为什么Cppcheck没有找到这个明显的数组越界错误?
[英]Why does Cppcheck not find this obvious array out-of-bounds error?
问题描述
I installed the Cppcheck tool for static code analysis of my C++ project and got the feeling that it performs poorly. 
我安装了Cppcheck工具,用于我的C ++项目的静态代码分析,并感觉它表现不佳。 For example, can anyone tell me why Cppcheck is unable to find an array out-of-bounds error in the following code? 例如,任何人都可以告诉我为什么 Cppcheck无法在以下代码中找到数组越界错误?
void f(int c) {
char *p = new char[10];
p[c] = 42;
}
void g() {
f(100);
}
There's an online demo where this code can be conveniently checked using Cppcheck. 有一个在线演示 ,可以使用Cppcheck方便地检查此代码。 All it comes up with is a memory leak at line 4, no signs of a potential buffer overflow. 所有它提到的是第4行的内存泄漏,没有潜在缓冲区溢出的迹象。
3 个解决方案
解决方案1
10 2012-08-15 19:40:32
I am a Cppcheck developer. 我是Cppcheck开发人员。
It is not by design that Cppcheck fail to detect that. Cppcheck未能通过设计检测到这一点。
Cppcheck currently doesn't evaluate functions using all given parameters from all function calls. Cppcheck目前不使用所有函数调用中的所有给定参数来评估函数。 We have tickets about this and I hope it will be fixed someday. 我们有关于此的门票,我希望有一天它会被修复。 It would be nice. 这会很好。
If you use Cppcheck you should not think that it will detect all bugs. 如果您使用Cppcheck,您不应该认为它会检测到所有错误。 Cppcheck will probably fail to detect most bugs. Cppcheck可能无法检测到大多数错误。 There is no method in my humble opinion that will detect all bugs in your software. 我的拙见没有办法可以检测到你软件中的所有错误。 Use Cppcheck just to detect some of the bugs that you fail to detect otherwise. 使用Cppcheck只检测一些您无法检测到的错误。 It reduce the number of bugs somewhat. 它有点减少了bug的数量。
I hope you are not too disappointed and will continue to use Cppcheck. 我希望你不要太失望,并继续使用Cppcheck。
解决方案2
9 已采纳 2012-08-15 09:37:22
Because it is not supported currently. 因为目前不支持它。
This is actually not an obvious error to the compiler. 这对编译器来说实际上不是一个明显的错误。 Something like 就像是
char c[5];
for (int i=0; i<10; ++i)
c[i] = 0;
is more obvious, as it is all in the same code. 更明显,因为它们都在相同的代码中。
Something like 就像是
#define f(c) { \
char *p = new char[10]; \
p[c] = 42; \
}
void g() {
f(100);
}
is more obvious, because cppcheck and the compiler expand all macros in-place before actual checks. 更明显,因为cppcheck和编译器在实际检查之前就地扩展所有宏。
However, your posted code is not trivial, because cppcheck as well as the compiler need the whole code inside that function and evaluate it with respect to the parameter. 但是,您发布的代码并不简单,因为cppcheck以及编译器需要该函数内的整个代码并根据参数对其进行评估。 It is of course possible if the function is in sight (it becomes pretty hard, up to impossible, across translation units), but right now, cppcheck does not have that feature. 当然,如果功能在视线中是可能的(在翻译单元中变得相当困难,甚至是不可能的),但是现在,cppcheck没有这个功能。
解决方案3
4 2015-06-19 06:22:40
The latest version of Cppcheck 1.70 dev is able to detect this bug: 最新版本的Cppcheck 1.70 dev能够检测到这个bug:
$ cppcheck test.cpp
Checking test.cpp...
[test.cpp:3]: (error) Array 'p[10]' accessed at index 100, which is out of bounds.
[test.cpp:4]: (error) Memory leak: p
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.