Reputation: 53
How do you perform cppcheck cross-translation unit (CTU) static analysis?
Cppcheck documentation seems to imply analysis can be done across multiple translation units as evidenced by the --max-ctu-depths flag. This clearly isn't working on this toy example here:
main.cpp:
int foo();
int main (void)
{
return 3 / foo();
}
foo.cpp:
int foo(void)
{
return 0;
}
Even with --enable=all and --inconclusive set, this problem does not appear in the report. It seems like cppcheck might not be designed to do cross-file analysis, but the max-ctu-depths flag begs to differ. Am I missing something here? Any help is appreciated!
Upvotes: 3
Views: 1396
Answers (2)
Reputation: 3037
I am a cppcheck developer.
The whole program analysis in Cppcheck is quite limited. We have some such analysis but it is not very "deep" nor sophisticated. It only currently tracks values that you pass into functions.
Some example test cases (feel free to copy/paste these code examples into different files): https://github.com/danmar/cppcheck/blob/main/test/testbufferoverrun.cpp#L4272 https://github.com/danmar/cppcheck/blob/main/test/testbufferoverrun.cpp#L4383 https://github.com/danmar/cppcheck/blob/main/test/testbufferoverrun.cpp#L4394 https://github.com/danmar/cppcheck/blob/main/test/testnullpointer.cpp#L3281 https://github.com/danmar/cppcheck/blob/main/test/testuninitvar.cpp#L4723
.. and then there is the whole unused functions checker.
If you are using threads then you will have to use --cppcheck-build-dir to make CTU possible.
Upvotes: 5
Reputation: 73186
Based on the docs and the source code (as well as the associated header) of the CTU checker, it does not contain a cross-translation unit divide by zero check.
One of the few entry points to the CTU class (and checker) is CTU::getUnsafeUsage, which is described (in-code) as follows:
std::list<CTU::FileInfo::UnsafeUsage> CTU::getUnsafeUsage(...) { std::list<CTU::FileInfo::UnsafeUsage> unsafeUsage; // Parse all functions in TU const SymbolDatabase *const symbolDatabase = tokenizer->getSymbolDatabase(); for (const Scope &scope : symbolDatabase->scopeList) { // ... // "Unsafe" functions unconditionally reads data before it is written.. for (int argnr = 0; argnr < function->argCount(); ++argnr) { // ... } } return unsafeUsage; }
with emphasis on ""Unsafe" functions unconditionally reads data before it is written..".
There is no single mention on divide by zero analysis in the context of the CTU checker.
It seems like cppcheck might not be designed to do cross-file analysis
Based on the brevity of the public API of the CTU class, it does seem cppchecks cross-file analysis is indeed currently somewhat limited.
Upvotes: 2
Related Questions
- How to use Cppcheck to review C/C++ code in Ubuntu?
- How to build cppcheck tool in gcc compiler?
- How to optimize cppcheck static analysis
- cppcheck out of bounds when it's not
- Code::Blocks, static code analysis included (cppcheck)?
- Rulesets for cppcheck
- C++ static analysis, template classes
- cppcheck - terminateStrncpy
- Static analysis tool for C programs
- Writing Custom rules for cppcheck