Where to place the code that produces a false positive with a high probability?
It should go into an addon. The goal of cppcheck is to always have low false positives. Inconclusive doesnt mean we lots of FPs either. This is meant for code that we make assumption about because it is incomplete(ie missing a variable, function, or class definition).
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I suggest that you look at some existing addon. the cppcheck/addons/findcasts.py is small and simple.
it is executed like so:
cppcheck --addon=findcasts.py file.c
All datastructures are implemented in cppcheck/addons/cppcheckdata.py ... see class Token, class ValueType, etc.. by intention we use a similar interface in Python as in C++ Cppcheck. You should be able to run doxygen or something on cppcheckdata.py to get a nice documentation for the whole API but I don't remember how.
Last edit: Daniel Marjamäki 2021-09-06
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
no that is the quick hack solution. Static linking is not dynamic.
I envision two possible solutions:
1. write a c++ tool that imports the cppcheck data (xml data) and checks for mismatching variable name in assignment. that would work just like the python addons but is written in C++ instead.
2. create a dll/so dynamic link library that provides the extra checking.
The idea is that addons provide flexibility. In theory users can implement whatever checks they want in addons. they do not have to be merged/distributed with cppcheck repo if we don't like it for some reason.
The problem with the dynamic link library interface is that it requires that the addon source code is GPL. I implemented option 1 so far because that can allow commercial addons with extra checks.
Last edit: Daniel Marjamäki 2021-09-06
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Where to place the code that produces a false positive with a high probability?
I tried to put it in 'mSettings->certainty.isEnabled(Certainty::inconclusive)' but this cause tests fails.
It should go into an addon. The goal of cppcheck is to always have low false positives. Inconclusive doesnt mean we lots of FPs either. This is meant for code that we make assumption about because it is incomplete(ie missing a variable, function, or class definition).
Thank you for answer!
If part of code produce only true detects (with ~100% probability) but another part print all detects even with high rate false detection.
I can place first part code in cppcheck, another as addon ? how to add addon, has docs ?
Something like :
??
Last edit: Absol 2021-09-06
I suggest that you look at some existing addon. the cppcheck/addons/findcasts.py is small and simple.
it is executed like so:
All datastructures are implemented in cppcheck/addons/cppcheckdata.py ... see
class Token,class ValueType, etc.. by intention we use a similar interface in Python as in C++ Cppcheck. You should be able to run doxygen or something on cppcheckdata.py to get a nice documentation for the whole API but I don't remember how.Last edit: Daniel Marjamäki 2021-09-06
what is python? i don't know about this language. possible to write add-on in c++?
It is possible to write addons in c++. But that is so much more difficult. We don't have the infrastructure for that yet.
mSettings->addons ? I can use it or no?
https://github.com/danmar/cppcheck/pull/3431/commits/f3c14f078b58d2584157ec4304d71ea8472632c7
https://github.com/danmar/cppcheck/pull/3431/commits/68a2208bb72dc74233669fab765fc62ab1eb1dcb
I can use it something like that?
or need to add add-on to another place?
no that is the quick hack solution. Static linking is not dynamic.
I envision two possible solutions:
1. write a c++ tool that imports the cppcheck data (xml data) and checks for mismatching variable name in assignment. that would work just like the python addons but is written in C++ instead.
2. create a dll/so dynamic link library that provides the extra checking.
The idea is that addons provide flexibility. In theory users can implement whatever checks they want in addons. they do not have to be merged/distributed with cppcheck repo if we don't like it for some reason.
The problem with the dynamic link library interface is that it requires that the addon source code is GPL. I implemented option 1 so far because that can allow commercial addons with extra checks.
Last edit: Daniel Marjamäki 2021-09-06
it look very hard in use, then better to not using any addons :( :( :(