueType is used 2019-10-01 17:33:58 +02:00
orbitcowboy f05e21efa8 Formatted the code, there are no functional changes [ci skip]. 2019-10-01 08:39:08 +02:00
Paul Fultz II 166bd2bafc Fix issue 2153: valueFlowAfterCondition: struct member (#2228)
* Fix issue 2153: valueFlowAfterCondition: struct member

* Fix null pointer dereference

* Formatting

* Check for another null pointer

* Initialize variables

* Remove redundant condition

* Format

* Add missing initialization to copy constructor

* Format
2019-09-30 21:04:43 +02:00
Armin Müller b4af8bdc2e Typos found by running "codespell" (#2227) 2019-09-29 21:23:19 +02:00
Daniel Marjamäki 1ccc303602 ExprEngine: Simplify array value if possible, ensure each array data has a unique name 2019-09-29 21:20:57 +02:00
Daniel Marjamäki 03ff32993e Fixed Cppcheck warning 2019-09-29 17:32:26 +02:00
Daniel Marjamäki 1979b64170 ExprEngine: Bailout when for|while|switch is seen 2019-09-29 17:28:12 +02:00
Daniel Marjamäki 69a54b0ee9 Library: added 'stdtype' attribute in <podtype> element so we can configure standard types better 2019-09-29 16:48:25 +02:00
Daniel Marjamäki 40c3e68e07 ExprEngine: Add --debug-verify, fixed handling of global arrays 2019-09-29 15:00:54 +02:00
Daniel Marjamäki 60e1cf8b8d ExprEngine: Fix NULL pointer dereference tests 2019-09-29 08:26:09 +02:00
Daniel Marjamäki 2dc477571c Fix gcc compiler warnings 2019-09-28 20:50:56 +02:00