Bug 89863 (cppcheck)

Summary: [meta-bug] Issues in gcc that other static analyzers (cppcheck, clang-static-analyzer, PVS-studio) find that gcc misses
Product: gcc Reporter: Eric Gallager <egallager>
Component: otherAssignee: Not yet assigned to anyone <unassigned>
Status: UNCONFIRMED ---    
Severity: normal CC: dcb314, dimhen, ettl.martin, marxin
Priority: P3 Keywords: diagnostic, meta-bug
Version: 9.0   
Target Milestone: ---   
See Also: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77421
Host: Target:
Build: Known to work:
Known to fail: Last reconfirmed:
Bug Depends on: 33715, 46476, 47170, 49564, 52124, 53871, 56370, 60548, 63854, 64524, 65446, 67729, 69285, 69286, 70800, 71175, 71176, 79950, 81271, 81670, 81674, 82100, 82648, 88057, 89788, 91022, 97894, 98963, 99615, 99669, 99674, 102078, 102082, 102083, 103920, 103939, 104643, 104680, 107204, 108126, 108136, 111684, 112373, 113528, 113786, 114680, 114721, 50355, 54582, 58237, 59205, 66469, 71324, 71327, 77936, 79022, 79364, 80047, 80049, 80051, 80672, 81669, 83033, 83822, 88056, 88810, 89259, 89860, 90297, 90298, 90874, 90970, 90973, 90974, 90975, 90976, 90978, 91016, 91017, 92472, 92563, 92565, 92575, 92671, 94317, 94319, 94433, 94629, 94669, 98951, 99553, 99614, 99616, 99617, 99866, 99917, 99933, 100143, 100147, 100913, 102073, 102074, 102085, 102327, 102896, 106184, 106370, 106778, 106906, 106907, 107203, 107510, 109056, 114689    
Bug Blocks:    

Description Eric Gallager 2019-03-28 05:01:11 UTC 
David Binderman often files bugs he finds with cppcheck, so making a meta-bug to group them all. Some of these checks might also be inspiration for new gcc warnings. 
(Dave, let me know if I missed any)
Comment 1 Eric Gallager 2019-06-26 17:43:23 UTC 
I see Martin Liska added a bunch of bugs found by the clang static analyzer as blocking this... Martin, did you verify that cppcheck catches them, too, or are we using this bug for static analyzers in general now? It's ok if it's the latter, we'll just need to update the title...
Comment 2 Martin Liška 2019-06-27 10:35:23 UTC 
(In reply to Eric Gallager from comment #1)
> I see Martin Liska added a bunch of bugs found by the clang static analyzer
> as blocking this... Martin, did you verify that cppcheck catches them, too,
> or are we using this bug for static analyzers in general now? It's ok if
> it's the latter, we'll just need to update the title...

Yes, I would like to extend usage of this meta bug. I've just updated the title.
About the cppcheck, I'm running that with:

$ cppcheck --enable=all --project=compile_commands.json -j16
and my impression is that it does not work for C++ files:
https://pastebin.com/ZK320Ebt
?
Comment 3 David Binderman 2019-06-27 17:16:22 UTC 
--language=c++ seems to be required for C++ code.

--force helps cppcheck to avoid a too-early finish.

I use the current development cppcheck code, although it's fair to say that
new features rarely work 100% perfectly first time and usually take a week
or two before they mature on real code. 

But that's development code for you ;->
Comment 4 Martin Liška 2019-07-01 09:19:32 UTC 
(In reply to David Binderman from comment #3)
> --language=c++ seems to be required for C++ code.

That works for me, thank you!

> 
> --force helps cppcheck to avoid a too-early finish.
> 
> I use the current development cppcheck code, although it's fair to say that
> new features rarely work 100% perfectly first time and usually take a week
> or two before they mature on real code. 

Yep, I've just bumped openSUSE package to the latest release that was released few days ago.

> 
> But that's development code for you ;->
Comment 5 Eric Gallager 2019-12-02 03:17:09 UTC 
Some of the bugs that this one depends upon might be useful inspiration for the new analyzer that David Malcolm is working on.
Comment 6 David Binderman 2020-02-10 12:41:50 UTC 
For this C++ code:

// reading 8 bytes from a 5 byte field

# include <stdint.h>
# include <cstring>

struct S
{
	char a[ 5];
	short b;
};

void f( const S * ps)
{
	uint64_t n;

	memcpy( &n, ps->a, sizeof( uint64_t));
}

derived from recent Linux kernel, gcc has nothing to say:

$ /home/dcb/gcc/results/bin/gcc -c -g -O2 -Wall -Wextra feb10a.cc
$ 

Interestingly, clang++ doesn't say much either:

$ clang++ -c -O2 -Wall -Wextra feb10a.cc
$ 

Adding _FORTIFY_SOURCE=2 doesn't help. Here is cppcheck in action:

$ /home/dcb/cppcheck/trunk/cppcheck  feb10a.cc
feb10a.cc:17:16: error: Buffer is accessed out of bounds: ps->a [bufferAccessOutOfBounds]
 memcpy( &n, ps->a, sizeof( uint64_t));
               ^
$
Comment 7 David Binderman 2020-02-10 13:30:34 UTC 
For this C++ code:

// Division by zero.

extern void g();

void f()
{
    unsigned int vsync_rate_hz = 0;
    unsigned int frame_time_microsec = 1000000 / vsync_rate_hz;

    g();
}

gcc and clang have nothing to say, even with -g -O2 -Wall -Wextra 
but cppcheck finds the problem.
Comment 8 Eric Gallager 2020-04-17 09:23:38 UTC 
updating title to include PVS studio bugs
Comment 9 Eric Gallager 2020-04-17 09:28:23 UTC 
(In reply to Eric Gallager from comment #8)
> updating title to include PVS studio bugs

actually it looks like there was already a previous meta-bug for PVS-Studio, bug 77421, but it's closed already... do we want to reopen that one, or use this one for PVS-Studio bugs as well?