Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "CDT/Archive/designs/StaticAnalysis/CheckerIdeas"
< CDT | Archive | designs | StaticAnalysis
| Line 1: | Line 1: | ||
| − | This page is collection of ideas for checker that can be implemented for C/C++ Static Analysis in CDT (Codan). | + | This page is collection of ideas for checker that can be implemented for C/C++ Static Analysis in CDT (Codan). Feel free to add your own ideas or links. |
| − | Feel free to add your own ideas or links. | + | |
| + | == Checkers == | ||
| − | |||
;Unused #include | ;Unused #include | ||
| − | #include | + | |
| − | + | #include <stdio.h> | |
| + | int main() { return 1; } | ||
| + | |||
;Malloc called without sizeof consideration | ;Malloc called without sizeof consideration | ||
| + | |||
int * arr = (int *)malloc(20); // should be malloc(20*sizeof(int)) | int * arr = (int *)malloc(20); // should be malloc(20*sizeof(int)) | ||
| + | |||
;Assigned to itself | ;Assigned to itself | ||
| + | |||
x = x; | x = x; | ||
| − | ;Result of comparison is constant | + | |
| + | ;Result of comparison is constant | ||
| + | |||
(x==x) | (x==x) | ||
| − | + | (!x && x) | |
| + | |||
;Redundant comparison operations | ;Redundant comparison operations | ||
| + | |||
(!(!x)) | (!(!x)) | ||
| − | + | (x!=0 || 0!=x) | |
| + | |||
;Comparison is used on "boolean" values | ;Comparison is used on "boolean" values | ||
| − | 0 | + | |
| − | + | 0<x<3 | |
| + | !x>5 | ||
| + | |||
;Consequent re-assignment without usage (sub-case of Value is never used after assignment) | ;Consequent re-assignment without usage (sub-case of Value is never used after assignment) | ||
| + | |||
x=1; | x=1; | ||
| − | + | x=2; | |
| + | |||
;Value is never used after assignment | ;Value is never used after assignment | ||
| + | |||
int x; | int x; | ||
| − | + | x=23; | |
| − | + | return; | |
| − | ;Unused local variable | + | |
| − | :local variable is not used in function | + | ;Unused local variable |
| − | ;Undeclared variable | + | :local variable is not used in function |
| + | ;Undeclared variable | ||
:This is compiler error - catch early and have a quick fix so Ctrl-1 work like in java, I so like java quick fixes and code generation! | :This is compiler error - catch early and have a quick fix so Ctrl-1 work like in java, I so like java quick fixes and code generation! | ||
| + | |||
{ x = 5; } | { x = 5; } | ||
| + | |||
:Quick fix | :Quick fix | ||
| + | |||
{ int x = 5; } | { int x = 5; } | ||
| − | ;Buffer over flow | + | |
| − | : This code is unsafe | + | ;Buffer over flow |
| − | + | :This code is unsafe | |
| − | + | ||
| − | + | char x[10]; | |
| + | char y[15]; | ||
| + | memcpy(x,y,20); | ||
| + | |||
| + | :Also this code | ||
| + | |||
| + | char x[10]; | ||
| + | x[11] = 'a'; | ||
| + | b = x[11]; | ||
| + | |||
;Invalid value assignment to enum | ;Invalid value assignment to enum | ||
| + | |||
enum ee { a, b }; | enum ee { a, b }; | ||
ee dd; | ee dd; | ||
dd = 7; | dd = 7; | ||
| − | ;Reduce scope | + | |
| − | :When a variable or a function has a greater scope than where it is used, that scope may be reduced. | + | ;Reduce scope |
| − | :For example: a variable with file scope that is only used in one function, can be declared static with function scope. | + | :When a variable or a function has a greater scope than where it is used, that scope may be reduced. |
| + | :For example: a variable with file scope that is only used in one function, can be declared static with function scope. | ||
:Or, a function that is only used in one file, may be declared with the static keyword, and its declaration removed from header files included by other files. | :Or, a function that is only used in one file, may be declared with the static keyword, and its declaration removed from header files included by other files. | ||
| − | == Links == | + | ;Variable with same name in higher scope |
| − | * http://www.aristeia.com/ddjpaper1.html | + | |
| + | int a; | ||
| + | void foo( void ) | ||
| + | { | ||
| + | int a; | ||
| + | } | ||
| + | |||
| + | ;Missing "break" in "switch" | ||
| + | :finding missing "break" when one "case" ends and another starts, or the "switch" ends. Unless /* no break */ | ||
| + | |||
| + | switch { | ||
| + | case 1: | ||
| + | // <- here (before next "case") | ||
| + | case 2: | ||
| + | /* no break */ // <- This is OK | ||
| + | case 3: | ||
| + | // <- here (end of "switch") | ||
| + | } | ||
| + | |||
| + | ;Condition always TRUE / FALSE | ||
| + | |||
| + | if( 1 > 2 ) // Always FALSE | ||
| + | if( 1 < 2 ) // Always TRUE | ||
| + | |||
| + | == Links == | ||
| + | |||
| + | *http://www.aristeia.com/ddjpaper1.html | ||
Revision as of 08:02, 8 October 2010
This page is collection of ideas for checker that can be implemented for C/C++ Static Analysis in CDT (Codan). Feel free to add your own ideas or links.
Checkers
- Unused #include
#include <stdio.h>
int main() { return 1; }
- Malloc called without sizeof consideration
int * arr = (int *)malloc(20); // should be malloc(20*sizeof(int))
- Assigned to itself
x = x;
- Result of comparison is constant
(x==x) (!x && x)
- Redundant comparison operations
(!(!x)) (x!=0 || 0!=x)
- Comparison is used on "boolean" values
0<x<3 !x>5
- Consequent re-assignment without usage (sub-case of Value is never used after assignment)
x=1; x=2;
- Value is never used after assignment
int x; x=23; return;
- Unused local variable
- local variable is not used in function
- Undeclared variable
- This is compiler error - catch early and have a quick fix so Ctrl-1 work like in java, I so like java quick fixes and code generation!
{ x = 5; }
- Quick fix
{ int x = 5; }
- Buffer over flow
- This code is unsafe
char x[10]; char y[15]; memcpy(x,y,20);
- Also this code
char x[10]; x[11] = 'a'; b = x[11];
- Invalid value assignment to enum
enum ee { a, b };
ee dd;
dd = 7;
- Reduce scope
- When a variable or a function has a greater scope than where it is used, that scope may be reduced.
- For example: a variable with file scope that is only used in one function, can be declared static with function scope.
- Or, a function that is only used in one file, may be declared with the static keyword, and its declaration removed from header files included by other files.
- Variable with same name in higher scope
int a;
void foo( void )
{
int a;
}
- Missing "break" in "switch"
- finding missing "break" when one "case" ends and another starts, or the "switch" ends. Unless /* no break */
switch {
case 1:
// <- here (before next "case")
case 2:
/* no break */ // <- This is OK
case 3:
// <- here (end of "switch")
}
- Condition always TRUE / FALSE
if( 1 > 2 ) // Always FALSE if( 1 < 2 ) // Always TRUE