Recent changes to ListOfChecks

ListOfChecks modified by Daniel Marjamäki

Daniel Marjamäki — Sun, 10 Sep 2023 10:53:01 -0000

--- v33
+++ v34
@@ -271,3 +271,4 @@
 - Missing va_end()
 - Using va_list before it is opened
 - Subsequent calls to va_start/va_copy()
+

ListOfChecks modified by Daniel Marjamäki

Daniel Marjamäki — Thu, 22 Jun 2023 12:33:53 -0000

--- v32
+++ v33
@@ -50,6 +50,7 @@
 - Using array index before checking it
 - Partial string write that leads to buffer that is not zero terminated.
 - Check for large enough arrays being passed to functions
+- Allocating memory with a negative size

 ## Check function usage ##
 Check function usage:
@@ -61,6 +62,7 @@
 - memset() with a value out of range as the 2nd parameter
 - memset() with a float as the 2nd parameter
 - copy elision optimization for returning value affected by std::move
+- use memcpy()/memset() instead of for loop

 ## Class ##
 Check the code for each class.
@@ -152,7 +154,6 @@
 - assignment in an assert statement
 - free() or delete of an invalid memory location
 - bitwise operation with negative right operand
-- provide wrong dimensioned array to pipe() system command (--std=posix)
 - cast the return values of getc(),fgetc() and getchar() to character and compare it to EOF
 - race condition with non-interlocked access after InterlockedDecrement() call
 - expression 'x = x++;' depends on order of evaluation of side effects

ListOfChecks modified by Daniel Marjamäki

Daniel Marjamäki — Sat, 02 Oct 2021 10:41:11 -0000

--- v31
+++ v32
@@ -49,15 +49,18 @@
 - Dangerous usage of strncat()
 - Using array index before checking it
 - Partial string write that leads to buffer that is not zero terminated.
+- Check for large enough arrays being passed to functions

 ## Check function usage ##
 Check function usage:
+- missing 'return' in non-void function
 - return value of certain functions not used
 - invalid input values for functions
 - Warn if a function is called whose usage is discouraged
 - memset() third argument is zero
 - memset() with a value out of range as the 2nd parameter
 - memset() with a float as the 2nd parameter
+- copy elision optimization for returning value affected by std::move

 ## Class ##
 Check the code for each class.
@@ -80,6 +83,7 @@
 - Check that arbitrary usage of public interface does not result in division by zero
 - Delete "self pointer" and then access 'this'
 - Check that the 'override' keyword is used when overriding virtual functions
+- Check that the 'one definition rule' is not violated

 ## Condition ##
 Match conditions with assignments and other conditions:
@@ -95,7 +99,8 @@
 - Mutual exclusion over || always evaluating to true
 - Comparisons of modulo results that are always true/false.
 - Known variable values => condition is always true/false
-- Invalid test for overflow (for example 'ptr+u < ptr'). Condition is always false unless there is overflow, and overflow is undefined behaviour.
+- Invalid test for overflow. Some mainstream compilers remove such overflow tests when optimising code.
+- Suspicious assignment of container/iterator in condition => condition is always true.

 ## Exception Safety ##
 Checking exception safety
@@ -105,6 +110,7 @@
 - Exception caught by value instead of by reference
 - Throwing exception in noexcept, nothrow(), __attribute__((nothrow)) or __declspec(nothrow) function
 - Unhandled exception specification when calling function foo()
+- Rethrow without currently handled exception

 ## IO using format string ##
 Check format string input/output operations.
@@ -114,6 +120,7 @@
 - File input/output without positioning results in undefined behaviour
 - Read to a file that has only been opened for writing (or vice versa)
 - Repositioning operation on a file opened in append mode
+- The same file can't be open for read and write at the same time on different streams
 - Using fflush() on an input stream
 - Invalid usage of output stream. For example: 'std::cout << std::cout;'
 - Wrong number of arguments given to 'printf' or 'scanf;'
@@ -149,6 +156,7 @@
 - cast the return values of getc(),fgetc() and getchar() to character and compare it to EOF
 - race condition with non-interlocked access after InterlockedDecrement() call
 - expression 'x = x++;' depends on order of evaluation of side effects
+- overlapping write of union
 - either division by zero or useless condition
 - access of moved or forwarded variable.
 - redundant data copying for const variable

ListOfChecks modified by Daniel Marjamäki

Daniel Marjamäki — Sat, 03 Oct 2020 10:52:10 -0000

--- v30
+++ v31
@@ -69,7 +69,6 @@
 - Warn if memory for classes is allocated with malloc()
 - If it's a base class, check that the destructor is virtual
 - Are there unused private functions?
-- 'operator=' should return reference to self
 - 'operator=' should check for assignment to self
 - Constness for member functions
 - Order of initializations
@@ -184,6 +183,8 @@
 - function declaration and definition argument order different.
 - shadow variable.
 - variable can be declared const.
+- calculating modulo of one.
+- known function argument, suspicious calculation.

 ## STL usage ##
 Check for invalid usage of STL:
@@ -201,7 +202,9 @@
 - useless calls of string and STL functions
 - dereferencing an invalid iterator
 - reading from empty STL container
+- iterating over an empty STL container
 - consider using an STL algorithm instead of raw loop
+- incorrect locking with mutex

 ## Sizeof ##
 sizeof() usage checks

ListOfChecks modified by Daniel Marjamäki

Daniel Marjamäki — Sun, 10 May 2020 12:20:36 -0000

--- v29
+++ v30
@@ -79,6 +79,7 @@
 - Call of pure virtual function in constructor/destructor
 - Duplicated inherited data members
 - Check that arbitrary usage of public interface does not result in division by zero
+- Delete "self pointer" and then access 'this'
 - Check that the 'override' keyword is used when overriding virtual functions

 ## Condition ##
@@ -244,7 +245,7 @@
 UnusedVar checks
 - unused variable
 - allocated but unused variable
-- unred variable
+- unread variable
 - unassigned variable
 - unused struct member

ListOfChecks modified by Daniel Marjamäki

Daniel Marjamäki — Sat, 21 Dec 2019 12:50:29 -0000

--- v28
+++ v29
@@ -236,7 +236,6 @@
 Uninitialized variables
 - using uninitialized local variables
 - using allocated data before it has been initialized
-- using dead pointer

 ## Unused functions ##
 Check for functions that are never called

ListOfChecks modified by Daniel Marjamäki

Daniel Marjamäki — Sun, 01 Sep 2019 13:24:47 -0000

--- v27
+++ v28
@@ -182,6 +182,7 @@
 - function declaration and definition argument names different.
 - function declaration and definition argument order different.
 - shadow variable.
+- variable can be declared const.

 ## STL usage ##
 Check for invalid usage of STL:

ListOfChecks modified by Daniel Marjamäki

Daniel Marjamäki — Sat, 29 Jun 2019 08:49:06 -0000

--- v26
+++ v27
@@ -43,15 +43,12 @@

 ## Bounds checking ##
 Out of bounds checking:
-- Array index out of bounds detection by value flow analysis
+- Array index out of bounds
+- Pointer arithmetic overflow
+- Buffer overflow
 - Dangerous usage of strncat()
-- char constant passed as size to function like memset()
-- strncpy() leaving string unterminated
-- Accessing array with negative index
-- Unsafe usage of main(argv, argc) arguments
-- Accessing array with index variable before checking its value
-- Check for large enough arrays being passed to functions
-- Allocating memory with a negative size
+- Using array index before checking it
+- Partial string write that leads to buffer that is not zero terminated.

 ## Check function usage ##
 Check function usage:
@@ -89,6 +86,7 @@
 - Mismatching assignment and comparison => comparison is always true/false
 - Mismatching lhs and rhs in comparison => comparison is always true/false
 - Detect usage of | where & should be used
+- Duplicate condition and assignment
 - Detect matching 'if' and 'else if' conditions
 - Mismatching bitand (a &= 0xf0; a &= 1; => a = 0)
 - Opposite inner condition is always false
@@ -195,9 +193,9 @@
 - for vectors: using iterator/pointer after push_back has been used
 - optimisation: use empty() instead of size() to guarantee fast code
 - suspicious condition when using find
+- unnecessary searching in associative containers
 - redundant condition
 - common mistakes when using string::c_str()
-- using auto pointer (auto_ptr)
 - useless calls of string and STL functions
 - dereferencing an invalid iterator
 - reading from empty STL container

Discussion for ListOfChecks page

Eric BONNAFOUS — Tue, 26 Feb 2019 13:03:06 -0000

Thanks for you answer.

Discussion for ListOfChecks page

Daniel Marjamäki — Tue, 26 Feb 2019 13:01:28 -0000

I can only say that we did not consider DO-332. If these rules are compliant then it is a coincidence.