1*67e74705SXin Li<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" 2*67e74705SXin Li "http://www.w3.org/TR/html4/strict.dtd"> 3*67e74705SXin Li<html> 4*67e74705SXin Li<head> 5*67e74705SXin Li <title>List of potential checkers</title> 6*67e74705SXin Li <link type="text/css" rel="stylesheet" href="content.css"> 7*67e74705SXin Li <link type="text/css" rel="stylesheet" href="menu.css"> 8*67e74705SXin Li <script type="text/javascript" src="scripts/expandcollapse.js"></script> 9*67e74705SXin Li <script type="text/javascript" src="scripts/menu.js"></script> 10*67e74705SXin Li</head> 11*67e74705SXin Li<body onload="initExpandCollapse()"> 12*67e74705SXin Li 13*67e74705SXin Li<div id="page"> 14*67e74705SXin Li 15*67e74705SXin Li<!-- menu --> 16*67e74705SXin Li<!--#include virtual="menu.html.incl"--> 17*67e74705SXin Li<!-- page content --> 18*67e74705SXin Li<div id="content"> 19*67e74705SXin Li<h1>List of potential checkers</h1> 20*67e74705SXin Li 21*67e74705SXin Li<p>This page contains a list of potential checkers to implement in the static analyzer. If you are interested in contributing to the analyzer's development, this is a good resource to help you get started. The specific names of the checkers are subject to review, and are provided here as suggestions.</p> 22*67e74705SXin Li 23*67e74705SXin Li<!-- ========================= allocation/deallocation ======================= --> 24*67e74705SXin Li<h3>memory</h3> 25*67e74705SXin Li<table class="checkers"> 26*67e74705SXin Li<col class="namedescr"><col class="example"><col class="progress"> 27*67e74705SXin Li<thead><tr><td>Name, Description</td><td>Example</td><td>Progress</td></tr></thead> 28*67e74705SXin Li 29*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 30*67e74705SXin Limemory.LeakEvalOrder</span><span class="lang"> 31*67e74705SXin Li(C, C++)</span><div class="descr"> 32*67e74705SXin LiPotential memory leaks caused by an undefined argument evaluation order. 33*67e74705SXin Li<p>Source: <a href="http://www.boost.org/doc/libs/1_49_0/libs/smart_ptr/shared_ptr.htm#BestPractices"> 34*67e74705SXin Liboost docs: shared_ptr</a>.</p></div></div></td> 35*67e74705SXin Li<td><div class="exampleContainer expandable"> 36*67e74705SXin Li<div class="example"><pre> 37*67e74705SXin Livoid f(int, int); 38*67e74705SXin Liint g(void *); 39*67e74705SXin Liint h() __attribute__((noreturn)); 40*67e74705SXin Li 41*67e74705SXin Livoid test() { 42*67e74705SXin Li // It is possible that 'malloc(1)' is called first, 43*67e74705SXin Li // then 'h()', that is (or calls) noreturn and eventually 44*67e74705SXin Li // 'g()' is never called. 45*67e74705SXin Li f(g(malloc(1)), h()); // warn: 'g()' may never be called. 46*67e74705SXin Li} 47*67e74705SXin Li</pre></div> 48*67e74705SXin Li<div class="example"><pre> 49*67e74705SXin Livoid f(int, int); 50*67e74705SXin Liint g(int *); 51*67e74705SXin Liint h() { throw 1; }; 52*67e74705SXin Li 53*67e74705SXin Livoid test() { 54*67e74705SXin Li // It is possible that 'new int' is called first, 55*67e74705SXin Li // then 'h()', that throws an exception and eventually 56*67e74705SXin Li // 'g()' is never called. 57*67e74705SXin Li f(g(new int), h()); // warn: 'g()' may never be called. 58*67e74705SXin Li} 59*67e74705SXin Li</pre></div></div></td> 60*67e74705SXin Li<td class="aligned"></td></tr> 61*67e74705SXin Li 62*67e74705SXin Li 63*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 64*67e74705SXin Limemory.DstBufferTooSmall</span><span class="lang"> 65*67e74705SXin Li(C, C++)</span><div class="descr"> 66*67e74705SXin LiDestination buffer passed to memory function is too small. 67*67e74705SXin Li<br>Note: <span class="name">security.insecureAPI.strcpy</span> currently warns 68*67e74705SXin Lion usage of <code>strcpy</code> and suggests to replace it. 69*67e74705SXin Li<br>Note: <span class="name">alpha.unix.CStringChecker</span> contains some similar checks. 70*67e74705SXin Li<p>Source: <a href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>.</p></div></div></td> 71*67e74705SXin Li<td><div class="exampleContainer expandable"> 72*67e74705SXin Li<div class="example"><pre> 73*67e74705SXin Livoid test() { 74*67e74705SXin Li const char* s1 = "abc"; 75*67e74705SXin Li char *s2 = new char; 76*67e74705SXin Li strcpy(s2, s1); // warn 77*67e74705SXin Li} 78*67e74705SXin Li</pre></div> 79*67e74705SXin Li<div class="example"><pre> 80*67e74705SXin Livoid test() { 81*67e74705SXin Li int* p1 = new int[3]; 82*67e74705SXin Li int* p2 = new int; 83*67e74705SXin Li memcpy(p2, p1, 3); // warn 84*67e74705SXin Li} 85*67e74705SXin Li</pre></div></div></td> 86*67e74705SXin Li<td class="aligned"></td></tr> 87*67e74705SXin Li 88*67e74705SXin Li 89*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 90*67e74705SXin Limemory.NegativeArraySize</span><span class="lang"> 91*67e74705SXin Li(C, C++)</span><div class="descr"> 92*67e74705SXin Li'n' is used to specify the buffer size may be negative. 93*67e74705SXin Li<br>Note: possibly an enhancement to <span class="name"> 94*67e74705SXin Lialpha.security.MallocOverflow</span>. 95*67e74705SXin Li<p>Source: <a href="http://cwe.mitre.org/data/definitions/20.html">CWE-20, 96*67e74705SXin LiExample 2</a>.</p></div></div></td> 97*67e74705SXin Li<td><div class="exampleContainer expandable"> 98*67e74705SXin Li<div class="example"><pre> 99*67e74705SXin Livoid test() { 100*67e74705SXin Li int *p; 101*67e74705SXin Li int n1 = -1; 102*67e74705SXin Li p = new int[n1]; // warn 103*67e74705SXin Li} 104*67e74705SXin Li</pre></div></div></td> 105*67e74705SXin Li<td class="aligned"></td></tr> 106*67e74705SXin Li 107*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 108*67e74705SXin Limemory.ZeroAlloc</span><span class="lang"> 109*67e74705SXin Li(C, C++)</span><div class="descr"> 110*67e74705SXin LiAllocation of zero bytes. 111*67e74705SXin Li<br>Note: an enhancement to <span class="name">unix.Malloc</span>. 112*67e74705SXin Li<br>Note: <span class="name">unix.API</span> perform C-checks for zero 113*67e74705SXin Liallocation. This should be moved to <span class="name">unix.Malloc</span>. 114*67e74705SXin Li<p>Source: C++03 3.7.3.1p2; C++11 3.7.4.1p2.</p></div></div></td> 115*67e74705SXin Li<td><div class="exampleContainer expandable"> 116*67e74705SXin Li<div class="example"><pre> 117*67e74705SXin Li#include <stdlib.h> 118*67e74705SXin Li 119*67e74705SXin Livoid test() { 120*67e74705SXin Li int *p = malloc(0); // warn 121*67e74705SXin Li free(p); 122*67e74705SXin Li} 123*67e74705SXin Li</pre></div> 124*67e74705SXin Li<div class="example"><pre> 125*67e74705SXin Livoid test() { 126*67e74705SXin Li int *p = new int[0]; // warn 127*67e74705SXin Li delete[] p; 128*67e74705SXin Li} 129*67e74705SXin Li</pre></div></div></td> 130*67e74705SXin Li<td class="aligned"><a href="http://reviews.llvm.org/D6178"> 131*67e74705SXin LiD6178</a></td></tr> 132*67e74705SXin Li 133*67e74705SXin Li</table> 134*67e74705SXin Li 135*67e74705SXin Li<!-- ======================= constructors/destructors ====================== --> 136*67e74705SXin Li<h3>constructors/destructors</h3> 137*67e74705SXin Li<table class="checkers"> 138*67e74705SXin Li<col class="namedescr"><col class="example"><col class="progress"> 139*67e74705SXin Li<thead><tr><td>Name, Description</td><td>Example</td><td>Progress</td></tr></thead> 140*67e74705SXin Li 141*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 142*67e74705SXin Lictordtor.ExptInsideDtor</span><span class="lang"> 143*67e74705SXin Li(C++)</span><div class="descr"> 144*67e74705SXin LiIt is dangerous to let an exception leave a destructor. 145*67e74705SXin LiUsing <code>try..catch</code> solves the problem. 146*67e74705SXin Li<p>Source: Scott Meyers "More Effective C++", item 11: Prevent exceptions from 147*67e74705SXin Lileaving destructors.</p></div></div></td> 148*67e74705SXin Li<td><div class="exampleContainer expandable"> 149*67e74705SXin Li<div class="example"><pre> 150*67e74705SXin Liclass A { 151*67e74705SXin Li A() {} 152*67e74705SXin Li ~A() { throw 1; } // warn 153*67e74705SXin Li}; 154*67e74705SXin Li</pre></div> 155*67e74705SXin Li<div class="example"><pre> 156*67e74705SXin Livoid f() throw(int); 157*67e74705SXin Li 158*67e74705SXin Liclass A { 159*67e74705SXin Li A() {} 160*67e74705SXin Li ~A() { f(); } // warn 161*67e74705SXin Li}; 162*67e74705SXin Li</pre></div></div></td> 163*67e74705SXin Li<td class="aligned"></td></tr> 164*67e74705SXin Li 165*67e74705SXin Li 166*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 167*67e74705SXin Lictordtor.PlacementSelfCopy</span><span class="lang"> 168*67e74705SXin Li(C++11)</span><div class="descr"> 169*67e74705SXin LiFor a placement copy or move, it is almost certainly an error if the 170*67e74705SXin Liconstructed object is also the object being copied from.</div></div></td> 171*67e74705SXin Li<td><div class="exampleContainer expandable"> 172*67e74705SXin Li<div class="example"><pre> 173*67e74705SXin Liclass A {}; 174*67e74705SXin Li 175*67e74705SXin Livoid test(A *dst, A *src) { 176*67e74705SXin Li ::new (dst) A(*dst); // warn (should be 'src') 177*67e74705SXin Li} 178*67e74705SXin Li</pre></div></div></td> 179*67e74705SXin Li<td class="aligned"><!--rdar://problem/13688366--></td></tr> 180*67e74705SXin Li 181*67e74705SXin Li</table> 182*67e74705SXin Li 183*67e74705SXin Li<!-- =============================== va_list =============================== --> 184*67e74705SXin Li<h3>va_list</h3> 185*67e74705SXin Li<table class="checkers"> 186*67e74705SXin Li<col class="namedescr"><col class="example"><col class="progress"> 187*67e74705SXin Li<thead><tr><td>Name, Description</td><td>Example</td><td>Progress</td></tr></thead> 188*67e74705SXin Li 189*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 190*67e74705SXin Livalist.Uninitialized</span><span class="lang"> 191*67e74705SXin Li(C)</span><div class="descr"> 192*67e74705SXin LiCalls to the <code>va_arg</code>, <code>va_copy</code>, or 193*67e74705SXin Li<code>va_end</code> macro must happen after calling <code>va_start</code> and 194*67e74705SXin Libefore calling <code>va_end</code>.</div></div></td> 195*67e74705SXin Li<td><div class="exampleContainer expandable"> 196*67e74705SXin Li<div class="example"><pre> 197*67e74705SXin Li#include <stdarg.h> 198*67e74705SXin Li 199*67e74705SXin Livoid test(int x, ...) { 200*67e74705SXin Li va_list args; 201*67e74705SXin Li int y = va_arg(args, int); // warn 202*67e74705SXin Li} 203*67e74705SXin Li</pre></div> 204*67e74705SXin Li<div class="example"><pre> 205*67e74705SXin Li#include <stdarg.h> 206*67e74705SXin Li 207*67e74705SXin Livoid test(int x, ...) { 208*67e74705SXin Li va_list args; 209*67e74705SXin Li va_start(args, x); 210*67e74705SXin Li va_end(args); 211*67e74705SXin Li int z = va_arg(args, int); // warn 212*67e74705SXin Li} 213*67e74705SXin Li</pre></div></div></td> 214*67e74705SXin Li<td class="aligned"><a href="http://llvm.org/bugs/show_bug.cgi?id=16812"> 215*67e74705SXin LiPR16811</a></td></tr> 216*67e74705SXin Li 217*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 218*67e74705SXin Livalist.Unterminated</span><span class="lang"> 219*67e74705SXin Li(C)</span><div class="descr"> 220*67e74705SXin LiEvery <code>va_start</code> must be matched by a <code>va_end</code>. A va_list 221*67e74705SXin Lican only be ended once. 222*67e74705SXin Li 223*67e74705SXin Li<i>This should be folded into the generalized "ownership checker" 224*67e74705SXin Lidescribed on the <a href="open_projects.html"> 225*67e74705SXin LiOpen Projects</a> page.</i></div></div></td> 226*67e74705SXin Li<td><div class="exampleContainer expandable"> 227*67e74705SXin Li<div class="example"><pre> 228*67e74705SXin Li#include <stdarg.h> 229*67e74705SXin Li 230*67e74705SXin Livoid test(int x, ...) { 231*67e74705SXin Li va_list args; 232*67e74705SXin Li va_start(args, x); 233*67e74705SXin Li int y = x + va_arg(args, int); 234*67e74705SXin Li} // warn: missing va_end 235*67e74705SXin Li</pre></div></div></td> 236*67e74705SXin Li<td class="aligned"><a href="http://llvm.org/bugs/show_bug.cgi?id=16812"> 237*67e74705SXin LiPR16812</a></td></tr> 238*67e74705SXin Li 239*67e74705SXin Li</table> 240*67e74705SXin Li 241*67e74705SXin Li<!-- ============================== exceptions ============================= --> 242*67e74705SXin Li<h3>exceptions</h3> 243*67e74705SXin Li<table class="checkers"> 244*67e74705SXin Li<col class="namedescr"><col class="example"><col class="progress"> 245*67e74705SXin Li<thead><tr><td>Name, Description</td><td>Example</td><td>Progress</td></tr></thead> 246*67e74705SXin Li 247*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 248*67e74705SXin Liexceptions.ThrowSpecButNotThrow</span><span class="lang"> 249*67e74705SXin Li(C++)</span><div class="descr"> 250*67e74705SXin LiFunction declaration has a <code>throw(<i>type</i>)</code> specifier but the 251*67e74705SXin Lifunction do not throw exceptions.</div></div></td> 252*67e74705SXin Li<td><div class="exampleContainer expandable"> 253*67e74705SXin Li<div class="example"><pre> 254*67e74705SXin Livoid test() throw(int) { 255*67e74705SXin Li} // warn 256*67e74705SXin Li</pre></div></div></td> 257*67e74705SXin Li<td class="aligned"></td></tr> 258*67e74705SXin Li 259*67e74705SXin Li 260*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 261*67e74705SXin Liexceptions.NoThrowSpecButThrows</span><span class="lang"> 262*67e74705SXin Li(C++)</span><div class="descr"> 263*67e74705SXin LiAn exception is throw from a function having a <code>throw()</code> 264*67e74705SXin Lispecifier.</div></div></td> 265*67e74705SXin Li<td><div class="exampleContainer expandable"> 266*67e74705SXin Li<div class="example"><pre> 267*67e74705SXin Livoid test() throw() { 268*67e74705SXin Li throw(1); // warn 269*67e74705SXin Li} 270*67e74705SXin Li</pre></div></div></td> 271*67e74705SXin Li<td class="aligned"></td></tr> 272*67e74705SXin Li 273*67e74705SXin Li 274*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 275*67e74705SXin Liexceptions.ThrownTypeDiffersSpec</span><span class="lang"> 276*67e74705SXin Li(C++)</span><div class="descr"> 277*67e74705SXin LiThe type of a thrown exception differs from those specified in 278*67e74705SXin Lia <code>throw(<i>type</i>)</code> specifier.</div></div></td> 279*67e74705SXin Li<td><div class="exampleContainer expandable"> 280*67e74705SXin Li<div class="example"><pre> 281*67e74705SXin Listruct S{}; 282*67e74705SXin Li 283*67e74705SXin Livoid test() throw(int) { 284*67e74705SXin Li S s; 285*67e74705SXin Li throw (s); // warn 286*67e74705SXin Li} 287*67e74705SXin Li</pre></div></div></td> 288*67e74705SXin Li<td class="aligned"></td></tr> 289*67e74705SXin Li 290*67e74705SXin Li</table> 291*67e74705SXin Li 292*67e74705SXin Li<!-- ========================= smart pointers ============================== --> 293*67e74705SXin Li<h3>smart pointers</h3> 294*67e74705SXin Li<table class="checkers"> 295*67e74705SXin Li<col class="namedescr"><col class="example"><col class="progress"> 296*67e74705SXin Li<thead><tr><td>Name, Description</td><td>Example</td><td>Progress</td></tr></thead> 297*67e74705SXin Li 298*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 299*67e74705SXin Lismartptr.SmartPtrInit</span><span class="lang"> 300*67e74705SXin Li(C++)</span><div class="descr"> 301*67e74705SXin LiC++03: <code>auto_ptr</code> should store a pointer to an object obtained via 302*67e74705SXin Linew as allocated memory will be cleaned using <code>delete</code>.<br> 303*67e74705SXin LiC++11: one should use <code>unique_ptr<<i>type</i>[]></code> to keep a 304*67e74705SXin Lipointer to memory allocated by <code>new[]</code>.<br> 305*67e74705SXin LiC++11: to keep a pointer to memory allocated by <code>new[]</code> in 306*67e74705SXin Lia <code>shared_ptr</code> one should use a custom deleter that calls <code> 307*67e74705SXin Lidelete[].</code>. 308*67e74705SXin Li<p>Source: C++03 20.4.5p1; C++11 <code>auto_ptr</code> is deprecated (D.10).</p></div></div></td> 309*67e74705SXin Li<td><div class="exampleContainer expandable"> 310*67e74705SXin Li<div class="example"><pre> 311*67e74705SXin Li#include <stdlib.h> 312*67e74705SXin Li#include <memory> 313*67e74705SXin Li 314*67e74705SXin Livoid test() { 315*67e74705SXin Li std::auto_ptr<int> p1(new int); // Ok 316*67e74705SXin Li std::auto_ptr<int> p2(new int[3]); // warn 317*67e74705SXin Li} 318*67e74705SXin Li</pre></div> 319*67e74705SXin Li<div class="example"><pre> 320*67e74705SXin Li#include <stdlib.h> 321*67e74705SXin Li#include <memory> 322*67e74705SXin Li 323*67e74705SXin Livoid test() { 324*67e74705SXin Li std::auto_ptr<int> p((int *)malloc(sizeof(int))); // warn 325*67e74705SXin Li} 326*67e74705SXin Li</pre></div></div></td> 327*67e74705SXin Li<td class="aligned"></td></tr> 328*67e74705SXin Li 329*67e74705SXin Li</table> 330*67e74705SXin Li 331*67e74705SXin Li<!-- ============================== dead code ============================== --> 332*67e74705SXin Li<h3>dead code</h3> 333*67e74705SXin Li<table class="checkers"> 334*67e74705SXin Li<col class="namedescr"><col class="example"><col class="progress"> 335*67e74705SXin Li<thead><tr><td>Name, Description</td><td>Example</td><td>Progress</td></tr></thead> 336*67e74705SXin Li 337*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 338*67e74705SXin Lideadcode.UnmodifiedVariable</span><span class="lang"> 339*67e74705SXin Li(C, C++)</span><div class="descr"> 340*67e74705SXin LiA variable is never modified but was not declared const and is not a 341*67e74705SXin Lireference.<br><br><i>(opt-in checker)</i></div></div></td> 342*67e74705SXin Li<td><div class="exampleContainer expandable"> 343*67e74705SXin Li<div class="example"><pre> 344*67e74705SXin Liextern int computeDelta(); 345*67e74705SXin Li 346*67e74705SXin Liint test(bool cond) { 347*67e74705SXin Li int i = 0; 348*67e74705SXin Li if (cond) { 349*67e74705SXin Li const int delta = computeDelta(); 350*67e74705SXin Li // warn: forgot to modify 'i' 351*67e74705SXin Li } 352*67e74705SXin Li return i; 353*67e74705SXin Li} 354*67e74705SXin Li</pre></div></div></td> 355*67e74705SXin Li<td class="aligned"><a href="http://llvm.org/bugs/show_bug.cgi?id=16890">PR16890</a></td></tr> 356*67e74705SXin Li 357*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 358*67e74705SXin Lideadcode.IdempotentOperations</span><span class="lang"> 359*67e74705SXin Li(C)</span><div class="descr"> 360*67e74705SXin LiWarn about idempotent operations.</div></div></td> 361*67e74705SXin Li<td><div class="exampleContainer expandable"> 362*67e74705SXin Li<div class="example"><pre> 363*67e74705SXin Livoid test() { 364*67e74705SXin Li int x = 7; 365*67e74705SXin Li x = x; // warn: value is always the same 366*67e74705SXin Li} 367*67e74705SXin Li</pre></div> 368*67e74705SXin Li<div class="example"><pre> 369*67e74705SXin Livoid test() { 370*67e74705SXin Li int x = 7; 371*67e74705SXin Li x /= x; // warn: value is always 1 372*67e74705SXin Li} 373*67e74705SXin Li</pre></div> 374*67e74705SXin Li<div class="example"><pre> 375*67e74705SXin Livoid test() { 376*67e74705SXin Li int x = 7, one = 1; 377*67e74705SXin Li x *= one; // warn: right op is always 1 378*67e74705SXin Li} 379*67e74705SXin Li</pre></div> 380*67e74705SXin Li<div class="example"><pre> 381*67e74705SXin Livoid test() { 382*67e74705SXin Li int x = 7, zero = 0; 383*67e74705SXin Li x = x - zero; 384*67e74705SXin Li // warn: the right operand to '-' is always 0 385*67e74705SXin Li} 386*67e74705SXin Li</pre></div></div></td> 387*67e74705SXin Li<td class="aligned">removed from alpha.deadcode.* at r198476</td></tr> 388*67e74705SXin Li 389*67e74705SXin Li</table> 390*67e74705SXin Li 391*67e74705SXin Li<!-- ================================ POSIX ================================ --> 392*67e74705SXin Li<h3>POSIX</h3> 393*67e74705SXin Li<table class="checkers"> 394*67e74705SXin Li<col class="namedescr"><col class="example"><col class="progress"> 395*67e74705SXin Li<thead><tr><td>Name, Description</td><td>Example</td><td>Progress</td></tr></thead> 396*67e74705SXin Li 397*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 398*67e74705SXin Liposix.Errno</span><span class="lang"> 399*67e74705SXin Li(C)</span><div class="descr"> 400*67e74705SXin LiRecord that <code>errno</code> is non-zero when certain functions 401*67e74705SXin Lifail.</div></div></td> 402*67e74705SXin Li<td><div class="exampleContainer expandable"> 403*67e74705SXin Li<div class="example"><pre> 404*67e74705SXin Li#include <stdlib.h> 405*67e74705SXin Li 406*67e74705SXin Liint readWrapper(int fd, int *count) { 407*67e74705SXin Li int lcount = read(fd, globalBuf, sizeof(globalBuf)); 408*67e74705SXin Li if (lcount < 0) 409*67e74705SXin Li return errno; 410*67e74705SXin Li *count = lcount; 411*67e74705SXin Li return 0; 412*67e74705SXin Li} 413*67e74705SXin Li 414*67e74705SXin Livoid use(int fd) { 415*67e74705SXin Li int count; 416*67e74705SXin Li if (!readWrapper(fd, &count)) 417*67e74705SXin Li print("%d", count); // should not warn 418*67e74705SXin Li} 419*67e74705SXin Li</pre></div></div></td> 420*67e74705SXin Li<td class="aligned"><a href="http://llvm.org/bugs/show_bug.cgi?id=18701">PR18701</a></td></tr> 421*67e74705SXin Li 422*67e74705SXin Li</table> 423*67e74705SXin Li 424*67e74705SXin Li<!-- ========================= undefined behavior ========================== --> 425*67e74705SXin Li<h3>undefined behavior</h3> 426*67e74705SXin Li<table class="checkers"> 427*67e74705SXin Li<col class="namedescr"><col class="example"><col class="progress"> 428*67e74705SXin Li<thead><tr><td>Name, Description</td><td>Example</td><td>Progress</td></tr></thead> 429*67e74705SXin Li 430*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 431*67e74705SXin Liundefbehavior.ExitInDtor</span><span class="lang"> 432*67e74705SXin Li(C++)</span><div class="descr"> 433*67e74705SXin LiUndefined behavior: <code>std::exit()</code> is called to end the program during 434*67e74705SXin Lithe destruction of an object with static storage duration. 435*67e74705SXin Li<p>Source: C++11 3.6.1p4.</p></div></div></td> 436*67e74705SXin Li<td><div class="exampleContainer expandable"> 437*67e74705SXin Li<div class="example"><pre> 438*67e74705SXin Li#include <cstdlib> 439*67e74705SXin Li 440*67e74705SXin Liclass A { 441*67e74705SXin Lipublic: 442*67e74705SXin Li ~A() { 443*67e74705SXin Li std::exit(1); // warn 444*67e74705SXin Li } 445*67e74705SXin Li}; 446*67e74705SXin Li</pre></div></div></td> 447*67e74705SXin Li<td class="aligned"></td></tr> 448*67e74705SXin Li 449*67e74705SXin Li 450*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 451*67e74705SXin Liundefbehavior.LocalStaticDestroyed</span><span class="lang"> 452*67e74705SXin Li(C++)</span><div class="descr"> 453*67e74705SXin LiUndefined behavior: function containing a definition of static local object is 454*67e74705SXin Licalled during the destruction of an object with static storage duration so that 455*67e74705SXin Liflow of control passes through the definition of the previously destroyed 456*67e74705SXin Listatic local object. 457*67e74705SXin Li<p>Source: C++11 3.6.3p2.</p></div></div></td> 458*67e74705SXin Li<td><div class="exampleContainer expandable"> 459*67e74705SXin Li<div class="example"><pre> 460*67e74705SXin Livoid f(); 461*67e74705SXin Li 462*67e74705SXin Liclass A { 463*67e74705SXin Lipublic: 464*67e74705SXin Li ~A() { 465*67e74705SXin Li f(); // warn 466*67e74705SXin Li } 467*67e74705SXin Li}; 468*67e74705SXin Li 469*67e74705SXin Liclass B {}; 470*67e74705SXin Li 471*67e74705SXin LiA a; 472*67e74705SXin Li 473*67e74705SXin Livoid f() { 474*67e74705SXin Li static B b; 475*67e74705SXin Li} 476*67e74705SXin Li</pre></div></div></td> 477*67e74705SXin Li<td class="aligned"></td></tr> 478*67e74705SXin Li 479*67e74705SXin Li 480*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 481*67e74705SXin Liundefbehavior.ZeroAllocDereference</span><span class="lang"> 482*67e74705SXin Li(C, C++)</span><div class="descr"> 483*67e74705SXin LiThe effect of dereferencing a pointer returned as a request for zero size is 484*67e74705SXin Liundefined.<br> 485*67e74705SXin LiNote: possibly an enhancement to <span class="name"> 486*67e74705SXin Liunix.Malloc</span>. 487*67e74705SXin Li<p>Source: C++03 3.7.3.1p2; C++11 3.7.4.1p2.</p></div></div></td> 488*67e74705SXin Li<td><div class="exampleContainer expandable"> 489*67e74705SXin Li<div class="example"><pre> 490*67e74705SXin Li#include <stdlib.h> 491*67e74705SXin Li 492*67e74705SXin Livoid test() { 493*67e74705SXin Li int *p = (int *)malloc(0); 494*67e74705SXin Li *p = 1; // warn 495*67e74705SXin Li free(p); 496*67e74705SXin Li} 497*67e74705SXin Li</pre></div> 498*67e74705SXin Li<div class="example"><pre> 499*67e74705SXin Livoid f(int); 500*67e74705SXin Li 501*67e74705SXin Livoid test() { 502*67e74705SXin Li int *p = new int[0]; 503*67e74705SXin Li f(*p); // warn 504*67e74705SXin Li delete[] p; 505*67e74705SXin Li} 506*67e74705SXin Li</pre></div></div></td> 507*67e74705SXin Li<td class="aligned"><a href="http://reviews.llvm.org/D8273">D8273</a></td></tr> 508*67e74705SXin Li 509*67e74705SXin Li 510*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 511*67e74705SXin Liundefbehavior.DeadReferenced</span><span class="lang"> 512*67e74705SXin Li(C++)</span><div class="descr"> 513*67e74705SXin LiUndefined behavior: the following usage of the pointer to the object whose 514*67e74705SXin Lilifetime has ended can result in undefined behavior:<br> 515*67e74705SXin LiThe object will be or was of a class type with a non-trivial destructor and 516*67e74705SXin Li<ul><li>the pointer is used as the operand of a delete-expression</li></ul> 517*67e74705SXin LiThe object will be or was of a non-POD class type (C++11: any class type) and 518*67e74705SXin Li<ul><li>the pointer is used to access a non-static data member or call a 519*67e74705SXin Linon-static member function of the object</li> 520*67e74705SXin Li<li>the pointer is implicitly converted to a pointer to a base class 521*67e74705SXin Litype</li> 522*67e74705SXin Li<li>the pointer is used as the operand of a <code>static_cast</code> (except 523*67e74705SXin Liwhen the conversion is to <code>void*</code>, or to <code>void*</code> and 524*67e74705SXin Lisubsequently to <code>char*</code>, or <code>unsigned char*</code>)</li> 525*67e74705SXin Li<li>the pointer is used as the operand of a <code>dynamic_cast</code></li></ul> 526*67e74705SXin Li<p>Source: C++03 3.8p5, p7; C++11 3.8p5, p7.</p></div></div></td> 527*67e74705SXin Li<td><div class="exampleContainer expandable"> 528*67e74705SXin Li<div class="example"><pre> 529*67e74705SXin Li#include <new> 530*67e74705SXin Li 531*67e74705SXin Liclass A { 532*67e74705SXin Lipublic: 533*67e74705SXin Li ~A(); 534*67e74705SXin Li}; 535*67e74705SXin Li 536*67e74705SXin Liclass B : public A {}; 537*67e74705SXin Li 538*67e74705SXin Livoid test() { 539*67e74705SXin Li A *a = new A; 540*67e74705SXin Li new(a) B; 541*67e74705SXin Li delete a; // warn 542*67e74705SXin Li} 543*67e74705SXin Li</pre></div> 544*67e74705SXin Li<div class="example"><pre> 545*67e74705SXin Li#include <new> 546*67e74705SXin Li 547*67e74705SXin Liclass A { 548*67e74705SXin Lipublic: 549*67e74705SXin Li ~A(); 550*67e74705SXin Li}; 551*67e74705SXin Li 552*67e74705SXin Liclass B {}; 553*67e74705SXin Li 554*67e74705SXin Livoid test() { 555*67e74705SXin Li A *a = new A; 556*67e74705SXin Li new(a) B; 557*67e74705SXin Li a->~A(); 558*67e74705SXin Li} 559*67e74705SXin Li</pre></div> 560*67e74705SXin Li<div class="example"><pre> 561*67e74705SXin Li#include <new> 562*67e74705SXin Li 563*67e74705SXin Liclass A { 564*67e74705SXin Lipublic: 565*67e74705SXin Li ~A(); 566*67e74705SXin Li}; 567*67e74705SXin Li 568*67e74705SXin Liclass B : public A {}; 569*67e74705SXin Li 570*67e74705SXin Liclass C {}; 571*67e74705SXin Li 572*67e74705SXin Livoid f(A*); 573*67e74705SXin Li 574*67e74705SXin Livoid test() { 575*67e74705SXin Li B *b = new B; 576*67e74705SXin Li new(b) C; 577*67e74705SXin Li f(b); // warn 578*67e74705SXin Li} 579*67e74705SXin Li</pre></div> 580*67e74705SXin Li<div class="example"><pre> 581*67e74705SXin Li#include <new> 582*67e74705SXin Li 583*67e74705SXin Liclass A { 584*67e74705SXin Lipublic: 585*67e74705SXin Li ~A(); 586*67e74705SXin Li}; 587*67e74705SXin Li 588*67e74705SXin Liclass B : public A {}; 589*67e74705SXin Li 590*67e74705SXin Liclass C {}; 591*67e74705SXin Li 592*67e74705SXin LiA* test() { 593*67e74705SXin Li B *b = new B; 594*67e74705SXin Li new(b) C; 595*67e74705SXin Li return static_cast<A*>(b); // warn 596*67e74705SXin Li} 597*67e74705SXin Li</pre></div> 598*67e74705SXin Li<div class="example"><pre> 599*67e74705SXin Li#include <new> 600*67e74705SXin Li 601*67e74705SXin Liclass A { 602*67e74705SXin Lipublic: 603*67e74705SXin Li ~A(); 604*67e74705SXin Li}; 605*67e74705SXin Li 606*67e74705SXin Liclass B : public A {}; 607*67e74705SXin Li 608*67e74705SXin Liclass C {}; 609*67e74705SXin Li 610*67e74705SXin LiA* test() { 611*67e74705SXin Li B *b = new B; 612*67e74705SXin Li new(b) C; 613*67e74705SXin Li return dynamic_cast<A*>(b); // warn 614*67e74705SXin Li} 615*67e74705SXin Li</pre></div></div></td> 616*67e74705SXin Li<td class="aligned"></td></tr> 617*67e74705SXin Li 618*67e74705SXin Li 619*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 620*67e74705SXin Liundefbehavior.ObjLocChanges</span><span class="lang"> 621*67e74705SXin Li(C++)</span><div class="descr"> 622*67e74705SXin LiUndefined behavior: the program must ensure that an object occupies the same 623*67e74705SXin Listorage location when the implicit or explicit destructor call takes place. 624*67e74705SXin Li<p>Source: C++11 3.8p8.</p></div></div></td> 625*67e74705SXin Li<td><div class="exampleContainer expandable"> 626*67e74705SXin Li<div class="example"><pre> 627*67e74705SXin Li#include <new> 628*67e74705SXin Li 629*67e74705SXin Liclass A {}; 630*67e74705SXin Li 631*67e74705SXin Liclass B { 632*67e74705SXin Lipublic: 633*67e74705SXin Li ~B(); 634*67e74705SXin Li}; 635*67e74705SXin Li 636*67e74705SXin Livoid test() { 637*67e74705SXin Li B b; 638*67e74705SXin Li new (&b) A; 639*67e74705SXin Li} // warn 640*67e74705SXin Li</pre></div> 641*67e74705SXin Li<div class="example"><pre> 642*67e74705SXin Li#include <new> 643*67e74705SXin Li 644*67e74705SXin Liclass A {}; 645*67e74705SXin Li 646*67e74705SXin Liclass B { 647*67e74705SXin Lipublic: 648*67e74705SXin Li ~B(); 649*67e74705SXin Li}; 650*67e74705SXin Li 651*67e74705SXin Livoid test() { 652*67e74705SXin Li B *b = new B; 653*67e74705SXin Li new (b) A; 654*67e74705SXin Li delete b; // warn 655*67e74705SXin Li} 656*67e74705SXin Li</pre></div></div></td> 657*67e74705SXin Li<td class="aligned"></td></tr> 658*67e74705SXin Li 659*67e74705SXin Li 660*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 661*67e74705SXin Liundefbehavior.ExprEvalOrderUndef</span><span class="lang"> 662*67e74705SXin Li(C, C++03)</span><div class="descr"> 663*67e74705SXin LiUndefined behavior: a scalar object shall have its stored value modified at 664*67e74705SXin Limost once by the evaluation of an expression.<br> 665*67e74705SXin LiNote: most cases are currently handled by the Clang core (search for 'multiple 666*67e74705SXin Liunsequenced modifications' warning in Clang tests). 667*67e74705SXin Li<p>Source: C++03 5p4.</p></div></div></td> 668*67e74705SXin Li<td><div class="exampleContainer expandable"> 669*67e74705SXin Li<div class="example"><pre> 670*67e74705SXin Liint test () { 671*67e74705SXin Li int i = 0; 672*67e74705SXin Li i = ++i + 1; // warn 673*67e74705SXin Li return i; 674*67e74705SXin Li} 675*67e74705SXin Li</pre></div></div></td> 676*67e74705SXin Li<td class="aligned"></td></tr> 677*67e74705SXin Li 678*67e74705SXin Li 679*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 680*67e74705SXin Liundefbehavior.StaticInitReentered</span><span class="lang"> 681*67e74705SXin Li(C++)</span><div class="descr"> 682*67e74705SXin LiUndefined behavior: static declaration is re-entered while the object is being 683*67e74705SXin Liinitialized. 684*67e74705SXin Li<p>Source: C++11 6.7p4.</p></div></div></td> 685*67e74705SXin Li<td><div class="exampleContainer expandable"> 686*67e74705SXin Li<div class="example"><pre> 687*67e74705SXin Liint test(int i) { 688*67e74705SXin Li static int s = test(2 * i); // warn 689*67e74705SXin Li return i + 1; 690*67e74705SXin Li} 691*67e74705SXin Li</pre></div></div></td> 692*67e74705SXin Li<td class="aligned"></td></tr> 693*67e74705SXin Li 694*67e74705SXin Li 695*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 696*67e74705SXin Liundefbehavior.ConstModified</span><span class="lang"> 697*67e74705SXin Li(C, C++)</span><div class="descr"> 698*67e74705SXin LiUndefined behavior: const object is being modified. 699*67e74705SXin Li<p>Source: C++03 7.1.5.1p4, C++11 7.1.6.1p4.</p></div></div></td> 700*67e74705SXin Li<td><div class="exampleContainer expandable"> 701*67e74705SXin Li<div class="example"><pre> 702*67e74705SXin Livoid test() { 703*67e74705SXin Li const int *cp = new const int (0); 704*67e74705SXin Li int *p = const_cast<int *>(cp); 705*67e74705SXin Li *p = 1; // warn 706*67e74705SXin Li delete p; 707*67e74705SXin Li} 708*67e74705SXin Li</pre></div> 709*67e74705SXin Li<div class="example"><pre> 710*67e74705SXin Liclass C { 711*67e74705SXin Lipublic : 712*67e74705SXin Li int i; 713*67e74705SXin Li C(); 714*67e74705SXin Li}; 715*67e74705SXin Li 716*67e74705SXin Livoid test() { 717*67e74705SXin Li const C cb; 718*67e74705SXin Li 719*67e74705SXin Li C* cp = const_cast<C *>(&cb); 720*67e74705SXin Li cp->i = 1; // warn 721*67e74705SXin Li} 722*67e74705SXin Li</pre></div></div></td> 723*67e74705SXin Li<td class="aligned"></td></tr> 724*67e74705SXin Li 725*67e74705SXin Li 726*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 727*67e74705SXin Liundefbehavior.DeadDestructed</span><span class="lang"> 728*67e74705SXin Li(C++)</span><div class="descr"> 729*67e74705SXin LiUndefined behavior: the destructor is invoked for an object whose lifetime 730*67e74705SXin Lihas ended. 731*67e74705SXin Li<p>Source: C++11 12.4p14.</p></div></div></td> 732*67e74705SXin Li<td><div class="exampleContainer expandable"> 733*67e74705SXin Li<div class="example"><pre> 734*67e74705SXin Liclass A { 735*67e74705SXin Lipublic: 736*67e74705SXin Li void f(); 737*67e74705SXin Li A(); 738*67e74705SXin Li ~A(); 739*67e74705SXin Li}; 740*67e74705SXin Li 741*67e74705SXin Livoid test() { 742*67e74705SXin Li A a; 743*67e74705SXin Li a.~A(); 744*67e74705SXin Li} // warn 745*67e74705SXin Li</pre></div></div></td> 746*67e74705SXin Li<td class="aligned"></td></tr> 747*67e74705SXin Li 748*67e74705SXin Li 749*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 750*67e74705SXin Liundefbehavior.MethodCallBeforeBaseInit</span><span class="lang"> 751*67e74705SXin Li(C++)</span><div class="descr"> 752*67e74705SXin LiUndefined behavior: calls member function but base not yet initialized. 753*67e74705SXin Li<p>Source: C++03 12.6.2p8; C++11 12.6.2p13.</p></div></div></td> 754*67e74705SXin Li<td><div class="exampleContainer expandable"> 755*67e74705SXin Li<div class="example"><pre> 756*67e74705SXin Liclass A { 757*67e74705SXin Lipublic : 758*67e74705SXin Li A(int); 759*67e74705SXin Li}; 760*67e74705SXin Li 761*67e74705SXin Liclass B : public A { 762*67e74705SXin Lipublic : 763*67e74705SXin Li int f(); 764*67e74705SXin Li B() : A(f()) {} // warn 765*67e74705SXin Li}; 766*67e74705SXin Li</pre></div></div></td> 767*67e74705SXin Li<td class="aligned"></td></tr> 768*67e74705SXin Li 769*67e74705SXin Li 770*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 771*67e74705SXin Liundefbehavior.MemberOrBaseRefBeforeCtor</span><span class="lang"> 772*67e74705SXin Li(C++)</span><div class="descr"> 773*67e74705SXin LiC++ Undefined behavior: non-static member or base class of non-POD class type 774*67e74705SXin Liis referred before constructor begins execution.<br> 775*67e74705SXin LiC++11 Undefined behavior: non-static member or base class of a class with a 776*67e74705SXin Linon-trivial constructor is referred before constructor begins execution. 777*67e74705SXin Li<p>Source: C++03 12.7p1; C++11 12.7p1.</p></div></div></td> 778*67e74705SXin Li<td><div class="exampleContainer expandable"> 779*67e74705SXin Li<div class="example"><pre> 780*67e74705SXin Listruct non_POD { 781*67e74705SXin Li int i; 782*67e74705SXin Li non_POD(); 783*67e74705SXin Li}; 784*67e74705SXin Li 785*67e74705SXin Liextern non_POD non_pod; 786*67e74705SXin Li 787*67e74705SXin Liint *p = &non_pod.i; // warn 788*67e74705SXin Li</pre></div> 789*67e74705SXin Li<div class="example"><pre> 790*67e74705SXin Listruct POD { 791*67e74705SXin Li int i; 792*67e74705SXin Li}; 793*67e74705SXin Li 794*67e74705SXin Listruct non_POD : public POD { 795*67e74705SXin Li POD pod; 796*67e74705SXin Li}; 797*67e74705SXin Li 798*67e74705SXin Liextern non_POD non_pod; 799*67e74705SXin Li 800*67e74705SXin Liint *p = &non_pod.pod.i; // warn 801*67e74705SXin Li</pre></div> 802*67e74705SXin Li<div class="example"><pre> 803*67e74705SXin Listruct POD { 804*67e74705SXin Li int i; 805*67e74705SXin Li}; 806*67e74705SXin Li 807*67e74705SXin Listruct non_POD : public POD {}; 808*67e74705SXin Li 809*67e74705SXin Liextern non_POD non_pod; 810*67e74705SXin Li 811*67e74705SXin LiPOD *p = &non_pod; // warn 812*67e74705SXin Li</pre></div> 813*67e74705SXin Li<div class="example"><pre> 814*67e74705SXin Listruct non_POD { 815*67e74705SXin Li int i; 816*67e74705SXin Li non_POD(); 817*67e74705SXin Li}; 818*67e74705SXin Li 819*67e74705SXin Listruct S { 820*67e74705SXin Li int *k; 821*67e74705SXin Li non_POD non_pod; 822*67e74705SXin Li S() : k(&non_pod.i) {} // warn 823*67e74705SXin Li}; 824*67e74705SXin Li</pre></div></div></td> 825*67e74705SXin Li<td class="aligned"></td></tr> 826*67e74705SXin Li 827*67e74705SXin Li 828*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 829*67e74705SXin Liundefbehavior.MemberRefAfterDtor</span><span class="lang"> 830*67e74705SXin Li(C++)</span><div class="descr"> 831*67e74705SXin LiC++03: Undefined behavior: non-static member of non-POD class type is referred 832*67e74705SXin Liafter destructor ends execution.<br> 833*67e74705SXin LiC++11: Undefined behavior: non-static member of a class with a non-trivial 834*67e74705SXin Lidestructor is referred after destructor ends execution. 835*67e74705SXin Li<p>Source: C++03 12.7p1; C++11 12.7p1.</p></div></div></td> 836*67e74705SXin Li<td><div class="exampleContainer expandable"> 837*67e74705SXin Li<div class="example"><pre> 838*67e74705SXin Liclass C { 839*67e74705SXin Lipublic: 840*67e74705SXin Li C(); 841*67e74705SXin Li void f(); 842*67e74705SXin Li}; 843*67e74705SXin Li 844*67e74705SXin Livoid test() { 845*67e74705SXin Li C *c = new C(); 846*67e74705SXin Li c->~C(); 847*67e74705SXin Li c->f(); // warn 848*67e74705SXin Li} 849*67e74705SXin Li</pre></div></div></td> 850*67e74705SXin Li<td class="aligned"></td></tr> 851*67e74705SXin Li 852*67e74705SXin Li 853*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 854*67e74705SXin Liundefbehavior.CtorForeignCall</span><span class="lang"> 855*67e74705SXin Li(C++)</span><div class="descr"> 856*67e74705SXin LiUndefined behavior: call to virtual function of an object under construction 857*67e74705SXin Liwhose type is neither the constructors own class or one of its bases. 858*67e74705SXin Li<p>Source: C++11 12.7p4.</p></div></div></td> 859*67e74705SXin Li<td><div class="exampleContainer expandable"> 860*67e74705SXin Li<div class="example"><pre> 861*67e74705SXin Liclass A { 862*67e74705SXin Lipublic: 863*67e74705SXin Li virtual void f() {}; 864*67e74705SXin Li}; 865*67e74705SXin Li 866*67e74705SXin Liclass B { 867*67e74705SXin Lipublic: 868*67e74705SXin Li B(A* a) { a->f(); } // warn 869*67e74705SXin Li}; 870*67e74705SXin Li 871*67e74705SXin Liclass C : public A, B { 872*67e74705SXin Lipublic: 873*67e74705SXin Li C() : B((A*)this) {} 874*67e74705SXin Li}; 875*67e74705SXin Li</pre></div></div></td> 876*67e74705SXin Li<td class="aligned"></td></tr> 877*67e74705SXin Li 878*67e74705SXin Li 879*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 880*67e74705SXin Liundefbehavior.CtorForeignTypeid</span><span class="lang"> 881*67e74705SXin Li(C++)</span><div class="descr"> 882*67e74705SXin LiUndefined behavior: the operand of <code>typeid</code> is an object under 883*67e74705SXin Liconstruction whose type is neither the constructors own class or one of its 884*67e74705SXin Libases. 885*67e74705SXin Li<p>Source: C++11 12.7p5.</p></div></div></td> 886*67e74705SXin Li<td><div class="exampleContainer expandable"> 887*67e74705SXin Li<div class="example"><pre> 888*67e74705SXin Li#include <typeinfo> 889*67e74705SXin Li 890*67e74705SXin Liclass A {}; 891*67e74705SXin Li 892*67e74705SXin Liclass B { 893*67e74705SXin Lipublic: 894*67e74705SXin Li B(A* a) { 895*67e74705SXin Li (void)typeid(*a); // warn 896*67e74705SXin Li } 897*67e74705SXin Li}; 898*67e74705SXin Li 899*67e74705SXin Liclass C : public A, B { 900*67e74705SXin Lipublic: 901*67e74705SXin Li C() : B((A*)this) {} 902*67e74705SXin Li}; 903*67e74705SXin Li</pre></div></div></td> 904*67e74705SXin Li<td class="aligned"></td></tr> 905*67e74705SXin Li 906*67e74705SXin Li 907*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 908*67e74705SXin Liundefbehavior.CtorForeignCast</span><span class="lang"> 909*67e74705SXin Li(C++)</span><div class="descr"> 910*67e74705SXin LiUndefined behavior: the operand of <code>dynamic_cast</code> is an object under 911*67e74705SXin Liconstruction whose type is neither the constructors own class or one of its 912*67e74705SXin Libases. 913*67e74705SXin Li<p>Source: C++11 12.7p6.</p></div></div></td> 914*67e74705SXin Li<td><div class="exampleContainer expandable"> 915*67e74705SXin Li<div class="example"><pre> 916*67e74705SXin Li#include <typeinfo> 917*67e74705SXin Li 918*67e74705SXin Liclass A { 919*67e74705SXin Lipublic: 920*67e74705SXin Li virtual void f() {}; 921*67e74705SXin Li}; 922*67e74705SXin Li 923*67e74705SXin Liclass B { 924*67e74705SXin Lipublic: 925*67e74705SXin Li B(A* a) { 926*67e74705SXin Li (void)dynamic_cast<B*>(a); //warn 927*67e74705SXin Li } 928*67e74705SXin Li}; 929*67e74705SXin Li 930*67e74705SXin Liclass C : public A, B { 931*67e74705SXin Lipublic: 932*67e74705SXin Li C() : B((A*)this) {} 933*67e74705SXin Li}; 934*67e74705SXin Li</pre></div></div></td> 935*67e74705SXin Li<td class="aligned"></td></tr> 936*67e74705SXin Li 937*67e74705SXin Li 938*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 939*67e74705SXin Liundefbehavior.MemberOrBaseRefInCatch</span><span class="lang"> 940*67e74705SXin Li(C++)</span><div class="descr"> 941*67e74705SXin LiUndefined behavior: referring to any non-static member or base class of an 942*67e74705SXin Liobject in the handler for a function-try-block of a constructor or destructor 943*67e74705SXin Lifor that object results in undefined behavior. 944*67e74705SXin Li<p>Source: C++11 15.3p10.</p></div></div></td> 945*67e74705SXin Li<td><div class="exampleContainer expandable"> 946*67e74705SXin Li<div class="example"><pre> 947*67e74705SXin Livoid f() { throw 1; } 948*67e74705SXin Li 949*67e74705SXin Liclass C { 950*67e74705SXin Li int i; 951*67e74705SXin Lipublic : 952*67e74705SXin Li C() 953*67e74705SXin Li try { 954*67e74705SXin Li f(); 955*67e74705SXin Li } 956*67e74705SXin Li catch (...) { 957*67e74705SXin Li i=2; // warn 958*67e74705SXin Li } 959*67e74705SXin Li}; 960*67e74705SXin Li</pre></div> 961*67e74705SXin Li<div class="example"><pre> 962*67e74705SXin Livoid f() { throw 1; } 963*67e74705SXin Li 964*67e74705SXin Liclass Base { 965*67e74705SXin Lipublic: 966*67e74705SXin Li int i; 967*67e74705SXin Li}; 968*67e74705SXin Li 969*67e74705SXin Liclass C: public Base { 970*67e74705SXin Lipublic : 971*67e74705SXin Li ~C() try { 972*67e74705SXin Li f(); 973*67e74705SXin Li } 974*67e74705SXin Li catch (...) { 975*67e74705SXin Li i=2; // warn 976*67e74705SXin Li } 977*67e74705SXin Li}; 978*67e74705SXin Li</pre></div></div></td> 979*67e74705SXin Li<td class="aligned"></td></tr> 980*67e74705SXin Li 981*67e74705SXin Li 982*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 983*67e74705SXin Liundefbehavior.ReturnAtCatchEnd</span><span class="lang"> 984*67e74705SXin Li(C++)</span><div class="descr"> 985*67e74705SXin LiUndefined behavior: a function returns when control reaches the end of a 986*67e74705SXin Lihandler. This results in undefined behavior in a value-returning function. 987*67e74705SXin Li<p>Source: C++11 15.3p10.</p></div></div></td> 988*67e74705SXin Li<td><div class="exampleContainer expandable"> 989*67e74705SXin Li<div class="example"><pre> 990*67e74705SXin Livoid f() { throw 1; } 991*67e74705SXin Li 992*67e74705SXin Liint test() try { 993*67e74705SXin Li f(); 994*67e74705SXin Li return 1; 995*67e74705SXin Li} 996*67e74705SXin Licatch(int) { 997*67e74705SXin Li} // warn 998*67e74705SXin Li</pre></div></div></td> 999*67e74705SXin Li<td class="aligned"></td></tr> 1000*67e74705SXin Li 1001*67e74705SXin Li 1002*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1003*67e74705SXin Liundefbehavior.AutoptrsOwnSameObj</span><span class="lang"> 1004*67e74705SXin Li(C++03)</span><div class="descr"> 1005*67e74705SXin LiUndefined behavior: if more than one <code>auto_ptr</code> owns the same object 1006*67e74705SXin Liat the same time the behavior of the program is undefined. 1007*67e74705SXin Li<p>Source: C++03 20.4.5p3; C++11 <code>auto_ptr</code> is deprecated 1008*67e74705SXin Li(D.10).</p></div></div></td> 1009*67e74705SXin Li<td><div class="exampleContainer expandable"> 1010*67e74705SXin Li<div class="example"><pre> 1011*67e74705SXin Li#include <memory> 1012*67e74705SXin Li 1013*67e74705SXin Livoid test() { 1014*67e74705SXin Li int *data = new int; 1015*67e74705SXin Li std::auto_ptr<int> p(data); 1016*67e74705SXin Li std::auto_ptr<int> q(data); // warn 1017*67e74705SXin Li} 1018*67e74705SXin Li</pre></div></div></td> 1019*67e74705SXin Li<td class="aligned"></td></tr> 1020*67e74705SXin Li 1021*67e74705SXin Li 1022*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1023*67e74705SXin Liundefbehavior.BasicStringOutOfBound</span><span class="lang"> 1024*67e74705SXin Li(C++03)</span><div class="descr"> 1025*67e74705SXin LiUndefined behavior: out-of-bound <code>basic_string</code> access/modification. 1026*67e74705SXin Li<br>Note: possibly an enhancement to <span class="name"> 1027*67e74705SXin Lialpha.security.ArrayBoundV2</span>. 1028*67e74705SXin Li<p>Source: C++03 21.3.4p1; C++11 behavior is defined 1029*67e74705SXin Li(21.4.5p2).</p></div></div></td> 1030*67e74705SXin Li<td><div class="exampleContainer expandable"> 1031*67e74705SXin Li<div class="example"><pre> 1032*67e74705SXin Li#include <string> 1033*67e74705SXin Li 1034*67e74705SXin Livoid test() { 1035*67e74705SXin Li std::basic_string<char> s; 1036*67e74705SXin Li char c = s[10]; // warn 1037*67e74705SXin Li} 1038*67e74705SXin Li</pre></div> 1039*67e74705SXin Li<div class="example"><pre> 1040*67e74705SXin Li#include <string> 1041*67e74705SXin Li 1042*67e74705SXin Livoid test() { 1043*67e74705SXin Li std::basic_string<char> s; 1044*67e74705SXin Li s[10] = 0; // warn 1045*67e74705SXin Li} 1046*67e74705SXin Li</pre></div></div></td> 1047*67e74705SXin Li<td class="aligned"></td></tr> 1048*67e74705SXin Li 1049*67e74705SXin Li 1050*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1051*67e74705SXin Liundefbehavior.EosDereference</span><span class="lang"> 1052*67e74705SXin Li(C++)</span><div class="descr"> 1053*67e74705SXin LiUndefined behavior: the result of <code>operator*()</code> on an end of a 1054*67e74705SXin Listream is undefined. 1055*67e74705SXin Li<p>Source: C++03 24.5.3p2; C++11 24.6.3p2.</p></div></div></td> 1056*67e74705SXin Li<td><div class="exampleContainer expandable"> 1057*67e74705SXin Li<div class="example"><pre> 1058*67e74705SXin Li#include <vector> 1059*67e74705SXin Li 1060*67e74705SXin Liint test() { 1061*67e74705SXin Li std::vector<int> v; 1062*67e74705SXin Li return *v.end(); // warn 1063*67e74705SXin Li} 1064*67e74705SXin Li</pre></div></div></td> 1065*67e74705SXin Li<td class="aligned"></td></tr> 1066*67e74705SXin Li 1067*67e74705SXin Li 1068*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1069*67e74705SXin Liundefbehavior.QsortNonPODNonTrivial</span><span class="lang"> 1070*67e74705SXin Li(C++)</span><div class="descr"> 1071*67e74705SXin LiC++03: Undefined behavior: the objects in the array passed to qsort are of 1072*67e74705SXin Linon-POD type.<br> 1073*67e74705SXin LiC++11: Undefined behavior: the objects in the array passed to qsort are of 1074*67e74705SXin Linon-trivial type. 1075*67e74705SXin Li<p>Source: C++03 25.4p4; C++11 25.5p4.</p></div></div></td> 1076*67e74705SXin Li<td><div class="exampleContainer expandable"> 1077*67e74705SXin Li<div class="example"><pre> 1078*67e74705SXin Li// C++03 1079*67e74705SXin Li#include <cstdlib> 1080*67e74705SXin Li 1081*67e74705SXin Li 1082*67e74705SXin Listruct non_POD { 1083*67e74705SXin Li non_POD(); 1084*67e74705SXin Li}; 1085*67e74705SXin Li 1086*67e74705SXin Linon_POD values[] = { non_POD(), non_POD() }; 1087*67e74705SXin Li 1088*67e74705SXin Liint compare(const void *a, const void *b); 1089*67e74705SXin Li 1090*67e74705SXin Livoid test() { 1091*67e74705SXin Li qsort(values, 2, sizeof(non_POD), compare); // warn 1092*67e74705SXin Li} 1093*67e74705SXin Li</pre></div> 1094*67e74705SXin Li<div class="example"><pre> 1095*67e74705SXin Li// C++11 1096*67e74705SXin Li#include <cstdlib> 1097*67e74705SXin Li 1098*67e74705SXin Listruct S {}; 1099*67e74705SXin Li 1100*67e74705SXin Listruct trivial_non_POD : public S { 1101*67e74705SXin Li int i; 1102*67e74705SXin Li}; 1103*67e74705SXin Li 1104*67e74705SXin Listruct non_trivial { 1105*67e74705SXin Li int i; 1106*67e74705SXin Li non_trivial(); 1107*67e74705SXin Li}; 1108*67e74705SXin Li 1109*67e74705SXin Litrivial_non_POD tnp[2]; 1110*67e74705SXin Linon_trivial nt[2]; 1111*67e74705SXin Li 1112*67e74705SXin Liint compare1(const void *a, const void *b); 1113*67e74705SXin Li 1114*67e74705SXin Liint compare2(const void *a, const void *b); 1115*67e74705SXin Li 1116*67e74705SXin Livoid test() { 1117*67e74705SXin Li qsort(tnp, 2, sizeof(trivial_non_POD), compare1); // ok 1118*67e74705SXin Li qsort(nt, 2, sizeof(non_trivial), compare2); // warn 1119*67e74705SXin Li} 1120*67e74705SXin Li</pre></div></div></td> 1121*67e74705SXin Li<td class="aligned"></td></tr> 1122*67e74705SXin Li 1123*67e74705SXin Li 1124*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1125*67e74705SXin Liundefbehavior.ThrowWhileCopy</span><span class="lang"> 1126*67e74705SXin Li(C++)</span><div class="descr"> 1127*67e74705SXin LiUndefined behavior: copy constructor/assignment operator can throw an exception. 1128*67e74705SXin LiThe effects are undefined if an exception is thrown.</div></div></td> 1129*67e74705SXin Li<td><div class="exampleContainer expandable"> 1130*67e74705SXin Li<div class="example"><pre> 1131*67e74705SXin Liclass C { 1132*67e74705SXin Lipublic: 1133*67e74705SXin Li int i, j; 1134*67e74705SXin Li C (const C &c) { 1135*67e74705SXin Li i = c.i; 1136*67e74705SXin Li throw 1; // warn 1137*67e74705SXin Li j = c.j; 1138*67e74705SXin Li }; 1139*67e74705SXin Li}; 1140*67e74705SXin Li</pre></div> 1141*67e74705SXin Li<div class="example"><pre> 1142*67e74705SXin Liclass C { 1143*67e74705SXin Lipublic: 1144*67e74705SXin Li int i, j; 1145*67e74705SXin Li C &operator=(const C &c) { 1146*67e74705SXin Li i = c.i; 1147*67e74705SXin Li throw 1; // warn 1148*67e74705SXin Li j = c.j; 1149*67e74705SXin Li }; 1150*67e74705SXin Li}; 1151*67e74705SXin Li</pre></div></div></td> 1152*67e74705SXin Li<td class="aligned"></td></tr> 1153*67e74705SXin Li 1154*67e74705SXin Li 1155*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1156*67e74705SXin Liundefbehavior.ValarrayArgBound</span><span class="lang"> 1157*67e74705SXin Li(C++)</span><div class="descr"> 1158*67e74705SXin LiUndefined behavior: the value of the <code><i>n</i></code> argument passed 1159*67e74705SXin Lito <code>valarray</code> constructor is greater than the number of values 1160*67e74705SXin Lipointed to by the first argument (source). 1161*67e74705SXin Li<p>Source: C++03 26.3.2.1p4; C++11 26.6.2.2p4.</p></div></div></td> 1162*67e74705SXin Li<td><div class="exampleContainer expandable"> 1163*67e74705SXin Li<div class="example"><pre> 1164*67e74705SXin Li#include <valarray> 1165*67e74705SXin Li 1166*67e74705SXin Listruct S { 1167*67e74705SXin Li int i; 1168*67e74705SXin Li S(int ii) : i(ii) {}; 1169*67e74705SXin Li}; 1170*67e74705SXin Li 1171*67e74705SXin Livoid test(void) { 1172*67e74705SXin Li S s[] = { S(1), S(2) }; 1173*67e74705SXin Li std::valarray<S> v(s,3); // warn 1174*67e74705SXin Li} 1175*67e74705SXin Li</pre></div></div></td> 1176*67e74705SXin Li<td class="aligned"></td></tr> 1177*67e74705SXin Li 1178*67e74705SXin Li 1179*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1180*67e74705SXin Liundefbehavior.ValarrayLengthDiffer</span><span class="lang"> 1181*67e74705SXin Li(C++)</span><div class="descr"> 1182*67e74705SXin LiUndefined behavior: <code>valarray</code> operands are of different length. 1183*67e74705SXin Li<p>Source: C++03 26.3.2.2p1, 26.3.2.6p3, 26.3.3.1p3, 26.3.3.2p3; 1184*67e74705SXin LiC++11 defined (26.6.2.3p1), 26.6.2.7p3, 26.6.3.1p3, 1185*67e74705SXin Li26.6.3.2p3.</p></div></div></td> 1186*67e74705SXin Li<td><div class="exampleContainer expandable"> 1187*67e74705SXin Li<div class="example"><pre> 1188*67e74705SXin Li// C++03 1189*67e74705SXin Li#include <valarray> 1190*67e74705SXin Li 1191*67e74705SXin Livoid test(void) { 1192*67e74705SXin Li std::valarray<int> a(0, 1), b(0, 2); 1193*67e74705SXin Li a = b; // warn 1194*67e74705SXin Li b.resize(1); 1195*67e74705SXin Li a = b; // ok 1196*67e74705SXin Li} 1197*67e74705SXin Li</pre></div> 1198*67e74705SXin Li<div class="example"><pre> 1199*67e74705SXin Li// C++03, C++11 1200*67e74705SXin Li#include <valarray> 1201*67e74705SXin Li 1202*67e74705SXin Livoid test(void) { 1203*67e74705SXin Li std::valarray<int> a(0, 1), b(0, 2); 1204*67e74705SXin Li a *= b; // warn 1205*67e74705SXin Li} 1206*67e74705SXin Li</pre></div> 1207*67e74705SXin Li<div class="example"><pre> 1208*67e74705SXin Li// C++03, C++11 1209*67e74705SXin Li#include <valarray> 1210*67e74705SXin Li 1211*67e74705SXin Livoid test(void) { 1212*67e74705SXin Li std::valarray<int> a(0, 1), b(0, 2); 1213*67e74705SXin Li a = a + b; // warn 1214*67e74705SXin Li} 1215*67e74705SXin Li</pre></div> 1216*67e74705SXin Li<div class="example"><pre> 1217*67e74705SXin Li// C++03, C++11 1218*67e74705SXin Li#include <valarray> 1219*67e74705SXin Li 1220*67e74705SXin Livoid test(void) { 1221*67e74705SXin Li std::valarray<int> a(0, 1), b(0, 2); 1222*67e74705SXin Li std::valarray<bool> c(false, 1); 1223*67e74705SXin Li c = a == b; // warn 1224*67e74705SXin Li} 1225*67e74705SXin Li</pre></div></div></td> 1226*67e74705SXin Li<td class="aligned"></td></tr> 1227*67e74705SXin Li 1228*67e74705SXin Li 1229*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1230*67e74705SXin Liundefbehavior.ValarrayZeroLength</span><span class="lang"> 1231*67e74705SXin Li(C++)</span><div class="descr"> 1232*67e74705SXin LiUndefined behavior: calling <code>sum()</code>/<code>min()</code>/<code> 1233*67e74705SXin Limax()</code> methods of a zero length <code>valarray<code> the behavior is 1234*67e74705SXin Liundefined. 1235*67e74705SXin Li<p>Source: C++03 26.3.2.7p2, p3, p4; C++11 26.6.2.8p5, p6, 1236*67e74705SXin Lip7.</p></div></div></td> 1237*67e74705SXin Li<td><div class="exampleContainer expandable"> 1238*67e74705SXin Li<div class="example"><pre> 1239*67e74705SXin Li#include <valarray> 1240*67e74705SXin Li 1241*67e74705SXin Livoid test(void) { 1242*67e74705SXin Li std::valarray<int> v(0, 0); 1243*67e74705SXin Li v.sum(); // warn 1244*67e74705SXin Li} 1245*67e74705SXin Li</pre></div></div></td> 1246*67e74705SXin Li<td class="aligned"></td></tr> 1247*67e74705SXin Li 1248*67e74705SXin Li 1249*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1250*67e74705SXin Liundefbehavior.ValarrayBadIndirection</span><span class="lang"> 1251*67e74705SXin Li(C++)</span><div class="descr"> 1252*67e74705SXin LiUndefined behavior: element is specified more than once in an indirection. 1253*67e74705SXin Li<p>Source: C++03 26.3.9.2p2, 26.3.9.3p2; C++11 26.6.9.2p2, 1254*67e74705SXin Li26.6.9.3p2.</p></div></div></td> 1255*67e74705SXin Li<td><div class="exampleContainer expandable"> 1256*67e74705SXin Li<div class="example"><pre> 1257*67e74705SXin Li#include <valarray> 1258*67e74705SXin Li 1259*67e74705SXin Livoid test() { 1260*67e74705SXin Li // '1' is specified more then once 1261*67e74705SXin Li size_t addr[] = {0, 1, 1}; 1262*67e74705SXin Li std::valarray<size_t>indirect(addr, 3); 1263*67e74705SXin Li std::valarray<int> a(0, 5), b(1, 3); 1264*67e74705SXin Li a[indirect] = b; //warn 1265*67e74705SXin Li} 1266*67e74705SXin Li</pre></div> 1267*67e74705SXin Li<div class="example"><pre> 1268*67e74705SXin Li#include <valarray> 1269*67e74705SXin Li 1270*67e74705SXin Livoid test() { 1271*67e74705SXin Li // '1' is specified more then once 1272*67e74705SXin Li size_t addr[] = {0, 1, 1}; 1273*67e74705SXin Li std::valarray<size_t>indirect(addr, 3); 1274*67e74705SXin Li std::valarray<int> a(0, 5), b(1, 3); 1275*67e74705SXin Li a[indirect] *= b; //warn 1276*67e74705SXin Li} 1277*67e74705SXin Li</pre></div></div></td> 1278*67e74705SXin Li<td class="aligned"></td></tr> 1279*67e74705SXin Li 1280*67e74705SXin Li 1281*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1282*67e74705SXin Liundefbehavior.IosBaseDestroyedBeforeInit</span><span class="lang"> 1283*67e74705SXin Li(C++)</span><div class="descr"> 1284*67e74705SXin LiUndefined behavior: <code>ios_base</code> object is destroyed before 1285*67e74705SXin Liinitialization have taken place. <code>basic_ios::init</code> should be call to 1286*67e74705SXin Liinitialize <code>ios_base</code> members. 1287*67e74705SXin Li<p>Source: C++03 27.4.2.7p1, 27.4.4.1p2; C++11 27.5.3.7p1, 1288*67e74705SXin Li27.5.5.2p2.</p></div></div></td> 1289*67e74705SXin Li<td><div class="exampleContainer expandable"> 1290*67e74705SXin Li<div class="example"><pre> 1291*67e74705SXin Li#include <ios> 1292*67e74705SXin Li 1293*67e74705SXin Liusing namespace std; 1294*67e74705SXin Litemplate <class T, class Traits = std::char_traits<T> > 1295*67e74705SXin Liclass my_stream1 : public std::basic_ios<T, Traits> { 1296*67e74705SXin Li}; 1297*67e74705SXin Li 1298*67e74705SXin Litemplate <class T, class Traits = std::char_traits<T> > 1299*67e74705SXin Liclass my_stream2 : public std::basic_ios<T, Traits> { 1300*67e74705SXin Li class my_streambuf 1301*67e74705SXin Li : public std::basic_streambuf<T, Traits> { 1302*67e74705SXin Li }; 1303*67e74705SXin Lipublic: 1304*67e74705SXin Li my_stream2() { 1305*67e74705SXin Li this->init(new my_streambuf); 1306*67e74705SXin Li } 1307*67e74705SXin Li}; 1308*67e74705SXin Li 1309*67e74705SXin Livoid test() { 1310*67e74705SXin Li my_stream1<char> *p1 = new my_stream1<char>; 1311*67e74705SXin Li my_stream2<char> *p2 = new my_stream2<char>; 1312*67e74705SXin Li delete p1; // warn 1313*67e74705SXin Li delete p2; // ok 1314*67e74705SXin Li} 1315*67e74705SXin Li</pre></div></div></td> 1316*67e74705SXin Li<td class="aligned"></td></tr> 1317*67e74705SXin Li 1318*67e74705SXin Li 1319*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1320*67e74705SXin Liundefbehavior.IosBaseUsedBeforeInit</span><span class="lang"> 1321*67e74705SXin Li(C++11)</span><div class="descr"> 1322*67e74705SXin LiUndefined behavior: <code>ios_base</code> object is used before initialization 1323*67e74705SXin Lihave taken place. <code>basic_ios::init</code> should be call to 1324*67e74705SXin Liinitialize <code>ios_base</code> members. 1325*67e74705SXin Li<p>Source: C++11 27.5.3.7p1, 27.5.5.2p2.</p></div></div></td> 1326*67e74705SXin Li<td><div class="exampleContainer expandable"> 1327*67e74705SXin Li<div class="example"><pre> 1328*67e74705SXin Li#include <ios> 1329*67e74705SXin Li 1330*67e74705SXin Liusing namespace std; 1331*67e74705SXin Litemplate <class T, class Traits = std::char_traits<T> > 1332*67e74705SXin Liclass my_stream1 : public std::basic_ios<T, Traits> { 1333*67e74705SXin Li}; 1334*67e74705SXin Li 1335*67e74705SXin Litemplate <class T, class Traits = std::char_traits<T> > 1336*67e74705SXin Liclass my_stream2 : public std::basic_ios<T, Traits> { 1337*67e74705SXin Li class my_streambuf 1338*67e74705SXin Li : public std::basic_streambuf<T, Traits> { 1339*67e74705SXin Li }; 1340*67e74705SXin Lipublic: 1341*67e74705SXin Li my_stream2() { 1342*67e74705SXin Li this->init(new my_streambuf); 1343*67e74705SXin Li } 1344*67e74705SXin Li}; 1345*67e74705SXin Li 1346*67e74705SXin Livoid test() { 1347*67e74705SXin Li my_stream1<char> *p1 = new my_stream1<char>; 1348*67e74705SXin Li my_stream2<char> *p2 = new my_stream2<char>; 1349*67e74705SXin Li p1->narrow('a', 'b'); // warn 1350*67e74705SXin Li p2->narrow('a', 'b'); // ok 1351*67e74705SXin Li} 1352*67e74705SXin Li</pre></div></div></td> 1353*67e74705SXin Li<td class="aligned"></td></tr> 1354*67e74705SXin Li 1355*67e74705SXin Li 1356*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1357*67e74705SXin Liundefbehavior.MinusOnePosType</span><span class="lang"> 1358*67e74705SXin Li(C++)</span><div class="descr"> 1359*67e74705SXin LiUndefined behavior: passing -1 to any <code>streambuf</code>/<code> 1360*67e74705SXin Liistream</code>/<code>ostream</code> member that accepts a value of 1361*67e74705SXin Litype <code>traits::pos_type</code> result in undefined behavior. 1362*67e74705SXin Li<p>Source: C++03 27.4.3.2p3; C++11 27.5.4.2p3.</p></div></div></td> 1363*67e74705SXin Li<td><div class="exampleContainer expandable"> 1364*67e74705SXin Li<div class="example"><pre> 1365*67e74705SXin Li#include <fstream> 1366*67e74705SXin Li 1367*67e74705SXin Liclass my_streambuf : public std::streambuf { 1368*67e74705SXin Li void f() { 1369*67e74705SXin Li seekpos(-1); // warn 1370*67e74705SXin Li } 1371*67e74705SXin Li}; 1372*67e74705SXin Li</pre></div> 1373*67e74705SXin Li<div class="example"><pre> 1374*67e74705SXin Li#include <fstream> 1375*67e74705SXin Li 1376*67e74705SXin Livoid test() { 1377*67e74705SXin Li std::filebuf fb; 1378*67e74705SXin Li std::istream in(&fb); 1379*67e74705SXin Li std::filebuf::off_type pos(-1); 1380*67e74705SXin Li in.seekg(pos); // warn 1381*67e74705SXin Li} 1382*67e74705SXin Li</pre></div></div></td> 1383*67e74705SXin Li<td class="aligned"></td></tr> 1384*67e74705SXin Li 1385*67e74705SXin Li</table> 1386*67e74705SXin Li 1387*67e74705SXin Li<!-- ============================ different ================================ --> 1388*67e74705SXin Li<h3>different</h3> 1389*67e74705SXin Li<table class="checkers"> 1390*67e74705SXin Li<col class="namedescr"><col class="example"><col class="progress"> 1391*67e74705SXin Li<thead><tr><td>Name, Description</td><td>Example</td><td>Progress</td></tr> 1392*67e74705SXin Li</thead> 1393*67e74705SXin Li 1394*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1395*67e74705SXin Lidifferent.SuccessiveAssign</span><span class="lang"> 1396*67e74705SXin Li(C)</span><div class="descr"> 1397*67e74705SXin LiSuccessive assign to a variable.</div></div></td> 1398*67e74705SXin Li<td><div class="exampleContainer expandable"> 1399*67e74705SXin Li<div class="example"><pre> 1400*67e74705SXin Liint test() { 1401*67e74705SXin Li int i; 1402*67e74705SXin Li i=1; 1403*67e74705SXin Li i=2; // warn 1404*67e74705SXin Li return i; 1405*67e74705SXin Li} 1406*67e74705SXin Li</pre></div></div></td> 1407*67e74705SXin Li<td class="aligned"></td></tr> 1408*67e74705SXin Li 1409*67e74705SXin Li 1410*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1411*67e74705SXin Lidifferent.NullDerefStmtOrder</span><span class="lang"> 1412*67e74705SXin Li(C)</span><div class="descr"> 1413*67e74705SXin LiDereferencing of the null pointer might take place. Checking the pointer for 1414*67e74705SXin Linull should be performed first. 1415*67e74705SXin Li<br>Note: possibly an enhancement to <span class="name"> 1416*67e74705SXin Licore.NullDereference</span>.</div></div></td> 1417*67e74705SXin Li<td><div class="exampleContainer expandable"> 1418*67e74705SXin Li<div class="example"><pre> 1419*67e74705SXin Listruct S { 1420*67e74705SXin Li int x; 1421*67e74705SXin Li}; 1422*67e74705SXin Li 1423*67e74705SXin Listruct S* f(); 1424*67e74705SXin Li 1425*67e74705SXin Livoid test() { 1426*67e74705SXin Li struct S *p1 = f(); 1427*67e74705SXin Li int x1 = p1->x; // warn 1428*67e74705SXin Li if (p1) {}; 1429*67e74705SXin Li 1430*67e74705SXin Li struct S *p2 = f(); 1431*67e74705SXin Li int x2 = p2->x; // ok 1432*67e74705SXin Li} 1433*67e74705SXin Li</pre></div></div></td> 1434*67e74705SXin Li<td class="aligned"></td></tr> 1435*67e74705SXin Li 1436*67e74705SXin Li 1437*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1438*67e74705SXin Lidifferent.NullDerefCondOrder</span><span class="lang"> 1439*67e74705SXin Li(C)</span><div class="descr"> 1440*67e74705SXin LiDereferencing of the null pointer might take place. Checking the pointer for 1441*67e74705SXin Linull should be performed first. 1442*67e74705SXin Li<br>Note: possibly an enhancement to <span class="name"> 1443*67e74705SXin Licore.NullDereference</span>.</div></div></td> 1444*67e74705SXin Li<td><div class="exampleContainer expandable"> 1445*67e74705SXin Li<div class="example"><pre> 1446*67e74705SXin Listruct S {int i;}; 1447*67e74705SXin Li 1448*67e74705SXin Listruct S* f(); 1449*67e74705SXin Li 1450*67e74705SXin Livoid test() { 1451*67e74705SXin Li struct S *p = f(); 1452*67e74705SXin Li if (p->i && p) {}; // warn 1453*67e74705SXin Li} 1454*67e74705SXin Li</pre></div></div></td> 1455*67e74705SXin Li<td class="aligned"></td></tr> 1456*67e74705SXin Li 1457*67e74705SXin Li 1458*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1459*67e74705SXin Lidifferent.MultipleAccessors</span><span class="lang"> 1460*67e74705SXin Li(C++)</span><div class="descr"> 1461*67e74705SXin LiIdentical accessor bodies. Possibly a misprint.</div></div></td> 1462*67e74705SXin Li<td><div class="exampleContainer expandable"> 1463*67e74705SXin Li<div class="example"><pre> 1464*67e74705SXin Liclass A { 1465*67e74705SXin Li int i; 1466*67e74705SXin Li int j; 1467*67e74705SXin Lipublic: 1468*67e74705SXin Li int getI() { return i; } 1469*67e74705SXin Li int getJ() { return i; } // warn 1470*67e74705SXin Li}; 1471*67e74705SXin Li</pre></div> 1472*67e74705SXin Li<div class="example"><pre> 1473*67e74705SXin Liclass A { 1474*67e74705SXin Li int i; 1475*67e74705SXin Li int j; 1476*67e74705SXin Lipublic: 1477*67e74705SXin Li void setI(int& ii) { i = ii; } 1478*67e74705SXin Li void setJ(int& jj) { i = jj; } // warn 1479*67e74705SXin Li}; 1480*67e74705SXin Li</pre></div></div></td> 1481*67e74705SXin Li<td class="aligned"></td></tr> 1482*67e74705SXin Li 1483*67e74705SXin Li 1484*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1485*67e74705SXin Lidifferent.AccessorsForPublic</span><span class="lang"> 1486*67e74705SXin Li(C++)</span><div class="descr"> 1487*67e74705SXin LiAccessors exist for a public class field. Should this field really be 1488*67e74705SXin Lipublic?</div></div></td> 1489*67e74705SXin Li<td><div class="exampleContainer expandable"> 1490*67e74705SXin Li<div class="example"><pre> 1491*67e74705SXin Liclass A { 1492*67e74705SXin Lipublic: 1493*67e74705SXin Li int i; // warn 1494*67e74705SXin Li int getI() { return i; } 1495*67e74705SXin Li void setI(int& ii) { i = ii; } 1496*67e74705SXin Li}; 1497*67e74705SXin Li</pre></div></div></td> 1498*67e74705SXin Li<td class="aligned"></td></tr> 1499*67e74705SXin Li 1500*67e74705SXin Li 1501*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1502*67e74705SXin Lidifferent.LibFuncResultUnised</span><span class="lang"> 1503*67e74705SXin Li(C, C++)</span><div class="descr"> 1504*67e74705SXin LiCalling a function ignoring its return value is of no use (create the list of 1505*67e74705SXin Liknown system/library/API functions falling into this category).</div></div></td> 1506*67e74705SXin Li<td><div class="exampleContainer expandable"> 1507*67e74705SXin Li<div class="example"><pre> 1508*67e74705SXin Li#include <vector> 1509*67e74705SXin Li 1510*67e74705SXin Livoid test() { 1511*67e74705SXin Li std::vector<int> v; 1512*67e74705SXin Li v.empty(); // warn 1513*67e74705SXin Li} 1514*67e74705SXin Li</pre></div></div></td> 1515*67e74705SXin Li<td class="aligned"></td></tr> 1516*67e74705SXin Li 1517*67e74705SXin Li 1518*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1519*67e74705SXin Lidifferent.WrongVarForStmt</span><span class="lang"> 1520*67e74705SXin Li(C, C++)</span><div class="descr"> 1521*67e74705SXin LiWrong variable is possibly used in the loop/cond-expression of 1522*67e74705SXin Lithe <code>for</code> statement. Did you mean 1523*67e74705SXin Li'proper_variable_name'?</div></div></td> 1524*67e74705SXin Li<td><div class="exampleContainer expandable"> 1525*67e74705SXin Li<div class="example"><pre> 1526*67e74705SXin Livoid test() { 1527*67e74705SXin Li int i = 0; 1528*67e74705SXin Li int j = 0; 1529*67e74705SXin Li for (i = 0; i < 3; j += 1); // warn 1530*67e74705SXin Li} 1531*67e74705SXin Li</pre></div> 1532*67e74705SXin Li<div class="example"><pre> 1533*67e74705SXin Livoid test() { 1534*67e74705SXin Li int i = 0; 1535*67e74705SXin Li int j = 0; 1536*67e74705SXin Li for (int j = 0; i < 3; ++j); // warn 1537*67e74705SXin Li} 1538*67e74705SXin Li</pre></div></div></td> 1539*67e74705SXin Li<td class="aligned"></td></tr> 1540*67e74705SXin Li 1541*67e74705SXin Li 1542*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1543*67e74705SXin Lidifferent.FloatingCompare</span><span class="lang"> 1544*67e74705SXin Li(C)</span><div class="descr"> 1545*67e74705SXin LiComparing floating point numbers may be not precise.</div></div></td> 1546*67e74705SXin Li<td><div class="exampleContainer expandable"> 1547*67e74705SXin Li<div class="example"><pre> 1548*67e74705SXin Li#include <math.h> 1549*67e74705SXin Li 1550*67e74705SXin Lidouble test() { 1551*67e74705SXin Li double b = sin(M_PI / 6.0); 1552*67e74705SXin Li if (b == 0.5) // warn 1553*67e74705SXin Li b = 0; 1554*67e74705SXin Li return b; 1555*67e74705SXin Li} 1556*67e74705SXin Li</pre></div></div></td> 1557*67e74705SXin Li<td class="aligned"></td></tr> 1558*67e74705SXin Li 1559*67e74705SXin Li 1560*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1561*67e74705SXin Lidifferent.BitwiseOpBoolArg</span><span class="lang"> 1562*67e74705SXin Li(C, C++)</span><div class="descr"> 1563*67e74705SXin LiBoolean value met at the left/right part of the bitwise <code>&</code> 1564*67e74705SXin Lior <code>|</code> operator. 1565*67e74705SXin LiDid you mean <code>&&</code> (<code>||</code>) ?</div></div></td> 1566*67e74705SXin Li<td><div class="exampleContainer expandable"> 1567*67e74705SXin Li<div class="example"><pre> 1568*67e74705SXin Liint f(); 1569*67e74705SXin Li 1570*67e74705SXin Livoid test() { 1571*67e74705SXin Li bool b = true; 1572*67e74705SXin Li if (b & f()) {} // warn 1573*67e74705SXin Li} 1574*67e74705SXin Li</pre></div></div></td> 1575*67e74705SXin Li<td class="aligned"></td></tr> 1576*67e74705SXin Li 1577*67e74705SXin Li 1578*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1579*67e74705SXin Lidifferent.LabelInsideSwitch</span><span class="lang"> 1580*67e74705SXin Li(C)</span><div class="descr"> 1581*67e74705SXin LiPossibly a misprint: label found inside a <code>switch()</code> 1582*67e74705SXin Listatement.</div></div></td> 1583*67e74705SXin Li<td><div class="exampleContainer expandable"> 1584*67e74705SXin Li<div class="example"><pre> 1585*67e74705SXin Livoid test(int c) { 1586*67e74705SXin Li switch(c){ 1587*67e74705SXin Li case 1: 1588*67e74705SXin Li c += 1; break; 1589*67e74705SXin Li defalt: // warn (did you mean 'default'?) 1590*67e74705SXin Li c -= 1; break; 1591*67e74705SXin Li } 1592*67e74705SXin Li} 1593*67e74705SXin Li</pre></div></div></td> 1594*67e74705SXin Li<td class="aligned"></td></tr> 1595*67e74705SXin Li 1596*67e74705SXin Li 1597*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1598*67e74705SXin Lidifferent.IdenticalCondIfIf</span><span class="lang"> 1599*67e74705SXin Li(C)</span><div class="descr"> 1600*67e74705SXin LiThe conditions of two subsequent <code>if</code> statements are 1601*67e74705SXin Liidentical.</div></div></td> 1602*67e74705SXin Li<td><div class="exampleContainer expandable"> 1603*67e74705SXin Li<div class="example"><pre> 1604*67e74705SXin Liint test(int c) { 1605*67e74705SXin Li if (c > 5) 1606*67e74705SXin Li c += 1; 1607*67e74705SXin Li if (c > 5) // warn 1608*67e74705SXin Li c -= 1; 1609*67e74705SXin Li return c; 1610*67e74705SXin Li} 1611*67e74705SXin Li</pre></div></div></td> 1612*67e74705SXin Li<td class="aligned"></td></tr> 1613*67e74705SXin Li 1614*67e74705SXin Li 1615*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1616*67e74705SXin Lidifferent.LogicalOpUselessArg</span><span class="lang"> 1617*67e74705SXin Li(C)</span><div class="descr"> 1618*67e74705SXin LiThe second operand of a <code>&&</code> operator has no impact on 1619*67e74705SXin Liexpression result.</div></div></td> 1620*67e74705SXin Li<td><div class="exampleContainer expandable"> 1621*67e74705SXin Li<div class="example"><pre> 1622*67e74705SXin Livoid test(unsigned a) { 1623*67e74705SXin Li if (a<7 && a<10) {}; // warn 1624*67e74705SXin Li} 1625*67e74705SXin Li</pre></div></div></td> 1626*67e74705SXin Li<td class="aligned"></td></tr> 1627*67e74705SXin Li 1628*67e74705SXin Li 1629*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1630*67e74705SXin Lidifferent.SameResLogicalExpr</span><span class="lang"> 1631*67e74705SXin Li(C)</span><div class="descr"> 1632*67e74705SXin LiAn expression is always evaluated to true/false.</div></div></td> 1633*67e74705SXin Li<td><div class="exampleContainer expandable"> 1634*67e74705SXin Li<div class="example"><pre> 1635*67e74705SXin Livoid test() { 1636*67e74705SXin Li int i = 0; 1637*67e74705SXin Li if (i != 0) {}; // warn 1638*67e74705SXin Li} 1639*67e74705SXin Li</pre></div> 1640*67e74705SXin Li<div class="example"><pre> 1641*67e74705SXin Livoid test(int i) { 1642*67e74705SXin Li if (i == 0 && i == 1) {}; // warn 1643*67e74705SXin Li} 1644*67e74705SXin Li</pre></div> 1645*67e74705SXin Li<div class="example"><pre> 1646*67e74705SXin Livoid test(int i) { 1647*67e74705SXin Li if (i < 0 || i >= 0) {}; // warn 1648*67e74705SXin Li} 1649*67e74705SXin Li</pre></div></div></td> 1650*67e74705SXin Li<td class="aligned"></td></tr> 1651*67e74705SXin Li 1652*67e74705SXin Li 1653*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1654*67e74705SXin Lidifferent.OpPrecedenceAssignCmp</span><span class="lang"> 1655*67e74705SXin Li(C, C++)</span><div class="descr"> 1656*67e74705SXin LiComparison operation has higher precedence then assignment. Boolean value is 1657*67e74705SXin Liassigned to a variable of other type. Parenthesis may bee required around an 1658*67e74705SXin Liassignment.</div></div></td> 1659*67e74705SXin Li<td><div class="exampleContainer expandable"> 1660*67e74705SXin Li<div class="example"><pre> 1661*67e74705SXin Liint f(); 1662*67e74705SXin Li 1663*67e74705SXin Livoid test(int x, int y) { 1664*67e74705SXin Li bool b; 1665*67e74705SXin Li if((b = x != y)) {} // ok 1666*67e74705SXin Li if((x = f() != y)) {} // warn 1667*67e74705SXin Li} 1668*67e74705SXin Li</pre></div></div></td> 1669*67e74705SXin Li<td class="aligned"></td></tr> 1670*67e74705SXin Li 1671*67e74705SXin Li 1672*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1673*67e74705SXin Lidifferent.OpPrecedenceIifShift</span><span class="lang"> 1674*67e74705SXin Li(C, C++)</span><div class="descr"> 1675*67e74705SXin Li<code>?:</code> has lower precedence then <code><<</code>. 1676*67e74705SXin Li<p>Source: Stephen C. Dewhurst "C++ Gotchas: Avoiding Common Problems in Coding 1677*67e74705SXin Liand Design", advise 15.</p></div></div></td> 1678*67e74705SXin Li<td><div class="exampleContainer expandable"> 1679*67e74705SXin Li<div class="example"><pre> 1680*67e74705SXin Li#include <iostream> 1681*67e74705SXin Li 1682*67e74705SXin Livoid test(int a) { 1683*67e74705SXin Li std::cout << a ? "a" : "b"; // warn 1684*67e74705SXin Li} 1685*67e74705SXin Li</pre></div> 1686*67e74705SXin Li<div class="example"><pre> 1687*67e74705SXin Livoid test(int a) { 1688*67e74705SXin Li a << a > 7 ? 1 : 2; // warn 1689*67e74705SXin Li} 1690*67e74705SXin Li</pre></div></div></td> 1691*67e74705SXin Li<td class="aligned"></td></tr> 1692*67e74705SXin Li 1693*67e74705SXin Li 1694*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1695*67e74705SXin Lidifferent.ObjectUnused</span><span class="lang"> 1696*67e74705SXin Li(C++)</span><div class="descr"> 1697*67e74705SXin LiThe object was created but is not being used.</div></div></td> 1698*67e74705SXin Li<td><div class="exampleContainer expandable"> 1699*67e74705SXin Li<div class="example"><pre> 1700*67e74705SXin Listruct S { 1701*67e74705SXin Li int x, y; 1702*67e74705SXin Li S(int xx, int yy) : x(xx), y(yy) {} 1703*67e74705SXin Li S(int xx) { 1704*67e74705SXin Li S(xx, 0); // warn 1705*67e74705SXin Li } 1706*67e74705SXin Li}; 1707*67e74705SXin Li</pre></div> 1708*67e74705SXin Li<div class="example"><pre> 1709*67e74705SXin Li#include <exception> 1710*67e74705SXin Li 1711*67e74705SXin Livoid test() { 1712*67e74705SXin Li std::exception(); 1713*67e74705SXin Li // warn (did you mean 'throw std::exception()'?) 1714*67e74705SXin Li} 1715*67e74705SXin Li</pre></div></div></td> 1716*67e74705SXin Li<td class="aligned"></td></tr> 1717*67e74705SXin Li 1718*67e74705SXin Li 1719*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1720*67e74705SXin Lidifferent.StaticArrayPtrCompare</span><span class="lang"> 1721*67e74705SXin Li(C)</span><div class="descr"> 1722*67e74705SXin LiPointer to static array is being compared to NULL. May the subscripting is 1723*67e74705SXin Limissing.</div></div></td> 1724*67e74705SXin Li<td><div class="exampleContainer expandable"> 1725*67e74705SXin Li<div class="example"><pre> 1726*67e74705SXin Livoid test() { 1727*67e74705SXin Li int a[1][1]; 1728*67e74705SXin Li if (a[0] == 0) {}; // warn 1729*67e74705SXin Li} 1730*67e74705SXin Li</pre></div></div></td> 1731*67e74705SXin Li<td class="aligned"></td></tr> 1732*67e74705SXin Li 1733*67e74705SXin Li 1734*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1735*67e74705SXin Lidifferent.ConversionToBool</span><span class="lang"> 1736*67e74705SXin Li(C, C++)</span><div class="descr"> 1737*67e74705SXin LiOdd implicit conversion to boolean. 1738*67e74705SXin Li<br>Note: possibly merge with <span class="name"> 1739*67e74705SXin Lialpha.core.BoolAssignment</span>.</div></div></td> 1740*67e74705SXin Li<td><div class="exampleContainer expandable"> 1741*67e74705SXin Li<div class="example"><pre> 1742*67e74705SXin Libool test() { 1743*67e74705SXin Li return 1.; // warn 1744*67e74705SXin Li} 1745*67e74705SXin Li</pre></div> 1746*67e74705SXin Li<div class="example"><pre> 1747*67e74705SXin Libool test() { 1748*67e74705SXin Li return ""; // warn 1749*67e74705SXin Li} 1750*67e74705SXin Li</pre></div></div></td> 1751*67e74705SXin Li<td class="aligned"></td></tr> 1752*67e74705SXin Li 1753*67e74705SXin Li 1754*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1755*67e74705SXin Lidifferent.ArrayBound</span><span class="lang"> 1756*67e74705SXin Li(C++)</span><div class="descr"> 1757*67e74705SXin LiOut-of-bound dynamic array access. 1758*67e74705SXin Li<br>Note: possibly an enhancement to <span class="name"> 1759*67e74705SXin Lialpha.security.ArrayBoundV2</span>.</div></div></td> 1760*67e74705SXin Li<td><div class="exampleContainer expandable"> 1761*67e74705SXin Li<div class="example"><pre> 1762*67e74705SXin Livoid test() { 1763*67e74705SXin Li int *p = new int[1]; 1764*67e74705SXin Li int i = 1; 1765*67e74705SXin Li if(p[i]) {}; // warn 1766*67e74705SXin Li delete[] p; 1767*67e74705SXin Li} 1768*67e74705SXin Li</pre></div></div></td> 1769*67e74705SXin Li<td class="aligned"></td></tr> 1770*67e74705SXin Li 1771*67e74705SXin Li 1772*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1773*67e74705SXin Lidifferent.StrcpyInputSize</span><span class="lang"> 1774*67e74705SXin Li(C)</span><div class="descr"> 1775*67e74705SXin LiBuffer copy without checking the size of input. 1776*67e74705SXin Li<br>Note: possibly an enhancement to <span class="name"> 1777*67e74705SXin Lialpha.unix.cstring.OutOfBounds</span>.</div></div></td> 1778*67e74705SXin Li<td><div class="exampleContainer expandable"> 1779*67e74705SXin Li<div class="example"><pre> 1780*67e74705SXin Livoid test(char* string) { 1781*67e74705SXin Li char buf[24]; 1782*67e74705SXin Li strcpy(buf, string); // warn 1783*67e74705SXin Li} 1784*67e74705SXin Li</pre></div></div></td> 1785*67e74705SXin Li<td class="aligned"></td></tr> 1786*67e74705SXin Li 1787*67e74705SXin Li 1788*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1789*67e74705SXin Lidifferent.IntegerOverflow</span><span class="lang"> 1790*67e74705SXin Li(C)</span><div class="descr"> 1791*67e74705SXin LiInteger overflow. 1792*67e74705SXin Li<br>Note: partially handled by Clang core 1793*67e74705SXin Li(search for 'overflow in expression' warning in Clang tests). 1794*67e74705SXin Li<p>Source: <a href="http://cwe.mitre.org/data/definitions/190.html"> 1795*67e74705SXin LiCWE-190</a>.</p></div></div></td> 1796*67e74705SXin Li<td><div class="exampleContainer expandable"> 1797*67e74705SXin Li<div class="example"><pre> 1798*67e74705SXin Li#include <limits.h> 1799*67e74705SXin Li 1800*67e74705SXin Liint f(int x); 1801*67e74705SXin Li 1802*67e74705SXin Livoid test() { 1803*67e74705SXin Li f(INT_MAX + 1); // warn 1804*67e74705SXin Li} 1805*67e74705SXin Li</pre></div> 1806*67e74705SXin Li<div class="example"><pre> 1807*67e74705SXin Li#include <limits.h> 1808*67e74705SXin Li 1809*67e74705SXin Liint test() { 1810*67e74705SXin Li int x = INT_MAX / 2 + 1; 1811*67e74705SXin Li return x * 2; // warn 1812*67e74705SXin Li} 1813*67e74705SXin Li</pre></div></div></td> 1814*67e74705SXin Li<td class="aligned"></td></tr> 1815*67e74705SXin Li 1816*67e74705SXin Li 1817*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1818*67e74705SXin Lidifferent.SignExtension</span><span class="lang"> 1819*67e74705SXin Li(C)</span><div class="descr"> 1820*67e74705SXin LiUnexpected sign extension might take place. 1821*67e74705SXin Li<p>Source: <a href="http://cwe.mitre.org/data/definitions/194.html"> 1822*67e74705SXin LiCWE-194</a>.</p></div></div></td> 1823*67e74705SXin Li<td><div class="exampleContainer expandable"> 1824*67e74705SXin Li<div class="example"><pre> 1825*67e74705SXin Liunsigned long long test(long long sll) { 1826*67e74705SXin Li unsigned long long ull = sll; // warn 1827*67e74705SXin Li return ull; 1828*67e74705SXin Li} 1829*67e74705SXin Li</pre></div> 1830*67e74705SXin Li<div class="example"><pre> 1831*67e74705SXin Livoid f(unsigned int i); 1832*67e74705SXin Li 1833*67e74705SXin Livoid test(int si) { 1834*67e74705SXin Li f(si); // warn 1835*67e74705SXin Li} 1836*67e74705SXin Li</pre></div> 1837*67e74705SXin Li<div class="example"><pre> 1838*67e74705SXin Liunsigned int test(int i) { 1839*67e74705SXin Li return i; 1840*67e74705SXin Li} 1841*67e74705SXin Li</pre></div></div></td> 1842*67e74705SXin Li<td class="aligned"></td></tr> 1843*67e74705SXin Li 1844*67e74705SXin Li 1845*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1846*67e74705SXin Lidifferent.NumericTruncation</span><span class="lang"> 1847*67e74705SXin Li(C)</span><div class="descr"> 1848*67e74705SXin LiNumeric truncation might take place. 1849*67e74705SXin Li<p>Source: <a href="http://cwe.mitre.org/data/definitions/197.html"> 1850*67e74705SXin LiCWE-197</a>.</p></div></div></td> 1851*67e74705SXin Li<td><div class="exampleContainer expandable"> 1852*67e74705SXin Li<div class="example"><pre> 1853*67e74705SXin Liunsigned long test(unsigned long long ull) { 1854*67e74705SXin Li unsigned long ul = ull; // warn 1855*67e74705SXin Li return ul; 1856*67e74705SXin Li} 1857*67e74705SXin Li</pre></div> 1858*67e74705SXin Li<div class="example"><pre> 1859*67e74705SXin Livoid f(int i); 1860*67e74705SXin Li 1861*67e74705SXin Livoid test(long long sll) { 1862*67e74705SXin Li f(sll); // warn 1863*67e74705SXin Li} 1864*67e74705SXin Li</pre></div> 1865*67e74705SXin Li<div class="example"><pre> 1866*67e74705SXin Liint f(); 1867*67e74705SXin Li 1868*67e74705SXin Lishort test(long long sll) { 1869*67e74705SXin Li short ss = f(); 1870*67e74705SXin Li return ss; 1871*67e74705SXin Li} 1872*67e74705SXin Li</pre></div></div></td> 1873*67e74705SXin Li<td class="aligned"></td></tr> 1874*67e74705SXin Li 1875*67e74705SXin Li 1876*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1877*67e74705SXin Lidifferent.MissingCopyCtorAssignOp</span><span class="lang"> 1878*67e74705SXin Li(C++)</span><div class="descr"> 1879*67e74705SXin LiA class has dynamically allocated data members but do not define a copy 1880*67e74705SXin Liconstructor/assignment operator. 1881*67e74705SXin Li<p>Source: Scott Meyers "Effective C++", item 11: Prevent exceptions from 1882*67e74705SXin Lileaving destructors.</p></div></div></td> 1883*67e74705SXin Li<td><div class="exampleContainer expandable"> 1884*67e74705SXin Li<div class="example"><pre> 1885*67e74705SXin Liclass C { 1886*67e74705SXin Li int *p; // warn 1887*67e74705SXin Lipublic: 1888*67e74705SXin Li C() { p = new int; } 1889*67e74705SXin Li ~C() { delete p; } 1890*67e74705SXin Li}; 1891*67e74705SXin Li</pre></div></div></td> 1892*67e74705SXin Li<td class="aligned"></td></tr> 1893*67e74705SXin Li 1894*67e74705SXin Li</table> 1895*67e74705SXin Li 1896*67e74705SXin Li<!-- ============================ WinAPI =================================== --> 1897*67e74705SXin Li<h3>WinAPI</h3> 1898*67e74705SXin Li<table class="checkers"> 1899*67e74705SXin Li<col class="namedescr"><col class="example"><col class="progress"> 1900*67e74705SXin Li<thead><tr><td>Name, Description</td><td>Example</td><td>Progress</td></tr></thead> 1901*67e74705SXin Li 1902*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1903*67e74705SXin LiWinAPI.CreateProcess</span><span class="lang"> 1904*67e74705SXin Li(C)</span><div class="descr"> 1905*67e74705SXin Li<code>CreateProcess()</code>: if the first parameter <code><i> 1906*67e74705SXin LilpApplicationName</i></code> is NULL then the executable name must be in the 1907*67e74705SXin Liwhite space-delimited string pointed to by <code><i>lpCommandLine</code></i>. 1908*67e74705SXin LiIf the executable or path name has a space in it, there is a risk that a 1909*67e74705SXin Lidifferent executable could be run because of the way the function parses 1910*67e74705SXin Lispaces. 1911*67e74705SXin Li<p>Source: <a href="http://msdn.microsoft.com/en-us/library/windows/desktop/ms682425%28v=vs.85%29.aspx"> 1912*67e74705SXin LiMSDN: CreateProcess function, Security Remarks</a>.</p></div></div></td> 1913*67e74705SXin Li<td><div class="exampleContainer expandable"> 1914*67e74705SXin Li<div class="example"><pre> 1915*67e74705SXin Li#include <windows.h> 1916*67e74705SXin Li 1917*67e74705SXin Livoid test() { 1918*67e74705SXin Li STARTUPINFO si; 1919*67e74705SXin Li PROCESS_INFORMATION pi; 1920*67e74705SXin Li CreateProcess(NULL, TEXT("C:\\Program Files\\App -L -S"), 1921*67e74705SXin Li NULL, NULL, TRUE, 0, NULL, NULL, &si, &pi); 1922*67e74705SXin Li // warn 1923*67e74705SXin Li} 1924*67e74705SXin Li</pre></div></div></td> 1925*67e74705SXin Li<td class="aligned"></td></tr> 1926*67e74705SXin Li 1927*67e74705SXin Li 1928*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1929*67e74705SXin LiWinAPI.LoadLibrary</span><span class="lang"> 1930*67e74705SXin Li(C)</span><div class="descr"> 1931*67e74705SXin LiThe <code>SearchPath()</code> function is used to retrieve a path to a DLL for 1932*67e74705SXin Lia subsequent <code>LoadLibrary()</code> call. 1933*67e74705SXin Li<p>Source: <a href="http://msdn.microsoft.com/en-us/library/windows/desktop/ms684175%28v=vs.85%29.aspx"> 1934*67e74705SXin LiMSDN: LoadLibrary function, Security Remarks</a>.</p></div></div></td> 1935*67e74705SXin Li<td><div class="exampleContainer expandable"> 1936*67e74705SXin Li<div class="example"><pre> 1937*67e74705SXin Li#include <windows.h> 1938*67e74705SXin Li 1939*67e74705SXin LiHINSTANCE test() { 1940*67e74705SXin Li char filePath[100]; 1941*67e74705SXin Li SearchPath(NULL, "file.dll", NULL, 100, filePath, NULL); 1942*67e74705SXin Li return LoadLibrary(filePath); // warn 1943*67e74705SXin Li} 1944*67e74705SXin Li</pre></div></div></td> 1945*67e74705SXin Li<td class="aligned"></td></tr> 1946*67e74705SXin Li 1947*67e74705SXin Li 1948*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1949*67e74705SXin LiWinAPI.WideCharToMultiByte</span><span class="lang"> 1950*67e74705SXin Li(C)</span><div class="descr"> 1951*67e74705SXin LiBuffer overrun while calling <code>WideCharToMultiByte()</code>. The size of 1952*67e74705SXin Lithe input buffer equals the number of characters in the Unicode string, while 1953*67e74705SXin Lithe size of the output buffer equals the number of bytes. 1954*67e74705SXin Li<p>Source: <a href="http://msdn.microsoft.com/en-us/library/windows/desktop/dd374130%28v=vs.85%29.aspx"> 1955*67e74705SXin LiMSDN: WideCharToMultiByte function</a>.</p></div></div></td> 1956*67e74705SXin Li<td><div class="exampleContainer expandable"> 1957*67e74705SXin Li<div class="example"><pre> 1958*67e74705SXin Li#include <windows.h> 1959*67e74705SXin Li 1960*67e74705SXin Livoid test() { 1961*67e74705SXin Li wchar_t ws[] = L"abc"; 1962*67e74705SXin Li char s[3]; 1963*67e74705SXin Li WideCharToMultiByte(CP_UTF8, 0, ws, -1, s, 1964*67e74705SXin Li 3, NULL, NULL); // warn 1965*67e74705SXin Li} 1966*67e74705SXin Li</pre></div></div></td> 1967*67e74705SXin Li<td class="aligned"></td></tr> 1968*67e74705SXin Li 1969*67e74705SXin Li 1970*67e74705SXin Li</table> 1971*67e74705SXin Li 1972*67e74705SXin Li<!-- =========================== optimization ============================== --> 1973*67e74705SXin Li<h3>optimization</h3> 1974*67e74705SXin Li<table class="checkers"> 1975*67e74705SXin Li<col class="namedescr"><col class="example"><col class="progress"> 1976*67e74705SXin Li<thead><tr><td>Name, Description</td><td>Example</td><td>Progress</td></tr></thead> 1977*67e74705SXin Li 1978*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1979*67e74705SXin Lioptimization.PassConstObjByValue</span><span class="lang"> 1980*67e74705SXin Li(C, C++)</span><div class="descr"> 1981*67e74705SXin LiOptimization: It is more effective to pass constant parameter by reference to 1982*67e74705SXin Liavoid unnecessary object copying.</div></div></td> 1983*67e74705SXin Li<td><div class="exampleContainer expandable"> 1984*67e74705SXin Li<div class="example"><pre> 1985*67e74705SXin Listruct A {}; 1986*67e74705SXin Li 1987*67e74705SXin Livoid f(const struct A a); // warn 1988*67e74705SXin Li</pre></div></div></td> 1989*67e74705SXin Li<td class="aligned"></td></tr> 1990*67e74705SXin Li 1991*67e74705SXin Li 1992*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 1993*67e74705SXin Lioptimization.PostfixIncIter</span><span class="lang"> 1994*67e74705SXin Li(C++)</span><div class="descr"> 1995*67e74705SXin LiOptimization: It is more effective to use prefix increment operator with 1996*67e74705SXin Liiterator. 1997*67e74705SXin Li<p>Source: Scott Meyers "More Effective C++", item 6: 1998*67e74705SXin LiDistinguish between prefix and postfix forms of increment and decrement 1999*67e74705SXin Lioperators.</p></div></div></td> 2000*67e74705SXin Li<td><div class="exampleContainer expandable"> 2001*67e74705SXin Li<div class="example"><pre> 2002*67e74705SXin Li#include <vector> 2003*67e74705SXin Li 2004*67e74705SXin Livoid test() { 2005*67e74705SXin Li std::vector<int> v; 2006*67e74705SXin Li std::vector<int>::const_iterator it; 2007*67e74705SXin Li for(it = v.begin(); 2008*67e74705SXin Li it != v.end(); it++) {}; // warn 2009*67e74705SXin Li} 2010*67e74705SXin Li</pre></div></div></td> 2011*67e74705SXin Li<td class="aligned"></td></tr> 2012*67e74705SXin Li 2013*67e74705SXin Li 2014*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 2015*67e74705SXin Lioptimization.MultipleCallsStrlen</span><span class="lang"> 2016*67e74705SXin Li(C)</span><div class="descr"> 2017*67e74705SXin LiOptimization: multiple calls to <code>strlen()</code> for a string in an 2018*67e74705SXin Liexpression. It is more effective to hold a value returned 2019*67e74705SXin Lifrom <code>strlen()</code> in a temporary variable.</div></div></td> 2020*67e74705SXin Li<td><div class="exampleContainer expandable"> 2021*67e74705SXin Li<div class="example"><pre> 2022*67e74705SXin Li#include <string.h> 2023*67e74705SXin Li 2024*67e74705SXin Livoid test(const char* s) { 2025*67e74705SXin Li if (strlen(s) > 0 && 2026*67e74705SXin Li strlen(s) < 7) {}; // warn 2027*67e74705SXin Li} 2028*67e74705SXin Li</pre></div></div></td> 2029*67e74705SXin Li<td class="aligned"></td></tr> 2030*67e74705SXin Li 2031*67e74705SXin Li 2032*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 2033*67e74705SXin Lioptimization.StrLengthCalculation</span><span class="lang"> 2034*67e74705SXin Li(C++)</span><div class="descr"> 2035*67e74705SXin LiOptimization: it is more efficient to use <code>string::length()</code> to 2036*67e74705SXin Licalculate the length of an <code>std::string</code>.</div></div></td> 2037*67e74705SXin Li<td><div class="exampleContainer expandable"> 2038*67e74705SXin Li<div class="example"><pre> 2039*67e74705SXin Li#include <string> 2040*67e74705SXin Li#include <string.h> 2041*67e74705SXin Li 2042*67e74705SXin Livoid test() { 2043*67e74705SXin Li std::string s; 2044*67e74705SXin Li if (strlen(s.c_str()) != 0) {}; // warn 2045*67e74705SXin Li} 2046*67e74705SXin Li</pre></div></div></td> 2047*67e74705SXin Li<td class="aligned"></td></tr> 2048*67e74705SXin Li 2049*67e74705SXin Li 2050*67e74705SXin Li<tr><td><div class="namedescr expandable"><span class="name"> 2051*67e74705SXin Lioptimization.EmptyContainerDetect</span><span class="lang"> 2052*67e74705SXin Li(C++)</span><div class="descr"> 2053*67e74705SXin LiOptimization: It is more efficient to use containers <code>empty()</code> 2054*67e74705SXin Limethod to identify an empty container.</div></div></td> 2055*67e74705SXin Li<td><div class="exampleContainer expandable"> 2056*67e74705SXin Li<div class="example"><pre> 2057*67e74705SXin Li#include <list> 2058*67e74705SXin Li 2059*67e74705SXin Livoid test() { 2060*67e74705SXin Li std::list<int> l; 2061*67e74705SXin Li if (l.size() != 0) {}; // warn 2062*67e74705SXin Li} 2063*67e74705SXin Li</pre></div></div></td> 2064*67e74705SXin Li<td class="aligned"></td></tr> 2065*67e74705SXin Li 2066*67e74705SXin Li 2067*67e74705SXin Li</table> 2068*67e74705SXin Li 2069*67e74705SXin Li<br> 2070*67e74705SXin Li</div> <!-- page --> 2071*67e74705SXin Li</div> <!-- content --> 2072*67e74705SXin Li</body> 2073*67e74705SXin Li</html> 2074