Null pointers: Fixed false positives when running whole program analysis. Copied the fix from the CheckUninitVar::isUnsafeFunction.

danmar · danmar · commit 49982485010a · 2018-02-04T15:29:57.000+01:00
diff --git a/lib/checknullpointer.cpp b/lib/checknullpointer.cpp
@@ -20,6 +20,7 @@
 //---------------------------------------------------------------------------
 #include "checknullpointer.h"
 
+#include "astutils.h"
 #include "errorlogger.h"
 #include "library.h"
 #include "settings.h"
@@ -548,12 +549,19 @@ void CheckNullPointer::arithmeticError(const Token *tok, const ValueFlow::Value
                 value && value->isInconclusive());
 }
 
-bool CheckNullPointer::isUnsafeFunction(const Scope *scope, int argnr, const Token **tok)
+bool CheckNullPointer::isUnsafeFunction(const Scope *scope, int argnr, const Token **tok) const
 {
     const Variable * const argvar = scope->function->getArgumentVar(argnr);
     if (!argvar->isPointer())
         return false;
     for (const Token *tok2 = scope->classStart; tok2 != scope->classEnd; tok2 = tok2->next()) {
+        if (Token::simpleMatch(tok2, ") {")) {
+            tok2 = tok2->linkAt(1);
+            if (Token::findmatch(tok2->link(), "return|throw", tok2))
+                return false;
+            if (isVariableChanged(tok2->link(), tok2, argvar->declarationId(), false, _settings))
+                return false;
+        }
         if (tok2->variable() != argvar)
             continue;
         if (!Token::Match(tok2->astParent(), "*|["))
diff --git a/lib/checknullpointer.h b/lib/checknullpointer.h
@@ -100,7 +100,7 @@ class CPPCHECKLIB CheckNullPointer : public Check {
     }
     void nullPointerError(const Token *tok, const std::string &varname, const ValueFlow::Value* value, bool inconclusive);
 
-    static bool isUnsafeFunction(const Scope *scope, int argnr, const Token **tok);
+    bool isUnsafeFunction(const Scope *scope, int argnr, const Token **tok) const;
 private:
 
     /** Get error messages. Used by --errorlist */
diff --git a/lib/checkuninitvar.cpp b/lib/checkuninitvar.cpp
@@ -1425,11 +1425,12 @@ Check::FileInfo *CheckUninitVar::getFileInfo() const
         }
 
         // "Unsafe" functions unconditionally reads data before it is written..
+        CheckNullPointer checkNullPointer(_tokenizer, _settings, _errorLogger);
         for (int argnr = 0; argnr < function->argCount(); ++argnr) {
             const Token *tok;
             if (isUnsafeFunction(&*scope, argnr, &tok))
                 fileInfo->readData.push_back(MyFileInfo::FunctionArg(_tokenizer, &*scope, argnr+1, tok));
-            if (CheckNullPointer::isUnsafeFunction(&*scope, argnr, &tok))
+            if (checkNullPointer.isUnsafeFunction(&*scope, argnr, &tok))
                 fileInfo->dereferenced.push_back(MyFileInfo::FunctionArg(_tokenizer, &*scope, argnr+1, tok));
         }
 
diff --git a/test/testnullpointer.cpp b/test/testnullpointer.cpp
@@ -17,6 +17,7 @@
  */
 
 #include "checknullpointer.h"
+#include "checkuninitvar.h"
 #include "library.h"
 #include "settings.h"
 #include "testsuite.h"
@@ -105,6 +106,7 @@ class TestNullPointer : public TestFixture {
         TEST_CASE(nullpointer_internal_error); // #5080
         TEST_CASE(ticket6505);
         TEST_CASE(subtract);
+        TEST_CASE(ctu);
     }
 
     void check(const char code[], bool inconclusive = false, const char filename[] = "test.cpp") {
@@ -2572,6 +2574,67 @@ class TestNullPointer : public TestFixture {
               "}\n");
         ASSERT_EQUALS("[test.cpp:3] -> [test.cpp:2]: (warning) Either the condition '!s' is redundant or there is overflow in pointer subtraction.\n", errout.str());
     }
+
+    void ctu(const char code[]) {
+        // Clear the error buffer..
+        errout.str("");
+
+        // Tokenize..
+        Tokenizer tokenizer(&settings, this);
+        std::istringstream istr(code);
+        tokenizer.tokenize(istr, "test.cpp");
+        tokenizer.simplifyTokenList2();
+
+        // Check code..
+        std::list<Check::FileInfo*> fileInfo;
+        CheckUninitVar check(&tokenizer, &settings, this);
+        fileInfo.push_back(check.getFileInfo(&tokenizer, &settings));
+        check.analyseWholeProgram(fileInfo, settings, *this);
+        while (!fileInfo.empty()) {
+            delete fileInfo.back();
+            fileInfo.pop_back();
+        }
+    }
+
+    void ctu() {
+        ctu("void f(int *fp) {\n"
+            "    a = *fp;\n"
+            "}\n"
+            "int main() {\n"
+            "  int *p = 0;\n"
+            "  f(p);\n"
+            "}");
+        ASSERT_EQUALS("[test.cpp:6] -> [test.cpp:2]: (error) Null pointer dereference: fp\n", errout.str());
+
+        ctu("void use(int *p) { a = *p + 3; }\n"
+            "void call(int x, int *p) { x++; use(p); }\n"
+            "int main() {\n"
+            "  call(4,0);\n"
+            "}");
+        ASSERT_EQUALS("[test.cpp:2] -> [test.cpp:1]: (error) Null pointer dereference: p\n", errout.str());
+
+        ctu("void dostuff(int *x, int *y) {\n"
+            "  if (!var)\n"
+            "    return -1;\n"  // <- early return
+            "  *x = *y;\n"
+            "}\n"
+            "\n"
+            "void f() {\n"
+            "  dostuff(a, 0);\n"
+            "}");
+        ASSERT_EQUALS("", errout.str());
+
+        ctu("void dostuff(int *x, int *y) {\n"
+            "  if (cond)\n"
+            "    *y = -1;\n"  // <- conditionally written
+            "  *x = *y;\n"
+            "}\n"
+            "\n"
+            "void f() {\n"
+            "  dostuff(a, 0);\n"
+            "}");
+        ASSERT_EQUALS("", errout.str());
+    }
 };
 
 REGISTER_TEST(TestNullPointer)

Original file line number	Diff line number	Diff line change
`@@ -100,7 +100,7 @@ class CPPCHECKLIB CheckNullPointer : public Check {`
`100`	`100`	`}`
`101`	`101`	`void nullPointerError(const Token tok, const std::string &varname, const ValueFlow::Value value, bool inconclusive);`
`102`	`102`
`103`		`- static bool isUnsafeFunction(const Scope scope, int argnr, const Token *tok);`
	`103`	`+ bool isUnsafeFunction(const Scope scope, int argnr, const Token *tok) const;`
`104`	`104`	`private:`
`105`	`105`
`106`	`106`	`/** Get error messages. Used by --errorlist */`
Original file line number	Diff line number	Diff line change
`@@ -1425,11 +1425,12 @@ Check::FileInfo *CheckUninitVar::getFileInfo() const`
`1425`	`1425`	`}`
`1426`	`1426`
`1427`	`1427`	`// "Unsafe" functions unconditionally reads data before it is written..`
	`1428`	`+ CheckNullPointer checkNullPointer(_tokenizer, _settings, _errorLogger);`
`1428`	`1429`	`for (int argnr = 0; argnr < function->argCount(); ++argnr) {`
`1429`	`1430`	`const Token *tok;`
`1430`	`1431`	`if (isUnsafeFunction(&*scope, argnr, &tok))`
`1431`	`1432`	`fileInfo->readData.push_back(MyFileInfo::FunctionArg(_tokenizer, &*scope, argnr+1, tok));`
`1432`		`- if (CheckNullPointer::isUnsafeFunction(&*scope, argnr, &tok))`
	`1433`	`+ if (checkNullPointer.isUnsafeFunction(&*scope, argnr, &tok))`
`1433`	`1434`	`fileInfo->dereferenced.push_back(MyFileInfo::FunctionArg(_tokenizer, &*scope, argnr+1, tok));`
`1434`	`1435`	`}`
`1435`	`1436`