Line data Source code
1 : /*
2 : * Cppcheck - A tool for static C/C++ code analysis
3 : * Copyright (C) 2007-2024 Cppcheck team.
4 : *
5 : * This program is free software: you can redistribute it and/or modify
6 : * it under the terms of the GNU General Public License as published by
7 : * the Free Software Foundation, either version 3 of the License, or
8 : * (at your option) any later version.
9 : *
10 : * This program is distributed in the hope that it will be useful,
11 : * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 : * GNU General Public License for more details.
14 : *
15 : * You should have received a copy of the GNU General Public License
16 : * along with this program. If not, see <http://www.gnu.org/licenses/>.
17 : */
18 :
19 : //---------------------------------------------------------------------------
20 : // Check functions
21 : //---------------------------------------------------------------------------
22 :
23 : #include "checkfunctions.h"
24 :
25 : #include "astutils.h"
26 : #include "mathlib.h"
27 : #include "platform.h"
28 : #include "standards.h"
29 : #include "symboldatabase.h"
30 : #include "token.h"
31 : #include "tokenize.h"
32 : #include "valueflow.h"
33 : #include "vfvalue.h"
34 :
35 : #include <iomanip>
36 : #include <list>
37 : #include <sstream>
38 : #include <unordered_map>
39 : #include <vector>
40 :
41 : //---------------------------------------------------------------------------
42 :
43 :
44 : // Register this check class (by creating a static instance of it)
45 : namespace {
46 : CheckFunctions instance;
47 : }
48 :
49 : static const CWE CWE252(252U); // Unchecked Return Value
50 : static const CWE CWE477(477U); // Use of Obsolete Functions
51 : static const CWE CWE758(758U); // Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
52 : static const CWE CWE628(628U); // Function Call with Incorrectly Specified Arguments
53 : static const CWE CWE686(686U); // Function Call With Incorrect Argument Type
54 : static const CWE CWE687(687U); // Function Call With Incorrectly Specified Argument Value
55 : static const CWE CWE688(688U); // Function Call With Incorrect Variable or Reference as Argument
56 :
57 2740 : void CheckFunctions::checkProhibitedFunctions()
58 : {
59 2740 : const bool checkAlloca = mSettings->severity.isEnabled(Severity::warning) && ((mTokenizer->isC() && mSettings->standards.c >= Standards::C99) || mSettings->standards.cpp >= Standards::CPP11);
60 :
61 2740 : logChecker("CheckFunctions::checkProhibitedFunctions");
62 :
63 2740 : const SymbolDatabase *symbolDatabase = mTokenizer->getSymbolDatabase();
64 10998 : for (const Scope *scope : symbolDatabase->functionScopes) {
65 260219 : for (const Token* tok = scope->bodyStart; tok != scope->bodyEnd; tok = tok->next()) {
66 251961 : if (!Token::Match(tok, "%name% (") && tok->varId() == 0)
67 193219 : continue;
68 : // alloca() is special as it depends on the code being C or C++, so it is not in Library
69 58742 : if (checkAlloca && Token::simpleMatch(tok, "alloca (") && (!tok->function() || tok->function()->nestedIn->type == Scope::eGlobal)) {
70 12 : if (tok->isC()) {
71 10 : if (mSettings->standards.c > Standards::C89)
72 10 : reportError(tok, Severity::warning, "allocaCalled",
73 : "$symbol:alloca\n"
74 : "Obsolete function 'alloca' called. In C99 and later it is recommended to use a variable length array instead.\n"
75 : "The obsolete function 'alloca' is called. In C99 and later it is recommended to use a variable length array or "
76 : "a dynamically allocated array instead. The function 'alloca' is dangerous for many reasons "
77 20 : "(http://stackoverflow.com/questions/1018853/why-is-alloca-not-considered-good-practice and http://linux.die.net/man/3/alloca).");
78 : } else
79 2 : reportError(tok, Severity::warning, "allocaCalled",
80 : "$symbol:alloca\n"
81 : "Obsolete function 'alloca' called.\n"
82 : "The obsolete function 'alloca' is called. In C++11 and later it is recommended to use std::array<> or "
83 : "a dynamically allocated array instead. The function 'alloca' is dangerous for many reasons "
84 4 : "(http://stackoverflow.com/questions/1018853/why-is-alloca-not-considered-good-practice and http://linux.die.net/man/3/alloca).");
85 : } else {
86 58730 : if (tok->function() && tok->function()->hasBody())
87 22 : continue;
88 :
89 58708 : const Library::WarnInfo* wi = mSettings->library.getWarnInfo(tok);
90 58708 : if (wi) {
91 386 : if (mSettings->severity.isEnabled(wi->severity) && ((tok->isC() && mSettings->standards.c >= wi->standards.c) || (tok->isCpp() && mSettings->standards.cpp >= wi->standards.cpp))) {
92 386 : const std::string daca = mSettings->daca ? "prohibited" : "";
93 386 : reportError(tok, wi->severity, daca + tok->str() + "Called", wi->message, CWE477, Certainty::normal);
94 : }
95 : }
96 : }
97 : }
98 : }
99 2740 : }
100 :
101 : //---------------------------------------------------------------------------
102 : // Check <valid>, <strz> and <not-bool>
103 : //---------------------------------------------------------------------------
104 2740 : void CheckFunctions::invalidFunctionUsage()
105 : {
106 2740 : logChecker("CheckFunctions::invalidFunctionUsage");
107 2740 : const SymbolDatabase* symbolDatabase = mTokenizer->getSymbolDatabase();
108 10998 : for (const Scope *scope : symbolDatabase->functionScopes) {
109 251961 : for (const Token* tok = scope->bodyStart->next(); tok != scope->bodyEnd; tok = tok->next()) {
110 243703 : if (!Token::Match(tok, "%name% ( !!)"))
111 228070 : continue;
112 15633 : const Token * const functionToken = tok;
113 31266 : const std::vector<const Token *> arguments = getArguments(tok);
114 46437 : for (int argnr = 1; argnr <= arguments.size(); ++argnr) {
115 30804 : const Token * const argtok = arguments[argnr-1];
116 :
117 : // check <valid>...</valid>
118 30804 : const ValueFlow::Value *invalidValue = argtok->getInvalidValue(functionToken,argnr,*mSettings);
119 30804 : if (invalidValue) {
120 660 : invalidFunctionArgError(argtok, functionToken->next()->astOperand1()->expressionString(), argnr, invalidValue, mSettings->library.validarg(functionToken, argnr));
121 : }
122 :
123 30804 : if (astIsBool(argtok)) {
124 : // check <not-bool>
125 785 : if (mSettings->library.isboolargbad(functionToken, argnr))
126 221 : invalidFunctionArgBoolError(argtok, functionToken->str(), argnr);
127 :
128 : // Are the values 0 and 1 valid?
129 564 : else if (!mSettings->library.isIntArgValid(functionToken, argnr, 0))
130 1 : invalidFunctionArgError(argtok, functionToken->str(), argnr, nullptr, mSettings->library.validarg(functionToken, argnr));
131 563 : else if (!mSettings->library.isIntArgValid(functionToken, argnr, 1))
132 1 : invalidFunctionArgError(argtok, functionToken->str(), argnr, nullptr, mSettings->library.validarg(functionToken, argnr));
133 : }
134 : // check <strz>
135 30804 : if (mSettings->library.isargstrz(functionToken, argnr)) {
136 4287 : if (Token::Match(argtok, "& %var% !![") && argtok->next() && argtok->next()->valueType()) {
137 38 : const ValueType * valueType = argtok->next()->valueType();
138 38 : const Variable * variable = argtok->next()->variable();
139 5 : if ((valueType->type == ValueType::Type::CHAR || valueType->type == ValueType::Type::WCHAR_T || (valueType->type == ValueType::Type::RECORD && Token::Match(argtok, "& %var% . %var% ,|)"))) &&
140 72 : !variable->isArray() &&
141 146 : (variable->isConst() || !variable->isGlobal()) &&
142 36 : (!argtok->next()->hasKnownValue() || argtok->next()->getValue(0) == nullptr)) {
143 27 : invalidFunctionArgStrError(argtok, functionToken->str(), argnr);
144 : }
145 : }
146 4287 : const ValueType* const valueType = argtok->valueType();
147 4287 : const Variable* const variable = argtok->variable();
148 : // Is non-null terminated local variable of type char (e.g. char buf[] = {'x'};) ?
149 3047 : if (variable && variable->isLocal()
150 1682 : && valueType && (valueType->type == ValueType::Type::CHAR || valueType->type == ValueType::Type::WCHAR_T)
151 8988 : && !isVariablesChanged(variable->declEndToken(), functionToken, 0 /*indirect*/, { variable }, *mSettings)) {
152 1539 : const Token* varTok = variable->declEndToken();
153 1539 : auto count = -1; // Find out explicitly set count, e.g.: char buf[3] = {...}. Variable 'count' is set to 3 then.
154 1539 : if (varTok && Token::simpleMatch(varTok->astOperand1(), "["))
155 : {
156 154 : const Token* const countTok = varTok->astOperand1()->astOperand2();
157 154 : if (countTok && countTok->hasKnownIntValue())
158 153 : count = countTok->getKnownIntValue();
159 : }
160 1539 : if (Token::simpleMatch(varTok, "= {")) {
161 62 : varTok = varTok->tokAt(1);
162 62 : auto charsUntilFirstZero = 0;
163 62 : bool search = true;
164 310 : while (search && varTok && !Token::simpleMatch(varTok->next(), "}")) {
165 248 : varTok = varTok->next();
166 248 : if (!Token::simpleMatch(varTok, ",")) {
167 156 : if (Token::Match(varTok, "%op%")) {
168 3 : varTok = varTok->next();
169 3 : continue;
170 : }
171 153 : ++charsUntilFirstZero;
172 153 : if (varTok && varTok->hasKnownIntValue() && varTok->getKnownIntValue() == 0)
173 13 : search=false; // stop counting for cases like char buf[3] = {'x', '\0', 'y'};
174 : }
175 : }
176 62 : if (varTok && varTok->hasKnownIntValue() && varTok->getKnownIntValue() != 0
177 124 : && (count == -1 || (count > 0 && count <= charsUntilFirstZero))) {
178 46 : invalidFunctionArgStrError(argtok, functionToken->str(), argnr);
179 : }
180 1477 : } else if (count > -1 && Token::Match(varTok, "= %str%")) {
181 91 : const Token* strTok = varTok->getValueTokenMinStrSize(*mSettings);
182 91 : if (strTok) {
183 91 : const int strSize = Token::getStrArraySize(strTok);
184 91 : if (strSize > count && strTok->str().find('\0') == std::string::npos)
185 18 : invalidFunctionArgStrError(argtok, functionToken->str(), argnr);
186 : }
187 : }
188 : }
189 : }
190 : }
191 : }
192 : }
193 2740 : }
194 :
195 666 : void CheckFunctions::invalidFunctionArgError(const Token *tok, const std::string &functionName, int argnr, const ValueFlow::Value *invalidValue, const std::string &validstr)
196 : {
197 1332 : std::ostringstream errmsg;
198 666 : errmsg << "$symbol:" << functionName << '\n';
199 666 : if (invalidValue && invalidValue->condition)
200 10 : errmsg << ValueFlow::eitherTheConditionIsRedundant(invalidValue->condition)
201 10 : << " or $symbol() argument nr " << argnr << " can have invalid value.";
202 : else
203 661 : errmsg << "Invalid $symbol() argument nr " << argnr << '.';
204 666 : if (invalidValue)
205 660 : errmsg << " The value is " << std::setprecision(10) << (invalidValue->isIntValue() ? invalidValue->intvalue : invalidValue->floatValue) << " but the valid values are '" << validstr << "'.";
206 : else
207 6 : errmsg << " The value is 0 or 1 (boolean) but the valid values are '" << validstr << "'.";
208 666 : if (invalidValue)
209 1971 : reportError(getErrorPath(tok, invalidValue, "Invalid argument"),
210 1311 : invalidValue->errorSeverity() && invalidValue->isKnown() ? Severity::error : Severity::warning,
211 : "invalidFunctionArg",
212 1320 : errmsg.str(),
213 : CWE628,
214 660 : invalidValue->isInconclusive() ? Certainty::inconclusive : Certainty::normal);
215 : else
216 6 : reportError(tok,
217 : Severity::error,
218 : "invalidFunctionArg",
219 12 : errmsg.str(),
220 : CWE628,
221 12 : Certainty::normal);
222 666 : }
223 :
224 225 : void CheckFunctions::invalidFunctionArgBoolError(const Token *tok, const std::string &functionName, int argnr)
225 : {
226 225 : std::ostringstream errmsg;
227 225 : errmsg << "$symbol:" << functionName << '\n';
228 225 : errmsg << "Invalid $symbol() argument nr " << argnr << ". A non-boolean value is required.";
229 225 : reportError(tok, Severity::error, "invalidFunctionArgBool", errmsg.str(), CWE628, Certainty::normal);
230 225 : }
231 :
232 95 : void CheckFunctions::invalidFunctionArgStrError(const Token *tok, const std::string &functionName, nonneg int argnr)
233 : {
234 95 : std::ostringstream errmsg;
235 95 : errmsg << "$symbol:" << functionName << '\n';
236 95 : errmsg << "Invalid $symbol() argument nr " << argnr << ". A nul-terminated string is required.";
237 95 : reportError(tok, Severity::error, "invalidFunctionArgStr", errmsg.str(), CWE628, Certainty::normal);
238 95 : }
239 :
240 : //---------------------------------------------------------------------------
241 : // Check for ignored return values.
242 : //---------------------------------------------------------------------------
243 2740 : void CheckFunctions::checkIgnoredReturnValue()
244 : {
245 2740 : if (!mSettings->severity.isEnabled(Severity::warning) &&
246 5064 : !mSettings->severity.isEnabled(Severity::style) &&
247 2324 : !mSettings->isPremiumEnabled("ignoredReturnValue"))
248 2324 : return;
249 :
250 416 : logChecker("CheckFunctions::checkIgnoredReturnValue"); // style,warning
251 :
252 416 : const SymbolDatabase *symbolDatabase = mTokenizer->getSymbolDatabase();
253 6360 : for (const Scope *scope : symbolDatabase->functionScopes) {
254 123914 : for (const Token* tok = scope->bodyStart->next(); tok != scope->bodyEnd; tok = tok->next()) {
255 : // skip c++11 initialization, ({...})
256 117970 : if (Token::Match(tok, "%var%|(|,|return {"))
257 296 : tok = tok->linkAt(1);
258 117674 : else if (Token::Match(tok, "[(<]") && tok->link())
259 24426 : tok = tok->link();
260 :
261 117970 : if (tok->varId() || tok->isKeyword() || tok->isStandardType() || !Token::Match(tok, "%name% ("))
262 104083 : continue;
263 :
264 13887 : const Token *parent = tok->next()->astParent();
265 15120 : while (Token::Match(parent, "%cop%")) {
266 1459 : if (Token::Match(parent, "<<|>>|*") && !parent->astParent())
267 226 : break;
268 1233 : parent = parent->astParent();
269 : }
270 13887 : if (parent)
271 10312 : continue;
272 :
273 3575 : if (!tok->scope()->isExecutable()) {
274 1 : tok = tok->scope()->bodyEnd;
275 1 : continue;
276 : }
277 :
278 7128 : if ((!tok->function() || !Token::Match(tok->function()->retDef, "void %name%")) &&
279 3554 : tok->next()->astOperand1()) {
280 3552 : const Library::UseRetValType retvalTy = mSettings->library.getUseRetValType(tok);
281 4138 : const bool warn = (tok->function() && tok->function()->isAttributeNodiscard()) || // avoid duplicate warnings for resource-allocating functions
282 586 : (retvalTy == Library::UseRetValType::DEFAULT && mSettings->library.getAllocFuncInfo(tok) == nullptr);
283 3552 : if (mSettings->severity.isEnabled(Severity::warning) && warn)
284 549 : ignoredReturnValueError(tok, tok->next()->astOperand1()->expressionString());
285 3003 : else if (mSettings->severity.isEnabled(Severity::style) &&
286 : retvalTy == Library::UseRetValType::ERROR_CODE)
287 1 : ignoredReturnErrorCode(tok, tok->next()->astOperand1()->expressionString());
288 : }
289 : }
290 : }
291 : }
292 :
293 553 : void CheckFunctions::ignoredReturnValueError(const Token* tok, const std::string& function)
294 : {
295 553 : reportError(tok, Severity::warning, "ignoredReturnValue",
296 1106 : "$symbol:" + function + "\nReturn value of function $symbol() is not used.", CWE252, Certainty::normal);
297 553 : }
298 :
299 1 : void CheckFunctions::ignoredReturnErrorCode(const Token* tok, const std::string& function)
300 : {
301 1 : reportError(tok, Severity::style, "ignoredReturnErrorCode",
302 2 : "$symbol:" + function + "\nError code from the return value of function $symbol() is not used.", CWE252, Certainty::normal);
303 1 : }
304 :
305 : //---------------------------------------------------------------------------
306 : // Check for ignored return values.
307 : //---------------------------------------------------------------------------
308 : static const Token *checkMissingReturnScope(const Token *tok, const Library &library);
309 :
310 2740 : void CheckFunctions::checkMissingReturn()
311 : {
312 2740 : logChecker("CheckFunctions::checkMissingReturn");
313 2740 : const SymbolDatabase *symbolDatabase = mTokenizer->getSymbolDatabase();
314 10998 : for (const Scope *scope : symbolDatabase->functionScopes) {
315 8258 : const Function *function = scope->function;
316 8258 : if (!function || !function->hasBody())
317 6 : continue;
318 8252 : if (function->name() == "main" && !(mTokenizer->isC() && mSettings->standards.c < Standards::C99))
319 2057 : continue;
320 6195 : if (function->type != Function::Type::eFunction && function->type != Function::Type::eOperatorEqual)
321 20 : continue;
322 6175 : if (Token::Match(function->retDef, "%name% (") && function->retDef->isUpperCaseName())
323 6 : continue;
324 6169 : if (Function::returnsVoid(function, true))
325 5291 : continue;
326 878 : const Token *errorToken = checkMissingReturnScope(scope->bodyEnd, mSettings->library);
327 878 : if (errorToken)
328 13 : missingReturnError(errorToken);
329 : }
330 2740 : }
331 :
332 1 : static bool isForwardJump(const Token *gotoToken)
333 : {
334 1 : if (!Token::Match(gotoToken, "goto %name% ;"))
335 0 : return false;
336 20 : for (const Token *prev = gotoToken; gotoToken; gotoToken = gotoToken->previous()) {
337 19 : if (Token::Match(prev, "%name% :") && prev->str() == gotoToken->next()->str())
338 0 : return true;
339 19 : if (prev->str() == "{" && prev->scope()->type == Scope::eFunction)
340 0 : return false;
341 : }
342 1 : return false;
343 : }
344 :
345 886 : static const Token *checkMissingReturnScope(const Token *tok, const Library &library)
346 : {
347 886 : const Token *lastStatement = nullptr;
348 3653 : while ((tok = tok->previous()) != nullptr) {
349 3653 : if (tok->str() == ")")
350 624 : tok = tok->link();
351 3653 : if (tok->str() == "{")
352 8 : return lastStatement ? lastStatement : tok->next();
353 3645 : if (tok->str() == "}") {
354 38 : for (const Token *prev = tok->link()->previous(); prev && prev->scope() == tok->scope() && !Token::Match(prev, "[;{}]"); prev = prev->previous()) {
355 24 : if (prev->isKeyword() && Token::Match(prev, "return|throw"))
356 4 : return nullptr;
357 20 : if (prev->str() == "goto" && !isForwardJump(prev))
358 0 : return nullptr;
359 : }
360 14 : if (tok->scope()->type == Scope::ScopeType::eSwitch) {
361 : // find reachable break / !default
362 3 : bool hasDefault = false;
363 3 : bool reachable = false;
364 40 : for (const Token *switchToken = tok->link()->next(); switchToken != tok; switchToken = switchToken->next()) {
365 38 : if (reachable && Token::simpleMatch(switchToken, "break ;")) {
366 1 : if (Token::simpleMatch(switchToken->previous(), "}") && !checkMissingReturnScope(switchToken->previous(), library))
367 0 : reachable = false;
368 : else
369 1 : return switchToken;
370 : }
371 37 : if (switchToken->isKeyword() && Token::Match(switchToken, "return|throw"))
372 4 : reachable = false;
373 37 : if (Token::Match(switchToken, "%name% (") && library.isnoreturn(switchToken))
374 0 : reachable = false;
375 37 : if (Token::Match(switchToken, "case|default"))
376 5 : reachable = true;
377 37 : if (Token::simpleMatch(switchToken, "default :"))
378 2 : hasDefault = true;
379 35 : else if (switchToken->str() == "{" && (switchToken->scope()->isLoopScope() || switchToken->scope()->type == Scope::ScopeType::eSwitch))
380 1 : switchToken = switchToken->link();
381 : }
382 2 : if (!hasDefault)
383 0 : return tok->link();
384 11 : } else if (tok->scope()->type == Scope::ScopeType::eIf) {
385 5 : const Token *condition = tok->scope()->classDef->next()->astOperand2();
386 5 : if (condition && condition->hasKnownIntValue() && condition->getKnownIntValue() == 1)
387 2 : return checkMissingReturnScope(tok, library);
388 3 : return tok;
389 6 : } else if (tok->scope()->type == Scope::ScopeType::eElse) {
390 3 : const Token *errorToken = checkMissingReturnScope(tok, library);
391 3 : if (errorToken)
392 0 : return errorToken;
393 3 : tok = tok->link();
394 3 : if (Token::simpleMatch(tok->tokAt(-2), "} else {"))
395 3 : return checkMissingReturnScope(tok->tokAt(-2), library);
396 0 : return tok;
397 : }
398 : // FIXME
399 5 : return nullptr;
400 : }
401 3627 : if (tok->isKeyword() && Token::Match(tok, "return|throw"))
402 809 : return nullptr;
403 2818 : if (tok->str() == "goto" && !isForwardJump(tok))
404 1 : return nullptr;
405 2817 : if (Token::Match(tok, "%name% (") && !library.isnotnoreturn(tok)) {
406 49 : return nullptr;
407 : }
408 2768 : if (Token::Match(tok, "[;{}] %name% :"))
409 1 : return tok;
410 2767 : if (Token::Match(tok, "; !!}") && !lastStatement)
411 1 : lastStatement = tok->next();
412 : }
413 0 : return nullptr;
414 : }
415 :
416 17 : void CheckFunctions::missingReturnError(const Token* tok)
417 : {
418 17 : reportError(tok, Severity::error, "missingReturn",
419 34 : "Found an exit path from function with non-void return type that has missing return statement", CWE758, Certainty::normal);
420 17 : }
421 : //---------------------------------------------------------------------------
422 : // Detect passing wrong values to <cmath> functions like atan(0, x);
423 : //---------------------------------------------------------------------------
424 2740 : void CheckFunctions::checkMathFunctions()
425 : {
426 2740 : const bool styleC99 = mSettings->severity.isEnabled(Severity::style) && ((mTokenizer->isC() && mSettings->standards.c != Standards::C89) || (mTokenizer->isCPP() && mSettings->standards.cpp != Standards::CPP03));
427 2740 : const bool printWarnings = mSettings->severity.isEnabled(Severity::warning);
428 :
429 2740 : if (!styleC99 && !printWarnings && !mSettings->isPremiumEnabled("wrongmathcall"))
430 2324 : return;
431 :
432 416 : logChecker("CheckFunctions::checkMathFunctions"); // style,warning,c99,c++11
433 :
434 416 : const SymbolDatabase *symbolDatabase = mTokenizer->getSymbolDatabase();
435 6360 : for (const Scope *scope : symbolDatabase->functionScopes) {
436 214032 : for (const Token* tok = scope->bodyStart->next(); tok != scope->bodyEnd; tok = tok->next()) {
437 208088 : if (tok->varId())
438 38664 : continue;
439 169424 : if (printWarnings && Token::Match(tok, "%name% ( !!)")) {
440 14716 : if (tok->strAt(-1) != "."
441 14716 : && Token::Match(tok, "log|logf|logl|log10|log10f|log10l|log2|log2f|log2l ( %num% )")) {
442 171 : const std::string& number = tok->strAt(2);
443 321 : if ((MathLib::isInt(number) && MathLib::toBigNumber(number) <= 0) ||
444 150 : (MathLib::isFloat(number) && MathLib::toDoubleNumber(number) <= 0.))
445 90 : mathfunctionCallWarning(tok);
446 14545 : } else if (Token::Match(tok, "log1p|log1pf|log1pl ( %num% )")) {
447 25 : const std::string& number = tok->strAt(2);
448 43 : if ((MathLib::isInt(number) && MathLib::toBigNumber(number) <= -1) ||
449 18 : (MathLib::isFloat(number) && MathLib::toDoubleNumber(number) <= -1.))
450 15 : mathfunctionCallWarning(tok);
451 : }
452 : // atan2 ( x , y): x and y can not be zero, because this is mathematically not defined
453 14520 : else if (Token::Match(tok, "atan2|atan2f|atan2l ( %num% , %num% )")) {
454 36 : if (MathLib::isNullValue(tok->strAt(2)) && MathLib::isNullValue(tok->strAt(4)))
455 3 : mathfunctionCallWarning(tok, 2);
456 : }
457 : // fmod ( x , y) If y is zero, then either a range error will occur or the function will return zero (implementation-defined).
458 14484 : else if (Token::Match(tok, "fmod|fmodf|fmodl (")) {
459 37 : const Token* nextArg = tok->tokAt(2)->nextArgument();
460 37 : if (nextArg && MathLib::isNullValue(nextArg->str()))
461 3 : mathfunctionCallWarning(tok, 2);
462 : }
463 : // pow ( x , y) If x is zero, and y is negative --> division by zero
464 14447 : else if (Token::Match(tok, "pow|powf|powl ( %num% , %num% )")) {
465 10 : if (MathLib::isNullValue(tok->strAt(2)) && MathLib::isNegative(tok->strAt(4)))
466 3 : mathfunctionCallWarning(tok, 2);
467 : }
468 : }
469 :
470 169424 : if (styleC99) {
471 169215 : if (Token::Match(tok, "%num% - erf (") && Tokenizer::isOneNumber(tok->str()) && tok->next()->astOperand2() == tok->tokAt(3)) {
472 3 : mathfunctionCallWarning(tok, "1 - erf(x)", "erfc(x)");
473 169212 : } else if (Token::simpleMatch(tok, "exp (") && Token::Match(tok->linkAt(1), ") - %num%") && Tokenizer::isOneNumber(tok->linkAt(1)->strAt(2)) && tok->linkAt(1)->next()->astOperand1() == tok->next()) {
474 3 : mathfunctionCallWarning(tok, "exp(x) - 1", "expm1(x)");
475 169209 : } else if (Token::simpleMatch(tok, "log (") && tok->next()->astOperand2()) {
476 50 : const Token* plus = tok->next()->astOperand2();
477 50 : if (plus->str() == "+" && ((plus->astOperand1() && Tokenizer::isOneNumber(plus->astOperand1()->str())) || (plus->astOperand2() && Tokenizer::isOneNumber(plus->astOperand2()->str()))))
478 3 : mathfunctionCallWarning(tok, "log(1 + x)", "log1p(x)");
479 : }
480 : }
481 : }
482 : }
483 : }
484 :
485 118 : void CheckFunctions::mathfunctionCallWarning(const Token *tok, const nonneg int numParam)
486 : {
487 118 : if (tok) {
488 114 : if (numParam == 1)
489 105 : reportError(tok, Severity::warning, "wrongmathcall", "$symbol:" + tok->str() + "\nPassing value " + tok->strAt(2) + " to $symbol() leads to implementation-defined result.", CWE758, Certainty::normal);
490 9 : else if (numParam == 2)
491 9 : reportError(tok, Severity::warning, "wrongmathcall", "$symbol:" + tok->str() + "\nPassing values " + tok->strAt(2) + " and " + tok->strAt(4) + " to $symbol() leads to implementation-defined result.", CWE758, Certainty::normal);
492 : } else
493 4 : reportError(tok, Severity::warning, "wrongmathcall", "Passing value '#' to #() leads to implementation-defined result.", CWE758, Certainty::normal);
494 118 : }
495 :
496 13 : void CheckFunctions::mathfunctionCallWarning(const Token *tok, const std::string& oldexp, const std::string& newexp)
497 : {
498 13 : reportError(tok, Severity::style, "unpreciseMathCall", "Expression '" + oldexp + "' can be replaced by '" + newexp + "' to avoid loss of precision.", CWE758, Certainty::normal);
499 13 : }
500 :
501 : //---------------------------------------------------------------------------
502 : // memset(p, y, 0 /* bytes to fill */) <- 2nd and 3rd arguments inverted
503 : //---------------------------------------------------------------------------
504 2740 : void CheckFunctions::memsetZeroBytes()
505 : {
506 : // FIXME:
507 : // Replace this with library configuration.
508 : // For instance:
509 : // <arg nr="3">
510 : // <warn knownIntValue="0" severity="warning" msg="..."/>
511 : // </arg>
512 :
513 2740 : if (!mSettings->severity.isEnabled(Severity::warning))
514 2326 : return;
515 :
516 414 : logChecker("CheckFunctions::memsetZeroBytes"); // warning
517 :
518 414 : const SymbolDatabase *symbolDatabase = mTokenizer->getSymbolDatabase();
519 6357 : for (const Scope *scope : symbolDatabase->functionScopes) {
520 214024 : for (const Token* tok = scope->bodyStart->next(); tok != scope->bodyEnd; tok = tok->next()) {
521 208081 : if (Token::Match(tok, "memset|wmemset (") && (numberOfArguments(tok)==3)) {
522 152 : const std::vector<const Token *> &arguments = getArguments(tok);
523 152 : if (WRONG_DATA(arguments.size() != 3U, tok))
524 0 : continue;
525 152 : const Token* lastParamTok = arguments[2];
526 152 : if (MathLib::isNullValue(lastParamTok->str()))
527 3 : memsetZeroBytesError(tok);
528 : }
529 : }
530 : }
531 : }
532 :
533 7 : void CheckFunctions::memsetZeroBytesError(const Token *tok)
534 : {
535 14 : const std::string summary("memset() called to fill 0 bytes.");
536 : const std::string verbose(summary + " The second and third arguments might be inverted."
537 : " The function memset ( void * ptr, int value, size_t num ) sets the"
538 7 : " first num bytes of the block of memory pointed by ptr to the specified value.");
539 7 : reportError(tok, Severity::warning, "memsetZeroBytes", summary + "\n" + verbose, CWE687, Certainty::normal);
540 7 : }
541 :
542 2740 : void CheckFunctions::memsetInvalid2ndParam()
543 : {
544 : // FIXME:
545 : // Replace this with library configuration.
546 : // For instance:
547 : // <arg nr="2">
548 : // <not-float/>
549 : // <warn possibleIntValue=":-129,256:" severity="warning" msg="..."/>
550 : // </arg>
551 :
552 2740 : const bool printPortability = mSettings->severity.isEnabled(Severity::portability);
553 2740 : const bool printWarning = mSettings->severity.isEnabled(Severity::warning);
554 2740 : if (!printWarning && !printPortability)
555 2326 : return;
556 :
557 414 : logChecker("CheckFunctions::memsetInvalid2ndParam"); // warning,portability
558 :
559 414 : const SymbolDatabase *symbolDatabase = mTokenizer->getSymbolDatabase();
560 6357 : for (const Scope *scope : symbolDatabase->functionScopes) {
561 214024 : for (const Token* tok = scope->bodyStart->next(); tok && (tok != scope->bodyEnd); tok = tok->next()) {
562 208081 : if (!Token::simpleMatch(tok, "memset ("))
563 208037 : continue;
564 :
565 126 : const std::vector<const Token *> args = getArguments(tok);
566 126 : if (args.size() != 3)
567 1 : continue;
568 :
569 : // Second parameter is zero literal, i.e. 0.0f
570 125 : const Token * const secondParamTok = args[1];
571 125 : if (Token::Match(secondParamTok, "%num% ,") && MathLib::isNullValue(secondParamTok->str()))
572 81 : continue;
573 :
574 : // Check if second parameter is a float variable or a float literal != 0.0f
575 44 : if (printPortability && astIsFloat(secondParamTok,false)) {
576 4 : memsetFloatError(secondParamTok, secondParamTok->expressionString());
577 : }
578 :
579 44 : if (printWarning && secondParamTok->isNumber()) { // Check if the second parameter is a literal and is out of range
580 18 : const long long int value = MathLib::toBigNumber(secondParamTok->str());
581 18 : const long long sCharMin = mSettings->platform.signedCharMin();
582 18 : const long long uCharMax = mSettings->platform.unsignedCharMax();
583 18 : if (value < sCharMin || value > uCharMax)
584 2 : memsetValueOutOfRangeError(secondParamTok, secondParamTok->str());
585 : }
586 : }
587 : }
588 : }
589 :
590 8 : void CheckFunctions::memsetFloatError(const Token *tok, const std::string &var_value)
591 : {
592 8 : const std::string message("The 2nd memset() argument '" + var_value +
593 16 : "' is a float, its representation is implementation defined.");
594 : const std::string verbose(message + " memset() is used to set each byte of a block of memory to a specific value and"
595 8 : " the actual representation of a floating-point value is implementation defined.");
596 8 : reportError(tok, Severity::portability, "memsetFloat", message + "\n" + verbose, CWE688, Certainty::normal);
597 8 : }
598 :
599 6 : void CheckFunctions::memsetValueOutOfRangeError(const Token *tok, const std::string &value)
600 : {
601 12 : const std::string message("The 2nd memset() argument '" + value + "' doesn't fit into an 'unsigned char'.");
602 6 : const std::string verbose(message + " The 2nd parameter is passed as an 'int', but the function fills the block of memory using the 'unsigned char' conversion of this value.");
603 6 : reportError(tok, Severity::warning, "memsetValueOutOfRange", message + "\n" + verbose, CWE686, Certainty::normal);
604 6 : }
605 :
606 : //---------------------------------------------------------------------------
607 : // --check-library => warn for unconfigured functions
608 : //---------------------------------------------------------------------------
609 :
610 2740 : void CheckFunctions::checkLibraryMatchFunctions()
611 : {
612 2740 : if (!mSettings->checkLibrary)
613 2668 : return;
614 :
615 72 : bool insideNew = false;
616 257889 : for (const Token *tok = mTokenizer->tokens(); tok; tok = tok->next()) {
617 257817 : if (!tok->scope() || !tok->scope()->isExecutable())
618 257810 : continue;
619 :
620 212807 : if (tok->str() == "new")
621 17 : insideNew = true;
622 212790 : else if (tok->str() == ";")
623 26609 : insideNew = false;
624 186181 : else if (insideNew)
625 97 : continue;
626 :
627 212710 : if (tok->isKeyword() || !Token::Match(tok, "%name% ("))
628 197558 : continue;
629 :
630 15152 : if (tok->varId() != 0 || tok->type() || tok->isStandardType())
631 911 : continue;
632 :
633 14241 : if (tok->linkAt(1)->strAt(1) == "(")
634 2 : continue;
635 :
636 14239 : if (tok->function())
637 41 : continue;
638 :
639 14198 : if (Token::simpleMatch(tok->astTop(), "throw"))
640 1 : continue;
641 :
642 14197 : if (Token::simpleMatch(tok->astParent(), ".")) {
643 1610 : const Token* contTok = tok->astParent()->astOperand1();
644 1610 : if (astContainerAction(contTok) != Library::Container::Action::NO_ACTION)
645 173 : continue;
646 1437 : if (astContainerYield(contTok) != Library::Container::Yield::NO_YIELD)
647 481 : continue;
648 : }
649 :
650 13543 : if (!mSettings->library.isNotLibraryFunction(tok))
651 13394 : continue;
652 :
653 149 : const std::string &functionName = mSettings->library.getFunctionName(tok);
654 149 : if (functionName.empty())
655 0 : continue;
656 :
657 149 : if (mSettings->library.functions.find(functionName) != mSettings->library.functions.end())
658 90 : continue;
659 :
660 59 : if (mSettings->library.podtype(tok->expressionString()))
661 2 : continue;
662 :
663 57 : if (mSettings->library.getTypeCheck("unusedvar", functionName) != Library::TypeCheck::def)
664 43 : continue;
665 :
666 14 : const Token* start = tok;
667 19 : while (Token::Match(start->tokAt(-2), "%name% ::") && !start->tokAt(-2)->isKeyword())
668 5 : start = start->tokAt(-2);
669 14 : if (mSettings->library.detectContainerOrIterator(start))
670 7 : continue;
671 :
672 7 : reportError(tok,
673 : Severity::information,
674 : "checkLibraryFunction",
675 14 : "--check-library: There is no matching configuration for function " + functionName + "()");
676 : }
677 : }
678 :
679 : // Check for problems to compiler apply (Named) Return Value Optimization for local variable
680 : // Technically we have different guarantees between standard versions
681 : // details: https://en.cppreference.com/w/cpp/language/copy_elision
682 2740 : void CheckFunctions::returnLocalStdMove()
683 : {
684 2740 : if (!mTokenizer->isCPP() || mSettings->standards.cpp < Standards::CPP11)
685 88 : return;
686 :
687 2652 : if (!mSettings->severity.isEnabled(Severity::performance))
688 2339 : return;
689 :
690 313 : logChecker("CheckFunctions::returnLocalStdMove"); // performance,c++11
691 :
692 313 : const SymbolDatabase *symbolDatabase = mTokenizer->getSymbolDatabase();
693 3627 : for (const Scope *scope : symbolDatabase->functionScopes) {
694 : // Expect return by-value
695 3314 : if (Function::returnsReference(scope->function, /*unknown*/ true, /*includeRValueRef*/ true))
696 66 : continue;
697 6496 : const auto rets = Function::findReturns(scope->function);
698 3690 : for (const Token* ret : rets) {
699 442 : if (!Token::simpleMatch(ret->tokAt(-3), "std :: move ("))
700 435 : continue;
701 7 : const Token* retval = ret->astOperand2();
702 : // NRVO
703 7 : if (retval->variable() && retval->variable()->isLocal() && !retval->variable()->isVolatile())
704 1 : copyElisionError(retval);
705 : // RVO
706 7 : if (Token::Match(retval, "(|{") && !retval->isCast() && !(retval->valueType() && retval->valueType()->reference != Reference::None))
707 3 : copyElisionError(retval);
708 : }
709 : }
710 : }
711 :
712 8 : void CheckFunctions::copyElisionError(const Token *tok)
713 : {
714 8 : reportError(tok,
715 : Severity::performance,
716 : "returnStdMoveLocal",
717 : "Using std::move for returning object by-value from function will affect copy elision optimization."
718 16 : " More: https://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines#Rf-return-move-local");
719 8 : }
720 :
721 2740 : void CheckFunctions::useStandardLibrary()
722 : {
723 2740 : if (!mSettings->severity.isEnabled(Severity::style))
724 2341 : return;
725 :
726 399 : logChecker("CheckFunctions::useStandardLibrary"); // style
727 :
728 7532 : for (const Scope& scope: mTokenizer->getSymbolDatabase()->scopeList) {
729 7133 : if (scope.type != Scope::ScopeType::eFor)
730 7126 : continue;
731 :
732 92 : const Token *forToken = scope.classDef;
733 : // for ( initToken ; condToken ; stepToken )
734 92 : const Token* initToken = getInitTok(forToken);
735 92 : if (!initToken)
736 8 : continue;
737 84 : const Token* condToken = getCondTok(forToken);
738 84 : if (!condToken)
739 0 : continue;
740 84 : const Token* stepToken = getStepTok(forToken);
741 84 : if (!stepToken)
742 0 : continue;
743 :
744 : // 1. we expect that idx variable will be initialized with 0
745 84 : const Token* idxToken = initToken->astOperand1();
746 84 : const Token* initVal = initToken->astOperand2();
747 84 : if (!idxToken || !initVal || !initVal->hasKnownIntValue() || initVal->getKnownIntValue() != 0)
748 43 : continue;
749 41 : const auto idxVarId = idxToken->varId();
750 41 : if (0 == idxVarId)
751 2 : continue;
752 :
753 : // 2. we expect that idx will be less of some variable
754 39 : if (!condToken->isComparisonOp())
755 0 : continue;
756 :
757 39 : const auto& secondOp = condToken->str();
758 39 : const bool isLess = "<" == secondOp &&
759 56 : isConstExpression(condToken->astOperand2(), mSettings->library) &&
760 17 : condToken->astOperand1()->varId() == idxVarId;
761 39 : const bool isMore = ">" == secondOp &&
762 41 : isConstExpression(condToken->astOperand1(), mSettings->library) &&
763 2 : condToken->astOperand2()->varId() == idxVarId;
764 :
765 39 : if (!(isLess || isMore))
766 20 : continue;
767 :
768 : // 3. we expect idx incrementing by 1
769 19 : const bool inc = stepToken->str() == "++" && stepToken->astOperand1() && stepToken->astOperand1()->varId() == idxVarId;
770 27 : const bool plusOne = stepToken->isBinaryOp() && stepToken->str() == "+=" &&
771 27 : stepToken->astOperand1()->varId() == idxVarId &&
772 4 : stepToken->astOperand2()->str() == "1";
773 19 : if (!inc && !plusOne)
774 1 : continue;
775 :
776 : // technically using void* here is not correct but some compilers could allow it
777 :
778 18 : const Token *tok = scope.bodyStart;
779 18 : const std::string memcpyName = tok->isCpp() ? "std::memcpy" : "memcpy";
780 : // (reinterpret_cast<uint8_t*>(dest))[i] = (reinterpret_cast<const uint8_t*>(src))[i];
781 18 : if (Token::Match(tok, "{ (| reinterpret_cast < uint8_t|int8_t|char|void * > ( %var% ) )| [ %varid% ] = "
782 : "(| reinterpret_cast < const| uint8_t|int8_t|char|void * > ( %var% ) )| [ %varid% ] ; }", idxVarId)) {
783 2 : useStandardLibraryError(tok->next(), memcpyName);
784 2 : continue;
785 : }
786 :
787 : // ((char*)dst)[i] = ((const char*)src)[i];
788 16 : if (Token::Match(tok, "{ ( ( uint8_t|int8_t|char|void * ) (| %var% ) )| [ %varid% ] = "
789 : "( ( const| uint8_t|int8_t|char|void * ) (| %var% ) )| [ %varid% ] ; }", idxVarId)) {
790 2 : useStandardLibraryError(tok->next(), memcpyName);
791 2 : continue;
792 : }
793 :
794 :
795 14 : const static std::string memsetName = tok->isCpp() ? "std::memset" : "memset";
796 : // ((char*)dst)[i] = 0;
797 14 : if (Token::Match(tok, "{ ( ( uint8_t|int8_t|char|void * ) (| %var% ) )| [ %varid% ] = %char%|%num% ; }", idxVarId)) {
798 1 : useStandardLibraryError(tok->next(), memsetName);
799 1 : continue;
800 : }
801 :
802 : // ((char*)dst)[i] = (const char*)0;
803 13 : if (Token::Match(tok, "{ ( ( uint8_t|int8_t|char|void * ) (| %var% ) )| [ %varid% ] = "
804 : "( const| uint8_t|int8_t|char ) (| %char%|%num% )| ; }", idxVarId)) {
805 2 : useStandardLibraryError(tok->next(), memsetName);
806 2 : continue;
807 : }
808 :
809 : // (reinterpret_cast<uint8_t*>(dest))[i] = static_cast<const uint8_t>(0);
810 11 : if (Token::Match(tok, "{ (| reinterpret_cast < uint8_t|int8_t|char|void * > ( %var% ) )| [ %varid% ] = "
811 : "(| static_cast < const| uint8_t|int8_t|char > ( %char%|%num% ) )| ; }", idxVarId)) {
812 2 : useStandardLibraryError(tok->next(), memsetName);
813 2 : continue;
814 : }
815 :
816 : // (reinterpret_cast<int8_t*>(dest))[i] = 0;
817 9 : if (Token::Match(tok, "{ (| reinterpret_cast < uint8_t|int8_t|char|void * > ( %var% ) )| [ %varid% ] = "
818 : "%char%|%num% ; }", idxVarId)) {
819 2 : useStandardLibraryError(tok->next(), memsetName);
820 2 : continue;
821 : }
822 : }
823 : }
824 :
825 15 : void CheckFunctions::useStandardLibraryError(const Token *tok, const std::string& expected)
826 : {
827 15 : reportError(tok, Severity::style,
828 : "useStandardLibrary",
829 30 : "Consider using " + expected + " instead of loop.");
830 15 : }
|
