Questions about rules files

[John Schmitz]

I'm using the 2.5 release of cppcheck, and hope to use it to check for use of banned functions. I've seen the two PDFs about writing rules, and have followed them, creating an XML file called BannedFunctions.rule. I'm using a batch file to launch cppcheck, with the following:

"%CPPCHECK_INSTALL%\cppcheck.exe" --enable=warning --rule-file="BannedFunctions.rule" -i "../../src/external" --xml --xml-version=2 "....\src" 2> cppcheck-result.xml

I now have three questions about using cppcheck in this manner:
1. The following is emitted for every file that's evaluated:
Handling of "simple" rules is deprecated and will be removed in Cppcheck 2.5.
That's obviously untrue since I'm using 2.5 and it works, but the question is what's replacing it? I don't see any mention of "complex" rules.
2. I don't want cppcheck doing any of the normal static code analysis for this purpose - I'll be running it separately for normal code analysis. Is there a way to disable all the normal static code analysis? If I use rule suppression I'd have to know the name of every built-in rule.
3. It isn't stated in the PDFs, but the XML format of the rule file supports only a single rule, and I have a long list of banned functions. How can I specify all the rules in a single file?
4. There's a problem with my rule that I need help with. I'm looking for strlen, but it's matching lstrlenW. I tried the following rule with and without spaces around the function. Even when using "strlen (", it's matching lstrlenW. Here's the rule file:

<rule version="1"> <pattern> strlen (</pattern> <message> <id>strlenBF</id> <severity>error</severity>

Banned function 'strlen' found.

</message> </rule>

Thanks!
John

[Daniel Marjamäki]

Please use addons instead of rules that is so much better.

You can put this code in BannedFunctions.py:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

#!/usr/bin/env python3 # import cppcheckdata import sys def get_args(): parser = cppcheckdata.ArgumentParser() return parser.parse_args() if __name__ == '__main__': args = get_args() for dumpfile in args.dumpfile: if not args.quiet: print('Checking %s...' % dumpfile) data = cppcheckdata.CppcheckData(dumpfile) for cfg in data.iterconfigurations(): print('Checking %s, config %s...' % (dumpfile, cfg.name)) for token in cfg.tokenlist: if token.str == 'strlen': # reportError(location, severity, message, addon, errorId, extra=''): cppcheckdata.reportError(token, 'style', 'bad function strlen usage in code', 'BannedFunctions', 'strlen') sys.exit(cppcheckdata.EXIT_CODE)

The file cppcheckdata.py is distributed with cppcheck put that in the same folder as BannedFunctions.py.

If you have python.exe / python3.exe in your PATH then execute Cppcheck like this:

cppcheck --addon=BannedFunctions --xml <path>

Is there a way to disable all the normal static code analysis? If I use rule suppression I'd have to know the name of every built-in rule.

Normal static code analysis is always run. You can execute the addon like this if you want:

cppcheck --dump somefile.c
python3 BannedFunctions.py somefile.c.dump

You can ignore all warnings from the cppcheck command then. But well with this approach the addon does not generate xml.

The names of the built-in rules can be extracted. Try this command: cppcheck --errorlist..

[John Schmitz]

This is awesome, ty!
One follow-up question: The following is tagged as a use of a banned function, even though it's the definition of a similarly named function with in a namespace:

    int StringUtil::vsnprintf( char* buffer, size_t count, const char* format, va_list argptr )

I'd rather not exclude the entire file, and I'm wondering if this is a bug.

Update: One use of that function is also tagged, even though there are at least 4 in the source code:

            pos += static_cast<size_t>( impl::StringUtil::vsnprintf( buffer + pos, kMaxLogSize - pos, format, argptr ) );

[Daniel Marjamäki]

with addons you have lots of freedom. To fix that particular false positive you can for instance write:

    for token in cfg.tokenlist:
            if token.str == 'vsnprintf' and token.previous.str != '::':
                cppcheckdata.reportError(token, 'style', 'bad function vsnprintf usage in code', 'BannedFunctions', 'vsnprintf')

[John Schmitz]

Daniel,

I've found that I need to make the check more comprehensive, and I'm running into some strange behavior. I've attached a test file. When I try to analyze the test file, cppcheck has been failing with:

Bailing out from checking BannedFunctionsTest.cpp since there was an internal error: Failed to execute 'python.exe BannedFunctions.py --cli BannedFunctionsTest.cpp.dump'.

I've attached the python addin file, the test source file, and the dump file.

This is what gets output, but I don't see where it's getting StringUtil from line 10 - it doesn't occur in the source file until line 14.

Output:

Checking BannedFunctionsTest.cpp ...
Bailing out from checking BannedFunctionsTest.cpp since there was an internal error: Failed to execute 'python.exe BannedFunctions.py --cli BannedFunctionsTest.cpp.dump'. Checking BannedFunctionsTest.cpp.dump...
Checking BannedFunctionsTest.cpp.dump, config ...
Checking new token: "strlen"
prevToken: "::"
prevPrevToken "StringUtil"
Checking new token: "strlen"
prevToken: "="
prevPrevToken "a"
Checking new token: "strlen"
prevToken: "::"
prevPrevToken "="
Checking new token: "strlen"
prevToken: "::"
prevPrevToken "std"
Checking new token: "strlen"
prevToken: "::"
prevPrevToken "StringUtil"

Thanks!
John

[Daniel Marjamäki]

you get the internal error because you are printing stuff from the addon. feel free to do that during debugging.. but cppcheck unfortunately expects to get errors from the addon on the stdout. maybe we could tweak it somehow so some debug messages will also be allowed.

[Daniel Marjamäki]

This is what gets output, but I don't see where it's getting StringUtil from line 10 - it doesn't occur in the source file until line 14.

I don't know.. in the cpp file you attached line 10 says:

auto b = StringUtil::strlen("test");    // should NOT be flagged as error

you can also experiment with this:

if token.str == 'strlen' and (token.function is None):
    cppcheckdata.reportError....

The token.function is not none if the function is declared somewhere in the analysed code.. and if that happens you can use token.function to lookup where it is declared and stuff.. but since cppcheck does not try to include system headers that token.function should be None for the standard strlen function.

in cert.py there is this function:

# Is this a function call
def isFunctionCall(token, function_names, number_of_arguments=None):
    if not token.isName:
        return False
    if token.str not in function_names:
        return False
    if (token.next is None) or token.next.str != '(' or token.next != token.astParent:
        return False
    if number_of_arguments is None:
        return True
    return len(cppcheckdata.getArguments(token)) == number_of_arguments

that will not work well for c++ code because of token.next != token.astParent .. but I guess it would be good to have some similar utility function in cppcheckdata.

[Daniel Marjamäki]

here is one more example code:

class Foo {
    Foo() { strlen(); }  // <- token.function for 'strlen' is not None
    void strlen() {}
};

For information you can for example use token.function.tokenDef to see where the function definition is..

[Daniel Marjamäki]

I think we should create some utility function.. something like:

function_name, args = cppcheckdata.get_function_call_name_args(token)
if function_name and function_name in ('strlen', 'std::strlen'):
    ....

for the function call in the Foo constructor above, the function_name would be Foo::strlen.

[John Schmitz]

Thanks for all your assistance! Sorry for the file confusion - I sent you the wrong test file in the previous attachments. I believe the attached has everything working the way I want it to.

Update: Spoke too soon. Getting a false negative on this line:
pos += static_cast<size_t>( impl::StringUtil::vsnprintf( buffer + pos, kMaxLogSize - pos, format, argptr ) );</size_t>

[John Schmitz]

My presumption is that the private strlen function is failing the token.function is None check, even though the symbol is defined in the .h file. It seems to me that cppcheck isn't handling nested namespaces. A suggestion would be to represent impl::StringUtil as implStringUtil. I tried adding "using namespace impl;" to the source file (so that the invocation would be simply StringUtil::strlen, but that didn't work.

[Daniel Marjamäki]

nested namespaces is handled.

namespace impl {
    namespace StringUtil {
        void strlen(int);
    }
}

void foo() {
    impl::StringUtil::strlen(123);  // <- line 9
}

from dump output:

    <token id=".." file=".." linenr="9" .. str="strlen" .. function="0x558310977b10" ../>

[Daniel Marjamäki]

I added cppcheckdata.get_function_call_name_args.. could you try it out? I guess some tweaks will be needed.

Code:

class Fred {
  Fred() { strlen(1,2); }
  int strlen(int x, int y);
};

Addon:

            for token in cfg.tokenlist:
                name, args = cppcheckdata.get_function_call_name_args(token)
                if name:
                    addon = '1'
                    errorId = 'call'
                    cppcheckdata.reportError(token, 'info', 'function call: %s, args: %i' % (name, len(args)), addon, errorId)

Output:

[1.cpp:11] (info) function call: Fred::strlen, args: 2 [1-call]