Library function not checked?

Static source code analysis tool for C and C++ code

Brought to you by: danielmarjamaki

Library function not checked?

Forum: General Discussion

Creator: Jacques van der Linde

Created: 2019-04-05

Updated: 2019-04-08

Jacques van der Linde - 2019-04-05

Hi,

I am new to cppcheck and have tried some examples C code.

The one thing than I cannot understand is that the manual specifies that the std.cfg library is always used, but if have used (for example) the
atol function but I leave out any parameters, like i = atol(), or specify more than 1 parameter, then cppcheck does not give any warnings, although I use --enable=all.

I can see the atol function in the std.cfg:

<function name="atol">
<use-retval>
<pure>
<returnvalue type="long int">
<noreturn>false</noreturn>
<leak-ignore>
<arg nr="1">
<not-null>
<not-uninit>
<strz>
</strz></not-uninit></not-null></arg>
</leak-ignore></returnvalue></pure></use-retval></function>

What I am missing?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Daniel Marjamäki - 2019-04-06

If you write i = atol() then Cppcheck assumes that you are calling a atol function that does not take any arguments... and there is no configuration for that function.

If you don't have such function then your compiler should write some syntax error.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Jacques van der Linde - 2019-04-08

OK,

But please give me an example were I can see that cppcheck give me a warning/error when I make a mistake using one of the functions that is checked in std.cfg, like atol.

My understanding is that cppcheck will use the xml tags in std.cfg to test the code against, for example what does cppcheck check for the atol function, given the tags in std.cfg? :

<function name="atol"> <use-retval/> <pure/> <returnValue type="long int"/> <noreturn>false</noreturn> <leak-ignore/> <arg nr="1"> <not-null/> <not-uninit/> <strz/> </arg> </function>

I would assume <use-retval> means that cppcheck should check if the return value of the atol is used/assigned, like</use-retval>

int i=0;
i= atol("123");

should return no errors/warnings, but

int i=0;
atol("123");

should return a warning/error?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Daniel Marjamäki - 2019-04-08

hmm.. we have some old simplifications for atol that is preventing Cppcheck to detect problems. This code atol("123") is simplified to 123 too early. We'll have to fix this.

I created this ticket: https://trac.cppcheck.net/ticket/9090

Here is another code example that will output various warnings thanks to those configurations

int f1(char *str) { return atol(str); // no warning } void f2(char *str) { atol(str); // unused return value } void f3() { atol(0); // unused return value, null pointer dereference } void f4(char *str) { if (atol(str) != atol(str)) {} // thanks to <pure/> we warn about same expressions on both sides of != }
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.