Dave Nadler

Here are some example misses, all taken from a real project I had to clean up: Bugs that could (maybe?) be found by static analysis, but not found by CPPcheck. Bug 1 // ABS macro was wrongly coded: // #define ABS(X) ((X >= 0) ? X : ((-1)*X)) // ABS(a-b) => ((a-b >= 0) ? a-b : ((-1)*a-b) => (((a-b)>= 0) ? (a-b) : (-1*a)-b) // rewriting with C-language operator precedence... WRONG RESULT ^^^^^^^^^^ // recoded correctly: #define ABS(X) (((X) >= 0) ? (X) : ((-1)*(X))) Bug 2 // Use of uint8_t 0xFF as...

Here are some example misses, all taken from a real project I had to clean up: Bugs that could (maybe?) be found by static analysis, but not found by CPPcheck. // ABS macro was wrongly coded: // #define ABS(X) ((X >= 0) ? X : ((-1)*X)) // ABS(a-b) => ((a-b >= 0) ? a-b : ((-1)*a-b) => (((a-b)>= 0) ? (a-b) : (-1*a)-b) // rewriting with C-language operator precedence... WRONG RESULT ^^^^^^^^^^ // recoded correctly: #define ABS(X) (((X) >= 0) ? (X) : ((-1)*(X))) // Use of uint8_t 0xFF as subscript to...

Thanks Alexander! Very nice '42' ;-)

Here are some example misses, all taken from a real project I had to clean up: Bugs that could (maybe?) be found by static analysis, but not found by CPPcheck. // ABS macro was wrongly coded: // #define ABS(X) ((X >= 0) ? X : ((-1)X)) // ABS(a-b) => ((a-b >= 0) ? a-b : ((-1)a-b) => (((a-b)>= 0) ? (a-b) : (-1*a)-b) // rewriting with C-language operator precedence... WRONG RESULT ^^^^^^^^^^ // recoded correctly: define ABS(X) (((X) >= 0) ? (X) : ((-1)*(X))) // Use of uint8_t 0xFF as subscript to array...

Here are some example misses: Bugs that could (maybe?) be found by static analysis, but not found by CPPcheck. // ABS macro was wrongly coded: // #define ABS(X) ((X >= 0) ? X : ((-1)X)) // ABS(a-b) => ((a-b >= 0) ? a-b : ((-1)a-b) => (((a-b)>= 0) ? (a-b) : (-1*a)-b) // rewriting with C-language operator precedence... WRONG RESULT ^^^^^^^^^^ // recoded correctly: define ABS(X) (((X) >= 0) ? (X) : ((-1)*(X))) // Use of uint8_t 0xFF as subscript to array of 16 entries: if (selectedAlarm != 0xff) { drawBigClimbrate(alarms[selectedAlarm]->climbRate,...

Another case; both lines storing into buffer flagged: if (rxPos >= (sizeof(rxLine) - 1)) break; // buffer overflow rxLine[rxPos++] = rxData; rxLine[rxPos] = 0; (error) Array index out of bounds, cannot determine that rxPos++ is less than 101 [bughuntingArrayIndexOutOfBounds] (error) Array index out of bounds, cannot determine that rxPos is less than 101 [bughuntingArrayIndexOutOfBounds] HTH! Best Regards, Dave Dave Nadler, USA East Coast voice (978) 263-0097, drn@nadler.com, Skype Dave.Nadler1

I got a bazillion of these (for an extremely common pattern in many projects): memset(alarmObjects, 0, sizeof(alarmObjects)); (error) Buffer read/write, when calling 'memset' it cannot be determined that 1st argument is not overflowed [bughuntingBufferOverflow] HTH! Best Regards, Dave -- Dave Nadler, USA East Coast voice (978) 263-0097, drn@nadler.com, Skype Dave.Nadler1

Sure - Do you prefer I post here or set up on trac? Whatever is easiest for you...