/* * Cppcheck - A tool for static C/C++ code analysis * Copyright (C) 2007-2011 Daniel Marjamäki and Cppcheck team. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "checkstl.h" #include "executionpath.h" #include "symboldatabase.h" #include // Register this check class (by creating a static instance of it) namespace { CheckStl instance; } // Error message for bad iterator usage.. void CheckStl::invalidIteratorError(const Token *tok, const std::string &iteratorName) { reportError(tok, Severity::error, "invalidIterator1", "Invalid iterator: " + iteratorName); } void CheckStl::iteratorsError(const Token *tok, const std::string &container1, const std::string &container2) { reportError(tok, Severity::error, "iterators", "Same iterator is used with both " + container1 + " and " + container2); } // Error message used when dereferencing an iterator that has been erased.. void CheckStl::dereferenceErasedError(const Token *tok, const std::string &itername) { reportError(tok, Severity::error, "eraseDereference", "Dereferenced iterator '" + itername + "' has been erased"); } void CheckStl::iterators() { // Using same iterator against different containers. // for (it = foo.begin(); it != bar.end(); ++it) for (const Token *tok = _tokenizer->tokens(); tok; tok = tok->next()) { // Locate an iterator.. if (!Token::Match(tok, "%var% = %var% . begin ( ) ;|+")) continue; // Get variable ids for both the iterator and container const unsigned int iteratorId(tok->varId()); const unsigned int containerId(tok->tokAt(2)->varId()); if (iteratorId == 0 || containerId == 0) continue; // the validIterator flag says if the iterator has a valid value or not bool validIterator = true; // counter for { and } unsigned int indent = 0; // Scan through the rest of the code and see if the iterator is // used against other containers. for (const Token *tok2 = tok->tokAt(7); tok2; tok2 = tok2->next()) { // If a { is found then count it and continue if (tok2->str() == "{" && ++indent) continue; // If a } is found then count it. break if indentlevel becomes 0. if (tok2->str() == "}" && --indent == 0) break; // Is iterator compared against different container? if (Token::Match(tok2, "%varid% != %var% . end ( )", iteratorId) && tok2->tokAt(2)->varId() != containerId) { iteratorsError(tok2, tok->strAt(2), tok2->strAt(2)); tok2 = tok2->tokAt(6); } // Is the iterator used in a insert/erase operation? else if (Token::Match(tok2, "%var% . insert|erase ( %varid% )|,", iteratorId)) { // It is bad to insert/erase an invalid iterator if (!validIterator) invalidIteratorError(tok2, tok2->strAt(4)); // If insert/erase is used on different container then // report an error if (tok2->varId() != containerId && tok2->tokAt(5)->str() != ".") { // skip error message if container is a set.. if (tok2->varId() > 0) { const Token *decltok = Token::findmatch(_tokenizer->tokens(), "%varid%", tok2->varId()); while (decltok && !Token::Match(decltok, "[;{},(]")) decltok = decltok->previous(); if (Token::Match(decltok, "%any% const| std :: set")) continue; // No warning } // Show error message, mismatching iterator is used. iteratorsError(tok2, tok->strAt(2), tok2->str()); } // invalidate the iterator if it is erased else if (tok2->strAt(2) == std::string("erase")) validIterator = false; // skip the operation tok2 = tok2->tokAt(4); } // it = foo.erase(.. // taking the result of an erase is ok else if (Token::Match(tok2, "%varid% = %var% . erase (", iteratorId)) { // the returned iterator is valid validIterator = true; // skip the operation tok2 = tok2->tokAt(5)->link(); if (!tok2) break; } // Reassign the iterator else if (Token::Match(tok2, "%varid% = %var% ;", iteratorId)) { // Assume that the iterator becomes valid. // TODO: add checking that checks if the iterator becomes valid or not validIterator = true; // skip ahead tok2 = tok2->tokAt(2); } // Dereferencing invalid iterator? else if (!validIterator && Token::Match(tok2, "* %varid%", iteratorId)) { dereferenceErasedError(tok2, tok2->strAt(1)); tok2 = tok2->next(); } else if (!validIterator && Token::Match(tok2, "%varid% . %var%", iteratorId)) { dereferenceErasedError(tok2, tok2->strAt(0)); tok2 = tok2->tokAt(2); } else if (Token::Match(tok2, "%var% . erase ( * %varid%", iteratorId) && tok2->varId() == containerId) { // eraseByValueError(tok2, tok2->strAt(0), tok2->strAt(5)); } // bailout handling. Assume that the iterator becomes valid if we see return/break. // TODO: better handling else if (Token::Match(tok2, "return|break ;")) { validIterator = true; } // bailout handling. Assume that the iterator becomes valid if we see else. // TODO: better handling else if (tok2->str() == "else") { validIterator = true; } } } } // Error message for bad iterator usage.. void CheckStl::mismatchingContainersError(const Token *tok) { reportError(tok, Severity::error, "mismatchingContainers", "mismatching containers"); } void CheckStl::mismatchingContainers() { // Check if different containers are used in various calls of standard functions for (const Token *tok = _tokenizer->tokens(); tok; tok = tok->next()) { if (tok->str() != "std") continue; // TODO: If iterator variables are used instead then there are false negatives. if (Token::Match(tok, "std :: find|find_if|count|transform|replace|replace_if|sort ( %var% . begin|rbegin ( ) , %var% . end|rend ( ) ,")) { if (tok->tokAt(4)->str() != tok->tokAt(10)->str()) { mismatchingContainersError(tok); } } } } void CheckStl::stlOutOfBounds() { // Scan through all tokens.. for (const Token *tok = _tokenizer->tokens(); tok; tok = tok->next()) { // only interested in "for" loops if (!Token::simpleMatch(tok, "for (")) continue; // check if the for loop condition is wrong unsigned int indent = 0; for (const Token *tok2 = tok->tokAt(2); tok2; tok2 = tok2->next()) { if (tok2->str() == "(") ++indent; else if (tok2->str() == ")") { if (indent == 0) break; --indent; } if (Token::Match(tok2, "; %var% <= %var% . size ( ) ;")) { // Count { and } for tok3 unsigned int indent3 = 0; // variable id for loop variable. unsigned int numId = tok2->tokAt(1)->varId(); // variable id for the container variable unsigned int varId = tok2->tokAt(3)->varId(); for (const Token *tok3 = tok2->tokAt(8); tok3; tok3 = tok3->next()) { if (tok3->str() == "{") ++indent3; else if (tok3->str() == "}") { if (indent3 <= 1) break; --indent3; } else if (tok3->varId() == varId) { if (Token::simpleMatch(tok3->next(), ". size ( )")) break; else if (Token::Match(tok3->next(), "[ %varid% ]", numId)) stlOutOfBoundsError(tok3, tok3->tokAt(2)->str(), tok3->str()); } } break; } } } } // Error message for bad iterator usage.. void CheckStl::stlOutOfBoundsError(const Token *tok, const std::string &num, const std::string &var) { reportError(tok, Severity::error, "stlOutOfBounds", "When " + num + "==" + var + ".size(), " + var + "[" + num + "] is out of bounds"); } /** * @brief %Check for invalid iterator usage after erase/insert/etc */ class EraseCheckLoop : public ExecutionPath { public: static void checkScope(CheckStl *checkStl, const Token *it) { const Token *tok = it; // Search for the start of the loop body.. int indentlevel = 1; while (indentlevel > 0 && 0 != (tok = tok->next())) { if (tok->str() == "(") tok = tok->link(); else if (tok->str() == ")") break; // reassigning iterator in loop head else if (Token::Match(tok, "%var% =") && tok->str() == it->str()) break; } if (! Token::simpleMatch(tok, ") {")) return; EraseCheckLoop c(checkStl, it->varId()); std::list checks; checks.push_back(c.copy()); ExecutionPath::checkScope(tok->tokAt(2), checks); c.end(checks, tok->link()); while (!checks.empty()) { delete checks.back(); checks.pop_back(); } } private: /** Startup constructor */ EraseCheckLoop(Check *o, unsigned int varid) : ExecutionPath(o, varid), eraseToken(0) { } /** @brief token where iterator is erased (non-zero => the iterator is invalid) */ const Token *eraseToken; /** @brief Copy this check. Called from the ExecutionPath baseclass. */ ExecutionPath *copy() { return new EraseCheckLoop(*this); } /** @brief is another execution path equal? */ bool is_equal(const ExecutionPath *e) const { const EraseCheckLoop *c = static_cast(e); return (eraseToken == c->eraseToken); } /** @brief no implementation => compiler error if used by accident */ void operator=(const EraseCheckLoop &); /** @brief parse tokens */ const Token *parse(const Token &tok, std::list &checks) const { // bail out if there are assignments. We don't check the assignments properly. if (Token::Match(&tok, "[;{}] %var% =") || Token::Match(&tok, "= %var% ;")) { ExecutionPath::bailOutVar(checks, tok.next()->varId()); } // the loop stops here. Bail out all execution checks that reach // this statement if (Token::Match(&tok, "[;{}] break ;")) { ExecutionPath::bailOut(checks); } // erasing iterator => it is invalidated if (Token::Match(&tok, "erase ( ++|--| %var% )")) { // check if there is a "it = ints.erase(it);" pattern. if so // the it is not invalidated. const Token *token = &tok; while (NULL != (token = token ? token->previous() : 0)) { if (Token::Match(token, "[;{}]")) break; else if (token->str() == "=") token = 0; } // the it is invalidated by the erase.. if (token) { // get variable id for the iterator unsigned int iteratorId = 0; if (tok.tokAt(2)->isName()) iteratorId = tok.tokAt(2)->varId(); else iteratorId = tok.tokAt(3)->varId(); // invalidate this iterator in the corresponding checks for (std::list::const_iterator it = checks.begin(); it != checks.end(); ++it) { EraseCheckLoop *c = dynamic_cast(*it); if (c && c->varId == iteratorId) { c->eraseToken = &tok; } } } } // don't skip any tokens. return the token that we received. return &tok; } /** * Parse condition. @sa ExecutionPath::parseCondition * @param tok first token in condition. * @param checks The execution paths. All execution paths in the list are executed in the current scope * @return true => bail out all checking **/ bool parseCondition(const Token &tok, std::list &checks) { // no checking of conditions. (void)tok; (void)checks; return false; } /** @brief going out of scope - all execution paths end */ void end(const std::list &checks, const Token * /*tok*/) const { // check if there are any invalid iterators. If so there is an error. for (std::list::const_iterator it = checks.begin(); it != checks.end(); ++it) { EraseCheckLoop *c = dynamic_cast(*it); if (c && c->eraseToken) { CheckStl *checkStl = dynamic_cast(c->owner); if (checkStl) { checkStl->eraseError(c->eraseToken); } } } } }; void CheckStl::erase() { for (const Token *tok = _tokenizer->tokens(); tok; tok = tok->next()) { if (Token::simpleMatch(tok, "for (")) { for (const Token *tok2 = tok->tokAt(2); tok2; tok2 = tok2->next()) { if (tok2->str() == ";") { if (Token::Match(tok2, "; %var% !=")) { const unsigned int varid = tok2->next()->varId(); if (varid > 0 && Token::findmatch(_tokenizer->tokens(), "> :: iterator %varid%", varid)) EraseCheckLoop::checkScope(this, tok2->next()); } break; } if (Token::Match(tok2, "%var% = %var% . begin ( ) ; %var% != %var% . end ( )") && tok2->str() == tok2->tokAt(8)->str() && tok2->tokAt(2)->str() == tok2->tokAt(10)->str()) { EraseCheckLoop::checkScope(this, tok2); break; } } } if (Token::Match(tok, "while ( %var% !=")) { const unsigned int varid = tok->tokAt(2)->varId(); if (varid > 0 && Token::findmatch(_tokenizer->tokens(), "> :: iterator %varid%", varid)) EraseCheckLoop::checkScope(this, tok->tokAt(2)); } } } // Error message for bad iterator usage.. void CheckStl::eraseError(const Token *tok) { reportError(tok, Severity::error, "erase", "Dangerous iterator usage after erase()-method.\n" "The iterator is invalid after it has been used in erase() function. " "Dereferencing or comparing it with another iterator is invalid operation."); } void CheckStl::pushback() { // Pointer can become invalid after push_back or push_front.. for (const Token *tok = _tokenizer->tokens(); tok; tok = tok->next()) { if (Token::Match(tok, "%var% = & %var% [")) { // Variable id for pointer const unsigned int pointerId(tok->varId()); // Variable id for the container variable const unsigned int containerId(tok->tokAt(3)->varId()); if (pointerId == 0 || containerId == 0) continue; // Count { , } and parantheses for tok2 int indent = 0; bool invalidPointer = false; for (const Token *tok2 = tok; indent >= 0 && tok2; tok2 = tok2->next()) { if (tok2->str() == "{" || tok2->str() == "(") ++indent; else if (tok2->str() == "}" || tok2->str() == ")") { if (indent == 0 && Token::simpleMatch(tok2, ") {")) tok2 = tok2->next(); else --indent; } // push_back on vector.. if (Token::Match(tok2, "%varid% . push_front|push_back", containerId)) invalidPointer = true; // Using invalid pointer.. if (invalidPointer && tok2->varId() == pointerId) { if (tok2->previous()->str() == "*") invalidPointerError(tok2, tok2->str()); else if (tok2->next()->str() == ".") invalidPointerError(tok2, tok2->str()); break; } } } } // Iterator becomes invalid after reserve, push_back or push_front.. for (const Token *tok = _tokenizer->tokens(); tok; tok = tok->next()) { if (!Token::simpleMatch(tok, "vector <")) continue; // if iterator declaration inside for() loop bool iteratorDeclaredInsideLoop = false; if ((tok->tokAt(-2) && Token::simpleMatch(tok->tokAt(-2), "for (")) || (tok->tokAt(-4) && Token::simpleMatch(tok->tokAt(-4), "for ( std ::"))) { iteratorDeclaredInsideLoop = true; } while (tok && tok->str() != ">") tok = tok->next(); if (!tok) break; if (!Token::Match(tok, "> :: iterator|const_iterator %var% =|;")) continue; const unsigned int iteratorid(tok->tokAt(3)->varId()); if (iteratorid == 0) continue; if (iteratorDeclaredInsideLoop && tok->tokAt(4)->str() == "=") { // skip "> :: iterator|const_iterator" tok = tok->tokAt(3); } // the variable id for the vector unsigned int vectorid = 0; // count { , } and parantheses for tok2 int indent = 0; std::string invalidIterator; for (const Token *tok2 = tok; indent >= 0 && tok2; tok2 = tok2->next()) { if (tok2->str() == "{" || tok2->str() == "(") ++indent; else if (tok2->str() == "}" || tok2->str() == ")") { if (indent == 0 && Token::simpleMatch(tok2, ") {")) tok2 = tok2->next(); else --indent; } // Using push_back or push_front inside a loop.. if (Token::simpleMatch(tok2, "for (")) { tok2 = tok2->tokAt(2); } if (Token::Match(tok2, "%varid% = %var% . begin ( ) ; %varid% != %var% . end ( ) ; ++| %varid% ++| ) {", iteratorid)) { // variable id for the loop iterator const unsigned int varId(tok2->tokAt(2)->varId()); if (varId == 0) continue; const Token *pushbackTok = 0; // Count { and } for tok3 unsigned int indent3 = 0; for (const Token *tok3 = tok2->tokAt(20); tok3; tok3 = tok3->next()) { if (tok3->str() == "{") ++indent3; else if (tok3->str() == "}") { if (indent3 <= 1) break; --indent3; } else if (tok3->str() == "break" || tok3->str() == "return") { pushbackTok = 0; break; } else if (Token::Match(tok3, "%varid% . push_front|push_back|insert|reserve (", varId)) { pushbackTok = tok3->tokAt(2); } } if (pushbackTok) invalidIteratorError(pushbackTok, pushbackTok->str(), tok2->strAt(0)); } // Assigning iterator.. if (Token::Match(tok2, "%varid% =", iteratorid)) { if (Token::Match(tok2->tokAt(2), "%var% . begin|end|rbegin|rend ( )")) { vectorid = tok2->tokAt(2)->varId(); tok2 = tok2->tokAt(6); } else { vectorid = 0; } invalidIterator = ""; } // push_back on vector.. if (vectorid > 0 && Token::Match(tok2, "%varid% . push_front|push_back|insert|reserve (", vectorid)) { if (!invalidIterator.empty() && Token::Match(tok2->tokAt(2), "insert ( %varid% ,", iteratorid)) { invalidIteratorError(tok2, invalidIterator, tok2->strAt(4)); break; } invalidIterator = tok2->strAt(2); tok2 = tok2->tokAt(3)->link(); } else if (tok2->str() == "return" || tok2->str() == "break") { invalidIterator.clear(); } // Using invalid iterator.. if (!invalidIterator.empty()) { if (Token::Match(tok2, "++|--|*|+|-|(|,|=|!= %varid%", iteratorid)) invalidIteratorError(tok2, invalidIterator, tok2->strAt(1)); if (Token::Match(tok2, "%varid% ++|--|+|-", iteratorid)) invalidIteratorError(tok2, invalidIterator, tok2->str()); } } } } // Error message for bad iterator usage.. void CheckStl::invalidIteratorError(const Token *tok, const std::string &func, const std::string &iterator_name) { reportError(tok, Severity::error, "invalidIterator2", "After " + func + ", the iterator '" + iterator_name + "' may be invalid"); } // Error message for bad iterator usage.. void CheckStl::invalidPointerError(const Token *tok, const std::string &pointer_name) { reportError(tok, Severity::error, "invalidPointer", "Invalid pointer '" + pointer_name + "' after push_back / push_front"); } void CheckStl::stlBoundries() { // containers (not the vector).. static const char STL_CONTAINER_LIST[] = "bitset|deque|list|map|multimap|multiset|priority_queue|queue|set|stack|hash_map|hash_multimap|hash_set"; for (const Token *tok = _tokenizer->tokens(); tok; tok = tok->next()) { // Declaring iterator.. if (tok->str() == "<" && Token::Match(tok->previous(), STL_CONTAINER_LIST)) { const std::string container_name(tok->strAt(-1)); while (tok && tok->str() != ">") tok = tok->next(); if (!tok) break; if (Token::Match(tok, "> :: iterator|const_iterator %var% =|;")) { const unsigned int iteratorid(tok->tokAt(3)->varId()); if (iteratorid == 0) continue; // Using "iterator < ..." is not allowed unsigned int indentlevel = 0; for (const Token *tok2 = tok; tok2; tok2 = tok2->next()) { if (tok2->str() == "{") ++indentlevel; else if (tok2->str() == "}") { if (indentlevel == 0) break; --indentlevel; } else if (Token::Match(tok2, "!!* %varid% <", iteratorid)) { stlBoundriesError(tok2, container_name); } } } } } } // Error message for bad boundry usage.. void CheckStl::stlBoundriesError(const Token *tok, const std::string &container_name) { reportError(tok, Severity::error, "stlBoundries", "Dangerous container iterator compare using < operator for " + container_name + "\n" "Container '" + container_name + "' iterator compared with < operator. " "Using < operator with container type iterators is dangerous since the order of " "the items is not guaranteed. One should use != operator instead when comparing " "iterators in the container."); } void CheckStl::if_find() { if (!_settings->_checkCodingStyle) return; for (const Token *tok = _tokenizer->tokens(); tok; tok = tok->next()) { if (Token::Match(tok, "if ( !| %var% . find ( %any% ) )")) { // goto %var% tok = tok->tokAt(2); if (!tok->isName()) tok = tok->next(); const unsigned int varid = tok->varId(); if (varid > 0) { // Is the variable a std::string or STL container? const Token * decl = Token::findmatch(_tokenizer->tokens(), "%varid%", varid); while (decl && !Token::Match(decl, "[;{}(,]")) decl = decl->previous(); decl = decl->next(); // stl container if (Token::Match(decl, "const| std :: %var% < %type% > &|*| %varid%", varid)) if_findError(tok, false); else if (Token::Match(decl, "const| std :: string &|*| %varid%", varid)) if_findError(tok, true); } } if (Token::Match(tok, "if ( !| std :: find|find_if (")) { // goto '(' for the find tok = tok->tokAt(4); if (tok->isName()) tok = tok->next(); // check that result is checked properly if (Token::simpleMatch(tok->link(), ") )")) { if_findError(tok, false); } } } } void CheckStl::if_findError(const Token *tok, bool str) { if (str) reportError(tok, Severity::warning, "stlIfStrFind", "Suspicious checking of string::find() return value.\n" "Checking of string::find() return value looks Suspicious. " "string::find will return 0 if the string is found at position 0. " "If that is wanted to check then string::compare is a faster alternative " "because it doesn't scan through the string."); else reportError(tok, Severity::warning, "stlIfFind", "Suspicious condition. The result of find is an iterator, but it is not properly checked."); } bool CheckStl::isStlContainer(const Token *tok) { // check if this token is defined if (tok->varId()) { // find where this token is defined const Variable *var = _tokenizer->getSymbolDatabase()->getVariableFromVarId(tok->varId()); if (!var) return false; // find where this tokens type starts const Token *type = var->typeStartToken(); // ignore "const" if (type->str() == "const") type = type->next(); // discard namespace if supplied if (Token::simpleMatch(type, "std ::")) type = type->next()->next(); // all possible stl containers static const char STL_CONTAINER_LIST[] = "bitset|deque|list|map|multimap|multiset|priority_queue|queue|set|stack|hash_map|hash_multimap|hash_set|vector"; // container template string const std::string checkStr(std::string(STL_CONTAINER_LIST) + " <"); // check if it's an stl template if (Token::Match(type, checkStr.c_str())) return true; } return false; } void CheckStl::size() { if (!_settings->_checkCodingStyle) return; for (const Token *tok = _tokenizer->tokens(); tok; tok = tok->next()) { if (Token::Match(tok, "%var% . size ( )")) { // check for comparison to zero if (Token::Match(tok->tokAt(5), "==|!=|> 0") || Token::Match(tok->tokAt(-2), "0 ==|!=|<")) { if (isStlContainer(tok)) sizeError(tok); } // check for using as boolean expression else if ((Token::Match(tok->tokAt(-2), "if|while (") || Token::Match(tok->tokAt(-3), "if|while ( !")) && tok->strAt(5) == ")") { if (isStlContainer(tok)) sizeError(tok); } } } } void CheckStl::sizeError(const Token *tok) { const std::string varname(tok ? tok->str().c_str() : "list"); reportError(tok, Severity::performance, "stlSize", "Possible inefficient checking for '" + varname + "' emptiness.\n" "Checking for '" + varname + "' emptiness might be inefficient. " "Using " + varname + ".empty() instead of " + varname + ".size() can be faster. " + varname + ".size() can take linear time but " + varname + ".empty() is " "guaranteed to take constant time."); } void CheckStl::redundantCondition() { const char pattern[] = "if ( %var% . find ( %any% ) != %var% . end ( ) ) " "{|{|" " %var% . remove ( %any% ) ; " "}|}|"; const Token *tok = Token::findmatch(_tokenizer->tokens(), pattern); while (tok) { bool b(tok->tokAt(15)->str() == "{"); // Get tokens for the fields %var% and %any% const Token *var1 = tok->tokAt(2); const Token *any1 = tok->tokAt(6); const Token *var2 = tok->tokAt(9); const Token *var3 = tok->tokAt(b ? 16 : 15); const Token *any2 = tok->tokAt(b ? 20 : 19); // Check if all the "%var%" fields are the same and if all the "%any%" are the same.. if (var1->str() == var2->str() && var2->str() == var3->str() && any1->str() == any2->str()) { redundantIfRemoveError(tok); } tok = Token::findmatch(tok->next(), pattern); } } void CheckStl::redundantIfRemoveError(const Token *tok) { reportError(tok, Severity::style, "redundantIfRemove", "Redundant checking of STL container element.\n" "Redundant checking of STL container element existence before removing it. " "The remove method in the STL will not do anything if element doesn't exist"); } void CheckStl::missingComparison() { for (const Token *tok = _tokenizer->tokens(); tok; tok = tok->next()) { if (Token::simpleMatch(tok, "for (")) { for (const Token *tok2 = tok->tokAt(2); tok2; tok2 = tok2->next()) { if (tok2->str() == ";") break; if (!Token::Match(tok2, "%var% = %var% . begin ( ) ; %var% != %var% . end ( ) ; ++| %var% ++| ) {")) continue; // same iterator name if (tok2->str() != tok2->strAt(8)) continue; // same container if (tok2->strAt(2) != tok2->strAt(10)) continue; // increment iterator if (!Token::simpleMatch(tok2->tokAt(16), ("++ " + tok2->str() + " )").c_str()) && !Token::simpleMatch(tok2->tokAt(16), (tok2->str() + " ++ )").c_str())) { continue; } const unsigned int &iteratorId(tok2->varId()); if (iteratorId == 0) continue; const Token *incrementToken = 0; // Count { and } for tok3 unsigned int indentlevel = 0; // Parse loop.. for (const Token *tok3 = tok2->tokAt(20); tok3; tok3 = tok3->next()) { if (tok3->str() == "{") ++indentlevel; else if (tok3->str() == "}") { if (indentlevel == 0) break; --indentlevel; } else if (Token::Match(tok3, "%varid% ++", iteratorId)) incrementToken = tok3; else if (Token::Match(tok3->previous(), "++ %varid% !!.", iteratorId)) incrementToken = tok3; else if (Token::Match(tok3, "%varid% !=|==", iteratorId)) incrementToken = 0; else if (tok3->str() == "break" || tok3->str() == "return") incrementToken = 0; else if (Token::Match(tok3, "%varid% = %var% . insert ( ++| %varid% ++| ,", iteratorId)) { // skip insertion.. tok3 = tok3->tokAt(6)->link(); if (!tok3) break; } } if (incrementToken) missingComparisonError(incrementToken, tok2->tokAt(16)); } } } } void CheckStl::missingComparisonError(const Token *incrementToken1, const Token *incrementToken2) { std::ostringstream errmsg; errmsg << "Missing bounds check for extra iterator increment in loop.\n" << "The iterator incrementing is suspicious - it is incremented at line " << incrementToken1->linenr() << " and then at line " << incrementToken2->linenr() << " The loop might unintentionally skip an element in the container. " << "There is no comparison between these increments to prevent that the iterator is " << "incremented beyond the end."; reportError(incrementToken1, Severity::warning, "StlMissingComparison", errmsg.str()); } void CheckStl::string_c_str() { // Try to detect common problems when using string::c_str() for (const Token *tok = _tokenizer->tokens(); tok; tok = tok->next()) { // Locate executable scopes: if (Token::Match(tok, ") const| {")) { std::set localvar; std::set pointers; // scan through this executable scope: unsigned int indentlevel = 0; while (NULL != (tok = tok->next())) { if (tok->str() == "{") ++indentlevel; else if (tok->str() == "}") { if (indentlevel <= 1) break; --indentlevel; } // Variable declarations.. else if (Token::Match(tok->previous(), "[;{}] std :: %type% %var% ;")) localvar.insert(tok->tokAt(3)->varId()); else if (Token::Match(tok->previous(), "[;{}] %type% %var% ;")) localvar.insert(tok->next()->varId()); else if (Token::Match(tok->previous(), "[;{}] %type% * %var% ;")) pointers.insert(tok->tokAt(2)->varId()); else if (Token::Match(tok->previous(), "[;{}] %type% %type% * %var% ;")) pointers.insert(tok->tokAt(3)->varId()); // Invalid usage.. else if (Token::Match(tok, "throw %var% . c_str ( ) ;") && tok->next()->varId() > 0 && localvar.find(tok->next()->varId()) != localvar.end()) { string_c_strError(tok); } else if (Token::Match(tok, "[;{}] %var% = %var% . str ( ) . c_str ( ) ;") && tok->next()->varId() > 0 && pointers.find(tok->next()->varId()) != pointers.end()) { string_c_strError(tok); } else if (Token::Match(tok, "[;{}] %var% = %var% (") && Token::simpleMatch(tok->tokAt(4)->link(), ") . c_str ( ) ;") && tok->next()->varId() > 0 && pointers.find(tok->next()->varId()) != pointers.end() && Token::findmatch(_tokenizer->tokens(), ("std :: string " + tok->strAt(3) + " (").c_str())) { string_c_strError(tok); } } } } } void CheckStl::string_c_strError(const Token *tok) { reportError(tok, Severity::error, "stlcstr", "Dangerous usage of c_str()"); }