Default function and parameter behaviour
Static source code analysis tool for C and C++ code
Brought to you by:
danielmarjamaki
Menu
▾
▴
I'm curious as to why the default expectation for functions and their
parameters is that NULL and/or uninitialised parameters are OK, rather
than the other way around?
I'm trying out cppcheck on a very large OSS project that has thousands
of functions in it, and IMHO it would be far easier to create a config
file for that project if the standard behaviour was "paranoid by
default", and only documenting the exceptions.
In my experience the vast majority of function parameters are expected
to be initialised and non-null. In fact in the current std.cfg there
appear to be 722 args documented and 615 are declared "not-uninit".
IMHO, the same goes for "leak-ignore" (477 out of 526) and "no return"
(only 2 in the whole library).
regards,
Ray
Quoting cppcheck's agenda:
By this "optimistic" attitude about the unknown functions outside cppcheck's scope it tries to reduce the number of false positives!
What would it take to make this configurable? To build a library definition file I'd rather get false positives and then weed out those functions into a .cfg file than have to produce a definition of every single function, most of which would be "non-null, non-uninit, noreturn=false".
It would require large effort to make this configurable, and I doubt that it would be useful
Cppcheck 1.70 at least adds a new version of the cfg file format, which makes it possible to share configurations between functions, so smaller cfg files are possible. See std.cfg for an example.
As a start.. We have the --check-library flag. If some suspicious function usage is seen and Cppcheck can't determine if the usage is bad or ok.. then the idea is that an information message should be written.
So if you pass uninitialized variables to 10 functions in your source code then you should only need to configure those 10 functions.
I am not sure if we flag uninitialized variables. But if we don't then we should.
Last edit: Daniel Marjamäki 2015-09-05
I am also working on a library editor that will be available in the gui. It would be nice to be able to import all functions from some headers. Currently you have to edit one function at a time but I'd like it to be possible to select multiple functions and configure them all.
I don't get such messages. I tried this code:
void f() {
int x;
dostuff(x);
}
And the "cppcheck --check-library --enable=information test.c" did not report any possible uninitialized variable messages.
Daniel - that was my point - currently you do have to specify pretty much all function parameters because the default is that they're not checked.