Menu

A few misses - How best to report?

General Discussion
Dave Nadler
2021-04-16
2021-04-17

  • Dave Nadler

    Dave Nadler - 2021-04-16

    I tried CPPcheck on a 15k LOC AVR embedded project which I recently had
    to fix.
    Tried it on the original sources:
    - did identify some dogy coding, thanks!
    - very few false positives, thanks!
    - missed some egregious errors - how best to report?
    - reports functions not used, that are in fact used.

    What's your preferred method of reporting problems?
    Unfortunately the sources are proprietary and require AVR libraries etc.

    Thanks!
    Best Regards, Dave

    --
    Dave Nadler, USA East Coast voice (978) 263-0097, drn@nadler.com, Skype
    Dave.Nadler1

     
    alternate

  • Daniel Marjamäki

    Daniel Marjamäki - 2021-04-16

    missed some egregious errors - how best to report?

    Could you show some similar small example code?

     

  • Dave Nadler

    Dave Nadler - 2021-04-16

    Sure - Do you prefer I post here or set up on trac? Whatever is easiest for you...

     

  • Dave Nadler

    Dave Nadler - 2021-04-16

    Here are some example misses, all taken from a real project I had to clean up:
    Bugs that could (maybe?) be found by static analysis, but not found by CPPcheck.
    **
    Bug 1**

    // ABS macro was wrongly coded:
// #define ABS(X)       ((X >= 0) ? X : ((-1)*X))
//   ABS(a-b)  =>  ((a-b >= 0) ? a-b : ((-1)*a-b)  =>  (((a-b)>= 0) ? (a-b) : (-1*a)-b)
//   rewriting with C-language operator precedence...        WRONG RESULT    ^^^^^^^^^^
// recoded correctly:
#define ABS(X)      (((X) >= 0) ? (X) : ((-1)*(X)))

    **
    Bug 2**

    // Use of uint8_t 0xFF as subscript to array of 16 entries:
if (selectedAlarm != 0xff)
{
    drawBigClimbrate(alarms[selectedAlarm]->climbRate, ((alarms[selectedAlarm]->status.privacySet) || privacySet), x, y, redraw);
}
else
{
    drawBigClimbrate(1000.0, ((alarms[selectedAlarm]->status.privacySet) || privacySet), x, y, redraw);
}

    **
    Bug 3**

    // Use of too-small type as array index uses only 256 bytes of buffer
char buffer[1024];
uint8_t idx;
...
... buffer[idx]...
;

    **
    Bug 4**

    // Don't know if this could be caught in static analysis.
// Wrong answer from strtol because char array had no terminator and
// strtol found valid hex digits in subsequent bytes...
struct {
    char ID[6];
    int32_t foof;
} s;
s.foof = 0x41414141;
long l = strtol(s.ID, 0, 16);
     

    Last edit: Dave Nadler 2021-04-18

Log in to post a comment.