1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" 2 "http://www.w3.org/TR/html4/strict.dtd"> 3 <html> 4 <head> 5 <title>List of potential checkers</title> 6 <link type="text/css" rel="stylesheet" href="content.css"> 7 <link type="text/css" rel="stylesheet" href="menu.css"> 8 <script type="text/javascript" src="scripts/expandcollapse.js"></script> 9 <script type="text/javascript" src="scripts/menu.js"></script> 10 </head> 11 <body onload="initExpandCollapse()"> 12 13 <div id="page"> 14 15 <!-- menu --> 16 <!--#include virtual="menu.html.incl"--> 17 <!-- page content --> 18 <div id="content"> 19 <h1>List of potential checkers</h1> 20 21 <p>This page contains a list of potential checkers to implement in the static analyzer. If you are interested in contributing to the analyzer's development, this is a good resource to help you get started. The specific names of the checkers are subject to review, and are provided here as suggestions.</p> 22 23 <!-- ========================= allocation/deallocation ======================= --> 24 <h3>memory</h3> 25 <table class="checkers"> 26 <col class="namedescr"><col class="example"><col class="progress"> 27 <thead><tr><td>Name, Description</td><td>Example</td><td>Progress</td></tr></thead> 28 29 <tr><td><div class="namedescr expandable"><span class="name"> 30 memory.LeakEvalOrder</span><span class="lang"> 31 (C, C++)</span><div class="descr"> 32 Potential memory leaks caused by an undefined argument evaluation order. 33 <p>Source: <a href="http://www.boost.org/doc/libs/1_49_0/libs/smart_ptr/shared_ptr.htm#BestPractices"> 34 boost docs: shared_ptr</a>.</p></div></div></td> 35 <td><div class="exampleContainer expandable"> 36 <div class="example"><pre> 37 void f(int, int); 38 int g(void *); 39 int h() __attribute__((noreturn)); 40 41 void test() { 42 // It is possible that 'malloc(1)' is called first, 43 // then 'h()', that is (or calls) noreturn and eventually 44 // 'g()' is never called. 45 f(g(malloc(1)), h()); // warn: 'g()' may never be called. 46 } 47 </pre></div> 48 <div class="example"><pre> 49 void f(int, int); 50 int g(int *); 51 int h() { throw 1; }; 52 53 void test() { 54 // It is possible that 'new int' is called first, 55 // then 'h()', that throws an exception and eventually 56 // 'g()' is never called. 57 f(g(new int), h()); // warn: 'g()' may never be called. 58 } 59 </pre></div></div></td> 60 <td class="aligned"></td></tr> 61 62 63 <tr><td><div class="namedescr expandable"><span class="name"> 64 memory.DstBufferTooSmall</span><span class="lang"> 65 (C, C++)</span><div class="descr"> 66 Destination buffer passed to memory function is too small. 67 <br>Note: <span class="name">security.insecureAPI.strcpy</span> currently warns 68 on usage of <code>strcpy</code> and suggests to replace it. 69 <br>Note: <span class="name">alpha.unix.CStringChecker</span> contains some similar checks. 70 <p>Source: <a href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>.</p></div></div></td> 71 <td><div class="exampleContainer expandable"> 72 <div class="example"><pre> 73 void test() { 74 const char* s1 = "abc"; 75 char *s2 = new char; 76 strcpy(s2, s1); // warn 77 } 78 </pre></div> 79 <div class="example"><pre> 80 void test() { 81 int* p1 = new int[3]; 82 int* p2 = new int; 83 memcpy(p2, p1, 3); // warn 84 } 85 </pre></div></div></td> 86 <td class="aligned"></td></tr> 87 88 89 <tr><td><div class="namedescr expandable"><span class="name"> 90 memory.NegativeArraySize</span><span class="lang"> 91 (C, C++)</span><div class="descr"> 92 'n' is used to specify the buffer size may be negative. 93 <br>Note: possibly an enhancement to <span class="name"> 94 alpha.security.MallocOverflow</span>. 95 <p>Source: <a href="http://cwe.mitre.org/data/definitions/20.html">CWE-20, 96 Example 2</a>.</p></div></div></td> 97 <td><div class="exampleContainer expandable"> 98 <div class="example"><pre> 99 void test() { 100 int *p; 101 int n1 = -1; 102 p = new int[n1]; // warn 103 } 104 </pre></div></div></td> 105 <td class="aligned"></td></tr> 106 107 <tr><td><div class="namedescr expandable"><span class="name"> 108 memory.ZeroAlloc</span><span class="lang"> 109 (C, C++)</span><div class="descr"> 110 Allocation of zero bytes. 111 <br>Note: an enhancement to <span class="name">unix.Malloc</span>. 112 <br>Note: <span class="name">unix.API</span> perform C-checks for zero 113 allocation. This should be moved to <span class="name">unix.Malloc</span>. 114 <p>Source: C++03 3.7.3.1p2; C++11 3.7.4.1p2.</p></div></div></td> 115 <td><div class="exampleContainer expandable"> 116 <div class="example"><pre> 117 #include <stdlib.h> 118 119 void test() { 120 int *p = malloc(0); // warn 121 free(p); 122 } 123 </pre></div> 124 <div class="example"><pre> 125 void test() { 126 int *p = new int[0]; // warn 127 delete[] p; 128 } 129 </pre></div></div></td> 130 <td class="aligned"><a href="http://reviews.llvm.org/D6178"> 131 D6178</a></td></tr> 132 133 </table> 134 135 <!-- ======================= constructors/destructors ====================== --> 136 <h3>constructors/destructors</h3> 137 <table class="checkers"> 138 <col class="namedescr"><col class="example"><col class="progress"> 139 <thead><tr><td>Name, Description</td><td>Example</td><td>Progress</td></tr></thead> 140 141 <tr><td><div class="namedescr expandable"><span class="name"> 142 ctordtor.ExptInsideDtor</span><span class="lang"> 143 (C++)</span><div class="descr"> 144 It is dangerous to let an exception leave a destructor. 145 Using <code>try..catch</code> solves the problem. 146 <p>Source: Scott Meyers "More Effective C++", item 11: Prevent exceptions from 147 leaving destructors.</p></div></div></td> 148 <td><div class="exampleContainer expandable"> 149 <div class="example"><pre> 150 class A { 151 A() {} 152 ~A() { throw 1; } // warn 153 }; 154 </pre></div> 155 <div class="example"><pre> 156 void f() throw(int); 157 158 class A { 159 A() {} 160 ~A() { f(); } // warn 161 }; 162 </pre></div></div></td> 163 <td class="aligned"></td></tr> 164 165 166 <tr><td><div class="namedescr expandable"><span class="name"> 167 ctordtor.PlacementSelfCopy</span><span class="lang"> 168 (C++11)</span><div class="descr"> 169 For a placement copy or move, it is almost certainly an error if the 170 constructed object is also the object being copied from.</div></div></td> 171 <td><div class="exampleContainer expandable"> 172 <div class="example"><pre> 173 class A {}; 174 175 void test(A *dst, A *src) { 176 ::new (dst) A(*dst); // warn (should be 'src') 177 } 178 </pre></div></div></td> 179 <td class="aligned"><!--rdar://problem/13688366--></td></tr> 180 181 </table> 182 183 <!-- =============================== va_list =============================== --> 184 <h3>va_list</h3> 185 <table class="checkers"> 186 <col class="namedescr"><col class="example"><col class="progress"> 187 <thead><tr><td>Name, Description</td><td>Example</td><td>Progress</td></tr></thead> 188 189 <tr><td><div class="namedescr expandable"><span class="name"> 190 valist.Uninitialized</span><span class="lang"> 191 (C)</span><div class="descr"> 192 Calls to the <code>va_arg</code>, <code>va_copy</code>, or 193 <code>va_end</code> macro must happen after calling <code>va_start</code> and 194 before calling <code>va_end</code>.</div></div></td> 195 <td><div class="exampleContainer expandable"> 196 <div class="example"><pre> 197 #include <stdarg.h> 198 199 void test(int x, ...) { 200 va_list args; 201 int y = va_arg(args, int); // warn 202 } 203 </pre></div> 204 <div class="example"><pre> 205 #include <stdarg.h> 206 207 void test(int x, ...) { 208 va_list args; 209 va_start(args, x); 210 va_end(args); 211 int z = va_arg(args, int); // warn 212 } 213 </pre></div></div></td> 214 <td class="aligned"><a href="http://llvm.org/bugs/show_bug.cgi?id=16812"> 215 PR16811</a></td></tr> 216 217 <tr><td><div class="namedescr expandable"><span class="name"> 218 valist.Unterminated</span><span class="lang"> 219 (C)</span><div class="descr"> 220 Every <code>va_start</code> must be matched by a <code>va_end</code>. A va_list 221 can only be ended once. 222 223 <i>This should be folded into the generalized "ownership checker" 224 described on the <a href="open_projects.html"> 225 Open Projects</a> page.</i></div></div></td> 226 <td><div class="exampleContainer expandable"> 227 <div class="example"><pre> 228 #include <stdarg.h> 229 230 void test(int x, ...) { 231 va_list args; 232 va_start(args, x); 233 int y = x + va_arg(args, int); 234 } // warn: missing va_end 235 </pre></div></div></td> 236 <td class="aligned"><a href="http://llvm.org/bugs/show_bug.cgi?id=16812"> 237 PR16812</a></td></tr> 238 239 </table> 240 241 <!-- ============================== exceptions ============================= --> 242 <h3>exceptions</h3> 243 <table class="checkers"> 244 <col class="namedescr"><col class="example"><col class="progress"> 245 <thead><tr><td>Name, Description</td><td>Example</td><td>Progress</td></tr></thead> 246 247 <tr><td><div class="namedescr expandable"><span class="name"> 248 exceptions.ThrowSpecButNotThrow</span><span class="lang"> 249 (C++)</span><div class="descr"> 250 Function declaration has a <code>throw(<i>type</i>)</code> specifier but the 251 function do not throw exceptions.</div></div></td> 252 <td><div class="exampleContainer expandable"> 253 <div class="example"><pre> 254 void test() throw(int) { 255 } // warn 256 </pre></div></div></td> 257 <td class="aligned"></td></tr> 258 259 260 <tr><td><div class="namedescr expandable"><span class="name"> 261 exceptions.NoThrowSpecButThrows</span><span class="lang"> 262 (C++)</span><div class="descr"> 263 An exception is throw from a function having a <code>throw()</code> 264 specifier.</div></div></td> 265 <td><div class="exampleContainer expandable"> 266 <div class="example"><pre> 267 void test() throw() { 268 throw(1); // warn 269 } 270 </pre></div></div></td> 271 <td class="aligned"></td></tr> 272 273 274 <tr><td><div class="namedescr expandable"><span class="name"> 275 exceptions.ThrownTypeDiffersSpec</span><span class="lang"> 276 (C++)</span><div class="descr"> 277 The type of a thrown exception differs from those specified in 278 a <code>throw(<i>type</i>)</code> specifier.</div></div></td> 279 <td><div class="exampleContainer expandable"> 280 <div class="example"><pre> 281 struct S{}; 282 283 void test() throw(int) { 284 S s; 285 throw (s); // warn 286 } 287 </pre></div></div></td> 288 <td class="aligned"></td></tr> 289 290 </table> 291 292 <!-- ========================= smart pointers ============================== --> 293 <h3>smart pointers</h3> 294 <table class="checkers"> 295 <col class="namedescr"><col class="example"><col class="progress"> 296 <thead><tr><td>Name, Description</td><td>Example</td><td>Progress</td></tr></thead> 297 298 <tr><td><div class="namedescr expandable"><span class="name"> 299 smartptr.SmartPtrInit</span><span class="lang"> 300 (C++)</span><div class="descr"> 301 C++03: <code>auto_ptr</code> should store a pointer to an object obtained via 302 new as allocated memory will be cleaned using <code>delete</code>.<br> 303 C++11: one should use <code>unique_ptr<<i>type</i>[]></code> to keep a 304 pointer to memory allocated by <code>new[]</code>.<br> 305 C++11: to keep a pointer to memory allocated by <code>new[]</code> in 306 a <code>shared_ptr</code> one should use a custom deleter that calls <code> 307 delete[].</code>. 308 <p>Source: C++03 20.4.5p1; C++11 <code>auto_ptr</code> is deprecated (D.10).</p></div></div></td> 309 <td><div class="exampleContainer expandable"> 310 <div class="example"><pre> 311 #include <stdlib.h> 312 #include <memory> 313 314 void test() { 315 std::auto_ptr<int> p1(new int); // Ok 316 std::auto_ptr<int> p2(new int[3]); // warn 317 } 318 </pre></div> 319 <div class="example"><pre> 320 #include <stdlib.h> 321 #include <memory> 322 323 void test() { 324 std::auto_ptr<int> p((int *)malloc(sizeof(int))); // warn 325 } 326 </pre></div></div></td> 327 <td class="aligned"></td></tr> 328 329 </table> 330 331 <!-- ============================== dead code ============================== --> 332 <h3>dead code</h3> 333 <table class="checkers"> 334 <col class="namedescr"><col class="example"><col class="progress"> 335 <thead><tr><td>Name, Description</td><td>Example</td><td>Progress</td></tr></thead> 336 337 <tr><td><div class="namedescr expandable"><span class="name"> 338 deadcode.UnmodifiedVariable</span><span class="lang"> 339 (C, C++)</span><div class="descr"> 340 A variable is never modified but was not declared const and is not a 341 reference.<br><br><i>(opt-in checker)</i></div></div></td> 342 <td><div class="exampleContainer expandable"> 343 <div class="example"><pre> 344 extern int computeDelta(); 345 346 int test(bool cond) { 347 int i = 0; 348 if (cond) { 349 const int delta = computeDelta(); 350 // warn: forgot to modify 'i' 351 } 352 return i; 353 } 354 </pre></div></div></td> 355 <td class="aligned"><a href="http://llvm.org/bugs/show_bug.cgi?id=16890">PR16890</a></td></tr> 356 357 <tr><td><div class="namedescr expandable"><span class="name"> 358 deadcode.IdempotentOperations</span><span class="lang"> 359 (C)</span><div class="descr"> 360 Warn about idempotent operations.</div></div></td> 361 <td><div class="exampleContainer expandable"> 362 <div class="example"><pre> 363 void test() { 364 int x = 7; 365 x = x; // warn: value is always the same 366 } 367 </pre></div> 368 <div class="example"><pre> 369 void test() { 370 int x = 7; 371 x /= x; // warn: value is always 1 372 } 373 </pre></div> 374 <div class="example"><pre> 375 void test() { 376 int x = 7, one = 1; 377 x *= one; // warn: right op is always 1 378 } 379 </pre></div> 380 <div class="example"><pre> 381 void test() { 382 int x = 7, zero = 0; 383 x = x - zero; 384 // warn: the right operand to '-' is always 0 385 } 386 </pre></div></div></td> 387 <td class="aligned">removed from alpha.deadcode.* at r198476</td></tr> 388 389 </table> 390 391 <!-- ================================ POSIX ================================ --> 392 <h3>POSIX</h3> 393 <table class="checkers"> 394 <col class="namedescr"><col class="example"><col class="progress"> 395 <thead><tr><td>Name, Description</td><td>Example</td><td>Progress</td></tr></thead> 396 397 <tr><td><div class="namedescr expandable"><span class="name"> 398 posix.Errno</span><span class="lang"> 399 (C)</span><div class="descr"> 400 Record that <code>errno</code> is non-zero when certain functions 401 fail.</div></div></td> 402 <td><div class="exampleContainer expandable"> 403 <div class="example"><pre> 404 #include <stdlib.h> 405 406 int readWrapper(int fd, int *count) { 407 int lcount = read(fd, globalBuf, sizeof(globalBuf)); 408 if (lcount < 0) 409 return errno; 410 *count = lcount; 411 return 0; 412 } 413 414 void use(int fd) { 415 int count; 416 if (!readWrapper(fd, &count)) 417 print("%d", count); // should not warn 418 } 419 </pre></div></div></td> 420 <td class="aligned"><a href="http://llvm.org/bugs/show_bug.cgi?id=18701">PR18701</a></td></tr> 421 422 </table> 423 424 <!-- ========================= undefined behavior ========================== --> 425 <h3>undefined behavior</h3> 426 <table class="checkers"> 427 <col class="namedescr"><col class="example"><col class="progress"> 428 <thead><tr><td>Name, Description</td><td>Example</td><td>Progress</td></tr></thead> 429 430 <tr><td><div class="namedescr expandable"><span class="name"> 431 undefbehavior.ExitInDtor</span><span class="lang"> 432 (C++)</span><div class="descr"> 433 Undefined behavior: <code>std::exit()</code> is called to end the program during 434 the destruction of an object with static storage duration. 435 <p>Source: C++11 3.6.1p4.</p></div></div></td> 436 <td><div class="exampleContainer expandable"> 437 <div class="example"><pre> 438 #include <cstdlib> 439 440 class A { 441 public: 442 ~A() { 443 std::exit(1); // warn 444 } 445 }; 446 </pre></div></div></td> 447 <td class="aligned"></td></tr> 448 449 450 <tr><td><div class="namedescr expandable"><span class="name"> 451 undefbehavior.LocalStaticDestroyed</span><span class="lang"> 452 (C++)</span><div class="descr"> 453 Undefined behavior: function containing a definition of static local object is 454 called during the destruction of an object with static storage duration so that 455 flow of control passes through the definition of the previously destroyed 456 static local object. 457 <p>Source: C++11 3.6.3p2.</p></div></div></td> 458 <td><div class="exampleContainer expandable"> 459 <div class="example"><pre> 460 void f(); 461 462 class A { 463 public: 464 ~A() { 465 f(); // warn 466 } 467 }; 468 469 class B {}; 470 471 A a; 472 473 void f() { 474 static B b; 475 } 476 </pre></div></div></td> 477 <td class="aligned"></td></tr> 478 479 480 <tr><td><div class="namedescr expandable"><span class="name"> 481 undefbehavior.ZeroAllocDereference</span><span class="lang"> 482 (C, C++)</span><div class="descr"> 483 The effect of dereferencing a pointer returned as a request for zero size is 484 undefined.<br> 485 Note: possibly an enhancement to <span class="name"> 486 unix.Malloc</span>. 487 <p>Source: C++03 3.7.3.1p2; C++11 3.7.4.1p2.</p></div></div></td> 488 <td><div class="exampleContainer expandable"> 489 <div class="example"><pre> 490 #include <stdlib.h> 491 492 void test() { 493 int *p = (int *)malloc(0); 494 *p = 1; // warn 495 free(p); 496 } 497 </pre></div> 498 <div class="example"><pre> 499 void f(int); 500 501 void test() { 502 int *p = new int[0]; 503 f(*p); // warn 504 delete[] p; 505 } 506 </pre></div></div></td> 507 <td class="aligned"><a href="http://reviews.llvm.org/D8273">D8273</a></td></tr> 508 509 510 <tr><td><div class="namedescr expandable"><span class="name"> 511 undefbehavior.DeadReferenced</span><span class="lang"> 512 (C++)</span><div class="descr"> 513 Undefined behavior: the following usage of the pointer to the object whose 514 lifetime has ended can result in undefined behavior:<br> 515 The object will be or was of a class type with a non-trivial destructor and 516 <ul><li>the pointer is used as the operand of a delete-expression</li></ul> 517 The object will be or was of a non-POD class type (C++11: any class type) and 518 <ul><li>the pointer is used to access a non-static data member or call a 519 non-static member function of the object</li> 520 <li>the pointer is implicitly converted to a pointer to a base class 521 type</li> 522 <li>the pointer is used as the operand of a <code>static_cast</code> (except 523 when the conversion is to <code>void*</code>, or to <code>void*</code> and 524 subsequently to <code>char*</code>, or <code>unsigned char*</code>)</li> 525 <li>the pointer is used as the operand of a <code>dynamic_cast</code></li></ul> 526 <p>Source: C++03 3.8p5, p7; C++11 3.8p5, p7.</p></div></div></td> 527 <td><div class="exampleContainer expandable"> 528 <div class="example"><pre> 529 #include <new> 530 531 class A { 532 public: 533 ~A(); 534 }; 535 536 class B : public A {}; 537 538 void test() { 539 A *a = new A; 540 new(a) B; 541 delete a; // warn 542 } 543 </pre></div> 544 <div class="example"><pre> 545 #include <new> 546 547 class A { 548 public: 549 ~A(); 550 }; 551 552 class B {}; 553 554 void test() { 555 A *a = new A; 556 new(a) B; 557 a->~A(); 558 } 559 </pre></div> 560 <div class="example"><pre> 561 #include <new> 562 563 class A { 564 public: 565 ~A(); 566 }; 567 568 class B : public A {}; 569 570 class C {}; 571 572 void f(A*); 573 574 void test() { 575 B *b = new B; 576 new(b) C; 577 f(b); // warn 578 } 579 </pre></div> 580 <div class="example"><pre> 581 #include <new> 582 583 class A { 584 public: 585 ~A(); 586 }; 587 588 class B : public A {}; 589 590 class C {}; 591 592 A* test() { 593 B *b = new B; 594 new(b) C; 595 return static_cast<A*>(b); // warn 596 } 597 </pre></div> 598 <div class="example"><pre> 599 #include <new> 600 601 class A { 602 public: 603 ~A(); 604 }; 605 606 class B : public A {}; 607 608 class C {}; 609 610 A* test() { 611 B *b = new B; 612 new(b) C; 613 return dynamic_cast<A*>(b); // warn 614 } 615 </pre></div></div></td> 616 <td class="aligned"></td></tr> 617 618 619 <tr><td><div class="namedescr expandable"><span class="name"> 620 undefbehavior.ObjLocChanges</span><span class="lang"> 621 (C++)</span><div class="descr"> 622 Undefined behavior: the program must ensure that an object occupies the same 623 storage location when the implicit or explicit destructor call takes place. 624 <p>Source: C++11 3.8p8.</p></div></div></td> 625 <td><div class="exampleContainer expandable"> 626 <div class="example"><pre> 627 #include <new> 628 629 class A {}; 630 631 class B { 632 public: 633 ~B(); 634 }; 635 636 void test() { 637 B b; 638 new (&b) A; 639 } // warn 640 </pre></div> 641 <div class="example"><pre> 642 #include <new> 643 644 class A {}; 645 646 class B { 647 public: 648 ~B(); 649 }; 650 651 void test() { 652 B *b = new B; 653 new (b) A; 654 delete b; // warn 655 } 656 </pre></div></div></td> 657 <td class="aligned"></td></tr> 658 659 660 <tr><td><div class="namedescr expandable"><span class="name"> 661 undefbehavior.ExprEvalOrderUndef</span><span class="lang"> 662 (C, C++03)</span><div class="descr"> 663 Undefined behavior: a scalar object shall have its stored value modified at 664 most once by the evaluation of an expression.<br> 665 Note: most cases are currently handled by the Clang core (search for 'multiple 666 unsequenced modifications' warning in Clang tests). 667 <p>Source: C++03 5p4.</p></div></div></td> 668 <td><div class="exampleContainer expandable"> 669 <div class="example"><pre> 670 int test () { 671 int i = 0; 672 i = ++i + 1; // warn 673 return i; 674 } 675 </pre></div></div></td> 676 <td class="aligned"></td></tr> 677 678 679 <tr><td><div class="namedescr expandable"><span class="name"> 680 undefbehavior.StaticInitReentered</span><span class="lang"> 681 (C++)</span><div class="descr"> 682 Undefined behavior: static declaration is re-entered while the object is being 683 initialized. 684 <p>Source: C++11 6.7p4.</p></div></div></td> 685 <td><div class="exampleContainer expandable"> 686 <div class="example"><pre> 687 int test(int i) { 688 static int s = test(2 * i); // warn 689 return i + 1; 690 } 691 </pre></div></div></td> 692 <td class="aligned"></td></tr> 693 694 695 <tr><td><div class="namedescr expandable"><span class="name"> 696 undefbehavior.ConstModified</span><span class="lang"> 697 (C, C++)</span><div class="descr"> 698 Undefined behavior: const object is being modified. 699 <p>Source: C++03 7.1.5.1p4, C++11 7.1.6.1p4.</p></div></div></td> 700 <td><div class="exampleContainer expandable"> 701 <div class="example"><pre> 702 void test() { 703 const int *cp = new const int (0); 704 int *p = const_cast<int *>(cp); 705 *p = 1; // warn 706 delete p; 707 } 708 </pre></div> 709 <div class="example"><pre> 710 class C { 711 public : 712 int i; 713 C(); 714 }; 715 716 void test() { 717 const C cb; 718 719 C* cp = const_cast<C *>(&cb); 720 cp->i = 1; // warn 721 } 722 </pre></div></div></td> 723 <td class="aligned"></td></tr> 724 725 726 <tr><td><div class="namedescr expandable"><span class="name"> 727 undefbehavior.DeadDestructed</span><span class="lang"> 728 (C++)</span><div class="descr"> 729 Undefined behavior: the destructor is invoked for an object whose lifetime 730 has ended. 731 <p>Source: C++11 12.4p14.</p></div></div></td> 732 <td><div class="exampleContainer expandable"> 733 <div class="example"><pre> 734 class A { 735 public: 736 void f(); 737 A(); 738 ~A(); 739 }; 740 741 void test() { 742 A a; 743 a.~A(); 744 } // warn 745 </pre></div></div></td> 746 <td class="aligned"></td></tr> 747 748 749 <tr><td><div class="namedescr expandable"><span class="name"> 750 undefbehavior.MethodCallBeforeBaseInit</span><span class="lang"> 751 (C++)</span><div class="descr"> 752 Undefined behavior: calls member function but base not yet initialized. 753 <p>Source: C++03 12.6.2p8; C++11 12.6.2p13.</p></div></div></td> 754 <td><div class="exampleContainer expandable"> 755 <div class="example"><pre> 756 class A { 757 public : 758 A(int); 759 }; 760 761 class B : public A { 762 public : 763 int f(); 764 B() : A(f()) {} // warn 765 }; 766 </pre></div></div></td> 767 <td class="aligned"></td></tr> 768 769 770 <tr><td><div class="namedescr expandable"><span class="name"> 771 undefbehavior.MemberOrBaseRefBeforeCtor</span><span class="lang"> 772 (C++)</span><div class="descr"> 773 C++ Undefined behavior: non-static member or base class of non-POD class type 774 is referred before constructor begins execution.<br> 775 C++11 Undefined behavior: non-static member or base class of a class with a 776 non-trivial constructor is referred before constructor begins execution. 777 <p>Source: C++03 12.7p1; C++11 12.7p1.</p></div></div></td> 778 <td><div class="exampleContainer expandable"> 779 <div class="example"><pre> 780 struct non_POD { 781 int i; 782 non_POD(); 783 }; 784 785 extern non_POD non_pod; 786 787 int *p = &non_pod.i; // warn 788 </pre></div> 789 <div class="example"><pre> 790 struct POD { 791 int i; 792 }; 793 794 struct non_POD : public POD { 795 POD pod; 796 }; 797 798 extern non_POD non_pod; 799 800 int *p = &non_pod.pod.i; // warn 801 </pre></div> 802 <div class="example"><pre> 803 struct POD { 804 int i; 805 }; 806 807 struct non_POD : public POD {}; 808 809 extern non_POD non_pod; 810 811 POD *p = &non_pod; // warn 812 </pre></div> 813 <div class="example"><pre> 814 struct non_POD { 815 int i; 816 non_POD(); 817 }; 818 819 struct S { 820 int *k; 821 non_POD non_pod; 822 S() : k(&non_pod.i) {} // warn 823 }; 824 </pre></div></div></td> 825 <td class="aligned"></td></tr> 826 827 828 <tr><td><div class="namedescr expandable"><span class="name"> 829 undefbehavior.MemberRefAfterDtor</span><span class="lang"> 830 (C++)</span><div class="descr"> 831 C++03: Undefined behavior: non-static member of non-POD class type is referred 832 after destructor ends execution.<br> 833 C++11: Undefined behavior: non-static member of a class with a non-trivial 834 destructor is referred after destructor ends execution. 835 <p>Source: C++03 12.7p1; C++11 12.7p1.</p></div></div></td> 836 <td><div class="exampleContainer expandable"> 837 <div class="example"><pre> 838 class C { 839 public: 840 C(); 841 void f(); 842 }; 843 844 void test() { 845 C *c = new C(); 846 c->~C(); 847 c->f(); // warn 848 } 849 </pre></div></div></td> 850 <td class="aligned"></td></tr> 851 852 853 <tr><td><div class="namedescr expandable"><span class="name"> 854 undefbehavior.CtorForeignCall</span><span class="lang"> 855 (C++)</span><div class="descr"> 856 Undefined behavior: call to virtual function of an object under construction 857 whose type is neither the constructors own class or one of its bases. 858 <p>Source: C++11 12.7p4.</p></div></div></td> 859 <td><div class="exampleContainer expandable"> 860 <div class="example"><pre> 861 class A { 862 public: 863 virtual void f() {}; 864 }; 865 866 class B { 867 public: 868 B(A* a) { a->f(); } // warn 869 }; 870 871 class C : public A, B { 872 public: 873 C() : B((A*)this) {} 874 }; 875 </pre></div></div></td> 876 <td class="aligned"></td></tr> 877 878 879 <tr><td><div class="namedescr expandable"><span class="name"> 880 undefbehavior.CtorForeignTypeid</span><span class="lang"> 881 (C++)</span><div class="descr"> 882 Undefined behavior: the operand of <code>typeid</code> is an object under 883 construction whose type is neither the constructors own class or one of its 884 bases. 885 <p>Source: C++11 12.7p5.</p></div></div></td> 886 <td><div class="exampleContainer expandable"> 887 <div class="example"><pre> 888 #include <typeinfo> 889 890 class A {}; 891 892 class B { 893 public: 894 B(A* a) { 895 (void)typeid(*a); // warn 896 } 897 }; 898 899 class C : public A, B { 900 public: 901 C() : B((A*)this) {} 902 }; 903 </pre></div></div></td> 904 <td class="aligned"></td></tr> 905 906 907 <tr><td><div class="namedescr expandable"><span class="name"> 908 undefbehavior.CtorForeignCast</span><span class="lang"> 909 (C++)</span><div class="descr"> 910 Undefined behavior: the operand of <code>dynamic_cast</code> is an object under 911 construction whose type is neither the constructors own class or one of its 912 bases. 913 <p>Source: C++11 12.7p6.</p></div></div></td> 914 <td><div class="exampleContainer expandable"> 915 <div class="example"><pre> 916 #include <typeinfo> 917 918 class A { 919 public: 920 virtual void f() {}; 921 }; 922 923 class B { 924 public: 925 B(A* a) { 926 (void)dynamic_cast<B*>(a); //warn 927 } 928 }; 929 930 class C : public A, B { 931 public: 932 C() : B((A*)this) {} 933 }; 934 </pre></div></div></td> 935 <td class="aligned"></td></tr> 936 937 938 <tr><td><div class="namedescr expandable"><span class="name"> 939 undefbehavior.MemberOrBaseRefInCatch</span><span class="lang"> 940 (C++)</span><div class="descr"> 941 Undefined behavior: referring to any non-static member or base class of an 942 object in the handler for a function-try-block of a constructor or destructor 943 for that object results in undefined behavior. 944 <p>Source: C++11 15.3p10.</p></div></div></td> 945 <td><div class="exampleContainer expandable"> 946 <div class="example"><pre> 947 void f() { throw 1; } 948 949 class C { 950 int i; 951 public : 952 C() 953 try { 954 f(); 955 } 956 catch (...) { 957 i=2; // warn 958 } 959 }; 960 </pre></div> 961 <div class="example"><pre> 962 void f() { throw 1; } 963 964 class Base { 965 public: 966 int i; 967 }; 968 969 class C: public Base { 970 public : 971 ~C() try { 972 f(); 973 } 974 catch (...) { 975 i=2; // warn 976 } 977 }; 978 </pre></div></div></td> 979 <td class="aligned"></td></tr> 980 981 982 <tr><td><div class="namedescr expandable"><span class="name"> 983 undefbehavior.ReturnAtCatchEnd</span><span class="lang"> 984 (C++)</span><div class="descr"> 985 Undefined behavior: a function returns when control reaches the end of a 986 handler. This results in undefined behavior in a value-returning function. 987 <p>Source: C++11 15.3p10.</p></div></div></td> 988 <td><div class="exampleContainer expandable"> 989 <div class="example"><pre> 990 void f() { throw 1; } 991 992 int test() try { 993 f(); 994 return 1; 995 } 996 catch(int) { 997 } // warn 998 </pre></div></div></td> 999 <td class="aligned"></td></tr> 1000 1001 1002 <tr><td><div class="namedescr expandable"><span class="name"> 1003 undefbehavior.AutoptrsOwnSameObj</span><span class="lang"> 1004 (C++03)</span><div class="descr"> 1005 Undefined behavior: if more than one <code>auto_ptr</code> owns the same object 1006 at the same time the behavior of the program is undefined. 1007 <p>Source: C++03 20.4.5p3; C++11 <code>auto_ptr</code> is deprecated 1008 (D.10).</p></div></div></td> 1009 <td><div class="exampleContainer expandable"> 1010 <div class="example"><pre> 1011 #include <memory> 1012 1013 void test() { 1014 int *data = new int; 1015 std::auto_ptr<int> p(data); 1016 std::auto_ptr<int> q(data); // warn 1017 } 1018 </pre></div></div></td> 1019 <td class="aligned"></td></tr> 1020 1021 1022 <tr><td><div class="namedescr expandable"><span class="name"> 1023 undefbehavior.BasicStringOutOfBound</span><span class="lang"> 1024 (C++03)</span><div class="descr"> 1025 Undefined behavior: out-of-bound <code>basic_string</code> access/modification. 1026 <br>Note: possibly an enhancement to <span class="name"> 1027 alpha.security.ArrayBoundV2</span>. 1028 <p>Source: C++03 21.3.4p1; C++11 behavior is defined 1029 (21.4.5p2).</p></div></div></td> 1030 <td><div class="exampleContainer expandable"> 1031 <div class="example"><pre> 1032 #include <string> 1033 1034 void test() { 1035 std::basic_string<char> s; 1036 char c = s[10]; // warn 1037 } 1038 </pre></div> 1039 <div class="example"><pre> 1040 #include <string> 1041 1042 void test() { 1043 std::basic_string<char> s; 1044 s[10] = 0; // warn 1045 } 1046 </pre></div></div></td> 1047 <td class="aligned"></td></tr> 1048 1049 1050 <tr><td><div class="namedescr expandable"><span class="name"> 1051 undefbehavior.EosDereference</span><span class="lang"> 1052 (C++)</span><div class="descr"> 1053 Undefined behavior: the result of <code>operator*()</code> on an end of a 1054 stream is undefined. 1055 <p>Source: C++03 24.5.3p2; C++11 24.6.3p2.</p></div></div></td> 1056 <td><div class="exampleContainer expandable"> 1057 <div class="example"><pre> 1058 #include <vector> 1059 1060 int test() { 1061 std::vector<int> v; 1062 return *v.end(); // warn 1063 } 1064 </pre></div></div></td> 1065 <td class="aligned"></td></tr> 1066 1067 1068 <tr><td><div class="namedescr expandable"><span class="name"> 1069 undefbehavior.QsortNonPODNonTrivial</span><span class="lang"> 1070 (C++)</span><div class="descr"> 1071 C++03: Undefined behavior: the objects in the array passed to qsort are of 1072 non-POD type.<br> 1073 C++11: Undefined behavior: the objects in the array passed to qsort are of 1074 non-trivial type. 1075 <p>Source: C++03 25.4p4; C++11 25.5p4.</p></div></div></td> 1076 <td><div class="exampleContainer expandable"> 1077 <div class="example"><pre> 1078 // C++03 1079 #include <cstdlib> 1080 1081 1082 struct non_POD { 1083 non_POD(); 1084 }; 1085 1086 non_POD values[] = { non_POD(), non_POD() }; 1087 1088 int compare(const void *a, const void *b); 1089 1090 void test() { 1091 qsort(values, 2, sizeof(non_POD), compare); // warn 1092 } 1093 </pre></div> 1094 <div class="example"><pre> 1095 // C++11 1096 #include <cstdlib> 1097 1098 struct S {}; 1099 1100 struct trivial_non_POD : public S { 1101 int i; 1102 }; 1103 1104 struct non_trivial { 1105 int i; 1106 non_trivial(); 1107 }; 1108 1109 trivial_non_POD tnp[2]; 1110 non_trivial nt[2]; 1111 1112 int compare1(const void *a, const void *b); 1113 1114 int compare2(const void *a, const void *b); 1115 1116 void test() { 1117 qsort(tnp, 2, sizeof(trivial_non_POD), compare1); // ok 1118 qsort(nt, 2, sizeof(non_trivial), compare2); // warn 1119 } 1120 </pre></div></div></td> 1121 <td class="aligned"></td></tr> 1122 1123 1124 <tr><td><div class="namedescr expandable"><span class="name"> 1125 undefbehavior.ThrowWhileCopy</span><span class="lang"> 1126 (C++)</span><div class="descr"> 1127 Undefined behavior: copy constructor/assignment operator can throw an exception. 1128 The effects are undefined if an exception is thrown.</div></div></td> 1129 <td><div class="exampleContainer expandable"> 1130 <div class="example"><pre> 1131 class C { 1132 public: 1133 int i, j; 1134 C (const C &c) { 1135 i = c.i; 1136 throw 1; // warn 1137 j = c.j; 1138 }; 1139 }; 1140 </pre></div> 1141 <div class="example"><pre> 1142 class C { 1143 public: 1144 int i, j; 1145 C &operator=(const C &c) { 1146 i = c.i; 1147 throw 1; // warn 1148 j = c.j; 1149 }; 1150 }; 1151 </pre></div></div></td> 1152 <td class="aligned"></td></tr> 1153 1154 1155 <tr><td><div class="namedescr expandable"><span class="name"> 1156 undefbehavior.ValarrayArgBound</span><span class="lang"> 1157 (C++)</span><div class="descr"> 1158 Undefined behavior: the value of the <code><i>n</i></code> argument passed 1159 to <code>valarray</code> constructor is greater than the number of values 1160 pointed to by the first argument (source). 1161 <p>Source: C++03 26.3.2.1p4; C++11 26.6.2.2p4.</p></div></div></td> 1162 <td><div class="exampleContainer expandable"> 1163 <div class="example"><pre> 1164 #include <valarray> 1165 1166 struct S { 1167 int i; 1168 S(int ii) : i(ii) {}; 1169 }; 1170 1171 void test(void) { 1172 S s[] = { S(1), S(2) }; 1173 std::valarray<S> v(s,3); // warn 1174 } 1175 </pre></div></div></td> 1176 <td class="aligned"></td></tr> 1177 1178 1179 <tr><td><div class="namedescr expandable"><span class="name"> 1180 undefbehavior.ValarrayLengthDiffer</span><span class="lang"> 1181 (C++)</span><div class="descr"> 1182 Undefined behavior: <code>valarray</code> operands are of different length. 1183 <p>Source: C++03 26.3.2.2p1, 26.3.2.6p3, 26.3.3.1p3, 26.3.3.2p3; 1184 C++11 defined (26.6.2.3p1), 26.6.2.7p3, 26.6.3.1p3, 1185 26.6.3.2p3.</p></div></div></td> 1186 <td><div class="exampleContainer expandable"> 1187 <div class="example"><pre> 1188 // C++03 1189 #include <valarray> 1190 1191 void test(void) { 1192 std::valarray<int> a(0, 1), b(0, 2); 1193 a = b; // warn 1194 b.resize(1); 1195 a = b; // ok 1196 } 1197 </pre></div> 1198 <div class="example"><pre> 1199 // C++03, C++11 1200 #include <valarray> 1201 1202 void test(void) { 1203 std::valarray<int> a(0, 1), b(0, 2); 1204 a *= b; // warn 1205 } 1206 </pre></div> 1207 <div class="example"><pre> 1208 // C++03, C++11 1209 #include <valarray> 1210 1211 void test(void) { 1212 std::valarray<int> a(0, 1), b(0, 2); 1213 a = a + b; // warn 1214 } 1215 </pre></div> 1216 <div class="example"><pre> 1217 // C++03, C++11 1218 #include <valarray> 1219 1220 void test(void) { 1221 std::valarray<int> a(0, 1), b(0, 2); 1222 std::valarray<bool> c(false, 1); 1223 c = a == b; // warn 1224 } 1225 </pre></div></div></td> 1226 <td class="aligned"></td></tr> 1227 1228 1229 <tr><td><div class="namedescr expandable"><span class="name"> 1230 undefbehavior.ValarrayZeroLength</span><span class="lang"> 1231 (C++)</span><div class="descr"> 1232 Undefined behavior: calling <code>sum()</code>/<code>min()</code>/<code> 1233 max()</code> methods of a zero length <code>valarray<code> the behavior is 1234 undefined. 1235 <p>Source: C++03 26.3.2.7p2, p3, p4; C++11 26.6.2.8p5, p6, 1236 p7.</p></div></div></td> 1237 <td><div class="exampleContainer expandable"> 1238 <div class="example"><pre> 1239 #include <valarray> 1240 1241 void test(void) { 1242 std::valarray<int> v(0, 0); 1243 v.sum(); // warn 1244 } 1245 </pre></div></div></td> 1246 <td class="aligned"></td></tr> 1247 1248 1249 <tr><td><div class="namedescr expandable"><span class="name"> 1250 undefbehavior.ValarrayBadIndirection</span><span class="lang"> 1251 (C++)</span><div class="descr"> 1252 Undefined behavior: element is specified more than once in an indirection. 1253 <p>Source: C++03 26.3.9.2p2, 26.3.9.3p2; C++11 26.6.9.2p2, 1254 26.6.9.3p2.</p></div></div></td> 1255 <td><div class="exampleContainer expandable"> 1256 <div class="example"><pre> 1257 #include <valarray> 1258 1259 void test() { 1260 // '1' is specified more then once 1261 size_t addr[] = {0, 1, 1}; 1262 std::valarray<size_t>indirect(addr, 3); 1263 std::valarray<int> a(0, 5), b(1, 3); 1264 a[indirect] = b; //warn 1265 } 1266 </pre></div> 1267 <div class="example"><pre> 1268 #include <valarray> 1269 1270 void test() { 1271 // '1' is specified more then once 1272 size_t addr[] = {0, 1, 1}; 1273 std::valarray<size_t>indirect(addr, 3); 1274 std::valarray<int> a(0, 5), b(1, 3); 1275 a[indirect] *= b; //warn 1276 } 1277 </pre></div></div></td> 1278 <td class="aligned"></td></tr> 1279 1280 1281 <tr><td><div class="namedescr expandable"><span class="name"> 1282 undefbehavior.IosBaseDestroyedBeforeInit</span><span class="lang"> 1283 (C++)</span><div class="descr"> 1284 Undefined behavior: <code>ios_base</code> object is destroyed before 1285 initialization have taken place. <code>basic_ios::init</code> should be call to 1286 initialize <code>ios_base</code> members. 1287 <p>Source: C++03 27.4.2.7p1, 27.4.4.1p2; C++11 27.5.3.7p1, 1288 27.5.5.2p2.</p></div></div></td> 1289 <td><div class="exampleContainer expandable"> 1290 <div class="example"><pre> 1291 #include <ios> 1292 1293 using namespace std; 1294 template <class T, class Traits = std::char_traits<T> > 1295 class my_stream1 : public std::basic_ios<T, Traits> { 1296 }; 1297 1298 template <class T, class Traits = std::char_traits<T> > 1299 class my_stream2 : public std::basic_ios<T, Traits> { 1300 class my_streambuf 1301 : public std::basic_streambuf<T, Traits> { 1302 }; 1303 public: 1304 my_stream2() { 1305 this->init(new my_streambuf); 1306 } 1307 }; 1308 1309 void test() { 1310 my_stream1<char> *p1 = new my_stream1<char>; 1311 my_stream2<char> *p2 = new my_stream2<char>; 1312 delete p1; // warn 1313 delete p2; // ok 1314 } 1315 </pre></div></div></td> 1316 <td class="aligned"></td></tr> 1317 1318 1319 <tr><td><div class="namedescr expandable"><span class="name"> 1320 undefbehavior.IosBaseUsedBeforeInit</span><span class="lang"> 1321 (C++11)</span><div class="descr"> 1322 Undefined behavior: <code>ios_base</code> object is used before initialization 1323 have taken place. <code>basic_ios::init</code> should be call to 1324 initialize <code>ios_base</code> members. 1325 <p>Source: C++11 27.5.3.7p1, 27.5.5.2p2.</p></div></div></td> 1326 <td><div class="exampleContainer expandable"> 1327 <div class="example"><pre> 1328 #include <ios> 1329 1330 using namespace std; 1331 template <class T, class Traits = std::char_traits<T> > 1332 class my_stream1 : public std::basic_ios<T, Traits> { 1333 }; 1334 1335 template <class T, class Traits = std::char_traits<T> > 1336 class my_stream2 : public std::basic_ios<T, Traits> { 1337 class my_streambuf 1338 : public std::basic_streambuf<T, Traits> { 1339 }; 1340 public: 1341 my_stream2() { 1342 this->init(new my_streambuf); 1343 } 1344 }; 1345 1346 void test() { 1347 my_stream1<char> *p1 = new my_stream1<char>; 1348 my_stream2<char> *p2 = new my_stream2<char>; 1349 p1->narrow('a', 'b'); // warn 1350 p2->narrow('a', 'b'); // ok 1351 } 1352 </pre></div></div></td> 1353 <td class="aligned"></td></tr> 1354 1355 1356 <tr><td><div class="namedescr expandable"><span class="name"> 1357 undefbehavior.MinusOnePosType</span><span class="lang"> 1358 (C++)</span><div class="descr"> 1359 Undefined behavior: passing -1 to any <code>streambuf</code>/<code> 1360 istream</code>/<code>ostream</code> member that accepts a value of 1361 type <code>traits::pos_type</code> result in undefined behavior. 1362 <p>Source: C++03 27.4.3.2p3; C++11 27.5.4.2p3.</p></div></div></td> 1363 <td><div class="exampleContainer expandable"> 1364 <div class="example"><pre> 1365 #include <fstream> 1366 1367 class my_streambuf : public std::streambuf { 1368 void f() { 1369 seekpos(-1); // warn 1370 } 1371 }; 1372 </pre></div> 1373 <div class="example"><pre> 1374 #include <fstream> 1375 1376 void test() { 1377 std::filebuf fb; 1378 std::istream in(&fb); 1379 std::filebuf::off_type pos(-1); 1380 in.seekg(pos); // warn 1381 } 1382 </pre></div></div></td> 1383 <td class="aligned"></td></tr> 1384 1385 </table> 1386 1387 <!-- ============================ different ================================ --> 1388 <h3>different</h3> 1389 <table class="checkers"> 1390 <col class="namedescr"><col class="example"><col class="progress"> 1391 <thead><tr><td>Name, Description</td><td>Example</td><td>Progress</td></tr> 1392 </thead> 1393 1394 <tr><td><div class="namedescr expandable"><span class="name"> 1395 different.SuccessiveAssign</span><span class="lang"> 1396 (C)</span><div class="descr"> 1397 Successive assign to a variable.</div></div></td> 1398 <td><div class="exampleContainer expandable"> 1399 <div class="example"><pre> 1400 int test() { 1401 int i; 1402 i=1; 1403 i=2; // warn 1404 return i; 1405 } 1406 </pre></div></div></td> 1407 <td class="aligned"></td></tr> 1408 1409 1410 <tr><td><div class="namedescr expandable"><span class="name"> 1411 different.NullDerefStmtOrder</span><span class="lang"> 1412 (C)</span><div class="descr"> 1413 Dereferencing of the null pointer might take place. Checking the pointer for 1414 null should be performed first. 1415 <br>Note: possibly an enhancement to <span class="name"> 1416 core.NullDereference</span>.</div></div></td> 1417 <td><div class="exampleContainer expandable"> 1418 <div class="example"><pre> 1419 struct S { 1420 int x; 1421 }; 1422 1423 struct S* f(); 1424 1425 void test() { 1426 struct S *p1 = f(); 1427 int x1 = p1->x; // warn 1428 if (p1) {}; 1429 1430 struct S *p2 = f(); 1431 int x2 = p2->x; // ok 1432 } 1433 </pre></div></div></td> 1434 <td class="aligned"></td></tr> 1435 1436 1437 <tr><td><div class="namedescr expandable"><span class="name"> 1438 different.NullDerefCondOrder</span><span class="lang"> 1439 (C)</span><div class="descr"> 1440 Dereferencing of the null pointer might take place. Checking the pointer for 1441 null should be performed first. 1442 <br>Note: possibly an enhancement to <span class="name"> 1443 core.NullDereference</span>.</div></div></td> 1444 <td><div class="exampleContainer expandable"> 1445 <div class="example"><pre> 1446 struct S {int i;}; 1447 1448 struct S* f(); 1449 1450 void test() { 1451 struct S *p = f(); 1452 if (p->i && p) {}; // warn 1453 } 1454 </pre></div></div></td> 1455 <td class="aligned"></td></tr> 1456 1457 1458 <tr><td><div class="namedescr expandable"><span class="name"> 1459 different.MultipleAccessors</span><span class="lang"> 1460 (C++)</span><div class="descr"> 1461 Identical accessor bodies. Possibly a misprint.</div></div></td> 1462 <td><div class="exampleContainer expandable"> 1463 <div class="example"><pre> 1464 class A { 1465 int i; 1466 int j; 1467 public: 1468 int getI() { return i; } 1469 int getJ() { return i; } // warn 1470 }; 1471 </pre></div> 1472 <div class="example"><pre> 1473 class A { 1474 int i; 1475 int j; 1476 public: 1477 void setI(int& ii) { i = ii; } 1478 void setJ(int& jj) { i = jj; } // warn 1479 }; 1480 </pre></div></div></td> 1481 <td class="aligned"></td></tr> 1482 1483 1484 <tr><td><div class="namedescr expandable"><span class="name"> 1485 different.AccessorsForPublic</span><span class="lang"> 1486 (C++)</span><div class="descr"> 1487 Accessors exist for a public class field. Should this field really be 1488 public?</div></div></td> 1489 <td><div class="exampleContainer expandable"> 1490 <div class="example"><pre> 1491 class A { 1492 public: 1493 int i; // warn 1494 int getI() { return i; } 1495 void setI(int& ii) { i = ii; } 1496 }; 1497 </pre></div></div></td> 1498 <td class="aligned"></td></tr> 1499 1500 1501 <tr><td><div class="namedescr expandable"><span class="name"> 1502 different.LibFuncResultUnised</span><span class="lang"> 1503 (C, C++)</span><div class="descr"> 1504 Calling a function ignoring its return value is of no use (create the list of 1505 known system/library/API functions falling into this category).</div></div></td> 1506 <td><div class="exampleContainer expandable"> 1507 <div class="example"><pre> 1508 #include <vector> 1509 1510 void test() { 1511 std::vector<int> v; 1512 v.empty(); // warn 1513 } 1514 </pre></div></div></td> 1515 <td class="aligned"></td></tr> 1516 1517 1518 <tr><td><div class="namedescr expandable"><span class="name"> 1519 different.WrongVarForStmt</span><span class="lang"> 1520 (C, C++)</span><div class="descr"> 1521 Wrong variable is possibly used in the loop/cond-expression of 1522 the <code>for</code> statement. Did you mean 1523 'proper_variable_name'?</div></div></td> 1524 <td><div class="exampleContainer expandable"> 1525 <div class="example"><pre> 1526 void test() { 1527 int i = 0; 1528 int j = 0; 1529 for (i = 0; i < 3; j += 1); // warn 1530 } 1531 </pre></div> 1532 <div class="example"><pre> 1533 void test() { 1534 int i = 0; 1535 int j = 0; 1536 for (int j = 0; i < 3; ++j); // warn 1537 } 1538 </pre></div></div></td> 1539 <td class="aligned"></td></tr> 1540 1541 1542 <tr><td><div class="namedescr expandable"><span class="name"> 1543 different.FloatingCompare</span><span class="lang"> 1544 (C)</span><div class="descr"> 1545 Comparing floating point numbers may be not precise.</div></div></td> 1546 <td><div class="exampleContainer expandable"> 1547 <div class="example"><pre> 1548 #include <math.h> 1549 1550 double test() { 1551 double b = sin(M_PI / 6.0); 1552 if (b == 0.5) // warn 1553 b = 0; 1554 return b; 1555 } 1556 </pre></div></div></td> 1557 <td class="aligned"></td></tr> 1558 1559 1560 <tr><td><div class="namedescr expandable"><span class="name"> 1561 different.BitwiseOpBoolArg</span><span class="lang"> 1562 (C, C++)</span><div class="descr"> 1563 Boolean value met at the left/right part of the bitwise <code>&</code> 1564 or <code>|</code> operator. 1565 Did you mean <code>&&</code> (<code>||</code>) ?</div></div></td> 1566 <td><div class="exampleContainer expandable"> 1567 <div class="example"><pre> 1568 int f(); 1569 1570 void test() { 1571 bool b = true; 1572 if (b & f()) {} // warn 1573 } 1574 </pre></div></div></td> 1575 <td class="aligned"></td></tr> 1576 1577 1578 <tr><td><div class="namedescr expandable"><span class="name"> 1579 different.LabelInsideSwitch</span><span class="lang"> 1580 (C)</span><div class="descr"> 1581 Possibly a misprint: label found inside a <code>switch()</code> 1582 statement.</div></div></td> 1583 <td><div class="exampleContainer expandable"> 1584 <div class="example"><pre> 1585 void test(int c) { 1586 switch(c){ 1587 case 1: 1588 c += 1; break; 1589 defalt: // warn (did you mean 'default'?) 1590 c -= 1; break; 1591 } 1592 } 1593 </pre></div></div></td> 1594 <td class="aligned"></td></tr> 1595 1596 1597 <tr><td><div class="namedescr expandable"><span class="name"> 1598 different.IdenticalCondIfIf</span><span class="lang"> 1599 (C)</span><div class="descr"> 1600 The conditions of two subsequent <code>if</code> statements are 1601 identical.</div></div></td> 1602 <td><div class="exampleContainer expandable"> 1603 <div class="example"><pre> 1604 int test(int c) { 1605 if (c > 5) 1606 c += 1; 1607 if (c > 5) // warn 1608 c -= 1; 1609 return c; 1610 } 1611 </pre></div></div></td> 1612 <td class="aligned"></td></tr> 1613 1614 1615 <tr><td><div class="namedescr expandable"><span class="name"> 1616 different.LogicalOpUselessArg</span><span class="lang"> 1617 (C)</span><div class="descr"> 1618 The second operand of a <code>&&</code> operator has no impact on 1619 expression result.</div></div></td> 1620 <td><div class="exampleContainer expandable"> 1621 <div class="example"><pre> 1622 void test(unsigned a) { 1623 if (a<7 && a<10) {}; // warn 1624 } 1625 </pre></div></div></td> 1626 <td class="aligned"></td></tr> 1627 1628 1629 <tr><td><div class="namedescr expandable"><span class="name"> 1630 different.SameResLogicalExpr</span><span class="lang"> 1631 (C)</span><div class="descr"> 1632 An expression is always evaluated to true/false.</div></div></td> 1633 <td><div class="exampleContainer expandable"> 1634 <div class="example"><pre> 1635 void test() { 1636 int i = 0; 1637 if (i != 0) {}; // warn 1638 } 1639 </pre></div> 1640 <div class="example"><pre> 1641 void test(int i) { 1642 if (i == 0 && i == 1) {}; // warn 1643 } 1644 </pre></div> 1645 <div class="example"><pre> 1646 void test(int i) { 1647 if (i < 0 || i >= 0) {}; // warn 1648 } 1649 </pre></div></div></td> 1650 <td class="aligned"></td></tr> 1651 1652 1653 <tr><td><div class="namedescr expandable"><span class="name"> 1654 different.OpPrecedenceAssignCmp</span><span class="lang"> 1655 (C, C++)</span><div class="descr"> 1656 Comparison operation has higher precedence then assignment. Boolean value is 1657 assigned to a variable of other type. Parenthesis may bee required around an 1658 assignment.</div></div></td> 1659 <td><div class="exampleContainer expandable"> 1660 <div class="example"><pre> 1661 int f(); 1662 1663 void test(int x, int y) { 1664 bool b; 1665 if((b = x != y)) {} // ok 1666 if((x = f() != y)) {} // warn 1667 } 1668 </pre></div></div></td> 1669 <td class="aligned"></td></tr> 1670 1671 1672 <tr><td><div class="namedescr expandable"><span class="name"> 1673 different.OpPrecedenceIifShift</span><span class="lang"> 1674 (C, C++)</span><div class="descr"> 1675 <code>?:</code> has lower precedence then <code><<</code>. 1676 <p>Source: Stephen C. Dewhurst "C++ Gotchas: Avoiding Common Problems in Coding 1677 and Design", advise 15.</p></div></div></td> 1678 <td><div class="exampleContainer expandable"> 1679 <div class="example"><pre> 1680 #include <iostream> 1681 1682 void test(int a) { 1683 std::cout << a ? "a" : "b"; // warn 1684 } 1685 </pre></div> 1686 <div class="example"><pre> 1687 void test(int a) { 1688 a << a > 7 ? 1 : 2; // warn 1689 } 1690 </pre></div></div></td> 1691 <td class="aligned"></td></tr> 1692 1693 1694 <tr><td><div class="namedescr expandable"><span class="name"> 1695 different.ObjectUnused</span><span class="lang"> 1696 (C++)</span><div class="descr"> 1697 The object was created but is not being used.</div></div></td> 1698 <td><div class="exampleContainer expandable"> 1699 <div class="example"><pre> 1700 struct S { 1701 int x, y; 1702 S(int xx, int yy) : x(xx), y(yy) {} 1703 S(int xx) { 1704 S(xx, 0); // warn 1705 } 1706 }; 1707 </pre></div> 1708 <div class="example"><pre> 1709 #include <exception> 1710 1711 void test() { 1712 std::exception(); 1713 // warn (did you mean 'throw std::exception()'?) 1714 } 1715 </pre></div></div></td> 1716 <td class="aligned"></td></tr> 1717 1718 1719 <tr><td><div class="namedescr expandable"><span class="name"> 1720 different.StaticArrayPtrCompare</span><span class="lang"> 1721 (C)</span><div class="descr"> 1722 Pointer to static array is being compared to NULL. May the subscripting is 1723 missing.</div></div></td> 1724 <td><div class="exampleContainer expandable"> 1725 <div class="example"><pre> 1726 void test() { 1727 int a[1][1]; 1728 if (a[0] == 0) {}; // warn 1729 } 1730 </pre></div></div></td> 1731 <td class="aligned"></td></tr> 1732 1733 1734 <tr><td><div class="namedescr expandable"><span class="name"> 1735 different.ConversionToBool</span><span class="lang"> 1736 (C, C++)</span><div class="descr"> 1737 Odd implicit conversion to boolean. 1738 <br>Note: possibly merge with <span class="name"> 1739 alpha.core.BoolAssignment</span>.</div></div></td> 1740 <td><div class="exampleContainer expandable"> 1741 <div class="example"><pre> 1742 bool test() { 1743 return 1.; // warn 1744 } 1745 </pre></div> 1746 <div class="example"><pre> 1747 bool test() { 1748 return ""; // warn 1749 } 1750 </pre></div></div></td> 1751 <td class="aligned"></td></tr> 1752 1753 1754 <tr><td><div class="namedescr expandable"><span class="name"> 1755 different.ArrayBound</span><span class="lang"> 1756 (C++)</span><div class="descr"> 1757 Out-of-bound dynamic array access. 1758 <br>Note: possibly an enhancement to <span class="name"> 1759 alpha.security.ArrayBoundV2</span>.</div></div></td> 1760 <td><div class="exampleContainer expandable"> 1761 <div class="example"><pre> 1762 void test() { 1763 int *p = new int[1]; 1764 int i = 1; 1765 if(p[i]) {}; // warn 1766 delete[] p; 1767 } 1768 </pre></div></div></td> 1769 <td class="aligned"></td></tr> 1770 1771 1772 <tr><td><div class="namedescr expandable"><span class="name"> 1773 different.StrcpyInputSize</span><span class="lang"> 1774 (C)</span><div class="descr"> 1775 Buffer copy without checking the size of input. 1776 <br>Note: possibly an enhancement to <span class="name"> 1777 alpha.unix.cstring.OutOfBounds</span>.</div></div></td> 1778 <td><div class="exampleContainer expandable"> 1779 <div class="example"><pre> 1780 void test(char* string) { 1781 char buf[24]; 1782 strcpy(buf, string); // warn 1783 } 1784 </pre></div></div></td> 1785 <td class="aligned"></td></tr> 1786 1787 1788 <tr><td><div class="namedescr expandable"><span class="name"> 1789 different.IntegerOverflow</span><span class="lang"> 1790 (C)</span><div class="descr"> 1791 Integer overflow. 1792 <br>Note: partially handled by Clang core 1793 (search for 'overflow in expression' warning in Clang tests). 1794 <p>Source: <a href="http://cwe.mitre.org/data/definitions/190.html"> 1795 CWE-190</a>.</p></div></div></td> 1796 <td><div class="exampleContainer expandable"> 1797 <div class="example"><pre> 1798 #include <limits.h> 1799 1800 int f(int x); 1801 1802 void test() { 1803 f(INT_MAX + 1); // warn 1804 } 1805 </pre></div> 1806 <div class="example"><pre> 1807 #include <limits.h> 1808 1809 int test() { 1810 int x = INT_MAX / 2 + 1; 1811 return x * 2; // warn 1812 } 1813 </pre></div></div></td> 1814 <td class="aligned"></td></tr> 1815 1816 1817 <tr><td><div class="namedescr expandable"><span class="name"> 1818 different.SignExtension</span><span class="lang"> 1819 (C)</span><div class="descr"> 1820 Unexpected sign extension might take place. 1821 <p>Source: <a href="http://cwe.mitre.org/data/definitions/194.html"> 1822 CWE-194</a>.</p></div></div></td> 1823 <td><div class="exampleContainer expandable"> 1824 <div class="example"><pre> 1825 unsigned long long test(long long sll) { 1826 unsigned long long ull = sll; // warn 1827 return ull; 1828 } 1829 </pre></div> 1830 <div class="example"><pre> 1831 void f(unsigned int i); 1832 1833 void test(int si) { 1834 f(si); // warn 1835 } 1836 </pre></div> 1837 <div class="example"><pre> 1838 unsigned int test(int i) { 1839 return i; 1840 } 1841 </pre></div></div></td> 1842 <td class="aligned"></td></tr> 1843 1844 1845 <tr><td><div class="namedescr expandable"><span class="name"> 1846 different.NumericTruncation</span><span class="lang"> 1847 (C)</span><div class="descr"> 1848 Numeric truncation might take place. 1849 <p>Source: <a href="http://cwe.mitre.org/data/definitions/197.html"> 1850 CWE-197</a>.</p></div></div></td> 1851 <td><div class="exampleContainer expandable"> 1852 <div class="example"><pre> 1853 unsigned long test(unsigned long long ull) { 1854 unsigned long ul = ull; // warn 1855 return ul; 1856 } 1857 </pre></div> 1858 <div class="example"><pre> 1859 void f(int i); 1860 1861 void test(long long sll) { 1862 f(sll); // warn 1863 } 1864 </pre></div> 1865 <div class="example"><pre> 1866 int f(); 1867 1868 short test(long long sll) { 1869 short ss = f(); 1870 return ss; 1871 } 1872 </pre></div></div></td> 1873 <td class="aligned"></td></tr> 1874 1875 1876 <tr><td><div class="namedescr expandable"><span class="name"> 1877 different.MissingCopyCtorAssignOp</span><span class="lang"> 1878 (C++)</span><div class="descr"> 1879 A class has dynamically allocated data members but do not define a copy 1880 constructor/assignment operator. 1881 <p>Source: Scott Meyers "Effective C++", item 11: Prevent exceptions from 1882 leaving destructors.</p></div></div></td> 1883 <td><div class="exampleContainer expandable"> 1884 <div class="example"><pre> 1885 class C { 1886 int *p; // warn 1887 public: 1888 C() { p = new int; } 1889 ~C() { delete p; } 1890 }; 1891 </pre></div></div></td> 1892 <td class="aligned"></td></tr> 1893 1894 </table> 1895 1896 <!-- ============================ WinAPI =================================== --> 1897 <h3>WinAPI</h3> 1898 <table class="checkers"> 1899 <col class="namedescr"><col class="example"><col class="progress"> 1900 <thead><tr><td>Name, Description</td><td>Example</td><td>Progress</td></tr></thead> 1901 1902 <tr><td><div class="namedescr expandable"><span class="name"> 1903 WinAPI.CreateProcess</span><span class="lang"> 1904 (C)</span><div class="descr"> 1905 <code>CreateProcess()</code>: if the first parameter <code><i> 1906 lpApplicationName</i></code> is NULL then the executable name must be in the 1907 white space-delimited string pointed to by <code><i>lpCommandLine</code></i>. 1908 If the executable or path name has a space in it, there is a risk that a 1909 different executable could be run because of the way the function parses 1910 spaces. 1911 <p>Source: <a href="http://msdn.microsoft.com/en-us/library/windows/desktop/ms682425%28v=vs.85%29.aspx"> 1912 MSDN: CreateProcess function, Security Remarks</a>.</p></div></div></td> 1913 <td><div class="exampleContainer expandable"> 1914 <div class="example"><pre> 1915 #include <windows.h> 1916 1917 void test() { 1918 STARTUPINFO si; 1919 PROCESS_INFORMATION pi; 1920 CreateProcess(NULL, TEXT("C:\\Program Files\\App -L -S"), 1921 NULL, NULL, TRUE, 0, NULL, NULL, &si, &pi); 1922 // warn 1923 } 1924 </pre></div></div></td> 1925 <td class="aligned"></td></tr> 1926 1927 1928 <tr><td><div class="namedescr expandable"><span class="name"> 1929 WinAPI.LoadLibrary</span><span class="lang"> 1930 (C)</span><div class="descr"> 1931 The <code>SearchPath()</code> function is used to retrieve a path to a DLL for 1932 a subsequent <code>LoadLibrary()</code> call. 1933 <p>Source: <a href="http://msdn.microsoft.com/en-us/library/windows/desktop/ms684175%28v=vs.85%29.aspx"> 1934 MSDN: LoadLibrary function, Security Remarks</a>.</p></div></div></td> 1935 <td><div class="exampleContainer expandable"> 1936 <div class="example"><pre> 1937 #include <windows.h> 1938 1939 HINSTANCE test() { 1940 char filePath[100]; 1941 SearchPath(NULL, "file.dll", NULL, 100, filePath, NULL); 1942 return LoadLibrary(filePath); // warn 1943 } 1944 </pre></div></div></td> 1945 <td class="aligned"></td></tr> 1946 1947 1948 <tr><td><div class="namedescr expandable"><span class="name"> 1949 WinAPI.WideCharToMultiByte</span><span class="lang"> 1950 (C)</span><div class="descr"> 1951 Buffer overrun while calling <code>WideCharToMultiByte()</code>. The size of 1952 the input buffer equals the number of characters in the Unicode string, while 1953 the size of the output buffer equals the number of bytes. 1954 <p>Source: <a href="http://msdn.microsoft.com/en-us/library/windows/desktop/dd374130%28v=vs.85%29.aspx"> 1955 MSDN: WideCharToMultiByte function</a>.</p></div></div></td> 1956 <td><div class="exampleContainer expandable"> 1957 <div class="example"><pre> 1958 #include <windows.h> 1959 1960 void test() { 1961 wchar_t ws[] = L"abc"; 1962 char s[3]; 1963 WideCharToMultiByte(CP_UTF8, 0, ws, -1, s, 1964 3, NULL, NULL); // warn 1965 } 1966 </pre></div></div></td> 1967 <td class="aligned"></td></tr> 1968 1969 1970 </table> 1971 1972 <!-- =========================== optimization ============================== --> 1973 <h3>optimization</h3> 1974 <table class="checkers"> 1975 <col class="namedescr"><col class="example"><col class="progress"> 1976 <thead><tr><td>Name, Description</td><td>Example</td><td>Progress</td></tr></thead> 1977 1978 <tr><td><div class="namedescr expandable"><span class="name"> 1979 optimization.PassConstObjByValue</span><span class="lang"> 1980 (C, C++)</span><div class="descr"> 1981 Optimization: It is more effective to pass constant parameter by reference to 1982 avoid unnecessary object copying.</div></div></td> 1983 <td><div class="exampleContainer expandable"> 1984 <div class="example"><pre> 1985 struct A {}; 1986 1987 void f(const struct A a); // warn 1988 </pre></div></div></td> 1989 <td class="aligned"></td></tr> 1990 1991 1992 <tr><td><div class="namedescr expandable"><span class="name"> 1993 optimization.PostfixIncIter</span><span class="lang"> 1994 (C++)</span><div class="descr"> 1995 Optimization: It is more effective to use prefix increment operator with 1996 iterator. 1997 <p>Source: Scott Meyers "More Effective C++", item 6: 1998 Distinguish between prefix and postfix forms of increment and decrement 1999 operators.</p></div></div></td> 2000 <td><div class="exampleContainer expandable"> 2001 <div class="example"><pre> 2002 #include <vector> 2003 2004 void test() { 2005 std::vector<int> v; 2006 std::vector<int>::const_iterator it; 2007 for(it = v.begin(); 2008 it != v.end(); it++) {}; // warn 2009 } 2010 </pre></div></div></td> 2011 <td class="aligned"></td></tr> 2012 2013 2014 <tr><td><div class="namedescr expandable"><span class="name"> 2015 optimization.MultipleCallsStrlen</span><span class="lang"> 2016 (C)</span><div class="descr"> 2017 Optimization: multiple calls to <code>strlen()</code> for a string in an 2018 expression. It is more effective to hold a value returned 2019 from <code>strlen()</code> in a temporary variable.</div></div></td> 2020 <td><div class="exampleContainer expandable"> 2021 <div class="example"><pre> 2022 #include <string.h> 2023 2024 void test(const char* s) { 2025 if (strlen(s) > 0 && 2026 strlen(s) < 7) {}; // warn 2027 } 2028 </pre></div></div></td> 2029 <td class="aligned"></td></tr> 2030 2031 2032 <tr><td><div class="namedescr expandable"><span class="name"> 2033 optimization.StrLengthCalculation</span><span class="lang"> 2034 (C++)</span><div class="descr"> 2035 Optimization: it is more efficient to use <code>string::length()</code> to 2036 calculate the length of an <code>std::string</code>.</div></div></td> 2037 <td><div class="exampleContainer expandable"> 2038 <div class="example"><pre> 2039 #include <string> 2040 #include <string.h> 2041 2042 void test() { 2043 std::string s; 2044 if (strlen(s.c_str()) != 0) {}; // warn 2045 } 2046 </pre></div></div></td> 2047 <td class="aligned"></td></tr> 2048 2049 2050 <tr><td><div class="namedescr expandable"><span class="name"> 2051 optimization.EmptyContainerDetect</span><span class="lang"> 2052 (C++)</span><div class="descr"> 2053 Optimization: It is more efficient to use containers <code>empty()</code> 2054 method to identify an empty container.</div></div></td> 2055 <td><div class="exampleContainer expandable"> 2056 <div class="example"><pre> 2057 #include <list> 2058 2059 void test() { 2060 std::list<int> l; 2061 if (l.size() != 0) {}; // warn 2062 } 2063 </pre></div></div></td> 2064 <td class="aligned"></td></tr> 2065 2066 2067 </table> 2068 2069 <br> 2070 </div> <!-- page --> 2071 </div> <!-- content --> 2072 </body> 2073 </html> 2074
