Add new experimental value flow analysis

danmar · danmar · commit d8270c710ae6 · 2014-01-04T20:57:02.000+01:00
diff --git a/Makefile b/Makefile
diff --git a/cli/cmdlineparser.cpp b/cli/cmdlineparser.cpp
@@ -302,6 +302,10 @@ bool CmdLineParser::ParseFromArgs(int argc, const char* const argv[])
             _settings->_xml = true;
         }
 
+        // Enable experimental value flow analysis
+        else if (std::strcmp(argv[i], "--value-flow") == 0)
+            _settings->valueFlow = true;
+
         // Only print something when there are errors
         else if (std::strcmp(argv[i], "-q") == 0 || std::strcmp(argv[i], "--quiet") == 0)
             _settings->_errorsOnly = true;
diff --git a/lib/checkother.cpp b/lib/checkother.cpp
@@ -2152,6 +2152,16 @@ void CheckOther::checkZeroDivision()
                     continue;
             }
             zerodivError(tok);
+        } else if (Token::Match(tok, "[/%]") && tok->astOperand2() && !tok->astOperand2()->values.empty()) {
+            // Value flow..
+            const std::list<ValueFlow::Value> &values = tok->astOperand2()->values;
+            std::list<ValueFlow::Value>::const_iterator it;
+            for (it = values.begin(); it != values.end(); ++it) {
+                if (it->intvalue == 0) {
+                    if (!it->link || _settings->isEnabled("warning"))
+                        zerodivError(tok);
+                }
+            }
         }
     }
 }
diff --git a/lib/lib.pri b/lib/lib.pri
@@ -44,6 +44,7 @@ HEADERS += $${BASEPATH}check.h \
            $${BASEPATH}token.h \
            $${BASEPATH}tokenize.h \
            $${BASEPATH}tokenlist.h \
+           $${BASEPATH}valueflow.h \
 
 
 SOURCES += $${BASEPATH}check64bit.cpp \
@@ -83,4 +84,5 @@ SOURCES += $${BASEPATH}check64bit.cpp \
            $${BASEPATH}timer.cpp \
            $${BASEPATH}token.cpp \
            $${BASEPATH}tokenize.cpp \
-           $${BASEPATH}tokenlist.cpp
+           $${BASEPATH}tokenlist.cpp \
+           $${BASEPATH}valueflow.cpp
diff --git a/lib/settings.cpp b/lib/settings.cpp
@@ -40,7 +40,8 @@ Settings::Settings()
       enforcedLang(None),
       reportProgress(false),
       checkConfiguration(false),
-      checkLibrary(false)
+      checkLibrary(false),
+      valueFlow(false)
 {
     // This assumes the code you are checking is for the same architecture this is compiled on.
 #if defined(_WIN64)
diff --git a/lib/settings.h b/lib/settings.h
@@ -251,6 +251,8 @@ class CPPCHECKLIB Settings {
                platformType == Win32W ||
                platformType == Win64;
     }
+
+    bool valueFlow;
 };
 
 /// @}
diff --git a/lib/token.h b/lib/token.h
@@ -21,10 +21,12 @@
 #define tokenH
 //---------------------------------------------------------------------------
 
+#include <list>
 #include <string>
 #include <vector>
 #include <ostream>
 #include "config.h"
+#include "valueflow.h"
 
 class Scope;
 class Function;
@@ -575,6 +577,9 @@ class CPPCHECKLIB Token {
         _originalName = name;
     }
 
+    /** Values of token */
+    std::list<struct ValueFlow::Value> values;
+
 private:
     void next(Token *nextToken) {
         _next = nextToken;
diff --git a/lib/tokenize.cpp b/lib/tokenize.cpp
@@ -1603,6 +1603,10 @@ bool Tokenizer::tokenize(std::istream &code,
         }
 
         list.createAst();
+
+        if (_settings->valueFlow)
+            ValueFlow::setValues(list.front());
+
         return true;
     }
     return false;
@@ -7020,7 +7024,7 @@ bool Tokenizer::simplifyRedundantParentheses()
             tok->deleteNext();
             ret = true;
         }
-        
+
         if (Token::Match(tok->previous(), "[,;{}] ( %var% ) .")) {
             // Remove the parentheses
             tok->deleteThis();
diff --git a/lib/valueflow.cpp b/lib/valueflow.cpp
@@ -0,0 +1,74 @@
+/*
+ * Cppcheck - A tool for static C/C++ code analysis
+ * Copyright (C) 2007-2013 Daniel Marjamäki and Cppcheck team.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "valueflow.h"
+#include "token.h"
+#include "mathlib.h"
+
+static void valueFlowBeforeCondition(Token *tokens)
+{
+    for (Token *tok = tokens; tok; tok = tok->next()) {
+        unsigned int varid;
+        MathLib::bigint num;
+        if (Token::Match(tok, "==|!=|>=|<=") && tok->astOperand2()) {
+            if (tok->astOperand1()->isName() && tok->astOperand2()->isNumber()) {
+                varid = tok->astOperand1()->varId();
+            } else if (tok->astOperand1()->isNumber() && tok->astOperand2()->isName()) {
+                varid = tok->astOperand2()->varId();
+                num = MathLib::toLongNumber(tok->astOperand1()->str());
+            } else {
+                continue;
+            }
+        } else if (Token::Match(tok->previous(), "if|while ( %var% %oror%|&&|)") ||
+                   Token::Match(tok, "%oror%|&& %var% %oror%|&&|)")) {
+            varid = tok->next()->varId();
+            num = 0;
+        } else if (tok->str() == "!" && tok->astOperand1() && tok->astOperand1()->isName()) {
+            varid = tok->astOperand1()->varId();
+            num = 0;
+        } else {
+            continue;
+        }
+
+        if (varid == 0U)
+            continue;
+
+        struct ValueFlow::Value val;
+        val.link = tok;
+        val.intvalue = MathLib::toLongNumber(tok->astOperand2()->str());
+
+        for (Token *tok2 = tok->previous(); tok2; tok2 = tok2->previous()) {
+            if (tok2->varId() == varid)
+                tok2->values.push_back(val);
+            if (tok2->str() == "{") {
+                if (!Token::simpleMatch(tok2->previous(), ") {"))
+                    break;
+                if (!Token::simpleMatch(tok2->previous()->link()->previous(), "if ("))
+                    break;
+            }
+        }
+    }
+}
+
+void ValueFlow::setValues(Token *tokens)
+{
+    for (Token *tok = tokens; tok; tok = tok->next())
+        tok->values.clear();
+
+    valueFlowBeforeCondition(tokens);
+}
diff --git a/lib/valueflow.h b/lib/valueflow.h
@@ -0,0 +1,36 @@
+/*
+ * Cppcheck - A tool for static C/C++ code analysis
+ * Copyright (C) 2007-2013 Daniel Marjamäki and Cppcheck team.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+//---------------------------------------------------------------------------
+#ifndef valueflowH
+#define valueflowH
+//---------------------------------------------------------------------------
+
+class Token;
+
+namespace ValueFlow {
+
+    struct Value {
+        const Token *link;
+        long long    intvalue;
+    };
+
+    void setValues(Token *tokens);
+}
+
+#endif // valueflowH
diff --git a/test/testfiles.pri b/test/testfiles.pri
@@ -49,4 +49,5 @@ SOURCES += $${BASEPATH}/test64bit.cpp \
            $${BASEPATH}/testuninitvar.cpp \
            $${BASEPATH}/testunusedfunctions.cpp \
            $${BASEPATH}/testunusedprivfunc.cpp \
-           $${BASEPATH}/testunusedvar.cpp
+           $${BASEPATH}/testunusedvar.cpp \
+           $${BASEPATH}/testvalueflow.cpp
diff --git a/test/testvalueflow.cpp b/test/testvalueflow.cpp
@@ -0,0 +1,72 @@
+/*
+ * Cppcheck - A tool for static C/C++ code analysis
+ * Copyright (C) 2007-2013 Daniel Marjamäki and Cppcheck team.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "testsuite.h"
+#include "testutils.h"
+#include "valueflow.h"
+#include "tokenize.h"
+#include "token.h"
+
+#include <vector>
+#include <string>
+
+extern std::ostringstream errout;
+class TestValueFlow : public TestFixture {
+public:
+    TestValueFlow() : TestFixture("TestValueFlow") {
+    }
+
+private:
+
+    void run() {
+        valueFlowBeforeCondition();
+    }
+
+    bool testValueOfX(const char code[], unsigned int linenr, int value) {
+        Settings settings;
+        settings.valueFlow = true;  // temporary flag
+
+        // Tokenize..
+        Tokenizer tokenizer(&settings, this);
+        std::istringstream istr(code);
+        tokenizer.tokenize(istr, "test.cpp");
+
+        for (const Token *tok = tokenizer.tokens(); tok; tok = tok->next()) {
+            if (tok->str() == "x" && tok->linenr() == linenr) {
+                std::list<ValueFlow::Value>::const_iterator it;
+                for (it = tok->values.begin(); it != tok->values.end(); ++it) {
+                    if (it->intvalue == value)
+                        return true;
+                }
+                return false;
+            }
+        }
+
+        return false;
+    }
+
+    void valueFlowBeforeCondition() {
+        const char code[] = "void f(int x) {\n"
+                            "    int a = x;\n"
+                            "    if (x == 123) {}\n"
+                            "}";
+        ASSERT_EQUALS(true, testValueOfX(code, 2U, 123));
+    }
+};
+
+REGISTER_TEST(TestValueFlow)

Original file line number	Diff line number	Diff line change
`@@ -2152,6 +2152,16 @@ void CheckOther::checkZeroDivision()`
`2152`	`2152`	`continue;`
`2153`	`2153`	`}`
`2154`	`2154`	`zerodivError(tok);`
	`2155`	`+ } else if (Token::Match(tok, "[/%]") && tok->astOperand2() && !tok->astOperand2()->values.empty()) {`
	`2156`	`+ // Value flow..`
	`2157`	`+ const std::list<ValueFlow::Value> &values = tok->astOperand2()->values;`
	`2158`	`+ std::list<ValueFlow::Value>::const_iterator it;`
	`2159`	`+ for (it = values.begin(); it != values.end(); ++it) {`
	`2160`	`+ if (it->intvalue == 0) {`
	`2161`	`+ if (!it->link \|\| _settings->isEnabled("warning"))`
	`2162`	`+ zerodivError(tok);`
	`2163`	`+ }`
	`2164`	`+ }`
`2155`	`2165`	`}`
`2156`	`2166`	`}`
`2157`	`2167`	`}`
Original file line number	Diff line number	Diff line change
`@@ -251,6 +251,8 @@ class CPPCHECKLIB Settings {`
`251`	`251`	`platformType == Win32W \|\|`
`252`	`252`	`platformType == Win64;`
`253`	`253`	`}`
	`254`	`+`
	`255`	`+ bool valueFlow;`
`254`	`256`	`};`
`255`	`257`
`256`	`258`	`/// @}`
Original file line number	Diff line number	Diff line change
`@@ -1603,6 +1603,10 @@ bool Tokenizer::tokenize(std::istream &code,`
`1603`	`1603`	`}`
`1604`	`1604`
`1605`	`1605`	`list.createAst();`
	`1606`	`+`
	`1607`	`+ if (_settings->valueFlow)`
	`1608`	`+ ValueFlow::setValues(list.front());`
	`1609`	`+`
`1606`	`1610`	`return true;`
`1607`	`1611`	`}`
`1608`	`1612`	`return false;`
`@@ -7020,7 +7024,7 @@ bool Tokenizer::simplifyRedundantParentheses()`
`7020`	`7024`	`tok->deleteNext();`
`7021`	`7025`	`ret = true;`
`7022`	`7026`	`}`
`7023`		`-`
	`7027`	`+`
`7024`	`7028`	`if (Token::Match(tok->previous(), "[,;{}] ( %var% ) .")) {`
`7025`	`7029`	`// Remove the parentheses`
`7026`	`7030`	`tok->deleteThis();`